{"report_id":"35d8cce0-075c-4d48-a494-5dac80396ae3","version":6,"status":"done","tags":[],"date":"2026-03-23T02:48:17Z","url":{"schema":"http","addr":"524w.com","fqdn":"524w.com","domain":"524w.com","tld":"com"},"ip":{"addr":"104.140.173.178","port":0,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"final":{"url":{"schema":"http","addr":"www.524w.com/","fqdn":"www.524w.com","domain":"524w.com","tld":"com"},"title":"9001cc 以诚为本(中国)有限公司-Baidu百科","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"524w.com","fqdn":"524w.com","domain":"524w.com","tld":"com"},"ip":{"addr":"104.140.173.178","port":0,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-27T02:48:17Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":24,"urlquery":0,"analyzer":2}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-23T02:47:55Z","timestamp":1774234075,"ip_dst":{"addr":"Client IP","port":37486,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-23T02:47:55.575136+0000\",\"flow_id\":1856889010391548,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.43\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":37486,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.njkmd.cn\",\"url\":\"/skins/197801/images/logo.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.524w.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":5,\"bytes_toserver\":656,\"bytes_toclient\":2621,\"start\":\"2026-03-23T02:47:54.985596+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-23T02:47:55Z","timestamp":1774234075,"ip_dst":{"addr":"Client IP","port":37484,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-23T02:47:55.586666+0000\",\"flow_id\":2147915994368462,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.43\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":37484,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.njkmd.cn\",\"url\":\"/skins/197801/images/about3.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.524w.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2055},\"files\":[{\"filename\":\"/skins/197801/images/about3.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":2055,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":6,\"bytes_toserver\":712,\"bytes_toclient\":4728,\"start\":\"2026-03-23T02:47:54.985550+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-23T02:47:55Z","timestamp":1774234075,"ip_dst":{"addr":"Client IP","port":37494,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-23T02:47:55.596294+0000\",\"flow_id\":1615816791034410,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.43\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":37494,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.njkmd.cn\",\"url\":\"/skins/197801/images/more.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.524w.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":5,\"bytes_toserver\":656,\"bytes_toclient\":2293,\"start\":\"2026-03-23T02:47:54.985642+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-23T02:47:55Z","timestamp":1774234075,"ip_dst":{"addr":"Client IP","port":37508,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-23T02:47:55.619290+0000\",\"flow_id\":767556455107158,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.43\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":37508,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.njkmd.cn\",\"url\":\"/skins/197801/images/ewm.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.524w.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2046},\"files\":[{\"filename\":\"/skins/197801/images/ewm.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":2046,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":6,\"bytes_toserver\":709,\"bytes_toclient\":4728,\"start\":\"2026-03-23T02:47:54.985686+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-23T02:47:55Z","timestamp":1774234075,"ip_dst":{"addr":"Client IP","port":37516,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-23T02:47:55.666474+0000\",\"flow_id\":841232324102799,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.43\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":37516,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.njkmd.cn\",\"url\":\"/skins/197801/images/about.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.524w.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":6422},\"files\":[{\"filename\":\"/skins/197801/images/about.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":6422,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":8,\"bytes_toserver\":831,\"bytes_toclient\":9204,\"start\":\"2026-03-23T02:47:54.985743+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-23T02:47:56Z","timestamp":1774234076,"ip_dst":{"addr":"Client IP","port":37494,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-23T02:47:56.066008+0000\",\"flow_id\":1615816791034410,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.43\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":37494,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.njkmd.cn\",\"url\":\"/skins/197801/images/top_tel.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.524w.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":9,\"bytes_toserver\":1199,\"bytes_toclient\":5392,\"start\":\"2026-03-23T02:47:54.985642+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-23T02:47:56Z","timestamp":1774234076,"ip_dst":{"addr":"Client IP","port":37484,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-23T02:47:56.230432+0000\",\"flow_id\":2147915994368462,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.43\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":37484,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.njkmd.cn\",\"url\":\"/skins/197801/images/banner01.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.524w.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2048},\"files\":[{\"filename\":\"/skins/197801/images/banner01.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":2048,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":38,\"pkts_toclient\":59,\"bytes_toserver\":2810,\"bytes_toclient\":82571,\"start\":\"2026-03-23T02:47:54.985550+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-23T02:47:56Z","timestamp":1774234076,"ip_dst":{"addr":"Client IP","port":37508,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-23T02:47:56.266046+0000\",\"flow_id\":767556455107158,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.43\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":37508,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.njkmd.cn\",\"url\":\"/skins/197801/images/title_ico.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.524w.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2048},\"files\":[{\"filename\":\"/skins/197801/images/title_ico.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":2048,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":37,\"pkts_toclient\":49,\"bytes_toserver\":2790,\"bytes_toclient\":65174,\"start\":\"2026-03-23T02:47:54.985686+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-23T02:47:56Z","timestamp":1774234076,"ip_dst":{"addr":"Client IP","port":37486,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-23T02:47:56.275695+0000\",\"flow_id\":1856889010391548,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.43\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":37486,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.njkmd.cn\",\"url\":\"/skins/197801/images/navbg.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.524w.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":983},\"files\":[{\"filename\":\"/skins/197801/images/navbg.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":983,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":24,\"pkts_toclient\":36,\"bytes_toserver\":2419,\"bytes_toclient\":43535,\"start\":\"2026-03-23T02:47:54.985596+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-23T02:47:56Z","timestamp":1774234076,"ip_dst":{"addr":"Client IP","port":37494,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-23T02:47:56.398061+0000\",\"flow_id\":1615816791034410,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.43\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":37494,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.njkmd.cn\",\"url\":\"/skins/197801/images/ys_bg.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.524w.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1602},\"files\":[{\"filename\":\"/skins/197801/images/ys_bg.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":1602,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":12,\"pkts_toclient\":13,\"bytes_toserver\":1794,\"bytes_toclient\":9535,\"start\":\"2026-03-23T02:47:54.985642+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-23T02:47:56Z","timestamp":1774234076,"ip_dst":{"addr":"Client IP","port":37486,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-23T02:47:56.429051+0000\",\"flow_id\":1856889010391548,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.43\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":37486,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.njkmd.cn\",\"url\":\"/skins/197801/images/h_pro_jt.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://www.524w.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":1698},\"files\":[{\"filename\":\"/skins/197801/images/h_pro_jt.png\",\"sid\":[],\"gaps\":false,\"state\":\"TRUNCATED\",\"stored\":false,\"size\":3605,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":26,\"pkts_toclient\":39,\"bytes_toserver\":2527,\"bytes_toclient\":46282,\"start\":\"2026-03-23T02:47:54.985596+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-23T02:47:56Z","timestamp":1774234076,"ip_dst":{"addr":"Client IP","port":37516,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-23T02:47:56.585988+0000\",\"flow_id\":841232324102799,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.43\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":37516,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.njkmd.cn\",\"url\":\"/skins/197801/images/ys_ico1.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.524w.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1951},\"files\":[{\"filename\":\"/skins/197801/images/ys_ico1.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":1951,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":90,\"pkts_toclient\":107,\"bytes_toserver\":5628,\"bytes_toclient\":150870,\"start\":\"2026-03-23T02:47:54.985743+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-23T02:47:56Z","timestamp":1774234076,"ip_dst":{"addr":"Client IP","port":37468,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-23T02:47:56.614879+0000\",\"flow_id\":2244020182583670,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.43\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":37468,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.njkmd.cn\",\"url\":\"/skins/197801/images/f_email.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.524w.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1442},\"files\":[{\"filename\":\"/skins/197801/images/f_email.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":1442,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":6,\"bytes_toserver\":1561,\"bytes_toclient\":2652,\"start\":\"2026-03-23T02:47:54.985462+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-23T02:47:57Z","timestamp":1774234077,"ip_dst":{"addr":"Client IP","port":37468,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-23T02:47:57.776837+0000\",\"flow_id\":2244020182583670,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.43\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":37468,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.njkmd.cn\",\"url\":\"/skins/197801/images/nav_line.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.524w.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":940},\"files\":[{\"filename\":\"/skins/197801/images/nav_line.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":940,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":10,\"pkts_toclient\":9,\"bytes_toserver\":2038,\"bytes_toclient\":4618,\"start\":\"2026-03-23T02:47:54.985462+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-23T02:47:57Z","timestamp":1774234077,"ip_dst":{"addr":"Client IP","port":37508,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-23T02:47:57.788464+0000\",\"flow_id\":767556455107158,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.43\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":37508,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.njkmd.cn\",\"url\":\"/skins/197801/images/ys_ico2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.524w.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1820},\"files\":[{\"filename\":\"/skins/197801/images/ys_ico2.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":1820,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":40,\"pkts_toclient\":53,\"bytes_toserver\":3686,\"bytes_toclient\":68082,\"start\":\"2026-03-23T02:47:54.985686+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-23T02:47:57Z","timestamp":1774234077,"ip_dst":{"addr":"Client IP","port":37508,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-23T02:47:57.821308+0000\",\"flow_id\":767556455107158,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.43\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":37508,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.njkmd.cn\",\"url\":\"/skins/197801/images/map.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.524w.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1460},\"files\":[{\"filename\":\"/skins/197801/images/map.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":1460,\"tx_id\":3}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":41,\"pkts_toclient\":56,\"bytes_toserver\":3740,\"bytes_toclient\":72028,\"start\":\"2026-03-23T02:47:54.985686+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-23T02:47:57Z","timestamp":1774234077,"ip_dst":{"addr":"Client IP","port":37516,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-23T02:47:57.829474+0000\",\"flow_id\":841232324102799,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.43\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":37516,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.njkmd.cn\",\"url\":\"/skins/197801/images/banner02.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.524w.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2047},\"files\":[{\"filename\":\"/skins/197801/images/banner02.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":2047,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":94,\"pkts_toclient\":111,\"bytes_toserver\":6214,\"bytes_toclient\":155466,\"start\":\"2026-03-23T02:47:54.985743+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-23T02:47:57Z","timestamp":1774234077,"ip_dst":{"addr":"Client IP","port":60228,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.38","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-23T02:47:57.833759+0000\",\"flow_id\":1308267067973779,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.38\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":60228,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.njkmd.cn\",\"url\":\"/skins/197801/images/article_bt.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.524w.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":5,\"bytes_toserver\":662,\"bytes_toclient\":2585,\"start\":\"2026-03-23T02:47:55.237715+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-23T02:47:57Z","timestamp":1774234077,"ip_dst":{"addr":"Client IP","port":37484,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-23T02:47:57.852030+0000\",\"flow_id\":2147915994368462,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.43\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":37484,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.njkmd.cn\",\"url\":\"/skins/197801/images/ys_ico4.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.524w.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":169,\"pkts_toclient\":217,\"bytes_toserver\":10253,\"bytes_toclient\":317329,\"start\":\"2026-03-23T02:47:54.985550+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-23T02:47:58Z","timestamp":1774234078,"ip_dst":{"addr":"Client IP","port":37508,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-23T02:47:58.234371+0000\",\"flow_id\":767556455107158,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.43\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":37508,\"proto\":\"TCP\",\"tx_id\":4,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.njkmd.cn\",\"url\":\"/skins/197801/images/foot_tel.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.524w.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2054},\"files\":[{\"filename\":\"/skins/197801/images/foot_tel.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":2054,\"tx_id\":4}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":47,\"pkts_toclient\":64,\"bytes_toserver\":4458,\"bytes_toclient\":81531,\"start\":\"2026-03-23T02:47:54.985686+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-23T02:47:58Z","timestamp":1774234078,"ip_dst":{"addr":"Client IP","port":60228,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.38","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-23T02:47:58.372292+0000\",\"flow_id\":1308267067973779,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.38\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":60228,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.njkmd.cn\",\"url\":\"/skins/197801/images/zx_bg.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.524w.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1460},\"files\":[{\"filename\":\"/skins/197801/images/zx_bg.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":1460,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":10,\"bytes_toserver\":1191,\"bytes_toclient\":8111,\"start\":\"2026-03-23T02:47:55.237715+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-23T02:47:58Z","timestamp":1774234078,"ip_dst":{"addr":"Client IP","port":37468,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-23T02:47:58.439285+0000\",\"flow_id\":2244020182583670,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.43\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":37468,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.njkmd.cn\",\"url\":\"/skins/197801/images/news_bt.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.524w.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1416},\"files\":[{\"filename\":\"/skins/197801/images/news_bt.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":1416,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":11,\"pkts_toclient\":12,\"bytes_toserver\":2092,\"bytes_toclient\":7884,\"start\":\"2026-03-23T02:47:54.985462+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-23T02:48:08Z","timestamp":1774234088,"ip_dst":{"addr":"Client IP","port":37494,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-23T02:48:08.366791+0000\",\"flow_id\":1615816791034410,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.43\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":37494,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.njkmd.cn\",\"url\":\"/skins/197801/images/ys_ico3.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.524w.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2085},\"files\":[{\"filename\":\"/skins/197801/images/ys_ico3.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2085,\"tx_id\":3}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":107,\"pkts_toclient\":181,\"bytes_toserver\":7425,\"bytes_toclient\":255984,\"start\":\"2026-03-23T02:47:54.985642+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-23T02:48:08Z","timestamp":1774234088,"ip_dst":{"addr":"Client IP","port":37484,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-23T02:48:08.618957+0000\",\"flow_id\":2147915994368462,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.43\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":37484,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.njkmd.cn\",\"url\":\"/skins/197801/images/about_bg.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://www.524w.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":1691},\"files\":[{\"filename\":\"/skins/197801/images/about_bg.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":3605,\"tx_id\":3}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":174,\"pkts_toclient\":222,\"bytes_toserver\":10893,\"bytes_toclient\":320925,\"start\":\"2026-03-23T02:47:54.985550+0000\"}}"}],"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"test.xinxiyidiantong.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"www.3152018.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"hm.baidu.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"1999-10-11","domain_rank":54491,"first_seen":"2012-05-26T08:38:45Z","last_seen":"2026-03-16T02:58:13.619816Z","alert_count":0,"request_count":2,"received_data":175,"sent_data":870,"comment":"","tags":null,"fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.njkmd.cn","ip":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":24,"request_count":29,"received_data":1257277,"sent_data":10687,"comment":"","tags":null,"fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}]},{"fqdn":"img63.jc35.com","ip":{"addr":"117.187.133.33","port":80,"asn":138407,"as":"The Internet Data Center of Guizhou Mobile Communication Company Limited","country":"China","country_code":"CN"},"domain_registered":"2007-11-24","domain_rank":0,"first_seen":"2013-11-29T19:58:09Z","last_seen":"2025-11-16T06:56:17.313944Z","alert_count":0,"request_count":4,"received_data":794,"sent_data":1968,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"img50.jc35.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2007-11-24","domain_rank":0,"first_seen":"2017-12-29T07:51:09Z","last_seen":"2026-01-14T21:06:38.678501Z","alert_count":0,"request_count":2,"received_data":320,"sent_data":832,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"524w.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2016-07-13","domain_rank":0,"first_seen":"2026-03-23T02:48:18.510808Z","last_seen":"2026-03-23T02:48:18.510808Z","alert_count":0,"request_count":2,"received_data":188,"sent_data":870,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"collect-v6.51.la","ip":{"addr":"43.159.107.113","port":80,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"domain_registered":"2005-01-17","domain_rank":348646,"first_seen":"2021-03-08T16:03:54Z","last_seen":"2026-03-16T04:41:01.468216Z","alert_count":0,"request_count":2,"received_data":718,"sent_data":772,"comment":"","tags":null,"fingerprints":null},{"fqdn":"bofacai.com","ip":{"addr":"143.92.57.23","port":31155,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"domain_registered":"2023-08-26","domain_rank":0,"first_seen":"2017-06-30T11:25:55Z","last_seen":"2026-03-19T21:12:03.934917Z","alert_count":0,"request_count":1,"received_data":3192,"sent_data":752,"comment":"","tags":null,"fingerprints":[{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"test.xinxiyidiantong.com","ip":{"addr":"27.124.44.50","port":2096,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"domain_registered":"2019-08-03","domain_rank":0,"first_seen":"2021-06-25T14:04:50Z","last_seen":"2026-03-21T06:33:27.022221Z","alert_count":13,"request_count":13,"received_data":230864,"sent_data":6200,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"www.524w.com","ip":{"addr":"104.140.173.178","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"domain_registered":"2016-07-13","domain_rank":0,"first_seen":"2026-03-23T02:48:18.523836Z","last_seen":"2026-03-23T02:48:18.523836Z","alert_count":0,"request_count":38,"received_data":1571870,"sent_data":14385,"comment":"","tags":null,"fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"jQuery:3.6.0","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Swiper","description":"Swiper is a JavaScript library that creates modern touch sliders with hardware-accelerated transitions.","website":"https://swiperjs.com","common_platform_enumeration":"","icon":"Swiper.svg","categories":["JavaScript libraries"]}]},{"fqdn":"www.jc35.com","ip":{"addr":"180.163.146.42","port":443,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"domain_registered":"2007-11-24","domain_rank":0,"first_seen":"2013-05-01T09:11:06Z","last_seen":"2026-03-20T13:36:34.510615Z","alert_count":0,"request_count":2,"received_data":5994,"sent_data":1334,"comment":"","tags":null,"fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Microsoft ASP.NET:4.0.30319","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}]},{"fqdn":"img57.jc35.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2007-11-24","domain_rank":0,"first_seen":"2024-10-18T03:42:40.947854Z","last_seen":"2025-08-16T05:26:32.186967Z","alert_count":0,"request_count":5,"received_data":791,"sent_data":2420,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"img62.jc35.com","ip":{"addr":"183.234.97.83","port":80,"asn":9808,"as":"China Mobile Communications Group Co., Ltd.","country":"China","country_code":"CN"},"domain_registered":"2007-11-24","domain_rank":0,"first_seen":"2013-11-29T19:58:06Z","last_seen":"2026-01-09T21:51:15.427727Z","alert_count":0,"request_count":2,"received_data":398,"sent_data":984,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}]},{"fqdn":"img56.jc35.com","ip":{"addr":"36.99.7.58","port":80,"asn":139018,"as":"Henan Luoyang IDC","country":"China","country_code":"CN"},"domain_registered":"2007-11-24","domain_rank":0,"first_seen":"2017-02-07T08:28:53Z","last_seen":"2026-03-20T13:36:34.562805Z","alert_count":0,"request_count":4,"received_data":793,"sent_data":1968,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"www.3152018.com","ip":{"addr":"27.124.44.6","port":8259,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"domain_registered":"2017-11-20","domain_rank":0,"first_seen":"2017-12-01T15:11:57Z","last_seen":"2026-03-21T08:50:54.391131Z","alert_count":1,"request_count":1,"received_data":5793,"sent_data":417,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"push.zhanzhang.baidu.