{"report_id":"791b7e03-9606-481d-9bf0-1570633012d0","version":6,"status":"done","tags":[],"date":"2025-10-26T20:01:33Z","url":{"schema":"http","addr":"nikefj.com/","fqdn":"nikefj.com","domain":"nikefj.com","tld":"com"},"ip":{"addr":"104.165.182.5","port":0,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"final":{"url":{"schema":"http","addr":"www.nikefj.com/","fqdn":"www.nikefj.com","domain":"nikefj.com","tld":"com"},"title":"中国·宝马bm555线路检测(股份)有限公司-官方網站","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":""}},"submit":{"url":{"schema":"http","addr":"nikefj.com/","fqdn":"nikefj.com","domain":"nikefj.com","tld":"com"},"ip":{"addr":"104.165.182.5","port":0,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"tags":null,"meta":null,"user":{"country_code":"zz"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-30T20:01:33Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":23,"urlquery":0,"analyzer":0}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:15Z","timestamp":1761508875,"ip_dst":{"addr":"172.18.0.23","port":49484,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:15.971955+0000\",\"flow_id\":2194440492675602,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49484,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/banner3.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":6555},\"files\":[{\"filename\":\"/Skins/106778/images/banner3.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":6555,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":8,\"bytes_toserver\":909,\"bytes_toclient\":8974,\"start\":\"2025-10-26T20:01:15.455186+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:16Z","timestamp":1761508876,"ip_dst":{"addr":"172.18.0.23","port":49444,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:16.034218+0000\",\"flow_id\":1237218983932114,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49444,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/skins/106778/images/ewm.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":6806},\"files\":[{\"filename\":\"/skins/106778/images/ewm.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":6806,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":8,\"bytes_toserver\":905,\"bytes_toclient\":8726,\"start\":\"2025-10-26T20:01:15.454866+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:16Z","timestamp":1761508876,"ip_dst":{"addr":"172.18.0.23","port":49482,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:16.081073+0000\",\"flow_id\":1702980269896140,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49482,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/ewm.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":3910},\"files\":[{\"filename\":\"/Skins/106778/images/ewm.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":3910,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":6,\"bytes_toserver\":773,\"bytes_toclient\":6196,\"start\":\"2025-10-26T20:01:15.455116+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:16Z","timestamp":1761508876,"ip_dst":{"addr":"172.18.0.23","port":49454,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:16.082582+0000\",\"flow_id\":1973404295754026,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49454,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/banner1.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":6556},\"files\":[{\"filename\":\"/Skins/106778/images/banner1.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":6556,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":8,\"bytes_toserver\":933,\"bytes_toclient\":8974,\"start\":\"2025-10-26T20:01:15.454954+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:16Z","timestamp":1761508876,"ip_dst":{"addr":"172.18.0.23","port":49468,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:16.134595+0000\",\"flow_id\":834033223987576,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49468,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/banner2.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":6806},\"files\":[{\"filename\":\"/Skins/106778/images/banner2.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":6806,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":8,\"bytes_toserver\":909,\"bytes_toclient\":8726,\"start\":\"2025-10-26T20:01:15.455032+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:16Z","timestamp":1761508876,"ip_dst":{"addr":"172.18.0.23","port":49514,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:16.587485+0000\",\"flow_id\":1644330343974288,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49514,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/footli3.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2636},\"files\":[{\"filename\":\"/Skins/106778/images/footli3.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2636,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":6,\"bytes_toserver\":1238,\"bytes_toclient\":3504,\"start\":\"2025-10-26T20:01:15.705936+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:16Z","timestamp":1761508876,"ip_dst":{"addr":"172.18.0.23","port":49444,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:16.912428+0000\",\"flow_id\":1237218983932114,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49444,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/ssico.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2639},\"files\":[{\"filename\":\"/Skins/106778/images/ssico.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2639,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":21,\"pkts_toclient\":21,\"bytes_toserver\":2507,\"bytes_toclient\":26343,\"start\":\"2025-10-26T20:01:15.454866+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:16Z","timestamp":1761508876,"ip_dst":{"addr":"172.18.0.23","port":49514,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:16.938419+0000\",\"flow_id\":1644330343974288,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49514,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/mulu2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1050},\"files\":[{\"filename\":\"/Skins/106778/images/mulu2.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":1050,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":10,\"pkts_toclient\":8,\"bytes_toserver\":1821,\"bytes_toclient\":6532,\"start\":\"2025-10-26T20:01:15.705936+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:16Z","timestamp":1761508876,"ip_dst":{"addr":"172.18.0.23","port":49530,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:16.992869+0000\",\"flow_id\":258958577878512,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49530,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/kefu.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":6807},\"files\":[{\"filename\":\"/Skins/106778/images/kefu.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":6807,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":8,\"bytes_toserver\":906,\"bytes_toclient\":8726,\"start\":\"2025-10-26T20:01:15.706032+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:18Z","timestamp":1761508878,"ip_dst":{"addr":"172.18.0.23","port":49514,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:18.328684+0000\",\"flow_id\":1644330343974288,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49514,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/flbtbg2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":6513},\"files\":[{\"filename\":\"/Skins/106778/images/flbtbg2.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":6513,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":13,\"pkts_toclient\":13,\"bytes_toserver\":2404,\"bytes_toclient\":13806,\"start\":\"2025-10-26T20:01:15.705936+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:18Z","timestamp":1761508878,"ip_dst":{"addr":"172.18.0.23","port":49522,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:18.384258+0000\",\"flow_id\":1605299828671936,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49522,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/zxbtn.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":4845},\"files\":[{\"filename\":\"/Skins/106778/images/zxbtn.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":4845,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":7,\"bytes_toserver\":1280,\"bytes_toclient\":7194,\"start\":\"2025-10-26T20:01:15.705984+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:18Z","timestamp":1761508878,"ip_dst":{"addr":"172.18.0.23","port":49500,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:18.384527+0000\",\"flow_id\":237002705061170,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49500,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/mulu0.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1915},\"files\":[{\"filename\":\"/Skins/106778/images/mulu0.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":1915,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":5,\"bytes_toserver\":1148,\"bytes_toclient\":4132,\"start\":\"2025-10-26T20:01:15.705842+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:18Z","timestamp":1761508878,"ip_dst":{"addr":"172.18.0.23","port":49482,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:18.384564+0000\",\"flow_id\":1702980269896140,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49482,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/indbkbg.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":4526},\"files\":[{\"filename\":\"/Skins/106778/images/indbkbg.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":4526,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":24,\"pkts_toclient\":22,\"bytes_toserver\":2743,\"bytes_toclient\":27193,\"start\":\"2025-10-26T20:01:15.455116+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:18Z","timestamp":1761508878,"ip_dst":{"addr":"172.18.0.23","port":49444,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:18.384267+0000\",\"flow_id\":1237218983932114,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49444,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/flbtbg1.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":8691},\"files\":[{\"filename\":\"/Skins/106778/images/flbtbg1.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":8691,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":23,\"pkts_toclient\":28,\"bytes_toserver\":3012,\"bytes_toclient\":35927,\"start\":\"2025-10-26T20:01:15.454866+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:18Z","timestamp":1761508878,"ip_dst":{"addr":"172.18.0.23","port":49514,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:18.597535+0000\",\"flow_id\":1644330343974288,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49514,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/footli1.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2749},\"files\":[{\"filename\":\"/Skins/106778/images/footli1.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2749,\"tx_id\":3}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":16,\"pkts_toclient\":16,\"bytes_toserver\":2986,\"bytes_toclient\":15978,\"start\":\"2025-10-26T20:01:15.705936+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:18Z","timestamp":1761508878,"ip_dst":{"addr":"172.18.0.23","port":49522,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:18.680541+0000\",\"flow_id\":1605299828671936,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49522,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/morejt2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2742},\"files\":[{\"filename\":\"/Skins/106778/images/morejt2.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2742,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":12,\"pkts_toclient\":10,\"bytes_toserver\":1928,\"bytes_toclient\":10565,\"start\":\"2025-10-26T20:01:15.705984+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:18Z","timestamp":1761508878,"ip_dst":{"addr":"172.18.0.23","port":49444,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:18.688824+0000\",\"flow_id\":1237218983932114,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49444,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/kefu-tb.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":20057},\"files\":[{\"filename\":\"/Skins/106778/images/kefu-tb.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":20057,\"tx_id\":3}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":25,\"pkts_toclient\":43,\"bytes_toserver\":3519,\"bytes_toclient\":57407,\"start\":\"2025-10-26T20:01:15.454866+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:18Z","timestamp":1761508878,"ip_dst":{"addr":"172.18.0.23","port":49444,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:18.689402+0000\",\"flow_id\":1237218983932114,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49444,\"proto\":\"TCP\",\"tx_id\":4,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/indnew_bg.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":7756},\"files\":[{\"filename\":\"/Skins/106778/images/indnew_bg.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":7756,\"tx_id\":4}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":26,\"pkts_toclient\":49,\"bytes_toserver\":3585,\"bytes_toclient\":65993,\"start\":\"2025-10-26T20:01:15.454866+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:28Z","timestamp":1761508888,"ip_dst":{"addr":"172.18.0.23","port":49500,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:28.710106+0000\",\"flow_id\":237002705061170,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49500,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/footli2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2021},\"files\":[{\"filename\":\"/Skins/106778/images/footli2.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2021,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":7,\"bytes_toserver\":1346,\"bytes_toclient\":5268,\"start\":\"2025-10-26T20:01:15.705842+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:28Z","timestamp":1761508888,"ip_dst":{"addr":"172.18.0.23","port":49530,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:28.710501+0000\",\"flow_id\":258958577878512,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49530,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/arrows1.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1360},\"files\":[{\"filename\":\"/Skins/106778/images/arrows1.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":1360,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":17,\"pkts_toclient\":15,\"bytes_toserver\":1873,\"bytes_toclient\":16297,\"start\":\"2025-10-26T20:01:15.706032+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:28Z","timestamp":1761508888,"ip_dst":{"addr":"172.18.0.23","port":49482,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:28.774472+0000\",\"flow_id\":1702980269896140,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49482,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/arrows2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1362},\"files\":[{\"filename\":\"/Skins/106778/images/arrows2.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":1362,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":27,\"pkts_toclient\":24,\"bytes_toserver\":2953,\"bytes_toclient\":28773,\"start\":\"2025-10-26T20:01:15.455116+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:28Z","timestamp":1761508888,"ip_dst":{"addr":"172.18.0.23","port":49522,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:28.965899+0000\",\"flow_id\":1605299828671936,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49522,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/morejt.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2464},\"files\":[{\"filename\":\"/Skins/106778/images/morejt.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2464,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":14,\"pkts_toclient\":12,\"bytes_toserver\":2060,\"bytes_toclient\":12144,\"start\":\"2025-10-26T20:01:15.705984+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:28Z","timestamp":1761508888,"ip_dst":{"addr":"172.18.0.23","port":49514,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:28.975737+0000\",\"flow_id\":1644330343974288,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49514,\"proto\":\"TCP\",\"tx_id\":4,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/artico.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2706},\"files\":[{\"filename\":\"/Skins/106778/images/artico.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2706,\"tx_id\":4}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":20,\"pkts_toclient\":19,\"bytes_toserver\":3274,\"bytes_toclient\":19072,\"start\":\"2025-10-26T20:01:15.705936+0000\"}}"}],"analyzer":null,"urlquery":null},"summary":[{"fqdn":"img60.zyzhan.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2006-01-21","domain_rank":0,"first_seen":"2013-10-30T09:45:28Z","last_seen":"2025-06-27T03:23:02.750472Z","alert_count":0,"request_count":1,"received_data":0,"sent_data":456,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.zyzhan.com","ip":{"addr":"180.163.146.117","port":443,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"domain_registered":"2006-01-21","domain_rank":7308161,"first_seen":"2013-02-06T20:53:34Z","last_seen":"2025-10-23T04:43:27.287771Z","alert_count":0,"request_count":2,"received_data":4972,"sent_data":1428,"comment":"","tags":null,"fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET:4.0.30319","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}]},{"fqdn":"fuwanjia666.com","ip":{"addr":"143.92.57.57","port":33888,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"domain_registered":"2025-04-28","domain_rank":6763016,"first_seen":"2025-05-08T17:24:56.728732Z","last_seen":"2025-10-19T01:38:42.557091Z","alert_count":0,"request_count":1,"received_data":3292,"sent_data":813,"comment":"","tags":null,"fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"collect-v6.51.la","ip":{"addr":"43.174.227.41","port":80,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"domain_registered":"2005-01-17","domain_rank":348646,"first_seen":"2021-03-08T16:03:54Z","last_seen":"2025-10-20T01:32:15.93082Z","alert_count":0,"request_count":2,"received_data":724,"sent_data":780,"comment":"","tags":null,"fingerprints":null},{"fqdn":"img46.zyzhan.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2006-01-21","domain_rank":0,"first_seen":"2025-10-26T20:01:34.665996Z","last_seen":"2025-10-26T20:01:34.665996Z","alert_count":0,"request_count":2,"received_data":402,"sent_data":992,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}]},{"fqdn":"push.zhanzhang.baidu.com","ip":{"addr":"182.61.201.94","port":80,"asn":38365,"as":"Beijing Baidu Netcom Science and Technology Co., Ltd.","country":"China","country_code":"CN"},"domain_registered":"1999-10-11","domain_rank":1485849,"first_seen":"2015-07-22T05:44:02Z","last_seen":"2025-10-22T03:11:32.073064Z","alert_count":0,"request_count":1,"received_data":426,"sent_data":337,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.nikefj.com","ip":{"addr":"104.165.182.5","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":37,"received_data":1031132,"sent_data":14237,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]},{"fqdn":"www.szkqet.com","ip":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":23,"request_count":27,"received_data":424054,"sent_data":10028,"comment":"","tags":null,"fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}]},{"fqdn":"test.xinxiyidiantong.com","ip":{"addr":"27.124.44.50","port":2096,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"domain_registered":"2019-08-03","domain_rank":0,"first_seen":"2021-06-25T14:04:50Z","last_seen":"2025-10-22T11:28:57.365548Z","alert_count":0,"request_count":13,"received_data":240545,"sent_data":6206,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"img53.zyzhan.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2006-01-21","domain_rank":0,"first_seen":"2013-10-30T08:45:31Z","last_seen":"2025-01-03T04:30:15.966311Z","alert_count":0,"request_count":2,"received_data":403,"sent_data":992,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"api.share.baidu.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"1999-10-11","domain_rank":1421601,"first_seen":"2013-04-25T14:45:11Z","last_seen":"2025-10-21T09:23:10.233185Z","alert_count":0,"request_count":1,"received_data":0,"sent_data":377,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fcl.xueyuxingfeng.com","ip":{"addr":"27.124.44.6","port":6987,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"domain_registered":"2021-06-17","domain_rank":0,"first_seen":"2021-06-17T13:30:21Z","last_seen":"2025-10-22T06:01:37.957798Z","alert_count":0,"request_count":1,"received_data":3645,"sent_data":427,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"hm.baidu.com","ip":{"addr":"14.215.182.140","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"domain_registered":"1999-10-11","domain_rank":54491,"first_seen":"2012-05-26T08:38:45Z","last_seen":"2025-10-19T23:40:29.795237Z","alert_count":0,"request_count":1,"received_data":175,"sent_data":437,"comment":"","tags":null,"fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"nikefj.com","ip":{"addr":"104.165.182.5","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"domain_registered":"2025-07-17","domain_rank":0,"first_seen":"2025-10-26T20:01:34.66451Z","last_seen":"2025-10-26T20:01:34.66451Z","alert_count":0,"request_count":2,"received_data":190,"sent_data":874,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:15Z","timestamp":1761508875,"ip_dst":{"addr":"172.18.0.23","port":49484,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:15.971955+0000\",\"flow_id\":2194440492675602,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49484,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/banner3.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":6555},\"files\":[{\"filename\":\"/Skins/106778/images/banner3.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":6555,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":8,\"bytes_toserver\":909,\"bytes_toclient\":8974,\"start\":\"2025-10-26T20:01:15.455186+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:16Z","timestamp":1761508876,"ip_dst":{"addr":"172.18.0.23","port":49444,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:16.034218+0000\",\"flow_id\":1237218983932114,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49444,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/skins/106778/images/ewm.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":6806},\"files\":[{\"filename\":\"/skins/106778/images/ewm.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":6806,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":8,\"bytes_toserver\":905,\"bytes_toclient\":8726,\"start\":\"2025-10-26T20:01:15.454866+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:16Z","timestamp":1761508876,"ip_dst":{"addr":"172.18.0.23","port":49482,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:16.081073+0000\",\"flow_id\":1702980269896140,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49482,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/ewm.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":3910},\"files\":[{\"filename\":\"/Skins/106778/images/ewm.