{"report_id":"c1e213e7-ef01-4e7c-b548-ae4f817f9d39","version":6,"status":"done","tags":[],"date":"2026-03-04T16:09:21Z","url":{"schema":"http","addr":"mtn-nigeria-prod.mfilterit.org/sid/234102200007344?origin_banner=2\u0026trfSrc=GoldenGoose\u0026trxId=74022029\u0026MSISDN=\u0026pubid=","fqdn":"mtn-nigeria-prod.mfilterit.org","domain":"mfilterit.org","tld":"org"},"ip":{"addr":"13.233.241.77","port":0,"asn":16509,"as":"AMAZON-02","country":"India","country_code":"IN"},"final":{"url":{"schema":"http","addr":"mtn-nigeria-prod.mfilterit.org/sid-main/234102200007344/?origin_banner=2\u0026trfSrc=GoldenGoose\u0026trxId=74022029\u0026MSISDN=\u0026pubid=","fqdn":"mtn-nigeria-prod.mfilterit.org","domain":"mfilterit.org","tld":"org"},"title":"VidHub GamerHeaven","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"mtn-nigeria-prod.mfilterit.org/sid/234102200007344?origin_banner=2\u0026trfSrc=GoldenGoose\u0026trxId=74022029\u0026MSISDN=\u0026pubid=","fqdn":"mtn-nigeria-prod.mfilterit.org","domain":"mfilterit.org","tld":"org"},"ip":{"addr":"13.233.241.77","port":0,"asn":16509,"as":"AMAZON-02","country":"India","country_code":"IN"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-08T16:09:21Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":8,"urlquery":0,"analyzer":0}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-04T16:09:11Z","timestamp":1772640551,"ip_dst":{"addr":"Client IP","port":47152,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"13.203.185.59","port":80,"asn":16509,"as":"AMAZON-02","country":"India","country_code":"IN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-04T16:09:11.728320+0000\",\"flow_id\":2010941690284160,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"13.203.185.59\",\"src_port\":80,\"dest_ip\":\"172.18.0.49\",\"dest_port\":47152,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"mtn-nigeria-prod.mfilterit.org\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":30},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":30,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":4,\"bytes_toserver\":633,\"bytes_toclient\":956,\"start\":\"2026-03-04T16:09:01.198784+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-04T16:09:12Z","timestamp":1772640552,"ip_dst":{"addr":"Client IP","port":47162,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"13.203.185.59","port":80,"asn":16509,"as":"AMAZON-02","country":"India","country_code":"IN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-04T16:09:12.001624+0000\",\"flow_id\":688995853778923,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"13.203.185.59\",\"src_port\":80,\"dest_ip\":\"172.18.0.49\",\"dest_port\":47162,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"mtn-nigeria-prod.mfilterit.org\",\"url\":\"/sid/234102200007344?origin_banner=2\u0026trfSrc=GoldenGoose\u0026trxId=74022029\u0026MSISDN=\u0026pubid=\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"/sid-main/234102200007344/?origin_banner=2\u0026trfSrc=GoldenGoose\u0026trxId=74022029\u0026MSISDN=\u0026pubid=\",\"length\":136},\"files\":[{\"filename\":\"/sid/234102200007344\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":136,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":4,\"bytes_toserver\":837,\"bytes_toclient\":1135,\"start\":\"2026-03-04T16:09:01.573419+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-04T16:09:16Z","timestamp":1772640556,"ip_dst":{"addr":"Client IP","port":47162,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"13.203.185.59","port":80,"asn":16509,"as":"AMAZON-02","country":"India","country_code":"IN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-04T16:09:16.449984+0000\",\"flow_id\":688995853778923,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"13.203.185.59\",\"src_port\":80,\"dest_ip\":\"172.18.0.49\",\"dest_port\":47162,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"mtn-nigeria-prod.mfilterit.org\",\"url\":\"/sid-main/234102200007344/?origin_banner=2\u0026trfSrc=GoldenGoose\u0026trxId=74022029\u0026MSISDN=\u0026pubid=\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":6551},\"files\":[{\"filename\":\"/sid-main/234102200007344/\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":8192,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":11,\"pkts_toclient\":10,\"bytes_toserver\":1738,\"bytes_toclient\":10219,\"start\":\"2026-03-04T16:09:01.573419+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-04T16:09:16Z","timestamp":1772640556,"ip_dst":{"addr":"Client IP","port":44488,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"13.203.185.59","port":80,"asn":16509,"as":"AMAZON-02","country":"India","country_code":"IN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-04T16:09:16.829002+0000\",\"flow_id\":1808225677366900,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"13.203.185.59\",\"src_port\":80,\"dest_ip\":\"172.18.0.49\",\"dest_port\":44488,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"mtn-nigeria-prod.mfilterit.org\",\"url\":\"/sid-he.css\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://mtn-nigeria-prod.mfilterit.org/sid-main/234102200007344/?origin_banner=2\u0026trfSrc=GoldenGoose\u0026trxId=74022029\u0026MSISDN=\u0026pubid=\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":739,\"bytes_toclient\":2442,\"start\":\"2026-03-04T16:09:16.546420+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-04T16:09:16Z","timestamp":1772640556,"ip_dst":{"addr":"Client IP","port":44478,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"13.203.185.59","port":80,"asn":16509,"as":"AMAZON-02","country":"India","country_code":"IN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-04T16:09:16.829997+0000\",\"flow_id\":569722465438607,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"13.203.185.59\",\"src_port\":80,\"dest_ip\":\"172.18.0.49\",\"dest_port\":44478,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"mtn-nigeria-prod.mfilterit.org\",\"url\":\"/js/mfilter.bundle.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://mtn-nigeria-prod.mfilterit.org/sid-main/234102200007344/?origin_banner=2\u0026trfSrc=GoldenGoose\u0026trxId=74022029\u0026MSISDN=\u0026pubid=\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":6519},\"files\":[{\"filename\":\"/js/mfilter.bundle.js\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":8192,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":8,\"bytes_toserver\":998,\"bytes_toclient\":9224,\"start\":\"2026-03-04T16:09:16.543631+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-04T16:09:16Z","timestamp":1772640556,"ip_dst":{"addr":"Client IP","port":44466,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"13.203.185.59","port":80,"asn":16509,"as":"AMAZON-02","country":"India","country_code":"IN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-04T16:09:16.831736+0000\",\"flow_id\":1616994405988918,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"13.203.185.59\",\"src_port\":80,\"dest_ip\":\"172.18.0.49\",\"dest_port\":44466,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"mtn-nigeria-prod.mfilterit.org\",\"url\":\"/js/session-recording-script.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://mtn-nigeria-prod.mfilterit.org/sid-main/234102200007344/?origin_banner=2\u0026trfSrc=GoldenGoose\u0026trxId=74022029\u0026MSISDN=\u0026pubid=\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":744,\"bytes_toclient\":2456,\"start\":\"2026-03-04T16:09:16.539190+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-04T16:09:17Z","timestamp":1772640557,"ip_dst":{"addr":"Client IP","port":44478,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"13.203.185.59","port":80,"asn":16509,"as":"AMAZON-02","country":"India","country_code":"IN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-04T16:09:17.378344+0000\",\"flow_id\":569722465438607,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"13.203.185.59\",\"src_port\":80,\"dest_ip\":\"172.18.0.49\",\"dest_port\":44478,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"mtn-nigeria-prod.mfilterit.org\",\"url\":\"/js/mfilter.bundle.