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"1999-10-11","domain_rank":1485849,"first_seen":"2015-07-22T05:44:02Z","last_seen":"2026-03-19T01:54:50.296368Z","alert_count":0,"request_count":1,"received_data":0,"sent_data":335,"comment":"","tags":null,"fingerprints":null},{"fqdn":"img45.jc35.com","ip":{"addr":"183.234.97.83","port":80,"asn":9808,"as":"China Mobile Communications Group Co., Ltd.","country":"China","country_code":"CN"},"domain_registered":"2007-11-24","domain_rank":0,"first_seen":"2025-06-14T09:00:00.644909Z","last_seen":"2026-03-20T13:36:34.3304Z","alert_count":0,"request_count":2,"received_data":321,"sent_data":832,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"img64.jc35.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2007-11-24","domain_rank":0,"first_seen":"2013-12-09T06:51:49Z","last_seen":"2026-01-09T21:51:16.744121Z","alert_count":0,"request_count":2,"received_data":397,"sent_data":984,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"sdk.51.la/js-sdk-pro.min.js","fqdn":"sdk.51.la","domain":"51.la","tld":"la"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"b8a41c9449b73e8ba0224c6be1f0b7e8","sha1":"33d79319d4110bcf5c44c36f7dd4a291972ac546","sha256":"52079c09a7355f4ce3af750602ebb9aebae8238583601f8a06268eecccf13565","sha512":"472d0395a65a3ade2d215559b196a88ffcdacde3ac0f573eb8663b524f201d72c9339bcacbc198d82452a0ac367c0efd407b12795943cdd2755d95a8cf71b977","ssdeep":"768:swetbD3SkE+a/l1jaKUiQU5eqEh9GMXBOXAA/EXBeJMlbJfuPT:BetbD3SVT/3+KUc5eqEh9GMXBYEXBeJ7","tlshash":"dbf23d9577c0317cc3c783ea362b501ae1a69e910059a8bcf345f6907d34e56a37fba8","size":36114,"data":"","first_seen":"2025-03-10T03:40:31.536734Z","last_seen":"2026-04-05T07:45:35.102707Z","times_seen":81715,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"chat.jc35.com/chat/KFCenterBox/197801","fqdn":"chat.jc35.com","domain":"jc35.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"197d1b492463d5aca32b4d9e7dbe1545","sha1":"75139096f18ce60275a75afa3271f8f2a062589d","sha256":"f0f40bc2631b0d7ec3fcdfb0d24a4e9a12de938ef2bae428da331ec7731e59af","sha512":"244c82fc6206bfda8c68b0f8390122e1aa2c2fe4eb236ec1a87219bd901481694ddc611bcc99333f106fade34abf3cc136f19c04a2829d9dac244b09be9a7300","ssdeep":"","tlshash":"0b90023209a10052711410915943e1456595959129de9915a000046572529539906d51","size":48,"data":"","first_seen":"2023-03-13T02:33:14Z","last_seen":"2026-03-29T21:47:46.962461Z","times_seen":113,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.524w.com/skins/197801/js/jquery-3.6.0.min.js","fqdn":"www.524w.com","domain":"524w.com","tld":"com"},"ip":{"addr":"104.140.173.178","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"bca813b98301491f92e4dd010c283161","sha1":"b2089f223aca2065f95df86a8348b12d429929b5","sha256":"07aa40890d0e075c167808ec0d2612525ba305dc20881e0fc3dc5549d701dce4","sha512":"8595d0160c3f30ea8d0f4de3f8cb86e6cc0ed4e8680c5f6f843c2409a2518465c07c365cdcf7608c4988e5f8fcc742c545fa24d47d42e6989331e5070c1586b2","ssdeep":"1536:ajExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiXYmQ1vy:aIh8GgP3hujzwbhdXXvxiDQ47GKn","tlshash":"a79309ddb2c6702257a720ba007f510bf236199d6c4d8450f169d8eabc78a4e827bf7d","size":89405,"data":"","first_seen":"2023-05-10T09:17:04Z","last_seen":"2026-03-28T00:31:05.158738Z","times_seen":126,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.524w.com/","fqdn":"www.524w.com","domain":"524w.com","tld":"com"},"ip":{"addr":"104.140.173.178","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"2ca6413202bfb31900c45586b3997079","sha1":"0dc5ba5d96566ce6c3f832786e777134127359f7","sha256":"e0b7596c5338ebce668d045f223b96efad1412e6bcbf4019d553ad3982f0a885","sha512":"4e4a14a71bf483dc68f7a1beb5ec12153ee5d1906590eea171e52f3bc36e4f341395ef75e9dac50ef099e758b59d3456f2a0ec3d7f6b78feb0413a437d4e009c","ssdeep":"","tlshash":"ef9002450911949434171a411115614616858d22406082203c5174082a201691f5a540","size":47,"data":"","first_seen":"2026-03-23T02:48:48.093153Z","last_seen":"2026-03-23T02:48:48.093153Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.524w.com/","fqdn":"www.524w.com","domain":"524w.com","tld":"com"},"ip":{"addr":"104.140.173.178","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"01300396922c6c74f3aa4776f7da76ed","sha1":"54a4cc6d2e8d5bb4f6f2fe26a1dbde14e9a6d150","sha256":"e58f7e8357162d03ff886a44b8c898560b18c072bd2654f35ab98df86924af86","sha512":"89b6bad9ef63dc97c8438a0978055eac1fe9d574e67236a5050549f7a29fdecf9b5ffe84872cdda98c24742aa32fbeadcd7494ccb19e33d459f8e66607bd8ef8","ssdeep":"","tlshash":"f021d4f7e6d744b20aa7d2fbb33057b8e8d1401fcd119ad2e5ac12650668e42b117e85","size":1399,"data":"","first_seen":"2026-03-23T02:48:48.094266Z","last_seen":"2026-03-23T02:48:48.094266Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.524w.com/jquery.la.min.js","fqdn":"www.524w.com","domain":"524w.com","tld":"com"},"ip":{"addr":"104.140.173.178","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"4960570e1b85d346b1a0abecf81b4214","sha1":"ffc86490240f4bc0a5de16e6d769763b675b9571","sha256":"125a7cd35863018a5f6b22ffab23411b8aa42117e11cf5ecdc11cec3bfa128f8","sha512":"3078aaab8ee8a3d63cac07b708e14fcf4da82611527a9eee207f6efacd8cf8290427bf787116f968237e5e610075d83eed20b3c514e0725a81aa8f171613f370","ssdeep":"","tlshash":"1021ce5f7c45e1246b962a7523bbdaace9ee1069200ec80655dac46c7c28ff50426b4c","size":1370,"data":"","first_seen":"2024-08-31T08:32:29.309178Z","last_seen":"2026-03-23T02:48:48.067901Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.524w.com/","fqdn":"www.524w.com","domain":"524w.com","tld":"com"},"ip":{"addr":"104.140.173.178","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"9ed1e1209620eeabd6b9af2d73ad6fe1","sha1":"fb9b06133a29aed39f333dc5e346119612e622b5","sha256":"1a6af937edff0c320214195f0ceccaf55d79092e906dcd2f53cd1cba99737c64","sha512":"17d33c8271288f3c1316ac938835e48b9d443ac422644a98ef82d58ba00ada0746304a23a2305dd3af698d2f9a5f7dd2939c765d87a3de9ef406a441b821ad09","ssdeep":"","tlshash":"97a0122d3190770210010003a662080b29521074c040843c6e905184043cc188381c8a","size":79,"data":"","first_seen":"2026-03-23T02:48:48.095352Z","last_seen":"2026-03-23T02:48:48.095352Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.524w.com/","fqdn":"www.524w.com","domain":"524w.com","tld":"com"},"ip":{"addr":"104.140.173.178","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"d78d285dd65d00b2feedd314c75d318f","sha1":"b1f6341bd689a0cb55db36efef38da0b1919ad78","sha256":"502092ccdc20141ef625a5a243985a688f820b46c0368216e23c068d4181bd69","sha512":"48a4f747cd2748465417cde4fd756dc12364808ac77c84a7ce4cc3bc6af4503ae1679ed7db156d2b95d0996d4601104e75e9a6f6774317215f42f3242a15d900","ssdeep":"","tlshash":"ecb012bb3d511c7402ce3137101c43903806c3575ba01d4270bc1261cb10d0296a5f58","size":100,"data":"","first_seen":"2024-08-04T05:55:23Z","last_seen":"2026-03-29T12:28:02.681898Z","times_seen":21,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.524w.com/jquery.min.js","fqdn":"www.524w.com","domain":"524w.com","tld":"com"},"ip":{"addr":"104.140.173.178","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"ca4a5c91d649d6ef4f2864ba255066d6","sha1":"9b682f3fa9816b13aaa5bbba180871e62e195d09","sha256":"eae9bc45513eb40d3f1be60968ce86818a8537211d7e624f57fba1b9eaf66f1a","sha512":"a223dee8569bb4289262d351d1b4e3a2f4365f335553e44dddc6768aeac2a363d87a6a09d37da8b5f5e486498c73b8e494265443b0a49d5fa079e3fdcffb0786","ssdeep":"","tlshash":"00011dd8d7c4e89b6edd9c53ed15decb21b2813ba2d972838328fe8c056a199c85d448","size":689,"data":"","first_seen":"2023-03-10T19:56:12Z","last_seen":"2026-03-23T02:48:48.046956Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.3152018.com:8259/a/acai/sj.js","fqdn":"www.3152018.com","domain":"3152018.com","tld":"com"},"ip":{"addr":"27.124.44.6","port":8259,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"06958162d016d1c1409e7cb7d7318456","sha1":"93478f5ff2937b26363735bfbb58bef56c64f7bc","sha256":"2d35bf1c8badcd4cb53cfb025674a8d48bb6d8a45c277f95d6f1d359257a87c5","sha512":"91c0f027e3098364de7676704a8c890e556e297ac9d6e52fdd18f6096bef9d72d3986f42d432435505bd9821f9df6c9ec43901dfc668f46ffc81089eeecdbf84","ssdeep":"96:AJBKXln3rsMim3bnnkBO91Fjkp8UYgGUsddZ8HVus2d4WgISL/DyPVF9ektCYQ7H:AvKXV/Zlkp+gGUsddWVu9d4WgISL/DkM","tlshash":"33b1fe981282984f378f1dc3ae60fa697172d07a33843643c399b5e865e4573d1ce63e","size":5445,"data":"","first_seen":"2023-11-28T17:51:09Z","last_seen":"2026-04-02T23:10:06.251656Z","times_seen":109,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"chat.jc35.com/chat/KFLeftBox/197801","fqdn":"chat.jc35.com","domain":"jc35.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"197d1b492463d5aca32b4d9e7dbe1545","sha1":"75139096f18ce60275a75afa3271f8f2a062589d","sha256":"f0f40bc2631b0d7ec3fcdfb0d24a4e9a12de938ef2bae428da331ec7731e59af","sha512":"244c82fc6206bfda8c68b0f8390122e1aa2c2fe4eb236ec1a87219bd901481694ddc611bcc99333f106fade34abf3cc136f19c04a2829d9dac244b09be9a7300","ssdeep":"","tlshash":"0b90023209a10052711410915943e1456595959129de9915a000046572529539906d51","size":48,"data":"","first_seen":"2023-03-13T02:33:14Z","last_seen":"2026-03-29T21:47:46.962461Z","times_seen":113,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.524w.com/skins/197801/js/swiper.min.js","fqdn":"www.524w.com","domain":"524w.com","tld":"com"},"ip":{"addr":"104.140.173.178","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"1e33bda58358018f5834074fe965a358","sha1":"50b5192a2a0b1986ed45d640a293d20995de6e62","sha256":"417acb52d4205039dae2566bb7992f78edf01883bcfd2dcbf240a47f7a60b5e9","sha512":"748fb3c961900a3f45a702afae24d0e9164bd96896b0f5e11094f2a6e59ff4d1eebbb80794978195ab67dd7a6bd497a6bf8f8f9760add80c3fd1349d6ac62c55","ssdeep":"1536:dyOkN3TklR3ZIFD7+Y7n2L5ydUTq0tSQfCBTZ:QTF73uTqX","tlshash":"6693d66db314f3e295d3214a679ac64122f21706b849dae870b54c4a68bcc5d03bffbd","size":96140,"data":"","first_seen":"2024-08-19T14:43:35.303361Z","last_seen":"2026-04-04T22:45:47.058401Z","times_seen":44,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.524w.com/","fqdn":"www.524w.com","domain":"524w.com","tld":"com"},"ip":{"addr":"104.140.173.178","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"158ea8694295f3ab48ab6988ce3640e4","sha1":"c57f5401d360b87a416e9182502b77d3e2f01073","sha256":"7d4e99876eb8afee68a2a281f71e3edfcb183c50c6a9a93004fb1abf1a9994b8","sha512":"c964ce69bfa2e9477259858eb387467ae89ce29750931b56e9bf3abca8df4c992880958b62eac46c96285cc2d9587aee4d41560adde5179e0f62eb6af806e332","ssdeep":"","tlshash":"3d012680802920778673e23b1c3f6211aa6b8287d8fe2cb474dd0100cf2925d5afebb0","size":823,"data":"","first_seen":"2024-08-04T05:55:23Z","last_seen":"2026-03-29T12:28:02.683454Z","times_seen":18,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.524w.com/","fqdn":"www.524w.com","domain":"524w.com","tld":"com"},"ip":{"addr":"104.140.173.178","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"e6585d13a4a831e6500bc87596173fe3","sha1":"6b5f7e21aeddf33da5d4eab280896355069aa6c9","sha256":"3ecb076402c343c9ddf4ddb9efd7136f4b20c3e51498b5ffa2bb3213e009ccdb","sha512":"eb49c8fdbb9300cb9979f2b248b1b0c3d78a625a29a8a5f586df333dca6e00d6a7eec43893550c31059331f7ca1f70ca27d9c39f46e72640e6d8f8a7042d452a","ssdeep":"","tlshash":"3df09eaee841a5546ec724f8579bda48d09e1468d00bc843a5d5c4cd3c38fd5042234c","size":502,"data":"","first_seen":"2024-08-31T08:32:29.340977Z","last_seen":"2026-03-23T02:48:48.098599Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.524w.com/","fqdn":"www.524w.com","domain":"524w.com","tld":"com"},"ip":{"addr":"104.140.173.178","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"999ef18aba2b1fb6fcecde323e44eeac","sha1":"176d0f6ec41d0101c43317782103554c76909efd","sha256":"c7f626e893eff3d2d7a5c31a94c96144cc3017211ce63d3d55c0e40a4badd86b","sha512":"bb7f1e95b1feed56c4246c7ae14208a1c2198ca9143e4795074f7fdf45ecb4baa2b7a5b07721da341ac1370cf04576554e81841984f631c224b309afc983dd80","ssdeep":"","tlshash":"2ff09e6ed841a2541ad336b897dfd648d05e0038d00bc413a4d6d4cd2c38fc5242674c","size":502,"data":"","first_seen":"2024-08-31T08:32:29.349606Z","last_seen":"2026-03-23T02:48:48.100629Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.jc35.com/asyncstat.aspx?u=KMD2014\u0026referer=\u0026title=9001cc%20%u4EE5%u8BDA%u4E3A%u672C%28%u4E2D%u56FD%29%u6709%u9650%u516C%u53F8-Baidu%u767E%u79D1","fqdn":"www.jc35.com","domain":"jc35.com","tld":"com"},"ip":{"addr":"180.163.146.42","port":443,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":true,"md5":"aec5275a8ae4cb4325bdd2307627f421","sha1":"fe9cffda8b894866fcaf6502d625e5bf20833787","sha256":"91f192e7842060c955e543df80fcaf6f3442e5236338874370ad4a37fb5dd96c","sha512":"1296d509b370703e36ccb05243c373ce73c03003202c28b957bd7053c085c8c52953c19ec77545a1607f253742c1aefc50db64161f07763cafb39fc3c9f48585","ssdeep":"","tlshash":"30f097664400e7fe8901bcedeea1e700c20b0f2f3062d633a2230181262147bb0ec9eb","size":490,"data":"","first_seen":"2026-03-23T02:48:48.10216Z","last_seen":"2026-03-23T02:48:48.10216Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.524w.com/js/JSChat.js","fqdn":"www.524w.com","domain":"524w.com","tld":"com"},"ip":{"addr":"104.140.173.178","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"c585663f5b83e34d09092e44326b9377","sha1":"498b43fec7eb7cb801257cc121f97c12be542abc","sha256":"97da6e4048ee96ed0c9d00a4f87b00c26adb4af9af53df68e5d8b6669f4bb690","sha512":"5e9a059d9ff3f80b3aa58f6411925c2744e579450f08885deaf41bbdfcb95af3254195a4fde2454047d63838ec6a4eb5cd4d3b213bf1d94df9d5d30ba86f44e9","ssdeep":"","tlshash":"7731dfb28913d31609194e63c716174ca267915b9103e9623d3d7e643f88d2bb3997f0","size":1622,"data":"","first_seen":"2024-01-31T06:36:47Z","last_seen":"2026-04-05T04:58:55.073774Z","times_seen":497,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.jc35.com/mystat.aspx?u=KMD2014","fqdn":"www.jc35.com","domain":"jc35.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"a065d0d66728362f6ca827b9a7845fe8","sha1":"f7b6bf361136784d8f9cdcd58caec331521aba18","sha256":"5d7525c6fb585fd13173f4b0fb0137877914002e3ba402fa5a13d69da5e77167","sha512":"9f903cb839330f7484a3d29fa204d15b1be2b5e8542b336bc1a0a796281005fdd2e0d97dd441925331ece04cf847c50b1492cc7796163a1d4681866d449c930f","ssdeep":"","tlshash":"28214d541d06c0a4bc36713d89bbc13cd2a11a273869d73278ccad084f78fa525deeea","size":1356,"data":"","first_seen":"2026-03-23T02:48:48.103912Z","last_seen":"2026-03-23T02:48:48.103912Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.524w.com/","fqdn":"www.524w.com","domain":"524w.com","tld":"com"},"ip":{"addr":"104.140.173.178","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"b3bf742b87eab13561c08070eaee6416","sha1":"fd4c07a8cccbfa6136825ee1e464c182ac0ad0d1","sha256":"95f8b67817f438cf0f147a83f95ae7c2846cf875691a1836239095cdf98f752b","sha512":"8dc25424a6738fabba8148bd305777d8238168992299a9ac467547678048ad60eb9cf1a50b98e3bbac3ec89e205f34ad100a3bbeefd4c38266d0663df0cf0afb","ssdeep":"","tlshash":"c1e026aa29721674578419fa992ff92cf1aa627c0554e003f58dfc230424eef4e2ead5","size":345,"data":"","first_seen":"2023-03-11T21:10:52Z","last_seen":"2026-04-05T04:58:55.074767Z","times_seen":2795,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"sdk.51.la/js-sdk-pro.min.js","fqdn":"sdk.51.la","domain":"51.la","tld":"la"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"b8a41c9449b73e8ba0224c6be1f0b7e8","sha1":"33d79319d4110bcf5c44c36f7dd4a291972ac546","sha256":"52079c09a7355f4ce3af750602ebb9aebae8238583601f8a06268eecccf13565","sha512":"472d0395a65a3ade2d215559b196a88ffcdacde3ac0f573eb8663b524f201d72c9339bcacbc198d82452a0ac367c0efd407b12795943cdd2755d95a8cf71b977","ssdeep":"768:swetbD3SkE+a/l1jaKUiQU5eqEh9GMXBOXAA/EXBeJMlbJfuPT:BetbD3SVT/3+KUc5eqEh9GMXBYEXBeJ7","tlshash":"dbf23d9577c0317cc3c783ea362b501ae1a69e910059a8bcf345f6907d34e56a37fba8","size":36114,"data":"","first_seen":"2025-03-10T03:40:31.536734Z","last_seen":"2026-04-05T07:45:35.102707Z","times_seen":81715,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"6303752ce1e62a0fe7697ac66960ba00","sha1":"c64bc35763418e2d6220d7ce789662a05e1254eb","sha256":"d7acb0281adcfd83a449901b406fe61a69f2c3dbb85a51d6bd690a4a42854033","sha512":"2c1e60c7087c573d57df0c937c3b143365cedcb91e19768f6cfd6e8b9fc84ae202e4b44f2915936bc67d787ecd291424f70fcdcedd6931502478aacb34d7b0fa","ssdeep":"","tlshash":"f0b09257ac21c88aa1008bc8e5b2f47cc066b12ed1a1ecc8c9e5359822c5ad899616a1","size":126,"data":"","first_seen":"2023-03-10T19:56:12Z","last_seen":"2026-03-23T02:48:48.105575Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"4c1aa3d4bcbb3db5ab9bc0ec4a74d749","sha1":"352ad61503d8b80de00dbbc87053d40846390e96","sha256":"da97ad773be8330f5eb201a49a9b3f302b9b274ed782fa078f8703b69010f392","sha512":"d9f6f21d2a18948af5274843857d8f0e730e3f8e2ef8ea2b5c85e851087c7fb6a8d0fa86c8b44844ed1d870ffb73c3529f06257fd537e8c49c6ae06d71296480","ssdeep":"","tlshash":"78d097ab8d810062086132c9b0d6ab3b9343090e2fd40b342ce81459e10826c4da2257","size":226,"data":"","first_seen":"2026-03-23T02:48:48.106796Z","last_seen":"2026-03-23T02:48:48.106796Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"7ca92abcbfcc666ef2c3fbae1fdc020f","sha1":"fdbc4149e79bf9d500c357904bd54655e27f9e8c","sha256":"9f34facf017c10aefe874a538539762ad71d9ed46ece9f59c31283467c6cb030","sha512":"5d61b8293a89edb86ab89337ca0789d50bd6c8585af210128b7666e6c161b892806eee26492ce1cf566424022bdfa19423cfbfab726cc518c8d75f8f82d407e7","ssdeep":"","tlshash":"a9f046761881580f6370c235f8dab495e9428547926c9496f08830df5ff0fa8d4d329d","size":601,"data":"","first_seen":"2023-12-03T01:45:17Z","last_seen":"2026-04-02T10:33:58.868058Z","times_seen":30,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"175e15cbbe4e095aaf990591af5fd300","sha1":"1cd44a5508caef49bc99fd7c281933da8a01bb9f","sha256":"85d20042e5fbab8c9144e86c42447d456f581c1696ab5586e8498baba6fb1343","sha512":"694d10b275e12bea086bf288dce9e997b13ae49e20efbd756f9d3bfd28dfb55dd83b340edbc18f7ee41ed53a51140ed494ed9ee9d7cd022f4f49373f40db0800","ssdeep":"","tlshash":"11f09e6f5c81e6541ad336a897efd24cc05e0038500bc413a4d6d4cd3c38fd5282674c","size":508,"data":"","first_seen":"2024-08-31T08:32:29.35599Z","last_seen":"2026-03-23T02:48:48.109533Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"d269dc92164188c9d1456176c893fd80","sha1":"5f08fbea4903b7192c23de680b0a5b4a10646142","sha256":"cf87ddbf515cce49341dfd7d2fd8a80dfcff71dbbce0de00a104d5df7f036b66","sha512":"6516ab2aad14e3a23c517ecccc9fb181faf25f8a187fb7b559f700f1cac17fc15c748704fa951b428cd12e3bb01cc54598f2c49e41e83b8b07f4972d4dd33f5f","ssdeep":"","tlshash":"82f09eae6c81e5545ed724e857abd64cc09e1468100bc843b5d5c4cd3c38fe5042634c","size":508,"data":"","first_seen":"2024-08-31T08:32:29.361158Z","last_seen":"2026-03-23T02:48:48.120802Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]},"http":[{"url":{"schema":"https","addr":"hm.baidu.com/hm.js?6a18ba57357be31cd4e3b79072d78dba","fqdn":"hm.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:53.514Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /hm.js?6a18ba57357be31cd4e3b79072d78dba HTTP/1.1\r\nHost: hm.baidu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.524w.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1482,"timings":{"blocked":-1,"dns":1482,"connect":247,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.njkmd.cn/skins/197801/images/navbg.png","fqdn":"www.njkmd.cn","domain":"njkmd.cn","tld":"cn"},"ip":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:53.744Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/images/navbg.png HTTP/1.1\r\nHost: www.njkmd.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.524w.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 983\r\nConnection: keep-alive\r\nDate: Mon, 23 Mar 2026 02:47:55 GMT\r\nLast-Modified: Mon, 28 Aug 2023 01:43:37 GMT\r\nAccept-Ranges: bytes\r\nETag: \"802a1c1051d9d91:0\"\r\nX-Powered-By: AN-115.4.176\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nContent-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;\r\nX-Content-Type-Options: nosniff\r\nVia: cache49.l2cn2647[68,67,200-0,M], cache67.l2cn2647[69,0], kunlun6.cn7174[82,82,200-0,M], kunlun10.cn7174[119,0]\r\nAli-Swift-Global-Savetime: 1774234075\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 23 Mar 2026 02:47:55 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921e17742340756961648e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":983,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1 x 58, 8-bit/color RGB, non-interlaced","md5":"fbf7a373f75befc5b14f4f321f7b5c72","sha1":"bab1820758c4de6f20a0020a3f1627176eaf3f38","sha256":"54fbe1408a7a58d2508f67a8fe121f81218d18fd5825916c6ecbe082d8a84442","sha512":"50d0c46d177c3225672880f8d49cb07aab4cabb11f49b96f308a0f7caaf835b7a015bc6f96569b660908b1a4a6865bb0bf964eb01f3e6043df54f57c1932cd9a","ssdeep":"","tlshash":"1c11540cf9506d8263dfe5c224fb7027ad7289409dd0e525bdcec41be8b25b604590d7","first_seen":"2024-08-19T14:43:35.31367Z","last_seen":"2026-03-29T12:28:02.643238Z","times_seen":16,"resource_available":false,"data":null}},"time_used":2259,"timings":{"blocked":1859,"dns":0,"connect":0,"send":0,"wait":399,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-23T02:47:56Z","timestamp":1774234076,"ip_dst":{"addr":"172.18.0.16","port":37486,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-23T02:47:56.275695+0000\",\"flow_id\":1856889010391548,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.43\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":37486,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.njkmd.cn\",\"url\":\"/skins/197801/images/navbg.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.524w.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":983},\"files\":[{\"filename\":\"/skins/197801/images/navbg.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":983,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":24,\"pkts_toclient\":36,\"bytes_toserver\":2419,\"bytes_toclient\":43535,\"start\":\"2026-03-23T02:47:54.985596+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"test.xinxiyidiantong.com:2096/images/2_1.jpg","fqdn":"test.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":2096,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:57.630Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"test.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 18 Mar 2026 02:32:06 GMT","end":"Tue, 16 Jun 2026 02:32:05 GMT"},"fingerprint":{"sha1":"F2:3E:4A:2C:AE:0F:1A:DC:04:1B:0A:91:04:E5:C8:80:09:CC:AD:F9","sha256":"C8:04:B0:6D:F6:48:F8:59:49:78:07:B9:83:C7:73:52:35:C4:D4:82:9E:3E:61:44:90:D3:1F:8A:03:C5:BD:87"}}},"request":{"raw":"GET /images/2_1.jpg HTTP/1.1\r\nHost: test.xinxiyidiantong.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://test.xinxiyidiantong.com:2096/images/style1.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 23 Mar 2026 02:47:58 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 11115\r\nLast-Modified: Fri, 22 Oct 2021 07:29:25 GMT\r\nConnection: keep-alive\r\nETag: \"61726855-2b6b\"\r\nExpires: Wed, 22 Apr 2026 02:47:58 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11115,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 350x80, components 3","md5":"088afa1a19d8f98fe3808e2471d9666e","sha1":"c5580afe6796b562e0cb6ca80516f4fb57504a39","sha256":"e311225d391d6c060f288026fcaf5f70c87230a6a86b16f7acf36e33c29ae14c","sha512":"42258aa415ece74bb59b31813b3bec7c2e39c8d638224e147ff77ca357c63a8f2d9fcc6dada5c4845d38ce450e13b6195274f8b6ffcc7231a18e5e932ad010b1","ssdeep":"192:mE56ohr2Gml8mR9gSc/ucAtPrmZo7/KKmUWNLnWk91PNu/Hm9kzJ:SoJs9EgDmZ0QhNykVuO4","tlshash":"70328e3d6bb1571ae187ec3370ba83ab596e20c1f14f3035b632caeb45751913742d99","first_seen":"2023-05-06T09:29:06Z","last_seen":"2026-04-04T22:45:47.069306Z","times_seen":1329,"resource_available":false,"data":null}},"time_used":1446,"timings":{"blocked":1152,"dns":0,"connect":0,"send":0,"wait":294,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"test.xinxiyidiantong.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"img63.jc35.com/gxhpic_dd6cece70c/dca1878fece157b16b3bf7df3b8e8b9cd94e24a084a2242efe984c088e9eec0c17c875a79f10da85_280_280_5.jpg","fqdn":"img63.jc35.com","domain":"jc35.com","tld":"com"},"ip":{"addr":"117.187.133.33","port":80,"asn":138407,"as":"The Internet Data Center of Guizhou Mobile Communication Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:51.739Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /gxhpic_dd6cece70c/dca1878fece157b16b3bf7df3b8e8b9cd94e24a084a2242efe984c088e9eec0c17c875a79f10da85_280_280_5.jpg HTTP/1.1\r\nHost: img63.jc35.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.524w.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nServer: openresty\r\nDate: Mon, 23 Mar 2026 02:47:55 GMT\r\nContent-Type: text/html\r\nContent-Length: 166\r\nConnection: keep-alive\r\nLocation: https://img63.jc35.com/gxhpic_dd6cece70c/dca1878fece157b16b3bf7df3b8e8b9cd94e24a084a2242efe984c088e9eec0c17c875a79f10da85_280_280_5.jpg\r\nX-CCDN-REQ-ID-46B1: 59821e5e2cde3aec0f9762ed04985f3a\r\nvia: CHN-GZguiyang-CMCC7-CACHE4[0]\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":4223,"timings":{"blocked":1012,"dns":2563,"connect":0,"send":0,"wait":215,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.njkmd.cn/skins/197801/images/logo.jpg","fqdn":"www.njkmd.cn","domain":"njkmd.cn","tld":"cn"},"ip":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:52.965Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/images/logo.jpg HTTP/1.1\r\nHost: www.njkmd.