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":3910,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":6,\"bytes_toserver\":773,\"bytes_toclient\":6196,\"start\":\"2025-10-26T20:01:15.455116+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:16Z","timestamp":1761508876,"ip_dst":{"addr":"172.18.0.23","port":49454,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:16.082582+0000\",\"flow_id\":1973404295754026,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49454,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/banner1.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":6556},\"files\":[{\"filename\":\"/Skins/106778/images/banner1.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":6556,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":8,\"bytes_toserver\":933,\"bytes_toclient\":8974,\"start\":\"2025-10-26T20:01:15.454954+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:16Z","timestamp":1761508876,"ip_dst":{"addr":"172.18.0.23","port":49468,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:16.134595+0000\",\"flow_id\":834033223987576,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49468,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/banner2.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":6806},\"files\":[{\"filename\":\"/Skins/106778/images/banner2.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":6806,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":8,\"bytes_toserver\":909,\"bytes_toclient\":8726,\"start\":\"2025-10-26T20:01:15.455032+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:16Z","timestamp":1761508876,"ip_dst":{"addr":"172.18.0.23","port":49514,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:16.587485+0000\",\"flow_id\":1644330343974288,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49514,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/footli3.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2636},\"files\":[{\"filename\":\"/Skins/106778/images/footli3.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2636,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":6,\"bytes_toserver\":1238,\"bytes_toclient\":3504,\"start\":\"2025-10-26T20:01:15.705936+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:16Z","timestamp":1761508876,"ip_dst":{"addr":"172.18.0.23","port":49444,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:16.912428+0000\",\"flow_id\":1237218983932114,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49444,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/ssico.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2639},\"files\":[{\"filename\":\"/Skins/106778/images/ssico.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2639,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":21,\"pkts_toclient\":21,\"bytes_toserver\":2507,\"bytes_toclient\":26343,\"start\":\"2025-10-26T20:01:15.454866+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:16Z","timestamp":1761508876,"ip_dst":{"addr":"172.18.0.23","port":49514,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:16.938419+0000\",\"flow_id\":1644330343974288,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49514,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/mulu2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1050},\"files\":[{\"filename\":\"/Skins/106778/images/mulu2.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":1050,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":10,\"pkts_toclient\":8,\"bytes_toserver\":1821,\"bytes_toclient\":6532,\"start\":\"2025-10-26T20:01:15.705936+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:16Z","timestamp":1761508876,"ip_dst":{"addr":"172.18.0.23","port":49530,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:16.992869+0000\",\"flow_id\":258958577878512,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49530,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/kefu.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":6807},\"files\":[{\"filename\":\"/Skins/106778/images/kefu.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":6807,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":8,\"bytes_toserver\":906,\"bytes_toclient\":8726,\"start\":\"2025-10-26T20:01:15.706032+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:18Z","timestamp":1761508878,"ip_dst":{"addr":"172.18.0.23","port":49514,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:18.328684+0000\",\"flow_id\":1644330343974288,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49514,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/flbtbg2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":6513},\"files\":[{\"filename\":\"/Skins/106778/images/flbtbg2.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":6513,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":13,\"pkts_toclient\":13,\"bytes_toserver\":2404,\"bytes_toclient\":13806,\"start\":\"2025-10-26T20:01:15.705936+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:18Z","timestamp":1761508878,"ip_dst":{"addr":"172.18.0.23","port":49522,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:18.384258+0000\",\"flow_id\":1605299828671936,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49522,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/zxbtn.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":4845},\"files\":[{\"filename\":\"/Skins/106778/images/zxbtn.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":4845,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":7,\"bytes_toserver\":1280,\"bytes_toclient\":7194,\"start\":\"2025-10-26T20:01:15.705984+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:18Z","timestamp":1761508878,"ip_dst":{"addr":"172.18.0.23","port":49500,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:18.384527+0000\",\"flow_id\":237002705061170,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49500,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/mulu0.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1915},\"files\":[{\"filename\":\"/Skins/106778/images/mulu0.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":1915,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":5,\"bytes_toserver\":1148,\"bytes_toclient\":4132,\"start\":\"2025-10-26T20:01:15.705842+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:18Z","timestamp":1761508878,"ip_dst":{"addr":"172.18.0.23","port":49482,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:18.384564+0000\",\"flow_id\":1702980269896140,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49482,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/indbkbg.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":4526},\"files\":[{\"filename\":\"/Skins/106778/images/indbkbg.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":4526,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":24,\"pkts_toclient\":22,\"bytes_toserver\":2743,\"bytes_toclient\":27193,\"start\":\"2025-10-26T20:01:15.455116+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:18Z","timestamp":1761508878,"ip_dst":{"addr":"172.18.0.23","port":49444,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:18.384267+0000\",\"flow_id\":1237218983932114,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49444,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/flbtbg1.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":8691},\"files\":[{\"filename\":\"/Skins/106778/images/flbtbg1.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":8691,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":23,\"pkts_toclient\":28,\"bytes_toserver\":3012,\"bytes_toclient\":35927,\"start\":\"2025-10-26T20:01:15.454866+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:18Z","timestamp":1761508878,"ip_dst":{"addr":"172.18.0.23","port":49514,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:18.597535+0000\",\"flow_id\":1644330343974288,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49514,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/footli1.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2749},\"files\":[{\"filename\":\"/Skins/106778/images/footli1.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2749,\"tx_id\":3}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":16,\"pkts_toclient\":16,\"bytes_toserver\":2986,\"bytes_toclient\":15978,\"start\":\"2025-10-26T20:01:15.705936+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:18Z","timestamp":1761508878,"ip_dst":{"addr":"172.18.0.23","port":49522,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:18.680541+0000\",\"flow_id\":1605299828671936,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49522,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/morejt2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2742},\"files\":[{\"filename\":\"/Skins/106778/images/morejt2.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2742,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":12,\"pkts_toclient\":10,\"bytes_toserver\":1928,\"bytes_toclient\":10565,\"start\":\"2025-10-26T20:01:15.705984+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:18Z","timestamp":1761508878,"ip_dst":{"addr":"172.18.0.23","port":49444,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:18.688824+0000\",\"flow_id\":1237218983932114,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49444,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/kefu-tb.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":20057},\"files\":[{\"filename\":\"/Skins/106778/images/kefu-tb.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":20057,\"tx_id\":3}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":25,\"pkts_toclient\":43,\"bytes_toserver\":3519,\"bytes_toclient\":57407,\"start\":\"2025-10-26T20:01:15.454866+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:18Z","timestamp":1761508878,"ip_dst":{"addr":"172.18.0.23","port":49444,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:18.689402+0000\",\"flow_id\":1237218983932114,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49444,\"proto\":\"TCP\",\"tx_id\":4,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/indnew_bg.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":7756},\"files\":[{\"filename\":\"/Skins/106778/images/indnew_bg.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":7756,\"tx_id\":4}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":26,\"pkts_toclient\":49,\"bytes_toserver\":3585,\"bytes_toclient\":65993,\"start\":\"2025-10-26T20:01:15.454866+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:28Z","timestamp":1761508888,"ip_dst":{"addr":"172.18.0.23","port":49500,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:28.710106+0000\",\"flow_id\":237002705061170,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49500,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/footli2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2021},\"files\":[{\"filename\":\"/Skins/106778/images/footli2.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2021,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":7,\"bytes_toserver\":1346,\"bytes_toclient\":5268,\"start\":\"2025-10-26T20:01:15.705842+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:28Z","timestamp":1761508888,"ip_dst":{"addr":"172.18.0.23","port":49530,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:28.710501+0000\",\"flow_id\":258958577878512,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49530,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/arrows1.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1360},\"files\":[{\"filename\":\"/Skins/106778/images/arrows1.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":1360,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":17,\"pkts_toclient\":15,\"bytes_toserver\":1873,\"bytes_toclient\":16297,\"start\":\"2025-10-26T20:01:15.706032+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:28Z","timestamp":1761508888,"ip_dst":{"addr":"172.18.0.23","port":49482,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:28.774472+0000\",\"flow_id\":1702980269896140,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49482,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/arrows2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1362},\"files\":[{\"filename\":\"/Skins/106778/images/arrows2.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":1362,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":27,\"pkts_toclient\":24,\"bytes_toserver\":2953,\"bytes_toclient\":28773,\"start\":\"2025-10-26T20:01:15.455116+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:28Z","timestamp":1761508888,"ip_dst":{"addr":"172.18.0.23","port":49522,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:28.965899+0000\",\"flow_id\":1605299828671936,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49522,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/morejt.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2464},\"files\":[{\"filename\":\"/Skins/106778/images/morejt.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2464,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":14,\"pkts_toclient\":12,\"bytes_toserver\":2060,\"bytes_toclient\":12144,\"start\":\"2025-10-26T20:01:15.705984+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:28Z","timestamp":1761508888,"ip_dst":{"addr":"172.18.0.23","port":49514,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:28.975737+0000\",\"flow_id\":1644330343974288,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49514,\"proto\":\"TCP\",\"tx_id\":4,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/artico.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2706},\"files\":[{\"filename\":\"/Skins/106778/images/artico.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2706,\"tx_id\":4}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":20,\"pkts_toclient\":19,\"bytes_toserver\":3274,\"bytes_toclient\":19072,\"start\":\"2025-10-26T20:01:15.705936+0000\"}}"}]}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"www.nikefj.com/Skins/106778/js/customer.js","fqdn":"www.nikefj.com","domain":"nikefj.com","tld":"com"},"ip":{"addr":"104.165.182.5","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"cf45486f36fa46a4b8935adfb7b98079","sha1":"3ca5dcce696db8b2fb47249ca97781c8eefd0703","sha256":"9a8edece99ac33fd722a441e6fb87c04bf6ec46e344c6e7074fdea3cbc2d0a7e","sha512":"4baf16d3017de9a4f8f350d629afe1b7b26df7cdce6249fbfe794fef2f3f91b1841a4ade935db13af7829d7306e9fa979b964508e055868f710450800d48c5a3","ssdeep":"","tlshash":"f5811085d25cb43a42b7677b093f30928e0a0187d4ca58f2f5be5154cfa822d65b7fb0","size":3880,"data":"","first_seen":"2025-03-09T15:25:07.247169Z","last_seen":"2026-03-07T04:19:34.372668Z","times_seen":20,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fcl.xueyuxingfeng.com:6987/3366/api/sj.js","fqdn":"fcl.xueyuxingfeng.com","domain":"xueyuxingfeng.com","tld":"com"},"ip":{"addr":"27.124.44.6","port":6987,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"5ea1fde8e6f2831d4f99ac0507b4fd80","sha1":"61531940c53d71bb868de12c9539df9b5337f552","sha256":"aeb383513e7adab24e7d7203c37120264238adb322a92ef4949451d4e238cb23","sha512":"7eea853f346128f8d67a8d3b7e18303620462ddac5eed5dda0f6cfdfa94bd54436fee9077139a0e0e2a7d015f3f422ff16b65891eac22f2716387b1a55abb790","ssdeep":"","tlshash":"63611d54ef8d20338e133165ae6f958c24be68577948eca7f80c64d44fa0d38852beac","size":3364,"data":"","first_seen":"2025-05-15T23:18:55.56288Z","last_seen":"2026-04-05T04:58:55.067701Z","times_seen":601,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.nikefj.com/","fqdn":"www.nikefj.com","domain":"nikefj.com","tld":"com"},"ip":{"addr":"104.165.182.5","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"442de3d57b62700d94e4e40ddfa41bc4","sha1":"9ca4063852f9d3ce284d08f6a116db1c009b8caa","sha256":"9290ffc10faf34267fbf138ae3aa79cbbeb0fb92178d81f0dd246fddb865c9c9","sha512":"b3003ccc9c6789442693a725c735b48acaefee82b128601911a1db63877e8d351f36c5cbaf768b662a8350d3f644d29618bcb816368dd061b23d264fb68913f4","ssdeep":"","tlshash":"49a0127d3390730500030403b5a7084b176a2430d080803c9f5011c40838c1463c6d8c","size":81,"data":"","first_seen":"2025-10-26T20:02:00.851493Z","last_seen":"2025-11-23T20:31:21.90657Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.nikefj.com/","fqdn":"www.nikefj.com","domain":"nikefj.com","tld":"com"},"ip":{"addr":"104.165.182.5","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"210d4f43b382acfb75f0f93b9c50ecbe","sha1":"59b36abd16d11e7df6631e0414001d2a71727bc9","sha256":"0dcc1d68298b80b8746eb95f3e454d036988415a8d6df607edf2f79be8a76911","sha512":"0aa2f0e626fba04f5e58e2e39e2eb1f33033e2eaae7f4e46ea0bbb3b419ff24abedc34e2265c536f899be66f8a015536e24898b7990732cebe90c77425122c30","ssdeep":"","tlshash":"d7b012a3bf0d0c3814893127012443c0b80dc7734f942999983c3a138010c458289f64","size":97,"data":"","first_seen":"2024-10-22T22:01:03.829516Z","last_seen":"2026-04-01T07:16:48.453299Z","times_seen":88,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.nikefj.com/","fqdn":"www.nikefj.com","domain":"nikefj.com","tld":"com"},"ip":{"addr":"104.165.182.5","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"1079597d91936d8650d9cbe1c24f0b07","sha1":"ca5a1b9fd67310160ae3e3e37b5a9e1963364695","sha256":"92f50f2f3f9f926ee944348ec439e7dd50d2a39dfd4fd8626d8134232a43f4ce","sha512":"eb9d7050218f9370af7f1b21cef968b3f77d877f4014dd3146d57eb686a8d548177be8deaf8811462e1f0c76f0129cdfa686be3772eede2dc9fca4a1685b0946","ssdeep":"","tlshash":"4ff09e6fdc41a1546ac735bc5febd648d16e4525d40ad407a8d9c4cd3c38fd8042238c","size":502,"data":"","first_seen":"2025-08-23T04:05:48.504677Z","last_seen":"2026-01-01T10:30:33.053418Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"sdk.51.la/js-sdk-pro.min.js","fqdn":"sdk.51.la","domain":"51.la","tld":"la"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"b8a41c9449b73e8ba0224c6be1f0b7e8","sha1":"33d79319d4110bcf5c44c36f7dd4a291972ac546","sha256":"52079c09a7355f4ce3af750602ebb9aebae8238583601f8a06268eecccf13565","sha512":"472d0395a65a3ade2d215559b196a88ffcdacde3ac0f573eb8663b524f201d72c9339bcacbc198d82452a0ac367c0efd407b12795943cdd2755d95a8cf71b977","ssdeep":"768:swetbD3SkE+a/l1jaKUiQU5eqEh9GMXBOXAA/EXBeJMlbJfuPT:BetbD3SVT/3+KUc5eqEh9GMXBYEXBeJ7","tlshash":"dbf23d9577c0317cc3c783ea362b501ae1a69e910059a8bcf345f6907d34e56a37fba8","size":36114,"data":"","first_seen":"2025-03-10T03:40:31.536734Z","last_seen":"2026-04-05T07:45:35.102707Z","times_seen":81715,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.zyzhan.com/mystat.aspx?u=kqet","fqdn":"www.zyzhan.com","domain":"zyzhan.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"1a51597d6a2f50fa0566f24795481283","sha1":"b3b830f8ea033d186d3678c72649cc4aa898fa87","sha256":"fdc7f7aadf707e92d420ab1c1d9c00c2a269a9344eaf64ee4deff0851a89de70","sha512":"09a9f7413c0763548bed55f6948dc1005bf0bf547024f740f987d8fb7b37d7b6a704127f58228d22a7bdfe41aea89f31894c053f244dee03ff475d142646afe5","ssdeep":"","tlshash":"67217d541d02c0a4bc35713d89bbc13cd2a51a273865d73278cca9084f78fa425deeea","size":1355,"data":"","first_seen":"2025-10-26T20:02:00.855674Z","last_seen":"2025-11-23T20:31:21.915829Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.nikefj.com/Skins/106778/js/swiper.min.js","fqdn":"www.nikefj.com","domain":"nikefj.com","tld":"com"},"ip":{"addr":"104.165.182.5","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"fa463c1f651de45cc98496d25bd18c91","sha1":"354442c52638f8320457ec2410c234fb65a6b096","sha256":"6f27c84b0bd60093b2eeec91c207bcd2b013572839549e243151474b78dedfc4","sha512":"ea568af5d9b2c1fac3f70c7ad3e0cc51df896c22fbc9e0331af3d3e56e3111aa9bec490e01c130727982194411cb32161d6102c2cc84b6cacaa3880a91dae1b2","ssdeep":"1536:dyOkN3TklR3ZIFD7+Y7n2L5ydUTq0tSQfCBTq:QTF73uTqY","tlshash":"5893d66db314f3e295d3214a679ac64122f21706b849dae870b54c4a68bcc5d03bffbd","size":96097,"data":"","first_seen":"2023-09-16T23:58:26Z","last_seen":"2026-03-26T10:35:32.902064Z","times_seen":42,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.nikefj.com/","fqdn":"www.nikefj.com","domain":"nikefj.com","tld":"com"},"ip":{"addr":"104.165.182.5","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"b3bf742b87eab13561c08070eaee6416","sha1":"fd4c07a8cccbfa6136825ee1e464c182ac0ad0d1","sha256":"95f8b67817f438cf0f147a83f95ae7c2846cf875691a1836239095cdf98f752b","sha512":"8dc25424a6738fabba8148bd305777d8238168992299a9ac467547678048ad60eb9cf1a50b98e3bbac3ec89e205f34ad100a3bbeefd4c38266d0663df0cf0afb","ssdeep":"","tlshash":"c1e026aa29721674578419fa992ff92cf1aa627c0554e003f58dfc230424eef4e2ead5","size":345,"data":"","first_seen":"2023-03-11T21:10:52Z","last_seen":"2026-04-05T04:58:55.074767Z","times_seen":2795,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"push.zhanzhang.baidu.com/push.js","fqdn":"push.zhanzhang.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"182.61.201.94","port":80,"asn":38365,"as":"Beijing Baidu Netcom Science and Technology Co., Ltd.","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"1bb5a3267c9865ad4abe8d937734b62b","sha1":"b5478dd2edb3e64242eced1db2dbd945ef81f592","sha256":"674bc0c70f98d627b8a7e1d278a1f21ffe33815565f7d5371bf0275da57571b2","sha512":"33318ed944a49a8fa334983408d68853b1fbe4f80b19adef6235f23d7708b616cd4f8dd28c8b8ebfbb5776aab8088229f3060cd789af34fe1db5038a98bd0d39","ssdeep":"","tlshash":"91d02be874a0c41c0ce710b17fab328cfab20b2755244d40c05b90013614b1f824bfe9","size":281,"data":"","first_seen":"2023-03-07T01:02:09Z","last_seen":"2026-04-05T07:15:15.461149Z","times_seen":20923,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.nikefj.com/","fqdn":"www.nikefj.com","domain":"nikefj.com","tld":"com"},"ip":{"addr":"104.165.182.5","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"e2930a9b2a43103a7d1ceea726d851a3","sha1":"7ee186f7cb8a08298acb5435c4a22d958958a7a4","sha256":"bdfec6185565e80cb4ff9a57485e3912c791f15f59cadc6a7fa6e077c7dea176","sha512":"b6825dab47763fafb01912111ebcb06b6f4d84a579fe14a6600887160f6eee4625ffea8206c66650f49401d5d54410f17239e2ee7482e4456d9546758581d3d7","ssdeep":"","tlshash":"dff097bedc45e2581ac328b89babd789d0ae2425e00ae803a4d9c4dd6d38fc8142134c","size":502,"data":"","first_seen":"2023-07-10T23:22:13Z","last_seen":"2026-03-30T01:28:29.172923Z","times_seen":87,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.nikefj.com/","fqdn":"www.nikefj.com","domain":"nikefj.com","tld":"com"},"ip":{"addr":"104.165.182.5","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"257c5e3f823d806dcc91e00f554a4c35","sha1":"d92358f88f2e81c4ddcc8e1f0860e70bfd568588","sha256":"c034b9182825f20dabaab9fb5bb839b8c609fafeabc6111feb5d2174976bad0d","sha512":"e2dfd12c53246548586dbf4c793021de8a5f1e5b25cbc77aca7dd1edeabb86e6838324e9093c1b92ac752619b273aad46585a98a32b28b90a87308926d88e845","ssdeep":"","tlshash":"733104fbe2d644b20aa3d2f7b3345768ecd2402ecc529ad1eaac13610664e42b117f85","size":1486,"data":"","first_seen":"2025-10-26T20:02:00.858764Z","last_seen":"2025-10-26T20:02:00.858764Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"sdk.51.la/js-sdk-pro.min.js","fqdn":"sdk.51.la","domain":"51.la","tld":"la"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"b8a41c9449b73e8ba0224c6be1f0b7e8","sha1":"33d79319d4110bcf5c44c36f7dd4a291972ac546","sha256":"52079c09a7355f4ce3af750602ebb9aebae8238583601f8a06268eecccf13565","sha512":"472d0395a65a3ade2d215559b196a88ffcdacde3ac0f573eb8663b524f201d72c9339bcacbc198d82452a0ac367c0efd407b12795943cdd2755d95a8cf71b977","ssdeep":"768:swetbD3SkE+a/l1jaKUiQU5eqEh9GMXBOXAA/EXBeJMlbJfuPT:BetbD3SVT/3+KUc5eqEh9GMXBYEXBeJ7","tlshash":"dbf23d9577c0317cc3c783ea362b501ae1a69e910059a8bcf345f6907d34e56a37fba8","size":36114,"data":"","first_seen":"2025-03-10T03:40:31.536734Z","last_seen":"2026-04-05T07:45:35.102707Z","times_seen":81715,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"chat.zyzhan.com/chat/KFCenterBox/106778","fqdn":"chat.zyzhan.com","domain":"zyzhan.