{"report_id":"37d30856-c11c-4778-8785-c4a3b2913ab3","version":6,"status":"done","tags":[],"date":"2025-10-23T04:43:25Z","url":{"schema":"http","addr":"shalwell.com/","fqdn":"shalwell.com","domain":"shalwell.com","tld":"com"},"ip":{"addr":"101.71.9.146","port":0,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"final":{"url":{"schema":"http","addr":"www.shalwell.com/","fqdn":"www.shalwell.com","domain":"shalwell.com","tld":"com"},"title":"塑料注射器灌装机-预充式-玻璃针管注射器灌装生产线-上海耀舜机械设备有限公司"},"submit":{"url":{"schema":"http","addr":"shalwell.com/","fqdn":"shalwell.com","domain":"shalwell.com","tld":"com"},"ip":{"addr":"101.71.9.146","port":0,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-27T04:43:25Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":40,"urlquery":0,"analyzer":0}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:03Z","timestamp":1761194583,"ip_dst":{"addr":"172.18.0.5","port":51450,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO TLS Handshake Failure","source":"{\"timestamp\":\"2025-10-23T04:43:03.432788+0000\",\"flow_id\":327601622523944,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":443,\"dest_ip\":\"172.18.0.5\",\"dest_port\":51450,\"proto\":\"TCP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2029340,\"rev\":2,\"signature\":\"ET INFO TLS Handshake Failure\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2020_01_30\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2020_01_30\"]}},\"tls\":{\"sni\":\"www.shalwell.com\",\"version\":\"UNDETERMINED\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":3,\"pkts_toclient\":3,\"bytes_toserver\":699,\"bytes_toclient\":181,\"start\":\"2025-10-23T04:43:02.958504+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:04Z","timestamp":1761194584,"ip_dst":{"addr":"172.18.0.5","port":48944,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:04.072992+0000\",\"flow_id\":1054434643131634,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48944,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":5,\"bytes_toserver\":691,\"bytes_toclient\":2812,\"start\":\"2025-10-23T04:43:03.441586+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:04Z","timestamp":1761194584,"ip_dst":{"addr":"172.18.0.5","port":48944,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:04.496566+0000\",\"flow_id\":1054434643131634,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48944,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":13539},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":51855,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":16,\"pkts_toclient\":15,\"bytes_toserver\":1801,\"bytes_toclient\":15433,\"start\":\"2025-10-23T04:43:03.441586+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:04Z","timestamp":1761194584,"ip_dst":{"addr":"172.18.0.5","port":48946,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:04.550163+0000\",\"flow_id\":212840096437179,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48946,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/css/style.css\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://www.shalwell.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":5,\"bytes_toserver\":801,\"bytes_toclient\":2536,\"start\":\"2025-10-23T04:43:03.693179+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:04Z","timestamp":1761194584,"ip_dst":{"addr":"172.18.0.5","port":48966,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:04.816029+0000\",\"flow_id\":1420627849802037,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48966,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/skins/143899/js/kf4.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://www.shalwell.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":5,\"bytes_toserver\":782,\"bytes_toclient\":1621,\"start\":\"2025-10-23T04:43:04.225589+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:04Z","timestamp":1761194584,"ip_dst":{"addr":"172.18.0.5","port":48946,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:04.819215+0000\",\"flow_id\":212840096437179,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48946,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/css/style.css\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://www.shalwell.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15782},\"files\":[{\"filename\":\"/Skins/143899/css/style.css\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":89601,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":19,\"pkts_toclient\":18,\"bytes_toserver\":2066,\"bytes_toclient\":17562,\"start\":\"2025-10-23T04:43:03.693179+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:04Z","timestamp":1761194584,"ip_dst":{"addr":"172.18.0.5","port":48970,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:04.831784+0000\",\"flow_id\":161085740578150,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48970,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/js/swiper.min.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://www.shalwell.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2156},\"files\":[{\"filename\":\"/Skins/143899/js/swiper.min.js\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":2156,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":6,\"bytes_toserver\":843,\"bytes_toclient\":4728,\"start\":\"2025-10-23T04:43:04.226662+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:04Z","timestamp":1761194584,"ip_dst":{"addr":"172.18.0.5","port":48946,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:04.866602+0000\",\"flow_id\":212840096437179,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48946,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/js/customer.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://www.shalwell.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1460},\"files\":[{\"filename\":\"/Skins/143899/js/customer.js\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":1460,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":20,\"pkts_toclient\":21,\"bytes_toserver\":2120,\"bytes_toclient\":21408,\"start\":\"2025-10-23T04:43:03.693179+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:05Z","timestamp":1761194585,"ip_dst":{"addr":"172.18.0.5","port":48986,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:05.237097+0000\",\"flow_id\":498760364359010,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48986,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/js/jqueryNew.min.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://www.shalwell.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":738,\"bytes_toclient\":2457,\"start\":\"2025-10-23T04:43:04.228706+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:05Z","timestamp":1761194585,"ip_dst":{"addr":"172.18.0.5","port":48944,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:05.277161+0000\",\"flow_id\":1054434643131634,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48944,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/css/swiper.min.css\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://www.shalwell.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":17,\"pkts_toclient\":17,\"bytes_toserver\":1855,\"bytes_toclient\":17787,\"start\":\"2025-10-23T04:43:03.441586+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:05Z","timestamp":1761194585,"ip_dst":{"addr":"172.18.0.5","port":48960,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:05.784019+0000\",\"flow_id\":1146256748998897,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48960,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/js/JSChat.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://www.shalwell.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1630},\"files\":[{\"filename\":\"/js/JSChat.js\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":1630,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":6,\"bytes_toserver\":1412,\"bytes_toclient\":2743,\"start\":\"2025-10-23T04:43:04.225521+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:05Z","timestamp":1761194585,"ip_dst":{"addr":"172.18.0.5","port":49014,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:05.812123+0000\",\"flow_id\":891633907812413,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":49014,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/banner1.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.shalwell.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":705},\"files\":[{\"filename\":\"/Skins/143899/images/banner1.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":705,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":5,\"bytes_toserver\":813,\"bytes_toclient\":3214,\"start\":\"2025-10-23T04:43:04.477245+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:05Z","timestamp":1761194585,"ip_dst":{"addr":"172.18.0.5","port":48946,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:05.830913+0000\",\"flow_id\":212840096437179,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48946,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/link.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.shalwell.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1460},\"files\":[{\"filename\":\"/Skins/143899/images/link.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":1460,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":23,\"pkts_toclient\":26,\"bytes_toserver\":2802,\"bytes_toclient\":26532,\"start\":\"2025-10-23T04:43:03.693179+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:05Z","timestamp":1761194585,"ip_dst":{"addr":"172.18.0.5","port":48966,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:05.839997+0000\",\"flow_id\":1420627849802037,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48966,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/banner2.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.shalwell.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":705},\"files\":[{\"filename\":\"/Skins/143899/images/banner2.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":705,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":8,\"bytes_toserver\":1467,\"bytes_toclient\":4605,\"start\":\"2025-10-23T04:43:04.225589+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:05Z","timestamp":1761194585,"ip_dst":{"addr":"172.18.0.5","port":48970,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:05.863791+0000\",\"flow_id\":161085740578150,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48970,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/ewm.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.shalwell.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2065},\"files\":[{\"filename\":\"/Skins/143899/images/ewm.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":2065,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":59,\"pkts_toclient\":75,\"bytes_toserver\":4224,\"bytes_toclient\":105221,\"start\":\"2025-10-23T04:43:04.226662+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:05Z","timestamp":1761194585,"ip_dst":{"addr":"172.18.0.5","port":48960,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:05.886835+0000\",\"flow_id\":1146256748998897,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48960,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/logo.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.shalwell.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":8,\"bytes_toserver\":1466,\"bytes_toclient\":5063,\"start\":\"2025-10-23T04:43:04.225521+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:06Z","timestamp":1761194586,"ip_dst":{"addr":"172.18.0.5","port":48970,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:06.207062+0000\",\"flow_id\":161085740578150,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48970,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/hengf.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.shalwell.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1460},\"files\":[{\"filename\":\"/Skins/143899/images/hengf.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":1460,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":73,\"pkts_toclient\":90,\"bytes_toserver\":5501,\"bytes_toclient\":125042,\"start\":\"2025-10-23T04:43:04.226662+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:07Z","timestamp":1761194587,"ip_dst":{"addr":"172.18.0.5","port":49014,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:07.041414+0000\",\"flow_id\":891633907812413,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":49014,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/arrows1.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":708},\"files\":[{\"filename\":\"/Skins/143899/images/arrows1.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":708,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":223,\"pkts_toclient\":238,\"bytes_toserver\":13134,\"bytes_toclient\":349849,\"start\":\"2025-10-23T04:43:04.477245+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:07Z","timestamp":1761194587,"ip_dst":{"addr":"172.18.0.5","port":48960,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:07.073761+0000\",\"flow_id\":1146256748998897,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48960,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/morejt.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":20,\"pkts_toclient\":20,\"bytes_toserver\":2674,\"bytes_toclient\":19167,\"start\":\"2025-10-23T04:43:04.225521+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:07Z","timestamp":1761194587,"ip_dst":{"addr":"172.18.0.5","port":48998,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:07.084649+0000\",\"flow_id\":1121865629714318,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48998,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/flbtbg2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":785,\"bytes_toclient\":2440,\"start\":\"2025-10-23T04:43:04.477070+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:07Z","timestamp":1761194587,"ip_dst":{"addr":"172.18.0.5","port":49002,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:07.087246+0000\",\"flow_id\":467656211187714,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":49002,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/flbtbg1.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":785,\"bytes_toclient\":2438,\"start\":\"2025-10-23T04:43:04.477186+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:07Z","timestamp":1761194587,"ip_dst":{"addr":"172.18.0.5","port":48946,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:07.088145+0000\",\"flow_id\":212840096437179,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48946,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/indbkbg.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2169},\"files\":[{\"filename\":\"/Skins/143899/images/indbkbg.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":2169,\"tx_id\":3}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":26,\"pkts_toclient\":31,\"bytes_toserver\":3513,\"bytes_toclient\":30625,\"start\":\"2025-10-23T04:43:03.693179+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:07Z","timestamp":1761194587,"ip_dst":{"addr":"172.18.0.5","port":48966,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:07.090649+0000\",\"flow_id\":1420627849802037,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48966,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/arrows2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":220,\"pkts_toclient\":234,\"bytes_toserver\":13488,\"bytes_toclient\":340849,\"start\":\"2025-10-23T04:43:04.225589+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:07Z","timestamp":1761194587,"ip_dst":{"addr":"172.18.0.5","port":49014,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:07.339086+0000\",\"flow_id\":891633907812413,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":49014,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/fonts/impact.ttf\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":1698},\"files\":[{\"filename\":\"/Skins/143899/fonts/impact.ttf\",\"sid\":[],\"gaps\":false,\"state\":\"TRUNCATED\",\"stored\":false,\"size\":3605,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":226,\"pkts_toclient\":241,\"bytes_toserver\":13884,\"bytes_toclient\":352500,\"start\":\"2025-10-23T04:43:04.477245+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:07Z","timestamp":1761194587,"ip_dst":{"addr":"172.18.0.5","port":48970,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:07.340073+0000\",\"flow_id\":161085740578150,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48970,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/ssico.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2639},\"files\":[{\"filename\":\"/Skins/143899/images/ssico.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2639,\"tx_id\":3}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":98,\"pkts_toclient\":138,\"bytes_toserver\":7945,\"bytes_toclient\":193704,\"start\":\"2025-10-23T04:43:04.226662+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:07Z","timestamp":1761194587,"ip_dst":{"addr":"172.18.0.5","port":48946,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:07.413108+0000\",\"flow_id\":212840096437179,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48946,\"proto\":\"TCP\",\"tx_id\":4,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/kf4_imgs/kefu.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2172},\"files\":[{\"filename\":\"/Skins/143899/images/kf4_imgs/kefu.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":2172,\"tx_id\":4}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":30,\"pkts_toclient\":36,\"bytes_toserver\":4296,\"bytes_toclient\":36735,\"start\":\"2025-10-23T04:43:03.693179+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:07Z","timestamp":1761194587,"ip_dst":{"addr":"172.18.0.5","port":48966,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:07.455466+0000\",\"flow_id\":1420627849802037,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48966,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/zxbtn.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2169},\"files\":[{\"filename\":\"/Skins/143899/images/zxbtn.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":2169,\"tx_id\":3}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":223,\"pkts_toclient\":238,\"bytes_toserver\":14197,\"bytes_toclient\":345445,\"start\":\"2025-10-23T04:43:04.225589+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:07Z","timestamp":1761194587,"ip_dst":{"addr":"172.18.0.5","port":48986,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:07.473914+0000\",\"flow_id\":498760364359010,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48986,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/index_cache.html\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_refer\":\"http://www.shalwell.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":54,\"pkts_toclient\":69,\"bytes_toserver\":4497,\"bytes_toclient\":94672,\"start\":\"2025-10-23T04:43:04.228706+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:07Z","timestamp":1761194587,"ip_dst":{"addr":"172.18.0.5","port":48986,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:07.544409+0000\",\"flow_id\":498760364359010,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48986,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/indnew_bg.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1460},\"files\":[{\"filename\":\"/Skins/143899/images/indnew_bg.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":1460,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":55,\"pkts_toclient\":72,\"bytes_toserver\":4551,\"bytes_toclient\":98508,\"start\":\"2025-10-23T04:43:04.228706+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:07Z","timestamp":1761194587,"ip_dst":{"addr":"172.18.0.5","port":49014,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:07.606764+0000\",\"flow_id\":891633907812413,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":49014,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/fonts/impact.ttf\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":1701},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":227,\"pkts_toclient\":242,\"bytes_toserver\":14487,\"bytes_toclient\":354014,\"start\":\"2025-10-23T04:43:04.477245+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:07Z","timestamp":1761194587,"ip_dst":{"addr":"172.18.0.5","port":49014,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:07.607661+0000\",\"flow_id\":891633907812413,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":49014,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/morejt2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2168},\"files\":[{\"filename\":\"/Skins/143899/images/morejt2.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":2168,\"tx_id\":3}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":228,\"pkts_toclient\":244,\"bytes_toserver\":14541,\"bytes_toclient\":356156,\"start\":\"2025-10-23T04:43:04.477245+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:07Z","timestamp":1761194587,"ip_dst":{"addr":"172.18.0.5","port":48970,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:07.652885+0000\",\"flow_id\":161085740578150,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48970,\"proto\":\"TCP\",\"tx_id\":4,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/mulu0.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1915},\"files\":[{\"filename\":\"/Skins/143899/images/mulu0.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":1915,\"tx_id\":4}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":101,\"pkts_toclient\":142,\"bytes_toserver\":8667,\"bytes_toclient\":196586,\"start\":\"2025-10-23T04:43:04.226662+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:07Z","timestamp":1761194587,"ip_dst":{"addr":"172.18.0.5","port":48960,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:07.702570+0000\",\"flow_id\":1146256748998897,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48960,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/kf4_imgs/kefu-tb.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2541},\"files\":[{\"filename\":\"/Skins/143899/images/kf4_imgs/kefu-tb.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2541,\"tx_id\":3}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":25,\"pkts_toclient\":26,\"bytes_toserver\":4063,\"bytes_toclient\":24242,\"start\":\"2025-10-23T04:43:04.225521+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:08Z","timestamp":1761194588,"ip_dst":{"addr":"172.18.0.5","port":49014,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:08.012768+0000\",\"flow_id\":891633907812413,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":49014,\"proto\":\"TCP\",\"tx_id\":4,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/mulu2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":231,\"pkts_toclient\":246,\"bytes_toserver\":15250,\"bytes_toclient\":357443,\"start\":\"2025-10-23T04:43:04.477245+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:08Z","timestamp":1761194588,"ip_dst":{"addr":"172.18.0.5","port":49014,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:08.742017+0000\",\"flow_id\":891633907812413,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":49014,\"proto\":\"TCP\",\"tx_id\":5,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/x-icon\",\"http_refer\":\"http://www.shalwell.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":705},\"files\":[{\"filename\":\"/Skins/143899/favicon.ico\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":705,\"tx_id\":5}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":235,\"pkts_toclient\":249,\"bytes_toserver\":15994,\"bytes_toclient\":361985,\"start\":\"2025-10-23T04:43:04.477245+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:15Z","timestamp":1761194595,"ip_dst":{"addr":"172.18.0.5","port":48944,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:15.563174+0000\",\"flow_id\":1054434643131634,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48944,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/css/swiper.min.css\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://www.shalwell.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":3059},\"files\":[{\"filename\":\"/Skins/143899/css/swiper.min.css\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":17486,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":21,\"pkts_toclient\":20,\"bytes_toserver\":2071,\"bytes_toclient\":19550,\"start\":\"2025-10-23T04:43:03.441586+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:18Z","timestamp":1761194598,"ip_dst":{"addr":"172.18.0.5","port":48970,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:18.044807+0000\",\"flow_id\":161085740578150,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48970,\"proto\":\"TCP\",\"tx_id\":5,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/artico.