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.524w.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/jpeg\r\nContent-Length: 38852\r\nConnection: keep-alive\r\nDate: Mon, 23 Mar 2026 02:47:55 GMT\r\nLast-Modified: Mon, 28 Aug 2023 02:25:01 GMT\r\nAccept-Ranges: bytes\r\nETag: \"807cb0d856d9d91:0\"\r\nX-Powered-By: AN-115.4.176\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nContent-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;\r\nX-Content-Type-Options: nosniff\r\nVia: cache41.l2cn3059[28,28,200-0,M], cache28.l2cn3059[30,0], kunlun8.cn7174[42,41,200-0,M], kunlun10.cn7174[45,0]\r\nAli-Swift-Global-Savetime: 1774234075\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 23 Mar 2026 02:47:55 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921e17742340753518173e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":38852,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=130, bps=158, PhotometricInterpretation=RGB, orientation=upper-left, width=719], baseline, precision 8, 719x130, components 3","md5":"39c5cdde5d375ef62f79a6a2ab9afc5e","sha1":"e2e26a6f8e3b8c8974eacb5fa2e85a91e4e5923b","sha256":"dc78d41c93bfb4f2f3edf2d389ee325a884ea64c75a01445dba4bb8cc8089226","sha512":"4b71cced48d20ce88e1c2b0c868c3bda0260a045b911dfa7a9114ec23507b8044828aeab23d6dc78abccb8200af4850a88db6935f92787315ed397ea1eb67298","ssdeep":"768:Jj9ehPDP59ehPLcGqImOss51qxDhpQCi6jffDnTKPBaVxt:7MP7MPAGoCzk3FjXDeEVr","tlshash":"0703d5658971bf11fd61083867a1ebfa010c2d5f47e61208bcddce4b77a3d9a649f882","first_seen":"2026-03-23T02:48:48.022919Z","last_seen":"2026-03-23T02:48:48.022919Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2637,"timings":{"blocked":-1,"dns":2022,"connect":272,"send":0,"wait":317,"receive":26,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-23T02:47:55Z","timestamp":1774234075,"ip_dst":{"addr":"172.18.0.16","port":37486,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-23T02:47:55.575136+0000\",\"flow_id\":1856889010391548,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.43\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":37486,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.njkmd.cn\",\"url\":\"/skins/197801/images/logo.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.524w.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":5,\"bytes_toserver\":656,\"bytes_toclient\":2621,\"start\":\"2026-03-23T02:47:54.985596+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"img45.jc35.com/3/20240812/638590582156768306775.jpg","fqdn":"img45.jc35.com","domain":"jc35.com","tld":"com"},"ip":{"addr":"183.234.97.83","port":80,"asn":9808,"as":"China Mobile Communications Group Co., Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:51.751Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /3/20240812/638590582156768306775.jpg HTTP/1.1\r\nHost: img45.jc35.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.524w.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nServer: openresty\r\nDate: Mon, 23 Mar 2026 02:47:55 GMT\r\nContent-Type: text/html\r\nContent-Length: 166\r\nConnection: keep-alive\r\nLocation: https://img45.jc35.com/3/20240812/638590582156768306775.jpg\r\nX-CCDN-REQ-ID-46B1: 27ea5d6872a616aa24926f2b10c35bc2\r\nvia: CHN-GDshantou-CMCC2-CACHE2[3]\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":3966,"timings":{"blocked":1064,"dns":2500,"connect":199,"send":0,"wait":203,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.njkmd.cn/skins/197801/images/ewm.jpg","fqdn":"www.njkmd.cn","domain":"njkmd.cn","tld":"cn"},"ip":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:52.969Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/images/ewm.jpg HTTP/1.1\r\nHost: www.njkmd.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.524w.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/jpeg\r\nContent-Length: 58565\r\nConnection: keep-alive\r\nDate: Mon, 23 Mar 2026 02:47:55 GMT\r\nLast-Modified: Mon, 28 Aug 2023 01:43:31 GMT\r\nAccept-Ranges: bytes\r\nETag: \"80a388c51d9d91:0\"\r\nX-Powered-By: AN-115.4.176\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nContent-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;\r\nX-Content-Type-Options: nosniff\r\nVia: ens-cache15.l2cn9026[55,55,200-0,M], ens-cache58.l2cn9026[56,0], kunlun3.cn7174[67,66,200-0,M], kunlun10.cn7174[68,0]\r\nAli-Swift-Global-Savetime: 1774234075\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 23 Mar 2026 02:47:55 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921e17742340753858338e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":58565,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=160, bps=158, PhotometricInterpretation=RGB, orientation=upper-left, width=160], progressive, precision 8, 160x160, components 3","md5":"7f7fb58bd459923fcdc72da78744c352","sha1":"85f23871397122b09ee2bf1beb236013a8c922ec","sha256":"97b1348c4b9be20751850c02937499d0da5e74076e2da6f70d21a4cda2ed1bbb","sha512":"9ca12548c2502f2ae4d7831be771f5229d0b30eb0ec149c4a8b6fad6ac02a60b1b97d9b30e73108865501739c58e64d72414ad3468e06033a60600741a409183","ssdeep":"1536:iwP0zdIUwP0zdIBq2kt+q2+hNuBptNAm3molw:i40T40OjShNuBp9w","tlshash":"9943e135f6ca8c67f6e05338d098e3c762272d405ab31272b56daac9f7747920e5e350","first_seen":"2026-03-23T02:48:48.024083Z","last_seen":"2026-03-23T02:48:48.024083Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2944,"timings":{"blocked":0,"dns":2017,"connect":282,"send":0,"wait":351,"receive":294,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-23T02:47:55Z","timestamp":1774234075,"ip_dst":{"addr":"172.18.0.16","port":37508,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-23T02:47:55.619290+0000\",\"flow_id\":767556455107158,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.43\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":37508,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.njkmd.cn\",\"url\":\"/skins/197801/images/ewm.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.524w.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2046},\"files\":[{\"filename\":\"/skins/197801/images/ewm.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":2046,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":6,\"bytes_toserver\":709,\"bytes_toclient\":4728,\"start\":\"2026-03-23T02:47:54.985686+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.524w.com/skins/197801/images/top_tel.png","fqdn":"www.524w.com","domain":"524w.com","tld":"com"},"ip":{"addr":"104.140.173.178","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:53.549Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/images/top_tel.png HTTP/1.1\r\nHost: www.524w.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.524w.com/skins/197801/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 23 Mar 2026 02:47:53 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.njkmd.cn/skins/197801/images/top_tel.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2009,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":183,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":183,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"test.xinxiyidiantong.com:2096/images/logo.png","fqdn":"test.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":2096,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:56.337Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"test.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 18 Mar 2026 02:32:06 GMT","end":"Tue, 16 Jun 2026 02:32:05 GMT"},"fingerprint":{"sha1":"F2:3E:4A:2C:AE:0F:1A:DC:04:1B:0A:91:04:E5:C8:80:09:CC:AD:F9","sha256":"C8:04:B0:6D:F6:48:F8:59:49:78:07:B9:83:C7:73:52:35:C4:D4:82:9E:3E:61:44:90:D3:1F:8A:03:C5:BD:87"}}},"request":{"raw":"GET /images/logo.png HTTP/1.1\r\nHost: test.xinxiyidiantong.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.524w.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 23 Mar 2026 02:47:57 GMT\r\nContent-Type: image/png\r\nContent-Length: 27927\r\nLast-Modified: Fri, 22 Oct 2021 07:29:32 GMT\r\nConnection: keep-alive\r\nETag: \"6172685c-6d17\"\r\nExpires: Wed, 22 Apr 2026 02:47:57 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":27927,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 255 x 85, 8-bit/color RGBA, non-interlaced","md5":"1555066b01ba12346071989c467ccf25","sha1":"50c92c270ddc54e309f1499dde7e04fddcdee8c4","sha256":"a8102cc2e6a32d0e128a3757c711489f1d7426123617283cf8d3cb1fd838f101","sha512":"859208a96a6ea1d6030470c159a9dda03a06203d106e19bd71885909d8b329ea6bba0b9068629fbf8d5a1ef693d36239dbde79788f082177e745b9584af1f319","ssdeep":"768:OVmJDb1mQ/HASD6KkXkbJzKyV3Tp1I+JZ:fJD5r4S2KjzKylI+JZ","tlshash":"d5c2e189f1e16d8c20d1e40d5f916979b7d7e0c19554f6f2a0c8f8266e3a249ed08cd7","first_seen":"2023-05-06T09:29:06Z","last_seen":"2026-04-04T22:45:47.064391Z","times_seen":1726,"resource_available":false,"data":null}},"time_used":1759,"timings":{"blocked":1170,"dns":0,"connect":0,"send":0,"wait":585,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"test.xinxiyidiantong.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.njkmd.cn/skins/197801/images/about1.jpg","fqdn":"www.njkmd.cn","domain":"njkmd.cn","tld":"cn"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:53.133Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/images/about1.jpg HTTP/1.1\r\nHost: www.njkmd.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.524w.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.jc35.com/asyncstat.aspx?u=KMD2014\u0026referer=\u0026title=9001cc%20%u4EE5%u8BDA%u4E3A%u672C%28%u4E2D%u56FD%29%u6709%u9650%u516C%u53F8-Baidu%u767E%u79D1","fqdn":"www.jc35.com","domain":"jc35.com","tld":"com"},"ip":{"addr":"180.163.146.42","port":443,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:53.542Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jc35.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Wed, 25 Jun 2025 08:11:29 GMT","end":"Sat, 25 Jul 2026 08:11:28 GMT"},"fingerprint":{"sha1":"E7:37:04:43:A2:E4:53:34:6D:7F:2A:85:02:03:1E:D4:F7:EB:5A:84","sha256":"09:5D:69:3A:0E:D2:EF:07:16:50:3D:68:BF:B5:D2:D1:96:6E:07:DD:CA:F9:AE:6B:64:F4:4B:4F:17:8E:63:33"}}},"request":{"raw":"GET /asyncstat.aspx?u=KMD2014\u0026referer=\u0026title=9001cc%20%u4EE5%u8BDA%u4E3A%u672C%28%u4E2D%u56FD%29%u6709%u9650%u516C%u53F8-Baidu%u767E%u79D1 HTTP/1.1\r\nHost: www.jc35.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.524w.com/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 532\r\nstrict-transport-security: max-age=31104000; includeSubDomains\r\ndate: Mon, 23 Mar 2026 02:47:53 GMT\r\ncache-control: no-cache\r\npragma: no-cache\r\nexpires: -1\r\nx-aspnet-version: 4.0.30319\r\nset-cookie: ASP.NET_SessionId=d5jdljmus1lcd0r5z2pdj5p1; path=/; HttpOnly; SameSite=Lax\nmtcached_mtsession_d5jdljmus1lcd0r5z2pdj5p1=10.115.3.124:9715; domain=.jc35.com; path=/; HttpOnly\r\nx-powered-by: ASP.NET-hg4.71\r\nvia: ens-cache65.l2cn7368[51,50,200-0,M], ens-cache62.l2cn7368[52,0], kunlun8.cn7174[63,62,200-0,M], kunlun8.cn7174[66,0]\r\nali-swift-global-savetime: 1774234073\r\nx-cache: MISS TCP_MISS dirn:-2:-2\r\nx-swift-savetime: Mon, 23 Mar 2026 02:47:53 GMT\r\nx-swift-cachetime: 0\r\ntiming-allow-origin: *\r\neagleid: b4a3921c17742340736373855e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Microsoft ASP.NET:4.0.30319","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":532,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (506), with CRLF line terminators","md5":"b3bdcb8e5b6a46e8a18c7377d5b20bf9","sha1":"dee864deec8bdccfd2bb454768eb0a822e5048b1","sha256":"d0e4cf55bffb1bbcf62d09af479f16722a78ae101edf27d08d0ed4c1e3d0b29f","sha512":"a578c940e2a2d1ecaa49f9348fc69b5b057ff111d3f3963ea7d7b4b7aaa41bdd87a9dcaefb0903568008b7f34ac38c93c9ce6c4a9500615d601cd8bc8c3b629e","ssdeep":"","tlshash":"bdf059564c01e7ed8901ace9deb1e754c10b0f2f3162da72a262419136119bbb4ecadb","first_seen":"2026-03-23T02:48:48.025852Z","last_seen":"2026-03-23T02:48:48.025852Z","times_seen":1,"resource_available":false,"data":null}},"time_used":300,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":300,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.524w.com/skins/197801/images/banner01.jpg","fqdn":"www.524w.com","domain":"524w.com","tld":"com"},"ip":{"addr":"104.140.173.178","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:53.554Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/images/banner01.jpg HTTP/1.1\r\nHost: www.524w.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.524w.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 23 Mar 2026 02:47:53 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.njkmd.cn/skins/197801/images/banner01.jpg\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":227403,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":194,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":194,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.njkmd.cn/skins/197801/images/top_tel.png","fqdn":"www.njkmd.cn","domain":"njkmd.cn","tld":"cn"},"ip":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:53.743Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/images/top_tel.png HTTP/1.1\r\nHost: www.njkmd.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.524w.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 2009\r\nConnection: keep-alive\r\nDate: Mon, 23 Mar 2026 02:47:55 GMT\r\nLast-Modified: Mon, 28 Aug 2023 01:43:38 GMT\r\nAccept-Ranges: bytes\r\nETag: \"0c1b41051d9d91:0\"\r\nX-Powered-By: AN-115.4.174\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nContent-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;\r\nX-Content-Type-Options: nosniff\r\nVia: ens-cache49.l2cn9014[41,40,200-0,M], ens-cache47.l2cn9014[42,0], kunlun10.cn7174[96,100,200-0,M], kunlun3.cn7174[102,0]\r\nAli-Swift-Global-Savetime: 1774234075\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 23 Mar 2026 02:47:55 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921717742340758136632e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":2009,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 37 x 37, 8-bit/color RGBA, non-interlaced","md5":"06ab0e848c6d59bfb91b059f0cf99688","sha1":"b0c67ba483afe0a4d89a8ba1b1dd133faf535e25","sha256":"fd425d692c21a834ff4ca0a14a3086ab15d14fd16e796f09165fad4708e80d81","sha512":"fde3c0b41f556f9795e490eb7907cb36c0bb99b58b0dfe4c84d825ab7dc576fc76f7227a6b2acdc060ac0a5d6e9b9d4c493047d6ee2c5c0c391d6c6174702106","ssdeep":"","tlshash":"57410a8eb8f19941a89ec5c15deb107f2532d640a86179a27897cc194d3c8f14b2e4c7","first_seen":"2023-08-09T06:06:36Z","last_seen":"2026-03-29T12:28:02.634219Z","times_seen":20,"resource_available":false,"data":null}},"time_used":2324,"timings":{"blocked":1860,"dns":0,"connect":0,"send":0,"wait":463,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-23T02:47:56Z","timestamp":1774234076,"ip_dst":{"addr":"172.18.0.16","port":37494,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-23T02:47:56.066008+0000\",\"flow_id\":1615816791034410,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.43\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":37494,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.njkmd.cn\",\"url\":\"/skins/197801/images/top_tel.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.524w.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":9,\"bytes_toserver\":1199,\"bytes_toclient\":5392,\"start\":\"2026-03-23T02:47:54.985642+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.524w.com/skins/197801/js/jquery-3.6.0.min.js","fqdn":"www.524w.com","domain":"524w.com","tld":"com"},"ip":{"addr":"104.140.173.178","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:51.713Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/js/jquery-3.6.0.min.js HTTP/1.1\r\nHost: www.524w.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.524w.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 23 Mar 2026 02:47:51 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":89405,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65535)","md5":"bca813b98301491f92e4dd010c283161","sha1":"b2089f223aca2065f95df86a8348b12d429929b5","sha256":"07aa40890d0e075c167808ec0d2612525ba305dc20881e0fc3dc5549d701dce4","sha512":"8595d0160c3f30ea8d0f4de3f8cb86e6cc0ed4e8680c5f6f843c2409a2518465c07c365cdcf7608c4988e5f8fcc742c545fa24d47d42e6989331e5070c1586b2","ssdeep":"1536:ajExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiXYmQ1vy:aIh8GgP3hujzwbhdXXvxiDQ47GKn","tlshash":"a79309ddb2c6702257a720ba007f510bf236199d6c4d8450f169d8eabc78a4e827bf7d","first_seen":"2023-05-10T09:17:04Z","last_seen":"2026-03-28T00:31:05.158738Z","times_seen":126,"resource_available":true,"data":null}},"time_used":599,"timings":{"blocked":126,"dns":1,"connect":146,"send":0,"wait":179,"receive":147,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.njkmd.cn/skins/197801/images/nav_line.png","fqdn":"www.njkmd.cn","domain":"njkmd.cn","tld":"cn"},"ip":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:53.745Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/images/nav_line.png HTTP/1.1\r\nHost: www.njkmd.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.524w.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 940\r\nConnection: keep-alive\r\nDate: Mon, 23 Mar 2026 02:47:56 GMT\r\nLast-Modified: Mon, 28 Aug 2023 01:43:37 GMT\r\nAccept-Ranges: bytes\r\nETag: \"802a1c1051d9d91:0\"\r\nX-Powered-By: AN-115.4.176\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nContent-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;\r\nX-Content-Type-Options: nosniff\r\nVia: cache50.l2cn3129[25,25,200-0,M], cache62.l2cn3129[27,0], kunlun10.cn7174[40,40,200-0,M], kunlun8.cn7174[43,0]\r\nAli-Swift-Global-Savetime: 1774234076\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 23 Mar 2026 02:47:56 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921c17742340764808657e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":940,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1 x 58, 8-bit/color RGB, non-interlaced","md5":"6d88516c2ac1295c3d11240cfa5fa0c5","sha1":"a8e59f0fa8175f50094737b3a61825d93668d797","sha256":"1604575385b2a0e29a902537240c9e00ab8a2c76349d930f1ad24bee18ddf78d","sha512":"fd6b8a5bee18f175af39f5d5117621cf51848029a67c797e5da7f9cd433c346980cf226ed48c0e294e08e2ecfeab9ade6c49e4f3c64b931e75ed4e65ffd51fbe","ssdeep":"","tlshash":"b3111049fae06d0362c9d8531cfb206b94335840cae0e131b8dbc917583b0f9a5494db","first_seen":"2024-08-04T05:55:24Z","last_seen":"2026-03-29T12:28:02.677343Z","times_seen":18,"resource_available":false,"data":null}},"time_used":2919,"timings":{"blocked":1858,"dns":0,"connect":0,"send":0,"wait":1060,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-23T02:47:57Z","timestamp":1774234077,"ip_dst":{"addr":"172.18.0.16","port":37468,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-23T02:47:57.776837+0000\",\"flow_id\":2244020182583670,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.43\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":37468,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.njkmd.cn\",\"url\":\"/skins/197801/images/nav_line.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.524w.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":940},\"files\":[{\"filename\":\"/skins/197801/images/nav_line.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":940,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":10,\"pkts_toclient\":9,\"bytes_toserver\":2038,\"bytes_toclient\":4618,\"start\":\"2026-03-23T02:47:54.985462+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img50.jc35.com/3/20240625/638549126376175279931.jpg","fqdn":"img50.jc35.com","domain":"jc35.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:55.902Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /3/20240625/638549126376175279931.jpg HTTP/1.1\r\nHost: img50.jc35.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://www.524w.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":0,"dns":1,"connect":280,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.524w.com/skins/197801/images/logo.jpg","fqdn":"www.524w.com","domain":"524w.com","tld":"com"},"ip":{"addr":"104.140.173.178","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:51.728Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/images/logo.jpg HTTP/1.1\r\nHost: www.524w.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.524w.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 23 Mar 2026 02:47:52 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.njkmd.cn/skins/197801/images/logo.jpg\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":38852,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1228,"timings":{"blocked":1049,"dns":0,"connect":0,"send":0,"wait":179,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.524w.com/skins/197801/images/about.jpg","fqdn":"www.524w.com","domain":"524w.com","tld":"com"},"ip":{"addr":"104.140.173.178","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:51.744Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/images/about.jpg HTTP/1.1\r\nHost: www.524w.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.524w.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 23 Mar 2026 02:47:52 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.njkmd.cn/skins/197801/images/about.jpg\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":140849,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1244,"timings":{"blocked":1071,"dns":0,"connect":0,"send":0,"wait":173,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.524w.com/skins/197801/images/ewm.jpg","fqdn":"www.524w.com","domain":"524w.com","tld":"com"},"ip":{"addr":"104.140.173.178","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:51.755Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/images/ewm.jpg HTTP/1.1\r\nHost: www.524w.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.524w.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 23 Mar 2026 02:47:52 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.njkmd.cn/skins/197801/images/ewm.jpg\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":58565,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1205,"timings":{"blocked":1022,"dns":0,"connect":0,"send":0,"wait":183,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.524w.com/skins/197801/images/foot_tel.png","fqdn":"www.524w.com","domain":"524w.com","tld":"com"},"ip":{"addr":"104.140.173.178","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:53.620Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/images/foot_tel.png HTTP/1.1\r\nHost: www.524w.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.524w.com/skins/197801/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 23 Mar 2026 02:47:54 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.njkmd.cn/skins/197801/images/foot_tel.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":2735,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":502,"timings":{"blocked":325,"dns":0,"connect":0,"send":0,"wait":177,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.jc35.com/stat.aspx?u=KMD2014\u0026referer=\u0026title=9001cc%20%u4EE5%u8BDA%u4E3A%u672C%28%u4E2D%u56FD%29%u6709%u9650%u516C%u53F8-Baidu%u767E%u79D1\u0026httpreferer=http%3A//www.524w.com/","fqdn":"www.jc35.com","domain":"jc35.com","tld":"com"},"ip":{"addr":"180.163.146.42","port":443,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.jc35.com/asyncstat.aspx?u=KMD2014\u0026referer=\u0026title=9001cc%20%u4EE5%u8BDA%u4E3A%u672C%28%u4E2D%u56FD%29%u6709%u9650%u516C%u53F8-Baidu%u767E%u79D1","date":"2026-03-23T02:47:53.916Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jc35.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Wed, 25 Jun 2025 08:11:29 GMT","end":"Sat, 25 Jul 2026 08:11:28 GMT"},"fingerprint":{"sha1":"E7:37:04:43:A2:E4:53:34:6D:7F:2A:85:02:03:1E:D4:F7:EB:5A:84","sha256":"09:5D:69:3A:0E:D2:EF:07:16:50:3D:68:BF:B5:D2:D1:96:6E:07:DD:CA:F9:AE:6B:64:F4:4B:4F:17:8E:63:33"}}},"request":{"raw":"GET /stat.aspx?u=KMD2014\u0026referer=\u0026title=9001cc%20%u4EE5%u8BDA%u4E3A%u672C%28%u4E2D%u56FD%29%u6709%u9650%u516C%u53F8-Baidu%u767E%u79D1\u0026httpreferer=http%3A//www.524w.com/ HTTP/1.1\r\nHost: www.jc35.