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"197d1b492463d5aca32b4d9e7dbe1545","sha1":"75139096f18ce60275a75afa3271f8f2a062589d","sha256":"f0f40bc2631b0d7ec3fcdfb0d24a4e9a12de938ef2bae428da331ec7731e59af","sha512":"244c82fc6206bfda8c68b0f8390122e1aa2c2fe4eb236ec1a87219bd901481694ddc611bcc99333f106fade34abf3cc136f19c04a2829d9dac244b09be9a7300","ssdeep":"","tlshash":"0b90023209a10052711410915943e1456595959129de9915a000046572529539906d51","size":48,"data":"","first_seen":"2023-03-13T02:33:14Z","last_seen":"2026-03-29T21:47:46.962461Z","times_seen":113,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.nikefj.com/js/JSChat.js","fqdn":"www.nikefj.com","domain":"nikefj.com","tld":"com"},"ip":{"addr":"104.165.182.5","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"c585663f5b83e34d09092e44326b9377","sha1":"498b43fec7eb7cb801257cc121f97c12be542abc","sha256":"97da6e4048ee96ed0c9d00a4f87b00c26adb4af9af53df68e5d8b6669f4bb690","sha512":"5e9a059d9ff3f80b3aa58f6411925c2744e579450f08885deaf41bbdfcb95af3254195a4fde2454047d63838ec6a4eb5cd4d3b213bf1d94df9d5d30ba86f44e9","ssdeep":"","tlshash":"7731dfb28913d31609194e63c716174ca267915b9103e9623d3d7e643f88d2bb3997f0","size":1622,"data":"","first_seen":"2024-01-31T06:36:47Z","last_seen":"2026-04-05T04:58:55.073774Z","times_seen":497,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.nikefj.com/Skins/106778/js/jquery-3.6.0.min.js","fqdn":"www.nikefj.com","domain":"nikefj.com","tld":"com"},"ip":{"addr":"104.165.182.5","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"46831fe773a633cbc6b491e456a0b66b","sha1":"aa798cd2820d0a596821dd83ac8e96fe4b5792b3","sha256":"7bf3461bc9e57a4820571d7e417b644c7d30927fe07d9b6e9802fe6758feb6f7","sha512":"493d28fc7a7bf3ffe38814c89c647fc0da8b23efbd167fcba148a0b8a9f4eea2964ae0cf0e20dd8315d01037b15e3ea767b976783743d2113067e96bdbdb7f7d","ssdeep":"1536:ajExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiXYmQ1vo:aIh8GgP3hujzwbhdXXvxiDQ47GK/","tlshash":"3a9309ddb2c6702257a720ba007f510bf236199d6c4d8450f169d8eabc78a4e827bf7d","size":89404,"data":"","first_seen":"2025-07-14T20:47:05.285961Z","last_seen":"2026-03-28T16:48:59.25503Z","times_seen":20,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.nikefj.com/jquery.la.min.js","fqdn":"www.nikefj.com","domain":"nikefj.com","tld":"com"},"ip":{"addr":"104.165.182.5","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"26e9d4ef60bc32c7575fbcf8ecf4cf85","sha1":"3ca64e81d9271a8ef2a8e08a9ca2eac1f2c7553c","sha256":"d45afdd22e0130a5eea6e6c3c1db7899202330525fb75fe3146a67860eb6ea27","sha512":"208b7d1f115d58478f12b6024f5c1ae85199b9eff135f02db68f9d37c8e827bff4bb9052b15cf2405bfa885057339dbb0a1a9e78317f9090fe7a6979747903f4","ssdeep":"","tlshash":"2f21e15f7c05e2245766293927bbd99ce9ae5036100ee80654dec46c7d38ff9042ab4d","size":1365,"data":"","first_seen":"2024-08-20T10:36:58.444862Z","last_seen":"2026-01-19T16:30:53.0792Z","times_seen":26,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.nikefj.com/jquery.min.js","fqdn":"www.nikefj.com","domain":"nikefj.com","tld":"com"},"ip":{"addr":"104.165.182.5","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"68b068ff7c5333949099b79c6656e109","sha1":"62f57648bd0e9188d15c097362d248953bad3d09","sha256":"874bd0609dbe273f557e23b67e01f24b37315f7c32088ad829eb23fa7da5d1a1","sha512":"d58663cff0b86009f066ba143c7b9e522ea2be506e5187970ddf730cf5e84d43f10a19ae422f23e7b1c5659ffabd4056474c506d53c667b853ecbb37bece86a6","ssdeep":"","tlshash":"0b014be887c4d85baecc5d43ea15deca21b2813b97d87283831cfa8c01ad256c49c45a","size":722,"data":"","first_seen":"2023-03-07T14:18:31Z","last_seen":"2026-04-05T04:58:55.060904Z","times_seen":268,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.zyzhan.com/asyncstat.aspx?u=kqet\u0026referer=\u0026title=%u4E2D%u56FD%B7%u5B9D%u9A6Cbm555%u7EBF%u8DEF%u68C0%u6D4B%28%u80A1%u4EFD%29%u6709%u9650%u516C%u53F8-%u5B98%u65B9%u7DB2%u7AD9","fqdn":"www.zyzhan.com","domain":"zyzhan.com","tld":"com"},"ip":{"addr":"180.163.146.117","port":443,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":true,"md5":"9762111affa3f915590a3f9cf5fa7aa1","sha1":"cf9a6f8e77d5e9f0b95061ae4241cd33899747d4","sha256":"b2cec2bfd3d674840d88a754955ed3ef14b097df587aac3f1045a35a2f5beaf9","sha512":"385f780109bd456382dc3cb5a41b844a3067c1469d112cc0ac3a2772deaae9a0dfb42ec9c8ff32192598a2b1c6bc574fe873d125c17bb8aa18ed45f1291138da","ssdeep":"","tlshash":"a2f059b24401e2fe8905a8e9de62d344c08b0f2b3051d673a223018125201b7b06c9d7","size":505,"data":"","first_seen":"2025-10-26T20:02:00.861807Z","last_seen":"2025-10-26T20:02:00.861807Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"chat.zyzhan.com/chat/KFLeftBox/106778","fqdn":"chat.zyzhan.com","domain":"zyzhan.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"197d1b492463d5aca32b4d9e7dbe1545","sha1":"75139096f18ce60275a75afa3271f8f2a062589d","sha256":"f0f40bc2631b0d7ec3fcdfb0d24a4e9a12de938ef2bae428da331ec7731e59af","sha512":"244c82fc6206bfda8c68b0f8390122e1aa2c2fe4eb236ec1a87219bd901481694ddc611bcc99333f106fade34abf3cc136f19c04a2829d9dac244b09be9a7300","ssdeep":"","tlshash":"0b90023209a10052711410915943e1456595959129de9915a000046572529539906d51","size":48,"data":"","first_seen":"2023-03-13T02:33:14Z","last_seen":"2026-03-29T21:47:46.962461Z","times_seen":113,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"4b2fe607d71eb9878686c0fd448dc416","sha1":"8f965cba7f61c5b5677f3a9ece6d9f1fc6fd5813","sha256":"febbdd6f44c7e2f79055b0a6c378c321d54688fc10e14799139eccd8da202bde","sha512":"698dab4503a7a0ad0f83d23e4c208638e81da3e98ec8043841c17805036dcb049535db9125a86dd56064dc9da3346b566c9b02d62c75f5eb5d7ad11cf7fc9ed1","ssdeep":"","tlshash":"82c02b535e15c81e41000ac4d0a2fc1cd090f1398514ec8dc0f078cc21405d908011d0","size":134,"data":"","first_seen":"2023-03-07T14:18:31Z","last_seen":"2026-04-05T04:58:55.077708Z","times_seen":268,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"d54f560215a33cb0daa667cc1bbe64eb","sha1":"1085d36c31b7c17410e202ae944fe7433e89bceb","sha256":"5895e07a27d154f148c24ec4ce3eb31d63c13c45aea817dfa5fab6c6cdeff19a","sha512":"9f884604ce1e371e0bb0460fa5232b016e2eed2f1e5bb02f4c077bcfca2eb2669ebfa8519befc8f763e01ffbb492040ecfa80db18484732a34c80c5cf25bc797","ssdeep":"","tlshash":"7bd0959f4e411000d51cb2c1a5d3ef37d39a54537fc5373d24d83c64e00c1596793056","size":255,"data":"","first_seen":"2025-10-26T20:02:00.863885Z","last_seen":"2025-11-23T20:31:21.92718Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"3a2dc781e51d82a9f2d0a7dba1024543","sha1":"df2ec94a7a6886a4b0023923b24e4c01205ef62b","sha256":"09761b6d92dee016a1e7778d3c0b0f660ee3f0b1720ed37e5c396d989f248cd3","sha512":"aef7390a155dbe0811b67c62afeb73f609d6b133f0adcf13a6fb4c61912a5da9377fa816e1b578d29f0dd6af13505db0a9b1abf923db7143eb10165a6e7bb1a8","ssdeep":"","tlshash":"47f046721881590f6370c235f8dab499e8828587c66c94d2f088319f1ff0fa8e4c329d","size":607,"data":"","first_seen":"2025-05-15T23:18:55.608496Z","last_seen":"2026-04-04T22:45:47.081186Z","times_seen":195,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"c70ecaed3be265430c36a03dcb0b164b","sha1":"db044ce8d0f328ffe3072182b46a70e9ab351dca","sha256":"a654a9ab6e238feb0bf9638cc28f15c21b4a2a2fe4d6cfea70089c0cbed7eb80","sha512":"99c0f370851e62c6830a5f35ff84567fd7d2e692cf67f2292af040c30a0bee868c509f32564aebba92d7dbf2e32d01d99dee9d39e347a2fcb910929bb9d394e2","ssdeep":"","tlshash":"96f097be5c45e6581ad328a89babd38dc46e2425200ee803a4d9c4dd7d39fd8182574c","size":508,"data":"","first_seen":"2023-07-07T03:48:59Z","last_seen":"2026-04-05T04:58:55.08016Z","times_seen":263,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"0ee95313c3c9284b3b14e6b9386482a1","sha1":"bc9a17b5b36cd6eadad3cc24077ba4649cf2ef80","sha256":"d601b2caab1e862ee7f942b656426112a7c73455dd64a750ebba14818dd6e89c","sha512":"182132f8ea6a1c762cd7513e5cb48717f6dfd5de560aa4e59cd9a38aa947eb1c9b6edda30a4435fc3be2101b1366f7eaa74536335184f203c93b7b364f848de1","ssdeep":"","tlshash":"5df052af5c41e5686ad735ac9fabd64cc26e4526140ad806b8d9c4cd3c28fe8082638c","size":508,"data":"","first_seen":"2024-08-20T10:36:58.484451Z","last_seen":"2026-01-19T16:30:53.119174Z","times_seen":26,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]},"http":[{"url":{"schema":"http","addr":"www.nikefj.com/Skins/106778/images/banner2.jpg","fqdn":"www.nikefj.com","domain":"nikefj.com","tld":"com"},"ip":{"addr":"104.165.182.5","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:12.266Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/106778/images/banner2.jpg HTTP/1.1\r\nHost: www.nikefj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.nikefj.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 26 Oct 2025 20:01:13 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.szkqet.com/Skins/106778/images/banner2.jpg\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":42508,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1198,"timings":{"blocked":1008,"dns":0,"connect":0,"send":0,"wait":190,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.szkqet.com/Skins/106778/images/ssico.png","fqdn":"www.szkqet.com","domain":"szkqet.com","tld":"com"},"ip":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:15.714Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/106778/images/ssico.png HTTP/1.1\r\nHost: www.szkqet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.nikefj.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nDate: Sun, 26 Oct 2025 20:01:16 GMT\r\nContent-Type: image/png\r\nContent-Length: 2639\r\nConnection: keep-alive\r\nLast-Modified: Tue, 17 Jun 2025 01:00:59 GMT\r\nAccept-Ranges: bytes\r\nETag: \"8097a54923dfdb1:0\"\r\nX-Powered-By: ASP.NET-115.4.174\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":2639,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced","md5":"8626dcfb2b93471283ef13bdc8a19754","sha1":"bc6b707d9063425166d30512d9e950e1fecc101e","sha256":"30e3bdc93522afc9b0218b46b18512b645d2698c88c69d82c1eddc9ad81545a7","sha512":"4b771b41bff8b24b78bcdf4748713495aacc38ddd6ec94d66ad9aa2f757804848dd80e3b3d5189c1ea26d536bd132c83f3c5f781072534dc31f8f6e8de4f1d93","ssdeep":"","tlshash":"cb519508fc1468504e0cfa885afda24297f70fc58e9068096ed9c8539d215fd8edd5cb","first_seen":"2025-03-09T15:25:07.21815Z","last_seen":"2026-03-20T10:57:50.306318Z","times_seen":25,"resource_available":false,"data":null}},"time_used":895,"timings":{"blocked":595,"dns":0,"connect":0,"send":0,"wait":299,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:16Z","timestamp":1761508876,"ip_dst":{"addr":"172.18.0.23","port":49444,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:16.912428+0000\",\"flow_id\":1237218983932114,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49444,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/ssico.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2639},\"files\":[{\"filename\":\"/Skins/106778/images/ssico.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2639,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":21,\"pkts_toclient\":21,\"bytes_toserver\":2507,\"bytes_toclient\":26343,\"start\":\"2025-10-26T20:01:15.454866+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"test.xinxiyidiantong.com:2096/images/5_1.jpg","fqdn":"test.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":2096,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:18.190Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"test.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Sep 2025 17:37:28 GMT","end":"Thu, 18 Dec 2025 17:37:27 GMT"},"fingerprint":{"sha1":"49:77:AD:B5:81:DA:D5:0C:24:FA:23:20:4E:80:35:CD:A0:96:89:59","sha256":"9E:90:CA:DD:DC:87:7B:1F:4A:C6:35:F4:FB:99:B6:4D:0F:83:7F:E0:93:14:77:B4:9A:6B:AE:A0:35:0A:A3:DE"}}},"request":{"raw":"GET /images/5_1.jpg HTTP/1.1\r\nHost: test.xinxiyidiantong.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://test.xinxiyidiantong.com:2096/images/style1.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 26 Oct 2025 20:01:19 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 9132\r\nLast-Modified: Fri, 22 Oct 2021 07:29:28 GMT\r\nConnection: keep-alive\r\nETag: \"61726858-23ac\"\r\nExpires: Tue, 25 Nov 2025 20:01:19 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9132,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 350x80, components 3","md5":"a0175d738a1002bc3533d496bfd4cc8d","sha1":"82a4b1d855e51c2f3be325f5f3368cc254934479","sha256":"908a0f4cf34ca2dd0e638ef1bf08f637a29757610ae1b65628ab8cbb22345a5e","sha512":"c115e96a214f15a90c0f66db5b514431ff4577a4f80ea1ae01afae1cc49b65dc37c0fa5d34e10ec477d9a21c78d38b9405eef4cd04a01475bd2365542366954f","ssdeep":"192:/+kSJEbg/KDV2kjb3q3/damug8BGUJYx3fxGD:2GgmVpjb3qvda1gRyYXK","tlshash":"2e125b29b2013becef6fed5311f2d772e73580b2b0b9d6061cbd45530d691906005bd9","first_seen":"2023-05-06T09:29:06Z","last_seen":"2026-04-04T22:45:47.071897Z","times_seen":1334,"resource_available":false,"data":null}},"time_used":1575,"timings":{"blocked":1238,"dns":0,"connect":0,"send":0,"wait":337,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.nikefj.com/Skins/106778/css/swiper.min.css","fqdn":"www.nikefj.com","domain":"nikefj.com","tld":"com"},"ip":{"addr":"104.165.182.5","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:12.254Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/106778/css/swiper.min.css HTTP/1.1\r\nHost: www.nikefj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.nikefj.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 26 Oct 2025 20:01:12 GMT\r\nContent-Type: text/css;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":17483,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (17459)","md5":"38e4982a90c5d5bdbdeffe240a2bfc19","sha1":"a03a3d806f0a0d77278dbd3cab61a8d1765c5878","sha256":"513d915b018f385bcca60beb2c167297dfb701bac48ef65274b3eb58460b4b67","sha512":"9696c4d5c02839aa27e1ab9512df2c01eea678655226c40c121ecf2844968461636bb49218b1c009c63106a7b6d1ee4cd3b4d25f38a8dfc31db418247519f013","ssdeep":"192:b+0GpaNCO8jrfg5WHmXgyXyzSHF68DJB0SwD:b+52CXfgWHfyXyzSl68Pe","tlshash":"6672822c17002067f6324f1987c9e77c9715c8839e4368ef6650de48cbba5a9227f7a6","first_seen":"2023-05-10T09:17:05Z","last_seen":"2026-04-04T05:59:34.946491Z","times_seen":245,"resource_available":false,"data":null}},"time_used":500,"timings":{"blocked":141,"dns":1,"connect":164,"send":0,"wait":193,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.nikefj.com/Skins/106778/images/hot.png","fqdn":"www.nikefj.com","domain":"nikefj.com","tld":"com"},"ip":{"addr":"104.165.182.5","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:12.269Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/106778/images/hot.png HTTP/1.1\r\nHost: www.nikefj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.nikefj.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 26 Oct 2025 20:01:13 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.szkqet.com/Skins/106778/images/hot.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1366,"timings":{"blocked":1186,"dns":0,"connect":0,"send":0,"wait":180,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.szkqet.com/Skins/106778/images/logo.jpg","fqdn":"www.szkqet.com","domain":"szkqet.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:13.484Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/106778/images/logo.jpg HTTP/1.1\r\nHost: www.szkqet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.nikefj.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.nikefj.com/Skins/106778/images/ssico.png","fqdn":"www.nikefj.com","domain":"nikefj.com","tld":"com"},"ip":{"addr":"104.165.182.5","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:15.290Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/106778/images/ssico.png HTTP/1.1\r\nHost: www.nikefj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.nikefj.com/Skins/106778/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 26 Oct 2025 20:01:15 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.szkqet.com/Skins/106778/images/ssico.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":2639,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":182,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":182,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.nikefj.com/Skins/106778/images/indnew_bg.jpg","fqdn":"www.nikefj.com","domain":"nikefj.com","tld":"com"},"ip":{"addr":"104.165.182.5","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:15.311Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/106778/images/indnew_bg.jpg HTTP/1.1\r\nHost: www.nikefj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.nikefj.com/Skins/106778/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 26 Oct 2025 20:01:15 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.szkqet.com/Skins/106778/images/indnew_bg.jpg\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":108281,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":508,"timings":{"blocked":329,"dns":0,"connect":0,"send":0,"wait":179,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.nikefj.com/Skins/106778/images/arrows2.png","fqdn":"www.nikefj.com","domain":"nikefj.com","tld":"com"},"ip":{"addr":"104.165.182.5","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:15.284Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/106778/images/arrows2.png HTTP/1.1\r\nHost: www.nikefj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.nikefj.com/Skins/106778/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 26 Oct 2025 20:01:15 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.szkqet.com/Skins/106778/images/arrows2.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":1362,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":179,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":179,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.nikefj.com/Skins/106778/fonts/impact.ttf","fqdn":"www.nikefj.com","domain":"nikefj.com","tld":"com"},"ip":{"addr":"104.165.182.5","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:15.328Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/106778/fonts/impact.ttf HTTP/1.1\r\nHost: www.nikefj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.nikefj.com/Skins/106778/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 26 Oct 2025 20:01:15 GMT\r\nContent-Type: text/html;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":205110,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"TrueType Font data, digitally signed, 23 tables, 1st \"DSIG\", name offset 0xe0002c3","md5":"75c62aa9bbe5f5911243d63c6fc6d977","sha1":"56cbb3bd77a4708a966b0cd503915512fab19f91","sha256":"7f62e1cdac272d31bc338c6cfbd151401f3f68920fe35766c75e297a272c519f","sha512":"76aef1da2aaf4874131098adf9213e56aea94b649e40075524034b520b85631623bcdd1f013edf2e90ebc222e6db1a91a71199a9d8e053401cb301e533cf7a19","ssdeep":"3072:8d6xKqRnKELujArad58hZoGLs9b4rrywyDFaQQVtwRPhYRWZiA6popTOlV4I4oBD:cESM5Ow7Hw5YYiA6+O1FY9et","tlshash":"b2347c23e300671ec5a2637a4d74c3d9039eb96aa723c78dee4c8076d69a558ff0d50e","first_seen":"2025-03-06T17:05:29.55478Z","last_seen":"2026-02-14T23:17:49.356767Z","times_seen":21,"resource_available":false,"data":null}},"time_used":793,"timings":{"blocked":114,"dns":0,"connect":0,"send":0,"wait":184,"receive":495,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"nikefj.com/","fqdn":"nikefj.com","domain":"nikefj.com","tld":"com"},"ip":{"addr":"104.165.182.5","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-26T20:01:11.013Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: nikefj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nServer: nginx\r\nDate: Sun, 26 Oct 2025 20:01:11 GMT\r\nContent-Type: text/html\r\nContent-Length: 178\r\nConnection: keep-alive\r\nLocation: http://www.nikefj.com/\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":489,"timings":{"blocked":163,"dns":0,"connect":163,"send":0,"wait":163,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.szkqet.com/Skins/106778/images/mulu2.png","fqdn":"www.szkqet.com","domain":"szkqet.com","tld":"com"},"ip":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:16.315Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/106778/images/mulu2.png HTTP/1.1\r\nHost: www.szkqet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.nikefj.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nDate: Sun, 26 Oct 2025 20:01:16 GMT\r\nContent-Type: image/png\r\nContent-Length: 1050\r\nConnection: keep-alive\r\nLast-Modified: Tue, 17 Jun 2025 01:00:52 GMT\r\nAccept-Ranges: bytes\r\nETag: \"07a794523dfdb1:0\"\r\nX-Powered-By: ASP.NET-115.4.173\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":1050,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 31 x 31, 8-bit/color RGBA, non-interlaced","md5":"697fadf4063d1272dabeaea73f541530","sha1":"94ebdcce0b530c6235e5873d34a86b69539d9635","sha256":"9bfcb3e1f9cd54e48b52105125ffe770638100a3eb21c2c9713ead1d6c7ee077","sha512":"b2e71bff657765bc19b581213e702833ea715431da72aaacb882627011bd6c4494059b1f12fba024b10b4ecee5b345e83c919cce924932c6a01ce19025c174f2","ssdeep":"","tlshash":"e011758efb40f442754ce9d228e7901b99174980eae6e5367ccfc80b29712f544299db","first_seen":"2025-10-26T20:02:00.797572Z","last_seen":"2025-11-23T20:31:21.868638Z","times_seen":2,"resource_available":false,"data":null}},"time_used":273,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":273,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:16Z","timestamp":1761508876,"ip_dst":{"addr":"172.18.0.23","port":49514,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:16.938419+0000\",\"flow_id\":1644330343974288,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49514,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/mulu2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1050},\"files\":[{\"filename\":\"/Skins/106778/images/mulu2.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":1050,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":10,\"pkts_toclient\":8,\"bytes_toserver\":1821,\"bytes_toclient\":6532,\"start\":\"2025-10-26T20:01:15.705936+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.nikefj.com/js/JSChat.js","fqdn":"www.nikefj.com","domain":"nikefj.com","tld":"com"},"ip":{"addr":"104.165.182.5","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:12.257Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /js/JSChat.js HTTP/1.1\r\nHost: www.nikefj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.nikefj.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 26 Oct 2025 20:01:12 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1596,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"Unicode text, UTF-8 text","md5":"5122b87041a34991740a2418cf688de4","sha1":"ae0142e84d1e0f3c4749ea58827ae56d2a32fbbc","sha256":"40061d6dc948529ad974ca45b9b63d65ff87037086f65629d1e958cb1de10ccd","sha512":"a96700940fd242137764811caa4748780c79b6925f05ad2b31238126ee24d24ab70c05f0c72de11fde17efd99247a5b3225dbdc708249c59f9b047d5e435a481","ssdeep":"","tlshash":"de31edb24a53931209094ea3c71a134ce267915b9117e8623d3d6d643f88927b7997f0","first_seen":"2025-04-06T23:54:49.048059Z","last_seen":"2026-04-05T04:58:55.064088Z","times_seen":470,"resource_available":false,"data":null}},"time_used":490,"timings":{"blocked":135,"dns":1,"connect":163,"send":0,"wait":191,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"img60.zyzhan.com/gxhpic_b06a05e3fa/464a78f1850ff618c0ec6477156c8e3f1ae8b479c0e0b10bd645fd2dcc75b8777390ebce60f72ef7_500_500_5.jpg","fqdn":"img60.zyzhan.com","domain":"zyzhan.