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2706},\"files\":[{\"filename\":\"/Skins/143899/images/artico.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2706,\"tx_id\":5}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":104,\"pkts_toclient\":146,\"bytes_toserver\":8829,\"bytes_toclient\":200259,\"start\":\"2025-10-23T04:43:04.226662+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:18Z","timestamp":1761194598,"ip_dst":{"addr":"172.18.0.5","port":48960,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:18.053006+0000\",\"flow_id\":1146256748998897,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48960,\"proto\":\"TCP\",\"tx_id\":4,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/footli2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2021},\"files\":[{\"filename\":\"/Skins/143899/images/footli2.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2021,\"tx_id\":4}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":28,\"pkts_toclient\":29,\"bytes_toserver\":4237,\"bytes_toclient\":27174,\"start\":\"2025-10-23T04:43:04.225521+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:18Z","timestamp":1761194598,"ip_dst":{"addr":"172.18.0.5","port":48946,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:18.055094+0000\",\"flow_id\":212840096437179,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48946,\"proto\":\"TCP\",\"tx_id\":5,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/footli1.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2749},\"files\":[{\"filename\":\"/Skins/143899/images/footli1.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2749,\"tx_id\":5}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":35,\"pkts_toclient\":43,\"bytes_toserver\":5115,\"bytes_toclient\":42073,\"start\":\"2025-10-23T04:43:03.693179+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:18Z","timestamp":1761194598,"ip_dst":{"addr":"172.18.0.5","port":48966,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:18.319256+0000\",\"flow_id\":1420627849802037,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48966,\"proto\":\"TCP\",\"tx_id\":4,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/footli3.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2636},\"files\":[{\"filename\":\"/Skins/143899/images/footli3.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2636,\"tx_id\":4}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":228,\"pkts_toclient\":245,\"bytes_toserver\":15016,\"bytes_toclient\":351769,\"start\":\"2025-10-23T04:43:04.225589+0000\"}}"}],"analyzer":null,"urlquery":null},"summary":[{"fqdn":"push.zhanzhang.baidu.com","ip":{"addr":"39.156.68.163","port":80,"asn":9808,"as":"China Mobile Communications Group Co., Ltd.","country":"China","country_code":"CN"},"domain_registered":"1999-10-11","domain_rank":1485849,"first_seen":"2015-07-22T05:44:02Z","last_seen":"2025-10-22T03:11:32.073064Z","alert_count":0,"request_count":1,"received_data":426,"sent_data":339,"comment":"","tags":null,"fingerprints":null},{"fqdn":"public.mtnets.com","ip":{"addr":"42.236.78.108","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"domain_registered":"2007-05-21","domain_rank":0,"first_seen":"2019-01-29T13:10:34Z","last_seen":"2025-10-18T03:10:41.021404Z","alert_count":0,"request_count":3,"received_data":19043,"sent_data":1361,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"chat.zyzhan.com","ip":{"addr":"180.163.146.111","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"domain_registered":"2006-01-21","domain_rank":0,"first_seen":"2015-02-28T07:41:25Z","last_seen":"2025-08-17T04:51:49.217352Z","alert_count":0,"request_count":2,"received_data":45945,"sent_data":753,"comment":"","tags":null,"fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}]},{"fqdn":"shalwell.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2025-08-21","domain_rank":0,"first_seen":"2025-10-23T04:43:26.548196Z","last_seen":"2025-10-23T04:43:26.548196Z","alert_count":0,"request_count":2,"received_data":250,"sent_data":878,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Microsoft ASP.NET:4.0.30319","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}]},{"fqdn":"api.share.baidu.com","ip":{"addr":"180.101.212.103","port":80,"asn":134770,"as":"CHINANET Jiangsu province Suzhou taihu IDC network","country":"China","country_code":"CN"},"domain_registered":"1999-10-11","domain_rank":1421601,"first_seen":"2013-04-25T14:45:11Z","last_seen":"2025-10-21T09:23:10.233185Z","alert_count":0,"request_count":1,"received_data":116,"sent_data":381,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.shalwell.com","ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"domain_registered":"2025-08-21","domain_rank":0,"first_seen":"2025-10-23T04:43:26.546591Z","last_seen":"2025-10-23T04:43:26.546591Z","alert_count":41,"request_count":36,"received_data":1310379,"sent_data":19012,"comment":"","tags":null,"fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}]},{"fqdn":"www.zyzhan.com","ip":{"addr":"180.163.146.117","port":443,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"domain_registered":"2006-01-21","domain_rank":7308161,"first_seen":"2013-02-06T20:53:34Z","last_seen":"2025-10-10T20:07:40.662663Z","alert_count":0,"request_count":2,"received_data":2195,"sent_data":1711,"comment":"","tags":null,"fingerprints":[{"name":"Microsoft ASP.NET:4.0.30319","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:03Z","timestamp":1761194583,"ip_dst":{"addr":"172.18.0.5","port":51450,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO TLS Handshake Failure","source":"{\"timestamp\":\"2025-10-23T04:43:03.432788+0000\",\"flow_id\":327601622523944,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":443,\"dest_ip\":\"172.18.0.5\",\"dest_port\":51450,\"proto\":\"TCP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2029340,\"rev\":2,\"signature\":\"ET INFO TLS Handshake Failure\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2020_01_30\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2020_01_30\"]}},\"tls\":{\"sni\":\"www.shalwell.com\",\"version\":\"UNDETERMINED\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":3,\"pkts_toclient\":3,\"bytes_toserver\":699,\"bytes_toclient\":181,\"start\":\"2025-10-23T04:43:02.958504+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:04Z","timestamp":1761194584,"ip_dst":{"addr":"172.18.0.5","port":48944,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:04.072992+0000\",\"flow_id\":1054434643131634,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48944,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":5,\"bytes_toserver\":691,\"bytes_toclient\":2812,\"start\":\"2025-10-23T04:43:03.441586+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:04Z","timestamp":1761194584,"ip_dst":{"addr":"172.18.0.5","port":48944,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:04.496566+0000\",\"flow_id\":1054434643131634,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48944,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":13539},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":51855,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":16,\"pkts_toclient\":15,\"bytes_toserver\":1801,\"bytes_toclient\":15433,\"start\":\"2025-10-23T04:43:03.441586+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:04Z","timestamp":1761194584,"ip_dst":{"addr":"172.18.0.5","port":48946,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:04.550163+0000\",\"flow_id\":212840096437179,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48946,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/css/style.css\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://www.shalwell.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":5,\"bytes_toserver\":801,\"bytes_toclient\":2536,\"start\":\"2025-10-23T04:43:03.693179+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:04Z","timestamp":1761194584,"ip_dst":{"addr":"172.18.0.5","port":48966,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:04.816029+0000\",\"flow_id\":1420627849802037,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48966,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/skins/143899/js/kf4.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://www.shalwell.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":5,\"bytes_toserver\":782,\"bytes_toclient\":1621,\"start\":\"2025-10-23T04:43:04.225589+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:04Z","timestamp":1761194584,"ip_dst":{"addr":"172.18.0.5","port":48946,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:04.819215+0000\",\"flow_id\":212840096437179,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48946,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/css/style.css\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://www.shalwell.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15782},\"files\":[{\"filename\":\"/Skins/143899/css/style.css\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":89601,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":19,\"pkts_toclient\":18,\"bytes_toserver\":2066,\"bytes_toclient\":17562,\"start\":\"2025-10-23T04:43:03.693179+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:04Z","timestamp":1761194584,"ip_dst":{"addr":"172.18.0.5","port":48970,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:04.831784+0000\",\"flow_id\":161085740578150,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48970,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/js/swiper.min.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://www.shalwell.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2156},\"files\":[{\"filename\":\"/Skins/143899/js/swiper.min.js\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":2156,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":6,\"bytes_toserver\":843,\"bytes_toclient\":4728,\"start\":\"2025-10-23T04:43:04.226662+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:04Z","timestamp":1761194584,"ip_dst":{"addr":"172.18.0.5","port":48946,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:04.866602+0000\",\"flow_id\":212840096437179,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48946,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/js/customer.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://www.shalwell.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1460},\"files\":[{\"filename\":\"/Skins/143899/js/customer.js\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":1460,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":20,\"pkts_toclient\":21,\"bytes_toserver\":2120,\"bytes_toclient\":21408,\"start\":\"2025-10-23T04:43:03.693179+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:05Z","timestamp":1761194585,"ip_dst":{"addr":"172.18.0.5","port":48986,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:05.237097+0000\",\"flow_id\":498760364359010,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48986,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/js/jqueryNew.min.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://www.shalwell.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":738,\"bytes_toclient\":2457,\"start\":\"2025-10-23T04:43:04.228706+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:05Z","timestamp":1761194585,"ip_dst":{"addr":"172.18.0.5","port":48944,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:05.277161+0000\",\"flow_id\":1054434643131634,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48944,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/css/swiper.min.css\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://www.shalwell.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":17,\"pkts_toclient\":17,\"bytes_toserver\":1855,\"bytes_toclient\":17787,\"start\":\"2025-10-23T04:43:03.441586+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:05Z","timestamp":1761194585,"ip_dst":{"addr":"172.18.0.5","port":48960,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:05.784019+0000\",\"flow_id\":1146256748998897,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48960,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/js/JSChat.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://www.shalwell.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1630},\"files\":[{\"filename\":\"/js/JSChat.js\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":1630,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":6,\"bytes_toserver\":1412,\"bytes_toclient\":2743,\"start\":\"2025-10-23T04:43:04.225521+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:05Z","timestamp":1761194585,"ip_dst":{"addr":"172.18.0.5","port":49014,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:05.812123+0000\",\"flow_id\":891633907812413,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":49014,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/banner1.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.shalwell.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":705},\"files\":[{\"filename\":\"/Skins/143899/images/banner1.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":705,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":5,\"bytes_toserver\":813,\"bytes_toclient\":3214,\"start\":\"2025-10-23T04:43:04.477245+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:05Z","timestamp":1761194585,"ip_dst":{"addr":"172.18.0.5","port":48946,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:05.830913+0000\",\"flow_id\":212840096437179,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48946,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/link.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.shalwell.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1460},\"files\":[{\"filename\":\"/Skins/143899/images/link.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":1460,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":23,\"pkts_toclient\":26,\"bytes_toserver\":2802,\"bytes_toclient\":26532,\"start\":\"2025-10-23T04:43:03.693179+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:05Z","timestamp":1761194585,"ip_dst":{"addr":"172.18.0.5","port":48966,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:05.839997+0000\",\"flow_id\":1420627849802037,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48966,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/banner2.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.shalwell.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":705},\"files\":[{\"filename\":\"/Skins/143899/images/banner2.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":705,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":8,\"bytes_toserver\":1467,\"bytes_toclient\":4605,\"start\":\"2025-10-23T04:43:04.225589+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:05Z","timestamp":1761194585,"ip_dst":{"addr":"172.18.0.5","port":48970,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:05.863791+0000\",\"flow_id\":161085740578150,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48970,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/ewm.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.shalwell.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2065},\"files\":[{\"filename\":\"/Skins/143899/images/ewm.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":2065,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":59,\"pkts_toclient\":75,\"bytes_toserver\":4224,\"bytes_toclient\":105221,\"start\":\"2025-10-23T04:43:04.226662+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:05Z","timestamp":1761194585,"ip_dst":{"addr":"172.18.0.5","port":48960,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:05.886835+0000\",\"flow_id\":1146256748998897,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48960,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/logo.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.shalwell.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":8,\"bytes_toserver\":1466,\"bytes_toclient\":5063,\"start\":\"2025-10-23T04:43:04.225521+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:06Z","timestamp":1761194586,"ip_dst":{"addr":"172.18.0.5","port":48970,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:06.207062+0000\",\"flow_id\":161085740578150,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48970,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/hengf.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.shalwell.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1460},\"files\":[{\"filename\":\"/Skins/143899/images/hengf.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":1460,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":73,\"pkts_toclient\":90,\"bytes_toserver\":5501,\"bytes_toclient\":125042,\"start\":\"2025-10-23T04:43:04.226662+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:07Z","timestamp":1761194587,"ip_dst":{"addr":"172.18.0.5","port":49014,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:07.041414+0000\",\"flow_id\":891633907812413,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":49014,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/arrows1.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":708},\"files\":[{\"filename\":\"/Skins/143899/images/arrows1.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":708,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":223,\"pkts_toclient\":238,\"bytes_toserver\":13134,\"bytes_toclient\":349849,\"start\":\"2025-10-23T04:43:04.477245+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:07Z","timestamp":1761194587,"ip_dst":{"addr":"172.18.0.5","port":48960,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:07.073761+0000\",\"flow_id\":1146256748998897,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48960,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/morejt.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":20,\"pkts_toclient\":20,\"bytes_toserver\":2674,\"bytes_toclient\":19167,\"start\":\"2025-10-23T04:43:04.225521+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:07Z","timestamp":1761194587,"ip_dst":{"addr":"172.18.0.5","port":48998,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:07.084649+0000\",\"flow_id\":1121865629714318,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48998,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/flbtbg2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":785,\"bytes_toclient\":2440,\"start\":\"2025-10-23T04:43:04.477070+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:07Z","timestamp":1761194587,"ip_dst":{"addr":"172.18.0.5","port":49002,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:07.087246+0000\",\"flow_id\":467656211187714,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":49002,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/flbtbg1.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":785,\"bytes_toclient\":2438,\"start\":\"2025-10-23T04:43:04.477186+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:07Z","timestamp":1761194587,"ip_dst":{"addr":"172.18.0.5","port":48946,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:07.088145+0000\",\"flow_id\":212840096437179,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48946,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/indbkbg.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2169},\"files\":[{\"filename\":\"/Skins/143899/images/indbkbg.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":2169,\"tx_id\":3}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":26,\"pkts_toclient\":31,\"bytes_toserver\":3513,\"bytes_toclient\":30625,\"start\":\"2025-10-23T04:43:03.693179+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:07Z","timestamp":1761194587,"ip_dst":{"addr":"172.18.0.5","port":48966,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:07.090649+0000\",\"flow_id\":1420627849802037,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48966,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/arrows2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":220,\"pkts_toclient\":234,\"bytes_toserver\":13488,\"bytes_toclient\":340849,\"start\":\"2025-10-23T04:43:04.225589+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:07Z","timestamp":1761194587,"ip_dst":{"addr":"172.18.0.5","port":49014,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:07.339086+0000\",\"flow_id\":891633907812413,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":49014,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/fonts/impact.ttf\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":1698},\"files\":[{\"filename\":\"/Skins/143899/fonts/impact.ttf\",\"sid\":[],\"gaps\":false,\"state\":\"TRUNCATED\",\"stored\":false,\"size\":3605,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":226,\"pkts_toclient\":241,\"bytes_toserver\":13884,\"bytes_toclient\":352500,\"start\":\"2025-10-23T04:43:04.477245+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:07Z","timestamp":1761194587,"ip_dst":{"addr":"172.18.0.5","port":48970,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:07.340073+0000\",\"flow_id\":161085740578150,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48970,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/ssico.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2639},\"files\":[{\"filename\":\"/Skins/143899/images/ssico.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2639,\"tx_id\":3}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":98,\"pkts_toclient\":138,\"bytes_toserver\":7945,\"bytes_toclient\":193704,\"start\":\"2025-10-23T04:43:04.226662+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:07Z","timestamp":1761194587,"ip_dst":{"addr":"172.18.0.5","port":48946,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:07.413108+0000\",\"flow_id\":212840096437179,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48946,\"proto\":\"TCP\",\"tx_id\":4,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/kf4_imgs/kefu.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2172},\"files\":[{\"filename\":\"/Skins/143899/images/kf4_imgs/kefu.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":2172,\"tx_id\":4}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":30,\"pkts_toclient\":36,\"bytes_toserver\":4296,\"bytes_toclient\":36735,\"start\":\"2025-10-23T04:43:03.693179+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:07Z","timestamp":1761194587,"ip_dst":{"addr":"172.18.0.5","port":48966,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:07.455466+0000\",\"flow_id\":1420627849802037,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48966,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/zxbtn.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2169},\"files\":[{\"filename\":\"/Skins/143899/images/zxbtn.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":2169,\"tx_id\":3}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":223,\"pkts_toclient\":238,\"bytes_toserver\":14197,\"bytes_toclient\":345445,\"start\":\"2025-10-23T04:43:04.225589+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:07Z","timestamp":1761194587,"ip_dst":{"addr":"172.18.0.5","port":48986,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:07.473914+0000\",\"flow_id\":498760364359010,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48986,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/index_cache.html\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_refer\":\"http://www.shalwell.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":54,\"pkts_toclient\":69,\"bytes_toserver\":4497,\"bytes_toclient\":94672,\"start\":\"2025-10-23T04:43:04.228706+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:07Z","timestamp":1761194587,"ip_dst":{"addr":"172.18.0.5","port":48986,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:07.544409+0000\",\"flow_id\":498760364359010,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48986,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/indnew_bg.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1460},\"files\":[{\"filename\":\"/Skins/143899/images/indnew_bg.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":1460,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":55,\"pkts_toclient\":72,\"bytes_toserver\":4551,\"bytes_toclient\":98508,\"start\":\"2025-10-23T04:43:04.228706+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:07Z","timestamp":1761194587,"ip_dst":{"addr":"172.18.0.5","port":49014,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:07.606764+0000\",\"flow_id\":891633907812413,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":49014,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/fonts/impact.ttf\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":1701},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":227,\"pkts_toclient\":242,\"bytes_toserver\":14487,\"bytes_toclient\":354014,\"start\":\"2025-10-23T04:43:04.477245+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:07Z","timestamp":1761194587,"ip_dst":{"addr":"172.18.0.5","port":49014,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:07.607661+0000\",\"flow_id\":891633907812413,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":49014,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/morejt2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2168},\"files\":[{\"filename\":\"/Skins/143899/images/morejt2.