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://mtn-nigeria-prod.mfilterit.org/sid-main/234102200007344/?origin_banner=2\u0026trfSrc=GoldenGoose\u0026trxId=74022029\u0026MSISDN=\u0026pubid=\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":55999},\"files\":[{\"filename\":\"/js/mfilter.bundle.js\",\"sid\":[],\"gaps\":false,\"state\":\"TRUNCATED\",\"stored\":false,\"size\":102400,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":24,\"pkts_toclient\":43,\"bytes_toserver\":2529,\"bytes_toclient\":60288,\"start\":\"2026-03-04T16:09:16.543631+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-04T16:09:17Z","timestamp":1772640557,"ip_dst":{"addr":"Client IP","port":44466,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"13.203.185.59","port":80,"asn":16509,"as":"AMAZON-02","country":"India","country_code":"IN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-04T16:09:17.512247+0000\",\"flow_id\":1616994405988918,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"13.203.185.59\",\"src_port\":80,\"dest_ip\":\"172.18.0.49\",\"dest_port\":44466,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"mtn-nigeria-prod.mfilterit.org\",\"url\":\"/js/session-recording-script.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://mtn-nigeria-prod.mfilterit.org/sid-main/234102200007344/?origin_banner=2\u0026trfSrc=GoldenGoose\u0026trxId=74022029\u0026MSISDN=\u0026pubid=\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":54975},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":24,\"pkts_toclient\":42,\"bytes_toserver\":2735,\"bytes_toclient\":58478,\"start\":\"2026-03-04T16:09:16.539190+0000\"}}"}],"analyzer":null,"urlquery":null},"summary":[{"fqdn":"mtn-nigeria-prod.mfilterit.org","ip":{"addr":"13.203.185.59","port":80,"asn":16509,"as":"AMAZON-02","country":"India","country_code":"IN"},"domain_registered":"2022-01-17","domain_rank":0,"first_seen":"2025-09-15T05:54:50.747207Z","last_seen":"2026-02-25T11:55:54.329023Z","alert_count":9,"request_count":8,"received_data":647096,"sent_data":4052,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"dedault.mfilterit.net","ip":{"addr":"52.84.50.55","port":80,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2018-07-18","domain_rank":0,"first_seen":"2026-02-22T01:17:27.986734Z","last_seen":"2026-03-01T02:07:07.828458Z","alert_count":0,"request_count":5,"received_data":76764,"sent_data":2192,"comment":"","tags":null,"fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}]},{"fqdn":"session-recording.mfilterit.org","ip":{"addr":"3.7.199.28","port":443,"asn":16509,"as":"AMAZON-02","country":"India","country_code":"IN"},"domain_registered":"2022-01-17","domain_rank":0,"first_seen":"2025-10-07T20:02:03.757744Z","last_seen":"2026-02-27T17:40:52.882756Z","alert_count":0,"request_count":1,"received_data":281,"sent_data":692,"comment":"","tags":null,"fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"mtn-nigeria-prod.mfilterit.org/js/mfilter.bundle.js","fqdn":"mtn-nigeria-prod.mfilterit.org","domain":"mfilterit.org","tld":"org"},"ip":{"addr":"13.203.185.59","port":80,"asn":16509,"as":"AMAZON-02","country":"India","country_code":"IN"},"introduction_type":"scriptElement","is_inline":false,"md5":"e50efcc86df3e8ed7b81495217d6cd64","sha1":"f40de18e5e7d6b302a51bbf116b10884489c7ced","sha256":"e71cc7586ce574e5e83fad61b9d710d8a16d554d5690ba6d83fff983df76b4be","sha512":"45592f2a73f232cd838a0c0096c046ffc1ad6a65f4c6baa7701a008bdfa8e5ea7b3a12ac8d8b97f39b201f8fee359dda684810af16c6092cf3fb82d0f3c9f728","ssdeep":"1536:QPtNPU9ArHMdb8nqN3xVIv0DHqeDHQ+TfRnnJtetp+rjFeNMJBiXc4aoXAFi2Qir:SqvVuUn/apWPiKfYi","tlshash":"fef36cc5b2d6b05543b328e5043f6007b23e3d25690d8c40f626d5dabca999ad23bf7e","size":159579,"data":"","first_seen":"2026-02-27T17:40:54.889228Z","last_seen":"2026-03-17T22:43:36.656072Z","times_seen":67,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-04T16:09:16Z","timestamp":1772640556,"ip_dst":{"addr":"172.18.0.49","port":44478,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"13.203.185.59","port":80,"asn":16509,"as":"AMAZON-02","country":"India","country_code":"IN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-04T16:09:16.829997+0000\",\"flow_id\":569722465438607,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"13.203.185.59\",\"src_port\":80,\"dest_ip\":\"172.18.0.49\",\"dest_port\":44478,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"mtn-nigeria-prod.mfilterit.org\",\"url\":\"/js/mfilter.bundle.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://mtn-nigeria-prod.mfilterit.org/sid-main/234102200007344/?origin_banner=2\u0026trfSrc=GoldenGoose\u0026trxId=74022029\u0026MSISDN=\u0026pubid=\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":6519},\"files\":[{\"filename\":\"/js/mfilter.bundle.js\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":8192,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":8,\"bytes_toserver\":998,\"bytes_toclient\":9224,\"start\":\"2026-03-04T16:09:16.543631+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-04T16:09:17Z","timestamp":1772640557,"ip_dst":{"addr":"172.18.0.49","port":44478,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"13.203.185.59","port":80,"asn":16509,"as":"AMAZON-02","country":"India","country_code":"IN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-04T16:09:17.378344+0000\",\"flow_id\":569722465438607,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"13.203.185.59\",\"src_port\":80,\"dest_ip\":\"172.18.0.49\",\"dest_port\":44478,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"mtn-nigeria-prod.mfilterit.org\",\"url\":\"/js/mfilter.bundle.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://mtn-nigeria-prod.mfilterit.org/sid-main/234102200007344/?origin_banner=2\u0026trfSrc=GoldenGoose\u0026trxId=74022029\u0026MSISDN=\u0026pubid=\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":55999},\"files\":[{\"filename\":\"/js/mfilter.bundle.js\",\"sid\":[],\"gaps\":false,\"state\":\"TRUNCATED\",\"stored\":false,\"size\":102400,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":24,\"pkts_toclient\":43,\"bytes_toserver\":2529,\"bytes_toclient\":60288,\"start\":\"2026-03-04T16:09:16.543631+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"mtn-nigeria-prod.mfilterit.org/js/session-recording-script.js","fqdn":"mtn-nigeria-prod.mfilterit.org","domain":"mfilterit.org","tld":"org"},"ip":{"addr":"13.203.185.59","port":80,"asn":16509,"as":"AMAZON-02","country":"India","country_code":"IN"},"introduction_type":"scriptElement","is_inline":false,"md5":"2e4b0e1a7b38a002b1e276d49251a396","sha1":"47a4586408612969ba2f1d5422b10b369bc8d15f","sha256":"a9236a2788d3401e907f96d1076727db6cd4ee8a04d1459cd3c42c68d44c324a","sha512":"6e774fbf1853503ec869c6cd597eabb530b8f37370c0186e37abf1788761297c0296824dff5bbe72e286ca3fc7272aa905f9e9209e70cc1b35cbd1df0170df9d","ssdeep":"3072:9xw1O+NulJveU/tjALjQyoyXQtbcxFwyhld05:Dw1O+BgALDXQtbcxFwQlq5","tlshash":"86345f8a2af72432a613b07d4e2fc1053a31940f2949fd583e9c92a45f5c83d56f6fe9","size":235844,"data":"","first_seen":"2025-10-07T20:02:08.061011Z","last_seen":"2026-03-25T03:02:28.140887Z","times_seen":3398,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-04T16:09:16Z","timestamp":1772640556,"ip_dst":{"addr":"172.18.0.49","port":44466,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"13.203.185.59","port":80,"asn":16509,"as":"AMAZON-02","country":"India","country_code":"IN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-04T16:09:16.831736+0000\",\"flow_id\":1616994405988918,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"13.203.185.59\",\"src_port\":80,\"dest_ip\":\"172.18.0.49\",\"dest_port\":44466,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"mtn-nigeria-prod.mfilterit.org\",\"url\":\"/js/session-recording-script.