{"report_id":"c8e4857e-e2b0-470e-b16b-14b7fd8271d0","version":6,"status":"done","tags":[],"date":"2025-07-14T20:46:54Z","url":{"schema":"http","addr":"file.javblow.com/","fqdn":"file.javblow.com","domain":"javblow.com","tld":"com"},"ip":{"addr":"50.2.254.166","port":0,"asn":62904,"as":"AS62904","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"http","addr":"file.javblow.com/","fqdn":"file.javblow.com","domain":"javblow.com","tld":"com"},"title":"DB电竞·(DBGAME)官方网站"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-09-22T20:46:54Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"www.bjsmsie.com","ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"domain_registered":"2010-11-26","domain_rank":0,"first_seen":"2025-07-14T20:46:54.699557Z","last_seen":"2025-07-14T20:46:54.699557Z","alert_count":24,"request_count":25,"received_data":884280,"sent_data":9407,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.chem17.com","ip":{"addr":"180.163.146.112","port":443,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"domain_registered":"2003-03-17","domain_rank":0,"first_seen":"2013-06-12T07:47:44Z","last_seen":"2025-07-12T15:17:23.63664Z","alert_count":0,"request_count":2,"received_data":2190,"sent_data":1228,"comment":"","tags":null,"fingerprints":null},{"fqdn":"hm.baidu.com","ip":{"addr":"183.240.98.228","port":443,"asn":56040,"as":"China Mobile communications corporation","country":"China","country_code":"CN"},"domain_registered":"1999-10-11","domain_rank":8254,"first_seen":"2012-05-26T08:38:45Z","last_seen":"2025-07-09T20:58:23.966663Z","alert_count":0,"request_count":1,"received_data":175,"sent_data":439,"comment":"","tags":null,"fingerprints":null},{"fqdn":"sdk.51.la","ip":{"addr":"38.54.123.55","port":80,"asn":138915,"as":"Kaopu Cloud HK Limited","country":"France","country_code":"FR"},"domain_registered":"2005-01-17","domain_rank":88367,"first_seen":"2021-03-08T16:03:51Z","last_seen":"2025-07-12T05:51:51.394622Z","alert_count":0,"request_count":2,"received_data":73361,"sent_data":668,"comment":"","tags":null,"fingerprints":null},{"fqdn":"89tongji.com","ip":{"addr":"38.34.191.56","port":443,"asn":18978,"as":"ENZUINC","country":"United States","country_code":"US"},"domain_registered":"2023-08-03","domain_rank":0,"first_seen":"2023-08-03T16:00:12Z","last_seen":"2025-07-13T14:35:20.257309Z","alert_count":0,"request_count":2,"received_data":8972,"sent_data":940,"comment":"","tags":null,"fingerprints":null},{"fqdn":"chat.chem17.com","ip":{"addr":"180.163.146.116","port":443,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"domain_registered":"2003-03-17","domain_rank":0,"first_seen":"2014-05-27T23:58:43Z","last_seen":"2025-07-12T15:17:23.657932Z","alert_count":0,"request_count":2,"received_data":1804,"sent_data":848,"comment":"","tags":null,"fingerprints":null},{"fqdn":"pinganfafa.com","ip":{"addr":"143.92.57.25","port":25858,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"domain_registered":"2024-12-12","domain_rank":0,"first_seen":"2024-12-18T10:35:17.798759Z","last_seen":"2025-07-12T15:17:24.588156Z","alert_count":0,"request_count":1,"received_data":2940,"sent_data":712,"comment":"","tags":null,"fingerprints":null},{"fqdn":"file.javblow.com","ip":{"addr":"50.2.254.166","port":80,"asn":62904,"as":"AS62904","country":"Germany","country_code":"DE"},"domain_registered":"2025-02-19","domain_rank":0,"first_seen":"2025-07-14T20:46:54.701858Z","last_seen":"2025-07-14T20:46:54.701858Z","alert_count":0,"request_count":35,"received_data":1502734,"sent_data":13537,"comment":"","tags":null,"fingerprints":null},{"fqdn":"collect-v6.51.la","ip":{"addr":"90.84.161.18","port":80,"asn":2285,"as":"Orange","country":"France","country_code":"FR"},"domain_registered":"2005-01-17","domain_rank":91421,"first_seen":"2021-03-08T16:03:54Z","last_seen":"2025-07-11T23:37:00.431743Z","alert_count":0,"request_count":2,"received_data":1059,"sent_data":788,"comment":"","tags":null,"fingerprints":null},{"fqdn":"tp.xinxiyidiantong.com","ip":{"addr":"27.124.44.50","port":5868,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"domain_registered":"2019-08-03","domain_rank":0,"first_seen":"2022-06-30T09:41:39Z","last_seen":"2025-07-10T01:07:41.349562Z","alert_count":0,"request_count":8,"received_data":1485119,"sent_data":3872,"comment":"","tags":null,"fingerprints":null},{"fqdn":"push.zhanzhang.baidu.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"1999-10-11","domain_rank":57139,"first_seen":"2015-07-22T05:44:02Z","last_seen":"2025-07-08T04:28:33.889763Z","alert_count":0,"request_count":1,"received_data":0,"sent_data":339,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fcl.xueyuxingfeng.com","ip":{"addr":"27.124.44.6","port":6987,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"domain_registered":"2021-06-17","domain_rank":0,"first_seen":"2021-06-17T13:30:21Z","last_seen":"2025-07-11T01:12:26.536741Z","alert_count":0,"request_count":1,"received_data":3644,"sent_data":428,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2025-07-14T20:46:34Z","timestamp":1752525994,"ip_dst":{"addr":"172.18.0.20","port":39398,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-07-14T20:46:34.815687+0000\",\"flow_id\":778810390376515,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":39398,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjsmsie.com\",\"url\":\"/Skins/4566/images/hot.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://file.javblow.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2167},\"files\":[{\"filename\":\"/Skins/4566/images/hot.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":2167,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":5,\"bytes_toserver\":660,\"bytes_toclient\":4093,\"start\":\"2025-07-14T20:46:34.290883+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2025-07-14T20:46:34Z","timestamp":1752525994,"ip_dst":{"addr":"172.18.0.20","port":39374,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-07-14T20:46:34.893659+0000\",\"flow_id\":973194167742105,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":39374,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjsmsie.com\",\"url\":\"/Skins/4566/images/logo.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://file.javblow.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":5,\"bytes_toserver\":661,\"bytes_toclient\":2507,\"start\":\"2025-07-14T20:46:34.290457+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2025-07-14T20:46:34Z","timestamp":1752525994,"ip_dst":{"addr":"172.18.0.20","port":39376,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-07-14T20:46:34.896644+0000\",\"flow_id\":1885404419223332,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":39376,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjsmsie.com\",\"url\":\"/Skins/4566/images/banner2.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://file.javblow.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":5,\"bytes_toserver\":664,\"bytes_toclient\":2506,\"start\":\"2025-07-14T20:46:34.290596+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2025-07-14T20:46:34Z","timestamp":1752525994,"ip_dst":{"addr":"172.18.0.20","port":39402,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-07-14T20:46:34.903357+0000\",\"flow_id\":176494914203877,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":39402,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjsmsie.com\",\"url\":\"/Skins/4566/images/banner1.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://file.javblow.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2070},\"files\":[{\"filename\":\"/Skins/4566/images/banner1.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":2070,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":6,\"bytes_toserver\":718,\"bytes_toclient\":4632,\"start\":\"2025-07-14T20:46:34.291045+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2025-07-14T20:46:34Z","timestamp":1752525994,"ip_dst":{"addr":"172.18.0.20","port":39384,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-07-14T20:46:34.908663+0000\",\"flow_id\":1317371372007372,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":39384,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjsmsie.com\",\"url\":\"/Skins/4566/images/banner3.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://file.javblow.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":5,\"bytes_toserver\":664,\"bytes_toclient\":2506,\"start\":\"2025-07-14T20:46:34.290764+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2025-07-14T20:46:34Z","timestamp":1752525994,"ip_dst":{"addr":"172.18.0.20","port":39368,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-07-14T20:46:34.918967+0000\",\"flow_id\":1662289458130278,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":39368,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjsmsie.com\",\"url\":\"/Skins/4566/images/hengf.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://file.javblow.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":5,\"bytes_toserver\":662,\"bytes_toclient\":2506,\"start\":\"2025-07-14T20:46:34.290150+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2025-07-14T20:46:35Z","timestamp":1752525995,"ip_dst":{"addr":"172.18.0.20","port":39452,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-07-14T20:46:35.111408+0000\",\"flow_id\":274931269654599,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":39452,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjsmsie.com\",\"url\":\"/Skins/4566/images/mulu2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://file.javblow.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":608,\"bytes_toclient\":2440,\"start\":\"2025-07-14T20:46:34.546887+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2025-07-14T20:46:35Z","timestamp":1752525995,"ip_dst":{"addr":"172.18.0.20","port":39398,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-07-14T20:46:35.392181+0000\",\"flow_id\":778810390376515,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":39398,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjsmsie.com\",\"url\":\"/Skins/4566/images/ssico.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://file.javblow.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2639},\"files\":[{\"filename\":\"/Skins/4566/images/ssico.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2639,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":10,\"bytes_toserver\":1622,\"bytes_toclient\":7752,\"start\":\"2025-07-14T20:46:34.290883+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2025-07-14T20:46:35Z","timestamp":1752525995,"ip_dst":{"addr":"172.18.0.20","port":39374,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-07-14T20:46:35.409562+0000\",\"flow_id\":973194167742105,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":39374,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjsmsie.com\",\"url\":\"/Skins/4566/images/indbkbg.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://file.javblow.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":20,\"pkts_toclient\":20,\"bytes_toserver\":1845,\"bytes_toclient\":21773,\"start\":\"2025-07-14T20:46:34.290457+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2025-07-14T20:46:35Z","timestamp":1752525995,"ip_dst":{"addr":"172.18.0.20","port":39398,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-07-14T20:46:35.472180+0000\",\"flow_id\":778810390376515,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":39398,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjsmsie.com\",\"url\":\"/Skins/4566/images/flbtbg1.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://file.javblow.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1460},\"files\":[{\"filename\":\"/Skins/4566/images/flbtbg1.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":1460,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":10,\"pkts_toclient\":13,\"bytes_toserver\":1676,\"bytes_toclient\":11592,\"start\":\"2025-07-14T20:46:34.290883+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2025-07-14T20:46:35Z","timestamp":1752525995,"ip_dst":{"addr":"172.18.0.20","port":39368,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-07-14T20:46:35.539285+0000\",\"flow_id\":1662289458130278,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":39368,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjsmsie.com\",\"url\":\"/Skins/4566/images/flbtbg2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://file.javblow.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1460},\"files\":[{\"filename\":\"/Skins/4566/images/flbtbg2.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":1460,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":38,\"pkts_toclient\":55,\"bytes_toserver\":2842,\"bytes_toclient\":74476,\"start\":\"2025-07-14T20:46:34.290150+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2025-07-14T20:46:35Z","timestamp":1752525995,"ip_dst":{"addr":"172.18.0.20","port":39398,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-07-14T20:46:35.821368+0000\",\"flow_id\":778810390376515,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":39398,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjsmsie.com\",\"url\":\"/Skins/4566/images/kefu.