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":2168,\"tx_id\":3}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":228,\"pkts_toclient\":244,\"bytes_toserver\":14541,\"bytes_toclient\":356156,\"start\":\"2025-10-23T04:43:04.477245+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:07Z","timestamp":1761194587,"ip_dst":{"addr":"172.18.0.5","port":48970,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:07.652885+0000\",\"flow_id\":161085740578150,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48970,\"proto\":\"TCP\",\"tx_id\":4,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/mulu0.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1915},\"files\":[{\"filename\":\"/Skins/143899/images/mulu0.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":1915,\"tx_id\":4}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":101,\"pkts_toclient\":142,\"bytes_toserver\":8667,\"bytes_toclient\":196586,\"start\":\"2025-10-23T04:43:04.226662+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:07Z","timestamp":1761194587,"ip_dst":{"addr":"172.18.0.5","port":48960,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:07.702570+0000\",\"flow_id\":1146256748998897,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48960,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/kf4_imgs/kefu-tb.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2541},\"files\":[{\"filename\":\"/Skins/143899/images/kf4_imgs/kefu-tb.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2541,\"tx_id\":3}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":25,\"pkts_toclient\":26,\"bytes_toserver\":4063,\"bytes_toclient\":24242,\"start\":\"2025-10-23T04:43:04.225521+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:08Z","timestamp":1761194588,"ip_dst":{"addr":"172.18.0.5","port":49014,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:08.012768+0000\",\"flow_id\":891633907812413,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":49014,\"proto\":\"TCP\",\"tx_id\":4,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/mulu2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":231,\"pkts_toclient\":246,\"bytes_toserver\":15250,\"bytes_toclient\":357443,\"start\":\"2025-10-23T04:43:04.477245+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:08Z","timestamp":1761194588,"ip_dst":{"addr":"172.18.0.5","port":49014,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:08.742017+0000\",\"flow_id\":891633907812413,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":49014,\"proto\":\"TCP\",\"tx_id\":5,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/x-icon\",\"http_refer\":\"http://www.shalwell.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":705},\"files\":[{\"filename\":\"/Skins/143899/favicon.ico\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":705,\"tx_id\":5}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":235,\"pkts_toclient\":249,\"bytes_toserver\":15994,\"bytes_toclient\":361985,\"start\":\"2025-10-23T04:43:04.477245+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:15Z","timestamp":1761194595,"ip_dst":{"addr":"172.18.0.5","port":48944,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:15.563174+0000\",\"flow_id\":1054434643131634,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48944,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/css/swiper.min.css\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://www.shalwell.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":3059},\"files\":[{\"filename\":\"/Skins/143899/css/swiper.min.css\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":17486,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":21,\"pkts_toclient\":20,\"bytes_toserver\":2071,\"bytes_toclient\":19550,\"start\":\"2025-10-23T04:43:03.441586+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:18Z","timestamp":1761194598,"ip_dst":{"addr":"172.18.0.5","port":48970,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:18.044807+0000\",\"flow_id\":161085740578150,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48970,\"proto\":\"TCP\",\"tx_id\":5,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/artico.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2706},\"files\":[{\"filename\":\"/Skins/143899/images/artico.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2706,\"tx_id\":5}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":104,\"pkts_toclient\":146,\"bytes_toserver\":8829,\"bytes_toclient\":200259,\"start\":\"2025-10-23T04:43:04.226662+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:18Z","timestamp":1761194598,"ip_dst":{"addr":"172.18.0.5","port":48960,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:18.053006+0000\",\"flow_id\":1146256748998897,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48960,\"proto\":\"TCP\",\"tx_id\":4,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/footli2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2021},\"files\":[{\"filename\":\"/Skins/143899/images/footli2.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2021,\"tx_id\":4}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":28,\"pkts_toclient\":29,\"bytes_toserver\":4237,\"bytes_toclient\":27174,\"start\":\"2025-10-23T04:43:04.225521+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:18Z","timestamp":1761194598,"ip_dst":{"addr":"172.18.0.5","port":48946,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:18.055094+0000\",\"flow_id\":212840096437179,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48946,\"proto\":\"TCP\",\"tx_id\":5,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/footli1.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2749},\"files\":[{\"filename\":\"/Skins/143899/images/footli1.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2749,\"tx_id\":5}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":35,\"pkts_toclient\":43,\"bytes_toserver\":5115,\"bytes_toclient\":42073,\"start\":\"2025-10-23T04:43:03.693179+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:18Z","timestamp":1761194598,"ip_dst":{"addr":"172.18.0.5","port":48966,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:18.319256+0000\",\"flow_id\":1420627849802037,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48966,\"proto\":\"TCP\",\"tx_id\":4,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/footli3.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2636},\"files\":[{\"filename\":\"/Skins/143899/images/footli3.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2636,\"tx_id\":4}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":228,\"pkts_toclient\":245,\"bytes_toserver\":15016,\"bytes_toclient\":351769,\"start\":\"2025-10-23T04:43:04.225589+0000\"}}"}]}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"www.shalwell.com/Skins/143899/js/customer.js","fqdn":"www.shalwell.com","domain":"shalwell.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"7ee5d36606ae3e0032aba162e4c186d3","sha1":"3f47944565c410b5acd1d1cd1b70b22339508296","sha256":"b1071f3356a2aa5c2b4f40d81f90c6dbc865531111fbe6329dd06612184cbfd0","sha512":"fa969d3c22c16c4e4e911f75ec315b38dd9561926da7e187e9b9414cade337f69963ac1cdc68e627a99067fb09b44a534deb3744a92c6d85863bc1d8f94f7611","ssdeep":"48:h55Uelb+M2+Rv++egxeQW7Fqs4lvqsLJDddgQGWCtUNij7uYXfo6lb7vYr:h9Bt2mmAZW7mdBE7fXg6F7gr","tlshash":"ad813f81f14ca43e86fb23bb163eb101de5a8287c0cb84f2f4bd1554cfb011956a6fa8","size":4101,"data":"","first_seen":"2025-08-19T07:26:19.552608Z","last_seen":"2026-03-16T06:11:07.428272Z","times_seen":4,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-10-23T04:43:04Z","timestamp":1761194584,"ip_dst":{"addr":"172.18.0.5","port":48946,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:04.866602+0000\",\"flow_id\":212840096437179,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48946,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/js/customer.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://www.shalwell.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1460},\"files\":[{\"filename\":\"/Skins/143899/js/customer.js\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":1460,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":20,\"pkts_toclient\":21,\"bytes_toserver\":2120,\"bytes_toclient\":21408,\"start\":\"2025-10-23T04:43:03.693179+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"push.zhanzhang.baidu.com/push.js","fqdn":"push.zhanzhang.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"39.156.68.163","port":80,"asn":9808,"as":"China Mobile Communications Group Co., Ltd.","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"1bb5a3267c9865ad4abe8d937734b62b","sha1":"b5478dd2edb3e64242eced1db2dbd945ef81f592","sha256":"674bc0c70f98d627b8a7e1d278a1f21ffe33815565f7d5371bf0275da57571b2","sha512":"33318ed944a49a8fa334983408d68853b1fbe4f80b19adef6235f23d7708b616cd4f8dd28c8b8ebfbb5776aab8088229f3060cd789af34fe1db5038a98bd0d39","ssdeep":"","tlshash":"91d02be874a0c41c0ce710b17fab328cfab20b2755244d40c05b90013614b1f824bfe9","size":281,"data":"","first_seen":"2023-03-07T01:02:09Z","last_seen":"2026-04-05T08:03:13.134675Z","times_seen":20927,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.shalwell.com/","fqdn":"www.shalwell.com","domain":"shalwell.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"domTimer","is_inline":false,"md5":"6ac2c5a759f635b559eafc0e22ac847d","sha1":"115df9f4b98d6da975835b7b39b229863ce38e7e","sha256":"cb40ea11bbf5b7bf8b10c7523a23be3f8f2128de190490e85144d88da88be76b","sha512":"a17bb67f38a3e5cc208b14faf6994af41a6215251b9ea5046121a64deefa4a7bb4f52b9af4e9fdd7696f4af5ae7f80b505d32c84adfb17ddacce661b6b17b179","ssdeep":"","tlshash":"d3e004c1c511c14d01554430d0f1c3f4300d7047f5544144c54c04fd3154530150c4c0","size":412,"data":"","first_seen":"2024-10-15T09:01:31.007499Z","last_seen":"2026-04-02T14:38:09.630424Z","times_seen":18,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-10-23T04:43:04Z","timestamp":1761194584,"ip_dst":{"addr":"172.18.0.5","port":48944,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:04.072992+0000\",\"flow_id\":1054434643131634,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48944,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":5,\"bytes_toserver\":691,\"bytes_toclient\":2812,\"start\":\"2025-10-23T04:43:03.441586+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2025-10-23T04:43:04Z","timestamp":1761194584,"ip_dst":{"addr":"172.18.0.5","port":48944,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:04.496566+0000\",\"flow_id\":1054434643131634,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48944,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":13539},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":51855,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":16,\"pkts_toclient\":15,\"bytes_toserver\":1801,\"bytes_toclient\":15433,\"start\":\"2025-10-23T04:43:03.441586+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.shalwell.com/js/JSChat.js","fqdn":"www.shalwell.com","domain":"shalwell.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"1c04d2293f4bf3f056f95498ead507dd","sha1":"b856a9c007fc3008459969d4e5076532ae82e4c1","sha256":"d3c7ba5c8b5d6873d8ba5ecc6fd1aff32a51bb6d824baeb615f2cef00160f851","sha512":"75729bdadcac1c460bb0317e2c3292cd4770b7c3c19b6845cfb8368573f424d60e1ba4eb773625c440245506eb3f27c96b3f8ae6a29a7a499407684783304073","ssdeep":"","tlshash":"0a31cbf68912931609394f63c712120de267516b8103e0627d3d6d653fb8a0bb368ff0","size":1656,"data":"","first_seen":"2024-01-06T11:12:18Z","last_seen":"2026-03-27T22:14:18.899872Z","times_seen":192,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-10-23T04:43:05Z","timestamp":1761194585,"ip_dst":{"addr":"172.18.0.5","port":48960,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:05.784019+0000\",\"flow_id\":1146256748998897,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48960,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/js/JSChat.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://www.shalwell.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1630},\"files\":[{\"filename\":\"/js/JSChat.js\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":1630,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":6,\"bytes_toserver\":1412,\"bytes_toclient\":2743,\"start\":\"2025-10-23T04:43:04.225521+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.shalwell.com/Skins/143899/js/swiper.min.js","fqdn":"www.shalwell.com","domain":"shalwell.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"5e9eb008653857cbc376068d56a4ce48","sha1":"3d03eae3315d29a909558edb32d1707b13a50798","sha256":"af5bbf3aeb9699dcaaa10dad001b8f97d5b1468f114133b04df767c0a4e0ed30","sha512":"8a9b3487821b47bc53feb2f6d633f85cb914c18dabdc23277d62995f6678e036243d6d22ad6e764392b0993f41ad397105c2fc044f2627748c4cd1a0dcb18173","ssdeep":"1536:UyOkN3TklR3ZIFDG+Y7n2L5ydUTv0tSQfCBTw:hT673uTv+","tlshash":"b193d66db314f2e295d3214a679ec64122f21706b849dae870b54c4a68bcc5d03bffbd","size":96106,"data":"","first_seen":"2025-06-27T07:25:58.383726Z","last_seen":"2026-03-16T06:11:07.431335Z","times_seen":25,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-10-23T04:43:04Z","timestamp":1761194584,"ip_dst":{"addr":"172.18.0.5","port":48970,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:04.831784+0000\",\"flow_id\":161085740578150,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48970,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/js/swiper.min.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://www.shalwell.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2156},\"files\":[{\"filename\":\"/Skins/143899/js/swiper.min.js\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":2156,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":6,\"bytes_toserver\":843,\"bytes_toclient\":4728,\"start\":\"2025-10-23T04:43:04.226662+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.shalwell.com/","fqdn":"www.shalwell.com","domain":"shalwell.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"834d77135a1da3cda08843b5c4bf0f53","sha1":"6d8821e92d3a4891034eb8f41a7d8c0a185b0c49","sha256":"2667bff59d240bcdfe5622f542e6d74a6655bd63adc582d2166711308a7f7906","sha512":"d987f5ebd568f68685632de79459c793d48e5061e27b299ee521ac8797080c7831b133e33dcf664cd1fc1f3d96db82f0b2ff66a1f78481f030ce817f98bc7323","ssdeep":"","tlshash":"75a0127d3290730100410403b95a088a177a1034d080803c5a5016c40438c1063c5dcc","size":81,"data":"","first_seen":"2025-10-23T04:43:44.917304Z","last_seen":"2025-10-23T04:43:44.917304Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-10-23T04:43:04Z","timestamp":1761194584,"ip_dst":{"addr":"172.18.0.5","port":48944,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:04.072992+0000\",\"flow_id\":1054434643131634,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48944,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":5,\"bytes_toserver\":691,\"bytes_toclient\":2812,\"start\":\"2025-10-23T04:43:03.441586+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2025-10-23T04:43:04Z","timestamp":1761194584,"ip_dst":{"addr":"172.18.0.5","port":48944,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:04.496566+0000\",\"flow_id\":1054434643131634,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48944,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":13539},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":51855,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":16,\"pkts_toclient\":15,\"bytes_toserver\":1801,\"bytes_toclient\":15433,\"start\":\"2025-10-23T04:43:03.441586+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.shalwell.com/","fqdn":"www.shalwell.com","domain":"shalwell.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"2d2c5894e5bc9a326e6ada0203232e69","sha1":"e69f8d7d73c8489a8ae817393892af42f9e226bc","sha256":"e3889759e4b68e68a5fc2da2554ec90c3ee1289e8d249fb52211820dc4c9dd5c","sha512":"0d6b7ef9dc1e5cfe710e3ab9cb3683ca9ceda70a41f21570297107b6995d944930b9c641078ecc723130812f97c320ab02791317e1c5df9b7b51d1922b28245e","ssdeep":"","tlshash":"45c02b3709201e0c00355481f422ea6430f5350cb640d297c83c001c1510bd90008c12","size":133,"data":"","first_seen":"2023-11-23T11:16:21Z","last_seen":"2026-04-04T11:07:00.247663Z","times_seen":506,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-10-23T04:43:04Z","timestamp":1761194584,"ip_dst":{"addr":"172.18.0.5","port":48944,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:04.072992+0000\",\"flow_id\":1054434643131634,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48944,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":5,\"bytes_toserver\":691,\"bytes_toclient\":2812,\"start\":\"2025-10-23T04:43:03.441586+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2025-10-23T04:43:04Z","timestamp":1761194584,"ip_dst":{"addr":"172.18.0.5","port":48944,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:04.496566+0000\",\"flow_id\":1054434643131634,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48944,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":13539},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":51855,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":16,\"pkts_toclient\":15,\"bytes_toserver\":1801,\"bytes_toclient\":15433,\"start\":\"2025-10-23T04:43:03.441586+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.shalwell.com/","fqdn":"www.shalwell.com","domain":"shalwell.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"2149b39507f7a95f205338b600f2732e","sha1":"56879c45ecd121ed424b5fff5d0feab5b858929c","sha256":"4d885d41d4293a4dcf0f954ef3b71c4c19224956f5921c903476b229a9105d70","sha512":"e7746d0fb3ee6d6e7acc5759633914787c083e072492e7e21741f64081476207c246ec3593330f4d1ddbda58db4fdf117befa015b201be5ee6014d8b37e1b21d","ssdeep":"","tlshash":"f1e0d8ed2c661a746b9004be942ff91cf1d9617c2455e112a58dfc124034eeb1a1aa94","size":356,"data":"","first_seen":"2023-03-07T12:09:31Z","last_seen":"2026-04-04T11:07:00.248736Z","times_seen":640,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-10-23T04:43:04Z","timestamp":1761194584,"ip_dst":{"addr":"172.18.0.5","port":48944,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:04.072992+0000\",\"flow_id\":1054434643131634,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48944,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":5,\"bytes_toserver\":691,\"bytes_toclient\":2812,\"start\":\"2025-10-23T04:43:03.441586+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2025-10-23T04:43:04Z","timestamp":1761194584,"ip_dst":{"addr":"172.18.0.5","port":48944,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:04.496566+0000\",\"flow_id\":1054434643131634,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48944,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":13539},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":51855,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":16,\"pkts_toclient\":15,\"bytes_toserver\":1801,\"bytes_toclient\":15433,\"start\":\"2025-10-23T04:43:03.441586+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.shalwell.com/","fqdn":"www.shalwell.com","domain":"shalwell.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"210d4f43b382acfb75f0f93b9c50ecbe","sha1":"59b36abd16d11e7df6631e0414001d2a71727bc9","sha256":"0dcc1d68298b80b8746eb95f3e454d036988415a8d6df607edf2f79be8a76911","sha512":"0aa2f0e626fba04f5e58e2e39e2eb1f33033e2eaae7f4e46ea0bbb3b419ff24abedc34e2265c536f899be66f8a015536e24898b7990732cebe90c77425122c30","ssdeep":"","tlshash":"d7b012a3bf0d0c3814893127012443c0b80dc7734f942999983c3a138010c458289f64","size":97,"data":"","first_seen":"2024-10-22T22:01:03.829516Z","last_seen":"2026-04-01T07:16:48.453299Z","times_seen":88,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-10-23T04:43:04Z","timestamp":1761194584,"ip_dst":{"addr":"172.18.0.5","port":48944,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:04.072992+0000\",\"flow_id\":1054434643131634,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48944,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":5,\"bytes_toserver\":691,\"bytes_toclient\":2812,\"start\":\"2025-10-23T04:43:03.441586+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2025-10-23T04:43:04Z","timestamp":1761194584,"ip_dst":{"addr":"172.18.0.5","port":48944,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:04.496566+0000\",\"flow_id\":1054434643131634,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48944,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":13539},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":51855,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":16,\"pkts_toclient\":15,\"bytes_toserver\":1801,\"bytes_toclient\":15433,\"start\":\"2025-10-23T04:43:03.441586+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.shalwell.com/","fqdn":"www.shalwell.com","domain":"shalwell.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"domTimer","is_inline":false,"md5":"e40447fdd4b76b16d72a4eb04f3a7e4d","sha1":"a63ba569dc908e14d27ec6c3ec72e2d37c994487","sha256":"85c75ee64283964c103f91561c7b11e5c5199efabb52fb3955dc36049bafaa63","sha512":"49edc7dd95068e26f3e5690f8799de259e00d02eaa2786aefc22aaf0d0378c543cb74a2d2947c913839c76764bc311628ed4425e03c9462a6526e720dfd3c976","ssdeep":"","tlshash":"c4d00020c80200c0028802b0c80af22020208c02c8a00383c2080202020200af820200","size":275,"data":"","first_seen":"2024-10-15T09:01:31.00262Z","last_seen":"2026-04-02T14:38:09.635613Z","times_seen":18,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-10-23T04:43:04Z","timestamp":1761194584,"ip_dst":{"addr":"172.18.0.5","port":48944,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:04.072992+0000\",\"flow_id\":1054434643131634,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48944,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":5,\"bytes_toserver\":691,\"bytes_toclient\":2812,\"start\":\"2025-10-23T04:43:03.441586+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2025-10-23T04:43:04Z","timestamp":1761194584,"ip_dst":{"addr":"172.18.0.5","port":48944,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:04.496566+0000\",\"flow_id\":1054434643131634,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48944,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":13539},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":51855,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":16,\"pkts_toclient\":15,\"bytes_toserver\":1801,\"bytes_toclient\":15433,\"start\":\"2025-10-23T04:43:03.441586+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"chat.zyzhan.com/chat/KfCenterBoxShow/143899","fqdn":"chat.zyzhan.com","domain":"zyzhan.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"09e282f8504ddd1d25f52870f4ea9e5e","sha1":"66668e9233723d0cf5fb94d62994f407f341f47e","sha256":"45a18d051e5494e66724bd986a492aedc6bb9457db91caab35ad16b053d57248","sha512":"e6e17d4e0bfbe03ec3276473607fca764904ad787c3df6e3b4121c8a640941786f6a55d58079b86ee9b0d07df6a9ad98aa6cdcac9b2bc3f24569f13ea875d265","ssdeep":"768:T8cWbNEMNVKPH4viZZimCiyTio9iWnZuOLB+IvNBxfMcDQwouYnmPnpNgQe3n41c:T8zsrD","tlshash":"ade294684800469682776f3ae77a530cfe779523544af2117d8c42e42fb3862376bfe8","size":33001,"data":"","first_seen":"2025-10-23T04:43:45.179535Z","last_seen":"2025-10-23T04:43:45.179535Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.zyzhan.com/asyncstat.aspx?u=alwellcn\u0026referer=\u0026title=%u5851%u6599%u6CE8%u5C04%u5668%u704C%u88C5%u673A-%u9884%u5145%u5F0F-%u73BB%u7483%u9488%u7BA1%u6CE8%u5C04%u5668%u704C%u88C5%u751F%u4EA7%u7EBF-%u4E0A%u6D77%u8000%u821C%u673A%u68B0%u8BBE%u5907%u6709%u9650%u516C%u53F8","fqdn":"www.zyzhan.com","domain":"zyzhan.com","tld":"com"},"ip":{"addr":"180.163.146.117","port":443,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":true,"md5":"c6fcf317ff8e26b93a17ca9e2887567c","sha1":"43251d3e66a00ac444d6deef969a03a916688dad","sha256":"e45d73b76bc55b6f0544e48a66516ef961e78648ca5ee1f2c2a90ba851b30011","sha512":"4635cfd682877dc32f66140c7a69114f288250d48e82411e31b9dad74c430cb01a7ee563a7b3507446f04d4609eacc7466964c3c63591175e747b636af24bf83","ssdeep":"","tlshash":"32f081778400f3ed8801a8e9de92c741e1470f7b7061e573615640c0322087bf06c6db","size":554,"data":"","first_seen":"2025-10-23T04:43:45.280493Z","last_seen":"2025-10-23T04:43:45.280493Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"chat.zyzhan.com/chat/KFCenterBox/143899","fqdn":"chat.zyzhan.com","domain":"zyzhan.