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://mtn-nigeria-prod.mfilterit.org/sid-main/234102200007344/?origin_banner=2\u0026trfSrc=GoldenGoose\u0026trxId=74022029\u0026MSISDN=\u0026pubid=\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":744,\"bytes_toclient\":2456,\"start\":\"2026-03-04T16:09:16.539190+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-04T16:09:17Z","timestamp":1772640557,"ip_dst":{"addr":"172.18.0.49","port":44466,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"13.203.185.59","port":80,"asn":16509,"as":"AMAZON-02","country":"India","country_code":"IN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-04T16:09:17.512247+0000\",\"flow_id\":1616994405988918,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"13.203.185.59\",\"src_port\":80,\"dest_ip\":\"172.18.0.49\",\"dest_port\":44466,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"mtn-nigeria-prod.mfilterit.org\",\"url\":\"/js/session-recording-script.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://mtn-nigeria-prod.mfilterit.org/sid-main/234102200007344/?origin_banner=2\u0026trfSrc=GoldenGoose\u0026trxId=74022029\u0026MSISDN=\u0026pubid=\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":54975},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":24,\"pkts_toclient\":42,\"bytes_toserver\":2735,\"bytes_toclient\":58478,\"start\":\"2026-03-04T16:09:16.539190+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"mtn-nigeria-prod.mfilterit.org/sid-main/234102200007344/?origin_banner=2\u0026trfSrc=GoldenGoose\u0026trxId=74022029\u0026MSISDN=\u0026pubid=","fqdn":"mtn-nigeria-prod.mfilterit.org","domain":"mfilterit.org","tld":"org"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"6ce21fb397824bfc9d6bdf408ad1f310","sha1":"50784ee1ea9e60b48783c6d71b8555415691ca82","sha256":"1e98f86f72c2ca814b76e6a8b99000ece2be7b2ef80a6a1c47371658d65d64d3","sha512":"6d3348e2f3c5347bfa476adb92d90ab5e93fe6185d5375b7977bb8efa54444e0e1c6dd87f733c7e308c5a4f1307097506e6d72fd34205e845dc156d3d9b52e96","ssdeep":"96:SyoCMSSIaZWZ2izMRNjsN5IF4CGA4Caiay:/XPaIUizMXkfCuiay","tlshash":"37b125686973003024fb226f837bbe85b5f9512bca42dd8d384ec9c90fc09e452977e9","size":5518,"data":"","first_seen":"2026-01-12T08:39:03.012666Z","last_seen":"2026-04-04T05:55:23.499777Z","times_seen":924,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-04T16:09:16Z","timestamp":1772640556,"ip_dst":{"addr":"172.18.0.49","port":47162,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"13.203.185.59","port":80,"asn":16509,"as":"AMAZON-02","country":"India","country_code":"IN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-04T16:09:16.449984+0000\",\"flow_id\":688995853778923,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"13.203.185.59\",\"src_port\":80,\"dest_ip\":\"172.18.0.49\",\"dest_port\":47162,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"mtn-nigeria-prod.mfilterit.org\",\"url\":\"/sid-main/234102200007344/?origin_banner=2\u0026trfSrc=GoldenGoose\u0026trxId=74022029\u0026MSISDN=\u0026pubid=\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":6551},\"files\":[{\"filename\":\"/sid-main/234102200007344/\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":8192,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":11,\"pkts_toclient\":10,\"bytes_toserver\":1738,\"bytes_toclient\":10219,\"start\":\"2026-03-04T16:09:01.573419+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"mtn-nigeria-prod.mfilterit.org/sid-main/234102200007344/?origin_banner=2\u0026trfSrc=GoldenGoose\u0026trxId=74022029\u0026MSISDN=\u0026pubid=","fqdn":"mtn-nigeria-prod.mfilterit.org","domain":"mfilterit.org","tld":"org"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"fac46f37cc1de240e1d8956452ea2a81","sha1":"e717c04ef9b3489ae10863f7002e0f3eecaaa6d2","sha256":"8108e9cd74d69080f7c4203edf7b035c535dcdf5a79cc9b58ba2f306a79a334f","sha512":"9e09527cf8be80f94959d743c1cff94d6213909ea8ca7a055cc3a8345348823d09deef615249b5d439a4169db3e4b8e9d413526530cd203af10f90c6cdbd0521","ssdeep":"","tlshash":"81d02e9fb1a20df03afb31b7201963c63832824309010a05be2c8ea08f12e02d1bb760","size":268,"data":"","first_seen":"2026-01-20T16:50:14.368645Z","last_seen":"2026-04-04T05:55:23.504158Z","times_seen":770,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-04T16:09:16Z","timestamp":1772640556,"ip_dst":{"addr":"172.18.0.49","port":47162,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"13.203.185.59","port":80,"asn":16509,"as":"AMAZON-02","country":"India","country_code":"IN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-04T16:09:16.449984+0000\",\"flow_id\":688995853778923,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"13.203.185.59\",\"src_port\":80,\"dest_ip\":\"172.18.0.49\",\"dest_port\":47162,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"mtn-nigeria-prod.mfilterit.org\",\"url\":\"/sid-main/234102200007344/?origin_banner=2\u0026trfSrc=GoldenGoose\u0026trxId=74022029\u0026MSISDN=\u0026pubid=\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":6551},\"files\":[{\"filename\":\"/sid-main/234102200007344/\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":8192,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":11,\"pkts_toclient\":10,\"bytes_toserver\":1738,\"bytes_toclient\":10219,\"start\":\"2026-03-04T16:09:01.573419+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"mtn-nigeria-prod.mfilterit.org/sid-main/234102200007344/?origin_banner=2\u0026trfSrc=GoldenGoose\u0026trxId=74022029\u0026MSISDN=\u0026pubid=","fqdn":"mtn-nigeria-prod.mfilterit.org","domain":"mfilterit.org","tld":"org"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"6b8c7b706c35b802bd23371d37f8ee1b","sha1":"70adccc17df2866d46591ffd21a6258cacb93528","sha256":"7c2ebaf28f958de064f9edf99a2ca60c14b55cde8f88090289af109dad16d1b8","sha512":"f5d65538aa045dc62baa2b28acfaf22b31ccc43fd4b83d1e255baa15b9b8723429c9965f90ba06445c91fe0f37de1cf434863847d62cd64c66115e0164bb83ef","ssdeep":"192:x7ckZnzxm7wkZVvmr+ywiR34zcAJMd4YvF6ss8tp2glzC/XJLi:x7xnz07FVmfH9toJXk","tlshash":"0cf1ffa56db6493106af32fb1bdbb4c5b631540711c0d88279dd8b491f80a58eb733ee","size":8100,"data":"","first_seen":"2026-03-04T16:09:22.607907Z","last_seen":"2026-03-04T16:09:22.607907Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-04T16:09:16Z","timestamp":1772640556,"ip_dst":{"addr":"172.18.0.49","port":47162,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"13.203.185.59","port":80,"asn":16509,"as":"AMAZON-02","country":"India","country_code":"IN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-04T16:09:16.449984+0000\",\"flow_id\":688995853778923,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"13.203.185.59\",\"src_port\":80,\"dest_ip\":\"172.18.0.49\",\"dest_port\":47162,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"mtn-nigeria-prod.mfilterit.org\",\"url\":\"/sid-main/234102200007344/?origin_banner=2\u0026trfSrc=GoldenGoose\u0026trxId=74022029\u0026MSISDN=\u0026pubid=\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":6551},\"files\":[{\"filename\":\"/sid-main/234102200007344/\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":8192,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":11,\"pkts_toclient\":10