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://file.javblow.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2168},\"files\":[{\"filename\":\"/Skins/4566/images/kefu.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":2168,\"tx_id\":3}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":14,\"pkts_toclient\":21,\"bytes_toserver\":2263,\"bytes_toclient\":22175,\"start\":\"2025-07-14T20:46:34.290883+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2025-07-14T20:46:35Z","timestamp":1752525995,"ip_dst":{"addr":"172.18.0.20","port":39432,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-07-14T20:46:35.829085+0000\",\"flow_id\":1855277371119475,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":39432,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjsmsie.com\",\"url\":\"/Skins/4566/images/arrows1.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://file.javblow.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":610,\"bytes_toclient\":2339,\"start\":\"2025-07-14T20:46:34.546675+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2025-07-14T20:46:35Z","timestamp":1752525995,"ip_dst":{"addr":"172.18.0.20","port":39452,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-07-14T20:46:35.842378+0000\",\"flow_id\":274931269654599,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":39452,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjsmsie.com\",\"url\":\"/Skins/4566/images/kefu-tb.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://file.javblow.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":8,\"bytes_toserver\":1198,\"bytes_toclient\":5296,\"start\":\"2025-07-14T20:46:34.546887+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2025-07-14T20:46:35Z","timestamp":1752525995,"ip_dst":{"addr":"172.18.0.20","port":39422,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-07-14T20:46:35.850154+0000\",\"flow_id\":909847695087382,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":39422,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjsmsie.com\",\"url\":\"/Skins/4566/images/arrows2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://file.javblow.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":5,\"bytes_toserver\":664,\"bytes_toclient\":2406,\"start\":\"2025-07-14T20:46:34.546582+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2025-07-14T20:46:35Z","timestamp":1752525995,"ip_dst":{"addr":"172.18.0.20","port":39374,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-07-14T20:46:35.984934+0000\",\"flow_id\":973194167742105,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":39374,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjsmsie.com\",\"url\":\"/Skins/4566/images/mulu0.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://file.javblow.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1915},\"files\":[{\"filename\":\"/Skins/4566/images/mulu0.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":1915,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":26,\"pkts_toclient\":28,\"bytes_toserver\":2917,\"bytes_toclient\":27937,\"start\":\"2025-07-14T20:46:34.290457+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2025-07-14T20:46:36Z","timestamp":1752525996,"ip_dst":{"addr":"172.18.0.20","port":39398,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-07-14T20:46:36.123253+0000\",\"flow_id\":778810390376515,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":39398,\"proto\":\"TCP\",\"tx_id\":4,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjsmsie.com\",\"url\":\"/Skins/4566/images/zxbtn.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://file.javblow.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1460},\"files\":[{\"filename\":\"/Skins/4566/images/zxbtn.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":1460,\"tx_id\":4}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":22,\"pkts_toclient\":35,\"bytes_toserver\":3079,\"bytes_toclient\":39040,\"start\":\"2025-07-14T20:46:34.290883+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2025-07-14T20:46:36Z","timestamp":1752525996,"ip_dst":{"addr":"172.18.0.20","port":39368,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-07-14T20:46:36.139119+0000\",\"flow_id\":1662289458130278,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":39368,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjsmsie.com\",\"url\":\"/Skins/4566/images/morejt.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://file.javblow.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2464},\"files\":[{\"filename\":\"/Skins/4566/images/morejt.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2464,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":44,\"pkts_toclient\":62,\"bytes_toserver\":3925,\"bytes_toclient\":80201,\"start\":\"2025-07-14T20:46:34.290150+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2025-07-14T20:46:36Z","timestamp":1752525996,"ip_dst":{"addr":"172.18.0.20","port":39422,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-07-14T20:46:36.149918+0000\",\"flow_id\":909847695087382,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":39422,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjsmsie.com\",\"url\":\"/Skins/4566/images/artico.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://file.javblow.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2170},\"files\":[{\"filename\":\"/Skins/4566/images/artico.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":2170,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":9,\"bytes_toserver\":1199,\"bytes_toclient\":6078,\"start\":\"2025-07-14T20:46:34.546582+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2025-07-14T20:46:36Z","timestamp":1752525996,"ip_dst":{"addr":"172.18.0.20","port":39374,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-07-14T20:46:36.150236+0000\",\"flow_id\":973194167742105,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":39374,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjsmsie.com\",\"url\":\"/Skins/4566/images/indnew_bg.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://file.javblow.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1460},\"files\":[{\"filename\":\"/Skins/4566/images/indnew_bg.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":1460,\"tx_id\":3}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":27,\"pkts_toclient\":32,\"bytes_toserver\":2971,\"bytes_toclient\":33289,\"start\":\"2025-07-14T20:46:34.290457+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2025-07-14T20:46:36Z","timestamp":1752525996,"ip_dst":{"addr":"172.18.0.20","port":39432,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-07-14T20:46:36.395283+0000\",\"flow_id\":1855277371119475,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":39432,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjsmsie.com\",\"url\":\"/Skins/4566/images/morejt2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://file.javblow.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2742},\"files\":[{\"filename\":\"/Skins/4566/images/morejt2.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2742,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":9,\"bytes_toserver\":1640,\"bytes_toclient\":6099,\"start\":\"2025-07-14T20:46:34.546675+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2025-07-14T20:46:36Z","timestamp":1752525996,"ip_dst":{"addr":"172.18.0.20","port":39432,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-07-14T20:46:36.398843+0000\",\"flow_id\":1855277371119475,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":39432,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjsmsie.com\",\"url\":\"/Skins/4566/images/footli3.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://file.javblow.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2170},\"files\":[{\"filename\":\"/Skins/4566/images/footli3.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":2170,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":10,\"pkts_toclient\":12,\"bytes_toserver\":1694,\"bytes_toclient\":9647,\"start\":\"2025-07-14T20:46:34.546675+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2025-07-14T20:46:46Z","timestamp":1752526006,"ip_dst":{"addr":"172.18.0.20","port":39368,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-07-14T20:46:46.442884+0000\",\"flow_id\":1662289458130278,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":39368,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjsmsie.com\",\"url\":\"/Skins/4566/images/footli1.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://file.javblow.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2749},\"files\":[{\"filename\":\"/Skins/4566/images/footli1.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2749,\"tx_id\":3}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":47,\"pkts_toclient\":66,\"bytes_toserver\":4099,\"bytes_toclient\":83917,\"start\":\"2025-07-14T20:46:34.290150+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2025-07-14T20:46:46Z","timestamp":1752526006,"ip_dst":{"addr":"172.18.0.20","port":39452,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-07-14T20:46:46.445333+0000\",\"flow_id\":274931269654599,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":39452,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjsmsie.com\",\"url\":\"/Skins/4566/images/footli2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://file.javblow.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2021},\"files\":[{\"filename\":\"/Skins/4566/images/footli2.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2021,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":27,\"pkts_toclient\":27,\"bytes_toserver\":2610,\"bytes_toclient\":27691,\"start\":\"2025-07-14T20:46:34.546887+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"chat.chem17.com/chat/KFCenterBox/4566","fqdn":"chat.chem17.com","domain":"chem17.com","tld":"com"},"ip":{"addr":"180.163.146.116","port":443,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"b936460ba988b30cd79d99ae93c77106","sha1":"a44405ff5b67abf66ef77714e4364e6c3f1e9940","sha256":"6cd604b71e1e21050b6a41602716b9a722e769a5d7cfb3b97152f3d73dcef5c9","sha512":"ad4731faf916fbb7118af38e25fa7e15814294950676fbd4ec41aeba5c7508ed34b7a7a4c98e1834e1096ea92e6301935699ed6df01a7416632e39063c0c9661","ssdeep":"","tlshash":"3990023209b10052711510915943e1456595959129de9915a00004a572529539a06d51","size":49,"data":"","first_seen":"2023-03-07T12:42:46Z","last_seen":"2026-04-05T04:58:55.066133Z","times_seen":582,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"file.javblow.com/Skins/4566/js/jquery-3.6.0.min.js","fqdn":"file.javblow.com","domain":"javblow.com","tld":"com"},"ip":{"addr":"50.2.254.166","port":80,"asn":62904,"as":"AS62904","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"46831fe773a633cbc6b491e456a0b66b","sha1":"aa798cd2820d0a596821dd83ac8e96fe4b5792b3","sha256":"7bf3461bc9e57a4820571d7e417b644c7d30927fe07d9b6e9802fe6758feb6f7","sha512":"493d28fc7a7bf3ffe38814c89c647fc0da8b23efbd167fcba148a0b8a9f4eea2964ae0cf0e20dd8315d01037b15e3ea767b976783743d2113067e96bdbdb7f7d","ssdeep":"1536:ajExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiXYmQ1vo:aIh8GgP3hujzwbhdXXvxiDQ47GK/","tlshash":"3a9309ddb2c6702257a720ba007f510bf236199d6c4d8450f169d8eabc78a4e827bf7d","size":89404,"data":"","first_seen":"2025-07-14T20:47:05.285961Z","last_seen":"2026-03-28T16:48:59.25503Z","times_seen":20,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"file.javblow.com/","fqdn":"file.javblow.com","domain":"javblow.com","tld":"com"},"ip":{"addr":"50.2.254.166","port":80,"asn":62904,"as":"AS62904","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"37130f4b58a6d3c7ff717233764cf179","sha1":"a849b5900fb361b2852be32eff723a87b8214355","sha256":"85fbe8240af33c8dc0dac168248944e52dac51e81acc0408a0ede466739b154f","sha512":"eab1020caa06bcd0524617dacc6368d5c3eb340a7b214f0530344a0434fe768704bdc7379430f464c48825c5c97af0c81cf07dc055c0c63a781a45a51a65aeb2","ssdeep":"","tlshash":"24f09eae5c81a16857c2259c5bafe648c1ae0069200bc417bcdac4cd3d38fd4043138c","size":492,"data":"","first_seen":"2024-12-04T02:32:47.465796Z","last_seen":"2025-12-21T19:15:45.888494Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"sdk.51.la/js-sdk-pro.min.js","fqdn":"sdk.51.la","domain":"51.la","tld":"la"},"ip":{"addr":"38.54.123.55","port":80,"asn":138915,"as":"Kaopu Cloud HK