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"39ddeb4765bf64e47a702b38035073e1","sha1":"6a6e33a3ee082e20bf1d29a51ac014a5dcd2e908","sha256":"2d56bf0c2e37dbab9afd33b188a10ce7766e47d6599a0ff81fc72c69fbcca7f0","sha512":"3591e5dc249e3f7ae99a2a5e37241a23679de2985f8c8fdf3dd2a8d268e931ba1047a74af046d6989d884d88fdfa0c1c4600fb8907a6268b87e50ed526b01942","ssdeep":"","tlshash":"ca61312c55441532ca722fb48a650548eebc483f481ad160bc8cddd9afb5f2225affec","size":3314,"data":"","first_seen":"2025-10-23T04:43:45.351159Z","last_seen":"2025-10-23T04:43:45.351159Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"chat.zyzhan.com/chat/KFLeftBox/143899","fqdn":"chat.zyzhan.com","domain":"zyzhan.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"744a74ce3969bf274274c9f652b42c50","sha1":"8f94ca3b1cefbeab5bd5c5c67f68b6f100888d06","sha256":"8ba0f3f6831f3f8461e1172c85403d691cacdc07c034c3d94dc82aabddf6fafd","sha512":"77232dbd6f9aa45af2bd1793004c3db77d8117231e4229153b2b98fbbf542337a603d7218190817424a300c4d081af3b48b98c0bf30ee0dcc8fb06a877134b7d","ssdeep":"","tlshash":"0061316c5544253286722fb48a250548eabc483f481ad160bc8cddd8bfb4f3224affec","size":3304,"data":"","first_seen":"2025-10-23T04:43:45.397754Z","last_seen":"2025-10-23T04:43:45.397754Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.zyzhan.com/mystat.aspx?u=alwellcn","fqdn":"www.zyzhan.com","domain":"zyzhan.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"4cf9082704c412fc0e6d7c4c3e00392d","sha1":"55b571d44654368ffb82cd35623cb856f3cc8607","sha256":"4879c80575326f5aa6a124bad26a94f85a1f0143b364e4707bab6ca4d506ad10","sha512":"4400137cc431647d078bb9f3e26de9fe30d8eae9c146ff59e3c76d06f760cdfb35e1f27e15025931a6094ee45e2f0e0202c1b18e5ad0407541ea3aa56ec030cc","ssdeep":"","tlshash":"aa217d541d02c0a4bc35713d89bbc13cd2a11a273865d73678ccad084f78fa425deeea","size":1359,"data":"","first_seen":"2025-10-23T04:43:45.45497Z","last_seen":"2025-10-23T04:43:45.45497Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.shalwell.com/skins/143899/js/kf4.js","fqdn":"www.shalwell.com","domain":"shalwell.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"185760354a342fb51b83e5ac0adfd389","sha1":"ad99f01bea221dc4d0e53c9fe0194b195ac7dd39","sha256":"f1acf40c39ce74882419a11536706095da0e7579ff1158639bcf9353275232ba","sha512":"4af80be2c358bec5a15a5686592e8c0184d61cb2964c749b7b293c9e51adb3b16732c1cf355472f1f964012532338b171a1867e6cd28bd19e2177c9443e8478c","ssdeep":"","tlshash":"58f06dacb048612940eeb338e93b93d97d3d78a371976096945e4cfc14b4bfa4612d88","size":562,"data":"","first_seen":"2025-10-23T04:43:43.03746Z","last_seen":"2025-10-23T04:43:43.03746Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-10-23T04:43:04Z","timestamp":1761194584,"ip_dst":{"addr":"172.18.0.5","port":48966,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:04.816029+0000\",\"flow_id\":1420627849802037,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48966,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/skins/143899/js/kf4.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://www.shalwell.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":5,\"bytes_toserver\":782,\"bytes_toclient\":1621,\"start\":\"2025-10-23T04:43:04.225589+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.shalwell.com/Skins/143899/js/jqueryNew.min.js","fqdn":"www.shalwell.com","domain":"shalwell.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"8fb8fee4fcc3cc86ff6c724154c49c42","sha1":"b82d238d4e31fdf618bae8ac11a6c812c03dd0d4","sha256":"ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e","sha512":"f3de1813a4160f9239f4781938645e1589b876759cd50b7936dbd849a35c38ffaed53f6a61dbdd8a1cf43cf4a28aa9fffbfddeec9a3811a1bb4ee6df58652b31","ssdeep":"1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn","tlshash":"069309ddb2c6702257a720ba007f510bf236199d6c4d8450f169d8eabc78a4e827bf7d","size":89501,"data":"","first_seen":"2023-03-07T01:02:13Z","last_seen":"2026-04-05T07:43:24.080116Z","times_seen":445213,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-10-23T04:43:05Z","timestamp":1761194585,"ip_dst":{"addr":"172.18.0.5","port":48986,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:05.237097+0000\",\"flow_id\":498760364359010,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48986,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/js/jqueryNew.min.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://www.shalwell.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":738,\"bytes_toclient\":2457,\"start\":\"2025-10-23T04:43:04.228706+0000\"}}"}],"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"55ec2911a2abc3878d5e502a03e1a2df","sha1":"8f21796871b8cfb419335369bb8aa3708b5597dc","sha256":"f4726d7868e699d4f0621d28371e8ace676546576d65dd3c13b987f6e3695c68","sha512":"c2a91ea04527a06a2862748e5dad177b939469b95d624bfe70e6ad7bb0cbcf01e43cb9a8cabede724e4eaf8733768110c3c2f52e91b969dc07d9b3784779f199","ssdeep":"","tlshash":"efe0205a44140802896cb0d515835e3f979a95057e4272f62aca6cd8d30535595de3bb","size":349,"data":"","first_seen":"2025-10-23T04:43:45.484471Z","last_seen":"2025-10-23T04:43:45.484471Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]},"http":[{"url":{"schema":"http","addr":"www.shalwell.com/Skins/143899/images/logo.jpg","fqdn":"www.shalwell.com","domain":"shalwell.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.shalwell.com/","date":"2025-10-23T04:43:04.256Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/143899/images/logo.jpg HTTP/1.1\r\nHost: www.shalwell.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.shalwell.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ASP.NET_SessionId=bqzyyuaf4pb05z2yr3ro0yvi; mtcached_mtsession_bqzyyuaf4pb05z2yr3ro0yvi=08c92760be0cc378455247eafb6c4b30fc0c376a1e9f65ff\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/jpeg\r\nContent-Length: 13161\r\nConnection: keep-alive\r\nDate: Thu, 23 Oct 2025 04:43:05 GMT\r\nLast-Modified: Wed, 27 Aug 2025 06:16:16 GMT\r\nAccept-Ranges: bytes\r\nETag: \"0f862181a17dc1:0\"\r\nX-Powered-By: ASP.NET-115.4.172\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache38.l2cn8045[33,33,200-0,M], cache20.l2cn8045[35,0], kunlun6.cn192[69,69,200-0,M], kunlun9.cn192[71,0]\r\nAli-Swift-Global-Savetime: 1761194585\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Thu, 23 Oct 2025 04:43:05 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01d17611945856226504e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":13161,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 380x70, components 3","md5":"d29cc4d127f9a108782cebb929fa1226","sha1":"90a118199e47b7e659299ad63466d0137aca359a","sha256":"b11ba308724fe1690ef24640104fa086f179aca7c18a35af2d82cb9fffb74b7f","sha512":"2519ab96d5c31653cef94dc630475ee61bfd770ab56092edbe13aac9f825c141d34e93ff127fbb504a9e1f9c4883d40204fcf6f37ad601c44f8383efd2dd4a22","ssdeep":"384:HY6yF8OuZXS0CGH66icSl7A0iEnrUJU9OwD:4h83fCGaNm0Pp","tlshash":"23429e6297c32e8e2b78db165493907b7964034c7e02609980a570acccf2ddfa86b4cf","first_seen":"2025-10-23T04:43:42.634348Z","last_seen":"2025-10-23T04:43:42.634348Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1642,"timings":{"blocked":1267,"dns":0,"connect":0,"send":0,"wait":332,"receive":43,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:05Z","timestamp":1761194585,"ip_dst":{"addr":"172.18.0.5","port":48960,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:05.886835+0000\",\"flow_id\":1146256748998897,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48960,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/logo.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.shalwell.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":8,\"bytes_toserver\":1466,\"bytes_toclient\":5063,\"start\":\"2025-10-23T04:43:04.225521+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.shalwell.com/Skins/143899/images/indbkbg.png","fqdn":"www.shalwell.com","domain":"shalwell.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.shalwell.com/","date":"2025-10-23T04:43:06.785Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/143899/images/indbkbg.png HTTP/1.1\r\nHost: www.shalwell.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.shalwell.com/Skins/143899/css/style.css\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ASP.NET_SessionId=bqzyyuaf4pb05z2yr3ro0yvi; mtcached_mtsession_bqzyyuaf4pb05z2yr3ro0yvi=08c92760be0cc378455247eafb6c4b30fc0c376a1e9f65ff\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 4526\r\nConnection: keep-alive\r\nDate: Thu, 23 Oct 2025 04:43:06 GMT\r\nLast-Modified: Wed, 27 Aug 2025 06:16:26 GMT\r\nAccept-Ranges: bytes\r\nETag: \"0d9581e1a17dc1:0\"\r\nX-Powered-By: ASP.NET-115.4.177\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache50.l2cn8786[24,23,200-0,M], cache22.l2cn8786[26,0], kunlun10.cn192[45,44,200-0,M], kunlun6.cn192[47,0]\r\nAli-Swift-Global-Savetime: 1761194586\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Thu, 23 Oct 2025 04:43:06 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01a17611945868851565e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":4526,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1100 x 92, 8-bit/color RGBA, non-interlaced","md5":"1ec6c5a407b74f7a61ddf2e9d27ad18c","sha1":"a1b3983c2ef438ebf7888e7e9986a4ea6d98a9ef","sha256":"6026acd143831660c8808a13e1b6e0c377e51ca9462e4f4a395e30e03e7b2ba0","sha512":"1d414c048b713871685babf1c55700472799593996e4298680b52ff4249f1c7568bdf41e966b06a249f3d061b30b9a94eedde4095020451d6e6592ae8e155220","ssdeep":"96:3SYo7FmWlknNJh9mR3Ho/HzNGruZmGpiJWnm693drlwjBtWA34ZMb539osO:3SN7FrknwI/T4TWm6fr2alSN39osO","tlshash":"e7912a84ec839ca2490db14a59fc90926ab34ec94d41389d6fdddc076d248e5eecd6c7","first_seen":"2025-03-09T15:25:07.218972Z","last_seen":"2026-03-20T10:57:50.329833Z","times_seen":24,"resource_available":false,"data":null}},"time_used":313,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":310,"receive":3,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:07Z","timestamp":1761194587,"ip_dst":{"addr":"172.18.0.5","port":48946,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:07.088145+0000\",\"flow_id\":212840096437179,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48946,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/indbkbg.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2169},\"files\":[{\"filename\":\"/Skins/143899/images/indbkbg.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":2169,\"tx_id\":3}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":26,\"pkts_toclient\":31,\"bytes_toserver\":3513,\"bytes_toclient\":30625,\"start\":\"2025-10-23T04:43:03.693179+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.shalwell.com/Skins/143899/images/morejt2.png","fqdn":"www.shalwell.com","domain":"shalwell.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.shalwell.com/","date":"2025-10-23T04:43:06.805Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/143899/images/morejt2.png HTTP/1.1\r\nHost: www.shalwell.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.shalwell.com/Skins/143899/css/style.css\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ASP.NET_SessionId=bqzyyuaf4pb05z2yr3ro0yvi; mtcached_mtsession_bqzyyuaf4pb05z2yr3ro0yvi=08c92760be0cc378455247eafb6c4b30fc0c376a1e9f65ff\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 2742\r\nConnection: keep-alive\r\nDate: Thu, 23 Oct 2025 04:43:07 GMT\r\nLast-Modified: Wed, 27 Aug 2025 06:16:23 GMT\r\nAccept-Ranges: bytes\r\nETag: \"80158f1c1a17dc1:0\"\r\nX-Powered-By: ASP.NET-115.4.174\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache38.l2cn2655[21,21,200-0,M], cache52.l2cn2655[22,0], kunlun9.cn192[35,34,200-0,M], kunlun10.cn192[38,0]\r\nAli-Swift-Global-Savetime: 1761194587\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Thu, 23 Oct 2025 04:43:07 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01e17611945874223501e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":2742,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced","md5":"64d50a7e5f4df019d2d2aba0bde8cd28","sha1":"32535dbd6e969f1a42fc22335d1fb25449728b25","sha256":"2d784e9a870833dcf327f2d68353df0d0d4c19a056b66809da7a19718a002a17","sha512":"1b46780c3e1a88fa5bdc48adbf364a7f3662e386594dc6f11d99e6ca6fadaf949185cccf08343fd1ba668158a0a7cb237eabc3dd21a355a6df1cb983ce575461","ssdeep":"","tlshash":"4e510c0dfc6068515a4ef989d9fc924297b71fc08e6168499ecac8135d604f9cdcd9cb","first_seen":"2025-03-09T15:25:07.225187Z","last_seen":"2026-03-20T10:57:50.310609Z","times_seen":23,"resource_available":false,"data":null}},"time_used":802,"timings":{"blocked":534,"dns":0,"connect":0,"send":0,"wait":267,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:07Z","timestamp":1761194587,"ip_dst":{"addr":"172.18.0.5","port":49014,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:07.607661+0000\",\"flow_id\":891633907812413,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":49014,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/morejt2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2168},\"files\":[{\"filename\":\"/Skins/143899/images/morejt2.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":2168,\"tx_id\":3}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":228,\"pkts_toclient\":244,\"bytes_toserver\":14541,\"bytes_toclient\":356156,\"start\":\"2025-10-23T04:43:04.477245+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.shalwell.com/Skins/143899/images/kf4_imgs/kefu.png","fqdn":"www.shalwell.com","domain":"shalwell.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.shalwell.com/","date":"2025-10-23T04:43:06.809Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/143899/images/kf4_imgs/kefu.png HTTP/1.1\r\nHost: www.shalwell.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.shalwell.com/Skins/143899/css/style.css\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ASP.NET_SessionId=bqzyyuaf4pb05z2yr3ro0yvi; mtcached_mtsession_bqzyyuaf4pb05z2yr3ro0yvi=08c92760be0cc378455247eafb6c4b30fc0c376a1e9f65ff\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 5093\r\nConnection: keep-alive\r\nDate: Thu, 23 Oct 2025 04:43:07 GMT\r\nLast-Modified: Fri, 29 Aug 2025 02:54:10 GMT\r\nAccept-Ranges: bytes\r\nETag: \"0b58d319018dc1:0\"\r\nX-Powered-By: ASP.NET-115.4.175\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache2.l2cn3022[23,23,200-0,M], cache4.l2cn3022[24,0], kunlun1.cn192[38,38,200-0,M], kunlun6.cn192[51,0]\r\nAli-Swift-Global-Savetime: 1761194587\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Thu, 23 Oct 2025 04:43:07 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01a17611945871992264e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":5093,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced","md5":"ae90a2db0d5ccbd45b6108631156cdd1","sha1":"f54e5fbaf283ff7794698c5c70da39e84f78aeac","sha256":"9dba819c027167eab8344cf5b150ce8089383065d05e15ea2199bfcca30cc6ee","sha512":"bdde48f73d0c25f8556c4b012da4f7dccac99075c45ac53e851fd83d6797d85acc131bea8d1d6d7851956f8b7bda44e55a828953d0a700270eaa927dfd74b678","ssdeep":"96:rSeD9JqhYLX/TUkSV36exaRPzPwesX7Y0qi0e1ZoWw6yha1sqYFHsu:GgJZpiJxYT/sLY01mPaJYZ","tlshash":"deb17d04b4617056b2e8d81771d323a9f91e89ccb581d2887ce948b40cf7e9d5019dff","first_seen":"2025-10-23T04:43:42.680936Z","last_seen":"2025-10-23T04:43:42.680936Z","times_seen":1,"resource_available":false,"data":null}},"time_used":607,"timings":{"blocked":279,"dns":0,"connect":0,"send":0,"wait":322,"receive":6,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:07Z","timestamp":1761194587,"ip_dst":{"addr":"172.18.0.5","port":48946,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:07.413108+0000\",\"flow_id\":212840096437179,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48946,\"proto\":\"TCP\",\"tx_id\":4,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/kf4_imgs/kefu.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2172},\"files\":[{\"filename\":\"/Skins/143899/images/kf4_imgs/kefu.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":2172,\"tx_id\":4}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":30,\"pkts_toclient\":36,\"bytes_toserver\":4296,\"bytes_toclient\":36735,\"start\":\"2025-10-23T04:43:03.693179+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.zyzhan.com/stat.aspx?u=alwellcn\u0026referer=\u0026title=%u5851%u6599%u6CE8%u5C04%u5668%u704C%u88C5%u673A-%u9884%u5145%u5F0F-%u73BB%u7483%u9488%u7BA1%u6CE8%u5C04%u5668%u704C%u88C5%u751F%u4EA7%u7EBF-%u4E0A%u6D77%u8000%u821C%u673A%u68B0%u8BBE%u5907%u6709%u9650%u516C%u53F8\u0026httpreferer=http%3A//www.shalwell.com/","fqdn":"www.zyzhan.com","domain":"zyzhan.com","tld":"com"},"ip":{"addr":"180.163.146.117","port":443,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.zyzhan.com/asyncstat.aspx?u=alwellcn\u0026referer=\u0026title=%u5851%u6599%u6CE8%u5C04%u5668%u704C%u88C5%u673A-%u9884%u5145%u5F0F-%u73BB%u7483%u9488%u7BA1%u6CE8%u5C04%u5668%u704C%u88C5%u751F%u4EA7%u7EBF-%u4E0A%u6D77%u8000%u821C%u673A%u68B0%u8BBE%u5907%u6709%u9650%u516C%u53F8","date":"2025-10-23T04:43:07.165Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.zyzhan.com","organization":""},"issuer":{"commonName":"Certum DV TLS G2 R39 CA","organization":"Asseco Data Systems S.A."},"validity":{"start":"Thu, 25 Sep 2025 07:19:01 GMT","end":"Sun, 25 Oct 2026 07:19:00 GMT"},"fingerprint":{"sha1":"E6:3E:BF:20:AD:44:FD:77:47:8E:5F:AB:FB:9D:06:6D:F3:0D:9B:46","sha256":"D0:76:31:48:88:6B:F3:4D:10:17:7A:D3:F3:3A:FF:4B:F1:0C:82:E5:64:DB:1C:87:F3:8C:84:1B:53:A0:6B:53"}}},"request":{"raw":"GET /stat.aspx?u=alwellcn\u0026referer=\u0026title=%u5851%u6599%u6CE8%u5C04%u5668%u704C%u88C5%u673A-%u9884%u5145%u5F0F-%u73BB%u7483%u9488%u7BA1%u6CE8%u5C04%u5668%u704C%u88C5%u751F%u4EA7%u7EBF-%u4E0A%u6D77%u8000%u821C%u673A%u68B0%u8BBE%u5907%u6709%u9650%u516C%u53F8\u0026httpreferer=http%3A//www.shalwell.com/ HTTP/1.1\r\nHost: www.zyzhan.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.zyzhan.com/asyncstat.aspx?u=alwellcn\u0026referer=\u0026title=%u5851%u6599%u6CE8%u5C04%u5668%u704C%u88C5%u673A-%u9884%u5145%u5F0F-%u73BB%u7483%u9488%u7BA1%u6CE8%u5C04%u5668%u704C%u88C5%u751F%u4EA7%u7EBF-%u4E0A%u6D77%u8000%u821C%u673A%u68B0%u8BBE%u5907%u6709%u9650%u516C%u53F8\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-length: 0\r\ndate: Thu, 23 Oct 2025 04:43:07 GMT\r\ncache-control: no-cache\r\npragma: no-cache\r\nexpires: -1\r\nx-aspnet-version: 4.0.30319\r\nset-cookie: ASP.NET_SessionId=gguogdqnkml2w1fde1nttvqs; path=/; HttpOnly; SameSite=Lax\nzyzhancompanyidstat143899ip919042154=1; expires=Thu, 23-Oct-2025 16:43:07 GMT; path=/\nmtcached_mtsession_gguogdqnkml2w1fde1nttvqs=10.115.3.122:9714; domain=.zyzhan.com; path=/; HttpOnly\r\nx-powered-by: ASP.NET-hg4.92\r\nvia: cache33.l2cn3130[92,92,200-0,M], cache38.l2cn3130[93,0], kunlun3.cn7174[100,99,200-0,M], kunlun10.cn7174[102,0]\r\nali-swift-global-savetime: 1761194587\r\nx-cache: MISS TCP_MISS dirn:-2:-2\r\nx-swift-savetime: Thu, 23 Oct 2025 04:43:07 GMT\r\nx-swift-cachetime: 0\r\ntiming-allow-origin: *\r\neagleid: b4a3921e17611945872541356e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET:4.0.30319","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":331,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":331,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.shalwell.com/Skins/143899/images/link.png","fqdn":"www.shalwell.com","domain":"shalwell.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.shalwell.com/","date":"2025-10-23T04:43:04.273Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/143899/images/link.png HTTP/1.1\r\nHost: www.shalwell.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.shalwell.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ASP.NET_SessionId=bqzyyuaf4pb05z2yr3ro0yvi; mtcached_mtsession_bqzyyuaf4pb05z2yr3ro0yvi=08c92760be0cc378455247eafb6c4b30fc0c376a1e9f65ff\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 2926\r\nConnection: keep-alive\r\nDate: Thu, 23 Oct 2025 04:43:05 GMT\r\nLast-Modified: Wed, 27 Aug 2025 06:16:24 GMT\r\nAccept-Ranges: bytes\r\nETag: \"0ac271d1a17dc1:0\"\r\nX-Powered-By: ASP.NET-115.4.171\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache70.l2cn2655[26,25,200-0,M], cache20.l2cn2655[27,0], kunlun7.cn192[42,41,200-0,M], kunlun6.cn192[43,0]\r\nAli-Swift-Global-Savetime: 1761194585\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Thu, 23 Oct 2025 04:43:05 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01a17611945856336624e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":2926,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 34 x 36, 8-bit/color RGBA, non-interlaced","md5":"8b516915675bb8725c0a0662228de59a","sha1":"7500c18139e616de2f27ba9ab5c8a5de6fad523b","sha256":"562ce382b35d0d5adb0edeff52c850cb1b3e629d98f676aff388f3053e5e3c13","sha512":"e4340a584c079cf9da241698d3d5a046225ee628af33626e6849c4695329fbe15274b046e6ad00bf9aa8b5663a0820e5ac2d793a3e1282f4aa993524e2e6d967","ssdeep":"","tlshash":"9c51a308ed6198811a5df9c9d9fcb157a3bb2ec05ea0641d5eca88134d204eecdcd6cb","first_seen":"2025-10-05T11:36:13.899533Z","last_seen":"2026-01-23T23:11:31.231768Z","times_seen":10,"resource_available":false,"data":null}},"time_used":1560,"timings":{"blocked":1249,"dns":0,"connect":0,"send":0,"wait":307,"receive":4,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:05Z","timestamp":1761194585,"ip_dst":{"addr":"172.18.0.5","port":48946,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:05.830913+0000\",\"flow_id\":212840096437179,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48946,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/link.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.shalwell.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1460},\"files\":[{\"filename\":\"/Skins/143899/images/link.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":1460,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":23,\"pkts_toclient\":26,\"bytes_toserver\":2802,\"bytes_toclient\":26532,\"start\":\"2025-10-23T04:43:03.693179+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.shalwell.com/Skins/143899/images/mulu2.png","fqdn":"www.shalwell.com","domain":"shalwell.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.shalwell.com/","date":"2025-10-23T04:43:07.546Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/143899/images/mulu2.png HTTP/1.1\r\nHost: www.shalwell.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.shalwell.com/Skins/143899/css/style.css\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ASP.NET_SessionId=bqzyyuaf4pb05z2yr3ro0yvi; mtcached_mtsession_bqzyyuaf4pb05z2yr3ro0yvi=08c92760be0cc378455247eafb6c4b30fc0c376a1e9f65ff\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 1888\r\nConnection: keep-alive\r\nDate: Thu, 23 Oct 2025 04:43:07 GMT\r\nLast-Modified: Wed, 27 Aug 2025 06:16:22 GMT\r\nAccept-Ranges: bytes\r\nETag: \"07ff61b1a17dc1:0\"\r\nX-Powered-By: ASP.NET-115.4.174\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache51.l2cn8000[16,16,200-0,M], cache89.l2cn8000[17,0], kunlun7.cn192[33,33,200-0,M], kunlun10.cn192[35,0]\r\nAli-Swift-Global-Savetime: 1761194587\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Thu, 23 Oct 2025 04:43:07 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01e17611945878304429e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":1888,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 31 x 31, 8-bit/color RGBA, non-interlaced","md5":"eddd0f849fc1c7829832b6f9e8fb4fd9","sha1":"2f8a652e625775bf7a3698f81a0300fef7135d8e","sha256":"6416a6887e980be9597039e8582579cbacfd3f1294ddbd13186aef108d9d7de8","sha512":"1055e73c87f1aae96da68ff07fee60d28f5de434888f7caa91fc8ea93d1bd6dd67c9a75927981f88642b45568f67372b4f08306bff5850d3136ceacfa147d94f","ssdeep":"","tlshash":"be417789f910ec52694dea86bce6a1472b375be185e7b4117cc98c0b14b20f9cd1ecd7","first_seen":"2025-03-09T15:25:07.220556Z","last_seen":"2026-03-20T10:57:50.306774Z","times_seen":15,"resource_available":false,"data":null}},"time_used":467,"timings":{"blocked":201,"dns":0,"connect":0,"send":0,"wait":266,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:08Z","timestamp":1761194588,"ip_dst":{"addr":"172.18.0.5","port":49014,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:08.012768+0000\",\"flow_id\":891633907812413,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":49014,\"proto\":\"TCP\",\"tx_id\":4,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/mulu2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":231,\"pkts_toclient\":246,\"bytes_toserver\":15250,\"bytes_toclient\":357443,\"start\":\"2025-10-23T04:43:04.477245+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.shalwell.com/index_cache.html","fqdn":"www.shalwell.com","domain":"shalwell.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.shalwell.com/","date":"2025-10-23T04:43:04.277Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /index_cache.html HTTP/1.1\r\nHost: www.shalwell.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.shalwell.