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:12.278Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /gxhpic_b06a05e3fa/464a78f1850ff618c0ec6477156c8e3f1ae8b479c0e0b10bd645fd2dcc75b8777390ebce60f72ef7_500_500_5.jpg HTTP/1.1\r\nHost: img60.zyzhan.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.nikefj.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":4152,"timings":{"blocked":997,"dns":2862,"connect":292,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.szkqet.com/Skins/106778/images/kefu-tb.png","fqdn":"www.szkqet.com","domain":"szkqet.com","tld":"com"},"ip":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:15.729Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/106778/images/kefu-tb.png HTTP/1.1\r\nHost: www.szkqet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.nikefj.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nDate: Sun, 26 Oct 2025 20:01:18 GMT\r\nContent-Type: image/png\r\nContent-Length: 20057\r\nConnection: keep-alive\r\nLast-Modified: Tue, 17 Jun 2025 01:00:49 GMT\r\nAccept-Ranges: bytes\r\nETag: \"80b6af4323dfdb1:0\"\r\nX-Powered-By: ASP.NET-115.4.172\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":20057,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 80 x 352, 8-bit/color RGBA, non-interlaced","md5":"e648dfa2af5453b685eaa5bbcb2f0167","sha1":"3984283d711aa4c5e708de9897f7261b51e5189e","sha256":"b1bbda71b09c371b332cc2d35e19261f7890ffad8988cbf4b2a5785ccd390e56","sha512":"eea07a06349ca60e3ead89eeeba915af14a78be3de8e638d3fae815686bf03f942ad09d475e41531fe283b0b795d655bcca0b96905a28b74040a5999d89f60a7","ssdeep":"96:2ScSuYkEWmvo/JbTpMxNX7sc5RlDqVcH7H7Bkr/LBXPdc4XN6Zkjr7H7q:2SjJk6v22pDq6bbBk51TkZqnbq","tlshash":"3c92e82cfef2b2784a99563235c316420f774ac7e7815c80b6de8e15af60bad8c6b541","first_seen":"2024-12-01T20:37:15.574315Z","last_seen":"2026-03-02T03:23:27.650321Z","times_seen":42,"resource_available":false,"data":null}},"time_used":2657,"timings":{"blocked":2332,"dns":0,"connect":0,"send":0,"wait":324,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:18Z","timestamp":1761508878,"ip_dst":{"addr":"172.18.0.23","port":49444,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:18.688824+0000\",\"flow_id\":1237218983932114,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49444,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/kefu-tb.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":20057},\"files\":[{\"filename\":\"/Skins/106778/images/kefu-tb.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":20057,\"tx_id\":3}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":25,\"pkts_toclient\":43,\"bytes_toserver\":3519,\"bytes_toclient\":57407,\"start\":\"2025-10-26T20:01:15.454866+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.szkqet.com/Skins/106778/images/indnew_bg.jpg","fqdn":"www.szkqet.com","domain":"szkqet.com","tld":"com"},"ip":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:15.825Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/106778/images/indnew_bg.jpg HTTP/1.1\r\nHost: www.szkqet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.nikefj.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nDate: Sun, 26 Oct 2025 20:01:18 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 108281\r\nConnection: keep-alive\r\nLast-Modified: Tue, 17 Jun 2025 01:00:48 GMT\r\nAccept-Ranges: bytes\r\nETag: \"020174323dfdb1:0\"\r\nX-Powered-By: ASP.NET-115.4.175\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":108281,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x1000, components 3","md5":"96f0c31c06171e79f85eef31c2cb7164","sha1":"56720360680ea1c34854b391810c1d26b3376f22","sha256":"f5b0b25d9c674106c99c9b3a525eeeb54b99aa54fdfa8c40236f7bc38c9033a2","sha512":"a49fcfa65a38143a76fb502535cfcb2246b4e7e1a3eda80eee44b0fafd9e1c1042546d815e8cd4491905d58e84ff93494ba087eca2e5ccda3d7a300e0650d319","ssdeep":"3072:N0o1FdMTq7K2r/y9TtGZAPuaU4H1hZkE2:NZwwFy9TtGZRaX1hZe","tlshash":"78b3128b0f63484bcf100a379c5beb13f768d8ea396b051994d6a92b0573538ae2d5f1","first_seen":"2025-03-09T15:25:07.243169Z","last_seen":"2026-03-20T10:57:50.322935Z","times_seen":22,"resource_available":false,"data":null}},"time_used":3143,"timings":{"blocked":2561,"dns":0,"connect":0,"send":0,"wait":303,"receive":279,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:18Z","timestamp":1761508878,"ip_dst":{"addr":"172.18.0.23","port":49444,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:18.689402+0000\",\"flow_id\":1237218983932114,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49444,\"proto\":\"TCP\",\"tx_id\":4,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/indnew_bg.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":7756},\"files\":[{\"filename\":\"/Skins/106778/images/indnew_bg.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":7756,\"tx_id\":4}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":26,\"pkts_toclient\":49,\"bytes_toserver\":3585,\"bytes_toclient\":65993,\"start\":\"2025-10-26T20:01:15.454866+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img53.zyzhan.com/gxhpic_b06a05e3fa/464a78f1850ff618c0ec6477156c8e3fe69347e5ad610a226be26bbdcadc9c70eb3bc0b2ba22b704_500_500_5.jpg","fqdn":"img53.zyzhan.com","domain":"zyzhan.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:16.319Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /gxhpic_b06a05e3fa/464a78f1850ff618c0ec6477156c8e3fe69347e5ad610a226be26bbdcadc9c70eb3bc0b2ba22b704_500_500_5.jpg HTTP/1.1\r\nHost: img53.zyzhan.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://www.nikefj.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":285,"timings":{"blocked":0,"dns":1,"connect":281,"send":0,"wait":0,"receive":0,"ssl":-1},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.nikefj.com/","fqdn":"www.nikefj.com","domain":"nikefj.com","tld":"com"},"ip":{"addr":"104.165.182.5","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-26T20:01:11.737Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: www.nikefj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 26 Oct 2025 20:01:11 GMT\r\nContent-Type: text/html;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":45272,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (704)","md5":"71b74f8df5a9ad2022233289368eab8e","sha1":"78b268a55af49b218a62514353345088387328bd","sha256":"8d076b7de8cfc01e56faf2d3d95bc4c55c5d1c89330fccfc078617caebaad91a","sha512":"4df05935b1dff519281a87917ba50d9b5e49737f5b7436500bb10062a3d79046b2682c408d9d0feecc635e67d362988db8256ae1315c9182a1c879dcc67ee75e","ssdeep":"768:lVDpNNPAwMcKV8TZJT2W2cQLqnlpvfYGiqEHLa9NPAwTcKaDWZJ41WtcG27HWWrh:lVDpNNPAwMcKV8VR2YQWnlpvfYGiqEHf","tlshash":"ff130a7140a19d3b056652d0eaa47b3f78c9a62be167dd4771fc669bcfc0fe18e02049","first_seen":"2025-10-26T20:02:00.802493Z","last_seen":"2025-11-23T20:31:21.881049Z","times_seen":2,"resource_available":false,"data":null}},"time_used":508,"timings":{"blocked":162,"dns":0,"connect":164,"send":0,"wait":181,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.szkqet.com/Skins/106778/images/indbkbg.png","fqdn":"www.szkqet.com","domain":"szkqet.com","tld":"com"},"ip":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:15.718Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/106778/images/indbkbg.png HTTP/1.1\r\nHost: www.szkqet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.nikefj.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nDate: Sun, 26 Oct 2025 20:01:16 GMT\r\nContent-Type: image/png\r\nContent-Length: 4526\r\nConnection: keep-alive\r\nLast-Modified: Tue, 17 Jun 2025 01:00:48 GMT\r\nAccept-Ranges: bytes\r\nETag: \"020174323dfdb1:0\"\r\nX-Powered-By: ASP.NET-115.4.175\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":4526,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1100 x 92, 8-bit/color RGBA, non-interlaced","md5":"1ec6c5a407b74f7a61ddf2e9d27ad18c","sha1":"a1b3983c2ef438ebf7888e7e9986a4ea6d98a9ef","sha256":"6026acd143831660c8808a13e1b6e0c377e51ca9462e4f4a395e30e03e7b2ba0","sha512":"1d414c048b713871685babf1c55700472799593996e4298680b52ff4249f1c7568bdf41e966b06a249f3d061b30b9a94eedde4095020451d6e6592ae8e155220","ssdeep":"96:3SYo7FmWlknNJh9mR3Ho/HzNGruZmGpiJWnm693drlwjBtWA34ZMb539osO:3SN7FrknwI/T4TWm6fr2alSN39osO","tlshash":"e7912a84ec839ca2490db14a59fc90926ab34ec94d41389d6fdddc076d248e5eecd6c7","first_seen":"2025-03-09T15:25:07.218972Z","last_seen":"2026-03-20T10:57:50.329833Z","times_seen":24,"resource_available":false,"data":null}},"time_used":1202,"timings":{"blocked":871,"dns":0,"connect":0,"send":0,"wait":331,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:18Z","timestamp":1761508878,"ip_dst":{"addr":"172.18.0.23","port":49482,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:18.384564+0000\",\"flow_id\":1702980269896140,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49482,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/indbkbg.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":4526},\"files\":[{\"filename\":\"/Skins/106778/images/indbkbg.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":4526,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":24,\"pkts_toclient\":22,\"bytes_toserver\":2743,\"bytes_toclient\":27193,\"start\":\"2025-10-26T20:01:15.455116+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.szkqet.com/Skins/106778/images/mulu0.png","fqdn":"www.szkqet.com","domain":"szkqet.com","tld":"com"},"ip":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:15.726Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/106778/images/mulu0.png HTTP/1.1\r\nHost: www.szkqet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.nikefj.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nDate: Sun, 26 Oct 2025 20:01:16 GMT\r\nContent-Type: image/png\r\nContent-Length: 1915\r\nConnection: keep-alive\r\nLast-Modified: Tue, 17 Jun 2025 01:00:52 GMT\r\nAccept-Ranges: bytes\r\nETag: \"07a794523dfdb1:0\"\r\nX-Powered-By: ASP.NET-115.4.172\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":1915,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 31 x 31, 8-bit/color RGBA, non-interlaced","md5":"ecc7e1803e00fdc502b6f6f63b0fec66","sha1":"c32a08ee6da27babe92dc9de6f0ac671a818e53e","sha256":"f2b4c3f3506100ef8674d52bf491f97e426668d72c0d921ed5cef821f14611c2","sha512":"1c34d93e65bf77ae3ff4f1bc7ea9b6fc4c312b50a3da3b3606509abc01f58ef1703fe0cca9e3c7afd4f2e14a2da897ecf49f7da1dfa7af4d3ebfb4ee18e11f4f","ssdeep":"","tlshash":"2a41848af910bc51584df946bdfba2572b375be186d26811bcca884324b20f9cc0d4da","first_seen":"2025-03-09T15:25:07.224556Z","last_seen":"2026-03-20T10:57:50.327111Z","times_seen":26,"resource_available":false,"data":null}},"time_used":1268,"timings":{"blocked":944,"dns":0,"connect":0,"send":0,"wait":324,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:18Z","timestamp":1761508878,"ip_dst":{"addr":"172.18.0.23","port":49500,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:18.384527+0000\",\"flow_id\":237002705061170,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49500,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/mulu0.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1915},\"files\":[{\"filename\":\"/Skins/106778/images/mulu0.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":1915,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":5,\"bytes_toserver\":1148,\"bytes_toclient\":4132,\"start\":\"2025-10-26T20:01:15.705842+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.nikefj.com/Skins/106778/images/flbtbg2.png","fqdn":"www.nikefj.com","domain":"nikefj.com","tld":"com"},"ip":{"addr":"104.165.182.5","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:15.304Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/106778/images/flbtbg2.png HTTP/1.1\r\nHost: www.nikefj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.nikefj.com/Skins/106778/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 26 Oct 2025 20:01:15 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.szkqet.com/Skins/106778/images/flbtbg2.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":6513,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":336,"timings":{"blocked":146,"dns":0,"connect":0,"send":0,"wait":190,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.nikefj.com/Skins/106778/images/mulu2.png","fqdn":"www.nikefj.com","domain":"nikefj.com","tld":"com"},"ip":{"addr":"104.165.182.5","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:16.129Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/106778/images/mulu2.png HTTP/1.1\r\nHost: www.nikefj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.nikefj.com/Skins/106778/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 26 Oct 2025 20:01:16 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.szkqet.com/Skins/106778/images/mulu2.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1050,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":180,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":180,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"test.xinxiyidiantong.com:2096/images/10_1.jpg","fqdn":"test.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":2096,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:18.195Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"test.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Sep 2025 17:37:28 GMT","end":"Thu, 18 Dec 2025 17:37:27 GMT"},"fingerprint":{"sha1":"49:77:AD:B5:81:DA:D5:0C:24:FA:23:20:4E:80:35:CD:A0:96:89:59","sha256":"9E:90:CA:DD:DC:87:7B:1F:4A:C6:35:F4:FB:99:B6:4D:0F:83:7F:E0:93:14:77:B4:9A:6B:AE:A0:35:0A:A3:DE"}}},"request":{"raw":"GET /images/10_1.jpg HTTP/1.1\r\nHost: test.xinxiyidiantong.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://test.xinxiyidiantong.com:2096/images/style1.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 26 Oct 2025 20:01:19 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 13615\r\nLast-Modified: Fri, 22 Oct 2021 07:28:54 GMT\r\nConnection: keep-alive\r\nETag: \"61726836-352f\"\r\nExpires: Tue, 25 Nov 2025 20:01:19 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":13615,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 350x80, components 3","md5":"f860a0ae2877d285a9b6f43db503fb56","sha1":"87decfe2d27573e7644708d1576fa2946316a747","sha256":"d481b75f9bef9a376d5a1fc9a4e320826d6dcfe0d766a83f769db6f32df66009","sha512":"9397bdf16ea70be5bd66e8c0b87cfa9e980f64bf0fd91329466b70d94a730a783b389f709960f97ff138a6cc5f8634090c7c5b280b4975c4b46acbe814759442","ssdeep":"384:b9SWr9C1xUnpYviGg2iEwls3WfltfrXAWi9/sJcRldO:kWr9mxTPils3WfltGswjO","tlshash":"f352aea03afd98feda690bd060881171cb3f019c5e0c472183957169f7a9a6bd46f12f","first_seen":"2023-11-07T02:53:14Z","last_seen":"2026-04-04T19:54:36.523709Z","times_seen":1096,"resource_available":false,"data":null}},"time_used":1682,"timings":{"blocked":1344,"dns":0,"connect":0,"send":0,"wait":338,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.nikefj.com/jquery.min.js","fqdn":"www.nikefj.com","domain":"nikefj.com","tld":"com"},"ip":{"addr":"104.165.182.5","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:12.249Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /jquery.min.js HTTP/1.1\r\nHost: www.nikefj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.nikefj.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 26 Oct 2025 20:01:12 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 722\r\nLast-Modified: Fri, 18 Jul 2025 10:06:41 GMT\r\nConnection: keep-alive\r\nETag: \"687a1cb1-2d2\"\r\nExpires: Sun, 26 Oct 2025 21:01:12 GMT\r\nCache-Control: max-age=3600\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":722,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (721)","md5":"68b068ff7c5333949099b79c6656e109","sha1":"62f57648bd0e9188d15c097362d248953bad3d09","sha256":"874bd0609dbe273f557e23b67e01f24b37315f7c32088ad829eb23fa7da5d1a1","sha512":"d58663cff0b86009f066ba143c7b9e522ea2be506e5187970ddf730cf5e84d43f10a19ae422f23e7b1c5659ffabd4056474c506d53c667b853ecbb37bece86a6","ssdeep":"","tlshash":"0b014be887c4d85baecc5d43ea15deca21b2813b97d87283831cfa8c01ad256c49c45a","first_seen":"2023-03-07T14:18:31Z","last_seen":"2026-04-05T04:58:55.060904Z","times_seen":268,"resource_available":true,"data":null}},"time_used":164,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":164,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.zyzhan.com/stat.aspx?u=kqet\u0026referer=\u0026title=%u4E2D%u56FD%uFFFD%u5B9D%u9A6Cbm555%u7EBF%u8DEF%u68C0%u6D4B%28%u80A1%u4EFD%29%u6709%u9650%u516C%u53F8-%u5B98%u65B9%u7DB2%u7AD9\u0026httpreferer=http%3A//www.nikefj.com/","fqdn":"www.zyzhan.com","domain":"zyzhan.com","tld":"com"},"ip":{"addr":"180.163.146.117","port":443,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.zyzhan.com/asyncstat.aspx?u=kqet\u0026referer=\u0026title=%u4E2D%u56FD%B7%u5B9D%u9A6Cbm555%u7EBF%u8DEF%u68C0%u6D4B%28%u80A1%u4EFD%29%u6709%u9650%u516C%u53F8-%u5B98%u65B9%u7DB2%u7AD9","date":"2025-10-26T20:01:15.581Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.zyzhan.com","organization":""},"issuer":{"commonName":"Certum DV TLS G2 R39 CA","organization":"Asseco Data Systems S.A."},"validity":{"start":"Thu, 25 Sep 2025 07:19:01 GMT","end":"Sun, 25 Oct 2026 07:19:00 GMT"},"fingerprint":{"sha1":"E6:3E:BF:20:AD:44:FD:77:47:8E:5F:AB:FB:9D:06:6D:F3:0D:9B:46","sha256":"D0:76:31:48:88:6B:F3:4D:10:17:7A:D3:F3:3A:FF:4B:F1:0C:82:E5:64:DB:1C:87:F3:8C:84:1B:53:A0:6B:53"}}},"request":{"raw":"GET /stat.aspx?u=kqet\u0026referer=\u0026title=%u4E2D%u56FD%uFFFD%u5B9D%u9A6Cbm555%u7EBF%u8DEF%u68C0%u6D4B%28%u80A1%u4EFD%29%u6709%u9650%u516C%u53F8-%u5B98%u65B9%u7DB2%u7AD9\u0026httpreferer=http%3A//www.nikefj.com/ HTTP/1.1\r\nHost: www.zyzhan.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.zyzhan.com/asyncstat.aspx?u=kqet\u0026referer=\u0026title=%u4E2D%u56FD%B7%u5B9D%u9A6Cbm555%u7EBF%u8DEF%u68C0%u6D4B%28%u80A1%u4EFD%29%u6709%u9650%u516C%u53F8-%u5B98%u65B9%u7DB2%u7AD9\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: Tengine\r\ncontent-type: text/html\r\ncontent-length: 1441\r\ndate: Sun, 26 Oct 2025 20:01:15 GMT\r\nvary: Accept-Encoding\r\ncache-control: no-cache\r\npragma: no-cache\r\nexpires: -1\r\nx-aspnet-version: 4.0.30319\r\nset-cookie: ASP.NET_SessionId=h5wfkvvrrxi5k5fxy3c0tu4x; path=/; HttpOnly; SameSite=Lax\nmtcached_mtsession_h5wfkvvrrxi5k5fxy3c0tu4x=10.115.3.125:9712; domain=.zyzhan.com; path=/; HttpOnly\r\nx-powered-by: ASP.NET-hg4.94\r\ncontent-encoding: gzip\r\nvia: cache54.l2cn3021[80,79,404-1280,M], cache41.l2cn3021[81,0], kunlun10.cn7174[85,85,404-1280,M], kunlun8.cn7174[87,0]\r\nali-swift-global-savetime: 1761508875\r\nx-cache: MISS TCP_MISS dirn:-2:-2\r\nx-swift-error: orig response 4XX error\r\nx-swift-savetime: Sun, 26 Oct 2025 20:01:15 GMT\r\nx-swift-cachetime: 0\r\ntiming-allow-origin: *\r\neagleid: b4a3921c17615088756685560e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":2788,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with CRLF line terminators","md5":"b22216484180c462ecb56741f09148ad","sha1":"4bc1530eef8c2e6d6fc75fe59f888b8417baa066","sha256":"102a4a6e7a2308d414a8ecb0b6551d354726d6bb9d52ba7b30e16cda59111057","sha512":"b06af7d159e017aeb25e2cc9e0c94b8ff484c573c188784ed596d7a084b6761cfc6b6708cc0ffb61d44b9a2d06482f4ddd000d1930dd093e30025579dd29ece8","ssdeep":"","tlshash":"c951827198d5a1295277c2a2457333dcfd57828fea4007adb1ed33ab9fce1876113504","first_seen":"2025-09-22T09:21:10.376948Z","last_seen":"2026-03-29T21:47:46.928993Z","times_seen":12,"resource_available":false,"data":null}},"time_used":323,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":323,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"test.xinxiyidiantong.com:2096/images/18_1.jpg","fqdn":"test.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":2096,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:18.194Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"test.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Sep 2025 17:37:28 GMT","end":"Thu, 18 Dec 2025 17:37:27 GMT"},"fingerprint":{"sha1":"49:77:AD:B5:81:DA:D5:0C:24:FA:23:20:4E:80:35:CD:A0:96:89:59","sha256":"9E:90:CA:DD:DC:87:7B:1F:4A:C6:35:F4:FB:99:B6:4D:0F:83:7F:E0:93:14:77:B4:9A:6B:AE:A0:35:0A:A3:DE"}}},"request":{"raw":"GET /images/18_1.jpg HTTP/1.1\r\nHost: test.xinxiyidiantong.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://test.xinxiyidiantong.com:2096/images/style1.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 26 Oct 2025 20:01:19 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 10015\r\nLast-Modified: Thu, 30 May 2024 07:12:01 GMT\r\nConnection: keep-alive\r\nETag: \"665826c1-271f\"\r\nExpires: Tue, 25 Nov 2025 20:01:19 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10015,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 350x80, components 3","md5":"b6e75be501e59603b92b58fd264c2fae","sha1":"1d80259e55622ab3c41fdb2b9641ceecebd3847a","sha256":"edb744894c7656ccc78373adefbf54e332c32b6327a74ebcd253a7a73cb9b76a","sha512":"2d52cb6f50f77d82f19a33720aa512eb3df4aa2d1a662b436d7b5a05c2b4e9ddbab8393cc4fabbbaca24338f5a9311f55b1baeec5fc6e999bc002d8c2209ae55","ssdeep":"192:uvsTvX/inJrkPRss8KDS8vIwWjNSWmejcxlRBfnrPk:uvssrkpssHS8vZWjNCnxFzk","tlshash":"1c228c176a415f01eec95cb504f9c301b6239915fae7e87e5dc6a803b2c1cf2e8e85c1","first_seen":"2024-06-02T10:33:48Z","last_seen":"2026-04-04T22:45:47.06559Z","times_seen":1071,"resource_available":false,"data":null}},"time_used":1667,"timings":{"blocked":1330,"dns":0,"connect":0,"send":0,"wait":337,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.nikefj.com/Skins/106778/images/banner3.jpg","fqdn":"www.nikefj.com","domain":"nikefj.com","tld":"com"},"ip":{"addr":"104.165.182.5","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:12.267Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/106778/images/banner3.jpg HTTP/1.1\r\nHost: www.nikefj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.nikefj.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 26 Oct 2025 20:01:13 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.szkqet.com/Skins/106778/images/banner3.jpg\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":100675,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1200,"timings":{"blocked":1007,"dns":0,"connect":0,"send":0,"wait":193,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.nikefj.com/Skins/106778/js/customer.js","fqdn":"www.nikefj.com","domain":"nikefj.com","tld":"com"},"ip":{"addr":"104.165.182.5","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:12.288Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/106778/js/customer.js HTTP/1.1\r\nHost: www.nikefj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.nikefj.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 26 Oct 2025 20:01:12 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3883,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"cf45486f36fa46a4b8935adfb7b98079","sha1":"3ca5dcce696db8b2fb47249ca97781c8eefd0703","sha256":"9a8edece99ac33fd722a441e6fb87c04bf6ec46e344c6e7074fdea3cbc2d0a7e","sha512":"4baf16d3017de9a4f8f350d629afe1b7b26df7cdce6249fbfe794fef2f3f91b1841a4ade935db13af7829d7306e9fa979b964508e055868f710450800d48c5a3","ssdeep":"","tlshash":"f5811085d25cb43a42b7677b093f30928e0a0187d4ca58f2f5be5154cfa822d65b7fb0","first_seen":"2025-03-09T15:25:07.247169Z","last_seen":"2026-03-07T04:19:34.372668Z","times_seen":20,"resource_available":true,"data":null}},"time_used":449,"timings":{"blocked":104,"dns":1,"connect":163,"send":0,"wait":181,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.szkqet.com/Skins/106778/images/ewm.jpg","fqdn":"www.szkqet.com","domain":"szkqet.com","tld":"com"},"ip":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:13.481Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/106778/images/ewm.jpg HTTP/1.1\r\nHost: www.szkqet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.nikefj.