Limited","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":false,"md5":"b8a41c9449b73e8ba0224c6be1f0b7e8","sha1":"33d79319d4110bcf5c44c36f7dd4a291972ac546","sha256":"52079c09a7355f4ce3af750602ebb9aebae8238583601f8a06268eecccf13565","sha512":"472d0395a65a3ade2d215559b196a88ffcdacde3ac0f573eb8663b524f201d72c9339bcacbc198d82452a0ac367c0efd407b12795943cdd2755d95a8cf71b977","ssdeep":"768:swetbD3SkE+a/l1jaKUiQU5eqEh9GMXBOXAA/EXBeJMlbJfuPT:BetbD3SVT/3+KUc5eqEh9GMXBYEXBeJ7","tlshash":"dbf23d9577c0317cc3c783ea362b501ae1a69e910059a8bcf345f6907d34e56a37fba8","size":36114,"data":"","first_seen":"2025-03-10T03:40:31.536734Z","last_seen":"2026-04-05T07:45:35.102707Z","times_seen":81715,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"file.javblow.com/Skins/4566/js/customer.js","fqdn":"file.javblow.com","domain":"javblow.com","tld":"com"},"ip":{"addr":"50.2.254.166","port":80,"asn":62904,"as":"AS62904","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"cf45486f36fa46a4b8935adfb7b98079","sha1":"3ca5dcce696db8b2fb47249ca97781c8eefd0703","sha256":"9a8edece99ac33fd722a441e6fb87c04bf6ec46e344c6e7074fdea3cbc2d0a7e","sha512":"4baf16d3017de9a4f8f350d629afe1b7b26df7cdce6249fbfe794fef2f3f91b1841a4ade935db13af7829d7306e9fa979b964508e055868f710450800d48c5a3","ssdeep":"","tlshash":"f5811085d25cb43a42b7677b093f30928e0a0187d4ca58f2f5be5154cfa822d65b7fb0","size":3880,"data":"","first_seen":"2025-03-09T15:25:07.247169Z","last_seen":"2026-03-07T04:19:34.372668Z","times_seen":20,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"file.javblow.com/","fqdn":"file.javblow.com","domain":"javblow.com","tld":"com"},"ip":{"addr":"50.2.254.166","port":80,"asn":62904,"as":"AS62904","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"005c6d62eec5db74a01e7ab2f8c7db1c","sha1":"08c748fb7dbb21b1a00ef95efd609b9b27152d59","sha256":"2018a2b39dcfd69d72fc9136c8d0315b6b735ccb699abf97196328bafd36ea22","sha512":"3f97535c70717321230acce27031c7d42b98ff9136496e1028b87b4c8a4131466d5116b6e5c4618405ff5605ca8daffc89e068677b4fd6d3501af480327eb01b","ssdeep":"","tlshash":"f1a0123f3190731110011003a912080f19b31038c440803cea541594043cc504380c4c","size":81,"data":"","first_seen":"2025-07-14T20:47:05.318465Z","last_seen":"2025-07-14T20:47:05.318465Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"file.javblow.com/","fqdn":"file.javblow.com","domain":"javblow.com","tld":"com"},"ip":{"addr":"50.2.254.166","port":80,"asn":62904,"as":"AS62904","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"210d4f43b382acfb75f0f93b9c50ecbe","sha1":"59b36abd16d11e7df6631e0414001d2a71727bc9","sha256":"0dcc1d68298b80b8746eb95f3e454d036988415a8d6df607edf2f79be8a76911","sha512":"0aa2f0e626fba04f5e58e2e39e2eb1f33033e2eaae7f4e46ea0bbb3b419ff24abedc34e2265c536f899be66f8a015536e24898b7990732cebe90c77425122c30","ssdeep":"","tlshash":"d7b012a3bf0d0c3814893127012443c0b80dc7734f942999983c3a138010c458289f64","size":97,"data":"","first_seen":"2024-10-22T22:01:03.829516Z","last_seen":"2026-04-01T07:16:48.453299Z","times_seen":88,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"file.javblow.com/jquery.la.min.js","fqdn":"file.javblow.com","domain":"javblow.com","tld":"com"},"ip":{"addr":"50.2.254.166","port":80,"asn":62904,"as":"AS62904","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"6406afc04e3f3947da89fc7523723d88","sha1":"603ba81b6126d1155c0650815d9894c73a1f685f","sha256":"fbdc2e9bf89dc80c12bf353ee447b178458eeb453ef04070bf5c88572d5d1ba7","sha512":"f6a101e82d266126a573156e705af1d8eae21b6910f61282f2a75077c11969fb1282f5c50b272156dc23873d4253770c36f0d4152610a1f7f631809d289cd7a8","ssdeep":"","tlshash":"b921c15efc05e2245f51287637bbedaca9ee1035600ad80659eec06d7d25ff94522a0c","size":1221,"data":"","first_seen":"2024-12-04T02:32:47.41657Z","last_seen":"2026-03-15T21:19:37.780077Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.chem17.com/asyncstat.aspx?u=smszxl\u0026referer=\u0026title=DB%u7535%u7ADE%B7%28DBGAME%29%u5B98%u65B9%u7F51%u7AD9","fqdn":"www.chem17.com","domain":"chem17.com","tld":"com"},"ip":{"addr":"180.163.146.112","port":443,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":true,"md5":"045e52bc399541b85b95c884a3cd6648","sha1":"806824d0d24bfb4d076de11ee283142f34016261","sha256":"633c490f24e767cfbac0df15261d6723cab0595971c01a8af90af854f0befd6c","sha512":"454bf4d526281b40e3113ae1a8298b15000a797ccd80b18f191908c95f94e439778347269d8a53c8a1f3f22834d823b550adf25881aaacfbdf6764c2f159a4be","ssdeep":"","tlshash":"72f02ea74400e2ea9805b8aade71d354d05b0f7f3151d573a117018526255bbb0ac9df","size":475,"data":"","first_seen":"2025-07-14T20:47:05.320598Z","last_seen":"2025-07-14T20:47:05.320598Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.chem17.com/mystat.aspx?u=smszxl","fqdn":"www.chem17.com","domain":"chem17.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"1e8a741d5b066d99e2a0ca1d74bc0cb0","sha1":"49d4b5ce816eeb5c500436bcff5bbed86eb7a37e","sha256":"2fa35c6b1d61a3684d084aaff63bfd2694bcc1e42397c5eac8b7a4af35dcdf67","sha512":"9f7e2e121fff39bf6ff582ab61bbbcada4a34927a9775492301dfdffc01e33d2909b7c06735ca548f87532c52fc4106263a8f92b0cb0e9b0f2e513e37945571f","ssdeep":"","tlshash":"fa119b201d16c0b47831723dd9bbd538e27616273925e366b88d950c4fb0eb418deeea","size":1094,"data":"","first_seen":"2025-07-14T20:47:05.321999Z","last_seen":"2025-07-14T20:47:05.321999Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"file.javblow.com/","fqdn":"file.javblow.com","domain":"javblow.com","tld":"com"},"ip":{"addr":"50.2.254.166","port":80,"asn":62904,"as":"AS62904","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"b3bf742b87eab13561c08070eaee6416","sha1":"fd4c07a8cccbfa6136825ee1e464c182ac0ad0d1","sha256":"95f8b67817f438cf0f147a83f95ae7c2846cf875691a1836239095cdf98f752b","sha512":"8dc25424a6738fabba8148bd305777d8238168992299a9ac467547678048ad60eb9cf1a50b98e3bbac3ec89e205f34ad100a3bbeefd4c38266d0663df0cf0afb","ssdeep":"","tlshash":"c1e026aa29721674578419fa992ff92cf1aa627c0554e003f58dfc230424eef4e2ead5","size":345,"data":"","first_seen":"2023-03-11T21:10:52Z","last_seen":"2026-04-05T04:58:55.074767Z","times_seen":2795,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"file.javblow.com/","fqdn":"file.javblow.com","domain":"javblow.com","tld":"com"},"ip":{"addr":"50.2.254.166","port":80,"asn":62904,"as":"AS62904","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"1f1c35eb69d43d3834d3ab304569d9fa","sha1":"226d96dc876d024617bab3b91736730657eed769","sha256":"7812f54e0ab854fcd2b8af5450d1cfd9ecefe48001448500e7c17ad49019d37c","sha512":"f5302709d42fab6177f9167cea6a17b949598d5a5c1b1cc12a71061224260d734a7b3d940f067d409ff481427bf470edc74002d61264f8e3087d1466ee3be5f5","ssdeep":"","tlshash":"16f0d4ae6c41a9545bc3349c97dfd74cd15f00381009c417a5d9c8cd3d38fc5082174c","size":492,"data":"","first_seen":"2024-12-04T02:32:47.469422Z","last_seen":"2026-03-29T20:57:38.564207Z","times_seen":47,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"89tongji.com/tj.js?id=51","fqdn":"89tongji.com","domain":"89tongji.com","tld":"com"},"ip":{"addr":"38.34.191.56","port":443,"asn":18978,"as":"ENZUINC","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"855f937d4a2f62414db3b9c336cc8ffa","sha1":"59d5e70144cfd63e1a43d707f3e9853352e530df","sha256":"f42b8d540d18c228d52ba10be1603dc8a77d6e38dfc0107cca11f4e06dbb93a9","sha512":"4ab7cb104ce87a835ff0b1007aa618c45ccb03787b55a9c77b0248523c51173eeaaf6e9c66cb822039ee06589cdb05f2b3f7ab3ae1c8c7a3a373683eede413ad","ssdeep":"192:JS6nhiQTxZmtzHGT6w5uRiHh5VY9NdhftVi8L:JSOZmtzHSj5UFftVi8L","tlshash":"3102519dff0c24b21961302d7c2d918c30e95d22ea3ede5af938a49047e1fadd52999c","size":8451,"data":"","first_seen":"2025-01-27T01:19:46.246783Z","last_seen":"2025-08-03T13:33:57.216504Z","times_seen":147,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"file.javblow.com/jquery.min.js","fqdn":"file.javblow.com","domain":"javblow.com","tld":"com"},"ip":{"addr":"50.2.254.166","port":80,"asn":62904,"as":"AS62904","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"a75ada17c3011458d74a0e4c5cc17ffa","sha1":"8e57d597b1caeb46af5a4578034187eda8bf8b26","sha256":"8056951f7605e0cc00e96769abe87124de09d74273e83efb7992dddc056390ce","sha512":"b56551f614e99478ac6a0e273fe4bb4b796c29e118732b903d11ec3dfc8368f0872386a3970dad897a0b5dceb21adb5557827c6dad66a642480a1f52c45fef4e","ssdeep":"","tlshash":"d30181d8c7c4d89baecc5e43ea24deca25b3813b97d832838318fe8c01ad157c89c049","size":718,"data":"","first_seen":"2023-03-07T12:26:46Z","last_seen":"2026-04-02T16:01:36.350899Z","times_seen":124,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fcl.xueyuxingfeng.com:6987/067/ade/sj.js","fqdn":"fcl.xueyuxingfeng.com","domain":"xueyuxingfeng.com","tld":"com"},"ip":{"addr":"27.124.44.6","port":6987,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"fa19716607c7d8137d9cfbe623dba7cb","sha1":"e46242940c345610d692c2b1ce8fe9c1152aa46c","sha256":"cc9193fc7e8e2722b308b5de9881b0442e21363e33b296824381d574816bae16","sha512":"391ff0cdc99fdcfb81af8a0a72425b9e178309d74d5ec96642dbfc1fdd98be8529260af73ac6896dd45266adde8cfcfa96083e4c94a10ef1a3e593de0915d60b","ssdeep":"","tlshash":"4b611f54ef8d20338e133155ae6f958c24be68577d48eca7f84c64d44fa0d38852beac","size":3363,"data":"","first_seen":"2024-12-18T10:35:23.532443Z","last_seen":"2026-04-04T22:13:19.170087Z","times_seen":212,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"file.javblow.com/js/JSChat.js","fqdn":"file.javblow.com","domain":"javblow.com","tld":"com"},"ip":{"addr":"50.2.254.166","port":80,"asn":62904,"as":"AS62904","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"c585663f5b83e34d09092e44326b9377","sha1":"498b43fec7eb7cb801257cc121f97c12be542abc","sha256":"97da6e4048ee96ed0c9d00a4f87b00c26adb4af9af53df68e5d8b6669f4bb690","sha512":"5e9a059d9ff3f80b3aa58f6411925c2744e579450f08885deaf41bbdfcb95af3254195a4fde2454047d63838ec6a4eb5cd4d3b213bf1d94df9d5d30ba86f44e9","ssdeep":"","tlshash":"7731dfb28913d31609194e63c716174ca267915b9103e9623d3d7e643f88d2bb3997f0","size":1622,"data":"","first_seen":"2024-01-31T06:36:47Z","last_seen":"2026-04-05T04:58:55.073774Z","times_seen":497,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"chat.chem17.com/chat/KFLeftBox/4566","fqdn":"chat.chem17.com","domain":"chem17.com","tld":"com"},"ip":{"addr":"180.163.146.116","port":443,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"b936460ba988b30cd79d99ae93c77106","sha1":"a44405ff5b67abf66ef77714e4364e6c3f1e9940","sha256":"6cd604b71e1e21050b6a41602716b9a722e769a5d7cfb3b97152f3d73dcef5c9","sha512":"ad4731faf916fbb7118af38e25fa7e15814294950676fbd4ec41aeba5c7508ed34b7a7a4c98e1834e1096ea92e6301935699ed6df01a7416632e39063c0c9661","ssdeep":"","tlshash":"3990023209b10052711510915943e1456595959129de9915a00004a572529539a06d51","size":49,"data":"","first_seen":"2023-03-07T12:42:46Z","last_seen":"2026-04-05T04:58:55.066133Z","times_seen":582,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"file.javblow.com/Skins/4566/js/swiper.min.js","fqdn":"file.javblow.com","domain":"javblow.com","tld":"com"},"ip":{"addr":"50.2.254.166","port":80,"asn":62904,"as":"AS62904","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"fa463c1f651de45cc98496d25bd18c91","sha1":"354442c52638f8320457ec2410c234fb65a6b096","sha256":"6f27c84b0bd60093b2eeec91c207bcd2b013572839549e243151474b78dedfc4","sha512":"ea568af5d9b2c1fac3f70c7ad3e0cc51df896c22fbc9e0331af3d3e56e3111aa9bec490e01c130727982194411cb32161d6102c2cc84b6cacaa3880a91dae1b2","ssdeep":"1536:dyOkN3TklR3ZIFD7+Y7n2L5ydUTq0tSQfCBTq:QTF73uTqY","tlshash":"5893d66db314f3e295d3214a679ac64122f21706b849dae870b54c4a68bcc5d03bffbd","size":96097,"data":"","first_seen":"2023-09-16T23:58:26Z","last_seen":"2026-03-26T10:35:32.902064Z","times_seen":42,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"sdk.51.la/js-sdk-pro.min.js","fqdn":"sdk.51.la","domain":"51.la","tld":"la"},"ip":{"addr":"38.54.123.55","port":80,"asn":138915,"as":"Kaopu Cloud HK