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ASP.NET_SessionId=bqzyyuaf4pb05z2yr3ro0yvi; mtcached_mtsession_bqzyyuaf4pb05z2yr3ro0yvi=08c92760be0cc378455247eafb6c4b30fc0c376a1e9f65ff\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Length: 0\r\nConnection: keep-alive\r\nDate: Thu, 23 Oct 2025 04:43:07 GMT\r\nCache-Control: private\r\nX-Powered-By: ASP.NET-115.4.173\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache24.l2cn8045[1426,1426,200-0,M], cache8.l2cn8045[1428,0], kunlun7.cn192[1472,1472,200-0,M], kunlun10.cn192[1474,0]\r\nAli-Swift-Global-Savetime: 1761194587\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Thu, 23 Oct 2025 04:43:07 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01e17611945856177181e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":2958,"timings":{"blocked":1246,"dns":0,"connect":0,"send":0,"wait":1712,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:07Z","timestamp":1761194587,"ip_dst":{"addr":"172.18.0.5","port":48986,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:07.473914+0000\",\"flow_id\":498760364359010,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48986,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/index_cache.html\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_refer\":\"http://www.shalwell.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":54,\"pkts_toclient\":69,\"bytes_toserver\":4497,\"bytes_toclient\":94672,\"start\":\"2025-10-23T04:43:04.228706+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.shalwell.com/Skins/143899/images/zxbtn.png","fqdn":"www.shalwell.com","domain":"shalwell.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.shalwell.com/","date":"2025-10-23T04:43:06.803Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/143899/images/zxbtn.png HTTP/1.1\r\nHost: www.shalwell.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.shalwell.com/Skins/143899/css/style.css\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ASP.NET_SessionId=bqzyyuaf4pb05z2yr3ro0yvi; mtcached_mtsession_bqzyyuaf4pb05z2yr3ro0yvi=08c92760be0cc378455247eafb6c4b30fc0c376a1e9f65ff\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 6189\r\nConnection: keep-alive\r\nDate: Thu, 23 Oct 2025 04:43:07 GMT\r\nLast-Modified: Wed, 27 Aug 2025 06:16:17 GMT\r\nAccept-Ranges: bytes\r\nETag: \"808efb181a17dc1:0\"\r\nX-Powered-By: ASP.NET-115.4.173\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache11.l2cn2655[44,43,200-0,M], cache38.l2cn2655[45,0], kunlun6.cn192[87,86,200-0,M], kunlun7.cn192[89,0]\r\nAli-Swift-Global-Savetime: 1761194587\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Thu, 23 Oct 2025 04:43:07 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01b17611945871987644e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":6189,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 198 x 64, 8-bit/color RGBA, non-interlaced","md5":"c1ebdc0a09701af244f9a5e63a440a09","sha1":"df8a6d61c4de4811029866d8c0fbd5f64325370c","sha256":"bb8a0c10dccde739dd02a839c0c7301f537eacb2bfea8703255afe8b3bc82704","sha512":"beba2e8bca3ad3c071126324733cb2b42078b3862bfd3564142dd0660d13faac78486d282f408305dadf9a5bc2992d937277d52c0cda9f43715f9f6bc4bcc526","ssdeep":"192:CSQ7F8knFWMICIBedJWJaStRlt1MnxS1jCHDJfX76q+yHe2:dQNnFWMIC0edJWJaSTlTMnkCN76Qe2","tlshash":"3fd14b8cbe91dc80198dbf9a389ee7e2653b1fc08ed37128fcf9540b5950175d82e58a","first_seen":"2025-03-09T15:25:07.216317Z","last_seen":"2026-03-20T10:57:50.316221Z","times_seen":19,"resource_available":false,"data":null}},"time_used":654,"timings":{"blocked":288,"dns":0,"connect":0,"send":0,"wait":363,"receive":3,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:07Z","timestamp":1761194587,"ip_dst":{"addr":"172.18.0.5","port":48966,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:07.455466+0000\",\"flow_id\":1420627849802037,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48966,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/zxbtn.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2169},\"files\":[{\"filename\":\"/Skins/143899/images/zxbtn.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":2169,\"tx_id\":3}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":223,\"pkts_toclient\":238,\"bytes_toserver\":14197,\"bytes_toclient\":345445,\"start\":\"2025-10-23T04:43:04.225589+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.shalwell.com/Skins/143899/images/banner2.jpg","fqdn":"www.shalwell.com","domain":"shalwell.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.shalwell.com/","date":"2025-10-23T04:43:04.259Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/143899/images/banner2.jpg HTTP/1.1\r\nHost: www.shalwell.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.shalwell.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ASP.NET_SessionId=bqzyyuaf4pb05z2yr3ro0yvi; mtcached_mtsession_bqzyyuaf4pb05z2yr3ro0yvi=08c92760be0cc378455247eafb6c4b30fc0c376a1e9f65ff\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/jpeg\r\nContent-Length: 323994\r\nConnection: keep-alive\r\nDate: Thu, 23 Oct 2025 04:43:05 GMT\r\nLast-Modified: Wed, 27 Aug 2025 06:16:16 GMT\r\nAccept-Ranges: bytes\r\nETag: \"0f862181a17dc1:0\"\r\nX-Powered-By: ASP.NET-115.4.177\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache58.l2ea120-8[27,27,200-0,M], cache29.l2ea120-8[28,0], kunlun8.cn192[41,40,200-0,M], kunlun7.cn192[42,0]\r\nAli-Swift-Global-Savetime: 1761194585\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Thu, 23 Oct 2025 04:43:05 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01b17611945856303824e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":323994,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x600, components 3","md5":"37c605a5bf96ef9e5419ea26b3eb6223","sha1":"1df542284208fc3bbecca061caf2919e8f7053da","sha256":"ec618b48f893cc4c2dbde9caafee15a4cb91d0b540616184ebe9ddb5447cac06","sha512":"fc863ed1dbc721bee3976970d050a3dc25d332ce9e4c85b550691e6e78783833f6fa316f22ebd77bf4ef8a409ecba8aeaec13a7f518199a4d7e6f5d93e8261ca","ssdeep":"6144:9qj6cX9KNr0sLlpSXlLicXIpGJHs1f1my6SeiT22h2HA2+bkH:9llr0spp6HJHs1f1HXHSZP","tlshash":"e4642333b476e94c6257cbb0c00f0f6b99cc69ed48547168b6a093367a861b63d4ed8f","first_seen":"2025-10-23T04:43:42.816177Z","last_seen":"2025-10-23T04:43:42.816177Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2467,"timings":{"blocked":1264,"dns":0,"connect":0,"send":0,"wait":317,"receive":886,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:05Z","timestamp":1761194585,"ip_dst":{"addr":"172.18.0.5","port":48966,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:05.839997+0000\",\"flow_id\":1420627849802037,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48966,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/banner2.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.shalwell.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":705},\"files\":[{\"filename\":\"/Skins/143899/images/banner2.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":705,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":8,\"bytes_toserver\":1467,\"bytes_toclient\":4605,\"start\":\"2025-10-23T04:43:04.225589+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.shalwell.com/js/JSChat.js","fqdn":"www.shalwell.com","domain":"shalwell.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.shalwell.com/","date":"2025-10-23T04:43:04.252Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /js/JSChat.js HTTP/1.1\r\nHost: www.shalwell.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.shalwell.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ASP.NET_SessionId=bqzyyuaf4pb05z2yr3ro0yvi; mtcached_mtsession_bqzyyuaf4pb05z2yr3ro0yvi=08c92760be0cc378455247eafb6c4b30fc0c376a1e9f65ff\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: application/javascript\r\nContent-Length: 1630\r\nConnection: keep-alive\r\nDate: Thu, 23 Oct 2025 04:43:04 GMT\r\nLast-Modified: Thu, 14 Dec 2023 02:42:55 GMT\r\nAccept-Ranges: bytes\r\nETag: \"80e1743d372eda1:0\"\r\nX-Powered-By: ASP.NET-115.4.173\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache66.l2cn8003[22,21,200-0,M], cache21.l2cn8003[23,0], kunlun10.cn192[55,55,200-0,M], kunlun9.cn192[58,0]\r\nAli-Swift-Global-Savetime: 1761194584\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Thu, 23 Oct 2025 04:43:04 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01d17611945845904244e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":1630,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text, with CRLF line terminators","md5":"5df2729259e8d6305c995aa02a1fe95f","sha1":"5259c1e1530091e789f529896bdf53a7147068aa","sha256":"518c80e920b08923052599ae94cc6043a9974223a6e1ae382937c0df7077fb83","sha512":"af043ea954f40db1921a4f344d758bb514bfc2509c46089bbeacb12940b8ae8b390ff56b2a219a865b801e569b9a48754fb9e8b1690f1368d5fc18fdcdff7fca","ssdeep":"","tlshash":"4e31e0b64902931209394f63d716120de667416b9113e062bd3d6c653fb8a17b3a8ff0","first_seen":"2025-04-13T08:11:41.667908Z","last_seen":"2026-04-02T00:59:17.416653Z","times_seen":179,"resource_available":false,"data":null}},"time_used":823,"timings":{"blocked":236,"dns":1,"connect":262,"send":0,"wait":324,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:05Z","timestamp":1761194585,"ip_dst":{"addr":"172.18.0.5","port":48960,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:05.784019+0000\",\"flow_id\":1146256748998897,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48960,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/js/JSChat.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://www.shalwell.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1630},\"files\":[{\"filename\":\"/js/JSChat.js\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":1630,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":6,\"bytes_toserver\":1412,\"bytes_toclient\":2743,\"start\":\"2025-10-23T04:43:04.225521+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.shalwell.com/Skins/143899/images/banner1.jpg","fqdn":"www.shalwell.com","domain":"shalwell.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.shalwell.com/","date":"2025-10-23T04:43:04.258Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/143899/images/banner1.jpg HTTP/1.1\r\nHost: www.shalwell.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.shalwell.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ASP.NET_SessionId=bqzyyuaf4pb05z2yr3ro0yvi; mtcached_mtsession_bqzyyuaf4pb05z2yr3ro0yvi=08c92760be0cc378455247eafb6c4b30fc0c376a1e9f65ff\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/jpeg\r\nContent-Length: 334106\r\nConnection: keep-alive\r\nDate: Thu, 23 Oct 2025 04:43:05 GMT\r\nLast-Modified: Fri, 29 Aug 2025 02:48:39 GMT\r\nAccept-Ranges: bytes\r\nETag: \"801d436c8f18dc1:0\"\r\nX-Powered-By: ASP.NET-115.4.176\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache68.l2cn3130[20,20,200-0,M], cache66.l2cn3130[22,0], kunlun8.cn192[45,44,200-0,M], kunlun10.cn192[50,0]\r\nAli-Swift-Global-Savetime: 1761194585\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Thu, 23 Oct 2025 04:43:05 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01e17611945856097163e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":334106,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x600, components 3","md5":"c916204da1051a4e8ce9e27a33aca8be","sha1":"684495f0ad424dba460311e20ff0e0518a5e8da7","sha256":"47403b00c60f6a5430f32e363f1dc4b6ad7598b974fee34442f6ca827959a36c","sha512":"d4bd2bf7d6c0a16ad6e52b4efaa4f54089af0b3ec9f61ed4b681c23ad27d52b0e3f5adee9afd8c0809dd23cac90a385d53fdd2e5a3bd3c4a3aa4703097e29328","ssdeep":"6144:xQTrfdedu+8CNPWXaLGn0xDxEXTEatDLzLydJtqKg5t1mHe850eqiXZ6+b:6TbGNPnLA6xKtL/yVqLIHeub","tlshash":"1f64121fd7e6b89470b9ccbc117a4f27f768c4aa65081756c63228723ecb76588421ef","first_seen":"2025-10-23T04:43:42.869043Z","last_seen":"2025-10-23T04:43:42.869043Z","times_seen":1,"resource_available":false,"data":null}},"time_used":3594,"timings":{"blocked":1265,"dns":1,"connect":253,"send":0,"wait":289,"receive":743,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:05Z","timestamp":1761194585,"ip_dst":{"addr":"172.18.0.5","port":49014,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:05.812123+0000\",\"flow_id\":891633907812413,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":49014,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/banner1.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.shalwell.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":705},\"files\":[{\"filename\":\"/Skins/143899/images/banner1.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":705,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":5,\"bytes_toserver\":813,\"bytes_toclient\":3214,\"start\":\"2025-10-23T04:43:04.477245+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"push.zhanzhang.baidu.com/push.js","fqdn":"push.zhanzhang.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"39.156.68.163","port":80,"asn":9808,"as":"China Mobile Communications Group Co., Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.shalwell.com/","date":"2025-10-23T04:43:05.573Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /push.js HTTP/1.1\r\nHost: push.zhanzhang.baidu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.shalwell.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Encoding: gzip\r\nContent-Length: 232\r\nContent-Type: text/javascript\r\nServer: bfe\r\nDate: Thu, 23 Oct 2025 04:43:07 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":281,"size_decoded":0,"mime_type":"text/javascript","magic":"ASCII text, with no line terminators","md5":"1bb5a3267c9865ad4abe8d937734b62b","sha1":"b5478dd2edb3e64242eced1db2dbd945ef81f592","sha256":"674bc0c70f98d627b8a7e1d278a1f21ffe33815565f7d5371bf0275da57571b2","sha512":"33318ed944a49a8fa334983408d68853b1fbe4f80b19adef6235f23d7708b616cd4f8dd28c8b8ebfbb5776aab8088229f3060cd789af34fe1db5038a98bd0d39","ssdeep":"","tlshash":"91d02be874a0c41c0ce710b17fab328cfab20b2755244d40c05b90013614b1f824bfe9","first_seen":"2023-03-07T01:02:09Z","last_seen":"2026-04-05T08:03:13.134675Z","times_seen":20927,"resource_available":true,"data":null}},"time_used":1831,"timings":{"blocked":0,"dns":1310,"connect":260,"send":0,"wait":261,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.shalwell.com/Skins/143899/images/ssico.png","fqdn":"www.shalwell.com","domain":"shalwell.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.shalwell.com/","date":"2025-10-23T04:43:06.782Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/143899/images/ssico.png HTTP/1.1\r\nHost: www.shalwell.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.shalwell.com/Skins/143899/css/style.css\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ASP.NET_SessionId=bqzyyuaf4pb05z2yr3ro0yvi; mtcached_mtsession_bqzyyuaf4pb05z2yr3ro0yvi=08c92760be0cc378455247eafb6c4b30fc0c376a1e9f65ff\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 2639\r\nConnection: keep-alive\r\nDate: Thu, 23 Oct 2025 04:43:06 GMT\r\nLast-Modified: Wed, 27 Aug 2025 06:16:17 GMT\r\nAccept-Ranges: bytes\r\nETag: \"808efb181a17dc1:0\"\r\nX-Powered-By: ASP.NET-115.4.173\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache55.l2cn3059[23,23,200-0,M], cache34.l2cn3059[25,0], kunlun2.cn192[39,38,200-0,M], kunlun7.cn192[40,0]\r\nAli-Swift-Global-Savetime: 1761194586\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Thu, 23 Oct 2025 04:43:06 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01b17611945868726814e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":2639,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced","md5":"8626dcfb2b93471283ef13bdc8a19754","sha1":"bc6b707d9063425166d30512d9e950e1fecc101e","sha256":"30e3bdc93522afc9b0218b46b18512b645d2698c88c69d82c1eddc9ad81545a7","sha512":"4b771b41bff8b24b78bcdf4748713495aacc38ddd6ec94d66ad9aa2f757804848dd80e3b3d5189c1ea26d536bd132c83f3c5f781072534dc31f8f6e8de4f1d93","ssdeep":"","tlshash":"cb519508fc1468504e0cfa885afda24297f70fc58e9068096ed9c8539d215fd8edd5cb","first_seen":"2025-03-09T15:25:07.21815Z","last_seen":"2026-03-20T10:57:50.306318Z","times_seen":25,"resource_available":false,"data":null}},"time_used":294,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":293,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:07Z","timestamp":1761194587,"ip_dst":{"addr":"172.18.0.5","port":48970,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:07.340073+0000\",\"flow_id\":161085740578150,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48970,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/ssico.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2639},\"files\":[{\"filename\":\"/Skins/143899/images/ssico.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2639,\"tx_id\":3}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":98,\"pkts_toclient\":138,\"bytes_toserver\":7945,\"bytes_toclient\":193704,\"start\":\"2025-10-23T04:43:04.226662+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.shalwell.com/Skins/143899/fonts/impact.ttf","fqdn":"www.shalwell.com","domain":"shalwell.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://www.shalwell.com/","date":"2025-10-23T04:43:06.812Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/143899/fonts/impact.ttf HTTP/1.1\r\nHost: www.shalwell.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.shalwell.com/Skins/143899/css/style.css\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ASP.NET_SessionId=bqzyyuaf4pb05z2yr3ro0yvi; mtcached_mtsession_bqzyyuaf4pb05z2yr3ro0yvi=08c92760be0cc378455247eafb6c4b30fc0c376a1e9f65ff\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: Tengine\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nDate: Thu, 23 Oct 2025 04:43:07 GMT\r\nVary: Accept-Encoding\r\nX-Powered-By: ASP.NET-115.4.172\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nContent-Encoding: gzip\r\nVia: cache19.l2cn2647[16,15,404-0,M], cache27.l2cn2647[17,0], kunlun10.cn192[33,33,404-1280,M], kunlun10.cn192[34,0]\r\nCache-Control: no-cache\r\nAli-Swift-Global-Savetime: 1761194587\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-Error: orig response 4XX error\r\nX-Swift-SaveTime: Thu, 23 Oct 2025 04:43:07 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01e17611945871572908e\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":3605,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (835), with CRLF line terminators","md5":"241b20f122a706a82fea823ebeb943dd","sha1":"a5251140f8adfe1485e9af67347c21bcf9126ee6","sha256":"2d28091ef818b17811e2493a4dbe63de9efdd575a9a217aff0053a3584d53533","sha512":"f5866cf29743f892ce89ed41b1b1dc2c4dc2e198bfed197c0c853bb1a3e5531256b05a99f7c19f0011002fcf5f52b1239ebe890b8e34c0089c4ab82cf843d343","ssdeep":"","tlshash":"5b71552065db253eb237c5e36863759cfd829547a6014b38f1fe76e7cf9b18a9023501","first_seen":"2025-05-11T21:33:37.152671Z","last_seen":"2026-01-19T02:45:28.415544Z","times_seen":25,"resource_available":false,"data":null}},"time_used":528,"timings":{"blocked":262,"dns":0,"connect":0,"send":0,"wait":265,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:07Z","timestamp":1761194587,"ip_dst":{"addr":"172.18.0.5","port":49014,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:07.339086+0000\",\"flow_id\":891633907812413,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":49014,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/fonts/impact.ttf\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":1698},\"files\":[{\"filename\":\"/Skins/143899/fonts/impact.ttf\",\"sid\":[],\"gaps\":false,\"state\":\"TRUNCATED\",\"stored\":false,\"size\":3605,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":226,\"pkts_toclient\":241,\"bytes_toserver\":13884,\"bytes_toclient\":352500,\"start\":\"2025-10-23T04:43:04.477245+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:07Z","timestamp":1761194587,"ip_dst":{"addr":"172.18.0.5","port":49014,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:07.606764+0000\",\"flow_id\":891633907812413,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":49014,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/fonts/impact.ttf\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":1701},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":227,\"pkts_toclient\":242,\"bytes_toserver\":14487,\"bytes_toclient\":354014,\"start\":\"2025-10-23T04:43:04.477245+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.shalwell.com/","fqdn":"www.shalwell.com","domain":"shalwell.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-23T04:43:02.502Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: www.shalwell.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":931,"timings":{"blocked":0,"dns":457,"connect":235,"send":0,"wait":0,"receive":0,"ssl":236},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:04Z","timestamp":1761194584,"ip_dst":{"addr":"172.18.0.5","port":48944,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:04.072992+0000\",\"flow_id\":1054434643131634,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48944,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":5,\"bytes_toserver\":691,\"bytes_toclient\":2812,\"start\":\"2025-10-23T04:43:03.441586+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:04Z","timestamp":1761194584,"ip_dst":{"addr":"172.18.0.5","port":48944,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:04.496566+0000\",\"flow_id\":1054434643131634,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48944,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":13539},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":51855,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":16,\"pkts_toclient\":15,\"bytes_toserver\":1801,\"bytes_toclient\":15433,\"start\":\"2025-10-23T04:43:03.441586+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.shalwell.com/Skins/143899/css/style.css","fqdn":"www.shalwell.com","domain":"shalwell.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://www.shalwell.com/","date":"2025-10-23T04:43:04.243Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/143899/css/style.css HTTP/1.1\r\nHost: www.shalwell.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.shalwell.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ASP.NET_SessionId=bqzyyuaf4pb05z2yr3ro0yvi; mtcached_mtsession_bqzyyuaf4pb05z2yr3ro0yvi=08c92760be0cc378455247eafb6c4b30fc0c376a1e9f65ff\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nDate: Thu, 23 Oct 2025 04:43:04 GMT\r\nVary: Accept-Encoding\r\nLast-Modified: Fri, 29 Aug 2025 02:51:25 GMT\r\nETag: W/\"80b434cf8f18dc1:0\"\r\nX-Powered-By: ASP.NET-115.4.176\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nContent-Encoding: gzip\r\nVia: cache4.l2cn2647[26,26,200-0,M], cache54.l2cn2647[27,0], kunlun9.cn192[48,47,200-0,M], kunlun6.cn192[53,0]\r\nAli-Swift-Global-Savetime: 1761194584\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Thu, 23 Oct 2025 04:43:04 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01a17611945843343721e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":89601,"size_decoded":0,"mime_type":"text/css","magic":"troff or preprocessor input, Unicode text, UTF-8 text, with very long lines (548), with CRLF line terminators","md5":"d1f24799e4ff906e76b338f958eff824","sha1":"1aa15ea27b3c55e5b66a232be6fb623da50674d8","sha256":"99e0df7c91fc5b61471158ab8146cae7b2834f6792913d0344ba851b9a94f47b","sha512":"e34ae715d2b244f7c043103ab07fbdbb935b2252e8a66901073ec0ffdc1ba3d01e1bfb95cca8ecc2f71687301273b536d2e5c0cf04951d575fd16b75fdb5dfde","ssdeep":"1536:F7zpa4qKCA5uRvElzfMP5qURAstAibOChSTmq0RfSqOPXYWftvNmlfyN1TNibmPI:pk9","tlshash":"a4934231ab52324de23b8738bbd3a79d273e8056e38206fcae457a74d18f59b4573640","first_seen":"2025-10-23T04:43:42.975137Z","last_seen":"2025-10-23T04:43:42.975137Z","times_seen":1,"resource_available":false,"data":null}},"time_used":331,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":318,"receive":13,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:04Z","timestamp":1761194584,"ip_dst":{"addr":"172.18.0.5","port":48946,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:04.550163+0000\",\"flow_id\":212840096437179,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48946,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/css/style.css\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://www.shalwell.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":5,\"bytes_toserver\":801,\"bytes_toclient\":2536,\"start\":\"2025-10-23T04:43:03.693179+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:04Z","timestamp":1761194584,"ip_dst":{"addr":"172.18.0.5","port":48946,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:04.819215+0000\",\"flow_id\":212840096437179,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48946,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/css/style.css\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://www.shalwell.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15782},\"files\":[{\"filename\":\"/Skins/143899/css/style.css\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":89601,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":19,\"pkts_toclient\":18,\"bytes_toserver\":2066,\"bytes_toclient\":17562,\"start\":\"2025-10-23T04:43:03.693179+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.shalwell.com/Skins/143899/js/jqueryNew.min.js","fqdn":"www.shalwell.com","domain":"shalwell.