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nDate: Sun, 26 Oct 2025 20:01:15 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 19996\r\nConnection: keep-alive\r\nLast-Modified: Tue, 17 Jun 2025 01:01:01 GMT\r\nAccept-Ranges: bytes\r\nETag: \"80c4d64a23dfdb1:0\"\r\nX-Powered-By: ASP.NET-115.4.177\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":19996,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 150x150, components 3","md5":"59aba4c26da2a5ab0e9379ed28809b57","sha1":"9d282ed1935908bac853381dd4c5b8f447b216b7","sha256":"ad0aa0bd1837a72306a2f39fc12e3b5d1fe52c0c9d109c395aa1df19c6a15b6f","sha512":"622fbb0b484955d95977a08720913b6cd1cff177f5a5e842dfb18c0e2edab2cfc81796ba87f71ae0c76f9a85e85158112a2576560b1d8933fe388156f175ce21","ssdeep":"384:sndkt6ECifHcWjW0VrkWvuo6KfhAqloUJHCjsXYhELCHmiDvvvZ:xE88WjWg5vWaloACiLwt","tlshash":"e892df1dfa9b32fb9621c5b9bfca14408b848bd38b639190acc8d427ce9598224324c7","first_seen":"2025-10-26T20:02:00.811816Z","last_seen":"2025-11-23T20:31:21.883909Z","times_seen":2,"resource_available":false,"data":null}},"time_used":2903,"timings":{"blocked":-1,"dns":1977,"connect":299,"send":0,"wait":327,"receive":300,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:16Z","timestamp":1761508876,"ip_dst":{"addr":"172.18.0.23","port":49482,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:16.081073+0000\",\"flow_id\":1702980269896140,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49482,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/ewm.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":3910},\"files\":[{\"filename\":\"/Skins/106778/images/ewm.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":3910,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":6,\"bytes_toserver\":773,\"bytes_toclient\":6196,\"start\":\"2025-10-26T20:01:15.455116+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.szkqet.com/Skins/106778/images/banner3.jpg","fqdn":"www.szkqet.com","domain":"szkqet.com","tld":"com"},"ip":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:13.483Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/106778/images/banner3.jpg HTTP/1.1\r\nHost: www.szkqet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.nikefj.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nDate: Sun, 26 Oct 2025 20:01:15 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 561028\r\nConnection: keep-alive\r\nLast-Modified: Thu, 19 Jun 2025 09:18:27 GMT\r\nAccept-Ranges: bytes\r\nETag: \"8073441dfbe0db1:0\"\r\nX-Powered-By: ASP.NET-115.4.173\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":100675,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x600, components 3","md5":"8c3005276ac249ed2276852bb23ec4ca","sha1":"26443f5b04971e0f66d6590a895639d09fb2f259","sha256":"319a351b54c1f06a67c763e1b84dafc848870dffe0cba34786373a71753b924d","sha512":"20a039f72c257050064a51c439fdbd15e3aa6356f2e09822dddb0bf22a9edd212eab0c22fb652606bae5dd9462e16f2802408298d7d5936e49f91277b4c0b0cd","ssdeep":"1536:Z1QmXBWBaNxPXCsUU8YE23+FjbImbksuZl+n6qOladUTyJ4hSHwq7unSjerSFnyp:04EyCsL8YGFPbks6JlzTyShYxunSbFE","tlshash":"b2a312d5f482e6c0da0f5de0c1f4aceac9366e4d13d75ec8a28a4d3e25a7c49c23e545","first_seen":"2025-10-26T20:02:00.813998Z","last_seen":"2025-10-26T20:02:00.813998Z","times_seen":1,"resource_available":false,"data":null}},"time_used":3189,"timings":{"blocked":-1,"dns":1975,"connect":241,"send":0,"wait":276,"receive":696,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:15Z","timestamp":1761508875,"ip_dst":{"addr":"172.18.0.23","port":49484,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:15.971955+0000\",\"flow_id\":2194440492675602,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49484,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/banner3.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":6555},\"files\":[{\"filename\":\"/Skins/106778/images/banner3.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":6555,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":8,\"bytes_toserver\":909,\"bytes_toclient\":8974,\"start\":\"2025-10-26T20:01:15.455186+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.szkqet.com/Skins/106778/images/footli3.png","fqdn":"www.szkqet.com","domain":"szkqet.com","tld":"com"},"ip":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:16.009Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/106778/images/footli3.png HTTP/1.1\r\nHost: www.szkqet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.nikefj.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nDate: Sun, 26 Oct 2025 20:01:16 GMT\r\nContent-Type: image/png\r\nContent-Length: 2636\r\nConnection: keep-alive\r\nLast-Modified: Tue, 17 Jun 2025 01:00:46 GMT\r\nAccept-Ranges: bytes\r\nETag: \"0f3e54123dfdb1:0\"\r\nX-Powered-By: ASP.NET-115.4.176\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":2636,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 19 x 19, 8-bit/color RGBA, non-interlaced","md5":"e219780f2dc9c2e082c44507df3b50d5","sha1":"0fecbfe7541cf18218e369255d2baa5c5d609da4","sha256":"09d36a2a12fe418eb1ae90744d345dbd7e4c8f9994294a8e437240a5d1580272","sha512":"520008d3969d5c04eb7199ff71cbebf4400a8b861a5ed3d56c83ba8fb155fc0310f2789896580c2858e827d3f3c44f1ec18dda07040f4776f7874f0692bd9dfe","ssdeep":"","tlshash":"db516348fc929c80591df449a5fc614763bb0ec09e9124495ec8c8239d309fdded96cb","first_seen":"2025-03-09T15:25:07.221793Z","last_seen":"2026-03-20T10:57:50.313151Z","times_seen":25,"resource_available":false,"data":null}},"time_used":267,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":267,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:16Z","timestamp":1761508876,"ip_dst":{"addr":"172.18.0.23","port":49514,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:16.587485+0000\",\"flow_id\":1644330343974288,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49514,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/footli3.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2636},\"files\":[{\"filename\":\"/Skins/106778/images/footli3.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2636,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":6,\"bytes_toserver\":1238,\"bytes_toclient\":3504,\"start\":\"2025-10-26T20:01:15.705936+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"api.share.baidu.com/s.gif?l=http://www.nikefj.com/","fqdn":"api.share.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:16.342Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /s.gif?l=http://www.nikefj.com/ HTTP/1.1\r\nHost: api.share.baidu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.nikefj.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.nikefj.com/Skins/106778/js/swiper.min.js","fqdn":"www.nikefj.com","domain":"nikefj.com","tld":"com"},"ip":{"addr":"104.165.182.5","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:12.256Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/106778/js/swiper.min.js HTTP/1.1\r\nHost: www.nikefj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.nikefj.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 26 Oct 2025 20:01:12 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":96097,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (31997)","md5":"fa463c1f651de45cc98496d25bd18c91","sha1":"354442c52638f8320457ec2410c234fb65a6b096","sha256":"6f27c84b0bd60093b2eeec91c207bcd2b013572839549e243151474b78dedfc4","sha512":"ea568af5d9b2c1fac3f70c7ad3e0cc51df896c22fbc9e0331af3d3e56e3111aa9bec490e01c130727982194411cb32161d6102c2cc84b6cacaa3880a91dae1b2","ssdeep":"1536:dyOkN3TklR3ZIFD7+Y7n2L5ydUTq0tSQfCBTq:QTF73uTqY","tlshash":"5893d66db314f3e295d3214a679ac64122f21706b849dae870b54c4a68bcc5d03bffbd","first_seen":"2023-09-16T23:58:26Z","last_seen":"2026-03-26T10:35:32.902064Z","times_seen":42,"resource_available":true,"data":null}},"time_used":655,"timings":{"blocked":135,"dns":1,"connect":164,"send":0,"wait":190,"receive":165,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.nikefj.com/Skins/106778/images/indbkbg.png","fqdn":"www.nikefj.com","domain":"nikefj.com","tld":"com"},"ip":{"addr":"104.165.182.5","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:15.293Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/106778/images/indbkbg.png HTTP/1.1\r\nHost: www.nikefj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.nikefj.com/Skins/106778/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 26 Oct 2025 20:01:15 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.szkqet.com/Skins/106778/images/indbkbg.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":4526,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":184,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":184,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.szkqet.com/Skins/106778/images/flbtbg2.png","fqdn":"www.szkqet.com","domain":"szkqet.com","tld":"com"},"ip":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:15.724Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/106778/images/flbtbg2.png HTTP/1.1\r\nHost: www.szkqet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.nikefj.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nDate: Sun, 26 Oct 2025 20:01:16 GMT\r\nContent-Type: image/png\r\nContent-Length: 6513\r\nConnection: keep-alive\r\nLast-Modified: Tue, 17 Jun 2025 01:00:46 GMT\r\nAccept-Ranges: bytes\r\nETag: \"0f3e54123dfdb1:0\"\r\nX-Powered-By: ASP.NET-115.4.177\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":6513,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 119 x 179, 8-bit/color RGBA, non-interlaced","md5":"102ddad9d6e5308044e5fb01afdcf994","sha1":"325342b21806f92d5c495190ee4e7cd0aab0d1cf","sha256":"dcfa4a4b2ebab065e025dd556103ca6817893108bd661f2a0621abefdfc163fe","sha512":"c8e81702089898407cbc2a606700af50708d3e9648956ffb509cdcc1d385f01e52d0e19c7b4f48fb9428ec2eb6be25addb38ec4aec382dc89a9be24ad8b922e0","ssdeep":"192:ZS87F8knEbsigoFp1BSg73JmB3UyA1n2ri/p5a7o+:A8NnEAfoFp1BLC3UFMriH5+","tlshash":"dfd18d0def926a2017dcad95fa99808316771f8092c370c02ccedc4628a44fbc91d6c6","first_seen":"2025-03-09T15:25:07.23129Z","last_seen":"2026-03-20T10:57:50.309523Z","times_seen":26,"resource_available":false,"data":null}},"time_used":1215,"timings":{"blocked":945,"dns":0,"connect":0,"send":0,"wait":270,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:18Z","timestamp":1761508878,"ip_dst":{"addr":"172.18.0.23","port":49514,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:18.328684+0000\",\"flow_id\":1644330343974288,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49514,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/flbtbg2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":6513},\"files\":[{\"filename\":\"/Skins/106778/images/flbtbg2.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":6513,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":13,\"pkts_toclient\":13,\"bytes_toserver\":2404,\"bytes_toclient\":13806,\"start\":\"2025-10-26T20:01:15.705936+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.szkqet.com/Skins/106778/images/footli1.png","fqdn":"www.szkqet.com","domain":"szkqet.com","tld":"com"},"ip":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:15.850Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/106778/images/footli1.png HTTP/1.1\r\nHost: www.szkqet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.nikefj.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nDate: Sun, 26 Oct 2025 20:01:18 GMT\r\nContent-Type: image/png\r\nContent-Length: 2749\r\nConnection: keep-alive\r\nLast-Modified: Tue, 17 Jun 2025 01:00:46 GMT\r\nAccept-Ranges: bytes\r\nETag: \"0f3e54123dfdb1:0\"\r\nX-Powered-By: ASP.NET-115.4.177\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":2749,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 19 x 19, 8-bit/color RGBA, non-interlaced","md5":"bfa6cce8bd645b1ece91b138416de875","sha1":"6635e91cf84837a9b62520cb3b18b6e2b7ec701f","sha256":"b433844a4d6b59513e62ee8231d0a630bc1ace58a00e5d12b2e89a2e10904e60","sha512":"8e2274061261a2b05afb3067d9846fc5192af8a7620670fbfd0925443ad607acfef5ec6c38493dfe259395e875f92442ac23e3fab4beaeb14b15eceef2204039","ssdeep":"","tlshash":"c6516348fc9068905a5df985aafda046a6f74fc08e912859edc8cc032d605fdcdda9c7","first_seen":"2025-03-09T15:25:07.238052Z","last_seen":"2026-03-20T10:57:50.322092Z","times_seen":26,"resource_available":false,"data":null}},"time_used":2479,"timings":{"blocked":2211,"dns":0,"connect":0,"send":0,"wait":268,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:18Z","timestamp":1761508878,"ip_dst":{"addr":"172.18.0.23","port":49514,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:18.597535+0000\",\"flow_id\":1644330343974288,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49514,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/footli1.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2749},\"files\":[{\"filename\":\"/Skins/106778/images/footli1.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2749,\"tx_id\":3}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":16,\"pkts_toclient\":16,\"bytes_toserver\":2986,\"bytes_toclient\":15978,\"start\":\"2025-10-26T20:01:15.705936+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"test.xinxiyidiantong.com:2096/images/favicon.ico","fqdn":"test.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":2096,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:19.882Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"test.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Sep 2025 17:37:28 GMT","end":"Thu, 18 Dec 2025 17:37:27 GMT"},"fingerprint":{"sha1":"49:77:AD:B5:81:DA:D5:0C:24:FA:23:20:4E:80:35:CD:A0:96:89:59","sha256":"9E:90:CA:DD:DC:87:7B:1F:4A:C6:35:F4:FB:99:B6:4D:0F:83:7F:E0:93:14:77:B4:9A:6B:AE:A0:35:0A:A3:DE"}}},"request":{"raw":"GET /images/favicon.ico HTTP/1.1\r\nHost: test.xinxiyidiantong.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.nikefj.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 26 Oct 2025 20:01:20 GMT\r\nContent-Type: image/x-icon\r\nContent-Length: 3066\r\nLast-Modified: Fri, 22 Oct 2021 08:11:14 GMT\r\nConnection: keep-alive\r\nETag: \"61727222-bfa\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3066,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced","md5":"00b726752e8713453d31b694d4f74b89","sha1":"122742a4ce71b668801ddcc8db72f07730db290c","sha256":"45d8a46c7758c43f32db8794520cbf03604db83734c969ca80d3b356f8360b37","sha512":"75660a291825839b5fd42b269bd501a9c81a5426adaab17d7b368687194da769a1373b3b5c20476085909c6f0fa5391e9b3c30714bc4be5b6e405ac018814367","ssdeep":"","tlshash":"e9515d9712b1080bc4797cb20f41bc5e95251237402dfaa57cf332d5ba80e9d629bed1","first_seen":"2023-05-06T09:29:06Z","last_seen":"2026-04-04T22:45:47.066966Z","times_seen":1723,"resource_available":false,"data":null}},"time_used":335,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":335,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.nikefj.com/Skins/106778/images/logo.jpg","fqdn":"www.nikefj.com","domain":"nikefj.com","tld":"com"},"ip":{"addr":"104.165.182.5","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:12.263Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/106778/images/logo.jpg HTTP/1.1\r\nHost: www.nikefj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.nikefj.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 26 Oct 2025 20:01:13 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.szkqet.com/Skins/106778/images/logo.jpg\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1206,"timings":{"blocked":1012,"dns":0,"connect":0,"send":0,"wait":194,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.zyzhan.com/asyncstat.aspx?u=kqet\u0026referer=\u0026title=%u4E2D%u56FD%B7%u5B9D%u9A6Cbm555%u7EBF%u8DEF%u68C0%u6D4B%28%u80A1%u4EFD%29%u6709%u9650%u516C%u53F8-%u5B98%u65B9%u7DB2%u7AD9","fqdn":"www.zyzhan.com","domain":"zyzhan.com","tld":"com"},"ip":{"addr":"180.163.146.117","port":443,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:15.229Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.zyzhan.com","organization":""},"issuer":{"commonName":"Certum DV TLS G2 R39 CA","organization":"Asseco Data Systems S.A."},"validity":{"start":"Thu, 25 Sep 2025 07:19:01 GMT","end":"Sun, 25 Oct 2026 07:19:00 GMT"},"fingerprint":{"sha1":"E6:3E:BF:20:AD:44:FD:77:47:8E:5F:AB:FB:9D:06:6D:F3:0D:9B:46","sha256":"D0:76:31:48:88:6B:F3:4D:10:17:7A:D3:F3:3A:FF:4B:F1:0C:82:E5:64:DB:1C:87:F3:8C:84:1B:53:A0:6B:53"}}},"request":{"raw":"GET /asyncstat.aspx?u=kqet\u0026referer=\u0026title=%u4E2D%u56FD%B7%u5B9D%u9A6Cbm555%u7EBF%u8DEF%u68C0%u6D4B%28%u80A1%u4EFD%29%u6709%u9650%u516C%u53F8-%u5B98%u65B9%u7DB2%u7AD9 HTTP/1.1\r\nHost: www.zyzhan.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.nikefj.com/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 547\r\ndate: Sun, 26 Oct 2025 20:01:15 GMT\r\ncache-control: no-cache\r\npragma: no-cache\r\nexpires: -1\r\nx-aspnet-version: 4.0.30319\r\nset-cookie: ASP.NET_SessionId=3rzt4jjtnaf2e0posq4zd2o0; path=/; HttpOnly; SameSite=Lax\nmtcached_mtsession_3rzt4jjtnaf2e0posq4zd2o0=10.115.3.123:9712; domain=.zyzhan.com; path=/; HttpOnly\r\nx-powered-by: ASP.NET-4.93\r\nvia: cache59.l2cn3021[39,39,200-0,M], cache15.l2cn3021[40,0], kunlun3.cn7174[52,52,200-0,M], kunlun8.cn7174[53,0]\r\nali-swift-global-savetime: 1761508875\r\nx-cache: MISS TCP_MISS dirn:-2:-2\r\nx-swift-savetime: Sun, 26 Oct 2025 20:01:15 GMT\r\nx-swift-cachetime: 0\r\ntiming-allow-origin: *\r\neagleid: b4a3921c17615088753164920e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET:4.0.30319","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":547,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (507), with CRLF line terminators","md5":"c71baf4a5298c30af1bbaca3e17ac814","sha1":"83c00ac93860c74d6419c57216870b3cc8abc1e8","sha256":"e9ac0fbd6b8dd5a0f2933c89cc28f155a3c7dfd9578ef02932a7f06c6bfbcf00","sha512":"091aecb331b56e84b17282296fd8e668eefe3aeb200d8d5c5b6c037924220fe786962d4342b6c00f3152fece937f9a1f6e46c1250732e931de40db5dead94c18","ssdeep":"","tlshash":"19f050b74c01d6fe8d05a8e9de72d398c04b0f2b3151d673a263118535205b7b45cad7","first_seen":"2025-10-26T20:02:00.82095Z","last_seen":"2025-10-26T20:02:00.82095Z","times_seen":1,"resource_available":false,"data":null}},"time_used":289,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":289,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.nikefj.com/Skins/106778/images/flbtbg1.png","fqdn":"www.nikefj.com","domain":"nikefj.com","tld":"com"},"ip":{"addr":"104.165.182.5","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:15.300Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/106778/images/flbtbg1.png HTTP/1.1\r\nHost: www.nikefj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.nikefj.com/Skins/106778/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 26 Oct 2025 20:01:15 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.szkqet.com/Skins/106778/images/flbtbg1.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8691,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":186,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":186,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.szkqet.com/Skins/106778/images/kefu.png","fqdn":"www.szkqet.com","domain":"szkqet.com","tld":"com"},"ip":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:15.727Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/106778/images/kefu.png HTTP/1.1\r\nHost: www.szkqet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.nikefj.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nDate: Sun, 26 Oct 2025 20:01:16 GMT\r\nContent-Type: image/png\r\nContent-Length: 13074\r\nConnection: keep-alive\r\nLast-Modified: Tue, 17 Jun 2025 01:00:49 GMT\r\nAccept-Ranges: bytes\r\nETag: \"80b6af4323dfdb1:0\"\r\nX-Powered-By: ASP.NET-115.4.174\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":13074,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced","md5":"26352f0abd9edf33e07c46d6fdb9048a","sha1":"0f2628fd9dc9b658d827cdcabde1580f9405d4ef","sha256":"db831aa77e225fa022e0e80f0c67e2f2127eb7dabc84219436905169bde3d951","sha512":"dbb2bf5a5eb9fedbb59a6daa12411d31c6a74ea14810c686177ac3a3afa2f0105b0806dd5af29cd0f07d7c7c6f34000b184ebd06dd63a93cbf1bf422de62173a","ssdeep":"192:Gk4zbSP3V/kBR8NpZhhtZFKe/srpI19pEINOsD+4CB1TihKeTFMj:6/SPtkcN7v/F9/srpI1XVO001Tmbq","tlshash":"7a42bf4e7212af009f98db8544e702e3aa1019238fdeb0d7b5eb6507c7790c296668e5","first_seen":"2025-10-26T20:02:00.822853Z","last_seen":"2025-11-23T20:31:21.870515Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1266,"timings":{"blocked":943,"dns":0,"connect":0,"send":0,"wait":322,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:16Z","timestamp":1761508876,"ip_dst":{"addr":"172.18.0.23","port":49530,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:16.992869+0000\",\"flow_id\":258958577878512,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49530,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/kefu.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":6807},\"files\":[{\"filename\":\"/Skins/106778/images/kefu.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":6807,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":8,\"bytes_toserver\":906,\"bytes_toclient\":8726,\"start\":\"2025-10-26T20:01:15.706032+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.nikefj.com/Skins/106778/images/banner1.jpg","fqdn":"www.nikefj.com","domain":"nikefj.com","tld":"com"},"ip":{"addr":"104.165.182.5","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:12.265Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/106778/images/banner1.jpg HTTP/1.1\r\nHost: www.nikefj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.nikefj.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 26 Oct 2025 20:01:13 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.szkqet.com/Skins/106778/images/banner1.jpg\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":41308,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1191,"timings":{"blocked":1009,"dns":0,"connect":0,"send":0,"wait":182,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fcl.xueyuxingfeng.com:6987/3366/api/sj.js","fqdn":"fcl.xueyuxingfeng.com","domain":"xueyuxingfeng.com","tld":"com"},"ip":{"addr":"27.124.44.6","port":6987,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:12.402Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"fcl.xueyuxingfeng.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 11:34:45 GMT","end":"Wed, 17 Dec 2025 11:34:44 GMT"},"fingerprint":{"sha1":"3B:EB:69:43:26:9B:29:D0:20:6D:C6:E8:E8:EC:EC:A8:49:1C:87:11","sha256":"59:54:B2:CF:7D:5E:9A:65:64:A7:4D:DC:18:B7:54:44:5A:32:E7:9B:95:F3:1C:56:3F:70:F1:FB:23:53:25:C3"}}},"request":{"raw":"GET /3366/api/sj.js HTTP/1.1\r\nHost: fcl.xueyuxingfeng.com:6987\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.nikefj.