Limited","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":false,"md5":"b8a41c9449b73e8ba0224c6be1f0b7e8","sha1":"33d79319d4110bcf5c44c36f7dd4a291972ac546","sha256":"52079c09a7355f4ce3af750602ebb9aebae8238583601f8a06268eecccf13565","sha512":"472d0395a65a3ade2d215559b196a88ffcdacde3ac0f573eb8663b524f201d72c9339bcacbc198d82452a0ac367c0efd407b12795943cdd2755d95a8cf71b977","ssdeep":"768:swetbD3SkE+a/l1jaKUiQU5eqEh9GMXBOXAA/EXBeJMlbJfuPT:BetbD3SVT/3+KUc5eqEh9GMXBYEXBeJ7","tlshash":"dbf23d9577c0317cc3c783ea362b501ae1a69e910059a8bcf345f6907d34e56a37fba8","size":36114,"data":"","first_seen":"2025-03-10T03:40:31.536734Z","last_seen":"2026-04-05T07:45:35.102707Z","times_seen":81715,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"4d14415e19c22cec55e1f6184cf3bff1","sha1":"76f09bf3037a2de1695e2c4ea49c94c181416153","sha256":"09f90dcb2f46cbf260aea52da1b2cf44ac9ca2a9b8644874eaa252d65ad54502","sha512":"0af3dc47020dddd0dbf7c5eb7bd6fc850dc3f02615cf8acaba854fe209b9a54cde69128b4fd4f8c339c4c22054b8576f61dd3b81af49200afe533551a86feb3e","ssdeep":"","tlshash":"e6c02b835d01c84942004ac4d0a2fc2cd090f0398514dc8dc0d034cc21c05d90c011c4","size":133,"data":"","first_seen":"2023-03-07T12:26:46Z","last_seen":"2026-04-02T16:01:36.383121Z","times_seen":124,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"7cd08edd9d12febc00f0b47d024e793f","sha1":"4b38f2828e64598920c353f3cedfe0531ffe04c6","sha256":"0db596ed2c0842b58dbc6e00eec03249582c79887d1c72237096cf0d381af983","sha512":"c64fce662fe783a73cb54e0390fe0b9cb9efcb7b9766270cf07b195323df9272c15b6feef608252b22308ba33856c3bbb03b2cdbc6d8aa53c48e453177e6e350","ssdeep":"","tlshash":"cac0225e090100208810b080a06a9b2100a2154a3aa00bb84ace3900e118a9aa9d0139","size":187,"data":"","first_seen":"2025-07-14T20:47:05.326888Z","last_seen":"2025-07-14T20:47:05.326888Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"23ee6bdc7b364a4b987c834bce78cad7","sha1":"68adb4aa39c32e2a9690b68a8cf51c5d06d6625c","sha256":"888c35107b4128f9f898b6b420beeac584e987ac40a0d6765a969502a924a64f","sha512":"5fc0c4cff70a5d85769922972c13efb3f754217f49120d29b33c0e63d8d1f5f5992a09abced527dd01856e4c182c9d62a90f11b4f5744e703ef8832fa1f0e422","ssdeep":"","tlshash":"8e51326386cc914e8961e048d234faea1613242fcf73ac5bfe64659fda044e949430cc","size":2666,"data":"","first_seen":"2025-07-14T20:47:05.328168Z","last_seen":"2025-07-14T20:47:05.328168Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"4948e87ff90354f9aa958fe3aae5ee9f","sha1":"49a5806481fc3de5de79121750759ad03fee7200","sha256":"d9e8faebcefb68e7ccd4a16e07a49a81692e052c51d869cda30c24615fc2e260","sha512":"ce3980a744ed9afb1d494e387693e29060e0b75204b19c029016e39dfb6176e255a48bee3dd25249e2edede9686eb677522435be416a45a9bb228a78936666cb","ssdeep":"","tlshash":"9ff09eae6c41e9545ad3249897efd24cd15e00281009c417a5d9c8cd3d38fd50c2574c","size":508,"data":"","first_seen":"2023-06-17T18:58:05Z","last_seen":"2026-03-29T21:47:46.968596Z","times_seen":108,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"8848f81e48a355c355802e90eb08e567","sha1":"4ba650a6114afe2856140e71cc1afffabc29b2fc","sha256":"92904ac25455b8eb48167674f1bf79c567972345499b10fb08a0e3d09d6c114b","sha512":"0fbf2a4572b8a0d6178f71470b839d2f84c12d30ae8d26bee9f117d53c3893754d31964d2328db3f3fccc50a1797e8a1a0b31338d74b7dbeb28a3e80c53252fe","ssdeep":"","tlshash":"f8f09eae5c81e5685bd2259c5bbfe24cc1ae0069200bc417bcdac4cd3d38fd4043538c","size":508,"data":"","first_seen":"2024-12-04T02:32:47.477967Z","last_seen":"2026-03-15T21:19:37.816204Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"ced45f00ebb2e79b6c6a66647bd89fbc","sha1":"0525aaba011f7b314a407d666e5fad6a61370fbc","sha256":"8da60e60c86598053d45c148804f4b0875c5ad94b1e765df389e3f5ef4283904","sha512":"7502d1edb7d811b367aac6f9b0d4741ef7ad65cf67945988b4c4fd36f1639bda25fdb7cf2c2781e641e17042b647092aec0cf31d5c902085a42c40fdd431685a","ssdeep":"","tlshash":"94a022033e02c088ac0200ebb0b0f83cf0a33820a882ec0cccf000282cb33ccce00002","size":78,"data":"","first_seen":"2023-11-23T05:47:09Z","last_seen":"2026-04-02T16:01:36.424947Z","times_seen":124,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]},"http":[{"url":{"schema":"https","addr":"89tongji.com/tj.cgi?id=51","fqdn":"89tongji.com","domain":"89tongji.com","tld":"com"},"ip":{"addr":"38.34.191.56","port":443,"asn":18978,"as":"ENZUINC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:36.493Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.89tongji.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 18 Sep 2024 00:00:00 GMT","end":"Thu, 18 Sep 2025 23:59:59 GMT"},"fingerprint":{"sha1":"26:65:78:6C:59:FD:77:DB:E9:7F:F0:18:CD:13:D0:BE:C0:0E:39:76","sha256":"87:65:56:94:E2:73:C3:7F:F6:0F:66:CA:1A:D5:34:94:61:42:CA:57:E9:D2:9A:8B:D1:DF:55:A1:DE:40:8F:59"}}},"request":{"raw":"POST /tj.cgi?id=51 HTTP/1.1\r\nHost: 89tongji.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nContent-Length: 171\r\nOrigin: http://file.javblow.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://file.javblow.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 14 Jul 2025 20:46:37 GMT\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nAccess-Control-Allow-Origin: *\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1240,"timings":{"blocked":555,"dns":4,"connect":167,"send":0,"wait":168,"receive":0,"ssl":342},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"chat.chem17.com/chat/KFCenterBox/4566","fqdn":"chat.chem17.com","domain":"chem17.com","tld":"com"},"ip":{"addr":"180.163.146.116","port":443,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:30.891Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.chem17.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Fri, 03 Jan 2025 06:14:58 GMT","end":"Mon, 02 Feb 2026 06:14:57 GMT"},"fingerprint":{"sha1":"EA:83:C4:F6:80:68:DA:E0:B9:5F:29:5F:25:1E:D7:C5:23:96:B4:5B","sha256":"F1:AD:AB:7C:0A:BE:EB:41:29:1E:D9:E5:50:CE:33:DC:53:3A:61:0B:3E:F8:FC:76:84:BF:3A:F4:D7:15:69:1F"}}},"request":{"raw":"GET /chat/KFCenterBox/4566 HTTP/1.1\r\nHost: chat.chem17.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://file.javblow.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 49\r\ndate: Mon, 14 Jul 2025 20:46:33 GMT\r\ncache-control: private\r\nx-aspnetmvc-version: 3.0\r\nx-aspnet-version: 4.0.30319\r\nset-cookie: ASP.NET_SessionId=4jb1aabr0gjltuyf2ofjbjzs; path=/; HttpOnly; SameSite=Lax\nmtcached_mtsession_4jb1aabr0gjltuyf2ofjbjzs=10.115.3.112:9713; domain=chat.chem17.com; path=/; HttpOnly\r\nx-powered-by: ASP.NET-hg4.163\r\ncontent-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data:;\r\nvia: cache3.l2cn3022[126,126,200-0,M], cache32.l2cn3022[128,0], kunlun7.cn7174[135,134,200-0,M], kunlun3.cn7174[136,0]\r\nali-swift-global-savetime: 1752525993\r\nx-cache: MISS TCP_MISS dirn:-2:-2\r\nx-swift-savetime: Mon, 14 Jul 2025 20:46:33 GMT\r\nx-swift-cachetime: 0\r\ntiming-allow-origin: *\r\neagleid: b4a3921717525259928894124e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":49,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"ASCII text, with CRLF line terminators","md5":"b936460ba988b30cd79d99ae93c77106","sha1":"a44405ff5b67abf66ef77714e4364e6c3f1e9940","sha256":"6cd604b71e1e21050b6a41602716b9a722e769a5d7cfb3b97152f3d73dcef5c9","sha512":"ad4731faf916fbb7118af38e25fa7e15814294950676fbd4ec41aeba5c7508ed34b7a7a4c98e1834e1096ea92e6301935699ed6df01a7416632e39063c0c9661","ssdeep":"","tlshash":"3990023209b10052711510915943e1456595959129de9915a00004a572529539a06d51","first_seen":"2023-03-07T12:42:46Z","last_seen":"2026-04-05T04:58:55.066133Z","times_seen":582,"resource_available":true,"data":null}},"time_used":4223,"timings":{"blocked":1914,"dns":865,"connect":249,"send":0,"wait":355,"receive":0,"ssl":834},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.bjsmsie.com/Skins/4566/images/hot.png","fqdn":"www.bjsmsie.com","domain":"bjsmsie.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:33.417Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/4566/images/hot.png HTTP/1.1\r\nHost: www.bjsmsie.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://file.javblow.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 3058\r\nConnection: keep-alive\r\nDate: Mon, 14 Jul 2025 20:46:34 GMT\r\nLast-Modified: Wed, 25 Dec 2024 06:04:27 GMT\r\nAccept-Ranges: bytes\r\nETag: \"806795da9256db1:0\"\r\nX-Powered-By: ASP.NET-115.4.179\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache42.l2ea120-8[18,18,200-0,M], cache56.l2ea120-8[19,0], kunlun8.cn192[33,33,200-0,M], kunlun7.cn192[35,0]\r\nAli-Swift-Global-Savetime: 1752525994\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 14 Jul 2025 20:46:34 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01b17525259946383493e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3058,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 32 x 38, 8-bit/color RGBA, non-interlaced","md5":"607e5a648c5132e67321e9488ab589a1","sha1":"299635e57a3dd5f5f8dc6b5b17d4f43f2cb9f9bf","sha256":"8dc7b5f346c0b9666b7122e180d507492acc1c219bdc903ee00866557387d655","sha512":"ca58b9f8f218d690d300bf985863acb48c6735f74170d838e36113228c2bb9c4cb3fc5521331d786cbdaa06fa26e091c21ff9b3030bc525bc19086545d4b22ca","ssdeep":"","tlshash":"5651c709fc1258914f1dfb8996fe918387b31ec48ea294196eddcc121e208f99d8d9cb","first_seen":"2025-07-14T20:47:05.250067Z","last_seen":"2026-03-07T04:19:34.406187Z","times_seen":17,"resource_available":false,"data":null}},"time_used":1401,"timings":{"blocked":-1,"dns":875,"connect":245,"send":0,"wait":279,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-07-14T20:46:34Z","timestamp":1752525994,"ip_dst":{"addr":"172.18.0.20","port":39398,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-07-14T20:46:34.815687+0000\",\"flow_id\":778810390376515,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":39398,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjsmsie.com\",\"url\":\"/Skins/4566/images/hot.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://file.javblow.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2167},\"files\":[{\"filename\":\"/Skins/4566/images/hot.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":2167,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":5,\"bytes_toserver\":660,\"bytes_toclient\":4093,\"start\":\"2025-07-14T20:46:34.290883+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pinganfafa.com:25858/fcl.php?keyword=DB%E7%94%B5%E7%AB%9E%C2%B7(DBGAME)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99\u0026from=pc\u0026originUrl=http%3A%2F%2Ffile.javblow.com%2F\u0026referer=\u0026userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026v=2055","fqdn":"pinganfafa.com","domain":"pinganfafa.com","tld":"com"},"ip":{"addr":"143.92.57.25","port":25858,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:33.997Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"pinganfafa.com","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Mon, 12 May 2025 22:34:59 GMT","end":"Sun, 10 Aug 2025 22:34:58 GMT"},"fingerprint":{"sha1":"0F:12:9E:01:1B:0D:23:E0:2F:EE:E0:89:EF:88:5E:F7:A1:57:A2:B2","sha256":"4F:16:E2:60:8A:ED:7B:4A:6F:B8:0A:F9:32:58:22:D2:A4:34:A4:EA:6C:DB:8F:34:9D:02:52:67:84:64:E0:30"}}},"request":{"raw":"GET /fcl.php?keyword=DB%E7%94%B5%E7%AB%9E%C2%B7(DBGAME)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99\u0026from=pc\u0026originUrl=http%3A%2F%2Ffile.javblow.com%2F\u0026referer=\u0026userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026v=2055 HTTP/1.1\r\nHost: pinganfafa.com:25858\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: http://file.javblow.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://file.javblow.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 14 Jul 2025 20:46:35 GMT\r\nContent-Type: text/html;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nAccess-Control-Allow-Origin: *\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2673,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1849), with CRLF line terminators","md5":"dfa65e6f26fdb06b1dadb2d9b090ac03","sha1":"9cb55f983854a1c75d72b528cc63ceb9da467491","sha256":"8af3bc51138cb44706ca9c0f86239e99c48fe655f058b25cd2eabbb1a2f27905","sha512":"1e32129c801fb82b60b137c2d93d1a169ab0ad2df640e434ba09f14d872f4140f8526d18e05ecc2194b8cd56c9d9de25b8881082acd6a368c15f21c8109264a4","ssdeep":"","tlshash":"7b51126386cc914e8951e058d234faee1613282fcf77ac5bfe64659fda054e949434cc","first_seen":"2025-07-14T20:47:05.253847Z","last_seen":"2025-07-14T20:47:05.253847Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1358,"timings":{"blocked":0,"dns":79,"connect":311,"send":0,"wait":339,"receive":1,"ssl":626},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"file.javblow.com/Skins/4566/images/arrows2.png","fqdn":"file.javblow.com","domain":"javblow.com","tld":"com"},"ip":{"addr":"50.2.254.166","port":80,"asn":62904,"as":"AS62904","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:34.060Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/4566/images/arrows2.png HTTP/1.1\r\nHost: file.javblow.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://file.javblow.com/Skins/4566/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 14 Jul 2025 20:46:34 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.bjsmsie.com/Skins/4566/images/arrows2.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":null,"data":{"size":1362,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":106,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":106,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"file.javblow.com/Skins/4566/fonts/impact.ttf","fqdn":"file.javblow.com","domain":"javblow.com","tld":"com"},"ip":{"addr":"50.2.254.166","port":80,"asn":62904,"as":"AS62904","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:34.114Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/4566/fonts/impact.ttf HTTP/1.1\r\nHost: file.javblow.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://file.javblow.com/Skins/4566/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 14 Jul 2025 20:46:34 GMT\r\nContent-Type: text/html;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":205110,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"TrueType Font data, digitally signed, 23 tables, 1st \"DSIG\", name offset 0xe0002c3","md5":"75c62aa9bbe5f5911243d63c6fc6d977","sha1":"56cbb3bd77a4708a966b0cd503915512fab19f91","sha256":"7f62e1cdac272d31bc338c6cfbd151401f3f68920fe35766c75e297a272c519f","sha512":"76aef1da2aaf4874131098adf9213e56aea94b649e40075524034b520b85631623bcdd1f013edf2e90ebc222e6db1a91a71199a9d8e053401cb301e533cf7a19","ssdeep":"3072:8d6xKqRnKELujArad58hZoGLs9b4rrywyDFaQQVtwRPhYRWZiA6popTOlV4I4oBD:cESM5Ow7Hw5YYiA6+O1FY9et","tlshash":"b2347c23e300671ec5a2637a4d74c3d9039eb96aa723c78dee4c8076d69a558ff0d50e","first_seen":"2025-03-06T17:05:29.55478Z","last_seen":"2026-02-14T23:17:49.356767Z","times_seen":21,"resource_available":false,"data":null}},"time_used":417,"timings":{"blocked":36,"dns":0,"connect":0,"send":0,"wait":112,"receive":269,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"file.javblow.com/Skins/4566/js/swiper.min.js","fqdn":"file.javblow.com","domain":"javblow.com","tld":"com"},"ip":{"addr":"50.2.254.166","port":80,"asn":62904,"as":"AS62904","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:30.885Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/4566/js/swiper.min.js HTTP/1.1\r\nHost: file.javblow.