,\"bytes_toserver\":1738,\"bytes_toclient\":10219,\"start\":\"2026-03-04T16:09:01.573419+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"mtn-nigeria-prod.mfilterit.org/sid-main/234102200007344/?origin_banner=2\u0026trfSrc=GoldenGoose\u0026trxId=74022029\u0026MSISDN=\u0026pubid=","fqdn":"mtn-nigeria-prod.mfilterit.org","domain":"mfilterit.org","tld":"org"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"9e8a6a475d9097413d301058e8d2ef2f","sha1":"7b2c8ae6a1a776f91d419897d96b8742bd8119b3","sha256":"785254e9914d0d94ceea2da20fa546e2fdac5d9652f4930bbe4b89d149d35a58","sha512":"6c895966bf6bde85621f0bf49b1378fb341e01643634e8d0e5a30ecd1c6c18344272a2456fcf1820ff908d7888ee939d7544de2c60fbc5814f23fe2a6b053842","ssdeep":"","tlshash":"5051ac7c59a6203588abe0176b4f7a423d25ae336341e50a388e170d1f44f1ac4a9fef","size":2479,"data":"","first_seen":"2026-03-04T16:09:22.609059Z","last_seen":"2026-03-04T16:09:22.609059Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-04T16:09:16Z","timestamp":1772640556,"ip_dst":{"addr":"172.18.0.49","port":47162,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"13.203.185.59","port":80,"asn":16509,"as":"AMAZON-02","country":"India","country_code":"IN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-04T16:09:16.449984+0000\",\"flow_id\":688995853778923,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"13.203.185.59\",\"src_port\":80,\"dest_ip\":\"172.18.0.49\",\"dest_port\":47162,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"mtn-nigeria-prod.mfilterit.org\",\"url\":\"/sid-main/234102200007344/?origin_banner=2\u0026trfSrc=GoldenGoose\u0026trxId=74022029\u0026MSISDN=\u0026pubid=\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":6551},\"files\":[{\"filename\":\"/sid-main/234102200007344/\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":8192,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":11,\"pkts_toclient\":10,\"bytes_toserver\":1738,\"bytes_toclient\":10219,\"start\":\"2026-03-04T16:09:01.573419+0000\"}}"}],"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"mtn-nigeria-prod.mfilterit.org/sid/234102200007344?origin_banner=2\u0026trfSrc=GoldenGoose\u0026trxId=74022029\u0026MSISDN=\u0026pubid=","fqdn":"mtn-nigeria-prod.mfilterit.org","domain":"mfilterit.org","tld":"org"},"ip":{"addr":"13.203.185.59","port":80,"asn":16509,"as":"AMAZON-02","country":"India","country_code":"IN"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-04T16:09:01.573Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /sid/234102200007344?origin_banner=2\u0026trfSrc=GoldenGoose\u0026trxId=74022029\u0026MSISDN=\u0026pubid= HTTP/1.1\r\nHost: mtn-nigeria-prod.mfilterit.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nDate: Wed, 04 Mar 2026 16:09:01 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 136\r\nConnection: keep-alive\r\nCache-Control: no-store, no-cache, must-revalidate, proxy-revalidate\r\nPragma: no-cache\r\nExpires: 0\r\nSurrogate-Control: no-store\r\nStrict-Transport-Security: max-age=0\r\nUpgrade-Insecure-Requests: 0\r\nContent-Security-Policy: default-src 'self' data: blob: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *; style-src 'self' 'unsafe-inline' data: *; img-src 'self' data: blob: *\r\nX-Frame-Options: SAMEORIGIN\r\nReferrer-Policy: unsafe-url\r\nLocation: /sid-main/234102200007344/?origin_banner=2\u0026trfSrc=GoldenGoose\u0026trxId=74022029\u0026MSISDN=\u0026pubid=\r\nVary: Accept, Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T13:49:31.916752Z","times_seen":13333799,"resource_available":true,"data":null}},"time_used":425,"timings":{"blocked":141,"dns":1,"connect":140,"send":0,"wait":141,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-04T16:09:12Z","timestamp":1772640552,"ip_dst":{"addr":"172.18.0.49","port":47162,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"13.203.185.59","port":80,"asn":16509,"as":"AMAZON-02","country":"India","country_code":"IN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-04T16:09:12.001624+0000\",\"flow_id\":688995853778923,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"13.203.185.59\",\"src_port\":80,\"dest_ip\":\"172.18.0.49\",\"dest_port\":47162,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"mtn-nigeria-prod.mfilterit.org\",\"url\":\"/sid/234102200007344?origin_banner=2\u0026trfSrc=GoldenGoose\u0026trxId=74022029\u0026MSISDN=\u0026pubid=\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"/sid-main/234102200007344/?origin_banner=2\u0026trfSrc=GoldenGoose\u0026trxId=74022029\u0026MSISDN=\u0026pubid=\",\"length\":136},\"files\":[{\"filename\":\"/sid/234102200007344\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":136,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":4,\"bytes_toserver\":837,\"bytes_toclient\":1135,\"start\":\"2026-03-04T16:09:01.573419+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mtn-nigeria-prod.mfilterit.org/sid-main/234102200007344/?origin_banner=2\u0026trfSrc=GoldenGoose\u0026trxId=74022029\u0026MSISDN=\u0026pubid=","fqdn":"mtn-nigeria-prod.mfilterit.org","domain":"mfilterit.org","tld":"org"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-04T16:09:01.861Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /sid-main/234102200007344/?origin_banner=2\u0026trfSrc=GoldenGoose\u0026trxId=74022029\u0026MSISDN=\u0026pubid= HTTP/1.1\r\nHost: mtn-nigeria-prod.mfilterit.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T13:49:31.916752Z","times_seen":13333799,"resource_available":true,"data":null}},"time_used":7386,"timings":{"blocked":7386,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-04T16:09:16Z","timestamp":1772640556,"ip_dst":{"addr":"172.18.0.49","port":47162,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"13.203.185.59","port":80,"asn":16509,"as":"AMAZON-02","country":"India","country_code":"IN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-04T16:09:16.449984+0000\",\"flow_id\":688995853778923,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"13.203.185.59\",\"src_port\":80,\"dest_ip\":\"172.18.0.49\",\"dest_port\":47162,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"mtn-nigeria-prod.mfilterit.org\",\"url\":\"/sid-main/234102200007344/?origin_banner=2\u0026trfSrc=GoldenGoose\u0026trxId=74022029\u0026MSISDN=\u0026pubid=\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":6551},\"files\":[{\"filename\":\"/sid-main/234102200007344/\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":8192,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":11,\"pkts_toclient\":10,\"bytes_toserver\":1738,\"bytes_toclient\":10219,\"start\":\"2026-03-04T16:09:01.573419+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"mtn-nigeria-prod.mfilterit.org/sid-main/234102200007344/?origin_banner=2\u0026trfSrc=GoldenGoose\u0026trxId=74022029\u0026MSISDN=\u0026pubid=","fqdn":"mtn-nigeria-prod.mfilterit.org","domain":"mfilterit.org","tld":"org"},"ip":{"addr":"13.203.185.59","port":80,"asn":16509,"as":"AMAZON-02","country":"India","country_code":"IN"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-04T16:09:16.275Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /sid-main/234102200007344/?origin_banner=2\u0026trfSrc=GoldenGoose\u0026trxId=74022029\u0026MSISDN=\u0026pubid= HTTP/1.1\r\nHost: mtn-nigeria-prod.mfilterit.