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 26 Oct 2025 20:01:15 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Mon, 28 Apr 2025 11:39:06 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"680f68da-d27\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3367,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text","md5":"5ea1fde8e6f2831d4f99ac0507b4fd80","sha1":"61531940c53d71bb868de12c9539df9b5337f552","sha256":"aeb383513e7adab24e7d7203c37120264238adb322a92ef4949451d4e238cb23","sha512":"7eea853f346128f8d67a8d3b7e18303620462ddac5eed5dda0f6cfdfa94bd54436fee9077139a0e0e2a7d015f3f422ff16b65891eac22f2716387b1a55abb790","ssdeep":"","tlshash":"63611d54ef8d20338e133165ae6f958c24be68577948eca7f80c64d44fa0d38852beac","first_seen":"2025-05-15T23:18:55.56288Z","last_seen":"2026-04-05T04:58:55.067701Z","times_seen":601,"resource_available":true,"data":null}},"time_used":5191,"timings":{"blocked":2425,"dns":1390,"connect":342,"send":0,"wait":341,"receive":0,"ssl":689},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.nikefj.com/Skins/106778/images/artico.png","fqdn":"www.nikefj.com","domain":"nikefj.com","tld":"com"},"ip":{"addr":"104.165.182.5","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:15.314Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/106778/images/artico.png HTTP/1.1\r\nHost: www.nikefj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.nikefj.com/Skins/106778/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 26 Oct 2025 20:01:15 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.szkqet.com/Skins/106778/images/artico.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2706,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":524,"timings":{"blocked":336,"dns":0,"connect":0,"send":0,"wait":188,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.nikefj.com/Skins/106778/images/footli2.png","fqdn":"www.nikefj.com","domain":"nikefj.com","tld":"com"},"ip":{"addr":"104.165.182.5","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:15.318Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/106778/images/footli2.png HTTP/1.1\r\nHost: www.nikefj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.nikefj.com/Skins/106778/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 26 Oct 2025 20:01:15 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.szkqet.com/Skins/106778/images/footli2.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2021,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":522,"timings":{"blocked":339,"dns":0,"connect":0,"send":0,"wait":183,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.nikefj.com/Skins/106778/images/arrows1.png","fqdn":"www.nikefj.com","domain":"nikefj.com","tld":"com"},"ip":{"addr":"104.165.182.5","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:15.276Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/106778/images/arrows1.png HTTP/1.1\r\nHost: www.nikefj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.nikefj.com/Skins/106778/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 26 Oct 2025 20:01:15 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.szkqet.com/Skins/106778/images/arrows1.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":1360,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":181,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":180,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.nikefj.com/Skins/106778/images/morejt2.png","fqdn":"www.nikefj.com","domain":"nikefj.com","tld":"com"},"ip":{"addr":"104.165.182.5","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:15.313Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/106778/images/morejt2.png HTTP/1.1\r\nHost: www.nikefj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.nikefj.com/Skins/106778/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 26 Oct 2025 20:01:15 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.szkqet.com/Skins/106778/images/morejt2.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2742,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":522,"timings":{"blocked":331,"dns":0,"connect":0,"send":0,"wait":191,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"test.xinxiyidiantong.com:2096/images/logo.png","fqdn":"test.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":2096,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:16.703Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"test.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Sep 2025 17:37:28 GMT","end":"Thu, 18 Dec 2025 17:37:27 GMT"},"fingerprint":{"sha1":"49:77:AD:B5:81:DA:D5:0C:24:FA:23:20:4E:80:35:CD:A0:96:89:59","sha256":"9E:90:CA:DD:DC:87:7B:1F:4A:C6:35:F4:FB:99:B6:4D:0F:83:7F:E0:93:14:77:B4:9A:6B:AE:A0:35:0A:A3:DE"}}},"request":{"raw":"GET /images/logo.png HTTP/1.1\r\nHost: test.xinxiyidiantong.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.nikefj.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 26 Oct 2025 20:01:18 GMT\r\nContent-Type: image/png\r\nContent-Length: 27927\r\nLast-Modified: Fri, 22 Oct 2021 07:29:32 GMT\r\nConnection: keep-alive\r\nETag: \"6172685c-6d17\"\r\nExpires: Tue, 25 Nov 2025 20:01:18 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":27927,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 255 x 85, 8-bit/color RGBA, non-interlaced","md5":"1555066b01ba12346071989c467ccf25","sha1":"50c92c270ddc54e309f1499dde7e04fddcdee8c4","sha256":"a8102cc2e6a32d0e128a3757c711489f1d7426123617283cf8d3cb1fd838f101","sha512":"859208a96a6ea1d6030470c159a9dda03a06203d106e19bd71885909d8b329ea6bba0b9068629fbf8d5a1ef693d36239dbde79788f082177e745b9584af1f319","ssdeep":"768:OVmJDb1mQ/HASD6KkXkbJzKyV3Tp1I+JZ:fJD5r4S2KjzKylI+JZ","tlshash":"d5c2e189f1e16d8c20d1e40d5f916979b7d7e0c19554f6f2a0c8f8266e3a249ed08cd7","first_seen":"2023-05-06T09:29:06Z","last_seen":"2026-04-04T22:45:47.064391Z","times_seen":1726,"resource_available":false,"data":null}},"time_used":3736,"timings":{"blocked":1358,"dns":13,"connect":338,"send":0,"wait":672,"receive":338,"ssl":685},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"test.xinxiyidiantong.com:2096/images/4_1.jpg","fqdn":"test.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":2096,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:18.187Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"test.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Sep 2025 17:37:28 GMT","end":"Thu, 18 Dec 2025 17:37:27 GMT"},"fingerprint":{"sha1":"49:77:AD:B5:81:DA:D5:0C:24:FA:23:20:4E:80:35:CD:A0:96:89:59","sha256":"9E:90:CA:DD:DC:87:7B:1F:4A:C6:35:F4:FB:99:B6:4D:0F:83:7F:E0:93:14:77:B4:9A:6B:AE:A0:35:0A:A3:DE"}}},"request":{"raw":"GET /images/4_1.jpg HTTP/1.1\r\nHost: test.xinxiyidiantong.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://test.xinxiyidiantong.com:2096/images/style1.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 26 Oct 2025 20:01:19 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 9010\r\nLast-Modified: Fri, 22 Oct 2021 07:29:27 GMT\r\nConnection: keep-alive\r\nETag: \"61726857-2332\"\r\nExpires: Tue, 25 Nov 2025 20:01:19 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9010,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 350x80, components 3","md5":"fda80dce60b7652bc25d8050e874fc5e","sha1":"af999552eb2effe20b9bb6548bd3b40bf6b82fce","sha256":"86872602a83d5e41e9bf331e3f16f87d4631bd2a5f9f141c665eb00d6c20db92","sha512":"33271a5336643c30b2f6c91f3b9e9a88c68f5820de79ce486430643f0676cf6ab3ae2733e4ef796399656ea921e00afc609fc26beef03d0e033f3b25069b3e40","ssdeep":"192:HY0nSEeZkjRaPNWM7JHKm/4aqQP3vwHYKhU:znSReValWMV9nqQPoHYt","tlshash":"09027c11d2566f0cffcee55221b64738305a86f2f4e9e818bcffe1ab846001d251572b","first_seen":"2023-05-06T09:29:06Z","last_seen":"2026-04-04T22:45:47.0634Z","times_seen":1359,"resource_available":false,"data":null}},"time_used":2286,"timings":{"blocked":975,"dns":1,"connect":325,"send":0,"wait":327,"receive":1,"ssl":654},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.nikefj.com/Skins/106778/images/mulu0.png","fqdn":"www.nikefj.com","domain":"nikefj.com","tld":"com"},"ip":{"addr":"104.165.182.5","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:15.305Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/106778/images/mulu0.png HTTP/1.1\r\nHost: www.nikefj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.nikefj.com/Skins/106778/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 26 Oct 2025 20:01:15 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.szkqet.com/Skins/106778/images/mulu0.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":1915,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":344,"timings":{"blocked":152,"dns":0,"connect":0,"send":0,"wait":192,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.szkqet.com/Skins/106778/images/zxbtn.png","fqdn":"www.szkqet.com","domain":"szkqet.com","tld":"com"},"ip":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:15.725Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/106778/images/zxbtn.png HTTP/1.1\r\nHost: www.szkqet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.nikefj.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nDate: Sun, 26 Oct 2025 20:01:16 GMT\r\nContent-Type: image/png\r\nContent-Length: 4845\r\nConnection: keep-alive\r\nLast-Modified: Tue, 17 Jun 2025 01:01:00 GMT\r\nAccept-Ranges: bytes\r\nETag: \"02e3e4a23dfdb1:0\"\r\nX-Powered-By: ASP.NET-115.4.174\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":4845,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 198 x 64, 8-bit/color RGBA, non-interlaced","md5":"9e3bf506cd2814c267ca76f65da76c65","sha1":"8e3c77af6b3cc58197098599155a417d1c008780","sha256":"de6fb87bc76aeaa2ff933f5afc929b77403edbc6ea9311ff88a8d4bb871aab8c","sha512":"3c099857840eedf0ba820fd19c8f2a24ef9256e556b224b96bca64eebd35b0a88b3fec3a1348791481ab86a350dbba1a01167db506eb7f65c2b5765775152c2f","ssdeep":"96:6SeNwBljxXDne0D6aK/HsC/ktUPshaFvMSm+BPcLafVbaTirAbnmQnz9y:5bxXDe0D6XMC/ktUPHFvMX3afVba+eXc","tlshash":"aca19e0cf5b1b990f9545b9202e13cabda672fc85741f468f8cfe6a125740e230449fb","first_seen":"2025-10-26T20:02:00.827892Z","last_seen":"2025-11-23T20:31:21.899404Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1240,"timings":{"blocked":945,"dns":0,"connect":0,"send":0,"wait":294,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:18Z","timestamp":1761508878,"ip_dst":{"addr":"172.18.0.23","port":49522,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:18.384258+0000\",\"flow_id\":1605299828671936,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49522,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/zxbtn.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":4845},\"files\":[{\"filename\":\"/Skins/106778/images/zxbtn.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":4845,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":7,\"bytes_toserver\":1280,\"bytes_toclient\":7194,\"start\":\"2025-10-26T20:01:15.705984+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"test.xinxiyidiantong.com:2096/images/1_1.jpg","fqdn":"test.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":2096,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:18.189Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"test.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Sep 2025 17:37:28 GMT","end":"Thu, 18 Dec 2025 17:37:27 GMT"},"fingerprint":{"sha1":"49:77:AD:B5:81:DA:D5:0C:24:FA:23:20:4E:80:35:CD:A0:96:89:59","sha256":"9E:90:CA:DD:DC:87:7B:1F:4A:C6:35:F4:FB:99:B6:4D:0F:83:7F:E0:93:14:77:B4:9A:6B:AE:A0:35:0A:A3:DE"}}},"request":{"raw":"GET /images/1_1.jpg HTTP/1.1\r\nHost: test.xinxiyidiantong.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://test.xinxiyidiantong.com:2096/images/style1.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 26 Oct 2025 20:01:19 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 9995\r\nLast-Modified: Fri, 22 Oct 2021 07:29:22 GMT\r\nConnection: keep-alive\r\nETag: \"61726852-270b\"\r\nExpires: Tue, 25 Nov 2025 20:01:19 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9995,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 350x80, components 3","md5":"b28d56b08ae1c39178b7ed387cfd1297","sha1":"e1eede6d5d7351d6e98b7afb188c6e1615233027","sha256":"ef09e72ae4d2d62570afb35c6b39a540b3f52db05b3e5e8e8c4cf81c5ff15810","sha512":"e1f4351e2077a20e516a77161dea0f713134f9dce57744a808c7e6ba341a2edb96c30f0bd3c0b790d044fd129caf460d76c1211faad3e2d990f9c1bc1515aafb","ssdeep":"192:g0JO5368nQnrIOA7ob5HWY9Udd7iaNDHecz3avA7ofV:giO5368nC0O+o4C6dnNVrav8ofV","tlshash":"46228c386a36138bd4ce1da2e1fc16e343778b42148a51b9f5b5c5c315333a430a6eee","first_seen":"2023-05-06T09:29:06Z","last_seen":"2026-04-04T22:45:47.071438Z","times_seen":1347,"resource_available":false,"data":null}},"time_used":2423,"timings":{"blocked":1034,"dns":1,"connect":343,"send":0,"wait":344,"receive":1,"ssl":697},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"test.xinxiyidiantong.com:2096/images/2_1.jpg","fqdn":"test.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":2096,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:18.192Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"test.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Sep 2025 17:37:28 GMT","end":"Thu, 18 Dec 2025 17:37:27 GMT"},"fingerprint":{"sha1":"49:77:AD:B5:81:DA:D5:0C:24:FA:23:20:4E:80:35:CD:A0:96:89:59","sha256":"9E:90:CA:DD:DC:87:7B:1F:4A:C6:35:F4:FB:99:B6:4D:0F:83:7F:E0:93:14:77:B4:9A:6B:AE:A0:35:0A:A3:DE"}}},"request":{"raw":"GET /images/2_1.jpg HTTP/1.1\r\nHost: test.xinxiyidiantong.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://test.xinxiyidiantong.com:2096/images/style1.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 26 Oct 2025 20:01:19 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 11115\r\nLast-Modified: Fri, 22 Oct 2021 07:29:25 GMT\r\nConnection: keep-alive\r\nETag: \"61726855-2b6b\"\r\nExpires: Tue, 25 Nov 2025 20:01:19 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11115,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 350x80, components 3","md5":"088afa1a19d8f98fe3808e2471d9666e","sha1":"c5580afe6796b562e0cb6ca80516f4fb57504a39","sha256":"e311225d391d6c060f288026fcaf5f70c87230a6a86b16f7acf36e33c29ae14c","sha512":"42258aa415ece74bb59b31813b3bec7c2e39c8d638224e147ff77ca357c63a8f2d9fcc6dada5c4845d38ce450e13b6195274f8b6ffcc7231a18e5e932ad010b1","ssdeep":"192:mE56ohr2Gml8mR9gSc/ucAtPrmZo7/KKmUWNLnWk91PNu/Hm9kzJ:SoJs9EgDmZ0QhNykVuO4","tlshash":"70328e3d6bb1571ae187ec3370ba83ab596e20c1f14f3035b632caeb45751913742d99","first_seen":"2023-05-06T09:29:06Z","last_seen":"2026-04-04T22:45:47.069306Z","times_seen":1329,"resource_available":false,"data":null}},"time_used":1595,"timings":{"blocked":1269,"dns":0,"connect":0,"send":0,"wait":325,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.szkqet.com/Skins/106778/images/hengf.jpg","fqdn":"www.szkqet.com","domain":"szkqet.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:13.646Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/106778/images/hengf.jpg HTTP/1.1\r\nHost: www.szkqet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.nikefj.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fuwanjia666.com:33888/fcl.php?keyword=%E4%B8%AD%E5%9B%BD%C2%B7%E5%AE%9D%E9%A9%ACbm555%E7%BA%BF%E8%B7%AF%E6%A3%80%E6%B5%8B(%E8%82%A1%E4%BB%BD)%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8-%E5%AE%98%E6%96%B9%E7%B6%B2%E7%AB%99\u0026from=pc\u0026originUrl=http%3A%2F%2Fwww.nikefj.com%2F\u0026referer=\u0026userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026v=8285","fqdn":"fuwanjia666.com","domain":"fuwanjia666.com","tld":"com"},"ip":{"addr":"143.92.57.57","port":33888,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:15.206Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"fuwanjia666.com","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Tue, 29 Jul 2025 01:04:35 GMT","end":"Mon, 27 Oct 2025 01:04:34 GMT"},"fingerprint":{"sha1":"17:09:D7:57:C8:A6:96:A9:07:74:99:B4:2B:F4:1E:FB:5B:48:C9:F7","sha256":"23:CF:58:DA:B1:C3:63:FC:21:2D:C0:EC:69:7D:E3:5E:12:86:40:61:C4:F0:79:4F:48:08:88:EA:A4:BB:44:09"}}},"request":{"raw":"GET /fcl.php?keyword=%E4%B8%AD%E5%9B%BD%C2%B7%E5%AE%9D%E9%A9%ACbm555%E7%BA%BF%E8%B7%AF%E6%A3%80%E6%B5%8B(%E8%82%A1%E4%BB%BD)%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8-%E5%AE%98%E6%96%B9%E7%B6%B2%E7%AB%99\u0026from=pc\u0026originUrl=http%3A%2F%2Fwww.nikefj.com%2F\u0026referer=\u0026userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026v=8285 HTTP/1.1\r\nHost: fuwanjia666.com:33888\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: http://www.nikefj.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.nikefj.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 26 Oct 2025 20:01:16 GMT\r\nContent-Type: text/html;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nAccess-Control-Allow-Origin: *\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3025,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with CRLF line terminators","md5":"cd9ef5feeec99b010e7ab19bc27c494c","sha1":"2b91f68b208367157a9c708b48bea67597af3864","sha256":"8b7f2fda65379a5edc8236722c0b4fef32cbf443a61818a451519bf449d800a0","sha512":"95b7e7118094e506eede8a6850492d2d96624682ee660d0eace6665f638f801c225d47681c8c23bb9827ed850c0a45f0fdec914bcb322ae228027cc584c57054","ssdeep":"","tlshash":"9f51cda792ca18760a73c2e6b6a07768ece3804fde5595c2f4ac225b0b70e51b44364d","first_seen":"2025-10-26T20:02:00.83198Z","last_seen":"2025-10-26T20:02:00.83198Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1386,"timings":{"blocked":0,"dns":62,"connect":324,"send":0,"wait":342,"receive":0,"ssl":658},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.nikefj.com/Skins/106778/images/zxbtn.png","fqdn":"www.nikefj.com","domain":"nikefj.com","tld":"com"},"ip":{"addr":"104.165.182.5","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:15.310Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/106778/images/zxbtn.png HTTP/1.1\r\nHost: www.nikefj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.nikefj.com/Skins/106778/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 26 Oct 2025 20:01:15 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.szkqet.com/Skins/106778/images/zxbtn.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":4845,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":333,"timings":{"blocked":152,"dns":0,"connect":0,"send":0,"wait":181,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"collect-v6.51.la/v6/collect?dt=4","fqdn":"collect-v6.51.la","domain":"51.la","tld":"la"},"ip":{"addr":"43.174.227.41","port":80,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:18.580Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"POST /v6/collect?dt=4 HTTP/1.1\r\nHost: collect-v6.51.la\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Length: 386\r\nOrigin: http://www.nikefj.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.nikefj.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 210 Unknown Status\r\nVary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nAccess-Control-Allow-Origin: http://www.nikefj.com\r\nAccess-Control-Allow-Credentials: true\r\nServer: TencentEdgeOne\r\nContent-Length: 0\r\nConnection: keep-alive\r\nDate: Sun, 26 Oct 2025 20:01:18 GMT\r\nEO-LOG-UUID: 14136790498955284418\r\nEO-Cache-Status: MISS\r\n\r\n","headers":null,"cookies":null,"status_code":"210","status_text":"Unknown Status","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":322,"timings":{"blocked":20,"dns":0,"connect":19,"send":0,"wait":282,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"test.xinxiyidiantong.com:2096/images/3_1.jpg","fqdn":"test.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":2096,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:18.188Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"test.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Sep 2025 17:37:28 GMT","end":"Thu, 18 Dec 2025 17:37:27 GMT"},"fingerprint":{"sha1":"49:77:AD:B5:81:DA:D5:0C:24:FA:23:20:4E:80:35:CD:A0:96:89:59","sha256":"9E:90:CA:DD:DC:87:7B:1F:4A:C6:35:F4:FB:99:B6:4D:0F:83:7F:E0:93:14:77:B4:9A:6B:AE:A0:35:0A:A3:DE"}}},"request":{"raw":"GET /images/3_1.jpg HTTP/1.1\r\nHost: test.xinxiyidiantong.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://test.xinxiyidiantong.com:2096/images/style1.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 26 Oct 2025 20:01:19 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 8660\r\nLast-Modified: Fri, 22 Oct 2021 07:29:26 GMT\r\nConnection: keep-alive\r\nETag: \"61726856-21d4\"\r\nExpires: Tue, 25 Nov 2025 20:01:19 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8660,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 350x80, components 3","md5":"bd5b31f1e7d18e29d6c10312eb6661da","sha1":"73d597ea109cd53140943270b6629ab8ebd3e69c","sha256":"62f4ab1a75135e43fb19419972b6ec12b8ba3ac8337feae4023bd7b9b0e9d59a","sha512":"eef274c9b0fa072a6039e3bb58653792462653c97df74d609b5f491918d94341af6e11b9f9a396d61cb45d73636a4cade653d36b8dfc8b6c08a42df25326105e","ssdeep":"192:xChGKgyRvOj4GUHxnizS7NobBIEkgOOhyKAKU5ny:kh5OvUHBR7UBhBhGny","tlshash":"8c026c01a6912fdecf4f256365b3c339e6c91d30f062fa692abd54931e125715012b9a","first_seen":"2023-05-06T09:29:06Z","last_seen":"2026-04-04T22:45:47.070951Z","times_seen":1351,"resource_available":false,"data":null}},"time_used":2373,"timings":{"blocked":1015,"dns":1,"connect":335,"send":0,"wait":336,"receive":0,"ssl":684},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.nikefj.com/Skins/106778/css/style.css","fqdn":"www.nikefj.com","domain":"nikefj.com","tld":"com"},"ip":{"addr":"104.165.182.5","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:12.251Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/106778/css/style.css HTTP/1.1\r\nHost: www.nikefj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.nikefj.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 26 Oct 2025 20:01:12 GMT\r\nContent-Type: text/css;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":146920,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"troff or preprocessor input, Unicode text, UTF-8 text, with very long lines (398)","md5":"76ec20299bad665044efef5bf0707a56","sha1":"a1a5c7ce5a47370aa00e88b92f1a8e3790167e40","sha256":"9af07192b20b3d0375006164c654c6a0a6a83537a665575fc8d9b33bf951a00f","sha512":"d1098ce3ec32372f7a08909d68dc6eb3bfea7e404efedb821c7b374326302a4ca17a15736301b06e6515eec8eb16380164fec0126d8bb1e953d517604e2e26ed","ssdeep":"1536:Fj1pVlIF+cNrl27aTxk/b+DqDgN/gADVOICTFHscke1W83PwWgWV67ejZe1LUZqo:X80V","tlshash":"0ee33131ef41224de13b5636bfc2a7dd33298457a3810afd9e947a34d1ce1ea46f2690","first_seen":"2025-10-26T20:02:00.834542Z","last_seen":"2025-11-23T20:31:21.878709Z","times_seen":2,"resource_available":false,"data":null}},"time_used":654,"timings":{"blocked":139,"dns":0,"connect":162,"send":0,"wait":190,"receive":163,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.nikefj.com/Skins/106778/images/kefu-tb.png","fqdn":"www.nikefj.com","domain":"nikefj.com","tld":"com"},"ip":{"addr":"104.165.182.5","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:15.321Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/106778/images/kefu-tb.png HTTP/1.1\r\nHost: www.nikefj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.nikefj.com/Skins/106778/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 26 Oct 2025 20:01:15 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.szkqet.com/Skins/106778/images/kefu-tb.