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://file.javblow.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 14 Jul 2025 20:46:31 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":96097,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (31997)","md5":"fa463c1f651de45cc98496d25bd18c91","sha1":"354442c52638f8320457ec2410c234fb65a6b096","sha256":"6f27c84b0bd60093b2eeec91c207bcd2b013572839549e243151474b78dedfc4","sha512":"ea568af5d9b2c1fac3f70c7ad3e0cc51df896c22fbc9e0331af3d3e56e3111aa9bec490e01c130727982194411cb32161d6102c2cc84b6cacaa3880a91dae1b2","ssdeep":"1536:dyOkN3TklR3ZIFD7+Y7n2L5ydUTq0tSQfCBTq:QTF73uTqY","tlshash":"5893d66db314f3e295d3214a679ac64122f21706b849dae870b54c4a68bcc5d03bffbd","first_seen":"2023-09-16T23:58:26Z","last_seen":"2026-03-26T10:35:32.902064Z","times_seen":42,"resource_available":true,"data":null}},"time_used":342,"timings":{"blocked":51,"dns":1,"connect":87,"send":0,"wait":116,"receive":87,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.bjsmsie.com/Skins/4566/images/logo.jpg","fqdn":"www.bjsmsie.com","domain":"bjsmsie.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:33.410Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/4566/images/logo.jpg HTTP/1.1\r\nHost: www.bjsmsie.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://file.javblow.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/jpeg\r\nContent-Length: 17706\r\nConnection: keep-alive\r\nDate: Mon, 14 Jul 2025 20:46:34 GMT\r\nLast-Modified: Wed, 25 Dec 2024 06:04:31 GMT\r\nAccept-Ranges: bytes\r\nETag: \"80c1f7dc9256db1:0\"\r\nX-Powered-By: ASP.NET-115.4.181\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache35.l2cn8047[50,50,200-0,M], cache28.l2cn8047[51,0], kunlun1.cn192[83,82,200-0,M], kunlun1.cn192[84,0]\r\nAli-Swift-Global-Savetime: 1752525994\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 14 Jul 2025 20:46:34 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01517525259946721984e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":17706,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 380x70, components 3","md5":"4281d1fdeedb83ff08059f3047c983d6","sha1":"6d7163f01a0c56f3356f70a1b4de922233c6212b","sha256":"94a20894cde49c89a5640252cc4e5821cba891d127489cb166cffc0a8cc66e8a","sha512":"4aeed3369355f0edff1b92730d6d9653854472dd8dd7cc40769494c52efcceb50a10ec79bec797b5b90c2af4f3e2facbf49e205888975109224c732649fe1d56","ssdeep":"384:rK2UQ3eflWDvAMV1yMQxTLD+ej6uoTQNEpZW6u:u2v3eflWDYMnyM0+eRoTQapZW6u","tlshash":"4682cf3568fbaf81f00a482654628927875f73a0ef4ba2187c74c9b2c8f015919f6bd3","first_seen":"2025-07-14T20:47:05.263103Z","last_seen":"2025-07-14T20:47:05.263103Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1513,"timings":{"blocked":-1,"dns":886,"connect":259,"send":0,"wait":344,"receive":23,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-07-14T20:46:34Z","timestamp":1752525994,"ip_dst":{"addr":"172.18.0.20","port":39374,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-07-14T20:46:34.893659+0000\",\"flow_id\":973194167742105,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":39374,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjsmsie.com\",\"url\":\"/Skins/4566/images/logo.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://file.javblow.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":5,\"bytes_toserver\":661,\"bytes_toclient\":2507,\"start\":\"2025-07-14T20:46:34.290457+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"file.javblow.com/Skins/4566/images/mulu2.png","fqdn":"file.javblow.com","domain":"javblow.com","tld":"com"},"ip":{"addr":"50.2.254.166","port":80,"asn":62904,"as":"AS62904","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:34.661Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/4566/images/mulu2.png HTTP/1.1\r\nHost: file.javblow.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://file.javblow.com/Skins/4566/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 14 Jul 2025 20:46:34 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.bjsmsie.com/Skins/4566/images/mulu2.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":null,"data":{"size":1888,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":101,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":101,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"collect-v6.51.la/v6/collect?dt=4","fqdn":"collect-v6.51.la","domain":"51.la","tld":"la"},"ip":{"addr":"90.84.161.18","port":80,"asn":2285,"as":"Orange","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:37.581Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"POST /v6/collect?dt=4 HTTP/1.1\r\nHost: collect-v6.51.la\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Length: 305\r\nOrigin: http://file.javblow.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://file.javblow.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 210 \r\nDate: Mon, 14 Jul 2025 20:46:38 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nVary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nAccess-Control-Allow-Origin: http://file.javblow.com\r\nAccess-Control-Allow-Credentials: true\r\nvia: EU-GER-frankfurt-EDGE5-CACHE3[192],EU-GER-frankfurt-EDGE5-CACHE3[ovl,191],CA-MNG-ulaanbaatar-EDGE1-CACHE3[ovl,85],EA-HKG-EDGE1-CACHE3[ovl,33],EA-HKG-EDGE2-CACHE4[ovl,31],EA-HKG-GLOBAL1-CACHE40[ovl,28]\r\nX-CCDN-REQ-ID-46B1: 5414a05c299867107ce843ab7d9f5c35\r\n\r\n","headers":null,"cookies":null,"status_code":"210","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":2314,"timings":{"blocked":1047,"dns":1020,"connect":27,"send":0,"wait":219,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"file.javblow.com/Skins/4566/js/customer.js","fqdn":"file.javblow.com","domain":"javblow.com","tld":"com"},"ip":{"addr":"50.2.254.166","port":80,"asn":62904,"as":"AS62904","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:30.935Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/4566/js/customer.js HTTP/1.1\r\nHost: file.javblow.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://file.javblow.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 14 Jul 2025 20:46:31 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3883,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"cf45486f36fa46a4b8935adfb7b98079","sha1":"3ca5dcce696db8b2fb47249ca97781c8eefd0703","sha256":"9a8edece99ac33fd722a441e6fb87c04bf6ec46e344c6e7074fdea3cbc2d0a7e","sha512":"4baf16d3017de9a4f8f350d629afe1b7b26df7cdce6249fbfe794fef2f3f91b1841a4ade935db13af7829d7306e9fa979b964508e055868f710450800d48c5a3","ssdeep":"","tlshash":"f5811085d25cb43a42b7677b093f30928e0a0187d4ca58f2f5be5154cfa822d65b7fb0","first_seen":"2025-03-09T15:25:07.247169Z","last_seen":"2026-03-07T04:19:34.372668Z","times_seen":20,"resource_available":true,"data":null}},"time_used":117,"timings":{"blocked":4,"dns":0,"connect":0,"send":0,"wait":113,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"file.javblow.com/Skins/4566/images/mulu0.png","fqdn":"file.javblow.com","domain":"javblow.com","tld":"com"},"ip":{"addr":"50.2.254.166","port":80,"asn":62904,"as":"AS62904","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:34.085Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/4566/images/mulu0.png HTTP/1.1\r\nHost: file.javblow.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://file.javblow.com/Skins/4566/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 14 Jul 2025 20:46:34 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.bjsmsie.com/Skins/4566/images/mulu0.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":null,"data":{"size":1915,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":201,"timings":{"blocked":86,"dns":0,"connect":0,"send":0,"wait":114,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.bjsmsie.com/Skins/4566/images/indbkbg.png","fqdn":"www.bjsmsie.com","domain":"bjsmsie.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:34.632Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/4566/images/indbkbg.png HTTP/1.1\r\nHost: www.bjsmsie.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://file.javblow.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 4526\r\nConnection: keep-alive\r\nDate: Mon, 14 Jul 2025 20:46:35 GMT\r\nLast-Modified: Wed, 25 Dec 2024 06:04:28 GMT\r\nAccept-Ranges: bytes\r\nETag: \"0fe2ddb9256db1:0\"\r\nX-Powered-By: ASP.NET-115.4.179\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache40.l2cn8003[12,11,200-0,M], cache67.l2cn8003[14,0], kunlun3.cn192[33,33,200-0,M], kunlun1.cn192[35,0]\r\nAli-Swift-Global-Savetime: 1752525995\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 14 Jul 2025 20:46:35 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01517525259952372781e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":4526,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1100 x 92, 8-bit/color RGBA, non-interlaced","md5":"1ec6c5a407b74f7a61ddf2e9d27ad18c","sha1":"a1b3983c2ef438ebf7888e7e9986a4ea6d98a9ef","sha256":"6026acd143831660c8808a13e1b6e0c377e51ca9462e4f4a395e30e03e7b2ba0","sha512":"1d414c048b713871685babf1c55700472799593996e4298680b52ff4249f1c7568bdf41e966b06a249f3d061b30b9a94eedde4095020451d6e6592ae8e155220","ssdeep":"96:3SYo7FmWlknNJh9mR3Ho/HzNGruZmGpiJWnm693drlwjBtWA34ZMb539osO:3SN7FrknwI/T4TWm6fr2alSN39osO","tlshash":"e7912a84ec839ca2490db14a59fc90926ab34ec94d41389d6fdddc076d248e5eecd6c7","first_seen":"2025-03-09T15:25:07.218972Z","last_seen":"2026-03-20T10:57:50.329833Z","times_seen":24,"resource_available":false,"data":null}},"time_used":782,"timings":{"blocked":483,"dns":0,"connect":0,"send":0,"wait":295,"receive":4,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-07-14T20:46:35Z","timestamp":1752525995,"ip_dst":{"addr":"172.18.0.20","port":39374,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-07-14T20:46:35.409562+0000\",\"flow_id\":973194167742105,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":39374,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjsmsie.com\",\"url\":\"/Skins/4566/images/indbkbg.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://file.javblow.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":20,\"pkts_toclient\":20,\"bytes_toserver\":1845,\"bytes_toclient\":21773,\"start\":\"2025-07-14T20:46:34.290457+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"file.javblow.com/","fqdn":"file.javblow.com","domain":"javblow.com","tld":"com"},"ip":{"addr":"50.2.254.166","port":80,"asn":62904,"as":"AS62904","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-07-14T20:46:30.484Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: file.javblow.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 14 Jul 2025 20:46:30 GMT\r\nContent-Type: text/html;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":51605,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (800), with LF, NEL line terminators","md5":"c64b002fd836d40c4818996dbd00c020","sha1":"95c1f006972a3f5af898473a0d6959d68ceba86e","sha256":"006dde030ccc2636824f789d09e8a2e74ebe86defa047f3709aebb394b285889","sha512":"5807ab9e3757c33b715f0d2a8e1a337204a01023ddbcfb2f4e9ebc4e3c3d43386d1d6dd9d78be930efc96b077edf279b26fd4b5bdc9211f203db2b31ef17b083","ssdeep":"1536:x/0pX0/kjP9FR1Lx2/F2wdiLPyUasfH4WRIqwK1nss8lwC6mt:x/wsSRIvs2wE","tlshash":"4443b76588b2db6986f212f43d34bb2eb9a111efd06b691537dc9ad79fe0fc01e42044","first_seen":"2025-07-14T20:47:05.26918Z","last_seen":"2025-07-14T20:47:05.26918Z","times_seen":1,"resource_available":false,"data":null}},"time_used":359,"timings":{"blocked":82,"dns":1,"connect":87,"send":0,"wait":102,"receive":87,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"chat.chem17.com/chat/KFLeftBox/4566","fqdn":"chat.chem17.com","domain":"chem17.com","tld":"com"},"ip":{"addr":"180.163.146.116","port":443,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:30.893Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.chem17.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Fri, 03 Jan 2025 06:14:58 GMT","end":"Mon, 02 Feb 2026 06:14:57 GMT"},"fingerprint":{"sha1":"EA:83:C4:F6:80:68:DA:E0:B9:5F:29:5F:25:1E:D7:C5:23:96:B4:5B","sha256":"F1:AD:AB:7C:0A:BE:EB:41:29:1E:D9:E5:50:CE:33:DC:53:3A:61:0B:3E:F8:FC:76:84:BF:3A:F4:D7:15:69:1F"}}},"request":{"raw":"GET /chat/KFLeftBox/4566 HTTP/1.1\r\nHost: chat.chem17.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://file.javblow.