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 16:09:16 GMT\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nCache-Control: no-store, no-cache, must-revalidate, proxy-revalidate\r\nPragma: no-cache\r\nExpires: 0\r\nSurrogate-Control: no-store\r\nStrict-Transport-Security: max-age=0\r\nUpgrade-Insecure-Requests: 0\r\nContent-Security-Policy: default-src 'self' data: blob: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *; style-src 'self' 'unsafe-inline' data: *; img-src 'self' data: blob: *\r\nX-Frame-Options: SAMEORIGIN\r\nReferrer-Policy: unsafe-url\r\nETag: W/\"38c9a-5aHBAlhQa1jBpq4M1wEeGncghNA\"\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":232602,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (60795)","md5":"cceece194d6ead49de1a243f86ea6ae5","sha1":"e5a1c10258506b58c1a6ae0cd7011e1a772084d0","sha256":"11401628f17f6b1a87e55bd1c86a8632a993a4542c0a0c8f036bc89bdf0ef2bb","sha512":"82864346c7d0e4b25462d37c6b989582b0e23291707dc4c434273ef5692b14f31fe266781f7ebf0a3c73c6514350cb469aa947f253a3d5a9d2d1897cf70dd698","ssdeep":"6144:XhtIDBFMHW7VTwKtV9Ec8b1LDIuGSaPMhMv:R6tB7VsKtwDJPXGHPMi","tlshash":"ee34d02688f21c37066b01f7e70fba197eb18547d349e44034ac5b621f89e5e523b6ee","first_seen":"2026-03-04T16:09:22.598858Z","last_seen":"2026-03-04T16:09:22.598858Z","times_seen":1,"resource_available":true,"data":null}},"time_used":606,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":179,"receive":427,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-04T16:09:16Z","timestamp":1772640556,"ip_dst":{"addr":"172.18.0.49","port":47162,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"13.203.185.59","port":80,"asn":16509,"as":"AMAZON-02","country":"India","country_code":"IN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-04T16:09:16.449984+0000\",\"flow_id\":688995853778923,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"13.203.185.59\",\"src_port\":80,\"dest_ip\":\"172.18.0.49\",\"dest_port\":47162,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"mtn-nigeria-prod.mfilterit.org\",\"url\":\"/sid-main/234102200007344/?origin_banner=2\u0026trfSrc=GoldenGoose\u0026trxId=74022029\u0026MSISDN=\u0026pubid=\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":6551},\"files\":[{\"filename\":\"/sid-main/234102200007344/\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":8192,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":11,\"pkts_toclient\":10,\"bytes_toserver\":1738,\"bytes_toclient\":10219,\"start\":\"2026-03-04T16:09:01.573419+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"dedault.mfilterit.net/poppins-600.woff2","fqdn":"dedault.mfilterit.net","domain":"mfilterit.net","tld":"net"},"ip":{"addr":"52.84.50.55","port":80,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://mtn-nigeria-prod.mfilterit.org/sid-main/234102200007344/?origin_banner=2\u0026trfSrc=GoldenGoose\u0026trxId=74022029\u0026MSISDN=\u0026pubid=","date":"2026-03-04T16:09:17.205Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /poppins-600.woff2 HTTP/1.1\r\nHost: dedault.mfilterit.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: http://mtn-nigeria-prod.mfilterit.org\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://dedault.mfilterit.net/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 7992\r\nConnection: keep-alive\r\nDate: Wed, 04 Mar 2026 07:27:45 GMT\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, HEAD\r\nLast-Modified: Thu, 19 Feb 2026 07:11:47 GMT\r\nETag: \"b550bca8934bd86812d1f5e28c9cc1de\"\r\nx-amz-server-side-encryption: AES256\r\nAccept-Ranges: bytes\r\nServer: AmazonS3\r\nX-Cache: Hit from cloudfront\r\nVia: 1.1 67fb37d4b7930077be54eaea3254b4ec.cloudfront.net (CloudFront)\r\nX-Amz-Cf-Pop: OSL50-P3\r\nX-Amz-Cf-Id: trUCD7Ty-w9Ck-_284J8jqJ90rJtjtFHwQOiwHFqq3rCjGHll93_pg==\r\nAge: 31293\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":7992,"size_decoded":0,"mime_type":"application/x-www-form-urlencoded","magic":"Web Open Font Format (Version 2), TrueType, length 7992, version 1.0","md5":"b550bca8934bd86812d1f5e28c9cc1de","sha1":"fffe793f52607740984a931ee7158aa82db94a72","sha256":"872e862918591a9e824dc03ed92f05729435ffbb8ebbb10eff7eda26592b1798","sha512":"a0b84873a17f6ded0d966c0f159718ccbb617ae19416815ea3f706c436becee0671d9cbc01c0fc4572712856bd0c1e5b32e2dda8fbf56d540dee5e36e833c05c","ssdeep":"96:2TVwxWNrKIvPdg1axqKXivj6iCvB0H0P76Oj6rDbeEmcDZsuVGD0RqaHbJiL1BgF:2TixEECQzfUv6BSMGDU5agjhWbq","tlshash":"77f1ad9ab6c85e02c724287b05c14727593c3313db2cbf56049ec2ad62c7eb14c9b06b","first_seen":"2024-03-26T19:18:23Z","last_seen":"2026-04-04T12:55:38.095969Z","times_seen":10726,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":6,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"mtn-nigeria-prod.mfilterit.org/favicon.ico","fqdn":"mtn-nigeria-prod.mfilterit.org","domain":"mfilterit.org","tld":"org"},"ip":{"addr":"13.203.185.59","port":80,"asn":16509,"as":"AMAZON-02","country":"India","country_code":"IN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://mtn-nigeria-prod.mfilterit.org/sid-main/234102200007344/?origin_banner=2\u0026trfSrc=GoldenGoose\u0026trxId=74022029\u0026MSISDN=\u0026pubid=","date":"2026-03-04T16:09:17.236Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: mtn-nigeria-prod.mfilterit.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://mtn-nigeria-prod.mfilterit.org/sid-main/234102200007344/?origin_banner=2\u0026trfSrc=GoldenGoose\u0026trxId=74022029\u0026MSISDN=\u0026pubid=\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Wed, 04 Mar 2026 16:09:17 GMT\r\nContent-Type: application/json; charset=utf-8\r\nContent-Length: 52\r\nConnection: keep-alive\r\nCache-Control: no-store, no-cache, must-revalidate, proxy-revalidate\r\nPragma: no-cache\r\nExpires: 0\r\nSurrogate-Control: no-store\r\nStrict-Transport-Security: max-age=0\r\nUpgrade-Insecure-Requests: 0\r\nContent-Security-Policy: default-src 'self' data: blob: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *; style-src 'self' 'unsafe-inline' data: *; img-src 'self' data: blob: *\r\nX-Frame-Options: SAMEORIGIN\r\nReferrer-Policy: unsafe-url\r\nETag: W/\"34-W9iCSmAT7P/MgJc3dJitCSpcgXw\"\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":52,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"c2d779e5dbc6ef51684e72b9accd9bbf","sha1":"5bd8824a6013ecffcc8097377498ad092a5c817c","sha256":"2ee5e408d933e53544229a16e78c054f0b98bf998bf2470c7969ab3cf0f79465","sha512":"57ef8634270a532eb4851d69fd29e30482b13ab82a5e36841a588926e4a167f40ec0ae378d721911b3cae182d827c0cb2780cdfdfe53d96aec547c55992a4093","ssdeep":"","tlshash":"75900258008139190f8645adb584713025894e8504951991418e8029851178d8805145","first_seen":"2025-09-15T05:54:53.230107Z","last_seen":"2026-04-04T05:55:23.471834Z","times_seen":3427,"resource_available":false,"data":null}},"time_used":143,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":142,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"dedault.mfilterit.net/fonts.css","fqdn":"dedault.mfilterit.net","domain":"mfilterit.net","tld":"net"},"ip":{"addr":"52.84.50.55","port":80,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://mtn-nigeria-prod.mfilterit.org/sid-main/234102200007344/?origin_banner=2\u0026trfSrc=GoldenGoose\u0026trxId=74022029\u0026MSISDN=\u0026pubid=","date":"2026-03-04T16:09:16.548Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /fonts.css HTTP/1.1\r\nHost: dedault.mfilterit.