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.jc35.com/asyncstat.aspx?u=KMD2014\u0026referer=\u0026title=9001cc%20%u4EE5%u8BDA%u4E3A%u672C%28%u4E2D%u56FD%29%u6709%u9650%u516C%u53F8-Baidu%u767E%u79D1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: Tengine\r\ncontent-type: text/html\r\ncontent-length: 1670\r\nstrict-transport-security: max-age=31104000; includeSubDomains\r\ndate: Mon, 23 Mar 2026 02:47:54 GMT\r\nvary: Accept-Encoding\r\ncache-control: no-cache\r\npragma: no-cache\r\nexpires: -1\r\nx-aspnet-version: 4.0.30319\r\nset-cookie: ASP.NET_SessionId=uggial50hwogitvb3uuxmhnm; path=/; HttpOnly; SameSite=Lax\nmtcached_mtsession_uggial50hwogitvb3uuxmhnm=10.115.3.124:9715; domain=.jc35.com; path=/; HttpOnly\r\nx-powered-by: ASP.NET-hg4.74\r\ncontent-encoding: gzip\r\nvia: ens-cache81.l2cn7368[102,102,404-1280,M], ens-cache20.l2cn7368[103,0], kunlun5.cn7174[109,108,404-1280,M], kunlun8.cn7174[111,0]\r\nali-swift-global-savetime: 1774234074\r\nx-cache: MISS TCP_MISS dirn:-2:-2\r\nx-swift-error: orig response 4XX error\r\nx-swift-savetime: Mon, 23 Mar 2026 02:47:54 GMT\r\nx-swift-cachetime: 0\r\ntiming-allow-origin: *\r\neagleid: b4a3921c17742340740115790e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Microsoft ASP.NET:4.0.30319","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":3678,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (835), with CRLF line terminators","md5":"55ea9846dc82ecebd4572a4c4c1c66a0","sha1":"70dd1cf9aaab50b30495a79fe63b5496cf89e7b3","sha256":"a9d12b14c9ecc46f6e6ceeaecf226ac31819e9e912a3daf6b81d9a1ddf9dccb0","sha512":"816ee36d2cfa13614b76b3aec029ecebee434cfa8674183dfe9c99dee584dfeec23123cc1289646a14e5fb6a2ff6a9471b325f26a52bfde8d57b7fdc541d434f","ssdeep":"","tlshash":"b671323565c7213ab233c1e36863764cf946854baa014778f1fe36e7df9b58e5023506","first_seen":"2025-08-31T05:05:07.406759Z","last_seen":"2026-03-23T02:48:48.028763Z","times_seen":4,"resource_available":false,"data":null}},"time_used":345,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":345,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.njkmd.cn/skins/197801/images/article_bt.png","fqdn":"www.njkmd.cn","domain":"njkmd.cn","tld":"cn"},"ip":{"addr":"180.163.146.38","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:54.147Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/images/article_bt.png HTTP/1.1\r\nHost: www.njkmd.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.524w.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 1421\r\nConnection: keep-alive\r\nDate: Mon, 23 Mar 2026 02:47:57 GMT\r\nLast-Modified: Mon, 28 Aug 2023 01:43:24 GMT\r\nAccept-Ranges: bytes\r\nETag: \"0865c851d9d91:0\"\r\nX-Powered-By: AN-115.4.175\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nContent-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;\r\nX-Content-Type-Options: nosniff\r\nVia: ens-cache13.l2cn7857[37,37,200-0,M], ens-cache52.l2cn7857[38,0], kunlun9.cn7174[66,65,200-0,M], kunlun9.cn7174[67,0]\r\nAli-Swift-Global-Savetime: 1774234077\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 23 Mar 2026 02:47:57 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921d17742340776234935e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":1421,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 22 x 25, 8-bit/color RGBA, non-interlaced","md5":"eed764b9e927d23a0fc56afa8db5a213","sha1":"dbd94e40f972d471b2fc5bd047075b609742acdb","sha256":"9aec0fca1e22497316d9b252111ff744f1b576e634ca6dc8691f01e11adea76a","sha512":"6427a57059e78bd003743d398e0146563975f6329acb5860b3fa578da1cfdb76307146f109920ba889e778337e21c96421cc9dd676e359de5f1bd49642e5e1b5","ssdeep":"","tlshash":"e221b60ee9f178861159c58234f6406765711940dad1b4667ecac507fd300bc862d7df","first_seen":"2024-08-19T14:43:35.328606Z","last_seen":"2026-03-29T12:28:02.635429Z","times_seen":17,"resource_available":false,"data":null}},"time_used":3686,"timings":{"blocked":3360,"dns":0,"connect":0,"send":0,"wait":326,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-23T02:47:57Z","timestamp":1774234077,"ip_dst":{"addr":"172.18.0.16","port":60228,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.38","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-23T02:47:57.833759+0000\",\"flow_id\":1308267067973779,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.38\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":60228,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.njkmd.cn\",\"url\":\"/skins/197801/images/article_bt.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.524w.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":5,\"bytes_toserver\":662,\"bytes_toclient\":2585,\"start\":\"2026-03-23T02:47:55.237715+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img57.jc35.com/gxhpic_dd6cece70c/a80e2892cb425e1992b7c01af37748471705299e969772ec9b0e557ff73f1045a59658ea1a776471_280_280_5.jpg","fqdn":"img57.jc35.com","domain":"jc35.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:55.868Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /gxhpic_dd6cece70c/a80e2892cb425e1992b7c01af37748471705299e969772ec9b0e557ff73f1045a59658ea1a776471_280_280_5.jpg HTTP/1.1\r\nHost: img57.jc35.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://www.524w.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":1,"connect":273,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.njkmd.cn/skins/197801/images/more.png","fqdn":"www.njkmd.cn","domain":"njkmd.cn","tld":"cn"},"ip":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:52.966Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/images/more.png HTTP/1.1\r\nHost: www.njkmd.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.524w.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 1137\r\nConnection: keep-alive\r\nDate: Mon, 23 Mar 2026 02:47:55 GMT\r\nLast-Modified: Mon, 28 Aug 2023 01:43:36 GMT\r\nAccept-Ranges: bytes\r\nETag: \"09483f51d9d91:0\"\r\nX-Powered-By: AN-115.4.175\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nContent-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;\r\nX-Content-Type-Options: nosniff\r\nVia: cache34.l2cn1800[30,30,200-0,M], cache23.l2cn1800[31,0], kunlun5.cn7174[67,66,200-0,M], kunlun3.cn7174[68,0]\r\nAli-Swift-Global-Savetime: 1774234075\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 23 Mar 2026 02:47:55 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921717742340753785278e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":1137,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 22 x 7, 8-bit/color RGBA, non-interlaced","md5":"f36d389e339468d582e3f9db397cc4cc","sha1":"669d9045f16fd5e01360a11f3928088b7bb244a9","sha256":"c10a9460d847f8d0c92d750ceea2ba18b31a50732fa2e4c6bc52cf87ba0bf9b6","sha512":"d673e960d67f4f87a48601eed11b223b286ee040be073bcd0e81a3dc8798b76e930c034135ce13a673837c66e089945a908837e8257ca21beef24ef45b36af42","ssdeep":"","tlshash":"1021634dfa912815a2ccda5234f2a0335d320da0ddd9f672bd8bc41a6d344fa401e6e7","first_seen":"2025-04-04T09:50:25.163121Z","last_seen":"2026-03-23T02:48:48.030982Z","times_seen":9,"resource_available":false,"data":null}},"time_used":2634,"timings":{"blocked":-1,"dns":2021,"connect":271,"send":0,"wait":342,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-23T02:47:55Z","timestamp":1774234075,"ip_dst":{"addr":"172.18.0.16","port":37494,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-23T02:47:55.596294+0000\",\"flow_id\":1615816791034410,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.43\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":37494,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.njkmd.cn\",\"url\":\"/skins/197801/images/more.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.524w.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":5,\"bytes_toserver\":656,\"bytes_toclient\":2293,\"start\":\"2026-03-23T02:47:54.985642+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"test.xinxiyidiantong.com:2096/images/1_1.jpg","fqdn":"test.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":2096,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:57.627Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"test.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 18 Mar 2026 02:32:06 GMT","end":"Tue, 16 Jun 2026 02:32:05 GMT"},"fingerprint":{"sha1":"F2:3E:4A:2C:AE:0F:1A:DC:04:1B:0A:91:04:E5:C8:80:09:CC:AD:F9","sha256":"C8:04:B0:6D:F6:48:F8:59:49:78:07:B9:83:C7:73:52:35:C4:D4:82:9E:3E:61:44:90:D3:1F:8A:03:C5:BD:87"}}},"request":{"raw":"GET /images/1_1.jpg HTTP/1.1\r\nHost: test.xinxiyidiantong.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://test.xinxiyidiantong.com:2096/images/style1.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 23 Mar 2026 02:47:58 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 9995\r\nLast-Modified: Fri, 22 Oct 2021 07:29:22 GMT\r\nConnection: keep-alive\r\nETag: \"61726852-270b\"\r\nExpires: Wed, 22 Apr 2026 02:47:58 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9995,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 350x80, components 3","md5":"b28d56b08ae1c39178b7ed387cfd1297","sha1":"e1eede6d5d7351d6e98b7afb188c6e1615233027","sha256":"ef09e72ae4d2d62570afb35c6b39a540b3f52db05b3e5e8e8c4cf81c5ff15810","sha512":"e1f4351e2077a20e516a77161dea0f713134f9dce57744a808c7e6ba341a2edb96c30f0bd3c0b790d044fd129caf460d76c1211faad3e2d990f9c1bc1515aafb","ssdeep":"192:g0JO5368nQnrIOA7ob5HWY9Udd7iaNDHecz3avA7ofV:giO5368nC0O+o4C6dnNVrav8ofV","tlshash":"46228c386a36138bd4ce1da2e1fc16e343778b42148a51b9f5b5c5c315333a430a6eee","first_seen":"2023-05-06T09:29:06Z","last_seen":"2026-04-04T22:45:47.071438Z","times_seen":1347,"resource_available":false,"data":null}},"time_used":1068,"timings":{"blocked":-1,"dns":1,"connect":549,"send":0,"wait":586,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"test.xinxiyidiantong.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"test.xinxiyidiantong.com:2096/images/3_1.jpg","fqdn":"test.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":2096,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:57.624Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"test.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 18 Mar 2026 02:32:06 GMT","end":"Tue, 16 Jun 2026 02:32:05 GMT"},"fingerprint":{"sha1":"F2:3E:4A:2C:AE:0F:1A:DC:04:1B:0A:91:04:E5:C8:80:09:CC:AD:F9","sha256":"C8:04:B0:6D:F6:48:F8:59:49:78:07:B9:83:C7:73:52:35:C4:D4:82:9E:3E:61:44:90:D3:1F:8A:03:C5:BD:87"}}},"request":{"raw":"GET /images/3_1.jpg HTTP/1.1\r\nHost: test.xinxiyidiantong.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://test.xinxiyidiantong.com:2096/images/style1.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 23 Mar 2026 02:47:58 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 8660\r\nLast-Modified: Fri, 22 Oct 2021 07:29:26 GMT\r\nConnection: keep-alive\r\nETag: \"61726856-21d4\"\r\nExpires: Wed, 22 Apr 2026 02:47:58 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8660,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 350x80, components 3","md5":"bd5b31f1e7d18e29d6c10312eb6661da","sha1":"73d597ea109cd53140943270b6629ab8ebd3e69c","sha256":"62f4ab1a75135e43fb19419972b6ec12b8ba3ac8337feae4023bd7b9b0e9d59a","sha512":"eef274c9b0fa072a6039e3bb58653792462653c97df74d609b5f491918d94341af6e11b9f9a396d61cb45d73636a4cade653d36b8dfc8b6c08a42df25326105e","ssdeep":"192:xChGKgyRvOj4GUHxnizS7NobBIEkgOOhyKAKU5ny:kh5OvUHBR7UBhBhGny","tlshash":"8c026c01a6912fdecf4f256365b3c339e6c91d30f062fa692abd54931e125715012b9a","first_seen":"2023-05-06T09:29:06Z","last_seen":"2026-04-04T22:45:47.070951Z","times_seen":1351,"resource_available":false,"data":null}},"time_used":1199,"timings":{"blocked":-1,"dns":1,"connect":299,"send":0,"wait":294,"receive":1,"ssl":604},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"test.xinxiyidiantong.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"img56.jc35.com/gxhpic_dd6cece70c/3894d50a025bd89cb66c2bbd2a81a86f8c6a28426ac8d41270a45b29dac6689bc525c1cb8014f469_280_280_5.jpg","fqdn":"img56.jc35.com","domain":"jc35.com","tld":"com"},"ip":{"addr":"36.99.7.58","port":80,"asn":139018,"as":"Henan Luoyang IDC","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:51.731Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /gxhpic_dd6cece70c/3894d50a025bd89cb66c2bbd2a81a86f8c6a28426ac8d41270a45b29dac6689bc525c1cb8014f469_280_280_5.jpg HTTP/1.1\r\nHost: img56.jc35.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.524w.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nServer: openresty\r\nDate: Mon, 23 Mar 2026 02:47:55 GMT\r\nContent-Type: text/html\r\nContent-Length: 166\r\nConnection: keep-alive\r\nLocation: https://img56.jc35.com/gxhpic_dd6cece70c/3894d50a025bd89cb66c2bbd2a81a86f8c6a28426ac8d41270a45b29dac6689bc525c1cb8014f469_280_280_5.jpg\r\nX-CCDN-REQ-ID-46B1: 6985a17d1aef9a9b6c66c14444bfb4f6\r\nvia: CHN-HAluoyang-CT3-CACHE43[6]\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":4124,"timings":{"blocked":1020,"dns":2563,"connect":267,"send":0,"wait":274,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"img57.jc35.com/gxhpic_dd6cece70c/28e2b19763081436386161a16c6350d630bbf7394e8006576c033c326e01eaa35191568e91358275_280_280_5.jpg","fqdn":"img57.jc35.com","domain":"jc35.com","tld":"com"},"ip":{"addr":"36.99.7.58","port":80,"asn":139018,"as":"Henan Luoyang IDC","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:51.735Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /gxhpic_dd6cece70c/28e2b19763081436386161a16c6350d630bbf7394e8006576c033c326e01eaa35191568e91358275_280_280_5.jpg HTTP/1.1\r\nHost: img57.jc35.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.524w.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nServer: openresty\r\nDate: Mon, 23 Mar 2026 02:47:55 GMT\r\nContent-Type: text/html\r\nContent-Length: 166\r\nConnection: keep-alive\r\nLocation: https://img57.jc35.com/gxhpic_dd6cece70c/28e2b19763081436386161a16c6350d630bbf7394e8006576c033c326e01eaa35191568e91358275_280_280_5.jpg\r\nX-CCDN-REQ-ID-46B1: 090ae8660e347e4574a2428c63ec568d\r\nvia: CHN-HAluoyang-CT3-CACHE42[4]\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":4150,"timings":{"blocked":1016,"dns":2563,"connect":287,"send":0,"wait":284,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.njkmd.cn/skins/197801/images/news_bt.png","fqdn":"www.njkmd.cn","domain":"njkmd.cn","tld":"cn"},"ip":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:54.117Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/images/news_bt.png HTTP/1.1\r\nHost: www.njkmd.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.524w.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 1416\r\nConnection: keep-alive\r\nDate: Mon, 23 Mar 2026 02:47:57 GMT\r\nLast-Modified: Mon, 28 Aug 2023 01:43:37 GMT\r\nAccept-Ranges: bytes\r\nETag: \"802a1c1051d9d91:0\"\r\nX-Powered-By: AN-115.4.177\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nContent-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;\r\nX-Content-Type-Options: nosniff\r\nVia: cache69.l2cn8813[77,77,200-0,M], cache45.l2cn8813[79,0], kunlun10.cn7174[93,93,200-0,M], kunlun8.cn7174[122,0]\r\nAli-Swift-Global-Savetime: 1774234077\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 23 Mar 2026 02:47:57 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921c17742340776385824e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":1416,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 19 x 23, 8-bit/color RGBA, non-interlaced","md5":"3604cc7ccdcbd187d215afdd0d74765a","sha1":"4b3a8ff339f82fdc249ff28c46ed7bea27c41859","sha256":"efa16d7c7bb506c294d687d5004888eaeae05dc204a5febbd5741805104305d6","sha512":"8be2c6c8d93c521cf1d850d98f36f57f8fb9cc937ba9b91a4f320cf1d59454d8e28b55d4f8da664a322c9fccc35de24bc80a972fcb5125adc60ca131665e0d7c","ssdeep":"","tlshash":"e221748eb980a47155c6d6456cf2203bb6537a8847a0d074b4cfc52bddb01b6c15bbdf","first_seen":"2024-08-19T14:43:35.331269Z","last_seen":"2026-03-29T12:28:02.644373Z","times_seen":17,"resource_available":false,"data":null}},"time_used":3784,"timings":{"blocked":3391,"dns":0,"connect":0,"send":0,"wait":393,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-23T02:47:58Z","timestamp":1774234078,"ip_dst":{"addr":"172.18.0.16","port":37468,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-23T02:47:58.439285+0000\",\"flow_id\":2244020182583670,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.43\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":37468,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.njkmd.cn\",\"url\":\"/skins/197801/images/news_bt.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.524w.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1416},\"files\":[{\"filename\":\"/skins/197801/images/news_bt.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":1416,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":11,\"pkts_toclient\":12,\"bytes_toserver\":2092,\"bytes_toclient\":7884,\"start\":\"2026-03-23T02:47:54.985462+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img57.jc35.com/gxhpic_dd6cece70c/28e2b19763081436386161a16c6350d630bbf7394e8006576c033c326e01eaa35191568e91358275_280_280_5.jpg","fqdn":"img57.jc35.com","domain":"jc35.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:55.891Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /gxhpic_dd6cece70c/28e2b19763081436386161a16c6350d630bbf7394e8006576c033c326e01eaa35191568e91358275_280_280_5.jpg HTTP/1.1\r\nHost: img57.jc35.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://www.524w.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":0,"dns":1,"connect":273,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.524w.com/skins/197801/images/f_email.png","fqdn":"www.524w.com","domain":"524w.com","tld":"com"},"ip":{"addr":"104.140.173.178","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:51.753Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/images/f_email.png HTTP/1.1\r\nHost: www.524w.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.524w.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 23 Mar 2026 02:47:52 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.njkmd.cn/skins/197801/images/f_email.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":1442,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1178,"timings":{"blocked":998,"dns":0,"connect":0,"send":0,"wait":180,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.njkmd.cn/skins/197801/images/about3.jpg","fqdn":"www.njkmd.cn","domain":"njkmd.cn","tld":"cn"},"ip":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:52.954Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/images/about3.jpg HTTP/1.1\r\nHost: www.njkmd.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.524w.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/jpeg\r\nContent-Length: 74116\r\nConnection: keep-alive\r\nDate: Mon, 23 Mar 2026 02:47:55 GMT\r\nLast-Modified: Mon, 28 Aug 2023 01:43:23 GMT\r\nAccept-Ranges: bytes\r\nETag: \"80efc3751d9d91:0\"\r\nX-Powered-By: AN-115.4.175\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nContent-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;\r\nX-Content-Type-Options: nosniff\r\nVia: cache38.l2cn8003[49,49,200-0,M], cache38.l2cn8003[50,0], kunlun6.cn7174[64,64,200-0,M], kunlun9.cn7174[66,0]\r\nAli-Swift-Global-Savetime: 1774234075\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 23 Mar 2026 02:47:55 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921d17742340753682808e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":74116,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=400, bps=0, PhotometricInterpretation=RGB, orientation=upper-left, width=600], baseline, precision 8, 394x248, components 3","md5":"905f3da5d221ad25aa5668c8786bab6e","sha1":"979f9102fbb35ee7c258d90a0f8a60a15ee94f09","sha256":"58d5037badcde27c47deb4ad711fda473cca83579334e80fe1d28e02b79fd291","sha512":"53f2bc884aa9b79256b42533bda519536350298e9ab7d4bddb1f6c277b53f80f42177eb2d545ff492a5c8a050923d1b6ee60685685a4ac7f25e090b69d49ea2a","ssdeep":"1536:JqS7qSIGpxybtibzff4iYrkqe2d/YOnM2SJMyF0qNi8mymJ:JRKbEI1k12xCr0qN0yK","tlshash":"e073f180bbd09da3ddf8627ad4a8d34903136cd5d6e36a6a31ac7d007f72643cdac652","first_seen":"2026-03-23T02:48:48.033151Z","last_seen":"2026-03-23T02:48:48.033151Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2923,"timings":{"blocked":0,"dns":2031,"connect":266,"send":0,"wait":334,"receive":292,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-23T02:47:55Z","timestamp":1774234075,"ip_dst":{"addr":"172.18.0.16","port":37484,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-23T02:47:55.586666+0000\",\"flow_id\":2147915994368462,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.43\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":37484,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.njkmd.cn\",\"url\":\"/skins/197801/images/about3.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.524w.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2055},\"files\":[{\"filename\":\"/skins/197801/images/about3.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":2055,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":6,\"bytes_toserver\":712,\"bytes_toclient\":4728,\"start\":\"2026-03-23T02:47:54.985550+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hm.baidu.com/hm.js?0bb82c9225609bcb80a16570d64c244e","fqdn":"hm.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"14.215.182.140","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:57.609Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"baidu.com","organization":"Beijing Baidu Netcom Science Technology Co., Ltd"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 09 Jul 2025 07:01:02 GMT","end":"Mon, 10 Aug 2026 07:01:01 GMT"},"fingerprint":{"sha1":"21:BF:66:0D:67:BE:7A:7F:49:48:05:30:F4:7F:09:F2:30:36:CA:63","sha256":"0D:82:2C:9A:90:5A:EF:E9:8F:37:12:C0:E0:26:30:EE:95:33:2C:45:5F:E7:74:5D:F0:8D:BC:79:F4:B0:A1:49"}}},"request":{"raw":"GET /hm.js?0bb82c9225609bcb80a16570d64c244e HTTP/1.1\r\nHost: hm.baidu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.524w.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Length: 0\r\nDate: Mon, 23 Mar 2026 02:48:03 GMT\r\nServer: apache\r\nStrict-Transport-Security: max-age=172800\r\nContent-Type: text/plain; charset=utf-8\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":6319,"timings":{"blocked":-1,"dns":1,"connect":5497,"send":0,"wait":315,"receive":0,"ssl":506},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.524w.com/skins/197801/css/style.css","fqdn":"www.524w.com","domain":"524w.com","tld":"com"},"ip":{"addr":"104.140.173.178","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:51.711Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/css/style.css HTTP/1.1\r\nHost: www.524w.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.524w.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 23 Mar 2026 02:47:51 GMT\r\nContent-Type: text/css;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":95351,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"troff or preprocessor input, Unicode text, UTF-8 text, with very long lines (399)","md5":"d64975a3f72d9f77d5dee0b6494ab11d","sha1":"0fcadb0703a1ef6d0569b75546a031000ff1b757","sha256":"1e1df40fc5ade64d37dcaeb2235fe5fbc59179f55ebb162a515bf105372179fb","sha512":"785a4a6c1c84d2d02e450f59a27908e0cd29f9c07980305dab660529dde1c1c47e6cc98cf3ebe805c0fc03d9ecfc816d28e51d5b202df65af6bc79e95abe2789","ssdeep":"1536:c5rCl1CJApyE+n2gyHjTcB+21uvu+U+rTqREpn1k111u1k1T1D1C1Kl1J1c1t1ES:gm+t10pn1k111u1k1T1D1C181J1c1t1d","tlshash":"5893a633eb51220df227e6b6fe96a7dd231c5556b3461afc6e803434c28e66604f3b85","first_seen":"2026-03-23T02:48:48.034182Z","last_seen":"2026-03-23T02:48:48.034182Z","times_seen":1,"resource_available":false,"data":null}},"time_used":608,"timings":{"blocked":132,"dns":1,"connect":147,"send":0,"wait":179,"receive":148,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"img57.jc35.com/gxhpic_dd6cece70c/a80e2892cb425e1992b7c01af37748471705299e969772ec9b0e557ff73f1045a59658ea1a776471_280_280_5.jpg","fqdn":"img57.jc35.com","domain":"jc35.com","tld":"com"},"ip":{"addr":"36.99.7.58","port":80,"asn":139018,"as":"Henan Luoyang IDC","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:51.734Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /gxhpic_dd6cece70c/a80e2892cb425e1992b7c01af37748471705299e969772ec9b0e557ff73f1045a59658ea1a776471_280_280_5.jpg HTTP/1.1\r\nHost: img57.jc35.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.524w.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nServer: openresty\r\nDate: Mon, 23 Mar 2026 02:47:55 GMT\r\nContent-Type: text/html\r\nContent-Length: 166\r\nConnection: keep-alive\r\nLocation: https://img57.jc35.com/gxhpic_dd6cece70c/a80e2892cb425e1992b7c01af37748471705299e969772ec9b0e557ff73f1045a59658ea1a776471_280_280_5.jpg\r\nX-CCDN-REQ-ID-46B1: 7d0505e375f01c6634523509391f41ee\r\nvia: CHN-HAluoyang-CT3-CACHE1[4]\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":4124,"timings":{"blocked":1018,"dns":2563,"connect":271,"send":0,"wait":271,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.524w.com/skins/197801/images/about2.jpg","fqdn":"www.524w.com","domain":"524w.com","tld":"com"},"ip":{"addr":"104.140.173.178","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:51.747Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/images/about2.jpg HTTP/1.1\r\nHost: www.524w.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.524w.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 23 Mar 2026 02:47:53 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.njkmd.cn/skins/197801/images/about2.jpg\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1404,"timings":{"blocked":1213,"dns":0,"connect":0,"send":0,"wait":191,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.524w.com/skins/197801/images/about3.jpg","fqdn":"www.524w.com","domain":"524w.com","tld":"com"},"ip":{"addr":"104.140.173.178","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:51.748Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/images/about3.jpg HTTP/1.1\r\nHost: www.524w.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.524w.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 23 Mar 2026 02:47:52 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.njkmd.cn/skins/197801/images/about3.jpg\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":74116,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1202,"timings":{"blocked":1004,"dns":0,"connect":0,"send":0,"wait":198,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.3152018.com:8259/a/acai/sj.js","fqdn":"www.3152018.com","domain":"3152018.com","tld":"com"},"ip":{"addr":"27.124.44.6","port":8259,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:51.847Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"ECDSA-P521-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"3152018.