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":20057,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":336,"timings":{"blocked":153,"dns":0,"connect":0,"send":0,"wait":183,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hm.baidu.com/hm.js?97190c4483a66bf9d32e0f878b518934","fqdn":"hm.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"14.215.182.140","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:18.145Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"baidu.com","organization":"Beijing Baidu Netcom Science Technology Co., Ltd"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 09 Jul 2025 07:01:02 GMT","end":"Mon, 10 Aug 2026 07:01:01 GMT"},"fingerprint":{"sha1":"21:BF:66:0D:67:BE:7A:7F:49:48:05:30:F4:7F:09:F2:30:36:CA:63","sha256":"0D:82:2C:9A:90:5A:EF:E9:8F:37:12:C0:E0:26:30:EE:95:33:2C:45:5F:E7:74:5D:F0:8D:BC:79:F4:B0:A1:49"}}},"request":{"raw":"GET /hm.js?97190c4483a66bf9d32e0f878b518934 HTTP/1.1\r\nHost: hm.baidu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.nikefj.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Length: 0\r\nDate: Sun, 26 Oct 2025 20:01:19 GMT\r\nServer: apache\r\nStrict-Transport-Security: max-age=172800\r\nContent-Type: text/plain; charset=utf-8\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1837,"timings":{"blocked":755,"dns":1,"connect":252,"send":0,"wait":316,"receive":0,"ssl":510},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"test.xinxiyidiantong.com:2096/images/2.jpg","fqdn":"test.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":2096,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:18.184Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"test.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Sep 2025 17:37:28 GMT","end":"Thu, 18 Dec 2025 17:37:27 GMT"},"fingerprint":{"sha1":"49:77:AD:B5:81:DA:D5:0C:24:FA:23:20:4E:80:35:CD:A0:96:89:59","sha256":"9E:90:CA:DD:DC:87:7B:1F:4A:C6:35:F4:FB:99:B6:4D:0F:83:7F:E0:93:14:77:B4:9A:6B:AE:A0:35:0A:A3:DE"}}},"request":{"raw":"GET /images/2.jpg HTTP/1.1\r\nHost: test.xinxiyidiantong.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://test.xinxiyidiantong.com:2096/images/style1.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 26 Oct 2025 20:01:18 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 85884\r\nLast-Modified: Fri, 22 Oct 2021 07:29:23 GMT\r\nConnection: keep-alive\r\nETag: \"61726853-14f7c\"\r\nExpires: Tue, 25 Nov 2025 20:01:18 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":85884,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x1080, components 3","md5":"6613a23f1fecfc5aad23df7cce06f1b0","sha1":"3a3bcb377568add492170212e90d7a1f633f5e27","sha256":"657c5a2c773ed927afc61fbce4bc522bd8190ed82cb2c15ff0e9baac320749ca","sha512":"511438a9f958104610211db26c5b44cba19e27ca89ff256f83e298aeb094118e094752fac5d3591304df00f7d9e5d205c6d6c04c3997dd8358d16b77eba1dad3","ssdeep":"1536:QEDtAN5nPlYihG1VH9qvmhrcn+mcKHvQ8vDBXj4Jka:Q0AN5PlYp1Vdy6oSmI8v1z46a","tlshash":"0f83f17bc7560be3e618077a90b7053efb564439661e1f17ad280026c8e07b9fd672a2","first_seen":"2023-05-06T09:29:06Z","last_seen":"2026-04-05T06:37:51.34884Z","times_seen":1340,"resource_available":false,"data":null}},"time_used":1348,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":671,"receive":677,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.nikefj.com/Skins/106778/images/ewm.jpg","fqdn":"www.nikefj.com","domain":"nikefj.com","tld":"com"},"ip":{"addr":"104.165.182.5","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:12.284Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/106778/images/ewm.jpg HTTP/1.1\r\nHost: www.nikefj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.nikefj.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 26 Oct 2025 20:01:13 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.szkqet.com/Skins/106778/images/ewm.jpg\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":19996,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1181,"timings":{"blocked":990,"dns":0,"connect":0,"send":0,"wait":191,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.nikefj.com/Skins/106778/images/footli3.png","fqdn":"www.nikefj.com","domain":"nikefj.com","tld":"com"},"ip":{"addr":"104.165.182.5","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:15.319Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/106778/images/footli3.png HTTP/1.1\r\nHost: www.nikefj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.nikefj.com/Skins/106778/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 26 Oct 2025 20:01:15 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.szkqet.com/Skins/106778/images/footli3.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":2636,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":683,"timings":{"blocked":502,"dns":0,"connect":0,"send":0,"wait":181,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.szkqet.com/Skins/106778/images/flbtbg1.png","fqdn":"www.szkqet.com","domain":"szkqet.com","tld":"com"},"ip":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:15.723Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/106778/images/flbtbg1.png HTTP/1.1\r\nHost: www.szkqet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.nikefj.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nDate: Sun, 26 Oct 2025 20:01:16 GMT\r\nContent-Type: image/png\r\nContent-Length: 8691\r\nConnection: keep-alive\r\nLast-Modified: Tue, 17 Jun 2025 01:00:46 GMT\r\nAccept-Ranges: bytes\r\nETag: \"0f3e54123dfdb1:0\"\r\nX-Powered-By: ASP.NET-115.4.175\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":8691,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 89 x 165, 8-bit/color RGBA, non-interlaced","md5":"3cece6dd8e07bd31d6eaf22b0bbbea77","sha1":"8abbe997fb0eb2b83919d569087af5750d4a1a65","sha256":"7f622ddebc9d52e35bdc347ec3c5bb1585f74469719c71cf227cc2266a3b6895","sha512":"63a1d9043818e0d61b647e8520d8e00796ec48dd98bb4e8924e24d4aa760a96a732e63c4fbe1b8c657e3aa19fa2aa4b2ac3a39f139a449a77560e01c68d0e286","ssdeep":"192:VSr7F8knErDDig0Cg97CBk/XfjTgiuf+6I63q/Exnix2ZEaO:0rNnEbf0Cs7ES7TgBftq/Ec8eaO","tlshash":"8c028d08efe0281489ced9b6bdfdd59b26335a80d6e28000fccd8c0634551b9d55ebdb","first_seen":"2025-03-09T15:25:07.219889Z","last_seen":"2026-03-20T10:57:50.297275Z","times_seen":26,"resource_available":false,"data":null}},"time_used":1191,"timings":{"blocked":887,"dns":0,"connect":0,"send":0,"wait":303,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:18Z","timestamp":1761508878,"ip_dst":{"addr":"172.18.0.23","port":49444,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:18.384267+0000\",\"flow_id\":1237218983932114,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49444,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/flbtbg1.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":8691},\"files\":[{\"filename\":\"/Skins/106778/images/flbtbg1.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":8691,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":23,\"pkts_toclient\":28,\"bytes_toserver\":3012,\"bytes_toclient\":35927,\"start\":\"2025-10-26T20:01:15.454866+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.nikefj.com/Skins/106778/images/hengf.jpg","fqdn":"www.nikefj.com","domain":"nikefj.com","tld":"com"},"ip":{"addr":"104.165.182.5","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:12.283Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/106778/images/hengf.jpg HTTP/1.1\r\nHost: www.nikefj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.nikefj.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 26 Oct 2025 20:01:13 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.szkqet.com/Skins/106778/images/hengf.jpg\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1355,"timings":{"blocked":1174,"dns":0,"connect":0,"send":0,"wait":181,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.szkqet.com/index_cache.html","fqdn":"www.szkqet.com","domain":"szkqet.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:12.289Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /index_cache.html HTTP/1.1\r\nHost: www.szkqet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.nikefj.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":3407,"timings":{"blocked":986,"dns":2179,"connect":242,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.szkqet.com/Skins/106778/images/arrows2.png","fqdn":"www.szkqet.com","domain":"szkqet.com","tld":"com"},"ip":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:15.711Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/106778/images/arrows2.png HTTP/1.1\r\nHost: www.szkqet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.nikefj.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nDate: Sun, 26 Oct 2025 20:01:18 GMT\r\nContent-Type: image/png\r\nContent-Length: 1362\r\nConnection: keep-alive\r\nLast-Modified: Tue, 17 Jun 2025 01:00:35 GMT\r\nAccept-Ranges: bytes\r\nETag: \"807b573b23dfdb1:0\"\r\nX-Powered-By: ASP.NET-115.4.174\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":1362,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced","md5":"ec451b748d47a1b45901f49f273710aa","sha1":"4d4354b46e0370c57488fbac3492628411cb6cb9","sha256":"b80ab4ab02d0ebc35df5557233eae0f55c565c1a516c8a9541c99ddd70ee63d7","sha512":"ea551f7fafc0b9e128cdb969746386e91c13554293d1887c7dae7cf066747dd53c67a72f4dd76720672f3e0afc777bf941d72805fcb3f3d86ae54f9383041b6b","ssdeep":"","tlshash":"f421502af9b064806798649228efe0a28b270a84c5e0e5d1fdcfd12b88714f4b4086db","first_seen":"2023-07-08T23:43:21Z","last_seen":"2026-03-22T12:26:17.043998Z","times_seen":133,"resource_available":false,"data":null}},"time_used":2675,"timings":{"blocked":2350,"dns":0,"connect":0,"send":0,"wait":325,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:28Z","timestamp":1761508888,"ip_dst":{"addr":"172.18.0.23","port":49482,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:28.774472+0000\",\"flow_id\":1702980269896140,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49482,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/arrows2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1362},\"files\":[{\"filename\":\"/Skins/106778/images/arrows2.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":1362,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":27,\"pkts_toclient\":24,\"bytes_toserver\":2953,\"bytes_toclient\":28773,\"start\":\"2025-10-26T20:01:15.455116+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img46.zyzhan.com/gxhpic_b06a05e3fa/464a78f1850ff6180bc704bfc4adc6bc958316397d67d5192f8f679697acb1a6812652b7edece6dd_500_500_5.jpg","fqdn":"img46.zyzhan.com","domain":"zyzhan.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:15.979Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.zyzhan.com","organization":""},"issuer":{"commonName":"Certum DV TLS G2 R39 CA","organization":"Asseco Data Systems S.A."},"validity":{"start":"Thu, 25 Sep 2025 07:19:01 GMT","end":"Sun, 25 Oct 2026 07:19:00 GMT"},"fingerprint":{"sha1":"E6:3E:BF:20:AD:44:FD:77:47:8E:5F:AB:FB:9D:06:6D:F3:0D:9B:46","sha256":"D0:76:31:48:88:6B:F3:4D:10:17:7A:D3:F3:3A:FF:4B:F1:0C:82:E5:64:DB:1C:87:F3:8C:84:1B:53:A0:6B:53"}}},"request":{"raw":"GET /gxhpic_b06a05e3fa/464a78f1850ff6180bc704bfc4adc6bc958316397d67d5192f8f679697acb1a6812652b7edece6dd_500_500_5.jpg HTTP/1.1\r\nHost: img46.zyzhan.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://www.nikefj.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":578,"timings":{"blocked":0,"dns":1,"connect":279,"send":0,"wait":0,"receive":0,"ssl":298},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.nikefj.com/skins/106778/images/ewm.jpg","fqdn":"www.nikefj.com","domain":"nikefj.com","tld":"com"},"ip":{"addr":"104.165.182.5","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:12.287Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/106778/images/ewm.jpg HTTP/1.1\r\nHost: www.nikefj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.nikefj.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 26 Oct 2025 20:01:13 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.szkqet.com/skins/106778/images/ewm.jpg\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":19996,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1167,"timings":{"blocked":987,"dns":0,"connect":0,"send":0,"wait":180,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.nikefj.com/Skins/106778/images/kefu.png","fqdn":"www.nikefj.com","domain":"nikefj.com","tld":"com"},"ip":{"addr":"104.165.182.5","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:15.320Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/106778/images/kefu.png HTTP/1.1\r\nHost: www.nikefj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.nikefj.com/Skins/106778/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 26 Oct 2025 20:01:15 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.szkqet.com/Skins/106778/images/kefu.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":13074,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":332,"timings":{"blocked":150,"dns":0,"connect":0,"send":0,"wait":182,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.nikefj.com/","fqdn":"www.nikefj.com","domain":"nikefj.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-26T20:01:11.345Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: www.nikefj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":212,"timings":{"blocked":212,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.szkqet.com/Skins/106778/images/morejt.png","fqdn":"www.szkqet.com","domain":"szkqet.com","tld":"com"},"ip":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:15.720Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/106778/images/morejt.png HTTP/1.1\r\nHost: www.szkqet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.nikefj.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nDate: Sun, 26 Oct 2025 20:01:18 GMT\r\nContent-Type: image/png\r\nContent-Length: 2464\r\nConnection: keep-alive\r\nLast-Modified: Tue, 17 Jun 2025 01:00:52 GMT\r\nAccept-Ranges: bytes\r\nETag: \"07a794523dfdb1:0\"\r\nX-Powered-By: ASP.NET-115.4.173\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":2464,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced","md5":"c831edb956d626cfd991255b172797ae","sha1":"7254408fdec4f8b94a8fb6c4d7b2b90037bb742d","sha256":"29de051144a5f54260ee9b44dc18adb12f155353062bd7439efe0a5b3735266c","sha512":"39d723aedaf152ed101494f9b253c008fbaf37d14b0155d049b12965cb4d8da2cf4066328f1d8a324b02157df41db4ccb28fbef0d9d4d0ab6b56d06eb7fb8c75","ssdeep":"","tlshash":"3b514309bc516c911a0ef58a9efc524397b70fc08f52541aaeddcc525d204f98edd5cb","first_seen":"2025-03-09T15:25:07.227511Z","last_seen":"2026-03-20T10:57:50.320484Z","times_seen":23,"resource_available":false,"data":null}},"time_used":2961,"timings":{"blocked":2666,"dns":0,"connect":0,"send":0,"wait":295,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:28Z","timestamp":1761508888,"ip_dst":{"addr":"172.18.0.23","port":49522,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:28.965899+0000\",\"flow_id\":1605299828671936,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49522,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/morejt.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2464},\"files\":[{\"filename\":\"/Skins/106778/images/morejt.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2464,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":14,\"pkts_toclient\":12,\"bytes_toserver\":2060,\"bytes_toclient\":12144,\"start\":\"2025-10-26T20:01:15.705984+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"push.zhanzhang.baidu.com/push.js","fqdn":"push.zhanzhang.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"182.61.201.94","port":80,"asn":38365,"as":"Beijing Baidu Netcom Science and Technology Co., Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:15.594Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /push.js HTTP/1.1\r\nHost: push.zhanzhang.baidu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.nikefj.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Encoding: gzip\r\nContent-Length: 232\r\nContent-Type: text/javascript\r\nServer: bfe\r\nDate: Sun, 26 Oct 2025 20:01:16 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":281,"size_decoded":0,"mime_type":"text/javascript","magic":"ASCII text, with no line terminators","md5":"1bb5a3267c9865ad4abe8d937734b62b","sha1":"b5478dd2edb3e64242eced1db2dbd945ef81f592","sha256":"674bc0c70f98d627b8a7e1d278a1f21ffe33815565f7d5371bf0275da57571b2","sha512":"33318ed944a49a8fa334983408d68853b1fbe4f80b19adef6235f23d7708b616cd4f8dd28c8b8ebfbb5776aab8088229f3060cd789af34fe1db5038a98bd0d39","ssdeep":"","tlshash":"91d02be874a0c41c0ce710b17fab328cfab20b2755244d40c05b90013614b1f824bfe9","first_seen":"2023-03-07T01:02:09Z","last_seen":"2026-04-05T07:15:15.461149Z","times_seen":20923,"resource_available":true,"data":null}},"time_used":729,"timings":{"blocked":0,"dns":244,"connect":241,"send":0,"wait":243,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.szkqet.com/Skins/106778/images/arrows1.png","fqdn":"www.szkqet.com","domain":"szkqet.com","tld":"com"},"ip":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:15.706Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/106778/images/arrows1.png HTTP/1.1\r\nHost: www.szkqet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.nikefj.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nDate: Sun, 26 Oct 2025 20:01:18 GMT\r\nContent-Type: image/png\r\nContent-Length: 1360\r\nConnection: keep-alive\r\nLast-Modified: Tue, 17 Jun 2025 01:00:35 GMT\r\nAccept-Ranges: bytes\r\nETag: \"807b573b23dfdb1:0\"\r\nX-Powered-By: ASP.NET-115.4.176\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":1360,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced","md5":"ca18c3400f1ccb39f1b891a315f9a2b8","sha1":"ca6c69282f82f17db11a115bc1428308b30320e5","sha256":"a799ce0e4e9e26454e8950dabef8eb6725bfb96afd5ac732bbefe9395168d684","sha512":"353ee8aa7765a7d8194f9997950a7be2ec716f1a592d96c887949f6251f066126b2868ffee43f31867c74d5799c989e95281d8378f91a987d3adecf058c32cd4","ssdeep":"","tlshash":"842141defd74d881d5a5a49135f72517e8560e4082e0ac477d8bd012483b0e1b97d1ce","first_seen":"2023-07-08T23:43:21Z","last_seen":"2026-03-22T12:26:17.032611Z","times_seen":133,"resource_available":false,"data":null}},"time_used":2680,"timings":{"blocked":2355,"dns":0,"connect":0,"send":0,"wait":325,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:28Z","timestamp":1761508888,"ip_dst":{"addr":"172.18.0.23","port":49530,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:28.710501+0000\",\"flow_id\":258958577878512,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49530,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/arrows1.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1360},\"files\":[{\"filename\":\"/Skins/106778/images/arrows1.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":1360,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":17,\"pkts_toclient\":15,\"bytes_toserver\":1873,\"bytes_toclient\":16297,\"start\":\"2025-10-26T20:01:15.706032+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"test.xinxiyidiantong.com:2096/images/26_1.jpg","fqdn":"test.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":2096,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:18.186Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"test.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Sep 2025 17:37:28 GMT","end":"Thu, 18 Dec 2025 17:37:27 GMT"},"fingerprint":{"sha1":"49:77:AD:B5:81:DA:D5:0C:24:FA:23:20:4E:80:35:CD:A0:96:89:59","sha256":"9E:90:CA:DD:DC:87:7B:1F:4A:C6:35:F4:FB:99:B6:4D:0F:83:7F:E0:93:14:77:B4:9A:6B:AE:A0:35:0A:A3:DE"}}},"request":{"raw":"GET /images/26_1.jpg HTTP/1.1\r\nHost: test.xinxiyidiantong.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://test.xinxiyidiantong.com:2096/images/style1.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 26 Oct 2025 20:01:18 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 22936\r\nLast-Modified: Thu, 29 Sep 2022 10:16:32 GMT\r\nConnection: keep-alive\r\nETag: \"63357080-5998\"\r\nExpires: Tue, 25 Nov 2025 20:01:18 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":22936,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 350x80, components 3","md5":"ce42bf92c86c558c9b16045328f51abe","sha1":"8775d77ae4bfcb40285876e6e99c9fd238df4976","sha256":"627bdc513407920656341f0c334ef6eda80604e98f0f1b706960b76e25946095","sha512":"5dae7dfb4049db9988cae7ac255673eb754b5a5dbcd4a4c232bdde49b1cc6b6199f573379f5fa3a949e873b632c611185e6b1ae8b4b2d473700e34ede43f8c1c","ssdeep":"384:096JUHVMtZg3jGr23KkaFRLg4vjSu8jQShAr6HYEFaJip92nXpuwyD71NCLK2ihG:E6JU1MDgCDNFaMjvkmgkO92n5uwyD71E","tlshash":"77a2d0e7e64141ced83b7375be805f08f60f1726f2557edfd8a26677e2928d50444228","first_seen":"2023-05-07T19:08:48Z","last_seen":"2026-04-04T22:45:47.070459Z","times_seen":1351,"resource_available":false,"data":null}},"time_used":649,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":648,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.nikefj.com/Skins/106778/js/jquery-3.6.0.min.js","fqdn":"www.nikefj.com","domain":"nikefj.com","tld":"com"},"ip":{"addr":"104.165.182.5","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:12.255Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/106778/js/jquery-3.6.0.min.js HTTP/1.1\r\nHost: www.nikefj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.nikefj.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 26 Oct 2025 20:01:12 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":89404,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65535)","md5":"46831fe773a633cbc6b491e456a0b66b","sha1":"aa798cd2820d0a596821dd83ac8e96fe4b5792b3","sha256":"7bf3461bc9e57a4820571d7e417b644c7d30927fe07d9b6e9802fe6758feb6f7","sha512":"493d28fc7a7bf3ffe38814c89c647fc0da8b23efbd167fcba148a0b8a9f4eea2964ae0cf0e20dd8315d01037b15e3ea767b976783743d2113067e96bdbdb7f7d","ssdeep":"1536:ajExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiXYmQ1vo:aIh8GgP3hujzwbhdXXvxiDQ47GK/","tlshash":"3a9309ddb2c6702257a720ba007f510bf236199d6c4d8450f169d8eabc78a4e827bf7d","first_seen":"2025-07-14T20:47:05.285961Z","last_seen":"2026-03-28T16:48:59.25503Z","times_seen":20,"resource_available":true,"data":null}},"time_used":499,"timings":{"blocked":140,"dns":0,"connect":0,"send":0,"wait":194,"receive":165,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.szkqet.com/Skins/106778/images/banner1.jpg","fqdn":"www.szkqet.com","domain":"szkqet.com","tld":"com"},"ip":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:13.465Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/106778/images/banner1.jpg HTTP/1.1\r\nHost: www.szkqet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.nikefj.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nDate: Sun, 26 Oct 2025 20:01:15 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 346955\r\nConnection: keep-alive\r\nLast-Modified: Tue, 17 Jun 2025 01:53:20 GMT\r\nAccept-Ranges: bytes\r\nETag: \"028d4992adfdb1:0\"\r\nX-Powered-By: ASP.NET-115.4.176\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":41308,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x600, components 3","md5":"13ceaefb66a79178e7299e5a6a4f67e4","sha1":"b363c4660ed48226d4429778e1986e10d338e4a5","sha256":"e1276d52cc59b7397c8a63b594016514ea4c8e424cf9a4c487a1bd9e69efe05f","sha512":"1326faa90dff0c64635346e5e63b1c22ab56023fefc39e3627f28fb68516aa38f23e8cd0acacd34e621c8b2490555f2d32dd58044f4be85e2726fcf3e500d8c0","ssdeep":"768:XL5Qe03PkGtE/rh/A1hRfWD4UM1chYjvAwH/O5DZRW38:XL5Qe6kGtE/rshQ4jvAqWDZR9","tlshash":"9503f124bad3fe0690270474094f6fba6e208dcd1cdb6497a8af092271e3b51d640dfb","first_seen":"2025-10-26T20:02:00.842763Z","last_seen":"2025-10-26T20:02:00.842763Z","times_seen":1,"resource_available":false,"data":null}},"time_used":3204,"timings":{"blocked":-1,"dns":1991,"connect":300,"send":0,"wait":327,"receive":586,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:16Z","timestamp":1761508876,"ip_dst":{"addr":"172.18.0.23","port":49454,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:16.082582+0000\",\"flow_id\":1973404295754026,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49454,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/banner1.