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 49\r\ndate: Mon, 14 Jul 2025 20:46:32 GMT\r\ncache-control: private\r\nx-aspnetmvc-version: 3.0\r\nx-aspnet-version: 4.0.30319\r\nset-cookie: ASP.NET_SessionId=2uq1adtxu1i2furjeskby1uh; path=/; HttpOnly; SameSite=Lax\nmtcached_mtsession_2uq1adtxu1i2furjeskby1uh=10.115.3.112:9713; domain=chat.chem17.com; path=/; HttpOnly\r\nx-powered-by: ASP.NET-hg4.163\r\ncontent-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data:;\r\nvia: cache53.l2cn3022[67,66,200-0,M], cache6.l2cn3022[68,0], kunlun8.cn7174[76,75,200-0,M], kunlun3.cn7174[78,0]\r\nali-swift-global-savetime: 1752525992\r\nx-cache: MISS TCP_MISS dirn:-2:-2\r\nx-swift-savetime: Mon, 14 Jul 2025 20:46:32 GMT\r\nx-swift-cachetime: 0\r\ntiming-allow-origin: *\r\neagleid: b4a3921717525259928874121e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":49,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"ASCII text, with CRLF line terminators","md5":"b936460ba988b30cd79d99ae93c77106","sha1":"a44405ff5b67abf66ef77714e4364e6c3f1e9940","sha256":"6cd604b71e1e21050b6a41602716b9a722e769a5d7cfb3b97152f3d73dcef5c9","sha512":"ad4731faf916fbb7118af38e25fa7e15814294950676fbd4ec41aeba5c7508ed34b7a7a4c98e1834e1096ea92e6301935699ed6df01a7416632e39063c0c9661","ssdeep":"","tlshash":"3990023209b10052711510915943e1456595959129de9915a00004a572529539a06d51","first_seen":"2023-03-07T12:42:46Z","last_seen":"2026-04-05T04:58:55.066133Z","times_seen":582,"resource_available":true,"data":null}},"time_used":2252,"timings":{"blocked":-1,"dns":864,"connect":219,"send":0,"wait":297,"receive":5,"ssl":867},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.bjsmsie.com/Skins/4566/images/ssico.png","fqdn":"www.bjsmsie.com","domain":"bjsmsie.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:34.629Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/4566/images/ssico.png HTTP/1.1\r\nHost: www.bjsmsie.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://file.javblow.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 2639\r\nConnection: keep-alive\r\nDate: Mon, 14 Jul 2025 20:46:34 GMT\r\nLast-Modified: Wed, 25 Dec 2024 06:04:38 GMT\r\nAccept-Ranges: bytes\r\nETag: \"0df23e19256db1:0\"\r\nX-Powered-By: ASP.NET-115.4.181\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache68.l2cn8045[30,30,200-0,M], cache26.l2cn8045[31,0], kunlun8.cn192[85,85,200-0,M], kunlun7.cn192[87,0]\r\nAli-Swift-Global-Savetime: 1752525994\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 14 Jul 2025 20:46:35 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01b17525259949183894e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2639,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced","md5":"8626dcfb2b93471283ef13bdc8a19754","sha1":"bc6b707d9063425166d30512d9e950e1fecc101e","sha256":"30e3bdc93522afc9b0218b46b18512b645d2698c88c69d82c1eddc9ad81545a7","sha512":"4b771b41bff8b24b78bcdf4748713495aacc38ddd6ec94d66ad9aa2f757804848dd80e3b3d5189c1ea26d536bd132c83f3c5f781072534dc31f8f6e8de4f1d93","ssdeep":"","tlshash":"cb519508fc1468504e0cfa885afda24297f70fc58e9068096ed9c8539d215fd8edd5cb","first_seen":"2025-03-09T15:25:07.21815Z","last_seen":"2026-03-20T10:57:50.306318Z","times_seen":25,"resource_available":false,"data":null}},"time_used":519,"timings":{"blocked":187,"dns":0,"connect":0,"send":0,"wait":331,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-07-14T20:46:35Z","timestamp":1752525995,"ip_dst":{"addr":"172.18.0.20","port":39398,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-07-14T20:46:35.392181+0000\",\"flow_id\":778810390376515,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":39398,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjsmsie.com\",\"url\":\"/Skins/4566/images/ssico.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://file.javblow.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2639},\"files\":[{\"filename\":\"/Skins/4566/images/ssico.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2639,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":10,\"bytes_toserver\":1622,\"bytes_toclient\":7752,\"start\":\"2025-07-14T20:46:34.290883+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tp.xinxiyidiantong.com:5868/uploads/iwv840mvscz87ws4p3324p7k2i4yuh.gif","fqdn":"tp.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":5868,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:35.626Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"tp.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Thu, 22 May 2025 00:32:07 GMT","end":"Wed, 20 Aug 2025 00:32:06 GMT"},"fingerprint":{"sha1":"84:1E:FA:BE:5F:1B:66:20:7D:29:3D:22:B5:FE:A6:98:3E:F7:7A:27","sha256":"EE:90:4E:86:24:0D:49:8E:A5:CF:3D:22:CF:8E:36:D6:AB:0B:91:90:13:BF:25:E1:3E:9D:D3:A9:0D:32:77:5E"}}},"request":{"raw":"GET /uploads/iwv840mvscz87ws4p3324p7k2i4yuh.gif HTTP/1.1\r\nHost: tp.xinxiyidiantong.com:5868\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://file.javblow.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 14 Jul 2025 20:46:37 GMT\r\nContent-Type: image/gif\r\nContent-Length: 156427\r\nLast-Modified: Thu, 04 Nov 2021 19:43:48 GMT\r\nConnection: keep-alive\r\nETag: \"618437f4-2630b\"\r\nExpires: Wed, 13 Aug 2025 20:46:37 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":156427,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1000 x 47, 8-bit/color RGBA, non-interlaced","md5":"0dc662bab3fb9dd17ae6f777eae62a0d","sha1":"084f96c8fe5f280844b43235d6137626b11eabf8","sha256":"1d551f0660ef7472997f772901485f85cabf9370b1ea54334dc09ad4f08301e9","sha512":"2a3341c10473717959d703be8c56ba3fa6b5979d020e162c81ef9a02c6559e4ecf5302c14261722c37d7370d05ea95cfd20191e5e92e02c25ddbd37af23f29eb","ssdeep":"3072:lHavYLzuBktXdAkB+aAXW/xMqbirMklbd0dOmvw+swTFT9orAMI:dawLzdckBWWZQrMYbd0/w+XTpbMI","tlshash":"0be31296a119c02856fe25d2145e18394a8d2064ffb30e6ee43cf8fdc1ba5a71fa0d99","first_seen":"2023-05-06T09:40:17Z","last_seen":"2026-04-05T04:58:55.06031Z","times_seen":1646,"resource_available":false,"data":null}},"time_used":2901,"timings":{"blocked":2210,"dns":0,"connect":0,"send":0,"wait":317,"receive":374,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.bjsmsie.com/Skins/4566/images/kefu-tb.png","fqdn":"www.bjsmsie.com","domain":"bjsmsie.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:34.650Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/4566/images/kefu-tb.png HTTP/1.1\r\nHost: www.bjsmsie.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://file.javblow.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 20057\r\nConnection: keep-alive\r\nDate: Mon, 14 Jul 2025 20:46:35 GMT\r\nLast-Modified: Wed, 25 Dec 2024 06:04:30 GMT\r\nAccept-Ranges: bytes\r\nETag: \"02b5fdc9256db1:0\"\r\nX-Powered-By: ASP.NET-114.4.179\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache44.l2cn2629[32,32,200-0,M], cache19.l2cn2629[33,0], kunlun6.cn192[53,52,200-0,M], kunlun10.cn192[54,0]\r\nAli-Swift-Global-Savetime: 1752525995\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 14 Jul 2025 20:46:35 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01e17525259956493660e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":20057,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 80 x 352, 8-bit/color RGBA, non-interlaced","md5":"e648dfa2af5453b685eaa5bbcb2f0167","sha1":"3984283d711aa4c5e708de9897f7261b51e5189e","sha256":"b1bbda71b09c371b332cc2d35e19261f7890ffad8988cbf4b2a5785ccd390e56","sha512":"eea07a06349ca60e3ead89eeeba915af14a78be3de8e638d3fae815686bf03f942ad09d475e41531fe283b0b795d655bcca0b96905a28b74040a5999d89f60a7","ssdeep":"96:2ScSuYkEWmvo/JbTpMxNX7sc5RlDqVcH7H7Bkr/LBXPdc4XN6Zkjr7H7q:2SjJk6v22pDq6bbBk51TkZqnbq","tlshash":"3c92e82cfef2b2784a99563235c316420f774ac7e7815c80b6de8e15af60bad8c6b541","first_seen":"2024-12-01T20:37:15.574315Z","last_seen":"2026-03-02T03:23:27.650321Z","times_seen":42,"resource_available":false,"data":null}},"time_used":1221,"timings":{"blocked":895,"dns":0,"connect":0,"send":0,"wait":297,"receive":29,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-07-14T20:46:35Z","timestamp":1752525995,"ip_dst":{"addr":"172.18.0.20","port":39452,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-07-14T20:46:35.842378+0000\",\"flow_id\":274931269654599,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":39452,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjsmsie.com\",\"url\":\"/Skins/4566/images/kefu-tb.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://file.javblow.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":8,\"bytes_toserver\":1198,\"bytes_toclient\":5296,\"start\":\"2025-07-14T20:46:34.546887+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tp.xinxiyidiantong.com:5868/uploads/vinb9ufmfncf975y9rvx382nt7h7123khi4lo6kk.gif","fqdn":"tp.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":5868,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:35.623Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"tp.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Thu, 22 May 2025 00:32:07 GMT","end":"Wed, 20 Aug 2025 00:32:06 GMT"},"fingerprint":{"sha1":"84:1E:FA:BE:5F:1B:66:20:7D:29:3D:22:B5:FE:A6:98:3E:F7:7A:27","sha256":"EE:90:4E:86:24:0D:49:8E:A5:CF:3D:22:CF:8E:36:D6:AB:0B:91:90:13:BF:25:E1:3E:9D:D3:A9:0D:32:77:5E"}}},"request":{"raw":"GET /uploads/vinb9ufmfncf975y9rvx382nt7h7123khi4lo6kk.gif HTTP/1.1\r\nHost: tp.xinxiyidiantong.com:5868\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://file.javblow.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 14 Jul 2025 20:46:36 GMT\r\nContent-Type: image/gif\r\nContent-Length: 214316\r\nLast-Modified: Thu, 14 Nov 2019 06:29:46 GMT\r\nConnection: keep-alive\r\nETag: \"5dccf45a-3452c\"\r\nExpires: Wed, 13 Aug 2025 20:46:36 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":214316,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=3, software=Adobe Photoshop CC 2014 (Windows), datetime=2019-09-30T17:50:59+08:00], progressive, precision 8, 1020x255, components 3","md5":"8fbc123b4636b3c9a8f1411c160a9e99","sha1":"48f62c4c22122a04026a1e329bccce93fc7aae77","sha256":"69f497a64f8dab090cb547e5f9063b1c33d0d8fc87573f87eff1016fb2d4dad5","sha512":"821f26949d9b21304202d7cd0945a3351e3420ebba3d129b6111176978e3a5ba1e4135a963042eaa59be817cf02182f8761c7a0ba2fd9271c4b53304d69a3671","ssdeep":"6144:p5K6mEbeWe5b5/AT6dvesgRvyNlbc+6cKO90asTGIo5lj:u6tbeWe59oudvpg5yPblXKUIGlj","tlshash":"cb24130bfa57e081d29a4db4c077677cdc4f8b56aaa4563ae66c2c2cc7d05c3b0ad246","first_seen":"2023-05-06T09:40:17Z","last_seen":"2026-04-04T16:12:34.549491Z","times_seen":1495,"resource_available":false,"data":null}},"time_used":5673,"timings":{"blocked":960,"dns":16,"connect":309,"send":0,"wait":614,"receive":3103,"ssl":656},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"file.javblow.com/Skins/4566/images/indbkbg.png","fqdn":"file.javblow.com","domain":"javblow.com","tld":"com"},"ip":{"addr":"50.2.254.166","port":80,"asn":62904,"as":"AS62904","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:34.074Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/4566/images/indbkbg.png HTTP/1.1\r\nHost: file.javblow.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://file.javblow.com/Skins/4566/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 14 Jul 2025 20:46:34 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.bjsmsie.com/Skins/4566/images/indbkbg.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":null,"data":{"size":4526,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":109,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":109,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tp.xinxiyidiantong.com:5868/uploads/73in1fspksw4vkiz33cink1f95gkt6.png","fqdn":"tp.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":5868,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:35.622Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"tp.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Thu, 22 May 2025 00:32:07 GMT","end":"Wed, 20 Aug 2025 00:32:06 GMT"},"fingerprint":{"sha1":"84:1E:FA:BE:5F:1B:66:20:7D:29:3D:22:B5:FE:A6:98:3E:F7:7A:27","sha256":"EE:90:4E:86:24:0D:49:8E:A5:CF:3D:22:CF:8E:36:D6:AB:0B:91:90:13:BF:25:E1:3E:9D:D3:A9:0D:32:77:5E"}}},"request":{"raw":"GET /uploads/73in1fspksw4vkiz33cink1f95gkt6.png HTTP/1.1\r\nHost: tp.xinxiyidiantong.com:5868\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://file.javblow.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 14 Jul 2025 20:46:36 GMT\r\nContent-Type: image/png\r\nContent-Length: 85269\r\nLast-Modified: Thu, 30 May 2024 07:57:09 GMT\r\nConnection: keep-alive\r\nETag: \"66583155-14d15\"\r\nExpires: Wed, 13 Aug 2025 20:46:36 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":85269,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 1000x200, components 3","md5":"dd634dd0e0dd49206dcc5895ead43e77","sha1":"1ed15d3f4c9f439901ad35e48e997cd61e21da0c","sha256":"e5bd386dd7f166c21d2b28383dc15fc365a6a9dcad30f3d31ea03ade011f980c","sha512":"520f5c0aaa03859ad2b7a39b5aab91564d24efc9e54f802d07a2e0922089836fd44e43caba81c133e1344efee4d923759abf5bbb60b03049f0ff09c9ab924ec3","ssdeep":"1536:ghHfCs1mEmhYj/SLO+lC1zjLUKOjQ6FmkyjQ5UpshRm6gccXc5s5+IsI0h:YfC2m3qQCZXoDmkyjQjhR/BcM210h","tlshash":"6a83020460391e2efad6bc306e2d59bf96a59012e3a7d2b774e6386ff3b8130114c54e","first_seen":"2024-06-02T21:28:55Z","last_seen":"2026-04-05T04:58:55.065079Z","times_seen":1497,"resource_available":false,"data":null}},"time_used":3256,"timings":{"blocked":932,"dns":15,"connect":309,"send":0,"wait":611,"receive":748,"ssl":630},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.bjsmsie.com/index_cache.html","fqdn":"www.bjsmsie.com","domain":"bjsmsie.