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 12 Feb 2026 10:25:45 GMT","end":"Wed, 13 May 2026 10:25:44 GMT"},"fingerprint":{"sha1":"0F:57:B9:AD:3D:EE:38:2B:FC:BA:FE:0F:0A:D4:FE:BE:80:42:D8:6B","sha256":"28:1C:74:B2:82:C5:63:93:D7:60:A8:3B:6D:EA:04:90:83:C1:99:51:7A:E3:43:F6:DB:DF:8B:A7:00:6E:B1:8B"}}},"request":{"raw":"GET /a/acai/sj.js HTTP/1.1\r\nHost: www.3152018.com:8259\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.524w.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 23 Mar 2026 02:47:53 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Sat, 26 Aug 2023 08:15:16 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"64e9b494-1545\"\r\nExpires: Mon, 23 Mar 2026 03:47:53 GMT\r\nCache-Control: max-age=3600\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5445,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (5191)","md5":"06958162d016d1c1409e7cb7d7318456","sha1":"93478f5ff2937b26363735bfbb58bef56c64f7bc","sha256":"2d35bf1c8badcd4cb53cfb025674a8d48bb6d8a45c277f95d6f1d359257a87c5","sha512":"91c0f027e3098364de7676704a8c890e556e297ac9d6e52fdd18f6096bef9d72d3986f42d432435505bd9821f9df6c9ec43901dfc668f46ffc81089eeecdbf84","ssdeep":"96:AJBKXln3rsMim3bnnkBO91Fjkp8UYgGUsddZ8HVus2d4WgISL/DyPVF9ektCYQ7H:AvKXV/Zlkp+gGUsddWVu9d4WgISL/DkM","tlshash":"33b1fe981282984f378f1dc3ae60fa697172d07a33843643c399b5e865e4573d1ce63e","first_seen":"2023-11-28T17:51:09Z","last_seen":"2026-04-02T23:10:06.251656Z","times_seen":109,"resource_available":true,"data":null}},"time_used":2946,"timings":{"blocked":1325,"dns":428,"connect":297,"send":0,"wait":296,"receive":0,"ssl":596},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"www.3152018.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.524w.com/jquery.min.js","fqdn":"www.524w.com","domain":"524w.com","tld":"com"},"ip":{"addr":"104.140.173.178","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:51.704Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /jquery.min.js HTTP/1.1\r\nHost: www.524w.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.524w.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 23 Mar 2026 02:47:51 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 689\r\nLast-Modified: Fri, 06 Sep 2024 15:26:57 GMT\r\nConnection: keep-alive\r\nETag: \"66db1f41-2b1\"\r\nExpires: Mon, 23 Mar 2026 03:47:51 GMT\r\nCache-Control: max-age=3600\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":689,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (689), with no line terminators","md5":"ca4a5c91d649d6ef4f2864ba255066d6","sha1":"9b682f3fa9816b13aaa5bbba180871e62e195d09","sha256":"eae9bc45513eb40d3f1be60968ce86818a8537211d7e624f57fba1b9eaf66f1a","sha512":"a223dee8569bb4289262d351d1b4e3a2f4365f335553e44dddc6768aeac2a363d87a6a09d37da8b5f5e486498c73b8e494265443b0a49d5fa079e3fdcffb0786","ssdeep":"","tlshash":"00011dd8d7c4e89b6edd9c53ed15decb21b2813ba2d972838328fe8c056a199c85d448","first_seen":"2023-03-10T19:56:12Z","last_seen":"2026-03-23T02:48:48.046956Z","times_seen":2,"resource_available":true,"data":null}},"time_used":145,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":145,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.524w.com/skins/197801/images/navbg.png","fqdn":"www.524w.com","domain":"524w.com","tld":"com"},"ip":{"addr":"104.140.173.178","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:53.551Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/images/navbg.png HTTP/1.1\r\nHost: www.524w.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.524w.com/skins/197801/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 23 Mar 2026 02:47:53 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.njkmd.cn/skins/197801/images/navbg.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":983,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":182,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":182,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.524w.com/skins/197801/images/about1.jpg","fqdn":"www.524w.com","domain":"524w.com","tld":"com"},"ip":{"addr":"104.140.173.178","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:51.745Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/images/about1.jpg HTTP/1.1\r\nHost: www.524w.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.524w.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 23 Mar 2026 02:47:53 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.njkmd.cn/skins/197801/images/about1.jpg\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1384,"timings":{"blocked":1205,"dns":0,"connect":0,"send":0,"wait":179,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"push.zhanzhang.baidu.com/push.js","fqdn":"push.zhanzhang.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:53.648Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /push.js HTTP/1.1\r\nHost: push.zhanzhang.baidu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.524w.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1349,"timings":{"blocked":0,"dns":1349,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.njkmd.cn/skins/197801/images/map.png","fqdn":"www.njkmd.cn","domain":"njkmd.cn","tld":"cn"},"ip":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:54.145Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/images/map.png HTTP/1.1\r\nHost: www.njkmd.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.524w.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 8390\r\nConnection: keep-alive\r\nDate: Mon, 23 Mar 2026 02:47:57 GMT\r\nLast-Modified: Mon, 28 Aug 2023 01:43:35 GMT\r\nAccept-Ranges: bytes\r\nETag: \"80fdeae51d9d91:0\"\r\nX-Powered-By: AN-115.4.172\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nContent-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;\r\nX-Content-Type-Options: nosniff\r\nVia: cache65.l2cn3130[15,15,200-0,M], cache39.l2cn3130[17,0], kunlun3.cn7174[30,29,200-0,M], kunlun10.cn7174[32,0]\r\nAli-Swift-Global-Savetime: 1774234077\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 23 Mar 2026 02:47:57 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921e17742340776232127e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":8390,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 265 x 123, 8-bit/color RGB, non-interlaced","md5":"fb6806fc868c610c884794fc1ca2041c","sha1":"469604fe44338b296aa2d4453a88042c87ae5f23","sha256":"faefc187da9a70788bd3d0a0b4ff7e4fad3474001472ca7052ee27c140bd715f","sha512":"4e74aa1f9a18d345dba1922cd53a93760f2f1d232310079784c1758ae718ac3aa8759e3944891e825719caa43a632d86294a314d0b80e359dc9645bda7a9a7da","ssdeep":"192:k/+yWAb7wBcdIUljyxWps81xBesBttaiXlSRtLCa/FzrF:NyWA3waThyxWptrs4SRtLZdHF","tlshash":"69029e71fa005e1cd1a484821afdd9e26df308d178a2724a21f7c5ca3ae91a01a4bdf7","first_seen":"2024-08-04T05:55:24Z","last_seen":"2026-03-29T12:28:02.657535Z","times_seen":27,"resource_available":false,"data":null}},"time_used":3682,"timings":{"blocked":3362,"dns":0,"connect":0,"send":0,"wait":313,"receive":7,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-23T02:47:57Z","timestamp":1774234077,"ip_dst":{"addr":"172.18.0.16","port":37508,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-23T02:47:57.821308+0000\",\"flow_id\":767556455107158,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.43\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":37508,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.njkmd.cn\",\"url\":\"/skins/197801/images/map.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.524w.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1460},\"files\":[{\"filename\":\"/skins/197801/images/map.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":1460,\"tx_id\":3}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":41,\"pkts_toclient\":56,\"bytes_toserver\":3740,\"bytes_toclient\":72028,\"start\":\"2026-03-23T02:47:54.985686+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img56.jc35.com/gxhpic_dd6cece70c/3894d50a025bd89cb66c2bbd2a81a86f8c6a28426ac8d41270a45b29dac6689bc525c1cb8014f469_280_280_5.jpg","fqdn":"img56.jc35.com","domain":"jc35.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:55.865Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /gxhpic_dd6cece70c/3894d50a025bd89cb66c2bbd2a81a86f8c6a28426ac8d41270a45b29dac6689bc525c1cb8014f469_280_280_5.jpg HTTP/1.1\r\nHost: img56.jc35.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://www.524w.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":1,"connect":281,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img63.jc35.com/gxhpic_dd6cece70c/dca1878fece157b16b3bf7df3b8e8b9cd94e24a084a2242efe984c088e9eec0c17c875a79f10da85_280_280_5.jpg","fqdn":"img63.jc35.com","domain":"jc35.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:55.967Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /gxhpic_dd6cece70c/dca1878fece157b16b3bf7df3b8e8b9cd94e24a084a2242efe984c088e9eec0c17c875a79f10da85_280_280_5.jpg HTTP/1.1\r\nHost: img63.jc35.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://www.524w.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":0,"dns":1,"connect":267,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.524w.com/skins/197801/images/about4.jpg","fqdn":"www.524w.com","domain":"524w.com","tld":"com"},"ip":{"addr":"104.140.173.178","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:51.749Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/images/about4.jpg HTTP/1.1\r\nHost: www.524w.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.524w.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 23 Mar 2026 02:47:53 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.njkmd.cn/skins/197801/images/about4.jpg\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1365,"timings":{"blocked":1183,"dns":0,"connect":0,"send":0,"wait":182,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"524w.com/","fqdn":"524w.com","domain":"524w.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-23T02:47:49.749Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: 524w.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":513,"timings":{"blocked":513,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.524w.com/js/JSChat.js","fqdn":"www.524w.com","domain":"524w.com","tld":"com"},"ip":{"addr":"104.140.173.178","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:51.718Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /js/JSChat.js HTTP/1.1\r\nHost: www.524w.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.524w.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 23 Mar 2026 02:47:51 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":1596,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"Unicode text, UTF-8 text","md5":"5122b87041a34991740a2418cf688de4","sha1":"ae0142e84d1e0f3c4749ea58827ae56d2a32fbbc","sha256":"40061d6dc948529ad974ca45b9b63d65ff87037086f65629d1e958cb1de10ccd","sha512":"a96700940fd242137764811caa4748780c79b6925f05ad2b31238126ee24d24ab70c05f0c72de11fde17efd99247a5b3225dbdc708249c59f9b047d5e435a481","ssdeep":"","tlshash":"de31edb24a53931209094ea3c71a134ce267915b9117e8623d3d6d643f88927b7997f0","first_seen":"2025-04-06T23:54:49.048059Z","last_seen":"2026-04-05T04:58:55.064088Z","times_seen":470,"resource_available":false,"data":null}},"time_used":464,"timings":{"blocked":123,"dns":0,"connect":148,"send":0,"wait":193,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"img62.jc35.com/gxhpic_dd6cece70c/3dc9911d17df6b89c58a6000906eaf263bd18fe86c863cf8b7eb1802d978d5f8fe675fc0ed495089_280_280_5.jpg","fqdn":"img62.jc35.com","domain":"jc35.com","tld":"com"},"ip":{"addr":"183.234.97.83","port":80,"asn":9808,"as":"China Mobile Communications Group Co., Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:51.735Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /gxhpic_dd6cece70c/3dc9911d17df6b89c58a6000906eaf263bd18fe86c863cf8b7eb1802d978d5f8fe675fc0ed495089_280_280_5.jpg HTTP/1.1\r\nHost: img62.jc35.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.524w.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nServer: openresty\r\nDate: Mon, 23 Mar 2026 02:47:55 GMT\r\nContent-Type: text/html\r\nContent-Length: 166\r\nConnection: keep-alive\r\nLocation: https://img62.jc35.com/gxhpic_dd6cece70c/3dc9911d17df6b89c58a6000906eaf263bd18fe86c863cf8b7eb1802d978d5f8fe675fc0ed495089_280_280_5.jpg\r\nX-CCDN-REQ-ID-46B1: 7ce20e9563aa1b275e7ce6033b2c3350\r\nvia: CHN-GDshantou-CMCC2-CACHE42[4]\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":4333,"timings":{"blocked":1017,"dns":2564,"connect":500,"send":0,"wait":252,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.524w.com/skins/197801/images/ys_ico1.png","fqdn":"www.524w.com","domain":"524w.com","tld":"com"},"ip":{"addr":"104.140.173.178","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:53.610Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/images/ys_ico1.png HTTP/1.1\r\nHost: www.524w.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.524w.com/skins/197801/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 23 Mar 2026 02:47:53 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.njkmd.cn/skins/197801/images/ys_ico1.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2487,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":320,"timings":{"blocked":126,"dns":0,"connect":0,"send":0,"wait":194,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.njkmd.cn/skins/197801/images/h_pro_jt.png","fqdn":"www.njkmd.cn","domain":"njkmd.cn","tld":"cn"},"ip":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:53.919Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/images/h_pro_jt.png HTTP/1.1\r\nHost: www.njkmd.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.524w.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: Tengine\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nDate: Mon, 23 Mar 2026 02:47:56 GMT\r\nVary: Accept-Encoding\r\nX-Powered-By: AN-115.4.171\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nContent-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;\r\nX-Content-Type-Options: nosniff\r\nContent-Encoding: gzip\r\nVia: cache13.l2cn8003[128,127,404-1280,M], cache16.l2cn8003[129,0], kunlun1.cn7174[145,144,404-1280,M], kunlun10.cn7174[149,0]\r\nAli-Swift-Global-Savetime: 1774234076\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-Error: orig response 4XX error\r\nX-Swift-SaveTime: Mon, 23 Mar 2026 02:47:56 GMT\r\nX-Swift-CacheTime: 1\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921e17742340760973235e\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":2509,"timings":{"blocked":2083,"dns":0,"connect":0,"send":0,"wait":424,"receive":2,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-23T02:47:56Z","timestamp":1774234076,"ip_dst":{"addr":"172.18.0.16","port":37486,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-23T02:47:56.429051+0000\",\"flow_id\":1856889010391548,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.43\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":37486,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.njkmd.cn\",\"url\":\"/skins/197801/images/h_pro_jt.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://www.524w.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":1698},\"files\":[{\"filename\":\"/skins/197801/images/h_pro_jt.png\",\"sid\":[],\"gaps\":false,\"state\":\"TRUNCATED\",\"stored\":false,\"size\":3605,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":26,\"pkts_toclient\":39,\"bytes_toserver\":2527,\"bytes_toclient\":46282,\"start\":\"2026-03-23T02:47:54.985596+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.524w.com/skins/197801/images/ys_ico3.png","fqdn":"www.524w.com","domain":"524w.com","tld":"com"},"ip":{"addr":"104.140.173.178","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:53.613Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/images/ys_ico3.png HTTP/1.1\r\nHost: www.524w.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.524w.com/skins/197801/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 23 Mar 2026 02:47:53 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.njkmd.cn/skins/197801/images/ys_ico3.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2085,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":327,"timings":{"blocked":137,"dns":0,"connect":0,"send":0,"wait":190,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.524w.com/skins/197801/images/about_bg.jpg","fqdn":"www.524w.com","domain":"524w.com","tld":"com"},"ip":{"addr":"104.140.173.178","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:53.616Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/images/about_bg.jpg HTTP/1.1\r\nHost: www.524w.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.524w.com/skins/197801/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 23 Mar 2026 02:47:54 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.njkmd.cn/skins/197801/images/about_bg.jpg\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":480,"timings":{"blocked":294,"dns":0,"connect":0,"send":0,"wait":186,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"collect-v6.51.la/v6/collect?dt=4","fqdn":"collect-v6.51.la","domain":"51.la","tld":"la"},"ip":{"addr":"43.159.107.113","port":80,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:57.934Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"POST /v6/collect?dt=4 HTTP/1.1\r\nHost: collect-v6.51.la\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Length: 367\r\nOrigin: http://www.524w.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.524w.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 210 Unknown Status\r\nVary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nAccess-Control-Allow-Origin: http://www.524w.com\r\nAccess-Control-Allow-Credentials: true\r\nServer: TencentEdgeOne\r\nContent-Length: 0\r\nConnection: keep-alive\r\nDate: Mon, 23 Mar 2026 02:47:58 GMT\r\nEO-LOG-UUID: 699669856727428137\r\nEO-Cache-Status: MISS\r\n\r\n","headers":null,"cookies":null,"status_code":"210","status_text":"Unknown Status","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":277,"timings":{"blocked":-1,"dns":1,"connect":19,"send":0,"wait":257,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"test.xinxiyidiantong.com:2096/images/favicon.ico","fqdn":"test.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":2096,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:59.531Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"test.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 18 Mar 2026 02:32:06 GMT","end":"Tue, 16 Jun 2026 02:32:05 GMT"},"fingerprint":{"sha1":"F2:3E:4A:2C:AE:0F:1A:DC:04:1B:0A:91:04:E5:C8:80:09:CC:AD:F9","sha256":"C8:04:B0:6D:F6:48:F8:59:49:78:07:B9:83:C7:73:52:35:C4:D4:82:9E:3E:61:44:90:D3:1F:8A:03:C5:BD:87"}}},"request":{"raw":"GET /images/favicon.ico HTTP/1.1\r\nHost: test.xinxiyidiantong.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.524w.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 23 Mar 2026 02:47:59 GMT\r\nContent-Type: image/x-icon\r\nContent-Length: 3066\r\nLast-Modified: Fri, 22 Oct 2021 08:11:14 GMT\r\nConnection: keep-alive\r\nETag: \"61727222-bfa\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3066,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced","md5":"00b726752e8713453d31b694d4f74b89","sha1":"122742a4ce71b668801ddcc8db72f07730db290c","sha256":"45d8a46c7758c43f32db8794520cbf03604db83734c969ca80d3b356f8360b37","sha512":"75660a291825839b5fd42b269bd501a9c81a5426adaab17d7b368687194da769a1373b3b5c20476085909c6f0fa5391e9b3c30714bc4be5b6e405ac018814367","ssdeep":"","tlshash":"e9515d9712b1080bc4797cb20f41bc5e95251237402dfaa57cf332d5ba80e9d629bed1","first_seen":"2023-05-06T09:29:06Z","last_seen":"2026-04-04T22:45:47.066966Z","times_seen":1723,"resource_available":false,"data":null}},"time_used":291,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":291,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"test.xinxiyidiantong.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.524w.com/skins/197801/images/h_pro_jt.png","fqdn":"www.524w.com","domain":"524w.com","tld":"com"},"ip":{"addr":"104.140.173.178","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:53.601Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/images/h_pro_jt.png HTTP/1.1\r\nHost: www.524w.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.524w.com/skins/197801/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 23 Mar 2026 02:47:53 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.njkmd.cn/skins/197801/images/h_pro_jt.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":309,"timings":{"blocked":132,"dns":0,"connect":0,"send":0,"wait":177,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.njkmd.cn/skins/197801/images/zx_bg.jpg","fqdn":"www.njkmd.cn","domain":"njkmd.cn","tld":"cn"},"ip":{"addr":"180.163.146.38","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:54.118Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/images/zx_bg.jpg HTTP/1.1\r\nHost: www.njkmd.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.524w.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/jpeg\r\nContent-Length: 44104\r\nConnection: keep-alive\r\nDate: Mon, 23 Mar 2026 02:47:58 GMT\r\nLast-Modified: Mon, 28 Aug 2023 01:43:40 GMT\r\nAccept-Ranges: bytes\r\nETag: \"0eee51151d9d91:0\"\r\nX-Powered-By: AN-115.4.175\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nContent-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;\r\nX-Content-Type-Options: nosniff\r\nVia: ens-cache60.l2cn7147[82,81,200-0,M], ens-cache67.l2cn7147[83,0], kunlun6.cn7174[270,269,200-0,M], kunlun9.cn7174[273,0]\r\nAli-Swift-Global-Savetime: 1774234078\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 23 Mar 2026 02:47:58 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921d17742340779526614e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":44104,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x473, components 3","md5":"c0a34174afe16c501c15e5544e8cb7eb","sha1":"527d5e5d582526ea59e9c9bcc2241d0d9ed98093","sha256":"1b33e191a508ca1cc5fad742cad533f520657fc1ad6f872b74580a72a4f6a359","sha512":"e3ce64f164af8daf756ff1271950097b105d6bf4bd03cef188084aeb3e07b1c99dfaf8619a0f976448484b53d8146fefbabd39cf10e17ab7c1c07bb33ff34ace","ssdeep":"768:eaJi/ddi07N9IO3GJTXiPbVg5QLWrjkAsLhrnRu0eMeSR:ewi1di07N9f3GBXWY/p6hrncBKR","tlshash":"4613e1235f551e6bd0f922f24543e1f7bf9e0e702b620843bb4a5b17ae913a4681d6c8","first_seen":"2024-08-19T14:43:35.335204Z","last_seen":"2026-03-29T12:28:02.658426Z","times_seen":17,"resource_available":false,"data":null}},"time_used":4512,"timings":{"blocked":3717,"dns":0,"connect":0,"send":0,"wait":534,"receive":261,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-23T02:47:58Z","timestamp":1774234078,"ip_dst":{"addr":"172.18.0.16","port":60228,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.38","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-23T02:47:58.372292+0000\",\"flow_id\":1308267067973779,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.38\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":60228,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.njkmd.cn\",\"url\":\"/skins/197801/images/zx_bg.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.524w.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1460},\"files\":[{\"filename\":\"/skins/197801/images/zx_bg.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":1460,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":10,\"bytes_toserver\":1191,\"bytes_toclient\":8111,\"start\":\"2026-03-23T02:47:55.237715+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"test.xinxiyidiantong.com:2096/images/style1.css","fqdn":"test.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":2096,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:56.334Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"test.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 18 Mar 2026 02:32:06 GMT","end":"Tue, 16 Jun 2026 02:32:05 GMT"},"fingerprint":{"sha1":"F2:3E:4A:2C:AE:0F:1A:DC:04:1B:0A:91:04:E5:C8:80:09:CC:AD:F9","sha256":"C8:04:B0:6D:F6:48:F8:59:49:78:07:B9:83:C7:73:52:35:C4:D4:82:9E:3E:61:44:90:D3:1F:8A:03:C5:BD:87"}}},"request":{"raw":"GET /images/style1.css HTTP/1.1\r\nHost: test.xinxiyidiantong.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.524w.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 23 Mar 2026 02:47:57 GMT\r\nContent-Type: text/css\r\nLast-Modified: Mon, 24 Apr 2023 11:24:01 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"644666d1-2acf\"\r\nExpires: Mon, 23 Mar 2026 03:47:57 GMT\r\nCache-Control: max-age=3600\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10959,"size_decoded":0,"mime_type":"text/css","magic":"assembler source, ASCII text, with very long lines (465), with CRLF line terminators","md5":"9dcee9f3e3a9adc3a8fd044d18aff03a","sha1":"222a22156013ec694b2088c0a92e22e95cadfeb0","sha256":"53143bf9cab52824338170fc6c349fddcec4f52dd1cb999c83f7865365445d8a","sha512":"782456493e261dc963ab94961e51482abd496641b98dc345b87bd8f6d220abddc3b747fd3bad55aefc2d89435f82eccb5bb08438ad29379d05b1094c0c2445e9","ssdeep":"192:YttDBv+hilwO09z0GgvfmLkyGtKwk6NxCiGgxE3M3EEVuo0Kkzxl8AjnHI0rGLd4:YttDBoilwO09z0GgvfmLkyGtKwk6NxCp","tlshash":"48327b2b9340288f745bc77868d77599f639c064fe3dd95ea31a33a6422298e1037fc5","first_seen":"2023-05-06T09:29:06Z","last_seen":"2026-04-04T22:45:47.057064Z","times_seen":1714,"resource_available":false,"data":null}},"time_used":1185,"timings":{"blocked":-1,"dns":8,"connect":295,"send":0,"wait":291,"receive":1,"ssl":590},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"test.xinxiyidiantong.