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://mtn-nigeria-prod.mfilterit.org/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nDate: Wed, 04 Mar 2026 03:21:05 GMT\r\nLast-Modified: Thu, 19 Feb 2026 11:27:09 GMT\r\nContent-Encoding: gzip\r\nx-amz-server-side-encryption: AES256\r\nServer: AmazonS3\r\nETag: W/\"97907a6d3777df933b1e7f2a7dc1fdf0\"\r\nX-Cache: Hit from cloudfront\r\nVia: 1.1 e21c7dce7b26c6a388cc82dd5423f574.cloudfront.net (CloudFront)\r\nX-Amz-Cf-Pop: OSL50-P3\r\nX-Amz-Cf-Id: VMS8I_YPqJex92Ij_4-pQqNK3n3HZjBJrAW-BypqGj0MELgqwS5Hqg==\r\nAge: 46091\r\nVary: accept-encoding, Origin\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":1861,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"97907a6d3777df933b1e7f2a7dc1fdf0","sha1":"79d26a577aebc9144c4c9577ccd65d6e5d4e6254","sha256":"b03504e8bb9484f205527088b5e248025105d7367fd821ae88ffebc453b4cbc6","sha512":"8159bf2b3df8d7f4cea5aa62b38263204397223248ccf87f4c0668c8a5efb95bfe56090d16de572ea27638229e23c8f54ad652397b9890547060d2301bd25250","ssdeep":"","tlshash":"dc313c40087ab508e6535cd1669f7a729e0ee0446845f974a7ff1cd4fc56c21a3b372d","first_seen":"2026-02-22T01:17:30.622593Z","last_seen":"2026-04-04T05:55:23.461652Z","times_seen":364,"resource_available":false,"data":null}},"time_used":81,"timings":{"blocked":23,"dns":31,"connect":1,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"mtn-nigeria-prod.mfilterit.org/sid-he.css","fqdn":"mtn-nigeria-prod.mfilterit.org","domain":"mfilterit.org","tld":"org"},"ip":{"addr":"13.203.185.59","port":80,"asn":16509,"as":"AMAZON-02","country":"India","country_code":"IN"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://mtn-nigeria-prod.mfilterit.org/sid-main/234102200007344/?origin_banner=2\u0026trfSrc=GoldenGoose\u0026trxId=74022029\u0026MSISDN=\u0026pubid=","date":"2026-03-04T16:09:16.546Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /sid-he.css HTTP/1.1\r\nHost: mtn-nigeria-prod.mfilterit.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://mtn-nigeria-prod.mfilterit.org/sid-main/234102200007344/?origin_banner=2\u0026trfSrc=GoldenGoose\u0026trxId=74022029\u0026MSISDN=\u0026pubid=\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 16:09:16 GMT\r\nContent-Type: text/css; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nCache-Control: public, max-age=14400\r\nPragma: no-cache\r\nExpires: 0\r\nSurrogate-Control: no-store\r\nStrict-Transport-Security: max-age=0\r\nUpgrade-Insecure-Requests: 0\r\nContent-Security-Policy: default-src 'self' data: blob: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *; style-src 'self' 'unsafe-inline' data: *; img-src 'self' data: blob: *\r\nX-Frame-Options: SAMEORIGIN\r\nReferrer-Policy: unsafe-url\r\nAccept-Ranges: bytes\r\nLast-Modified: Mon, 02 Mar 2026 11:43:58 GMT\r\nETag: W/\"39c2-19cae5cb830\"\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":14786,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text","md5":"81a96f2b7a8405a2b059ff80d1b25eea","sha1":"125a1ae89def0e19303324a6499714ca22d20a58","sha256":"38988bd197d8ecbb049f2b1e4ec7fca32b1e3a3c09f0ff5fe906611b668bb9de","sha512":"f273747eaa44073ed3f783fb0d954ac19bc6f711e8d3f1a1b555a5fe1cd1c5a25311f1ea199997f16ed9f8daceef1079c67f0bc91c2a868fee564670fece5754","ssdeep":"384:HDVlfm4Uo9IdInrI/HGrNhpVjhBASd3jPprG1N1PLI:jjf59IdIrI/HGrNhpVjhBAEpaDFLI","tlshash":"ee622e972ba10000741bd8a87993ab9a636d8443d40fdd7c7be4201cefc82ed9977b8d","first_seen":"2026-01-12T08:39:02.995645Z","last_seen":"2026-03-04T20:06:55.821829Z","times_seen":581,"resource_available":false,"data":null}},"time_used":424,"timings":{"blocked":140,"dns":1,"connect":140,"send":0,"wait":142,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-04T16:09:16Z","timestamp":1772640556,"ip_dst":{"addr":"172.18.0.49","port":44488,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"13.203.185.59","port":80,"asn":16509,"as":"AMAZON-02","country":"India","country_code":"IN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-04T16:09:16.829002+0000\",\"flow_id\":1808225677366900,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"13.203.185.59\",\"src_port\":80,\"dest_ip\":\"172.18.0.49\",\"dest_port\":44488,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"mtn-nigeria-prod.mfilterit.org\",\"url\":\"/sid-he.css\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://mtn-nigeria-prod.mfilterit.org/sid-main/234102200007344/?origin_banner=2\u0026trfSrc=GoldenGoose\u0026trxId=74022029\u0026MSISDN=\u0026pubid=\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":739,\"bytes_toclient\":2442,\"start\":\"2026-03-04T16:09:16.546420+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"mtn-nigeria-prod.mfilterit.org/js/session-recording-script.js","fqdn":"mtn-nigeria-prod.mfilterit.org","domain":"mfilterit.org","tld":"org"},"ip":{"addr":"13.203.185.59","port":80,"asn":16509,"as":"AMAZON-02","country":"India","country_code":"IN"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://mtn-nigeria-prod.mfilterit.org/sid-main/234102200007344/?origin_banner=2\u0026trfSrc=GoldenGoose\u0026trxId=74022029\u0026MSISDN=\u0026pubid=","date":"2026-03-04T16:09:16.552Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /js/session-recording-script.js HTTP/1.1\r\nHost: mtn-nigeria-prod.mfilterit.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://mtn-nigeria-prod.mfilterit.org/sid-main/234102200007344/?origin_banner=2\u0026trfSrc=GoldenGoose\u0026trxId=74022029\u0026MSISDN=\u0026pubid=\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 16:09:16 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nCache-Control: public, max-age=3600\r\nPragma: no-cache\r\nExpires: 0\r\nSurrogate-Control: no-store\r\nStrict-Transport-Security: max-age=0\r\nUpgrade-Insecure-Requests: 0\r\nContent-Security-Policy: default-src 'self' data: blob: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *; style-src 'self' 'unsafe-inline' data: *; img-src 'self' data: blob: *\r\nX-Frame-Options: SAMEORIGIN\r\nReferrer-Policy: unsafe-url\r\nAccept-Ranges: bytes\r\nLast-Modified: Mon, 02 Mar 2026 11:43:58 GMT\r\nETag: W/\"39944-19cae5cb830\"\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":235844,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text","md5":"2e4b0e1a7b38a002b1e276d49251a396","sha1":"47a4586408612969ba2f1d5422b10b369bc8d15f","sha256":"a9236a2788d3401e907f96d1076727db6cd4ee8a04d1459cd3c42c68d44c324a","sha512":"6e774fbf1853503ec869c6cd597eabb530b8f37370c0186e37abf1788761297c0296824dff5bbe72e286ca3fc7272aa905f9e9209e70cc1b35cbd1df0170df9d","ssdeep":"3072:9xw1O+NulJveU/tjALjQyoyXQtbcxFwyhld05:Dw1O+BgALDXQtbcxFwQlq5","tlshash":"86345f8a2af72432a613b07d4e2fc1053a31940f2949fd583e9c92a45f5c83d56f6fe9","first_seen":"2025-10-07T20:02:08.061011Z","last_seen":"2026-03-25T03:02:28.140887Z","times_seen":3398,"resource_available":true,"data":null}},"time_used":714,"timings":{"blocked":132,"dns":1,"connect":144,"send":0,"wait":147,"receive":290,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-04T16:09:16Z","timestamp":1772640556,"ip_dst":{"addr":"172.18.0.49","port":44466,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"13.203.185.59","port":80,"asn":16509,"as":"AMAZON-02","country":"India","country_code":"IN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-04T16:09:16.831736+0000\",\"flow_id\":1616994405988918,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"13.203.185.59\",\"src_port\":80,\"dest_ip\":\"172.18.0.49\",\"dest_port\":44466,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"mtn-nigeria-prod.mfilterit.org\",\"url\":\"/js/session-recording-script.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://mtn-nigeria-prod.mfilterit.org/sid-main/234102200007344/?origin_banner=2\u0026trfSrc=GoldenGoose\u0026trxId=74022029\u0026MSISDN=\u0026pubid=\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":744,\"bytes_toclient\":2456,\"start\":\"2026-03-04T16:09:16.539190+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-04T16:09:17Z","timestamp":1772640557,"ip_dst":{"addr":"172.18.0.49","port":44466,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"13.203.185.59","port":80,"asn":16509,"as":"AMAZON-02","country":"India","country_code":"IN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-04T16:09:17.512247+0000\",\"flow_id\":1616994405988918,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"13.203.185.59\",\"src_port\":80,\"dest_ip\":\"172.18.0.49\",\"dest_port\":44466,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"mtn-nigeria-prod.mfilterit.org\",\"url\":\"/js/session-recording-script.