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.shalwell.com/","date":"2025-10-23T04:43:04.248Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/143899/js/jqueryNew.min.js HTTP/1.1\r\nHost: www.shalwell.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.shalwell.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ASP.NET_SessionId=bqzyyuaf4pb05z2yr3ro0yvi; mtcached_mtsession_bqzyyuaf4pb05z2yr3ro0yvi=08c92760be0cc378455247eafb6c4b30fc0c376a1e9f65ff\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: application/javascript\r\nContent-Length: 89501\r\nConnection: keep-alive\r\nDate: Thu, 23 Oct 2025 04:43:05 GMT\r\nLast-Modified: Wed, 27 Aug 2025 06:16:41 GMT\r\nAccept-Ranges: bytes\r\nETag: \"80aa49271a17dc1:0\"\r\nX-Powered-By: ASP.NET-115.4.176\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache49.l2cn3130[16,16,200-0,M], cache64.l2cn3130[18,0], kunlun6.cn192[530,530,200-0,M], kunlun10.cn192[532,0]\r\nAli-Swift-Global-Savetime: 1761194585\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Thu, 23 Oct 2025 04:43:05 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01e17611945845603819e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":89501,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65447)","md5":"8fb8fee4fcc3cc86ff6c724154c49c42","sha1":"b82d238d4e31fdf618bae8ac11a6c812c03dd0d4","sha256":"ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e","sha512":"f3de1813a4160f9239f4781938645e1589b876759cd50b7936dbd849a35c38ffaed53f6a61dbdd8a1cf43cf4a28aa9fffbfddeec9a3811a1bb4ee6df58652b31","ssdeep":"1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn","tlshash":"069309ddb2c6702257a720ba007f510bf236199d6c4d8450f169d8eabc78a4e827bf7d","first_seen":"2023-03-07T01:02:13Z","last_seen":"2026-04-05T07:43:24.080116Z","times_seen":445213,"resource_available":true,"data":null}},"time_used":1513,"timings":{"blocked":219,"dns":1,"connect":238,"send":0,"wait":770,"receive":285,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:05Z","timestamp":1761194585,"ip_dst":{"addr":"172.18.0.5","port":48986,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:05.237097+0000\",\"flow_id\":498760364359010,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48986,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/js/jqueryNew.min.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://www.shalwell.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":738,\"bytes_toclient\":2457,\"start\":\"2025-10-23T04:43:04.228706+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.shalwell.com/skins/143899/js/kf4.js","fqdn":"www.shalwell.com","domain":"shalwell.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.shalwell.com/","date":"2025-10-23T04:43:04.275Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/143899/js/kf4.js HTTP/1.1\r\nHost: www.shalwell.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.shalwell.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ASP.NET_SessionId=bqzyyuaf4pb05z2yr3ro0yvi; mtcached_mtsession_bqzyyuaf4pb05z2yr3ro0yvi=08c92760be0cc378455247eafb6c4b30fc0c376a1e9f65ff\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: application/javascript\r\nContent-Length: 565\r\nConnection: keep-alive\r\nDate: Thu, 23 Oct 2025 04:43:04 GMT\r\nLast-Modified: Wed, 27 Aug 2025 06:16:41 GMT\r\nAccept-Ranges: bytes\r\nETag: \"80aa49271a17dc1:0\"\r\nX-Powered-By: ASP.NET-115.4.176\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache1.l2cn8813[22,21,200-0,M], cache32.l2cn8813[24,0], kunlun2.cn192[48,48,200-0,M], kunlun7.cn192[50,0]\r\nAli-Swift-Global-Savetime: 1761194584\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Thu, 23 Oct 2025 04:43:04 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01b17611945845981465e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":565,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators","md5":"185760354a342fb51b83e5ac0adfd389","sha1":"ad99f01bea221dc4d0e53c9fe0194b195ac7dd39","sha256":"f1acf40c39ce74882419a11536706095da0e7579ff1158639bcf9353275232ba","sha512":"4af80be2c358bec5a15a5686592e8c0184d61cb2964c749b7b293c9e51adb3b16732c1cf355472f1f964012532338b171a1867e6cd28bd19e2177c9443e8478c","ssdeep":"","tlshash":"58f06dacb048612940eeb338e93b93d97d3d78a371976096945e4cfc14b4bfa4612d88","first_seen":"2025-10-23T04:43:43.03746Z","last_seen":"2025-10-23T04:43:43.03746Z","times_seen":1,"resource_available":true,"data":null}},"time_used":805,"timings":{"blocked":215,"dns":0,"connect":265,"send":0,"wait":325,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:04Z","timestamp":1761194584,"ip_dst":{"addr":"172.18.0.5","port":48966,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:04.816029+0000\",\"flow_id\":1420627849802037,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48966,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/skins/143899/js/kf4.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://www.shalwell.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":5,\"bytes_toserver\":782,\"bytes_toclient\":1621,\"start\":\"2025-10-23T04:43:04.225589+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"public.mtnets.com/Images/public/xwt/people.png","fqdn":"public.mtnets.com","domain":"mtnets.com","tld":"com"},"ip":{"addr":"42.236.78.108","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.shalwell.com/","date":"2025-10-23T04:43:07.763Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.mtnets.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Fri, 05 Sep 2025 03:48:46 GMT","end":"Mon, 05 Oct 2026 03:48:45 GMT"},"fingerprint":{"sha1":"17:7D:9B:7D:77:E5:75:95:47:DB:97:C3:AB:B8:D0:E9:74:B6:07:84","sha256":"76:5C:C6:79:DF:08:A6:CD:BB:8D:53:C9:B4:57:D8:93:F6:E7:6A:58:6B:73:54:DB:67:7E:12:CE:5D:29:0A:D3"}}},"request":{"raw":"GET /Images/public/xwt/people.png HTTP/1.1\r\nHost: public.mtnets.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://chat.zyzhan.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 23 Oct 2025 04:43:10 GMT\r\nContent-Type: image/png\r\nContent-Length: 15299\r\nConnection: keep-alive\r\nServer: openresty\r\nLast-Modified: Fri, 13 Oct 2023 06:38:21 GMT\r\nETag: \"b591bedb9ffdd91:0\"\r\nX-Powered-By: ASP.NET-4.95\r\nAccess-Control-Allow-Origin: *\r\nX-CCDN-Expires: 2459801\r\nvia: CHN-HAzhengzhou-CUPN6-CACHE31[35],CHN-HAzhengzhou-CUPN6-CACHE49[0,TCP_HIT,18],CHN-JSwuxi-GLOBAL2-CACHE119[20],CHN-JSwuxi-GLOBAL2-CACHE49[0,TCP_HIT,18]\r\nx-hcs-proxy-type: 1\r\nX-CCDN-CacheTTL: 2592000\r\nX-CCDN-REQ-ID-46B1: 22fa59f7361bbd1c60326967431ccf86\r\nnginx-hit: 1\r\nAge: 132199\r\nAccept-Ranges: bytes\r\nStrict-Transport-Security: max-age=31622400; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":15299,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 107 x 100, 8-bit/color RGBA, non-interlaced","md5":"f154c1b801b90d312bd09884a1e30b35","sha1":"4132a0516d4d0ebb0a2da1a2105f15663722fc7e","sha256":"f33b4dbaadaa27009fc8f82ec5e2b7fb6a73874a8b989dcc03a10aa4450aeb5f","sha512":"855c21fc4e51161b2928f67baf4ebc489848deffd5af89dc5588c5d918e7bcb9f99052574abc7560eea9b9e3a2f06022e096374277fe1c6d564174c794cb5f6d","ssdeep":"384:E4QOYtdvmJiIUxSm8J98nfW8HKf51ZN3MYj6GwY0A:E4QttJm15m8Lg+8H4vb/UA","tlshash":"8e62bfb13458a17b03d5fe37a1b46137aa32be09f3a910c4779f92741dc02eaae16271","first_seen":"2023-11-22T11:37:32Z","last_seen":"2026-04-02T14:38:09.549018Z","times_seen":25,"resource_available":false,"data":null}},"time_used":6453,"timings":{"blocked":2990,"dns":2443,"connect":231,"send":0,"wait":471,"receive":1,"ssl":315},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"public.mtnets.com/Images/public/xwt/window-set.png","fqdn":"public.mtnets.com","domain":"mtnets.com","tld":"com"},"ip":{"addr":"42.236.78.108","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.shalwell.com/","date":"2025-10-23T04:43:07.765Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.mtnets.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Fri, 05 Sep 2025 03:48:46 GMT","end":"Mon, 05 Oct 2026 03:48:45 GMT"},"fingerprint":{"sha1":"17:7D:9B:7D:77:E5:75:95:47:DB:97:C3:AB:B8:D0:E9:74:B6:07:84","sha256":"76:5C:C6:79:DF:08:A6:CD:BB:8D:53:C9:B4:57:D8:93:F6:E7:6A:58:6B:73:54:DB:67:7E:12:CE:5D:29:0A:D3"}}},"request":{"raw":"GET /Images/public/xwt/window-set.png HTTP/1.1\r\nHost: public.mtnets.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://chat.zyzhan.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 23 Oct 2025 04:43:10 GMT\r\nContent-Type: image/png\r\nContent-Length: 799\r\nConnection: keep-alive\r\nServer: openresty\r\nLast-Modified: Tue, 10 Oct 2023 03:05:05 GMT\r\nETag: \"9911d59126fbd91:0\"\r\nX-Powered-By: ASP.NET-4.91\r\nAccess-Control-Allow-Origin: *\r\nX-CCDN-Expires: 2190391\r\nvia: CHN-HAzhengzhou-CUPN6-CACHE22[5],CHN-HAzhengzhou-CUPN6-CACHE40[0,TCP_HIT,3],CHN-JSwuxi-GLOBAL2-CACHE72[28],CHN-JSwuxi-GLOBAL2-CACHE110[0,TCP_HIT,24]\r\nx-hcs-proxy-type: 1\r\nX-CCDN-CacheTTL: 2592000\r\nX-CCDN-REQ-ID-46B1: 15bf270e1837c6e95b73313823e2687f\r\nnginx-hit: 1\r\nAge: 401609\r\nAccept-Ranges: bytes\r\nStrict-Transport-Security: max-age=31622400; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":799,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 74 x 15, 8-bit/color RGBA, non-interlaced","md5":"03985c79730ab47c099de30f8acd1652","sha1":"760d320887271feb53a2a4dfa450fc435a6b84be","sha256":"9124a2889f49b3d4b9c284f160942a82e8919097f1f9f7df0d6f2d662194232f","sha512":"35d41e7738806e2da7ede35b0cae9ddee81f30ceac0d74dc67b14acc82f4716bf9536292f2354a505f7cae142bc4b07f4f51d7c32ab9cc32338a9a39d9f46255","ssdeep":"","tlshash":"c501c5476bd051b9c358fa22549a1000ac5a8e08fbd4350e72debc4f9a0008359c278f","first_seen":"2023-10-23T12:32:13Z","last_seen":"2026-04-02T14:38:09.577415Z","times_seen":26,"resource_available":false,"data":null}},"time_used":6356,"timings":{"blocked":3029,"dns":2442,"connect":291,"send":0,"wait":296,"receive":0,"ssl":296},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.shalwell.com/Skins/143899/css/swiper.min.css","fqdn":"www.shalwell.com","domain":"shalwell.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://www.shalwell.com/","date":"2025-10-23T04:43:04.247Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/143899/css/swiper.min.css HTTP/1.1\r\nHost: www.shalwell.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.shalwell.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ASP.NET_SessionId=bqzyyuaf4pb05z2yr3ro0yvi; mtcached_mtsession_bqzyyuaf4pb05z2yr3ro0yvi=08c92760be0cc378455247eafb6c4b30fc0c376a1e9f65ff\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nDate: Thu, 23 Oct 2025 04:43:05 GMT\r\nVary: Accept-Encoding\r\nLast-Modified: Wed, 27 Aug 2025 06:16:43 GMT\r\nETag: W/\"80d77a281a17dc1:0\"\r\nX-Powered-By: ASP.NET-115.4.174\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nContent-Encoding: gzip\r\nVia: cache51.l2cn3059[34,34,200-0,M], cache30.l2cn3059[35,0], kunlun9.cn192[778,777,200-0,M], kunlun8.cn192[779,0]\r\nAli-Swift-Global-Savetime: 1761194585\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Thu, 23 Oct 2025 04:43:05 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01c17611945843243772e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":17486,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (17459), with CRLF line terminators","md5":"bda93e7cce3fdf4c2eec521f26482bea","sha1":"223d7d3eef564bf0ddd518f7108aea9b66549f2b","sha256":"92c8b6eac3a38cc94bc72af85b93c8520538be81273271ba4bfcf3d1129e5779","sha512":"7bc84a2a40197e1999735190317f5008e43fab9f397ce477651c0ccd2f73b7b95272874ed4f723992e2d112975e1d4b6c47b28e941eb90756cd65fb97ce00448","ssdeep":"192:m+0GpaNCO8jrfg5WHmXgyXyzSHF68DJB0SwD:m+52CXfgWHfyXyzSl68Pe","tlshash":"5172832c17002067f6324f1987c9e77c9715c8839e4368ef6650de48cbbb5a9227f7a6","first_seen":"2023-11-16T23:41:59Z","last_seen":"2026-04-04T22:22:39.445925Z","times_seen":286,"resource_available":false,"data":null}},"time_used":1056,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1052,"receive":4,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:05Z","timestamp":1761194585,"ip_dst":{"addr":"172.18.0.5","port":48944,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:05.277161+0000\",\"flow_id\":1054434643131634,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48944,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/css/swiper.min.css\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://www.shalwell.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":17,\"pkts_toclient\":17,\"bytes_toserver\":1855,\"bytes_toclient\":17787,\"start\":\"2025-10-23T04:43:03.441586+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:15Z","timestamp":1761194595,"ip_dst":{"addr":"172.18.0.5","port":48944,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:15.563174+0000\",\"flow_id\":1054434643131634,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48944,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/css/swiper.min.css\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://www.shalwell.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":3059},\"files\":[{\"filename\":\"/Skins/143899/css/swiper.min.css\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":17486,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":21,\"pkts_toclient\":20,\"bytes_toserver\":2071,\"bytes_toclient\":19550,\"start\":\"2025-10-23T04:43:03.441586+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.shalwell.com/Skins/143899/images/arrows1.png","fqdn":"www.shalwell.com","domain":"shalwell.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.shalwell.com/","date":"2025-10-23T04:43:06.773Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/143899/images/arrows1.png HTTP/1.1\r\nHost: www.shalwell.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.shalwell.com/Skins/143899/css/style.css\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ASP.NET_SessionId=bqzyyuaf4pb05z2yr3ro0yvi; mtcached_mtsession_bqzyyuaf4pb05z2yr3ro0yvi=08c92760be0cc378455247eafb6c4b30fc0c376a1e9f65ff\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 1360\r\nConnection: keep-alive\r\nDate: Thu, 23 Oct 2025 04:43:06 GMT\r\nLast-Modified: Wed, 27 Aug 2025 06:16:37 GMT\r\nAccept-Ranges: bytes\r\nETag: \"8050e7241a17dc1:0\"\r\nX-Powered-By: ASP.NET-115.4.173\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache14.l2cn3130[14,14,200-0,M], cache47.l2cn3130[16,0], kunlun8.cn192[37,37,200-0,M], kunlun10.cn192[39,0]\r\nAli-Swift-Global-Savetime: 1761194586\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Thu, 23 Oct 2025 04:43:06 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01e17611945868552221e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":1360,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced","md5":"ca18c3400f1ccb39f1b891a315f9a2b8","sha1":"ca6c69282f82f17db11a115bc1428308b30320e5","sha256":"a799ce0e4e9e26454e8950dabef8eb6725bfb96afd5ac732bbefe9395168d684","sha512":"353ee8aa7765a7d8194f9997950a7be2ec716f1a592d96c887949f6251f066126b2868ffee43f31867c74d5799c989e95281d8378f91a987d3adecf058c32cd4","ssdeep":"","tlshash":"842141defd74d881d5a5a49135f72517e8560e4082e0ac477d8bd012483b0e1b97d1ce","first_seen":"2023-07-08T23:43:21Z","last_seen":"2026-03-22T12:26:17.032611Z","times_seen":133,"resource_available":false,"data":null}},"time_used":272,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":272,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:07Z","timestamp":1761194587,"ip_dst":{"addr":"172.18.0.5","port":49014,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:07.041414+0000\",\"flow_id\":891633907812413,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":49014,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/arrows1.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":708},\"files\":[{\"filename\":\"/Skins/143899/images/arrows1.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":708,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":223,\"pkts_toclient\":238,\"bytes_toserver\":13134,\"bytes_toclient\":349849,\"start\":\"2025-10-23T04:43:04.477245+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.shalwell.com/Skins/143899/images/artico.png","fqdn":"www.shalwell.com","domain":"shalwell.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.shalwell.com/","date":"2025-10-23T04:43:06.806Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/143899/images/artico.png HTTP/1.1\r\nHost: www.shalwell.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.shalwell.com/Skins/143899/css/style.css\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ASP.NET_SessionId=bqzyyuaf4pb05z2yr3ro0yvi; mtcached_mtsession_bqzyyuaf4pb05z2yr3ro0yvi=08c92760be0cc378455247eafb6c4b30fc0c376a1e9f65ff\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 2706\r\nConnection: keep-alive\r\nDate: Thu, 23 Oct 2025 04:43:07 GMT\r\nLast-Modified: Wed, 27 Aug 2025 06:16:37 GMT\r\nAccept-Ranges: bytes\r\nETag: \"8050e7241a17dc1:0\"\r\nX-Powered-By: ASP.NET-115.4.176\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache45.l2cn2655[20,19,200-0,M], cache40.l2cn2655[21,0], kunlun1.cn192[35,35,200-0,M], kunlun7.cn192[36,0]\r\nAli-Swift-Global-Savetime: 1761194587\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Thu, 23 Oct 2025 04:43:07 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01b17611945874978405e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":2706,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 26 x 30, 8-bit/color RGBA, non-interlaced","md5":"673e1e71335d50688414e84e7ec3ac8d","sha1":"184273452c6334cc20127b7c8a5e0110fca90719","sha256":"93cb041e55b0b50b58477084dd5a742f490a1ffaf20ee7b121687604c6f5a717","sha512":"1a4553c4c2348911d21da0c64cead29c7f31484a952841076893fa94acffca9b55d092424b5eeb31aff36b4b3a433838554ee531e07861ad2297fb8b5a7d88ae","ssdeep":"","tlshash":"94516106f8a1ac44551df18996fca24357b34ed48ed2285daecd8c020d609edcd8d9e7","first_seen":"2025-03-09T15:25:07.240412Z","last_seen":"2026-03-20T10:57:50.321321Z","times_seen":23,"resource_available":false,"data":null}},"time_used":884,"timings":{"blocked":593,"dns":0,"connect":0,"send":0,"wait":290,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:18Z","timestamp":1761194598,"ip_dst":{"addr":"172.18.0.5","port":48970,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:18.044807+0000\",\"flow_id\":161085740578150,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48970,\"proto\":\"TCP\",\"tx_id\":5,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/artico.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2706},\"files\":[{\"filename\":\"/Skins/143899/images/artico.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2706,\"tx_id\":5}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":104,\"pkts_toclient\":146,\"bytes_toserver\":8829,\"bytes_toclient\":200259,\"start\":\"2025-10-23T04:43:04.226662+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.shalwell.com/Skins/143899/images/footli2.png","fqdn":"www.shalwell.com","domain":"shalwell.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.shalwell.com/","date":"2025-10-23T04:43:06.808Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/143899/images/footli2.png HTTP/1.1\r\nHost: www.shalwell.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.shalwell.com/Skins/143899/css/style.css\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ASP.NET_SessionId=bqzyyuaf4pb05z2yr3ro0yvi; mtcached_mtsession_bqzyyuaf4pb05z2yr3ro0yvi=08c92760be0cc378455247eafb6c4b30fc0c376a1e9f65ff\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 2021\r\nConnection: keep-alive\r\nDate: Thu, 23 Oct 2025 04:43:07 GMT\r\nLast-Modified: Wed, 27 Aug 2025 06:16:28 GMT\r\nAccept-Ranges: bytes\r\nETag: \"068a1f1a17dc1:0\"\r\nX-Powered-By: ASP.NET-115.4.171\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache40.l2cn8045[36,35,200-0,M], cache15.l2cn8045[38,0], kunlun6.cn192[72,72,200-0,M], kunlun9.cn192[73,0]\r\nAli-Swift-Global-Savetime: 1761194587\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Thu, 23 Oct 2025 04:43:07 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01d17611945875413059e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":2021,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 20 x 19, 8-bit/color RGBA, non-interlaced","md5":"85216bea28db82b74127839626f76f08","sha1":"459a6c52809a0a5d3485b681f88a40501c2845da","sha256":"0ad724a8fd924a3241f8d422a72cd4c570e36124cf8357bf537bdf4d190f6c5c","sha512":"78c4673ff22d694b12a5201221cd623f087ea17b5c44ce4df74e7b140ea44ea9b02a3294a4bc220005cdd3c689754d96afc2e29fea9e314f7ab2a165a432cd23","ssdeep":"","tlshash":"6841b489e9d12c406a4dfd4a29e94283aa7f46c4d7836445bcdec48759321bbec8d4c3","first_seen":"2025-03-09T15:25:07.222524Z","last_seen":"2026-03-20T10:57:50.31123Z","times_seen":26,"resource_available":false,"data":null}},"time_used":968,"timings":{"blocked":633,"dns":0,"connect":0,"send":0,"wait":335,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:18Z","timestamp":1761194598,"ip_dst":{"addr":"172.18.0.5","port":48960,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:18.053006+0000\",\"flow_id\":1146256748998897,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48960,\"proto\":\"TCP\",\"tx_id\":4,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/footli2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2021},\"files\":[{\"filename\":\"/Skins/143899/images/footli2.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2021,\"tx_id\":4}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":28,\"pkts_toclient\":29,\"bytes_toserver\":4237,\"bytes_toclient\":27174,\"start\":\"2025-10-23T04:43:04.225521+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"chat.zyzhan.com/Content/css/xwt-notice.css?v=1.44","fqdn":"chat.zyzhan.com","domain":"zyzhan.com","tld":"com"},"ip":{"addr":"180.163.146.111","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://www.shalwell.com/","date":"2025-10-23T04:43:07.490Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Content/css/xwt-notice.css?v=1.44 HTTP/1.1\r\nHost: chat.zyzhan.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.shalwell.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: text/css\r\nContent-Length: 2774\r\nConnection: keep-alive\r\nDate: Thu, 23 Oct 2025 04:32:23 GMT\r\nAccept-Ranges: bytes\r\nX-Powered-By: ASP.NET-hg4.95\r\nContent-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval' data:;\r\nVia: cache32.l2cn8000[33,35,304-0,H], cache2.l2cn8000[37,0], kunlun5.cn7174[0,0,200-0,H], kunlun8.cn7174[1,0]\r\nVary: Accept-Encoding\r\nLast-Modified: Tue, 31 Oct 2023 07:05:25 GMT\r\nETag: W/\"5c609b9fc8bda1:0\"\r\nContent-Encoding: gzip\r\nAge: 644\r\nAli-Swift-Global-Savetime: 1761193943\r\nX-Cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nX-Swift-SaveTime: Thu, 23 Oct 2025 04:32:23 GMT\r\nX-Swift-CacheTime: 3600\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921c17611945875888235e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":14854,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"213a67fcefb314f57deec0cfdabd450b","sha1":"efe6698fce74dc7bbd3fe079c58e2649c3766f57","sha256":"f15af6ececf458d8c14c64fbcb968bc42ef753bd7c375ad17e038c5eb64bc3cd","sha512":"a9f30c89b00287dc826c5d262cfdfe37c23af37fb99b2a3b50df468b4e8c4986a8655681c465c5afc017086d2c9ae86e4d095a0bc94696af850a17efc345b3d9","ssdeep":"192:G3EvN0vI0DCMKh+OSOvHZkv4g+Jlu+WBXrOUOQkZqv4FruJlufwrOnvd/m7xIjjv:Kw1FGz6yIz","tlshash":"2b625358c7681286f13acdf22f901eced72644878b2387297bdc75188f764a8b252fd5","first_seen":"2023-11-13T12:35:24Z","last_seen":"2026-04-02T14:38:09.570211Z","times_seen":28,"resource_available":false,"data":null}},"time_used":258,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":239,"receive":18,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.shalwell.com/","fqdn":"www.shalwell.com","domain":"shalwell.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-23T04:43:03.441Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: www.shalwell.