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:34.451Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /index_cache.html HTTP/1.1\r\nHost: www.bjsmsie.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://file.javblow.com/\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"collect-v6.51.la/v6/collect?dt=4","fqdn":"collect-v6.51.la","domain":"51.la","tld":"la"},"ip":{"addr":"90.84.161.18","port":80,"asn":2285,"as":"Orange","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:37.574Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"POST /v6/collect?dt=4 HTTP/1.1\r\nHost: collect-v6.51.la\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Length: 305\r\nOrigin: http://file.javblow.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://file.javblow.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 210 \r\nDate: Mon, 14 Jul 2025 20:46:38 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nVary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nAccess-Control-Allow-Origin: http://file.javblow.com\r\nAccess-Control-Allow-Credentials: true\r\nvia: EU-GER-frankfurt-EDGE5-CACHE4[299],EU-GER-frankfurt-EDGE5-CACHE4[ovl,298],CA-MNG-ulaanbaatar-EDGE1-CACHE4[ovl,192],EA-HKG-EDGE1-CACHE4[ovl,36],EA-HKG-EDGE2-CACHE5[ovl,35],EA-HKG-GLOBAL1-CACHE41[ovl,33]\r\nX-CCDN-REQ-ID-46B1: 7b9d62aa1e6b5f3e0f1333a44a4c8f57\r\n\r\n","headers":null,"cookies":null,"status_code":"210","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":2435,"timings":{"blocked":1053,"dns":1029,"connect":27,"send":0,"wait":326,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"file.javblow.com/Skins/4566/css/style.css","fqdn":"file.javblow.com","domain":"javblow.com","tld":"com"},"ip":{"addr":"50.2.254.166","port":80,"asn":62904,"as":"AS62904","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:30.871Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/4566/css/style.css HTTP/1.1\r\nHost: file.javblow.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://file.javblow.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 14 Jul 2025 20:46:31 GMT\r\nContent-Type: text/css;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":160734,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"troff or preprocessor input, Unicode text, UTF-8 text, with very long lines (398)","md5":"edf5488d04958b5c1af8609bc8c07c21","sha1":"a677ad87cea10e5323acffb4efef86264da2ee8e","sha256":"bb3b550c695686dcc1225142b72a1a4196774f7718fde920e333d701fa46bd7d","sha512":"b7c1d4d83ca543acaf1b6682d444471a6e5027a8d5fabaa77e73d2e9403d41a46d0b076fb364c9231473891d8241635f9887a3584a9745dda9930581ed5fdf40","ssdeep":"1536:F61V9lcdkcp3lS7afBk/b+Dqz0Z7cAD9+IKTFHscQe1q8DPwWsWV6ZeuZepLvZqC:W4oQ67","tlshash":"2df35331ef41224de13b9636bf82a7dd33298457a3910afc9e947a34d1cf1ea45f2690","first_seen":"2025-07-14T20:47:05.276956Z","last_seen":"2025-07-14T20:47:05.276956Z","times_seen":1,"resource_available":false,"data":null}},"time_used":360,"timings":{"blocked":67,"dns":1,"connect":87,"send":0,"wait":116,"receive":88,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"file.javblow.com/Skins/4566/images/logo.jpg","fqdn":"file.javblow.com","domain":"javblow.com","tld":"com"},"ip":{"addr":"50.2.254.166","port":80,"asn":62904,"as":"AS62904","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:30.896Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/4566/images/logo.jpg HTTP/1.1\r\nHost: file.javblow.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://file.javblow.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 14 Jul 2025 20:46:33 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.bjsmsie.com/Skins/4566/images/logo.jpg\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":null,"data":{"size":17706,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":2314,"timings":{"blocked":2210,"dns":0,"connect":0,"send":0,"wait":104,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.bjsmsie.com/Skins/4566/images/mulu0.png","fqdn":"www.bjsmsie.com","domain":"bjsmsie.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:34.645Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/4566/images/mulu0.png HTTP/1.1\r\nHost: www.bjsmsie.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://file.javblow.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 1915\r\nConnection: keep-alive\r\nDate: Mon, 14 Jul 2025 20:46:35 GMT\r\nLast-Modified: Wed, 25 Dec 2024 06:04:32 GMT\r\nAccept-Ranges: bytes\r\nETag: \"05890dd9256db1:0\"\r\nX-Powered-By: ASP.NET-115.4.182\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache40.l2cn8003[27,27,200-0,M], cache49.l2cn8003[28,0], kunlun10.cn192[50,49,200-0,M], kunlun1.cn192[51,0]\r\nAli-Swift-Global-Savetime: 1752525995\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 14 Jul 2025 20:46:35 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01517525259955363161e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1915,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 31 x 31, 8-bit/color RGBA, non-interlaced","md5":"ecc7e1803e00fdc502b6f6f63b0fec66","sha1":"c32a08ee6da27babe92dc9de6f0ac671a818e53e","sha256":"f2b4c3f3506100ef8674d52bf491f97e426668d72c0d921ed5cef821f14611c2","sha512":"1c34d93e65bf77ae3ff4f1bc7ea9b6fc4c312b50a3da3b3606509abc01f58ef1703fe0cca9e3c7afd4f2e14a2da897ecf49f7da1dfa7af4d3ebfb4ee18e11f4f","ssdeep":"","tlshash":"2a41848af910bc51584df946bdfba2572b375be186d26811bcca884324b20f9cc0d4da","first_seen":"2025-03-09T15:25:07.224556Z","last_seen":"2026-03-20T10:57:50.327111Z","times_seen":26,"resource_available":false,"data":null}},"time_used":1080,"timings":{"blocked":768,"dns":0,"connect":0,"send":0,"wait":311,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-07-14T20:46:35Z","timestamp":1752525995,"ip_dst":{"addr":"172.18.0.20","port":39374,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-07-14T20:46:35.984934+0000\",\"flow_id\":973194167742105,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":39374,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjsmsie.com\",\"url\":\"/Skins/4566/images/mulu0.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://file.javblow.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1915},\"files\":[{\"filename\":\"/Skins/4566/images/mulu0.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":1915,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":26,\"pkts_toclient\":28,\"bytes_toserver\":2917,\"bytes_toclient\":27937,\"start\":\"2025-07-14T20:46:34.290457+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"89tongji.com/tj.js?id=51","fqdn":"89tongji.com","domain":"89tongji.com","tld":"com"},"ip":{"addr":"38.34.191.56","port":443,"asn":18978,"as":"ENZUINC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:35.718Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.89tongji.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 18 Sep 2024 00:00:00 GMT","end":"Thu, 18 Sep 2025 23:59:59 GMT"},"fingerprint":{"sha1":"26:65:78:6C:59:FD:77:DB:E9:7F:F0:18:CD:13:D0:BE:C0:0E:39:76","sha256":"87:65:56:94:E2:73:C3:7F:F6:0F:66:CA:1A:D5:34:94:61:42:CA:57:E9:D2:9A:8B:D1:DF:55:A1:DE:40:8F:59"}}},"request":{"raw":"GET /tj.js?id=51 HTTP/1.1\r\nHost: 89tongji.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://file.javblow.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 14 Jul 2025 20:46:36 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Sat, 25 Jan 2025 09:07:52 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"6794a9e8-2103\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":8451,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"855f937d4a2f62414db3b9c336cc8ffa","sha1":"59d5e70144cfd63e1a43d707f3e9853352e530df","sha256":"f42b8d540d18c228d52ba10be1603dc8a77d6e38dfc0107cca11f4e06dbb93a9","sha512":"4ab7cb104ce87a835ff0b1007aa618c45ccb03787b55a9c77b0248523c51173eeaaf6e9c66cb822039ee06589cdb05f2b3f7ab3ae1c8c7a3a373683eede413ad","ssdeep":"192:JS6nhiQTxZmtzHGT6w5uRiHh5VY9NdhftVi8L:JSOZmtzHSj5UFftVi8L","tlshash":"3102519dff0c24b21961302d7c2d918c30e95d22ea3ede5af938a49047e1fadd52999c","first_seen":"2025-01-27T01:19:46.246783Z","last_seen":"2025-08-03T13:33:57.216504Z","times_seen":147,"resource_available":true,"data":null}},"time_used":736,"timings":{"blocked":-1,"dns":41,"connect":169,"send":0,"wait":168,"receive":0,"ssl":358},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"file.javblow.com/Skins/4566/images/hot.png","fqdn":"file.javblow.com","domain":"javblow.com","tld":"com"},"ip":{"addr":"50.2.254.166","port":80,"asn":62904,"as":"AS62904","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:30.906Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/4566/images/hot.png HTTP/1.1\r\nHost: file.javblow.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://file.javblow.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 14 Jul 2025 20:46:33 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.bjsmsie.com/Skins/4566/images/hot.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":null,"data":{"size":3058,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":2354,"timings":{"blocked":2250,"dns":0,"connect":0,"send":0,"wait":104,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"file.javblow.com/Skins/4566/images/zxbtn.png","fqdn":"file.javblow.com","domain":"javblow.com","tld":"com"},"ip":{"addr":"50.2.254.166","port":80,"asn":62904,"as":"AS62904","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:34.088Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/4566/images/zxbtn.png HTTP/1.1\r\nHost: file.javblow.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://file.javblow.com/Skins/4566/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 14 Jul 2025 20:46:34 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.bjsmsie.com/Skins/4566/images/zxbtn.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":null,"data":{"size":6189,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":199,"timings":{"blocked":83,"dns":0,"connect":0,"send":0,"wait":115,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"file.javblow.com/Skins/4566/images/ssico.png","fqdn":"file.javblow.com","domain":"javblow.com","tld":"com"},"ip":{"addr":"50.2.254.166","port":80,"asn":62904,"as":"AS62904","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:34.071Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/4566/images/ssico.png HTTP/1.1\r\nHost: file.javblow.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://file.javblow.com/Skins/4566/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 14 Jul 2025 20:46:34 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.bjsmsie.com/Skins/4566/images/ssico.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":null,"data":{"size":2639,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":112,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":112,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.bjsmsie.com/Skins/4566/images/flbtbg1.png","fqdn":"www.bjsmsie.com","domain":"bjsmsie.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:34.635Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/4566/images/flbtbg1.png HTTP/1.1\r\nHost: www.bjsmsie.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://file.javblow.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 8691\r\nConnection: keep-alive\r\nDate: Mon, 14 Jul 2025 20:46:35 GMT\r\nLast-Modified: Wed, 25 Dec 2024 06:04:25 GMT\r\nAccept-Ranges: bytes\r\nETag: \"803a64d99256db1:0\"\r\nX-Powered-By: ASP.NET-115.4.181\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: ens-cache1.l2cn7147[52,52,200-0,M], ens-cache35.l2cn7147[54,0], kunlun8.cn192[78,77,200-0,M], kunlun7.cn192[79,0]\r\nAli-Swift-Global-Savetime: 1752525995\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 14 Jul 2025 20:46:35 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01b17525259952504354e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":8691,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 89 x 165, 8-bit/color RGBA, non-interlaced","md5":"3cece6dd8e07bd31d6eaf22b0bbbea77","sha1":"8abbe997fb0eb2b83919d569087af5750d4a1a65","sha256":"7f622ddebc9d52e35bdc347ec3c5bb1585f74469719c71cf227cc2266a3b6895","sha512":"63a1d9043818e0d61b647e8520d8e00796ec48dd98bb4e8924e24d4aa760a96a732e63c4fbe1b8c657e3aa19fa2aa4b2ac3a39f139a449a77560e01c68d0e286","ssdeep":"192:VSr7F8knErDDig0Cg97CBk/XfjTgiuf+6I63q/Exnix2ZEaO:0rNnEbf0Cs7ES7TgBftq/Ec8eaO","tlshash":"8c028d08efe0281489ced9b6bdfdd59b26335a80d6e28000fccd8c0634551b9d55ebdb","first_seen":"2025-03-09T15:25:07.219889Z","last_seen":"2026-03-20T10:57:50.297275Z","times_seen":26,"resource_available":false,"data":null}},"time_used":845,"timings":{"blocked":513,"dns":0,"connect":0,"send":0,"wait":323,"receive":9,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-07-14T20:46:35Z","timestamp":1752525995,"ip_dst":{"addr":"172.18.0.20","port":39398,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-07-14T20:46:35.472180+0000\",\"flow_id\":778810390376515,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":39398,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjsmsie.com\",\"url\":\"/Skins/4566/images/flbtbg1.