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://mtn-nigeria-prod.mfilterit.org/sid-main/234102200007344/?origin_banner=2\u0026trfSrc=GoldenGoose\u0026trxId=74022029\u0026MSISDN=\u0026pubid=\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":54975},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":24,\"pkts_toclient\":42,\"bytes_toserver\":2735,\"bytes_toclient\":58478,\"start\":\"2026-03-04T16:09:16.539190+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"dedault.mfilterit.net/poppins-700.woff2","fqdn":"dedault.mfilterit.net","domain":"mfilterit.net","tld":"net"},"ip":{"addr":"52.84.50.116","port":80,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://mtn-nigeria-prod.mfilterit.org/sid-main/234102200007344/?origin_banner=2\u0026trfSrc=GoldenGoose\u0026trxId=74022029\u0026MSISDN=\u0026pubid=","date":"2026-03-04T16:09:17.210Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /poppins-700.woff2 HTTP/1.1\r\nHost: dedault.mfilterit.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: http://mtn-nigeria-prod.mfilterit.org\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://dedault.mfilterit.net/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 7848\r\nConnection: keep-alive\r\nDate: Wed, 04 Mar 2026 07:27:45 GMT\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, HEAD\r\nLast-Modified: Thu, 19 Feb 2026 07:11:47 GMT\r\nETag: \"0bd523f6049956faaf43c254a719d06a\"\r\nx-amz-server-side-encryption: AES256\r\nAccept-Ranges: bytes\r\nServer: AmazonS3\r\nX-Cache: Hit from cloudfront\r\nVia: 1.1 1052525f0d15ecb6749de58fe7a481c8.cloudfront.net (CloudFront)\r\nX-Amz-Cf-Pop: OSL50-P3\r\nX-Amz-Cf-Id: riMiiRoiDaIbjjh8j9VFAVUo1jWkU78TRNc7ACSgeMoM6Nx-7trclA==\r\nAge: 31293\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":7848,"size_decoded":0,"mime_type":"application/x-www-form-urlencoded","magic":"Web Open Font Format (Version 2), TrueType, length 7848, version 1.0","md5":"0bd523f6049956faaf43c254a719d06a","sha1":"6af69d307c33af0f3c4c3eb96ef01ea4390f474e","sha256":"197a3cbd7290c242c5c765268cdd69a9a39867fdc80cd13071f243a81c56fb76","sha512":"a0729696c915b1f08b1cef404ebe621c6031812b733107c423b39eeb6b4d852552ffaf2fccffbfe08259f43d532f53d649665be186c26add8bfcee483a9af7e4","ssdeep":"192:K2JJwUQALPlHurxh27HviZ+x5BTbwNA/aGyGhXFUcbtXCR+1pH:nJKUQABHuNgDig13cSHUcbtI+1pH","tlshash":"60f1af5411a00b08e206937903d638e15d977b1c99fff8684d0b5092fdd75f2b8359e0","first_seen":"2024-03-26T19:18:23Z","last_seen":"2026-04-04T13:54:25.411983Z","times_seen":11104,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":3,"send":0,"wait":6,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"session-recording.mfilterit.org/api/sessions/save-recording?sc=nigeria","fqdn":"session-recording.mfilterit.org","domain":"mfilterit.org","tld":"org"},"ip":{"addr":"3.7.199.28","port":443,"asn":16509,"as":"AMAZON-02","country":"India","country_code":"IN"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"http://mtn-nigeria-prod.mfilterit.org/sid-main/234102200007344/?origin_banner=2\u0026trfSrc=GoldenGoose\u0026trxId=74022029\u0026MSISDN=\u0026pubid=","date":"2026-03-04T16:09:18.179Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.mfilterit.org","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 09 Nov 2025 00:00:00 GMT","end":"Tue, 08 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"17:1A:1B:64:F2:91:28:9C:D8:2A:D1:D4:51:CF:A1:36:1E:27:77:6F","sha256":"73:71:D1:99:2D:D1:F1:C7:79:E2:E4:B4:CB:02:5C:CD:5A:8F:54:5D:38:E9:A9:09:13:42:3E:E3:FB:CF:49:85"}}},"request":{"raw":"OPTIONS /api/sessions/save-recording?sc=nigeria HTTP/1.1\r\nHost: session-recording.mfilterit.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: http://mtn-nigeria-prod.mfilterit.org/sid-main/234102200007344/?origin_banner=2\u0026trfSrc=GoldenGoose\u0026trxId=74022029\u0026MSISDN=\u0026pubid=\r\nOrigin: http://mtn-nigeria-prod.mfilterit.org\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Wed, 04 Mar 2026 16:09:18 GMT\r\nx-powered-by: Express\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE\r\nvary: Access-Control-Request-Headers\r\naccess-control-allow-headers: content-type\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T13:49:31.916752Z","times_seen":13333799,"resource_available":true,"data":null}},"time_used":1265,"timings":{"blocked":562,"dns":50,"connect":139,"send":0,"wait":140,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"dedault.mfilterit.net/poppins-400.woff2","fqdn":"dedault.mfilterit.net","domain":"mfilterit.net","tld":"net"},"ip":{"addr":"52.84.50.55","port":80,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://mtn-nigeria-prod.mfilterit.org/sid-main/234102200007344/?origin_banner=2\u0026trfSrc=GoldenGoose\u0026trxId=74022029\u0026MSISDN=\u0026pubid=","date":"2026-03-04T16:09:17.196Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /poppins-400.woff2 HTTP/1.1\r\nHost: dedault.mfilterit.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: http://mtn-nigeria-prod.mfilterit.org\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://dedault.mfilterit.net/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 7900\r\nConnection: keep-alive\r\nLast-Modified: Thu, 19 Feb 2026 07:11:47 GMT\r\nx-amz-server-side-encryption: AES256\r\nAccept-Ranges: bytes\r\nServer: AmazonS3\r\nDate: Wed, 04 Mar 2026 06:10:14 GMT\r\nETag: \"43751174b6b810eb169101a20d8c26f8\"\r\nX-Cache: Hit from cloudfront\r\nVia: 1.1 67fb37d4b7930077be54eaea3254b4ec.cloudfront.net (CloudFront)\r\nX-Amz-Cf-Pop: OSL50-P3\r\nX-Amz-Cf-Id: zbNAa-yLM6MqerH0S2AB-eBT9eSrFnYXd3De4efYzMQPiOeaNOSFSQ==\r\nAge: 35944\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Expose-Headers: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":7900,"size_decoded":0,"mime_type":"application/x-www-form-urlencoded","magic":"Web Open Font Format (Version 2), TrueType, length 7900, version 1.0","md5":"43751174b6b810eb169101a20d8c26f8","sha1":"7e48d54b1df1d3f657fc90227590308183ff9ddc","sha256":"3dc5d0c52428fe1696264907a1054ebbaac07f8cbe45832c105f819c2ae397c0","sha512":"a56307976583f9f0dd41ea34a3878c1fd69d5f89577664c350be014f6485da077cecf03f315104dc00e3cb0b6036d9b58e602ca19e963bf500016f090ca80ff2","ssdeep":"192:J2+QXwv9y8UEem7iQD+hqsNl3ahSFsd8Rq0s+Hxf49:J2+9vI8XX+DxrFe0/f0","tlshash":"dcf1bffef23115d580b66bb6c307bf24d9298147fc772608a61c6978a4e9f0c194cf0a","first_seen":"2024-03-26T19:18:23Z","last_seen":"2026-04-04T13:39:49.689395Z","times_seen":15078,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":2,"dns":1,"connect":1,"send":0,"wait":7,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mtn-nigeria-prod.mfilterit.org/sid/234102200007344?origin_banner=2\u0026trfSrc=GoldenGoose\u0026trxId=74022029\u0026MSISDN=\u0026pubid=","fqdn":"mtn-nigeria-prod.mfilterit.org","domain":"mfilterit.org","tld":"org"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-04T16:08:58.209Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /sid/234102200007344?origin_banner=2\u0026trfSrc=GoldenGoose\u0026trxId=74022029\u0026MSISDN=\u0026pubid= HTTP/1.1\r\nHost: mtn-nigeria-prod.mfilterit.