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"test.xinxiyidiantong.com:2096/images/2.jpg","fqdn":"test.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":2096,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:57.618Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"test.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 18 Mar 2026 02:32:06 GMT","end":"Tue, 16 Jun 2026 02:32:05 GMT"},"fingerprint":{"sha1":"F2:3E:4A:2C:AE:0F:1A:DC:04:1B:0A:91:04:E5:C8:80:09:CC:AD:F9","sha256":"C8:04:B0:6D:F6:48:F8:59:49:78:07:B9:83:C7:73:52:35:C4:D4:82:9E:3E:61:44:90:D3:1F:8A:03:C5:BD:87"}}},"request":{"raw":"GET /images/2.jpg HTTP/1.1\r\nHost: test.xinxiyidiantong.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://test.xinxiyidiantong.com:2096/images/style1.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 23 Mar 2026 02:47:57 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 85884\r\nLast-Modified: Fri, 22 Oct 2021 07:29:23 GMT\r\nConnection: keep-alive\r\nETag: \"61726853-14f7c\"\r\nExpires: Wed, 22 Apr 2026 02:47:57 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":85884,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x1080, components 3","md5":"6613a23f1fecfc5aad23df7cce06f1b0","sha1":"3a3bcb377568add492170212e90d7a1f633f5e27","sha256":"657c5a2c773ed927afc61fbce4bc522bd8190ed82cb2c15ff0e9baac320749ca","sha512":"511438a9f958104610211db26c5b44cba19e27ca89ff256f83e298aeb094118e094752fac5d3591304df00f7d9e5d205c6d6c04c3997dd8358d16b77eba1dad3","ssdeep":"1536:QEDtAN5nPlYihG1VH9qvmhrcn+mcKHvQ8vDBXj4Jka:Q0AN5PlYp1Vdy6oSmI8v1z46a","tlshash":"0f83f17bc7560be3e618077a90b7053efb564439661e1f17ad280026c8e07b9fd672a2","first_seen":"2023-05-06T09:29:06Z","last_seen":"2026-04-05T06:37:51.34884Z","times_seen":1340,"resource_available":false,"data":null}},"time_used":1173,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":589,"receive":584,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"test.xinxiyidiantong.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.njkmd.cn/skins/197801/images/about2.jpg","fqdn":"www.njkmd.cn","domain":"njkmd.cn","tld":"cn"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:53.156Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/images/about2.jpg HTTP/1.1\r\nHost: www.njkmd.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.524w.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.524w.com/jquery.la.min.js","fqdn":"www.524w.com","domain":"524w.com","tld":"com"},"ip":{"addr":"104.140.173.178","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:56.336Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /jquery.la.min.js HTTP/1.1\r\nHost: www.524w.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.524w.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 23 Mar 2026 02:47:56 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Fri, 06 Sep 2024 15:26:57 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"66db1f41-55a\"\r\nExpires: Mon, 23 Mar 2026 03:47:56 GMT\r\nCache-Control: max-age=3600\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1370,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (554), with CRLF line terminators","md5":"4960570e1b85d346b1a0abecf81b4214","sha1":"ffc86490240f4bc0a5de16e6d769763b675b9571","sha256":"125a7cd35863018a5f6b22ffab23411b8aa42117e11cf5ecdc11cec3bfa128f8","sha512":"3078aaab8ee8a3d63cac07b708e14fcf4da82611527a9eee207f6efacd8cf8290427bf787116f968237e5e610075d83eed20b3c514e0725a81aa8f171613f370","ssdeep":"","tlshash":"1021ce5f7c45e1246b962a7523bbdaace9ee1069200ec80655dac46c7c28ff50426b4c","first_seen":"2024-08-31T08:32:29.309178Z","last_seen":"2026-03-23T02:48:48.067901Z","times_seen":2,"resource_available":true,"data":null}},"time_used":146,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":146,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"img57.jc35.com/gxhpic_dd6cece70c/dca1878fece157b16b3bf7df3b8e8b9ccf907cc4b4357ea393d1f7eed005aa5dfb802ef1b08a8ddf_280_280_5.jpg","fqdn":"img57.jc35.com","domain":"jc35.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:51.736Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /gxhpic_dd6cece70c/dca1878fece157b16b3bf7df3b8e8b9ccf907cc4b4357ea393d1f7eed005aa5dfb802ef1b08a8ddf_280_280_5.jpg HTTP/1.1\r\nHost: img57.jc35.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.524w.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":3854,"timings":{"blocked":1016,"dns":2563,"connect":274,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.524w.com/skins/197801/images/foot_logo.png","fqdn":"www.524w.com","domain":"524w.com","tld":"com"},"ip":{"addr":"104.140.173.178","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:51.752Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/images/foot_logo.png HTTP/1.1\r\nHost: www.524w.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.524w.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 23 Mar 2026 02:47:53 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.njkmd.cn/skins/197801/images/foot_logo.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1384,"timings":{"blocked":1204,"dns":0,"connect":0,"send":0,"wait":180,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bofacai.com:31155/fcl.php?keyword=9001cc%20%E4%BB%A5%E8%AF%9A%E4%B8%BA%E6%9C%AC(%E4%B8%AD%E5%9B%BD)%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8-Baidu%E7%99%BE%E7%A7%91\u0026from=pc\u0026originUrl=http%3A%2F%2Fwww.524w.com%2F\u0026referer=\u0026userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026v=4261","fqdn":"bofacai.com","domain":"bofacai.com","tld":"com"},"ip":{"addr":"143.92.57.23","port":31155,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:53.512Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"bofacai.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 18 Mar 2026 11:28:37 GMT","end":"Tue, 16 Jun 2026 11:28:36 GMT"},"fingerprint":{"sha1":"50:95:15:D7:13:84:CD:79:B8:63:E4:10:8D:42:AD:44:AE:35:58:9E","sha256":"9C:FB:37:BF:0F:24:76:AC:4C:03:49:C4:08:34:CA:73:5A:12:50:00:A7:EF:F3:C6:24:19:4A:DB:17:BC:23:A1"}}},"request":{"raw":"GET /fcl.php?keyword=9001cc%20%E4%BB%A5%E8%AF%9A%E4%B8%BA%E6%9C%AC(%E4%B8%AD%E5%9B%BD)%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8-Baidu%E7%99%BE%E7%A7%91\u0026from=pc\u0026originUrl=http%3A%2F%2Fwww.524w.com%2F\u0026referer=\u0026userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026v=4261 HTTP/1.1\r\nHost: bofacai.com:31155\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: http://www.524w.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.524w.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 23 Mar 2026 02:47:56 GMT\r\nContent-Type: text/html;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nAccess-Control-Allow-Origin: *\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2925,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with CRLF line terminators","md5":"51aa6bf27f087766bb7f8590f027b94e","sha1":"5276632e6817cdb47ee08d0c5c568ad4ba04db1b","sha256":"f25eebedeb3a9c716b076d44b435d06bb288328bac9c850223bc5c876f3fad05","sha512":"57b30343c06a10aaf856cb747983676ad262a728a7892472c7ba0e954d2e32702676678b7743e268944c0508d9cc7b714150c49bd88e438f7b18780be28ac4d3","ssdeep":"","tlshash":"e851afe796ca187206b382e6b6b07764fce3804fde549582f46c125b0b74e51b453a8d","first_seen":"2026-03-23T02:48:48.071347Z","last_seen":"2026-03-23T02:48:48.071347Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2699,"timings":{"blocked":-1,"dns":1482,"connect":299,"send":0,"wait":314,"receive":0,"ssl":604},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.524w.com/skins/197801/images/zx_bg.jpg","fqdn":"www.524w.com","domain":"524w.com","tld":"com"},"ip":{"addr":"104.140.173.178","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:53.617Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/images/zx_bg.jpg HTTP/1.1\r\nHost: www.524w.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.524w.com/skins/197801/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 23 Mar 2026 02:47:54 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.njkmd.cn/skins/197801/images/zx_bg.jpg\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":44104,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":492,"timings":{"blocked":311,"dns":0,"connect":0,"send":0,"wait":181,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.njkmd.cn/skins/197801/images/ys_ico4.png","fqdn":"www.njkmd.cn","domain":"njkmd.cn","tld":"cn"},"ip":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:53.953Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/images/ys_ico4.png HTTP/1.1\r\nHost: www.njkmd.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.524w.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 2224\r\nConnection: keep-alive\r\nDate: Mon, 23 Mar 2026 02:47:57 GMT\r\nLast-Modified: Mon, 28 Aug 2023 01:43:40 GMT\r\nAccept-Ranges: bytes\r\nETag: \"0eee51151d9d91:0\"\r\nX-Powered-By: AN-115.4.177\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nContent-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;\r\nX-Content-Type-Options: nosniff\r\nVia: ens-cache16.l2cn9014[62,61,200-0,M], ens-cache41.l2cn9014[63,0], kunlun6.cn7174[77,76,200-0,M], kunlun9.cn7174[78,0]\r\nAli-Swift-Global-Savetime: 1774234077\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 23 Mar 2026 02:47:57 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921d17742340776224931e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":2224,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 52 x 52, 8-bit/color RGBA, non-interlaced","md5":"611c7511ed85127b6427a90fd0f4cb45","sha1":"8da31d1d06fb54d4cc0031e0ef9269eaa9a869e1","sha256":"6300b78c391efadce729144bd4d10c45ef5e2b3ce937e3e31c016ddebd92b446","sha512":"1370aa6b1f071e51f914f4316159b14f58a96d2921e53b95b7b3919a753f15d7186fe9b5b45ee466460548353a1e852a7618f3a201c4914fa5e2f4cde1c35c45","ssdeep":"","tlshash":"d9410947baf06e40fe195d4b98edb137b3330880c6939c26a6fcd4813a751b568986df","first_seen":"2024-08-19T14:43:35.323809Z","last_seen":"2026-03-29T12:28:02.65597Z","times_seen":17,"resource_available":false,"data":null}},"time_used":3900,"timings":{"blocked":3555,"dns":0,"connect":0,"send":0,"wait":345,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-23T02:47:57Z","timestamp":1774234077,"ip_dst":{"addr":"172.18.0.16","port":37484,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-23T02:47:57.852030+0000\",\"flow_id\":2147915994368462,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.43\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":37484,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.njkmd.cn\",\"url\":\"/skins/197801/images/ys_ico4.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.524w.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":169,\"pkts_toclient\":217,\"bytes_toserver\":10253,\"bytes_toclient\":317329,\"start\":\"2026-03-23T02:47:54.985550+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img64.jc35.com/gxhpic_dd6cece70c/a80e2892cb425e19e9ab5b02259f8ce2314de0ed4a74ad7415c50dbea8cafc8df204140396bf6962_280_280_5.jpg","fqdn":"img64.jc35.com","domain":"jc35.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:55.830Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /gxhpic_dd6cece70c/a80e2892cb425e19e9ab5b02259f8ce2314de0ed4a74ad7415c50dbea8cafc8df204140396bf6962_280_280_5.jpg HTTP/1.1\r\nHost: img64.jc35.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://www.524w.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":0,"dns":1,"connect":252,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img56.jc35.com/gxhpic_dd6cece70c/3dc9911d17df6b8958c3d451e594c0e07c308ac7947dee2c7138d2f5f6288a8cb586614219700b73_280_280_5.jpg","fqdn":"img56.jc35.com","domain":"jc35.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:55.854Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /gxhpic_dd6cece70c/3dc9911d17df6b8958c3d451e594c0e07c308ac7947dee2c7138d2f5f6288a8cb586614219700b73_280_280_5.jpg HTTP/1.1\r\nHost: img56.jc35.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://www.524w.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":0,"dns":1,"connect":264,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.njkmd.cn/skins/197801/images/about4.jpg","fqdn":"www.njkmd.cn","domain":"njkmd.cn","tld":"cn"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:53.118Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/images/about4.jpg HTTP/1.1\r\nHost: www.njkmd.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.524w.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"test.xinxiyidiantong.com:2096/images/4_1.jpg","fqdn":"test.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":2096,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:57.623Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"test.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 18 Mar 2026 02:32:06 GMT","end":"Tue, 16 Jun 2026 02:32:05 GMT"},"fingerprint":{"sha1":"F2:3E:4A:2C:AE:0F:1A:DC:04:1B:0A:91:04:E5:C8:80:09:CC:AD:F9","sha256":"C8:04:B0:6D:F6:48:F8:59:49:78:07:B9:83:C7:73:52:35:C4:D4:82:9E:3E:61:44:90:D3:1F:8A:03:C5:BD:87"}}},"request":{"raw":"GET /images/4_1.jpg HTTP/1.1\r\nHost: test.xinxiyidiantong.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://test.xinxiyidiantong.com:2096/images/style1.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 23 Mar 2026 02:47:58 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 9010\r\nLast-Modified: Fri, 22 Oct 2021 07:29:27 GMT\r\nConnection: keep-alive\r\nETag: \"61726857-2332\"\r\nExpires: Wed, 22 Apr 2026 02:47:58 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9010,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 350x80, components 3","md5":"fda80dce60b7652bc25d8050e874fc5e","sha1":"af999552eb2effe20b9bb6548bd3b40bf6b82fce","sha256":"86872602a83d5e41e9bf331e3f16f87d4631bd2a5f9f141c665eb00d6c20db92","sha512":"33271a5336643c30b2f6c91f3b9e9a88c68f5820de79ce486430643f0676cf6ab3ae2733e4ef796399656ea921e00afc609fc26beef03d0e033f3b25069b3e40","ssdeep":"192:HY0nSEeZkjRaPNWM7JHKm/4aqQP3vwHYKhU:znSReValWMV9nqQPoHYt","tlshash":"09027c11d2566f0cffcee55221b64738305a86f2f4e9e818bcffe1ab846001d251572b","first_seen":"2023-05-06T09:29:06Z","last_seen":"2026-04-04T22:45:47.0634Z","times_seen":1359,"resource_available":false,"data":null}},"time_used":1500,"timings":{"blocked":-1,"dns":1,"connect":293,"send":0,"wait":600,"receive":1,"ssl":605},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"test.xinxiyidiantong.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"collect-v6.51.la/v6/collect?dt=4","fqdn":"collect-v6.51.la","domain":"51.la","tld":"la"},"ip":{"addr":"43.159.107.113","port":80,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:57.895Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"POST /v6/collect?dt=4 HTTP/1.1\r\nHost: collect-v6.51.la\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Length: 364\r\nOrigin: http://www.524w.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.524w.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 210 Unknown Status\r\nVary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nAccess-Control-Allow-Origin: http://www.524w.com\r\nAccess-Control-Allow-Credentials: true\r\nServer: TencentEdgeOne\r\nContent-Length: 0\r\nConnection: keep-alive\r\nDate: Mon, 23 Mar 2026 02:47:57 GMT\r\nEO-LOG-UUID: 16402646177040979833\r\nEO-Cache-Status: MISS\r\n\r\n","headers":null,"cookies":null,"status_code":"210","status_text":"Unknown Status","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":963,"timings":{"blocked":-1,"dns":1,"connect":21,"send":0,"wait":941,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"524w.com/","fqdn":"524w.com","domain":"524w.com","tld":"com"},"ip":{"addr":"104.140.173.178","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-23T02:47:50.423Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: 524w.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nServer: nginx\r\nDate: Mon, 23 Mar 2026 02:47:50 GMT\r\nContent-Type: text/html\r\nContent-Length: 178\r\nConnection: keep-alive\r\nLocation: http://www.524w.com/\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":443,"timings":{"blocked":145,"dns":1,"connect":148,"send":0,"wait":149,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.524w.com/skins/197801/images/nav_line.png","fqdn":"www.524w.com","domain":"524w.com","tld":"com"},"ip":{"addr":"104.140.173.178","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:53.552Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/images/nav_line.png HTTP/1.1\r\nHost: www.524w.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.524w.com/skins/197801/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 23 Mar 2026 02:47:53 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.njkmd.cn/skins/197801/images/nav_line.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":940,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":184,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":184,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.524w.com/skins/197801/images/news_bt.png","fqdn":"www.524w.com","domain":"524w.com","tld":"com"},"ip":{"addr":"104.140.173.178","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:53.618Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/images/news_bt.png HTTP/1.1\r\nHost: www.524w.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.524w.com/skins/197801/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 23 Mar 2026 02:47:54 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.njkmd.cn/skins/197801/images/news_bt.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":1416,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":491,"timings":{"blocked":312,"dns":0,"connect":0,"send":0,"wait":179,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.524w.com/skins/197801/images/map.png","fqdn":"www.524w.com","domain":"524w.com","tld":"com"},"ip":{"addr":"104.140.173.178","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:53.619Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/images/map.png HTTP/1.1\r\nHost: www.524w.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.524w.com/skins/197801/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 23 Mar 2026 02:47:54 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.njkmd.cn/skins/197801/images/map.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8390,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":519,"timings":{"blocked":322,"dns":0,"connect":0,"send":0,"wait":197,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.njkmd.cn/skins/197801/images/about_bg.jpg","fqdn":"www.njkmd.cn","domain":"njkmd.cn","tld":"cn"},"ip":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:54.100Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/images/about_bg.jpg HTTP/1.1\r\nHost: www.njkmd.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.524w.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: Tengine\r\nContent-Type: text/html\r\nContent-Length: 1691\r\nConnection: keep-alive\r\nDate: Mon, 23 Mar 2026 02:47:58 GMT\r\nVary: Accept-Encoding\r\nX-Powered-By: AN-115.4.172\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nContent-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;\r\nX-Content-Type-Options: nosniff\r\nContent-Encoding: gzip\r\nVia: cache8.l2cn3059[33,32,404-1280,M], cache50.l2cn3059[34,0], kunlun8.cn7174[194,194,404-1280,M], kunlun9.cn7174[197,0]\r\nAli-Swift-Global-Savetime: 1774234078\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-Error: orig response 4XX error\r\nX-Swift-SaveTime: Mon, 23 Mar 2026 02:47:58 GMT\r\nX-Swift-CacheTime: 1\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921d17742340779676677e\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":4216,"timings":{"blocked":3753,"dns":0,"connect":0,"send":0,"wait":463,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-23T02:48:08Z","timestamp":1774234088,"ip_dst":{"addr":"172.18.0.16","port":37484,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-23T02:48:08.618957+0000\",\"flow_id\":2147915994368462,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.43\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":37484,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.njkmd.cn\",\"url\":\"/skins/197801/images/about_bg.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://www.524w.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":1691},\"files\":[{\"filename\":\"/skins/197801/images/about_bg.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":3605,\"tx_id\":3}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":174,\"pkts_toclient\":222,\"bytes_toserver\":10893,\"bytes_toclient\":320925,\"start\":\"2026-03-23T02:47:54.985550+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"img64.jc35.com/gxhpic_dd6cece70c/a80e2892cb425e19e9ab5b02259f8ce2314de0ed4a74ad7415c50dbea8cafc8df204140396bf6962_280_280_5.jpg","fqdn":"img64.jc35.com","domain":"jc35.com","tld":"com"},"ip":{"addr":"183.234.97.83","port":80,"asn":9808,"as":"China Mobile Communications Group Co., Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:51.732Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /gxhpic_dd6cece70c/a80e2892cb425e19e9ab5b02259f8ce2314de0ed4a74ad7415c50dbea8cafc8df204140396bf6962_280_280_5.jpg HTTP/1.1\r\nHost: img64.jc35.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.524w.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nServer: openresty\r\nDate: Mon, 23 Mar 2026 02:47:55 GMT\r\nContent-Type: text/html\r\nContent-Length: 166\r\nConnection: keep-alive\r\nLocation: https://img64.jc35.com/gxhpic_dd6cece70c/a80e2892cb425e19e9ab5b02259f8ce2314de0ed4a74ad7415c50dbea8cafc8df204140396bf6962_280_280_5.jpg\r\nX-CCDN-REQ-ID-46B1: 1aacad27274388416f61d7bf28200ee6\r\nvia: CHN-GDshantou-CMCC2-CACHE3[6]\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":4094,"timings":{"blocked":1019,"dns":2564,"connect":252,"send":0,"wait":259,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"img56.jc35.com/gxhpic_dd6cece70c/3dc9911d17df6b8958c3d451e594c0e07c308ac7947dee2c7138d2f5f6288a8cb586614219700b73_280_280_5.jpg","fqdn":"img56.jc35.com","domain":"jc35.com","tld":"com"},"ip":{"addr":"36.99.7.58","port":80,"asn":139018,"as":"Henan Luoyang IDC","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:51.733Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /gxhpic_dd6cece70c/3dc9911d17df6b8958c3d451e594c0e07c308ac7947dee2c7138d2f5f6288a8cb586614219700b73_280_280_5.jpg HTTP/1.1\r\nHost: img56.jc35.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.524w.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nServer: openresty\r\nDate: Mon, 23 Mar 2026 02:47:55 GMT\r\nContent-Type: text/html\r\nContent-Length: 166\r\nConnection: keep-alive\r\nLocation: https://img56.jc35.com/gxhpic_dd6cece70c/3dc9911d17df6b8958c3d451e594c0e07c308ac7947dee2c7138d2f5f6288a8cb586614219700b73_280_280_5.jpg\r\nX-CCDN-REQ-ID-46B1: 32bb0b2b65811831758c7d5c4f0cfe2c\r\nvia: CHN-HAluoyang-CT3-CACHE25[10]\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":4115,"timings":{"blocked":1018,"dns":2563,"connect":262,"send":0,"wait":272,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.njkmd.cn/skins/197801/images/banner02.jpg","fqdn":"www.njkmd.cn","domain":"njkmd.cn","tld":"cn"},"ip":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:53.757Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/images/banner02.jpg HTTP/1.1\r\nHost: www.njkmd.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.524w.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/jpeg\r\nContent-Length: 383755\r\nConnection: keep-alive\r\nDate: Mon, 23 Mar 2026 02:47:57 GMT\r\nLast-Modified: Mon, 28 Aug 2023 01:43:31 GMT\r\nAccept-Ranges: bytes\r\nETag: \"80a388c51d9d91:0\"\r\nX-Powered-By: AN-115.4.171\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nContent-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;\r\nX-Content-Type-Options: nosniff\r\nVia: ens-cache42.l2cn9014[62,61,200-0,M], ens-cache9.l2cn9014[63,0], kunlun8.cn7174[76,76,200-0,M], kunlun8.cn7174[78,0]\r\nAli-Swift-Global-Savetime: 1774234077\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 23 Mar 2026 02:47:57 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921c17742340776145693e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":383755,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=600, bps=158, PhotometricInterpretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x600, components 3","md5":"2eebbe8664c2fb5c683ef062814d46b5","sha1":"7cc67ff2ddca8a978ab9adbb8954ffaada48da24","sha256":"bd6b4646dba056d3198a552c9a1e6249bdde6db073c260dc7ed37492dc57d16b","sha512":"dd291fe0b6c722b7f7e260185340b7e2b7abbe4a4e0850c897ea6093b849660d5aee1a50b2eca10996f4c4b4bd5ea455d33997f9362969b1d7285d7a45531a09","ssdeep":"6144:2cM1kKrf/odtW0Zn31U14tyeWWPrStJBkb0/fvZeCVfTEn20yKCqFVRUpBYzlnzV:2xxItWEi1xJB34gf020oaRUrWzjjb","tlshash":"6f840201f5809c8cec5b6639e3e29de628326b81b7a94709f96d4df0f3f92d81f85506","first_seen":"2026-03-23T02:48:48.074723Z","last_seen":"2026-03-23T02:48:48.074723Z","times_seen":1,"resource_available":false,"data":null}},"time_used":4440,"timings":{"blocked":3750,"dns":0,"connect":0,"send":0,"wait":321,"receive":369,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-23T02:47:57Z","timestamp":1774234077,"ip_dst":{"addr":"172.18.0.16","port":37516,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-23T02:47:57.829474+0000\",\"flow_id\":841232324102799,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.43\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":37516,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.njkmd.cn\",\"url\":\"/skins/197801/images/banner02.