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nDate: Thu, 23 Oct 2025 04:43:03 GMT\r\nVary: Accept-Encoding\r\nCache-Control: private\r\nSet-Cookie: ASP.NET_SessionId=bqzyyuaf4pb05z2yr3ro0yvi; expires=Fri, 24-Oct-2025 04:43:03 GMT; path=/; HttpOnly; SameSite=Lax\nmtcached_mtsession_bqzyyuaf4pb05z2yr3ro0yvi=08c92760be0cc378455247eafb6c4b30fc0c376a1e9f65ff; domain=.shalwell.com; path=/; HttpOnly\r\nX-Powered-By: ASP.NET-115.4.172\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nContent-Encoding: gzip\r\nVia: cache10.l2cn8813[57,57,200-0,M], cache33.l2cn8813[58,0], kunlun1.cn192[79,78,200-0,M], kunlun8.cn192[83,0]\r\nX-Ali-Tproxy-Consistent-Hash-Hot: 1\r\nAli-Swift-Global-Savetime: 1761194583\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Thu, 23 Oct 2025 04:43:03 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01c17611945838152304e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":51855,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (521), with CRLF, NEL line terminators","md5":"818a47d1b3de9309177d76ab54b930c2","sha1":"e9e76bb814b303e6035a8c002da9b86f22def8b3","sha256":"10b1e4a317a2e2980f3ca86baccc8342e55d24d48b8dc50038d98674b9bb8ff8","sha512":"b31fc0c851fbd16da9e1d79161ff01a9e8c4e136a718e63818903b66dbbaad800a1e0d865a6b1608fd8f826b46830cdb286f456d6398444d6358a0c17f3b3c31","ssdeep":"1536:SksH1PSltAEoRywo33HmZjbdBqZWZ/XRTgei:SksS/Ghy","tlshash":"8d4385718ad5e72902f285e05860a75bfdf042efd58faa4533ee9ad75fb2e184903340","first_seen":"2025-10-23T04:43:43.320858Z","last_seen":"2025-10-23T04:43:43.320858Z","times_seen":1,"resource_available":false,"data":null}},"time_used":911,"timings":{"blocked":275,"dns":1,"connect":274,"send":0,"wait":357,"receive":3,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:04Z","timestamp":1761194584,"ip_dst":{"addr":"172.18.0.5","port":48944,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:04.072992+0000\",\"flow_id\":1054434643131634,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48944,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":5,\"bytes_toserver\":691,\"bytes_toclient\":2812,\"start\":\"2025-10-23T04:43:03.441586+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:04Z","timestamp":1761194584,"ip_dst":{"addr":"172.18.0.5","port":48944,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:04.496566+0000\",\"flow_id\":1054434643131634,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48944,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":13539},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":51855,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":16,\"pkts_toclient\":15,\"bytes_toserver\":1801,\"bytes_toclient\":15433,\"start\":\"2025-10-23T04:43:03.441586+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.shalwell.com/Skins/143899/js/swiper.min.js","fqdn":"www.shalwell.com","domain":"shalwell.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.shalwell.com/","date":"2025-10-23T04:43:04.250Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/143899/js/swiper.min.js HTTP/1.1\r\nHost: www.shalwell.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.shalwell.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ASP.NET_SessionId=bqzyyuaf4pb05z2yr3ro0yvi; mtcached_mtsession_bqzyyuaf4pb05z2yr3ro0yvi=08c92760be0cc378455247eafb6c4b30fc0c376a1e9f65ff\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: application/javascript\r\nContent-Length: 96106\r\nConnection: keep-alive\r\nDate: Thu, 23 Oct 2025 04:43:04 GMT\r\nLast-Modified: Wed, 27 Aug 2025 06:16:40 GMT\r\nAccept-Ranges: bytes\r\nETag: \"014b1261a17dc1:0\"\r\nX-Powered-By: ASP.NET-115.4.171\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache17.l2cn8047[55,54,200-0,M], cache54.l2cn8047[56,0], kunlun9.cn192[93,93,200-0,M], kunlun7.cn192[95,0]\r\nAli-Swift-Global-Savetime: 1761194584\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Thu, 23 Oct 2025 04:43:04 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01b17611945845801423e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":96106,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (31999), with CRLF line terminators","md5":"5e9eb008653857cbc376068d56a4ce48","sha1":"3d03eae3315d29a909558edb32d1707b13a50798","sha256":"af5bbf3aeb9699dcaaa10dad001b8f97d5b1468f114133b04df767c0a4e0ed30","sha512":"8a9b3487821b47bc53feb2f6d633f85cb914c18dabdc23277d62995f6678e036243d6d22ad6e764392b0993f41ad397105c2fc044f2627748c4cd1a0dcb18173","ssdeep":"1536:UyOkN3TklR3ZIFDG+Y7n2L5ydUTv0tSQfCBTw:hT673uTv+","tlshash":"b193d66db314f2e295d3214a679ec64122f21706b849dae870b54c4a68bcc5d03bffbd","first_seen":"2025-06-27T07:25:58.383726Z","last_seen":"2026-03-16T06:11:07.431335Z","times_seen":25,"resource_available":true,"data":null}},"time_used":1139,"timings":{"blocked":230,"dns":1,"connect":253,"send":0,"wait":351,"receive":304,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:04Z","timestamp":1761194584,"ip_dst":{"addr":"172.18.0.5","port":48970,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:04.831784+0000\",\"flow_id\":161085740578150,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48970,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/js/swiper.min.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://www.shalwell.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2156},\"files\":[{\"filename\":\"/Skins/143899/js/swiper.min.js\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":2156,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":6,\"bytes_toserver\":843,\"bytes_toclient\":4728,\"start\":\"2025-10-23T04:43:04.226662+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.shalwell.com/Skins/143899/images/mulu0.png","fqdn":"www.shalwell.com","domain":"shalwell.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.shalwell.com/","date":"2025-10-23T04:43:06.797Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/143899/images/mulu0.png HTTP/1.1\r\nHost: www.shalwell.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.shalwell.com/Skins/143899/css/style.css\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ASP.NET_SessionId=bqzyyuaf4pb05z2yr3ro0yvi; mtcached_mtsession_bqzyyuaf4pb05z2yr3ro0yvi=08c92760be0cc378455247eafb6c4b30fc0c376a1e9f65ff\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 1915\r\nConnection: keep-alive\r\nDate: Thu, 23 Oct 2025 04:43:07 GMT\r\nLast-Modified: Wed, 27 Aug 2025 06:16:23 GMT\r\nAccept-Ranges: bytes\r\nETag: \"80158f1c1a17dc1:0\"\r\nX-Powered-By: ASP.NET-115.4.171\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache25.l2cn8047[31,30,200-0,M], cache54.l2cn8047[32,0], kunlun9.cn192[57,56,200-0,M], kunlun7.cn192[58,0]\r\nAli-Swift-Global-Savetime: 1761194587\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Thu, 23 Oct 2025 04:43:07 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01b17611945871847608e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":1915,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 31 x 31, 8-bit/color RGBA, non-interlaced","md5":"ecc7e1803e00fdc502b6f6f63b0fec66","sha1":"c32a08ee6da27babe92dc9de6f0ac671a818e53e","sha256":"f2b4c3f3506100ef8674d52bf491f97e426668d72c0d921ed5cef821f14611c2","sha512":"1c34d93e65bf77ae3ff4f1bc7ea9b6fc4c312b50a3da3b3606509abc01f58ef1703fe0cca9e3c7afd4f2e14a2da897ecf49f7da1dfa7af4d3ebfb4ee18e11f4f","ssdeep":"","tlshash":"2a41848af910bc51584df946bdfba2572b375be186d26811bcca884324b20f9cc0d4da","first_seen":"2025-03-09T15:25:07.224556Z","last_seen":"2026-03-20T10:57:50.327111Z","times_seen":26,"resource_available":false,"data":null}},"time_used":602,"timings":{"blocked":289,"dns":0,"connect":0,"send":0,"wait":312,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:07Z","timestamp":1761194587,"ip_dst":{"addr":"172.18.0.5","port":48970,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:07.652885+0000\",\"flow_id\":161085740578150,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48970,\"proto\":\"TCP\",\"tx_id\":4,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/mulu0.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1915},\"files\":[{\"filename\":\"/Skins/143899/images/mulu0.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":1915,\"tx_id\":4}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":101,\"pkts_toclient\":142,\"bytes_toserver\":8667,\"bytes_toclient\":196586,\"start\":\"2025-10-23T04:43:04.226662+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.shalwell.com/Skins/143899/images/indnew_bg.jpg","fqdn":"www.shalwell.com","domain":"shalwell.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.shalwell.com/","date":"2025-10-23T04:43:06.804Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/143899/images/indnew_bg.jpg HTTP/1.1\r\nHost: www.shalwell.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.shalwell.com/Skins/143899/css/style.css\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ASP.NET_SessionId=bqzyyuaf4pb05z2yr3ro0yvi; mtcached_mtsession_bqzyyuaf4pb05z2yr3ro0yvi=08c92760be0cc378455247eafb6c4b30fc0c376a1e9f65ff\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/jpeg\r\nContent-Length: 108281\r\nConnection: keep-alive\r\nDate: Thu, 23 Oct 2025 04:43:07 GMT\r\nLast-Modified: Wed, 27 Aug 2025 06:16:26 GMT\r\nAccept-Ranges: bytes\r\nETag: \"0d9581e1a17dc1:0\"\r\nX-Powered-By: ASP.NET-115.4.175\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache10.l2cn8047[42,41,200-0,M], cache20.l2cn8047[43,0], kunlun2.cn192[68,68,200-0,M], kunlun10.cn192[69,0]\r\nAli-Swift-Global-Savetime: 1761194587\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Thu, 23 Oct 2025 04:43:07 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01e17611945873303301e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":108281,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x1000, components 3","md5":"96f0c31c06171e79f85eef31c2cb7164","sha1":"56720360680ea1c34854b391810c1d26b3376f22","sha256":"f5b0b25d9c674106c99c9b3a525eeeb54b99aa54fdfa8c40236f7bc38c9033a2","sha512":"a49fcfa65a38143a76fb502535cfcb2246b4e7e1a3eda80eee44b0fafd9e1c1042546d815e8cd4491905d58e84ff93494ba087eca2e5ccda3d7a300e0650d319","ssdeep":"3072:N0o1FdMTq7K2r/y9TtGZAPuaU4H1hZkE2:NZwwFy9TtGZRaX1hZe","tlshash":"78b3128b0f63484bcf100a379c5beb13f768d8ea396b051994d6a92b0573538ae2d5f1","first_seen":"2025-03-09T15:25:07.243169Z","last_seen":"2026-03-20T10:57:50.322935Z","times_seen":22,"resource_available":false,"data":null}},"time_used":846,"timings":{"blocked":432,"dns":0,"connect":0,"send":0,"wait":308,"receive":106,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:07Z","timestamp":1761194587,"ip_dst":{"addr":"172.18.0.5","port":48986,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:07.544409+0000\",\"flow_id\":498760364359010,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48986,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/indnew_bg.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1460},\"files\":[{\"filename\":\"/Skins/143899/images/indnew_bg.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":1460,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":55,\"pkts_toclient\":72,\"bytes_toserver\":4551,\"bytes_toclient\":98508,\"start\":\"2025-10-23T04:43:04.228706+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.shalwell.com/Skins/143899/js/customer.js","fqdn":"www.shalwell.com","domain":"shalwell.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.shalwell.com/","date":"2025-10-23T04:43:04.276Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/143899/js/customer.js HTTP/1.1\r\nHost: www.shalwell.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.shalwell.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ASP.NET_SessionId=bqzyyuaf4pb05z2yr3ro0yvi; mtcached_mtsession_bqzyyuaf4pb05z2yr3ro0yvi=08c92760be0cc378455247eafb6c4b30fc0c376a1e9f65ff\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: application/javascript\r\nContent-Length: 4104\r\nConnection: keep-alive\r\nDate: Thu, 23 Oct 2025 04:43:04 GMT\r\nLast-Modified: Wed, 27 Aug 2025 06:16:41 GMT\r\nAccept-Ranges: bytes\r\nETag: \"80aa49271a17dc1:0\"\r\nX-Powered-By: ASP.NET-115.4.177\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache29.l2cn2647[33,33,200-0,M], cache51.l2cn2647[34,0], kunlun2.cn192[45,45,200-0,M], kunlun6.cn192[46,0]\r\nAli-Swift-Global-Savetime: 1761194584\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Thu, 23 Oct 2025 04:43:04 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01a17611945846664457e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":4104,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators","md5":"7ee5d36606ae3e0032aba162e4c186d3","sha1":"3f47944565c410b5acd1d1cd1b70b22339508296","sha256":"b1071f3356a2aa5c2b4f40d81f90c6dbc865531111fbe6329dd06612184cbfd0","sha512":"fa969d3c22c16c4e4e911f75ec315b38dd9561926da7e187e9b9414cade337f69963ac1cdc68e627a99067fb09b44a534deb3744a92c6d85863bc1d8f94f7611","ssdeep":"48:h55Uelb+M2+Rv++egxeQW7Fqs4lvqsLJDddgQGWCtUNij7uYXfo6lb7vYr:h9Bt2mmAZW7mdBE7fXg6F7gr","tlshash":"ad813f81f14ca43e86fb23bb163eb101de5a8287c0cb84f2f4bd1554cfb011956a6fa8","first_seen":"2025-08-19T07:26:19.552608Z","last_seen":"2026-03-16T06:11:07.428272Z","times_seen":4,"resource_available":true,"data":null}},"time_used":593,"timings":{"blocked":279,"dns":0,"connect":0,"send":0,"wait":310,"receive":4,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:04Z","timestamp":1761194584,"ip_dst":{"addr":"172.18.0.5","port":48946,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:04.866602+0000\",\"flow_id\":212840096437179,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48946,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/js/customer.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://www.shalwell.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1460},\"files\":[{\"filename\":\"/Skins/143899/js/customer.js\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":1460,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":20,\"pkts_toclient\":21,\"bytes_toserver\":2120,\"bytes_toclient\":21408,\"start\":\"2025-10-23T04:43:03.693179+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"public.mtnets.com/Images/public/blank.png","fqdn":"public.mtnets.com","domain":"mtnets.com","tld":"com"},"ip":{"addr":"42.236.78.108","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.shalwell.com/","date":"2025-10-23T04:43:07.766Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.mtnets.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Fri, 05 Sep 2025 03:48:46 GMT","end":"Mon, 05 Oct 2026 03:48:45 GMT"},"fingerprint":{"sha1":"17:7D:9B:7D:77:E5:75:95:47:DB:97:C3:AB:B8:D0:E9:74:B6:07:84","sha256":"76:5C:C6:79:DF:08:A6:CD:BB:8D:53:C9:B4:57:D8:93:F6:E7:6A:58:6B:73:54:DB:67:7E:12:CE:5D:29:0A:D3"}}},"request":{"raw":"GET /Images/public/blank.png HTTP/1.1\r\nHost: public.mtnets.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://chat.zyzhan.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 23 Oct 2025 04:43:10 GMT\r\nContent-Type: image/png\r\nContent-Length: 928\r\nConnection: keep-alive\r\nServer: openresty\r\nLast-Modified: Tue, 22 Jan 2019 05:51:01 GMT\r\nETag: \"e6dc9e7416b2d41:0\"\r\nX-Powered-By: ASP.NET-4.91\r\nAccess-Control-Allow-Origin: *\r\nX-CCDN-Expires: 2224355\r\nvia: CHN-HAzhengzhou-CUPN6-CACHE28[4],CHN-HAzhengzhou-CUPN6-CACHE31[0,TCP_HIT,2],CHN-JSwuxi-GLOBAL2-CACHE60[4],CHN-JSwuxi-GLOBAL2-CACHE31[0,TCP_HIT,3]\r\nx-hcs-proxy-type: 1\r\nX-CCDN-CacheTTL: 2592000\r\nX-CCDN-REQ-ID-46B1: 6ef51f4b2c02b2a9711d553224ba3c4c\r\nnginx-hit: 1\r\nAge: 367645\r\nAccept-Ranges: bytes\r\nStrict-Transport-Security: max-age=31622400; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":928,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced","md5":"bb3472f7c90f43be2f685148afc63e4f","sha1":"43bb864cc6d51d0d76add5ed13444ab2ee5aa881","sha256":"42bc62b9c1631e798cd22defaf1178336b8958966421927c7c18baed21946efe","sha512":"8af54a71c3c9420ba2df4cd35e39ffaf006da0071414782a21951dffc10b023e63bcbb85fff29c567f757db7f7793c5d60eb4f57246383e15d1ea72cfde2302d","ssdeep":"","tlshash":"2c11bb85f4d01d019205d85600fa91178d570480dbf8f8196ccfec0b097e5f4c16cee7","first_seen":"2023-11-22T11:37:32Z","last_seen":"2026-04-02T14:38:09.584706Z","times_seen":25,"resource_available":false,"data":null}},"time_used":6253,"timings":{"blocked":2988,"dns":2440,"connect":271,"send":0,"wait":276,"receive":0,"ssl":276},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"shalwell.com/","fqdn":"shalwell.com","domain":"shalwell.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-23T04:42:59.350Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: shalwell.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":2608,"timings":{"blocked":0,"dns":2096,"connect":251,"send":0,"wait":0,"receive":0,"ssl":259},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.shalwell.com/Skins/143899/images/arrows2.png","fqdn":"www.shalwell.com","domain":"shalwell.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.shalwell.com/","date":"2025-10-23T04:43:06.779Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/143899/images/arrows2.png HTTP/1.1\r\nHost: www.shalwell.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.shalwell.com/Skins/143899/css/style.css\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ASP.NET_SessionId=bqzyyuaf4pb05z2yr3ro0yvi; mtcached_mtsession_bqzyyuaf4pb05z2yr3ro0yvi=08c92760be0cc378455247eafb6c4b30fc0c376a1e9f65ff\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 1362\r\nConnection: keep-alive\r\nDate: Thu, 23 Oct 2025 04:43:06 GMT\r\nLast-Modified: Wed, 27 Aug 2025 06:16:37 GMT\r\nAccept-Ranges: bytes\r\nETag: \"8050e7241a17dc1:0\"\r\nX-Powered-By: ASP.NET-115.4.175\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache33.l2cn3130[18,18,200-0,M], cache14.l2cn3130[19,0], kunlun2.cn192[36,35,200-0,M], kunlun7.cn192[41,0]\r\nAli-Swift-Global-Savetime: 1761194586\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Thu, 23 Oct 2025 04:43:06 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01b17611945868826829e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":1362,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced","md5":"ec451b748d47a1b45901f49f273710aa","sha1":"4d4354b46e0370c57488fbac3492628411cb6cb9","sha256":"b80ab4ab02d0ebc35df5557233eae0f55c565c1a516c8a9541c99ddd70ee63d7","sha512":"ea551f7fafc0b9e128cdb969746386e91c13554293d1887c7dae7cf066747dd53c67a72f4dd76720672f3e0afc777bf941d72805fcb3f3d86ae54f9383041b6b","ssdeep":"","tlshash":"f421502af9b064806798649228efe0a28b270a84c5e0e5d1fdcfd12b88714f4b4086db","first_seen":"2023-07-08T23:43:21Z","last_seen":"2026-03-22T12:26:17.043998Z","times_seen":133,"resource_available":false,"data":null}},"time_used":317,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":317,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:07Z","timestamp":1761194587,"ip_dst":{"addr":"172.18.0.5","port":48966,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:07.090649+0000\",\"flow_id\":1420627849802037,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48966,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/arrows2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":220,\"pkts_toclient\":234,\"bytes_toserver\":13488,\"bytes_toclient\":340849,\"start\":\"2025-10-23T04:43:04.225589+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.zyzhan.com/asyncstat.aspx?u=alwellcn\u0026referer=\u0026title=%u5851%u6599%u6CE8%u5C04%u5668%u704C%u88C5%u673A-%u9884%u5145%u5F0F-%u73BB%u7483%u9488%u7BA1%u6CE8%u5C04%u5668%u704C%u88C5%u751F%u4EA7%u7EBF-%u4E0A%u6D77%u8000%u821C%u673A%u68B0%u8BBE%u5907%u6709%u9650%u516C%u53F8","fqdn":"www.zyzhan.com","domain":"zyzhan.com","tld":"com"},"ip":{"addr":"180.163.146.117","port":443,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"http://www.shalwell.com/","date":"2025-10-23T04:43:06.759Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.zyzhan.com","organization":""},"issuer":{"commonName":"Certum DV TLS G2 R39 CA","organization":"Asseco Data Systems S.A."},"validity":{"start":"Thu, 25 Sep 2025 07:19:01 GMT","end":"Sun, 25 Oct 2026 07:19:00 GMT"},"fingerprint":{"sha1":"E6:3E:BF:20:AD:44:FD:77:47:8E:5F:AB:FB:9D:06:6D:F3:0D:9B:46","sha256":"D0:76:31:48:88:6B:F3:4D:10:17:7A:D3:F3:3A:FF:4B:F1:0C:82:E5:64:DB:1C:87:F3:8C:84:1B:53:A0:6B:53"}}},"request":{"raw":"GET /asyncstat.aspx?u=alwellcn\u0026referer=\u0026title=%u5851%u6599%u6CE8%u5C04%u5668%u704C%u88C5%u673A-%u9884%u5145%u5F0F-%u73BB%u7483%u9488%u7BA1%u6CE8%u5C04%u5668%u704C%u88C5%u751F%u4EA7%u7EBF-%u4E0A%u6D77%u8000%u821C%u673A%u68B0%u8BBE%u5907%u6709%u9650%u516C%u53F8 HTTP/1.1\r\nHost: www.zyzhan.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.shalwell.com/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 596\r\ndate: Thu, 23 Oct 2025 04:43:06 GMT\r\ncache-control: no-cache\r\npragma: no-cache\r\nexpires: -1\r\nx-aspnet-version: 4.0.30319\r\nset-cookie: ASP.NET_SessionId=ubja3o4vjwezhdye4yz43rwo; path=/; HttpOnly; SameSite=Lax\nmtcached_mtsession_ubja3o4vjwezhdye4yz43rwo=10.115.3.122:9714; domain=.zyzhan.com; path=/; HttpOnly\r\nx-powered-by: ASP.NET-4.92\r\nvia: cache40.l2cn3130[61,61,200-0,M], cache65.l2cn3130[62,0], kunlun6.cn7174[70,70,200-0,M], kunlun10.cn7174[109,0]\r\nali-swift-global-savetime: 1761194586\r\nx-cache: MISS TCP_MISS dirn:-2:-2\r\nx-swift-savetime: Thu, 23 Oct 2025 04:43:06 GMT\r\nx-swift-cachetime: 0\r\ntiming-allow-origin: *\r\neagleid: b4a3921e17611945868588309e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET:4.0.30319","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":596,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (524), with CRLF line terminators","md5":"eafcd32bc4395285bbf0dfc561dfa19e","sha1":"f79d7a2c7aca71fc50daa5a0faec3b5b4dfcff90","sha256":"d1c7f1b0d9fd2c5611c2e3ff26dbe8953ffb7d4c440c43b989529cceaad9755d","sha512":"a29cff39dc2d1e9cc7ca32f81df77abb7195a5be1f2c875738b6c117bf985fc4d0369e6768f594b83ae5212a1dafe1ae47d8a57ecacbdf44b5e2f6b3276d64c1","ssdeep":"","tlshash":"b5f0a2778c00f2ed8c0058e5dea2c745d04b0f7a7161d973619240c4322097bf45c7db","first_seen":"2025-10-23T04:43:43.973168Z","last_seen":"2025-10-23T04:43:43.973168Z","times_seen":1,"resource_available":false,"data":null}},"time_used":356,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":356,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.shalwell.com/Skins/143899/images/hengf.jpg","fqdn":"www.shalwell.com","domain":"shalwell.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.shalwell.com/","date":"2025-10-23T04:43:04.272Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/143899/images/hengf.jpg HTTP/1.1\r\nHost: www.shalwell.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.shalwell.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ASP.NET_SessionId=bqzyyuaf4pb05z2yr3ro0yvi; mtcached_mtsession_bqzyyuaf4pb05z2yr3ro0yvi=08c92760be0cc378455247eafb6c4b30fc0c376a1e9f65ff\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/jpeg\r\nContent-Length: 65600\r\nConnection: keep-alive\r\nDate: Thu, 23 Oct 2025 04:43:06 GMT\r\nLast-Modified: Wed, 27 Aug 2025 06:16:28 GMT\r\nAccept-Ranges: bytes\r\nETag: \"068a1f1a17dc1:0\"\r\nX-Powered-By: ASP.NET-115.4.175\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache16.l2cn3130[35,35,200-0,M], cache17.l2cn3130[36,0], kunlun2.cn192[53,53,200-0,M], kunlun7.cn192[55,0]\r\nAli-Swift-Global-Savetime: 1761194586\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Thu, 23 Oct 2025 04:43:06 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01b17611945859954760e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":65600,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x243, components 3","md5":"0f1ac92730274f885286d6a62290e5eb","sha1":"a4bdf7a16796c88359f9401fb275874f932b1b5e","sha256":"3a3996404d0f4b488c09295b8c93532ca83a19ccc850a4f52326db5e6d1a5ae0","sha512":"4c8ab7aff0433820b4a1e38dcb72bc69aa4d582a30b4c64287266a6a61833b9551dff95a62244ad15469b4b9d83898809add41fecd0a4ef413754291db01e0a0","ssdeep":"1536:lrYB3Dr+u+19Dv+Pee8wybp0bq47VLLQ4RLqHxn1NGbDLA7i7:iGDbm2e0LWLQ45qwei7","tlshash":"f953023ebb11c1a3650b666204e62ab3107843f39fdd1ecec4e05a076c695d2e1dbb5b","first_seen":"2025-07-14T20:47:05.307446Z","last_seen":"2026-03-07T04:19:34.377302Z","times_seen":10,"resource_available":false,"data":null}},"time_used":1990,"timings":{"blocked":1623,"dns":0,"connect":0,"send":0,"wait":311,"receive":56,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:06Z","timestamp":1761194586,"ip_dst":{"addr":"172.18.0.5","port":48970,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:06.207062+0000\",\"flow_id\":161085740578150,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48970,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/hengf.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.shalwell.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1460},\"files\":[{\"filename\":\"/Skins/143899/images/hengf.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":1460,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":73,\"pkts_toclient\":90,\"bytes_toserver\":5501,\"bytes_toclient\":125042,\"start\":\"2025-10-23T04:43:04.226662+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.shalwell.com/Skins/143899/images/flbtbg2.png","fqdn":"www.shalwell.com","domain":"shalwell.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.shalwell.com/","date":"2025-10-23T04:43:06.795Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/143899/images/flbtbg2.png HTTP/1.1\r\nHost: www.shalwell.