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T13:49:31.916752Z","times_seen":13333799,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-04T16:09:12Z","timestamp":1772640552,"ip_dst":{"addr":"172.18.0.49","port":47162,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"13.203.185.59","port":80,"asn":16509,"as":"AMAZON-02","country":"India","country_code":"IN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-04T16:09:12.001624+0000\",\"flow_id\":688995853778923,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"13.203.185.59\",\"src_port\":80,\"dest_ip\":\"172.18.0.49\",\"dest_port\":47162,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"mtn-nigeria-prod.mfilterit.org\",\"url\":\"/sid/234102200007344?origin_banner=2\u0026trfSrc=GoldenGoose\u0026trxId=74022029\u0026MSISDN=\u0026pubid=\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"/sid-main/234102200007344/?origin_banner=2\u0026trfSrc=GoldenGoose\u0026trxId=74022029\u0026MSISDN=\u0026pubid=\",\"length\":136},\"files\":[{\"filename\":\"/sid/234102200007344\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":136,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":4,\"bytes_toserver\":837,\"bytes_toclient\":1135,\"start\":\"2026-03-04T16:09:01.573419+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"mtn-nigeria-prod.mfilterit.org/js/mfilter.bundle.js","fqdn":"mtn-nigeria-prod.mfilterit.org","domain":"mfilterit.org","tld":"org"},"ip":{"addr":"13.203.185.59","port":80,"asn":16509,"as":"AMAZON-02","country":"India","country_code":"IN"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://mtn-nigeria-prod.mfilterit.org/sid-main/234102200007344/?origin_banner=2\u0026trfSrc=GoldenGoose\u0026trxId=74022029\u0026MSISDN=\u0026pubid=","date":"2026-03-04T16:09:16.550Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /js/mfilter.bundle.js HTTP/1.1\r\nHost: mtn-nigeria-prod.mfilterit.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://mtn-nigeria-prod.mfilterit.org/sid-main/234102200007344/?origin_banner=2\u0026trfSrc=GoldenGoose\u0026trxId=74022029\u0026MSISDN=\u0026pubid=\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 04 Mar 2026 16:09:16 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nCache-Control: public, max-age=3600\r\nPragma: no-cache\r\nExpires: 0\r\nSurrogate-Control: no-store\r\nStrict-Transport-Security: max-age=0\r\nUpgrade-Insecure-Requests: 0\r\nContent-Security-Policy: default-src 'self' data: blob: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *; style-src 'self' 'unsafe-inline' data: *; img-src 'self' data: blob: *\r\nX-Frame-Options: SAMEORIGIN\r\nReferrer-Policy: unsafe-url\r\nAccept-Ranges: bytes\r\nLast-Modified: Mon, 02 Mar 2026 11:43:58 GMT\r\nETag: W/\"26f5b-19cae5cb830\"\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":159579,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (65464)","md5":"e50efcc86df3e8ed7b81495217d6cd64","sha1":"f40de18e5e7d6b302a51bbf116b10884489c7ced","sha256":"e71cc7586ce574e5e83fad61b9d710d8a16d554d5690ba6d83fff983df76b4be","sha512":"45592f2a73f232cd838a0c0096c046ffc1ad6a65f4c6baa7701a008bdfa8e5ea7b3a12ac8d8b97f39b201f8fee359dda684810af16c6092cf3fb82d0f3c9f728","ssdeep":"1536:QPtNPU9ArHMdb8nqN3xVIv0DHqeDHQ+TfRnnJtetp+rjFeNMJBiXc4aoXAFi2Qir:SqvVuUn/apWPiKfYi","tlshash":"fef36cc5b2d6b05543b328e5043f6007b23e3d25690d8c40f626d5dabca999ad23bf7e","first_seen":"2026-02-27T17:40:54.889228Z","last_seen":"2026-03-17T22:43:36.656072Z","times_seen":67,"resource_available":true,"data":null}},"time_used":708,"timings":{"blocked":136,"dns":1,"connect":142,"send":0,"wait":144,"receive":285,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-04T16:09:16Z","timestamp":1772640556,"ip_dst":{"addr":"172.18.0.49","port":44478,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"13.203.185.59","port":80,"asn":16509,"as":"AMAZON-02","country":"India","country_code":"IN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-04T16:09:16.829997+0000\",\"flow_id\":569722465438607,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"13.203.185.59\",\"src_port\":80,\"dest_ip\":\"172.18.0.49\",\"dest_port\":44478,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"mtn-nigeria-prod.mfilterit.org\",\"url\":\"/js/mfilter.bundle.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://mtn-nigeria-prod.mfilterit.org/sid-main/234102200007344/?origin_banner=2\u0026trfSrc=GoldenGoose\u0026trxId=74022029\u0026MSISDN=\u0026pubid=\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":6519},\"files\":[{\"filename\":\"/js/mfilter.bundle.js\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":8192,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":8,\"bytes_toserver\":998,\"bytes_toclient\":9224,\"start\":\"2026-03-04T16:09:16.543631+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-04T16:09:17Z","timestamp":1772640557,"ip_dst":{"addr":"172.18.0.49","port":44478,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"13.203.185.59","port":80,"asn":16509,"as":"AMAZON-02","country":"India","country_code":"IN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-04T16:09:17.378344+0000\",\"flow_id\":569722465438607,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"13.203.185.59\",\"src_port\":80,\"dest_ip\":\"172.18.0.49\",\"dest_port\":44478,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"mtn-nigeria-prod.mfilterit.org\",\"url\":\"/js/mfilter.bundle.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://mtn-nigeria-prod.mfilterit.org/sid-main/234102200007344/?origin_banner=2\u0026trfSrc=GoldenGoose\u0026trxId=74022029\u0026MSISDN=\u0026pubid=\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":55999},\"files\":[{\"filename\":\"/js/mfilter.bundle.js\",\"sid\":[],\"gaps\":false,\"state\":\"TRUNCATED\",\"stored\":false,\"size\":102400,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":24,\"pkts_toclient\":43,\"bytes_toserver\":2529,\"bytes_toclient\":60288,\"start\":\"2026-03-04T16:09:16.543631+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"dedault.mfilterit.net/opensans-700.woff2","fqdn":"dedault.mfilterit.net","domain":"mfilterit.net","tld":"net"},"ip":{"addr":"52.84.50.116","port":80,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://mtn-nigeria-prod.mfilterit.org/sid-main/234102200007344/?origin_banner=2\u0026trfSrc=GoldenGoose\u0026trxId=74022029\u0026MSISDN=\u0026pubid=","date":"2026-03-04T16:09:17.200Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /opensans-700.woff2 HTTP/1.1\r\nHost: dedault.mfilterit.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: http://mtn-nigeria-prod.mfilterit.org\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://dedault.mfilterit.net/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 48236\r\nConnection: keep-alive\r\nDate: Wed, 04 Mar 2026 07:27:45 GMT\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, HEAD\r\nLast-Modified: Thu, 19 Feb 2026 07:11:48 GMT\r\nETag: \"015c126a3520c9a8f6a27979d0266e96\"\r\nx-amz-server-side-encryption: AES256\r\nAccept-Ranges: bytes\r\nServer: AmazonS3\r\nX-Cache: Hit from cloudfront\r\nVia: 1.1 38bf1dd1623b4168f1f298799f6898c4.cloudfront.net (CloudFront)\r\nX-Amz-Cf-Pop: OSL50-P3\r\nX-Amz-Cf-Id: tCoNc8stM-VIrXAfTGr-LeHU8FadDcaaSP5lXcFeKewGNsi1PRqThg==\r\nAge: 31293\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":48236,"size_decoded":0,"mime_type":"application/x-www-form-urlencoded","magic":"Web Open Font Format (Version 2), TrueType, length 48236, version 1.0","md5":"015c126a3520c9a8f6a27979d0266e96","sha1":"2acf956561d44434a6d84204670cf849d3215d5f","sha256":"3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa","sha512":"02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c","ssdeep":"768:uj6JxavgLx5rjTH3CdZ3y11o4uMb2IVEhiB6z6GAAHJApICtBgso6HaOjTXHRWK:ujoa4LxZPCdm3B2IVEhiB62apApISxos","tlshash":"eb2302d92e54990d29202a63f45d6e2641301b6acedf4bbceca4ff38006c76f9fe1548","first_seen":"2023-12-14T22:52:19Z","last_seen":"2026-04-04T13:42:16.742172Z","times_seen":106765,"resource_available":false,"data":null}},"time_used":35,"timings":{"blocked":3,"dns":1,"connect":2,"send":0,"wait":27,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}