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.524w.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2047},\"files\":[{\"filename\":\"/skins/197801/images/banner02.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":2047,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":94,\"pkts_toclient\":111,\"bytes_toserver\":6214,\"bytes_toclient\":155466,\"start\":\"2026-03-23T02:47:54.985743+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.njkmd.cn/skins/197801/images/ys_ico2.png","fqdn":"www.njkmd.cn","domain":"njkmd.cn","tld":"cn"},"ip":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:53.948Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/images/ys_ico2.png HTTP/1.1\r\nHost: www.njkmd.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.524w.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 1820\r\nConnection: keep-alive\r\nDate: Mon, 23 Mar 2026 02:47:56 GMT\r\nLast-Modified: Mon, 28 Aug 2023 01:43:40 GMT\r\nAccept-Ranges: bytes\r\nETag: \"0eee51151d9d91:0\"\r\nX-Powered-By: AN-115.4.172\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nContent-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;\r\nX-Content-Type-Options: nosniff\r\nVia: ens-cache56.l2cn7329[36,36,200-0,M], ens-cache10.l2cn7329[38,0], kunlun3.cn7174[67,66,200-0,M], kunlun10.cn7174[77,0]\r\nAli-Swift-Global-Savetime: 1774234076\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 23 Mar 2026 02:47:56 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921e17742340763844465e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":1820,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 66 x 54, 8-bit/color RGBA, non-interlaced","md5":"418eb5b73e6ac7d305fd3969f9814264","sha1":"5e2218af8c03ccbbbc3cdbc198d03991500357c6","sha256":"cd69e88cc67cb0cd506d5584f0fdbd56f2f14dc71290ac94cf372dc3ccb69e42","sha512":"dd2601c609a9ae16baba37d467a831dfe29accd2c9a9313f7e98e9fa74fa7fc8a54c608e68ef5e3ff5a7cb137d706979081ad46772e89b6e5e083cd173feeec1","ssdeep":"","tlshash":"f231d784fc80fd42058fc98014fe604b09764804abe4a4ab6c4fdd1729e21b398597de","first_seen":"2024-08-19T14:43:35.32576Z","last_seen":"2026-03-29T12:28:02.671348Z","times_seen":17,"resource_available":false,"data":null}},"time_used":2678,"timings":{"blocked":2318,"dns":0,"connect":0,"send":0,"wait":360,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-23T02:47:57Z","timestamp":1774234077,"ip_dst":{"addr":"172.18.0.16","port":37508,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-23T02:47:57.788464+0000\",\"flow_id\":767556455107158,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.43\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":37508,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.njkmd.cn\",\"url\":\"/skins/197801/images/ys_ico2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.524w.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1820},\"files\":[{\"filename\":\"/skins/197801/images/ys_ico2.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":1820,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":40,\"pkts_toclient\":53,\"bytes_toserver\":3686,\"bytes_toclient\":68082,\"start\":\"2026-03-23T02:47:54.985686+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"test.xinxiyidiantong.com:2096/images/18_1.jpg","fqdn":"test.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":2096,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:57.631Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"test.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 18 Mar 2026 02:32:06 GMT","end":"Tue, 16 Jun 2026 02:32:05 GMT"},"fingerprint":{"sha1":"F2:3E:4A:2C:AE:0F:1A:DC:04:1B:0A:91:04:E5:C8:80:09:CC:AD:F9","sha256":"C8:04:B0:6D:F6:48:F8:59:49:78:07:B9:83:C7:73:52:35:C4:D4:82:9E:3E:61:44:90:D3:1F:8A:03:C5:BD:87"}}},"request":{"raw":"GET /images/18_1.jpg HTTP/1.1\r\nHost: test.xinxiyidiantong.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://test.xinxiyidiantong.com:2096/images/style1.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 23 Mar 2026 02:47:58 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 10015\r\nLast-Modified: Thu, 30 May 2024 07:12:01 GMT\r\nConnection: keep-alive\r\nETag: \"665826c1-271f\"\r\nExpires: Wed, 22 Apr 2026 02:47:58 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10015,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 350x80, components 3","md5":"b6e75be501e59603b92b58fd264c2fae","sha1":"1d80259e55622ab3c41fdb2b9641ceecebd3847a","sha256":"edb744894c7656ccc78373adefbf54e332c32b6327a74ebcd253a7a73cb9b76a","sha512":"2d52cb6f50f77d82f19a33720aa512eb3df4aa2d1a662b436d7b5a05c2b4e9ddbab8393cc4fabbbaca24338f5a9311f55b1baeec5fc6e999bc002d8c2209ae55","ssdeep":"192:uvsTvX/inJrkPRss8KDS8vIwWjNSWmejcxlRBfnrPk:uvssrkpssHS8vZWjNCnxFzk","tlshash":"1c228c176a415f01eec95cb504f9c301b6239915fae7e87e5dc6a803b2c1cf2e8e85c1","first_seen":"2024-06-02T10:33:48Z","last_seen":"2026-04-04T22:45:47.06559Z","times_seen":1071,"resource_available":false,"data":null}},"time_used":1454,"timings":{"blocked":1156,"dns":0,"connect":0,"send":0,"wait":298,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"test.xinxiyidiantong.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.njkmd.cn/skins/197801/images/about.jpg","fqdn":"www.njkmd.cn","domain":"njkmd.cn","tld":"cn"},"ip":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:52.992Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/images/about.jpg HTTP/1.1\r\nHost: www.njkmd.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.524w.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/jpeg\r\nContent-Length: 140849\r\nConnection: keep-alive\r\nDate: Mon, 23 Mar 2026 02:47:55 GMT\r\nLast-Modified: Mon, 28 Aug 2023 01:43:18 GMT\r\nAccept-Ranges: bytes\r\nETag: \"0ffc8451d9d91:0\"\r\nX-Powered-By: AN-115.4.176\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nContent-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;\r\nX-Content-Type-Options: nosniff\r\nVia: ens-cache58.l2cn7857[161,160,200-0,M], ens-cache3.l2cn7857[163,0], kunlun1.cn7174[194,194,200-0,M], kunlun8.cn7174[195,0]\r\nAli-Swift-Global-Savetime: 1774234075\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 23 Mar 2026 02:47:55 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921c17742340753333846e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":140849,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=381, bps=158, PhotometricInterpretation=RGB, orientation=upper-left, width=642], progressive, precision 8, 642x381, components 3","md5":"e167f407187ab98774b9496f01d8d2be","sha1":"b490c39c97d967bc00e8807471b175fb1bc977be","sha256":"f135968f2488adb56be8da19c9b9d1ed680e328fe2aa3629a3eba90f862e1fc8","sha512":"8684eb801a9d882931c712a67f95d825c2070cda00d20eb37bb9c2a44bb7bc337fded5b9b39512b670b2e5d55dd8016d0b23f4895000e68ecdc8fdd5986d5680","ssdeep":"3072:CxrFs3LPc/AY/SSPxaJkcTeQB3N6eZt91mav6+DntVN2oWjAvI:mFqDqAY5aX5Bd6eZ1m26+DMzR","tlshash":"3dd3023fb928ef43ecc15c31a1cfe70585671a4951a3a567348f966b3f63e22481c987","first_seen":"2026-03-23T02:48:48.077826Z","last_seen":"2026-03-23T02:48:48.077826Z","times_seen":1,"resource_available":false,"data":null}},"time_used":3198,"timings":{"blocked":0,"dns":1994,"connect":239,"send":0,"wait":441,"receive":523,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-23T02:47:55Z","timestamp":1774234075,"ip_dst":{"addr":"172.18.0.16","port":37516,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-23T02:47:55.666474+0000\",\"flow_id\":841232324102799,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.43\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":37516,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.njkmd.cn\",\"url\":\"/skins/197801/images/about.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.524w.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":6422},\"files\":[{\"filename\":\"/skins/197801/images/about.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":6422,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":8,\"bytes_toserver\":831,\"bytes_toclient\":9204,\"start\":\"2026-03-23T02:47:54.985743+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.njkmd.cn/skins/197801/images/foot_logo.png","fqdn":"www.njkmd.cn","domain":"njkmd.cn","tld":"cn"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:53.140Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/images/foot_logo.png HTTP/1.1\r\nHost: www.njkmd.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.524w.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.524w.com/skins/197801/images/ys_ico4.png","fqdn":"www.524w.com","domain":"524w.com","tld":"com"},"ip":{"addr":"104.140.173.178","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:53.614Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/images/ys_ico4.png HTTP/1.1\r\nHost: www.524w.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.524w.com/skins/197801/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 23 Mar 2026 02:47:53 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.njkmd.cn/skins/197801/images/ys_ico4.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2224,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":330,"timings":{"blocked":150,"dns":0,"connect":0,"send":0,"wait":180,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"test.xinxiyidiantong.com:2096/images/5_1.jpg","fqdn":"test.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":2096,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:57.628Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"test.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 18 Mar 2026 02:32:06 GMT","end":"Tue, 16 Jun 2026 02:32:05 GMT"},"fingerprint":{"sha1":"F2:3E:4A:2C:AE:0F:1A:DC:04:1B:0A:91:04:E5:C8:80:09:CC:AD:F9","sha256":"C8:04:B0:6D:F6:48:F8:59:49:78:07:B9:83:C7:73:52:35:C4:D4:82:9E:3E:61:44:90:D3:1F:8A:03:C5:BD:87"}}},"request":{"raw":"GET /images/5_1.jpg HTTP/1.1\r\nHost: test.xinxiyidiantong.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://test.xinxiyidiantong.com:2096/images/style1.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 23 Mar 2026 02:47:58 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 9132\r\nLast-Modified: Fri, 22 Oct 2021 07:29:28 GMT\r\nConnection: keep-alive\r\nETag: \"61726858-23ac\"\r\nExpires: Wed, 22 Apr 2026 02:47:58 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9132,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 350x80, components 3","md5":"a0175d738a1002bc3533d496bfd4cc8d","sha1":"82a4b1d855e51c2f3be325f5f3368cc254934479","sha256":"908a0f4cf34ca2dd0e638ef1bf08f637a29757610ae1b65628ab8cbb22345a5e","sha512":"c115e96a214f15a90c0f66db5b514431ff4577a4f80ea1ae01afae1cc49b65dc37c0fa5d34e10ec477d9a21c78d38b9405eef4cd04a01475bd2365542366954f","ssdeep":"192:/+kSJEbg/KDV2kjb3q3/damug8BGUJYx3fxGD:2GgmVpjb3qvda1gRyYXK","tlshash":"2e125b29b2013becef6fed5311f2d772e73580b2b0b9d6061cbd45530d691906005bd9","first_seen":"2023-05-06T09:29:06Z","last_seen":"2026-04-04T22:45:47.071897Z","times_seen":1334,"resource_available":false,"data":null}},"time_used":1439,"timings":{"blocked":1144,"dns":0,"connect":0,"send":0,"wait":294,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"test.xinxiyidiantong.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.njkmd.cn/skins/197801/images/f_addr.png","fqdn":"www.njkmd.cn","domain":"njkmd.cn","tld":"cn"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:53.158Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/images/f_addr.png HTTP/1.1\r\nHost: www.njkmd.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.524w.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.njkmd.cn/skins/197801/images/foot_tel.png","fqdn":"www.njkmd.cn","domain":"njkmd.cn","tld":"cn"},"ip":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:54.126Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/images/foot_tel.png HTTP/1.1\r\nHost: www.njkmd.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.524w.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 2735\r\nConnection: keep-alive\r\nDate: Mon, 23 Mar 2026 02:47:58 GMT\r\nLast-Modified: Mon, 28 Aug 2023 01:43:32 GMT\r\nAccept-Ranges: bytes\r\nETag: \"03a21d51d9d91:0\"\r\nX-Powered-By: AN-115.4.171\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nContent-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;\r\nX-Content-Type-Options: nosniff\r\nVia: cache4.l2cn1813[96,96,200-0,M], cache46.l2cn1813[97,0], kunlun10.cn7174[121,120,200-0,M], kunlun10.cn7174[122,0]\r\nAli-Swift-Global-Savetime: 1774234078\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 23 Mar 2026 02:47:58 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921e17742340779443597e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":2735,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 58 x 58, 8-bit/color RGBA, non-interlaced","md5":"05e9e9f5e5672cbfb9d2329e732d2ab8","sha1":"2eaf755d97e00a975fd8144619b258415e144312","sha256":"b3e64a7fcf5d8e3ad80a2fa40388b169c9382e4567880c8581c5885114f06419","sha512":"6b79dcf07ee4c29771f3f63c1d4ba5cc01fe3475b12b5e0588cb9f20e36faebc2f74a07b04fcc637cfdb8e212a82ac6ae4a6a881e7790b385f4130bfc8976b76","ssdeep":"","tlshash":"8a514c01f581ecc0b64ffc8d98ca76b2655814106e45d4d2fedbc1222af19b6ac4d0ef","first_seen":"2024-08-19T14:43:35.334409Z","last_seen":"2026-03-29T12:28:02.668029Z","times_seen":17,"resource_available":false,"data":null}},"time_used":4109,"timings":{"blocked":3702,"dns":0,"connect":0,"send":0,"wait":404,"receive":3,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-23T02:47:58Z","timestamp":1774234078,"ip_dst":{"addr":"172.18.0.16","port":37508,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-23T02:47:58.234371+0000\",\"flow_id\":767556455107158,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.43\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":37508,\"proto\":\"TCP\",\"tx_id\":4,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.njkmd.cn\",\"url\":\"/skins/197801/images/foot_tel.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.524w.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2054},\"files\":[{\"filename\":\"/skins/197801/images/foot_tel.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":2054,\"tx_id\":4}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":47,\"pkts_toclient\":64,\"bytes_toserver\":4458,\"bytes_toclient\":81531,\"start\":\"2026-03-23T02:47:54.985686+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img45.jc35.com/3/20240812/638590582156768306775.jpg","fqdn":"img45.jc35.com","domain":"jc35.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:55.722Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jc35.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Wed, 25 Jun 2025 08:11:29 GMT","end":"Sat, 25 Jul 2026 08:11:28 GMT"},"fingerprint":{"sha1":"E7:37:04:43:A2:E4:53:34:6D:7F:2A:85:02:03:1E:D4:F7:EB:5A:84","sha256":"09:5D:69:3A:0E:D2:EF:07:16:50:3D:68:BF:B5:D2:D1:96:6E:07:DD:CA:F9:AE:6B:64:F4:4B:4F:17:8E:63:33"}}},"request":{"raw":"GET /3/20240812/638590582156768306775.jpg HTTP/1.1\r\nHost: img45.jc35.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://www.524w.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":505,"timings":{"blocked":0,"dns":0,"connect":249,"send":0,"wait":0,"receive":0,"ssl":256},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.524w.com/skins/197801/images/f_addr.png","fqdn":"www.524w.com","domain":"524w.com","tld":"com"},"ip":{"addr":"104.140.173.178","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:51.754Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/images/f_addr.png HTTP/1.1\r\nHost: www.524w.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.524w.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 23 Mar 2026 02:47:53 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.njkmd.cn/skins/197801/images/f_addr.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1397,"timings":{"blocked":1202,"dns":0,"connect":0,"send":0,"wait":195,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"test.xinxiyidiantong.com:2096/images/10_1.jpg","fqdn":"test.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":2096,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:57.632Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"test.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 18 Mar 2026 02:32:06 GMT","end":"Tue, 16 Jun 2026 02:32:05 GMT"},"fingerprint":{"sha1":"F2:3E:4A:2C:AE:0F:1A:DC:04:1B:0A:91:04:E5:C8:80:09:CC:AD:F9","sha256":"C8:04:B0:6D:F6:48:F8:59:49:78:07:B9:83:C7:73:52:35:C4:D4:82:9E:3E:61:44:90:D3:1F:8A:03:C5:BD:87"}}},"request":{"raw":"GET /images/10_1.jpg HTTP/1.1\r\nHost: test.xinxiyidiantong.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://test.xinxiyidiantong.com:2096/images/style1.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 23 Mar 2026 02:47:58 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 13615\r\nLast-Modified: Fri, 22 Oct 2021 07:28:54 GMT\r\nConnection: keep-alive\r\nETag: \"61726836-352f\"\r\nExpires: Wed, 22 Apr 2026 02:47:58 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":13615,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 350x80, components 3","md5":"f860a0ae2877d285a9b6f43db503fb56","sha1":"87decfe2d27573e7644708d1576fa2946316a747","sha256":"d481b75f9bef9a376d5a1fc9a4e320826d6dcfe0d766a83f769db6f32df66009","sha512":"9397bdf16ea70be5bd66e8c0b87cfa9e980f64bf0fd91329466b70d94a730a783b389f709960f97ff138a6cc5f8634090c7c5b280b4975c4b46acbe814759442","ssdeep":"384:b9SWr9C1xUnpYviGg2iEwls3WfltfrXAWi9/sJcRldO:kWr9mxTPils3WfltGswjO","tlshash":"f352aea03afd98feda690bd060881171cb3f019c5e0c472183957169f7a9a6bd46f12f","first_seen":"2023-11-07T02:53:14Z","last_seen":"2026-04-04T19:54:36.523709Z","times_seen":1096,"resource_available":false,"data":null}},"time_used":1484,"timings":{"blocked":1181,"dns":0,"connect":0,"send":0,"wait":302,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"test.xinxiyidiantong.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.524w.com/skins/197801/images/title_ico.png","fqdn":"www.524w.com","domain":"524w.com","tld":"com"},"ip":{"addr":"104.140.173.178","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:53.595Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/images/title_ico.png HTTP/1.1\r\nHost: www.524w.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.524w.com/skins/197801/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 23 Mar 2026 02:47:53 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.njkmd.cn/skins/197801/images/title_ico.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2193,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":175,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":175,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.524w.com/skins/197801/images/ys_bg.png","fqdn":"www.524w.com","domain":"524w.com","tld":"com"},"ip":{"addr":"104.140.173.178","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:53.608Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/images/ys_bg.png HTTP/1.1\r\nHost: www.524w.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.524w.com/skins/197801/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 23 Mar 2026 02:47:53 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.njkmd.cn/skins/197801/images/ys_bg.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":237490,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":319,"timings":{"blocked":124,"dns":0,"connect":0,"send":0,"wait":195,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.njkmd.cn/skins/197801/images/ys_ico3.png","fqdn":"www.njkmd.cn","domain":"njkmd.cn","tld":"cn"},"ip":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:53.949Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/images/ys_ico3.png HTTP/1.1\r\nHost: www.njkmd.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.524w.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 2085\r\nConnection: keep-alive\r\nDate: Mon, 23 Mar 2026 02:47:57 GMT\r\nLast-Modified: Mon, 28 Aug 2023 01:43:40 GMT\r\nAccept-Ranges: bytes\r\nETag: \"0eee51151d9d91:0\"\r\nX-Powered-By: AN-115.4.171\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nContent-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;\r\nX-Content-Type-Options: nosniff\r\nVia: cache31.l2cn1800[78,78,200-0,M], cache47.l2cn1800[79,0], kunlun6.cn7174[99,99,200-0,M], kunlun3.cn7174[101,0]\r\nAli-Swift-Global-Savetime: 1774234077\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 23 Mar 2026 02:47:57 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921717742340776296460e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":2085,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 47 x 59, 8-bit/color RGBA, non-interlaced","md5":"2e64445cf559826d459f31359961fdea","sha1":"1c341ed969737ef505b7f2366fb0e7340c6b140e","sha256":"55a7bc9f5adc13818499ab37abdf1deb81d886ad0ef6af0e110792fda27dc5cb","sha512":"8aa993f8cb1cc95bdb9f34e7b19e046434bc51d360713c77c7078493c7c2e5e84d21e39c3754c1c0632abef17f9b67f43da9642efcf978e71f4067fbf347518a","ssdeep":"","tlshash":"9f41da097750ac80c06f669478fff02b1dd20880d55df55d74cad85bac710e68219aeb","first_seen":"2024-08-19T14:43:35.324765Z","last_seen":"2026-03-29T12:28:02.672128Z","times_seen":17,"resource_available":false,"data":null}},"time_used":3931,"timings":{"blocked":3558,"dns":0,"connect":0,"send":0,"wait":373,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-23T02:48:08Z","timestamp":1774234088,"ip_dst":{"addr":"172.18.0.16","port":37494,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-23T02:48:08.366791+0000\",\"flow_id\":1615816791034410,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.43\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":37494,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.njkmd.cn\",\"url\":\"/skins/197801/images/ys_ico3.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.524w.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2085},\"files\":[{\"filename\":\"/skins/197801/images/ys_ico3.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2085,\"tx_id\":3}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":107,\"pkts_toclient\":181,\"bytes_toserver\":7425,\"bytes_toclient\":255984,\"start\":\"2026-03-23T02:47:54.985642+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img63.jc35.com/gxhpic_dd6cece70c/1ef287ee8bdc4a02dac41c293161314546afe924ff3311aff2ed30f494a60dc4e035da551199d31c_280_280_5.jpg","fqdn":"img63.jc35.com","domain":"jc35.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:55.752Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /gxhpic_dd6cece70c/1ef287ee8bdc4a02dac41c293161314546afe924ff3311aff2ed30f494a60dc4e035da551199d31c_280_280_5.jpg HTTP/1.1\r\nHost: img63.jc35.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://www.524w.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":0,"dns":1,"connect":221,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"test.xinxiyidiantong.com:2096/images/16_1.jpg","fqdn":"test.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":2096,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:57.633Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"test.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 18 Mar 2026 02:32:06 GMT","end":"Tue, 16 Jun 2026 02:32:05 GMT"},"fingerprint":{"sha1":"F2:3E:4A:2C:AE:0F:1A:DC:04:1B:0A:91:04:E5:C8:80:09:CC:AD:F9","sha256":"C8:04:B0:6D:F6:48:F8:59:49:78:07:B9:83:C7:73:52:35:C4:D4:82:9E:3E:61:44:90:D3:1F:8A:03:C5:BD:87"}}},"request":{"raw":"GET /images/16_1.jpg HTTP/1.1\r\nHost: test.xinxiyidiantong.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://test.xinxiyidiantong.com:2096/images/style1.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 23 Mar 2026 02:47:59 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 4609\r\nLast-Modified: Fri, 22 Oct 2021 07:29:18 GMT\r\nConnection: keep-alive\r\nETag: \"6172684e-1201\"\r\nExpires: Wed, 22 Apr 2026 02:47:59 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4609,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 350x80, components 3","md5":"9b8a076df6df066e57531343676ea35c","sha1":"53f0c7e4a1b4630bfa87aca5436b36f2927d5211","sha256":"b381d55bfba5cf3da14ab3c4863daacfa7ac1860249f902e717b6f647b76958b","sha512":"ce2610e2925ac18b39c57c653b3b30d90000ecaf5a511159a9173eff2806823504ffd15528c11f85affd7d56d0751f9af8da393cd328ecd77a25fbcc8cff5f17","ssdeep":"96:dEaw+Bosm7CwvVJqRzr8R6i5Od6H7h+QTHu2mu+kaL4XL6HY:dEJ++sqvalS/5OdQ7h7OTu+Rm0Y","tlshash":"2c918d113bfa9493b63a7fbb77c950096698681628f9f7d02055a4fa25f47c28e040ae","first_seen":"2023-09-10T21:55:35Z","last_seen":"2026-04-04T10:06:50.572Z","times_seen":116,"resource_available":false,"data":null}},"time_used":1735,"timings":{"blocked":1444,"dns":0,"connect":0,"send":0,"wait":291,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"test.xinxiyidiantong.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"img50.jc35.com/3/20240625/638549126376175279931.jpg","fqdn":"img50.jc35.com","domain":"jc35.com","tld":"com"},"ip":{"addr":"36.99.7.58","port":80,"asn":139018,"as":"Henan Luoyang IDC","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:51.752Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /3/20240625/638549126376175279931.jpg HTTP/1.1\r\nHost: img50.jc35.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.524w.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nServer: openresty\r\nDate: Mon, 23 Mar 2026 02:47:55 GMT\r\nContent-Type: text/html\r\nContent-Length: 166\r\nConnection: keep-alive\r\nLocation: https://img50.jc35.com/3/20240625/638549126376175279931.jpg\r\nX-CCDN-REQ-ID-46B1: 0d89a71c6983fdba1fc225731a462af1\r\nvia: CHN-HAluoyang-CT3-CACHE20[8]\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":4144,"timings":{"blocked":999,"dns":2564,"connect":288,"send":0,"wait":293,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"test.xinxiyidiantong.com:2096/images/26_1.jpg","fqdn":"test.