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.shalwell.com/Skins/143899/css/style.css\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ASP.NET_SessionId=bqzyyuaf4pb05z2yr3ro0yvi; mtcached_mtsession_bqzyyuaf4pb05z2yr3ro0yvi=08c92760be0cc378455247eafb6c4b30fc0c376a1e9f65ff\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 6513\r\nConnection: keep-alive\r\nDate: Thu, 23 Oct 2025 04:43:06 GMT\r\nLast-Modified: Wed, 27 Aug 2025 06:16:29 GMT\r\nAccept-Ranges: bytes\r\nETag: \"809c22201a17dc1:0\"\r\nX-Powered-By: ASP.NET-115.4.171\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache48.l2cn8786[29,29,200-0,M], cache79.l2cn8786[31,0], kunlun9.cn192[47,47,200-0,M], kunlun10.cn192[49,0]\r\nAli-Swift-Global-Savetime: 1761194586\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Thu, 23 Oct 2025 04:43:06 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01e17611945868812267e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":6513,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 119 x 179, 8-bit/color RGBA, non-interlaced","md5":"102ddad9d6e5308044e5fb01afdcf994","sha1":"325342b21806f92d5c495190ee4e7cd0aab0d1cf","sha256":"dcfa4a4b2ebab065e025dd556103ca6817893108bd661f2a0621abefdfc163fe","sha512":"c8e81702089898407cbc2a606700af50708d3e9648956ffb509cdcc1d385f01e52d0e19c7b4f48fb9428ec2eb6be25addb38ec4aec382dc89a9be24ad8b922e0","ssdeep":"192:ZS87F8knEbsigoFp1BSg73JmB3UyA1n2ri/p5a7o+:A8NnEAfoFp1BLC3UFMriH5+","tlshash":"dfd18d0def926a2017dcad95fa99808316771f8092c370c02ccedc4628a44fbc91d6c6","first_seen":"2025-03-09T15:25:07.23129Z","last_seen":"2026-03-20T10:57:50.309523Z","times_seen":26,"resource_available":false,"data":null}},"time_used":297,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":296,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:07Z","timestamp":1761194587,"ip_dst":{"addr":"172.18.0.5","port":48998,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:07.084649+0000\",\"flow_id\":1121865629714318,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48998,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/flbtbg2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":785,\"bytes_toclient\":2440,\"start\":\"2025-10-23T04:43:04.477070+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.shalwell.com/Skins/143899/favicon.ico","fqdn":"www.shalwell.com","domain":"shalwell.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.shalwell.com/","date":"2025-10-23T04:43:08.481Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/143899/favicon.ico HTTP/1.1\r\nHost: www.shalwell.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.shalwell.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ASP.NET_SessionId=bqzyyuaf4pb05z2yr3ro0yvi; mtcached_mtsession_bqzyyuaf4pb05z2yr3ro0yvi=08c92760be0cc378455247eafb6c4b30fc0c376a1e9f65ff\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/x-icon\r\nContent-Length: 4286\r\nConnection: keep-alive\r\nDate: Thu, 23 Oct 2025 04:43:08 GMT\r\nLast-Modified: Wed, 27 Aug 2025 06:16:47 GMT\r\nAccept-Ranges: bytes\r\nETag: \"8031dd2a1a17dc1:0\"\r\nX-Powered-By: ASP.NET-115.4.174\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache22.l2cn2647[18,18,200-0,M], cache74.l2cn2647[19,0], kunlun8.cn192[29,28,200-0,M], kunlun10.cn192[30,0]\r\nAli-Swift-Global-Savetime: 1761194588\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Thu, 23 Oct 2025 04:43:08 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01e17611945885645915e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":4286,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel","md5":"51e2a9f27f9120beffaec7f329e81823","sha1":"7c3af019012670c72dd7109197816764ef74402b","sha256":"2e43afd5ebab749bef91ace077c5821e3f0c880d0193d26a7ed96d8167b0e831","sha512":"061f4d9523392904763b68c4bfab61f904e09ed1f4e177db6c8dd94e6ac0beb991c234f54b485feb1565376f1969fc8f0cd24cada688a340c86344f053994c50","ssdeep":"24:suNyYA141pbkE94IUJ45ElCeTJqoe4vpphyEFDIjad5aapYyAo:X2o9kvIUsIpJFNEC4o","tlshash":"c291afe8221d55d2ebdca3b84637295f4b1a0c74e42083610e0d3f1326b6495f6a6505","first_seen":"2025-10-23T04:43:44.197247Z","last_seen":"2025-10-23T04:43:44.197247Z","times_seen":1,"resource_available":false,"data":null}},"time_used":263,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":262,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:08Z","timestamp":1761194588,"ip_dst":{"addr":"172.18.0.5","port":49014,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:08.742017+0000\",\"flow_id\":891633907812413,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":49014,\"proto\":\"TCP\",\"tx_id\":5,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/x-icon\",\"http_refer\":\"http://www.shalwell.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":705},\"files\":[{\"filename\":\"/Skins/143899/favicon.ico\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":705,\"tx_id\":5}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":235,\"pkts_toclient\":249,\"bytes_toserver\":15994,\"bytes_toclient\":361985,\"start\":\"2025-10-23T04:43:04.477245+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"shalwell.com/","fqdn":"shalwell.com","domain":"shalwell.com","tld":"com"},"ip":{"addr":"101.71.9.146","port":80,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-23T04:43:01.978Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: shalwell.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nServer: nginx/gxh\r\nDate: Thu, 23 Oct 2025 04:43:02 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nCache-Control: private\r\nLocation: http://www.shalwell.com\r\nX-AspNet-Version: 4.0.30319\r\nX-Powered-By: ASP.NET-4.170\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Microsoft ASP.NET:4.0.30319","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":777,"timings":{"blocked":254,"dns":1,"connect":259,"send":0,"wait":263,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.shalwell.com/Skins/143899/images/ewm.jpg","fqdn":"www.shalwell.com","domain":"shalwell.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.shalwell.com/","date":"2025-10-23T04:43:04.274Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/143899/images/ewm.jpg HTTP/1.1\r\nHost: www.shalwell.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.shalwell.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ASP.NET_SessionId=bqzyyuaf4pb05z2yr3ro0yvi; mtcached_mtsession_bqzyyuaf4pb05z2yr3ro0yvi=08c92760be0cc378455247eafb6c4b30fc0c376a1e9f65ff\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/jpeg\r\nContent-Length: 18865\r\nConnection: keep-alive\r\nDate: Thu, 23 Oct 2025 04:43:05 GMT\r\nLast-Modified: Wed, 27 Aug 2025 06:16:16 GMT\r\nAccept-Ranges: bytes\r\nETag: \"0f862181a17dc1:0\"\r\nX-Powered-By: ASP.NET-115.4.177\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache33.l2cn8786[22,21,200-0,M], cache68.l2cn8786[23,0], kunlun8.cn192[84,84,200-0,M], kunlun7.cn192[85,0]\r\nAli-Swift-Global-Savetime: 1761194585\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Thu, 23 Oct 2025 04:43:05 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01b17611945856203795e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":18865,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 150x150, components 3","md5":"1bc904c0136117de9f93a004a2c6d83a","sha1":"5bd17fd755c613fadb527623155980efeb8852ee","sha256":"a3c03367655911f84f09f4d15b469cbd87b0d64873579892995b5ef607f77b50","sha512":"d4c4b6a6889ca2dd32a62ac0afac72162da44338926d7e974476a8d2fe12ad6d2fd01dddd87c717b62c7e31c4c93dd7bd8f120c67289cd249b19cd492ff37a40","ssdeep":"384:+H/aXqEHAm89PYbvM6iMGmtQI8Wn/IhepdHOSkAXWf/oSKXbSNwR0g:y/gqZ81GqQIT/o5AGfwSsiAp","tlshash":"8682d059f44b2e21e4480432342f79d76f21775cc8f5942162badce2f9305eaf70aa9a","first_seen":"2025-10-23T04:43:44.259946Z","last_seen":"2025-10-23T04:43:44.259946Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1612,"timings":{"blocked":1248,"dns":0,"connect":0,"send":0,"wait":339,"receive":25,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:05Z","timestamp":1761194585,"ip_dst":{"addr":"172.18.0.5","port":48970,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:05.863791+0000\",\"flow_id\":161085740578150,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48970,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/ewm.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.shalwell.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2065},\"files\":[{\"filename\":\"/Skins/143899/images/ewm.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":2065,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":59,\"pkts_toclient\":75,\"bytes_toserver\":4224,\"bytes_toclient\":105221,\"start\":\"2025-10-23T04:43:04.226662+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.shalwell.com/Skins/143899/images/morejt.png","fqdn":"www.shalwell.com","domain":"shalwell.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.shalwell.com/","date":"2025-10-23T04:43:06.790Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/143899/images/morejt.png HTTP/1.1\r\nHost: www.shalwell.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.shalwell.com/Skins/143899/css/style.css\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ASP.NET_SessionId=bqzyyuaf4pb05z2yr3ro0yvi; mtcached_mtsession_bqzyyuaf4pb05z2yr3ro0yvi=08c92760be0cc378455247eafb6c4b30fc0c376a1e9f65ff\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 2464\r\nConnection: keep-alive\r\nDate: Thu, 23 Oct 2025 04:43:06 GMT\r\nLast-Modified: Wed, 27 Aug 2025 06:16:23 GMT\r\nAccept-Ranges: bytes\r\nETag: \"80158f1c1a17dc1:0\"\r\nX-Powered-By: ASP.NET-115.4.174\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache14.l2cn2647[18,17,200-0,M], cache45.l2cn2647[19,0], kunlun7.cn192[29,29,200-0,M], kunlun9.cn192[30,0]\r\nAli-Swift-Global-Savetime: 1761194586\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Thu, 23 Oct 2025 04:43:06 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01d17611945868811632e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":2464,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced","md5":"c831edb956d626cfd991255b172797ae","sha1":"7254408fdec4f8b94a8fb6c4d7b2b90037bb742d","sha256":"29de051144a5f54260ee9b44dc18adb12f155353062bd7439efe0a5b3735266c","sha512":"39d723aedaf152ed101494f9b253c008fbaf37d14b0155d049b12965cb4d8da2cf4066328f1d8a324b02157df41db4ccb28fbef0d9d4d0ab6b56d06eb7fb8c75","ssdeep":"","tlshash":"3b514309bc516c911a0ef58a9efc524397b70fc08f52541aaeddcc525d204f98edd5cb","first_seen":"2025-03-09T15:25:07.227511Z","last_seen":"2026-03-20T10:57:50.320484Z","times_seen":23,"resource_available":false,"data":null}},"time_used":293,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":292,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:07Z","timestamp":1761194587,"ip_dst":{"addr":"172.18.0.5","port":48960,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:07.073761+0000\",\"flow_id\":1146256748998897,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48960,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/morejt.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":20,\"pkts_toclient\":20,\"bytes_toserver\":2674,\"bytes_toclient\":19167,\"start\":\"2025-10-23T04:43:04.225521+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.shalwell.com/Skins/143899/images/footli1.png","fqdn":"www.shalwell.com","domain":"shalwell.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.shalwell.com/","date":"2025-10-23T04:43:06.807Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/143899/images/footli1.png HTTP/1.1\r\nHost: www.shalwell.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.shalwell.com/Skins/143899/css/style.css\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ASP.NET_SessionId=bqzyyuaf4pb05z2yr3ro0yvi; mtcached_mtsession_bqzyyuaf4pb05z2yr3ro0yvi=08c92760be0cc378455247eafb6c4b30fc0c376a1e9f65ff\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 2749\r\nConnection: keep-alive\r\nDate: Thu, 23 Oct 2025 04:43:07 GMT\r\nLast-Modified: Wed, 27 Aug 2025 06:16:28 GMT\r\nAccept-Ranges: bytes\r\nETag: \"068a1f1a17dc1:0\"\r\nX-Powered-By: ASP.NET-115.4.171\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache14.l2cn2647[22,22,200-0,M], cache42.l2cn2647[23,0], kunlun10.cn192[37,37,200-0,M], kunlun6.cn192[39,0]\r\nAli-Swift-Global-Savetime: 1761194587\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Thu, 23 Oct 2025 04:43:07 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01a17611945875262964e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":2749,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 19 x 19, 8-bit/color RGBA, non-interlaced","md5":"bfa6cce8bd645b1ece91b138416de875","sha1":"6635e91cf84837a9b62520cb3b18b6e2b7ec701f","sha256":"b433844a4d6b59513e62ee8231d0a630bc1ace58a00e5d12b2e89a2e10904e60","sha512":"8e2274061261a2b05afb3067d9846fc5192af8a7620670fbfd0925443ad607acfef5ec6c38493dfe259395e875f92442ac23e3fab4beaeb14b15eceef2204039","ssdeep":"","tlshash":"c6516348fc9068905a5df985aafda046a6f74fc08e912859edc8cc032d605fdcdda9c7","first_seen":"2025-03-09T15:25:07.238052Z","last_seen":"2026-03-20T10:57:50.322092Z","times_seen":26,"resource_available":false,"data":null}},"time_used":912,"timings":{"blocked":609,"dns":0,"connect":0,"send":0,"wait":302,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:18Z","timestamp":1761194598,"ip_dst":{"addr":"172.18.0.5","port":48946,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:18.055094+0000\",\"flow_id\":212840096437179,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48946,\"proto\":\"TCP\",\"tx_id\":5,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/footli1.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2749},\"files\":[{\"filename\":\"/Skins/143899/images/footli1.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2749,\"tx_id\":5}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":35,\"pkts_toclient\":43,\"bytes_toserver\":5115,\"bytes_toclient\":42073,\"start\":\"2025-10-23T04:43:03.693179+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.shalwell.com/Skins/143899/images/footli3.png","fqdn":"www.shalwell.com","domain":"shalwell.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.shalwell.com/","date":"2025-10-23T04:43:06.809Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/143899/images/footli3.png HTTP/1.1\r\nHost: www.shalwell.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.shalwell.com/Skins/143899/css/style.css\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ASP.NET_SessionId=bqzyyuaf4pb05z2yr3ro0yvi; mtcached_mtsession_bqzyyuaf4pb05z2yr3ro0yvi=08c92760be0cc378455247eafb6c4b30fc0c376a1e9f65ff\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 2636\r\nConnection: keep-alive\r\nDate: Thu, 23 Oct 2025 04:43:07 GMT\r\nLast-Modified: Wed, 27 Aug 2025 06:16:28 GMT\r\nAccept-Ranges: bytes\r\nETag: \"068a1f1a17dc1:0\"\r\nX-Powered-By: ASP.NET-115.4.174\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache61.l2cn1823[15,14,200-0,M], cache14.l2cn1823[18,0], kunlun10.cn192[66,66,200-0,M], kunlun7.cn192[67,0]\r\nAli-Swift-Global-Savetime: 1761194587\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Thu, 23 Oct 2025 04:43:07 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01b17611945875658548e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":2636,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 19 x 19, 8-bit/color RGBA, non-interlaced","md5":"e219780f2dc9c2e082c44507df3b50d5","sha1":"0fecbfe7541cf18218e369255d2baa5c5d609da4","sha256":"09d36a2a12fe418eb1ae90744d345dbd7e4c8f9994294a8e437240a5d1580272","sha512":"520008d3969d5c04eb7199ff71cbebf4400a8b861a5ed3d56c83ba8fb155fc0310f2789896580c2858e827d3f3c44f1ec18dda07040f4776f7874f0692bd9dfe","ssdeep":"","tlshash":"db516348fc929c80591df449a5fc614763bb0ec09e9124495ec8c8239d309fdded96cb","first_seen":"2025-03-09T15:25:07.221793Z","last_seen":"2026-03-20T10:57:50.313151Z","times_seen":25,"resource_available":false,"data":null}},"time_used":992,"timings":{"blocked":648,"dns":0,"connect":0,"send":0,"wait":343,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:18Z","timestamp":1761194598,"ip_dst":{"addr":"172.18.0.5","port":48966,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:18.319256+0000\",\"flow_id\":1420627849802037,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48966,\"proto\":\"TCP\",\"tx_id\":4,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/footli3.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2636},\"files\":[{\"filename\":\"/Skins/143899/images/footli3.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2636,\"tx_id\":4}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":228,\"pkts_toclient\":245,\"bytes_toserver\":15016,\"bytes_toclient\":351769,\"start\":\"2025-10-23T04:43:04.225589+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"chat.zyzhan.com/Content/css/exchange_new_2.css?v=20231213001","fqdn":"chat.zyzhan.com","domain":"zyzhan.com","tld":"com"},"ip":{"addr":"180.163.146.111","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://www.shalwell.com/","date":"2025-10-23T04:43:05.606Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Content/css/exchange_new_2.css?v=20231213001 HTTP/1.1\r\nHost: chat.zyzhan.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.shalwell.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: text/css\r\nContent-Length: 6184\r\nConnection: keep-alive\r\nDate: Thu, 23 Oct 2025 04:35:23 GMT\r\nAccept-Ranges: bytes\r\nX-Powered-By: ASP.NET-hg4.91\r\nContent-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval' data:;\r\nVia: cache44.l2cn8000[35,35,304-0,H], cache4.l2cn8000[36,0], kunlun5.cn7174[0,0,200-0,H], kunlun10.cn7174[1,0]\r\nVary: Accept-Encoding\r\nLast-Modified: Tue, 07 Nov 2023 10:02:38 GMT\r\nETag: W/\"c1728a6111da1:0\"\r\nContent-Encoding: gzip\r\nAge: 462\r\nAli-Swift-Global-Savetime: 1761194123\r\nX-Cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nX-Swift-SaveTime: Thu, 23 Oct 2025 04:35:23 GMT\r\nX-Swift-CacheTime: 3600\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921e17611945857015486e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":29641,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with CRLF line terminators","md5":"d1a6e207716d512c7ea2fa3645eaa06a","sha1":"f63a80437a195fe2dece22b1c9b25d0b08ab1496","sha256":"05c1cf358bea15c76a3bb33c0d0fe02ec4915af07160bdc96c76f97fe15f8289","sha512":"6afbeb19c13f676bc8bfaf20777f4b792b64782f1e6601323255c31d398e0836b7bf7d4dc3136b308d613a62e22b35779f39868fe5bb63cc0553d4f7ceed9a0e","ssdeep":"384:ASb7R4315NeRuQbvUsBCYQ5bJ5oBn24GI2YSD8BjPJYKi4C96Yl5QrVXbkuuZm+O:nIGBCZ0DBjI4C96Yl578wUtT","tlshash":"86d244761a292246716be3e5f833c3ca963d8043f603177c79ee38a1d28da6550777d2","first_seen":"2025-04-13T08:11:41.683996Z","last_seen":"2026-04-02T14:38:09.533032Z","times_seen":39,"resource_available":false,"data":null}},"time_used":289,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":241,"receive":48,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.shalwell.com/Skins/143899/images/flbtbg1.png","fqdn":"www.shalwell.com","domain":"shalwell.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.shalwell.com/","date":"2025-10-23T04:43:06.794Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/143899/images/flbtbg1.png HTTP/1.1\r\nHost: www.shalwell.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.shalwell.com/Skins/143899/css/style.css\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ASP.NET_SessionId=bqzyyuaf4pb05z2yr3ro0yvi; mtcached_mtsession_bqzyyuaf4pb05z2yr3ro0yvi=08c92760be0cc378455247eafb6c4b30fc0c376a1e9f65ff\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 8691\r\nConnection: keep-alive\r\nDate: Thu, 23 Oct 2025 04:43:06 GMT\r\nLast-Modified: Wed, 27 Aug 2025 06:16:29 GMT\r\nAccept-Ranges: bytes\r\nETag: \"809c22201a17dc1:0\"\r\nX-Powered-By: ASP.NET-115.4.176\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache53.l2cn2655[21,21,200-0,M], cache6.l2cn2655[23,0], kunlun1.cn192[62,61,200-0,M], kunlun9.cn192[64,0]\r\nAli-Swift-Global-Savetime: 1761194586\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Thu, 23 Oct 2025 04:43:06 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01d17611945868721616e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":8691,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 89 x 165, 8-bit/color RGBA, non-interlaced","md5":"3cece6dd8e07bd31d6eaf22b0bbbea77","sha1":"8abbe997fb0eb2b83919d569087af5750d4a1a65","sha256":"7f622ddebc9d52e35bdc347ec3c5bb1585f74469719c71cf227cc2266a3b6895","sha512":"63a1d9043818e0d61b647e8520d8e00796ec48dd98bb4e8924e24d4aa760a96a732e63c4fbe1b8c657e3aa19fa2aa4b2ac3a39f139a449a77560e01c68d0e286","ssdeep":"192:VSr7F8knErDDig0Cg97CBk/XfjTgiuf+6I63q/Exnix2ZEaO:0rNnEbf0Cs7ES7TgBftq/Ec8eaO","tlshash":"8c028d08efe0281489ced9b6bdfdd59b26335a80d6e28000fccd8c0634551b9d55ebdb","first_seen":"2025-03-09T15:25:07.219889Z","last_seen":"2026-03-20T10:57:50.297275Z","times_seen":26,"resource_available":false,"data":null}},"time_used":301,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":299,"receive":2,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:07Z","timestamp":1761194587,"ip_dst":{"addr":"172.18.0.5","port":49002,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:07.087246+0000\",\"flow_id\":467656211187714,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":49002,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/flbtbg1.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":785,\"bytes_toclient\":2438,\"start\":\"2025-10-23T04:43:04.477186+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.shalwell.com/Skins/143899/images/kf4_imgs/kefu-tb.png","fqdn":"www.shalwell.com","domain":"shalwell.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.shalwell.com/","date":"2025-10-23T04:43:06.810Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/143899/images/kf4_imgs/kefu-tb.png HTTP/1.1\r\nHost: www.shalwell.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.shalwell.com/Skins/143899/css/style.css\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ASP.NET_SessionId=bqzyyuaf4pb05z2yr3ro0yvi; mtcached_mtsession_bqzyyuaf4pb05z2yr3ro0yvi=08c92760be0cc378455247eafb6c4b30fc0c376a1e9f65ff\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 2541\r\nConnection: keep-alive\r\nDate: Thu, 23 Oct 2025 04:43:07 GMT\r\nLast-Modified: Wed, 27 Aug 2025 06:15:59 GMT\r\nAccept-Ranges: bytes\r\nETag: \"80f940e1a17dc1:0\"\r\nX-Powered-By: ASP.NET-115.4.173\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache70.l2cn2655[66,65,200-0,M], cache36.l2cn2655[68,0], kunlun6.cn192[86,86,200-0,M], kunlun9.cn192[87,0]\r\nAli-Swift-Global-Savetime: 1761194587\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Thu, 23 Oct 2025 04:43:07 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01d17611945871912335e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":2541,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 40 x 160, 8-bit/color RGBA, non-interlaced","md5":"a335ec6a2832e9538e517e7763d0f2a9","sha1":"570173cabd26c3064d68a9130eb213beba808567","sha256":"ea7c3107d006f0e172b02a232b4ce73d8a8cd2ff2bf2f3607b3911b48318b6bb","sha512":"271d04beb64e9b4d6f415c8bfdcebef48a6d108ff9d35826b934920b4028bf9794578033626e1f9515a3906ed74444e6fdcce9d0ad6770004b32849d8e915a6f","ssdeep":"","tlshash":"9b512c8cb8d1bc43a45679c73cc27527e61a6950cac0f06b54cce5549c701bb0e1c2cf","first_seen":"2025-10-23T04:43:44.719431Z","last_seen":"2026-03-20T10:57:50.302937Z","times_seen":5,"resource_available":false,"data":null}},"time_used":631,"timings":{"blocked":279,"dns":0,"connect":0,"send":0,"wait":351,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-23T04:43:07Z","timestamp":1761194587,"ip_dst":{"addr":"172.18.0.5","port":48960,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-23T04:43:07.702570+0000\",\"flow_id\":1146256748998897,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.5\",\"dest_port\":48960,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.shalwell.com\",\"url\":\"/Skins/143899/images/kf4_imgs/kefu-tb.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.shalwell.com/Skins/143899/css/style.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2541},\"files\":[{\"filename\":\"/Skins/143899/images/kf4_imgs/kefu-tb.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2541,\"tx_id\":3}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":25,\"pkts_toclient\":26,\"bytes_toserver\":4063,\"bytes_toclient\":24242,\"start\":\"2025-10-23T04:43:04.225521+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"api.share.baidu.com/s.gif?l=http://www.shalwell.com/","fqdn":"api.share.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"180.101.212.103","port":80,"asn":134770,"as":"CHINANET Jiangsu province Suzhou taihu IDC network","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.shalwell.com/","date":"2025-10-23T04:43:07.412Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /s.gif?l=http://www.shalwell.com/ HTTP/1.1\r\nHost: api.share.baidu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.shalwell.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Length: 0\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 23 Oct 2025 04:43:08 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1279,"timings":{"blocked":514,"dns":273,"connect":243,"send":0,"wait":249,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}