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":6556},\"files\":[{\"filename\":\"/Skins/106778/images/banner1.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":6556,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":8,\"bytes_toserver\":933,\"bytes_toclient\":8974,\"start\":\"2025-10-26T20:01:15.454954+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"test.xinxiyidiantong.com:2096/images/22_1.gif","fqdn":"test.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":2096,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:18.193Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"test.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Sep 2025 17:37:28 GMT","end":"Thu, 18 Dec 2025 17:37:27 GMT"},"fingerprint":{"sha1":"49:77:AD:B5:81:DA:D5:0C:24:FA:23:20:4E:80:35:CD:A0:96:89:59","sha256":"9E:90:CA:DD:DC:87:7B:1F:4A:C6:35:F4:FB:99:B6:4D:0F:83:7F:E0:93:14:77:B4:9A:6B:AE:A0:35:0A:A3:DE"}}},"request":{"raw":"GET /images/22_1.gif HTTP/1.1\r\nHost: test.xinxiyidiantong.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://test.xinxiyidiantong.com:2096/images/style1.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 26 Oct 2025 20:01:19 GMT\r\nContent-Type: image/gif\r\nContent-Length: 14290\r\nLast-Modified: Fri, 13 Jan 2023 09:40:20 GMT\r\nConnection: keep-alive\r\nETag: \"63c12704-37d2\"\r\nExpires: Tue, 25 Nov 2025 20:01:19 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14290,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 350 x 80, 8-bit/color RGBA, non-interlaced","md5":"3473d53acb1037a154514a47ba44a2ce","sha1":"db985acaed348db6ac7bdacab46a50fd2b140d1e","sha256":"be71401fdce27c9c6c57c14af09a70bc88ca400dc691c202e91f403a31ee696f","sha512":"26307d8c0c9bfa12f10860e78be678443c7776877e17f6c95c0721815acf3136d43c47f663ae895aaaa9cf7723150886682372bf90d4e8d2c241f78d199f7557","ssdeep":"384:lGM7rfgqqQELh1LojwCDo+j7KrG8eycfM1NyWVykBz6kk8VFm:7feth1Ofo67IPerMG8ekk8rm","tlshash":"4f52bfd4eba42975c49d6d02d35eeca46c9abf5a7033efaa83bdd485cd40492ac84902","first_seen":"2023-05-07T19:08:48Z","last_seen":"2026-04-04T22:45:47.059927Z","times_seen":882,"resource_available":false,"data":null}},"time_used":1626,"timings":{"blocked":1297,"dns":0,"connect":0,"send":0,"wait":327,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"nikefj.com/","fqdn":"nikefj.com","domain":"nikefj.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-26T20:01:10.620Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: nikefj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":189,"timings":{"blocked":189,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"img46.zyzhan.com/gxhpic_b06a05e3fa/464a78f1850ff6180bc704bfc4adc6bc958316397d67d5192f8f679697acb1a6812652b7edece6dd_500_500_5.jpg","fqdn":"img46.zyzhan.com","domain":"zyzhan.com","tld":"com"},"ip":{"addr":"36.99.2.72","port":80,"asn":139018,"as":"Henan Luoyang IDC","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:12.282Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /gxhpic_b06a05e3fa/464a78f1850ff6180bc704bfc4adc6bc958316397d67d5192f8f679697acb1a6812652b7edece6dd_500_500_5.jpg HTTP/1.1\r\nHost: img46.zyzhan.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.nikefj.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nServer: openresty\r\nDate: Sun, 26 Oct 2025 20:01:15 GMT\r\nContent-Type: text/html\r\nContent-Length: 166\r\nConnection: keep-alive\r\nLocation: https://img46.zyzhan.com/gxhpic_b06a05e3fa/464a78f1850ff6180bc704bfc4adc6bc958316397d67d5192f8f679697acb1a6812652b7edece6dd_500_500_5.jpg\r\nX-CCDN-REQ-ID-46B1: 44a5eb715210f20d3763b0634e62c61a\r\nvia: CHN-HAluoyang-AREACT3-CACHE52[5]\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":3692,"timings":{"blocked":993,"dns":2101,"connect":293,"send":0,"wait":304,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.szkqet.com/Skins/106778/images/hot.png","fqdn":"www.szkqet.com","domain":"szkqet.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:13.642Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/106778/images/hot.png HTTP/1.1\r\nHost: www.szkqet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.nikefj.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.szkqet.com/Skins/106778/images/morejt2.png","fqdn":"www.szkqet.com","domain":"szkqet.com","tld":"com"},"ip":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:15.848Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/106778/images/morejt2.png HTTP/1.1\r\nHost: www.szkqet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.nikefj.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nDate: Sun, 26 Oct 2025 20:01:18 GMT\r\nContent-Type: image/png\r\nContent-Length: 2742\r\nConnection: keep-alive\r\nLast-Modified: Tue, 17 Jun 2025 01:00:52 GMT\r\nAccept-Ranges: bytes\r\nETag: \"07a794523dfdb1:0\"\r\nX-Powered-By: ASP.NET-115.4.171\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":2742,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced","md5":"64d50a7e5f4df019d2d2aba0bde8cd28","sha1":"32535dbd6e969f1a42fc22335d1fb25449728b25","sha256":"2d784e9a870833dcf327f2d68353df0d0d4c19a056b66809da7a19718a002a17","sha512":"1b46780c3e1a88fa5bdc48adbf364a7f3662e386594dc6f11d99e6ca6fadaf949185cccf08343fd1ba668158a0a7cb237eabc3dd21a355a6df1cb983ce575461","ssdeep":"","tlshash":"4e510c0dfc6068515a4ef989d9fc924297b71fc08e6168499ecac8135d604f9cdcd9cb","first_seen":"2025-03-09T15:25:07.225187Z","last_seen":"2026-03-20T10:57:50.310609Z","times_seen":23,"resource_available":false,"data":null}},"time_used":2537,"timings":{"blocked":2213,"dns":0,"connect":0,"send":0,"wait":324,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:18Z","timestamp":1761508878,"ip_dst":{"addr":"172.18.0.23","port":49522,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:18.680541+0000\",\"flow_id\":1605299828671936,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49522,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/morejt2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2742},\"files\":[{\"filename\":\"/Skins/106778/images/morejt2.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2742,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":12,\"pkts_toclient\":10,\"bytes_toserver\":1928,\"bytes_toclient\":10565,\"start\":\"2025-10-26T20:01:15.705984+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.szkqet.com/Skins/106778/images/footli2.png","fqdn":"www.szkqet.com","domain":"szkqet.com","tld":"com"},"ip":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:15.859Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/106778/images/footli2.png HTTP/1.1\r\nHost: www.szkqet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.nikefj.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nDate: Sun, 26 Oct 2025 20:01:18 GMT\r\nContent-Type: image/png\r\nContent-Length: 2021\r\nConnection: keep-alive\r\nLast-Modified: Tue, 17 Jun 2025 01:00:46 GMT\r\nAccept-Ranges: bytes\r\nETag: \"0f3e54123dfdb1:0\"\r\nX-Powered-By: ASP.NET-115.4.173\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":2021,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 20 x 19, 8-bit/color RGBA, non-interlaced","md5":"85216bea28db82b74127839626f76f08","sha1":"459a6c52809a0a5d3485b681f88a40501c2845da","sha256":"0ad724a8fd924a3241f8d422a72cd4c570e36124cf8357bf537bdf4d190f6c5c","sha512":"78c4673ff22d694b12a5201221cd623f087ea17b5c44ce4df74e7b140ea44ea9b02a3294a4bc220005cdd3c689754d96afc2e29fea9e314f7ab2a165a432cd23","ssdeep":"","tlshash":"6841b489e9d12c406a4dfd4a29e94283aa7f46c4d7836445bcdec48759321bbec8d4c3","first_seen":"2025-03-09T15:25:07.222524Z","last_seen":"2026-03-20T10:57:50.31123Z","times_seen":26,"resource_available":false,"data":null}},"time_used":2527,"timings":{"blocked":2202,"dns":0,"connect":0,"send":0,"wait":325,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:28Z","timestamp":1761508888,"ip_dst":{"addr":"172.18.0.23","port":49500,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:28.710106+0000\",\"flow_id\":237002705061170,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49500,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/footli2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2021},\"files\":[{\"filename\":\"/Skins/106778/images/footli2.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2021,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":7,\"bytes_toserver\":1346,\"bytes_toclient\":5268,\"start\":\"2025-10-26T20:01:15.705842+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.szkqet.com/Skins/106778/images/banner2.jpg","fqdn":"www.szkqet.com","domain":"szkqet.com","tld":"com"},"ip":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:13.479Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/106778/images/banner2.jpg HTTP/1.1\r\nHost: www.szkqet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.nikefj.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nDate: Sun, 26 Oct 2025 20:01:15 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 284595\r\nConnection: keep-alive\r\nLast-Modified: Tue, 17 Jun 2025 01:53:20 GMT\r\nAccept-Ranges: bytes\r\nETag: \"028d4992adfdb1:0\"\r\nX-Powered-By: ASP.NET-115.4.175\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":42508,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x600, components 3","md5":"7053019039b171d46ed5aea5788fae5b","sha1":"acb82b52f988ad340d86994902c227c29194365e","sha256":"b8510e069c1fbb1f442ac6da5485d1cab01e714b58b3bb73d0a8355ed0f5d1a2","sha512":"d6f13cf4c6faf13180aafbe16ab2f82db36a301c0e7d238d7d6d24946e487655b34076950dc71222ca59e4d0bd2487feeb092b71fc6264f6dedd64d40a2bbf5c","ssdeep":"768:uLK6ydRjj09tdfvd34Yahu/1HFEOfuuwP9EEBhZQL3yXEi4:uL0Litxd1awZShg3A4","tlshash":"ca1302ebf9a9c5c3aa401d3458c8085971d7adf4c95cae8156590eb1eb881cfeedec0c","first_seen":"2025-10-26T20:02:00.847686Z","last_seen":"2025-10-26T20:02:00.847686Z","times_seen":1,"resource_available":false,"data":null}},"time_used":3190,"timings":{"blocked":-1,"dns":1977,"connect":297,"send":0,"wait":382,"receive":534,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:16Z","timestamp":1761508876,"ip_dst":{"addr":"172.18.0.23","port":49468,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:16.134595+0000\",\"flow_id\":834033223987576,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49468,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/banner2.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":6806},\"files\":[{\"filename\":\"/Skins/106778/images/banner2.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":6806,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":8,\"bytes_toserver\":909,\"bytes_toclient\":8726,\"start\":\"2025-10-26T20:01:15.455032+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.nikefj.com/Skins/106778/images/morejt.png","fqdn":"www.nikefj.com","domain":"nikefj.com","tld":"com"},"ip":{"addr":"104.165.182.5","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:15.295Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/106778/images/morejt.png HTTP/1.1\r\nHost: www.nikefj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.nikefj.com/Skins/106778/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 26 Oct 2025 20:01:15 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.szkqet.com/Skins/106778/images/morejt.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2464,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":189,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":189,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"test.xinxiyidiantong.com:2096/images/style1.css","fqdn":"test.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":2096,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:16.700Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"test.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Sep 2025 17:37:28 GMT","end":"Thu, 18 Dec 2025 17:37:27 GMT"},"fingerprint":{"sha1":"49:77:AD:B5:81:DA:D5:0C:24:FA:23:20:4E:80:35:CD:A0:96:89:59","sha256":"9E:90:CA:DD:DC:87:7B:1F:4A:C6:35:F4:FB:99:B6:4D:0F:83:7F:E0:93:14:77:B4:9A:6B:AE:A0:35:0A:A3:DE"}}},"request":{"raw":"GET /images/style1.css HTTP/1.1\r\nHost: test.xinxiyidiantong.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.nikefj.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 26 Oct 2025 20:01:17 GMT\r\nContent-Type: text/css\r\nLast-Modified: Mon, 24 Apr 2023 11:24:01 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"644666d1-2acf\"\r\nExpires: Sun, 26 Oct 2025 21:01:17 GMT\r\nCache-Control: max-age=3600\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10959,"size_decoded":0,"mime_type":"text/css","magic":"assembler source, ASCII text, with very long lines (465), with CRLF line terminators","md5":"9dcee9f3e3a9adc3a8fd044d18aff03a","sha1":"222a22156013ec694b2088c0a92e22e95cadfeb0","sha256":"53143bf9cab52824338170fc6c349fddcec4f52dd1cb999c83f7865365445d8a","sha512":"782456493e261dc963ab94961e51482abd496641b98dc345b87bd8f6d220abddc3b747fd3bad55aefc2d89435f82eccb5bb08438ad29379d05b1094c0c2445e9","ssdeep":"192:YttDBv+hilwO09z0GgvfmLkyGtKwk6NxCiGgxE3M3EEVuo0Kkzxl8AjnHI0rGLd4:YttDBoilwO09z0GgvfmLkyGtKwk6NxCp","tlshash":"48327b2b9340288f745bc77868d77599f639c064fe3dd95ea31a33a6422298e1037fc5","first_seen":"2023-05-06T09:29:06Z","last_seen":"2026-04-04T22:45:47.057064Z","times_seen":1714,"resource_available":false,"data":null}},"time_used":2399,"timings":{"blocked":1024,"dns":20,"connect":335,"send":0,"wait":337,"receive":0,"ssl":679},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"img53.zyzhan.com/gxhpic_b06a05e3fa/464a78f1850ff618c0ec6477156c8e3fe69347e5ad610a226be26bbdcadc9c70eb3bc0b2ba22b704_500_500_5.jpg","fqdn":"img53.zyzhan.com","domain":"zyzhan.com","tld":"com"},"ip":{"addr":"36.99.2.72","port":80,"asn":139018,"as":"Henan Luoyang IDC","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:12.279Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /gxhpic_b06a05e3fa/464a78f1850ff618c0ec6477156c8e3fe69347e5ad610a226be26bbdcadc9c70eb3bc0b2ba22b704_500_500_5.jpg HTTP/1.1\r\nHost: img53.zyzhan.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.nikefj.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nServer: openresty\r\nDate: Sun, 26 Oct 2025 20:01:16 GMT\r\nContent-Type: text/html\r\nContent-Length: 166\r\nConnection: keep-alive\r\nLocation: https://img53.zyzhan.com/gxhpic_b06a05e3fa/464a78f1850ff618c0ec6477156c8e3fe69347e5ad610a226be26bbdcadc9c70eb3bc0b2ba22b704_500_500_5.jpg\r\nX-CCDN-REQ-ID-46B1: 3b5109fa10cda250105f6e0b2c8f51ea\r\nvia: CHN-HAluoyang-AREACT3-CACHE27[15]\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":4034,"timings":{"blocked":996,"dns":2456,"connect":283,"send":0,"wait":299,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.nikefj.com/jquery.la.min.js","fqdn":"www.nikefj.com","domain":"nikefj.com","tld":"com"},"ip":{"addr":"104.165.182.5","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:16.701Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /jquery.la.min.js HTTP/1.1\r\nHost: www.nikefj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.nikefj.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 26 Oct 2025 20:01:16 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Fri, 18 Jul 2025 10:06:41 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"687a1cb1-555\"\r\nExpires: Sun, 26 Oct 2025 21:01:16 GMT\r\nCache-Control: max-age=3600\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1365,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (555)","md5":"26e9d4ef60bc32c7575fbcf8ecf4cf85","sha1":"3ca64e81d9271a8ef2a8e08a9ca2eac1f2c7553c","sha256":"d45afdd22e0130a5eea6e6c3c1db7899202330525fb75fe3146a67860eb6ea27","sha512":"208b7d1f115d58478f12b6024f5c1ae85199b9eff135f02db68f9d37c8e827bff4bb9052b15cf2405bfa885057339dbb0a1a9e78317f9090fe7a6979747903f4","ssdeep":"","tlshash":"2f21e15f7c05e2245766293927bbd99ce9ae5036100ee80654dec46c7d38ff9042ab4d","first_seen":"2024-08-20T10:36:58.444862Z","last_seen":"2026-01-19T16:30:53.0792Z","times_seen":26,"resource_available":true,"data":null}},"time_used":164,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":164,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"collect-v6.51.la/v6/collect?dt=4","fqdn":"collect-v6.51.la","domain":"51.la","tld":"la"},"ip":{"addr":"43.174.227.41","port":80,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:18.654Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"POST /v6/collect?dt=4 HTTP/1.1\r\nHost: collect-v6.51.la\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Length: 386\r\nOrigin: http://www.nikefj.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.nikefj.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 211 Unknown Status\r\nVary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nAccess-Control-Allow-Origin: http://www.nikefj.com\r\nAccess-Control-Allow-Credentials: true\r\nServer: TencentEdgeOne\r\nContent-Length: 0\r\nConnection: keep-alive\r\nDate: Sun, 26 Oct 2025 20:01:18 GMT\r\nEO-LOG-UUID: 10523002717238210645\r\nEO-Cache-Status: MISS\r\n\r\n","headers":null,"cookies":null,"status_code":"211","status_text":"Unknown Status","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":291,"timings":{"blocked":20,"dns":1,"connect":19,"send":0,"wait":250,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.szkqet.com/skins/106778/images/ewm.jpg","fqdn":"www.szkqet.com","domain":"szkqet.com","tld":"com"},"ip":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:13.463Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/106778/images/ewm.jpg HTTP/1.1\r\nHost: www.szkqet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.nikefj.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nDate: Sun, 26 Oct 2025 20:01:15 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 19996\r\nConnection: keep-alive\r\nLast-Modified: Tue, 17 Jun 2025 01:01:01 GMT\r\nAccept-Ranges: bytes\r\nETag: \"80c4d64a23dfdb1:0\"\r\nX-Powered-By: ASP.NET-115.4.173\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":19996,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 150x150, components 3","md5":"59aba4c26da2a5ab0e9379ed28809b57","sha1":"9d282ed1935908bac853381dd4c5b8f447b216b7","sha256":"ad0aa0bd1837a72306a2f39fc12e3b5d1fe52c0c9d109c395aa1df19c6a15b6f","sha512":"622fbb0b484955d95977a08720913b6cd1cff177f5a5e842dfb18c0e2edab2cfc81796ba87f71ae0c76f9a85e85158112a2576560b1d8933fe388156f175ce21","ssdeep":"384:sndkt6ECifHcWjW0VrkWvuo6KfhAqloUJHCjsXYhELCHmiDvvvZ:xE88WjWg5vWaloACiLwt","tlshash":"e892df1dfa9b32fb9621c5b9bfca14408b848bd38b639190acc8d427ce9598224324c7","first_seen":"2025-10-26T20:02:00.811816Z","last_seen":"2025-11-23T20:31:21.883909Z","times_seen":2,"resource_available":false,"data":null}},"time_used":2847,"timings":{"blocked":-1,"dns":1992,"connect":275,"send":0,"wait":305,"receive":275,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:16Z","timestamp":1761508876,"ip_dst":{"addr":"172.18.0.23","port":49444,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:16.034218+0000\",\"flow_id\":1237218983932114,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49444,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/skins/106778/images/ewm.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":6806},\"files\":[{\"filename\":\"/skins/106778/images/ewm.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":6806,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":8,\"bytes_toserver\":905,\"bytes_toclient\":8726,\"start\":\"2025-10-26T20:01:15.454866+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.szkqet.com/Skins/106778/images/artico.png","fqdn":"www.szkqet.com","domain":"szkqet.com","tld":"com"},"ip":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:15.855Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/106778/images/artico.png HTTP/1.1\r\nHost: www.szkqet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.nikefj.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nDate: Sun, 26 Oct 2025 20:01:18 GMT\r\nContent-Type: image/png\r\nContent-Length: 2706\r\nConnection: keep-alive\r\nLast-Modified: Tue, 17 Jun 2025 01:00:35 GMT\r\nAccept-Ranges: bytes\r\nETag: \"807b573b23dfdb1:0\"\r\nX-Powered-By: ASP.NET-115.4.174\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":2706,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 26 x 30, 8-bit/color RGBA, non-interlaced","md5":"673e1e71335d50688414e84e7ec3ac8d","sha1":"184273452c6334cc20127b7c8a5e0110fca90719","sha256":"93cb041e55b0b50b58477084dd5a742f490a1ffaf20ee7b121687604c6f5a717","sha512":"1a4553c4c2348911d21da0c64cead29c7f31484a952841076893fa94acffca9b55d092424b5eeb31aff36b4b3a433838554ee531e07861ad2297fb8b5a7d88ae","ssdeep":"","tlshash":"94516106f8a1ac44551df18996fca24357b34ed48ed2285daecd8c020d609edcd8d9e7","first_seen":"2025-03-09T15:25:07.240412Z","last_seen":"2026-03-20T10:57:50.321321Z","times_seen":23,"resource_available":false,"data":null}},"time_used":2743,"timings":{"blocked":2475,"dns":0,"connect":0,"send":0,"wait":268,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T20:01:28Z","timestamp":1761508888,"ip_dst":{"addr":"172.18.0.23","port":49514,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.104.145.44","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-26T20:01:28.975737+0000\",\"flow_id\":1644330343974288,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.104.145.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49514,\"proto\":\"TCP\",\"tx_id\":4,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.szkqet.com\",\"url\":\"/Skins/106778/images/artico.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.nikefj.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2706},\"files\":[{\"filename\":\"/Skins/106778/images/artico.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2706,\"tx_id\":4}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":20,\"pkts_toclient\":19,\"bytes_toserver\":3274,\"bytes_toclient\":19072,\"start\":\"2025-10-26T20:01:15.705936+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.nikefj.com/Skins/106778/images/footli1.png","fqdn":"www.nikefj.com","domain":"nikefj.com","tld":"com"},"ip":{"addr":"104.165.182.5","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.nikefj.com/","date":"2025-10-26T20:01:15.317Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/106778/images/footli1.png HTTP/1.1\r\nHost: www.nikefj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.nikefj.com/Skins/106778/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 26 Oct 2025 20:01:15 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.szkqet.com/Skins/106778/images/footli1.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2749,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":518,"timings":{"blocked":335,"dns":0,"connect":0,"send":0,"wait":183,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}