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":2096,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:57.621Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"test.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 18 Mar 2026 02:32:06 GMT","end":"Tue, 16 Jun 2026 02:32:05 GMT"},"fingerprint":{"sha1":"F2:3E:4A:2C:AE:0F:1A:DC:04:1B:0A:91:04:E5:C8:80:09:CC:AD:F9","sha256":"C8:04:B0:6D:F6:48:F8:59:49:78:07:B9:83:C7:73:52:35:C4:D4:82:9E:3E:61:44:90:D3:1F:8A:03:C5:BD:87"}}},"request":{"raw":"GET /images/26_1.jpg HTTP/1.1\r\nHost: test.xinxiyidiantong.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://test.xinxiyidiantong.com:2096/images/style1.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 23 Mar 2026 02:47:58 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 22936\r\nLast-Modified: Thu, 29 Sep 2022 10:16:32 GMT\r\nConnection: keep-alive\r\nETag: \"63357080-5998\"\r\nExpires: Wed, 22 Apr 2026 02:47:58 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":22936,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 350x80, components 3","md5":"ce42bf92c86c558c9b16045328f51abe","sha1":"8775d77ae4bfcb40285876e6e99c9fd238df4976","sha256":"627bdc513407920656341f0c334ef6eda80604e98f0f1b706960b76e25946095","sha512":"5dae7dfb4049db9988cae7ac255673eb754b5a5dbcd4a4c232bdde49b1cc6b6199f573379f5fa3a949e873b632c611185e6b1ae8b4b2d473700e34ede43f8c1c","ssdeep":"384:096JUHVMtZg3jGr23KkaFRLg4vjSu8jQShAr6HYEFaJip92nXpuwyD71NCLK2ihG:E6JU1MDgCDNFaMjvkmgkO92n5uwyD71E","tlshash":"77a2d0e7e64141ced83b7375be805f08f60f1726f2557edfd8a26677e2928d50444228","first_seen":"2023-05-07T19:08:48Z","last_seen":"2026-04-04T22:45:47.070459Z","times_seen":1351,"resource_available":false,"data":null}},"time_used":1820,"timings":{"blocked":-1,"dns":1,"connect":300,"send":0,"wait":605,"receive":301,"ssl":613},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"test.xinxiyidiantong.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.njkmd.cn/skins/197801/images/f_email.png","fqdn":"www.njkmd.cn","domain":"njkmd.cn","tld":"cn"},"ip":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:52.937Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/images/f_email.png HTTP/1.1\r\nHost: www.njkmd.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.524w.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 1442\r\nConnection: keep-alive\r\nDate: Mon, 23 Mar 2026 02:47:55 GMT\r\nLast-Modified: Mon, 28 Aug 2023 01:43:32 GMT\r\nAccept-Ranges: bytes\r\nETag: \"03a21d51d9d91:0\"\r\nX-Powered-By: AN-115.4.172\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nContent-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;\r\nX-Content-Type-Options: nosniff\r\nVia: cache44.l2cn1813[28,27,200-0,M], cache48.l2cn1813[37,0], kunlun8.cn7174[68,67,200-0,M], kunlun8.cn7174[73,0]\r\nAli-Swift-Global-Savetime: 1774234075\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 23 Mar 2026 02:47:55 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921c17742340753814037e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":1442,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 17 x 13, 8-bit/color RGBA, non-interlaced","md5":"973ba01018abd74c8705539461d35537","sha1":"10f34d3f5f8766cf6701c586a0a2d75674f98cd5","sha256":"c51620f8c7b025f91e30a6777d7748ae9a3f21a6b84e1a24a187dfafa5cf3b21","sha512":"162c6b35416e39e503a0d2b4970ee17d6c9336e2de2ac06a0a00a0ca19b85b58dab3e4daba2a98029ec644e0a1f7bb257857c78a4982fafe0e4f50684b050e56","ssdeep":"","tlshash":"5f219444f9802d60a78cf0922cf9a427c96319c4a991f1b6f8cbcd0958222b9402dec7","first_seen":"2024-08-19T14:05:25.238361Z","last_seen":"2026-03-23T02:48:48.084054Z","times_seen":18,"resource_available":false,"data":null}},"time_used":2665,"timings":{"blocked":0,"dns":2049,"connect":267,"send":0,"wait":349,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-23T02:47:56Z","timestamp":1774234076,"ip_dst":{"addr":"172.18.0.16","port":37468,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-23T02:47:56.614879+0000\",\"flow_id\":2244020182583670,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.43\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":37468,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.njkmd.cn\",\"url\":\"/skins/197801/images/f_email.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.524w.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1442},\"files\":[{\"filename\":\"/skins/197801/images/f_email.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":1442,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":6,\"bytes_toserver\":1561,\"bytes_toclient\":2652,\"start\":\"2026-03-23T02:47:54.985462+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.njkmd.cn/skins/197801/images/banner01.jpg","fqdn":"www.njkmd.cn","domain":"njkmd.cn","tld":"cn"},"ip":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:53.753Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/images/banner01.jpg HTTP/1.1\r\nHost: www.njkmd.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.524w.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/jpeg\r\nContent-Length: 227403\r\nConnection: keep-alive\r\nDate: Mon, 23 Mar 2026 02:47:56 GMT\r\nLast-Modified: Mon, 28 Aug 2023 01:43:24 GMT\r\nAccept-Ranges: bytes\r\nETag: \"0865c851d9d91:0\"\r\nX-Powered-By: AN-115.4.175\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nContent-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;\r\nX-Content-Type-Options: nosniff\r\nVia: ens-cache2.l2cn9014[64,63,200-0,M], ens-cache50.l2cn9014[65,0], kunlun3.cn7174[79,78,200-0,M], kunlun9.cn7174[81,0]\r\nAli-Swift-Global-Savetime: 1774234076\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 23 Mar 2026 02:47:56 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921d17742340759955356e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":227403,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=600, bps=158, PhotometricInterpretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x600, components 3","md5":"6a1289c8049b4fa22ad722ddfe9c7af7","sha1":"f107bf2ee396ccf5502bcc7543584e8089f502f1","sha256":"1707984d12b3fbc8d387df64762e193c25270577fab4da1a934ad90c23108aee","sha512":"955f64317d0c053fc859986005ae84fb0c8de195ea7255eb7c8d7d54f8ab26e0d3bc027414f830fe1b3cea5375be7d0338a162bb1c01f876782a4a79f3e480b8","ssdeep":"6144:tVxc+YLy6OPMV/aZbnR8qiJ7t1S/8ILcmcy:tqNV/oCqiBt1oPQmt","tlshash":"232412a25709ce31daed3b3f6d63a3e55370b28236e72b057a0c5d40bf726927927121","first_seen":"2026-03-23T02:48:48.085235Z","last_seen":"2026-03-23T02:48:48.085235Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2848,"timings":{"blocked":2125,"dns":0,"connect":0,"send":0,"wait":349,"receive":374,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-23T02:47:56Z","timestamp":1774234076,"ip_dst":{"addr":"172.18.0.16","port":37484,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-23T02:47:56.230432+0000\",\"flow_id\":2147915994368462,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.43\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":37484,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.njkmd.cn\",\"url\":\"/skins/197801/images/banner01.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.524w.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2048},\"files\":[{\"filename\":\"/skins/197801/images/banner01.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":2048,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":38,\"pkts_toclient\":59,\"bytes_toserver\":2810,\"bytes_toclient\":82571,\"start\":\"2026-03-23T02:47:54.985550+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.njkmd.cn/skins/197801/images/ys_bg.png","fqdn":"www.njkmd.cn","domain":"njkmd.cn","tld":"cn"},"ip":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:53.938Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/images/ys_bg.png HTTP/1.1\r\nHost: www.njkmd.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.524w.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 237490\r\nConnection: keep-alive\r\nDate: Mon, 23 Mar 2026 02:47:56 GMT\r\nLast-Modified: Mon, 28 Aug 2023 01:43:38 GMT\r\nAccept-Ranges: bytes\r\nETag: \"0c1b41051d9d91:0\"\r\nX-Powered-By: AN-115.4.176\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nContent-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;\r\nX-Content-Type-Options: nosniff\r\nVia: cache23.l2cn3129[36,36,200-0,M], cache53.l2cn3129[38,0], kunlun8.cn7174[55,55,200-0,M], kunlun3.cn7174[57,0]\r\nAli-Swift-Global-Savetime: 1774234076\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 23 Mar 2026 02:47:56 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921717742340761898474e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":237490,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1920 x 577, 8-bit/color RGB, non-interlaced","md5":"6dd4f5cb586e860760003eb3f114f19c","sha1":"f2f2f1e776f18de92def143f7bb1cebb002a65f7","sha256":"5c9a284a3bb5231ea9ac4451f4a52d48f183daaa1edd27b703020d44b039be70","sha512":"ab9ee3e5df63348d99ed251f9ebdb8b0cddd2cae3ae3029509c72c63e3ce24ebe5262f06e4c2bee58a69c5d57005e35d36cbc57da9472e498f7d2a881db11e08","ssdeep":"6144:dAfG1UiJ2T0ceGomLbvsbeve9zwo00KyANDFdR/42V:GfGdJw0rGo6slFXKy2DFdV4S","tlshash":"de34f042bc91e925641cb589d9fde508c7f32ec24d31a12e8fe1ca120d52eec8dd99db","first_seen":"2024-08-19T14:43:35.335896Z","last_seen":"2026-03-23T02:48:48.086386Z","times_seen":5,"resource_available":false,"data":null}},"time_used":3132,"timings":{"blocked":2128,"dns":0,"connect":0,"send":0,"wait":333,"receive":671,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-23T02:47:56Z","timestamp":1774234076,"ip_dst":{"addr":"172.18.0.16","port":37494,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-23T02:47:56.398061+0000\",\"flow_id\":1615816791034410,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.43\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":37494,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.njkmd.cn\",\"url\":\"/skins/197801/images/ys_bg.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.524w.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1602},\"files\":[{\"filename\":\"/skins/197801/images/ys_bg.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":1602,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":12,\"pkts_toclient\":13,\"bytes_toserver\":1794,\"bytes_toclient\":9535,\"start\":\"2026-03-23T02:47:54.985642+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"img63.jc35.com/gxhpic_dd6cece70c/1ef287ee8bdc4a02dac41c293161314546afe924ff3311aff2ed30f494a60dc4e035da551199d31c_280_280_5.jpg","fqdn":"img63.jc35.com","domain":"jc35.com","tld":"com"},"ip":{"addr":"117.187.133.33","port":80,"asn":138407,"as":"The Internet Data Center of Guizhou Mobile Communication Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:51.738Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /gxhpic_dd6cece70c/1ef287ee8bdc4a02dac41c293161314546afe924ff3311aff2ed30f494a60dc4e035da551199d31c_280_280_5.jpg HTTP/1.1\r\nHost: img63.jc35.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.524w.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nServer: openresty\r\nDate: Mon, 23 Mar 2026 02:47:55 GMT\r\nContent-Type: text/html\r\nContent-Length: 166\r\nConnection: keep-alive\r\nLocation: https://img63.jc35.com/gxhpic_dd6cece70c/1ef287ee8bdc4a02dac41c293161314546afe924ff3311aff2ed30f494a60dc4e035da551199d31c_280_280_5.jpg\r\nX-CCDN-REQ-ID-46B1: 0f2b49d6186be7705dca49e233ad5c2c\r\nvia: CHN-GZguiyang-CMCC7-CACHE4[3]\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":4008,"timings":{"blocked":1013,"dns":2563,"connect":214,"send":0,"wait":218,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.524w.com/skins/197801/images/more.png","fqdn":"www.524w.com","domain":"524w.com","tld":"com"},"ip":{"addr":"104.140.173.178","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:51.750Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/images/more.png HTTP/1.1\r\nHost: www.524w.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.524w.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 23 Mar 2026 02:47:52 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.njkmd.cn/skins/197801/images/more.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1137,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1206,"timings":{"blocked":1002,"dns":0,"connect":0,"send":0,"wait":204,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.524w.com/skins/197801/images/ys_ico2.png","fqdn":"www.524w.com","domain":"524w.com","tld":"com"},"ip":{"addr":"104.140.173.178","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:53.612Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/images/ys_ico2.png HTTP/1.1\r\nHost: www.524w.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.524w.com/skins/197801/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 23 Mar 2026 02:47:53 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.njkmd.cn/skins/197801/images/ys_ico2.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":1820,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":328,"timings":{"blocked":134,"dns":0,"connect":0,"send":0,"wait":194,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.njkmd.cn/skins/197801/images/title_ico.png","fqdn":"www.njkmd.cn","domain":"njkmd.cn","tld":"cn"},"ip":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:53.769Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/images/title_ico.png HTTP/1.1\r\nHost: www.njkmd.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.524w.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 2193\r\nConnection: keep-alive\r\nDate: Mon, 23 Mar 2026 02:47:56 GMT\r\nLast-Modified: Mon, 28 Aug 2023 01:43:38 GMT\r\nAccept-Ranges: bytes\r\nETag: \"0c1b41051d9d91:0\"\r\nX-Powered-By: AN-115.4.171\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nContent-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;\r\nX-Content-Type-Options: nosniff\r\nVia: ens-cache65.l2cn9026[56,55,200-0,M], ens-cache10.l2cn9026[57,0], kunlun6.cn7174[67,67,200-0,M], kunlun10.cn7174[69,0]\r\nAli-Swift-Global-Savetime: 1774234076\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 23 Mar 2026 02:47:56 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921e17742340760292947e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":2193,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 131 x 22, 8-bit/color RGBA, non-interlaced","md5":"a6f1837cea512cfed1ff4e93219730c6","sha1":"2ba967275e51610c528138c4840801979274418b","sha256":"0e0f767181a546479aec5901034c189ad9b06de1ee03ad46d38537623d45f165","sha512":"d08f8f06230245edb7cf1bfc7ab1ed937b761000f95eb5764b83215aa556311db0c70e8acec05a426107442004860e49e72b649de49831b7dda975e2e734ee8b","ssdeep":"","tlshash":"df412b55dac21d403085e8ca10ef68276c130f4255d8dd0f97cb8c2708f91f8692815b","first_seen":"2024-08-19T14:43:35.314308Z","last_seen":"2026-03-29T12:28:02.672938Z","times_seen":17,"resource_available":false,"data":null}},"time_used":2497,"timings":{"blocked":2143,"dns":0,"connect":0,"send":0,"wait":351,"receive":3,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-23T02:47:56Z","timestamp":1774234076,"ip_dst":{"addr":"172.18.0.16","port":37508,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-23T02:47:56.266046+0000\",\"flow_id\":767556455107158,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.43\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":37508,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.njkmd.cn\",\"url\":\"/skins/197801/images/title_ico.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.524w.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2048},\"files\":[{\"filename\":\"/skins/197801/images/title_ico.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":2048,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":37,\"pkts_toclient\":49,\"bytes_toserver\":2790,\"bytes_toclient\":65174,\"start\":\"2026-03-23T02:47:54.985686+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.njkmd.cn/skins/197801/images/ys_ico1.png","fqdn":"www.njkmd.cn","domain":"njkmd.cn","tld":"cn"},"ip":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:53.939Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/images/ys_ico1.png HTTP/1.1\r\nHost: www.njkmd.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.524w.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 2487\r\nConnection: keep-alive\r\nDate: Mon, 23 Mar 2026 02:47:56 GMT\r\nLast-Modified: Mon, 28 Aug 2023 01:43:40 GMT\r\nAccept-Ranges: bytes\r\nETag: \"0eee51151d9d91:0\"\r\nX-Powered-By: AN-115.4.173\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nContent-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;\r\nX-Content-Type-Options: nosniff\r\nVia: cache28.l2cn8014[85,84,200-0,M], cache22.l2cn8014[86,0], kunlun3.cn7174[152,151,200-0,M], kunlun8.cn7174[153,0]\r\nAli-Swift-Global-Savetime: 1774234076\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 23 Mar 2026 02:47:56 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921c17742340762967855e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":2487,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 62 x 60, 8-bit/color RGBA, non-interlaced","md5":"a5fcce10ec51b316ee3839aa90ed1ff7","sha1":"f0d237f053f706162c2de1f698cccc0a6d15fe6a","sha256":"305d691c877fd95a1a6350cfcc491b18aa59ec84e321497dfc2d412e46dea30c","sha512":"129b3d4cb703ad317f991e96ff408fa7a633fb7b72f7c39116551e4201da88324ae3313568d3c52e632e514d69d1bb34a21727e9465ed4607c76c72c4acb4bbb","ssdeep":"","tlshash":"c2510c1d9bc11891676ce4c10ce3e0169d274d808bc8f5d834cfec21d9b1aa6487d6df","first_seen":"2024-08-19T14:43:35.326553Z","last_seen":"2026-03-29T12:28:02.653921Z","times_seen":17,"resource_available":false,"data":null}},"time_used":2647,"timings":{"blocked":2251,"dns":0,"connect":0,"send":0,"wait":394,"receive":2,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-23T02:47:56Z","timestamp":1774234076,"ip_dst":{"addr":"172.18.0.16","port":37516,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.43","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-23T02:47:56.585988+0000\",\"flow_id\":841232324102799,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.43\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":37516,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.njkmd.cn\",\"url\":\"/skins/197801/images/ys_ico1.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.524w.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1951},\"files\":[{\"filename\":\"/skins/197801/images/ys_ico1.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":1951,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":90,\"pkts_toclient\":107,\"bytes_toserver\":5628,\"bytes_toclient\":150870,\"start\":\"2026-03-23T02:47:54.985743+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.524w.com/","fqdn":"www.524w.com","domain":"524w.com","tld":"com"},"ip":{"addr":"104.140.173.178","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-23T02:47:51.226Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: www.524w.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 23 Mar 2026 02:47:51 GMT\r\nContent-Type: text/html;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"jQuery:3.6.0","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Swiper","description":"Swiper is a JavaScript library that creates modern touch sliders with hardware-accelerated transitions.","website":"https://swiperjs.com","common_platform_enumeration":"","icon":"Swiper.svg","categories":["JavaScript libraries"]}],"data":{"size":24019,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (547)","md5":"aab2112fc7d710d434d01ae8d17ce70f","sha1":"472310e2d03e33dd5a23e899ee504cad5331c358","sha256":"65870b970722a1105aec10641125bd7bb3860f96cb4ad14ec644d6a65bf41029","sha512":"0952e3770852f7423a61792b468e78ad1d9e736b150c1870b1c38f728fae2640fe9d895577810ed32cae42f243dd7289beaaf474693a930350bdcc6c3a9292f0","ssdeep":"384:UrEw6kQ9xQL+CrGQibrvFYZQl11bUlYsgTgUv+xBHtnv3mp1meZBD8BmWQpKQTLj:6E1Q/kFYOapxBHtmnUkwafqtFgvd","tlshash":"cdb20a278091a63712b702f5b6b1574b74c19abbec232a42b2ec67cf5fc0fda4e91145","first_seen":"2026-03-23T02:48:48.089579Z","last_seen":"2026-03-23T02:48:48.089579Z","times_seen":1,"resource_available":true,"data":null}},"time_used":473,"timings":{"blocked":147,"dns":1,"connect":145,"send":0,"wait":179,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.524w.com/skins/197801/css/swiper.min.css","fqdn":"www.524w.com","domain":"524w.com","tld":"com"},"ip":{"addr":"104.140.173.178","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:51.709Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/css/swiper.min.css HTTP/1.1\r\nHost: www.524w.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.524w.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 23 Mar 2026 02:47:51 GMT\r\nContent-Type: text/css;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":17483,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (17459)","md5":"38e4982a90c5d5bdbdeffe240a2bfc19","sha1":"a03a3d806f0a0d77278dbd3cab61a8d1765c5878","sha256":"513d915b018f385bcca60beb2c167297dfb701bac48ef65274b3eb58460b4b67","sha512":"9696c4d5c02839aa27e1ab9512df2c01eea678655226c40c121ecf2844968461636bb49218b1c009c63106a7b6d1ee4cd3b4d25f38a8dfc31db418247519f013","ssdeep":"192:b+0GpaNCO8jrfg5WHmXgyXyzSHF68DJB0SwD:b+52CXfgWHfyXyzSl68Pe","tlshash":"6672822c17002067f6324f1987c9e77c9715c8839e4368ef6650de48cbba5a9227f7a6","first_seen":"2023-05-10T09:17:05Z","last_seen":"2026-04-04T05:59:34.946491Z","times_seen":245,"resource_available":false,"data":null}},"time_used":476,"timings":{"blocked":133,"dns":1,"connect":148,"send":0,"wait":194,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.524w.com/skins/197801/js/swiper.min.js","fqdn":"www.524w.com","domain":"524w.com","tld":"com"},"ip":{"addr":"104.140.173.178","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:51.716Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/js/swiper.min.js HTTP/1.1\r\nHost: www.524w.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.524w.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 23 Mar 2026 02:47:51 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":96140,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (31997)","md5":"1e33bda58358018f5834074fe965a358","sha1":"50b5192a2a0b1986ed45d640a293d20995de6e62","sha256":"417acb52d4205039dae2566bb7992f78edf01883bcfd2dcbf240a47f7a60b5e9","sha512":"748fb3c961900a3f45a702afae24d0e9164bd96896b0f5e11094f2a6e59ff4d1eebbb80794978195ab67dd7a6bd497a6bf8f8f9760add80c3fd1349d6ac62c55","ssdeep":"1536:dyOkN3TklR3ZIFD7+Y7n2L5ydUTq0tSQfCBTZ:QTF73uTqX","tlshash":"6693d66db314f3e295d3214a679ac64122f21706b849dae870b54c4a68bcc5d03bffbd","first_seen":"2024-08-19T14:43:35.303361Z","last_seen":"2026-04-04T22:45:47.058401Z","times_seen":44,"resource_available":true,"data":null}},"time_used":594,"timings":{"blocked":124,"dns":1,"connect":145,"send":0,"wait":178,"receive":146,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.524w.com/skins/197801/images/banner02.jpg","fqdn":"www.524w.com","domain":"524w.com","tld":"com"},"ip":{"addr":"104.140.173.178","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:53.555Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/images/banner02.jpg HTTP/1.1\r\nHost: www.524w.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.524w.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 23 Mar 2026 02:47:53 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.njkmd.cn/skins/197801/images/banner02.jpg\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":383755,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":197,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":197,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.524w.com/skins/197801/images/article_bt.png","fqdn":"www.524w.com","domain":"524w.com","tld":"com"},"ip":{"addr":"104.140.173.178","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:53.618Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/197801/images/article_bt.png HTTP/1.1\r\nHost: www.524w.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.524w.com/skins/197801/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 23 Mar 2026 02:47:54 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.njkmd.cn/skins/197801/images/article_bt.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":1421,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":521,"timings":{"blocked":322,"dns":0,"connect":0,"send":0,"wait":199,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img62.jc35.com/gxhpic_dd6cece70c/3dc9911d17df6b89c58a6000906eaf263bd18fe86c863cf8b7eb1802d978d5f8fe675fc0ed495089_280_280_5.jpg","fqdn":"img62.jc35.com","domain":"jc35.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.524w.com/","date":"2026-03-23T02:47:56.073Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /gxhpic_dd6cece70c/3dc9911d17df6b89c58a6000906eaf263bd18fe86c863cf8b7eb1802d978d5f8fe675fc0ed495089_280_280_5.jpg HTTP/1.1\r\nHost: img62.jc35.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://www.524w.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":0,"dns":1,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.524w.com/","fqdn":"www.524w.com","domain":"524w.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-23T02:47:50.725Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: www.524w.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":341,"timings":{"blocked":341,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}