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://file.javblow.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1460},\"files\":[{\"filename\":\"/Skins/4566/images/flbtbg1.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":1460,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":10,\"pkts_toclient\":13,\"bytes_toserver\":1676,\"bytes_toclient\":11592,\"start\":\"2025-07-14T20:46:34.290883+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.bjsmsie.com/Skins/4566/images/mulu2.png","fqdn":"www.bjsmsie.com","domain":"bjsmsie.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:34.826Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/4566/images/mulu2.png HTTP/1.1\r\nHost: www.bjsmsie.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://file.javblow.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 1888\r\nConnection: keep-alive\r\nDate: Mon, 14 Jul 2025 20:46:34 GMT\r\nLast-Modified: Wed, 25 Dec 2024 06:04:33 GMT\r\nAccept-Ranges: bytes\r\nETag: \"80ee28de9256db1:0\"\r\nX-Powered-By: ASP.NET-115.4.180\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache65.l2cn2655[31,30,200-0,M], cache42.l2cn2655[32,0], kunlun6.cn192[46,45,200-0,M], kunlun10.cn192[47,0]\r\nAli-Swift-Global-Savetime: 1752525994\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 14 Jul 2025 20:46:34 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01e17525259949262761e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1888,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 31 x 31, 8-bit/color RGBA, non-interlaced","md5":"eddd0f849fc1c7829832b6f9e8fb4fd9","sha1":"2f8a652e625775bf7a3698f81a0300fef7135d8e","sha256":"6416a6887e980be9597039e8582579cbacfd3f1294ddbd13186aef108d9d7de8","sha512":"1055e73c87f1aae96da68ff07fee60d28f5de434888f7caa91fc8ea93d1bd6dd67c9a75927981f88642b45568f67372b4f08306bff5850d3136ceacfa147d94f","ssdeep":"","tlshash":"be417789f910ec52694dea86bce6a1472b375be185e7b4117cc98c0b14b20f9cd1ecd7","first_seen":"2025-03-09T15:25:07.220556Z","last_seen":"2026-03-20T10:57:50.306774Z","times_seen":15,"resource_available":false,"data":null}},"time_used":292,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":289,"receive":3,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-07-14T20:46:35Z","timestamp":1752525995,"ip_dst":{"addr":"172.18.0.20","port":39452,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-07-14T20:46:35.111408+0000\",\"flow_id\":274931269654599,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":39452,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjsmsie.com\",\"url\":\"/Skins/4566/images/mulu2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://file.javblow.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":608,\"bytes_toclient\":2440,\"start\":\"2025-07-14T20:46:34.546887+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"push.zhanzhang.baidu.com/push.js","fqdn":"push.zhanzhang.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:34.457Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /push.js HTTP/1.1\r\nHost: push.zhanzhang.baidu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://file.javblow.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.bjsmsie.com/Skins/4566/images/indnew_bg.jpg","fqdn":"www.bjsmsie.com","domain":"bjsmsie.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:34.642Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/4566/images/indnew_bg.jpg HTTP/1.1\r\nHost: www.bjsmsie.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://file.javblow.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/jpeg\r\nContent-Length: 108281\r\nConnection: keep-alive\r\nDate: Mon, 14 Jul 2025 20:46:35 GMT\r\nLast-Modified: Wed, 25 Dec 2024 06:04:28 GMT\r\nAccept-Ranges: bytes\r\nETag: \"0fe2ddb9256db1:0\"\r\nX-Powered-By: ASP.NET-114.4.178\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache61.l2cn8045[71,70,200-0,M], cache18.l2cn8045[72,0], kunlun2.cn192[160,160,200-0,M], kunlun1.cn192[162,0]\r\nAli-Swift-Global-Savetime: 1752525995\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 14 Jul 2025 20:46:36 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01517525259958483633e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":108281,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x1000, components 3","md5":"96f0c31c06171e79f85eef31c2cb7164","sha1":"56720360680ea1c34854b391810c1d26b3376f22","sha256":"f5b0b25d9c674106c99c9b3a525eeeb54b99aa54fdfa8c40236f7bc38c9033a2","sha512":"a49fcfa65a38143a76fb502535cfcb2246b4e7e1a3eda80eee44b0fafd9e1c1042546d815e8cd4491905d58e84ff93494ba087eca2e5ccda3d7a300e0650d319","ssdeep":"3072:N0o1FdMTq7K2r/y9TtGZAPuaU4H1hZkE2:NZwwFy9TtGZRaX1hZe","tlshash":"78b3128b0f63484bcf100a379c5beb13f768d8ea396b051994d6a92b0573538ae2d5f1","first_seen":"2025-03-09T15:25:07.243169Z","last_seen":"2026-03-20T10:57:50.322935Z","times_seen":22,"resource_available":false,"data":null}},"time_used":1844,"timings":{"blocked":1083,"dns":0,"connect":0,"send":0,"wait":421,"receive":340,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-07-14T20:46:36Z","timestamp":1752525996,"ip_dst":{"addr":"172.18.0.20","port":39374,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-07-14T20:46:36.150236+0000\",\"flow_id\":973194167742105,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":39374,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjsmsie.com\",\"url\":\"/Skins/4566/images/indnew_bg.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://file.javblow.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1460},\"files\":[{\"filename\":\"/Skins/4566/images/indnew_bg.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":1460,\"tx_id\":3}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":27,\"pkts_toclient\":32,\"bytes_toserver\":2971,\"bytes_toclient\":33289,\"start\":\"2025-07-14T20:46:34.290457+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tp.xinxiyidiantong.com:5868/uploads/bcxyd1s1sigdhca92z9vasjpppocuc81b03spnfn.jpg","fqdn":"tp.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":5868,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:35.615Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"tp.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Thu, 22 May 2025 00:32:07 GMT","end":"Wed, 20 Aug 2025 00:32:06 GMT"},"fingerprint":{"sha1":"84:1E:FA:BE:5F:1B:66:20:7D:29:3D:22:B5:FE:A6:98:3E:F7:7A:27","sha256":"EE:90:4E:86:24:0D:49:8E:A5:CF:3D:22:CF:8E:36:D6:AB:0B:91:90:13:BF:25:E1:3E:9D:D3:A9:0D:32:77:5E"}}},"request":{"raw":"GET /uploads/bcxyd1s1sigdhca92z9vasjpppocuc81b03spnfn.jpg HTTP/1.1\r\nHost: tp.xinxiyidiantong.com:5868\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://file.javblow.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 14 Jul 2025 20:46:36 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 152583\r\nLast-Modified: Fri, 14 Jun 2024 06:33:54 GMT\r\nConnection: keep-alive\r\nETag: \"666be452-25407\"\r\nExpires: Wed, 13 Aug 2025 20:46:36 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":152583,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1000x200, components 3","md5":"f4c61cf0f86071fdc7715e421bb8a464","sha1":"90d31d040689b43e3566c4ec06503c2f99bfaa5a","sha256":"1b6f9820794efaa5eaf8543afa077994581fc452547f6ce1403d8aa8a35d99e4","sha512":"a8e73e2a4298cbfe7cc5c1ecc7d464231e0869830a2d3733ac3fff44049bd0ab762881ab5655239b3a0f2d7e80a5ede7dc8595d5f32c5b3be2b4513603d5d464","ssdeep":"3072:v6yBYAMfLaJst63owdAvNmat+7zDQY1v1tGXLYaHGoNbnfraSMxPaEAjsPt:icNmY4C7l1sbptNfmSMBaE8sPt","tlshash":"4fe3128dc65c0be4eeacc6f46bfb5f455ed2e5f291a80f5268095251620d3ca3e36b0c","first_seen":"2024-06-15T00:51:04Z","last_seen":"2026-04-05T04:58:55.066621Z","times_seen":1355,"resource_available":false,"data":null}},"time_used":3501,"timings":{"blocked":948,"dns":17,"connect":307,"send":0,"wait":612,"receive":964,"ssl":648},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"file.javblow.com/Skins/4566/js/jquery-3.6.0.min.js","fqdn":"file.javblow.com","domain":"javblow.com","tld":"com"},"ip":{"addr":"50.2.254.166","port":80,"asn":62904,"as":"AS62904","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:30.882Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/4566/js/jquery-3.6.0.min.js HTTP/1.1\r\nHost: file.javblow.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://file.javblow.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 14 Jul 2025 20:46:31 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":89404,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65535)","md5":"46831fe773a633cbc6b491e456a0b66b","sha1":"aa798cd2820d0a596821dd83ac8e96fe4b5792b3","sha256":"7bf3461bc9e57a4820571d7e417b644c7d30927fe07d9b6e9802fe6758feb6f7","sha512":"493d28fc7a7bf3ffe38814c89c647fc0da8b23efbd167fcba148a0b8a9f4eea2964ae0cf0e20dd8315d01037b15e3ea767b976783743d2113067e96bdbdb7f7d","ssdeep":"1536:ajExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiXYmQ1vo:aIh8GgP3hujzwbhdXXvxiDQ47GK/","tlshash":"3a9309ddb2c6702257a720ba007f510bf236199d6c4d8450f169d8eabc78a4e827bf7d","first_seen":"2025-07-14T20:47:05.285961Z","last_seen":"2026-03-28T16:48:59.25503Z","times_seen":20,"resource_available":true,"data":null}},"time_used":342,"timings":{"blocked":52,"dns":1,"connect":87,"send":0,"wait":112,"receive":89,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"file.javblow.com/Skins/4566/images/footli3.png","fqdn":"file.javblow.com","domain":"javblow.com","tld":"com"},"ip":{"addr":"50.2.254.166","port":80,"asn":62904,"as":"AS62904","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:34.098Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/4566/images/footli3.png HTTP/1.1\r\nHost: file.javblow.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://file.javblow.com/Skins/4566/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 14 Jul 2025 20:46:34 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.bjsmsie.com/Skins/4566/images/footli3.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":null,"data":{"size":2636,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":380,"timings":{"blocked":273,"dns":0,"connect":0,"send":0,"wait":107,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.bjsmsie.com/Skins/4566/images/footli3.png","fqdn":"www.bjsmsie.com","domain":"bjsmsie.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:34.657Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/4566/images/footli3.png HTTP/1.1\r\nHost: www.bjsmsie.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://file.javblow.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 2636\r\nConnection: keep-alive\r\nDate: Mon, 14 Jul 2025 20:46:36 GMT\r\nLast-Modified: Wed, 25 Dec 2024 06:04:26 GMT\r\nAccept-Ranges: bytes\r\nETag: \"0d1fcd99256db1:0\"\r\nX-Powered-By: ASP.NET-115.4.178\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache47.l2cn7492[20,19,200-0,M], cache47.l2cn7492[20,0], kunlun2.cn192[40,40,200-0,M], kunlun8.cn192[42,0]\r\nAli-Swift-Global-Savetime: 1752525996\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 14 Jul 2025 20:46:36 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01c17525259962167988e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2636,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 19 x 19, 8-bit/color RGBA, non-interlaced","md5":"e219780f2dc9c2e082c44507df3b50d5","sha1":"0fecbfe7541cf18218e369255d2baa5c5d609da4","sha256":"09d36a2a12fe418eb1ae90744d345dbd7e4c8f9994294a8e437240a5d1580272","sha512":"520008d3969d5c04eb7199ff71cbebf4400a8b861a5ed3d56c83ba8fb155fc0310f2789896580c2858e827d3f3c44f1ec18dda07040f4776f7874f0692bd9dfe","ssdeep":"","tlshash":"db516348fc929c80591df449a5fc614763bb0ec09e9124495ec8c8239d309fdded96cb","first_seen":"2025-03-09T15:25:07.221793Z","last_seen":"2026-03-20T10:57:50.313151Z","times_seen":25,"resource_available":false,"data":null}},"time_used":1741,"timings":{"blocked":1453,"dns":0,"connect":0,"send":0,"wait":285,"receive":3,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-07-14T20:46:36Z","timestamp":1752525996,"ip_dst":{"addr":"172.18.0.20","port":39432,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-07-14T20:46:36.398843+0000\",\"flow_id\":1855277371119475,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":39432,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjsmsie.com\",\"url\":\"/Skins/4566/images/footli3.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://file.javblow.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2170},\"files\":[{\"filename\":\"/Skins/4566/images/footli3.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":2170,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":10,\"pkts_toclient\":12,\"bytes_toserver\":1694,\"bytes_toclient\":9647,\"start\":\"2025-07-14T20:46:34.546675+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"file.javblow.com/jquery.la.min.js","fqdn":"file.javblow.com","domain":"javblow.com","tld":"com"},"ip":{"addr":"50.2.254.166","port":80,"asn":62904,"as":"AS62904","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:35.628Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /jquery.la.min.js HTTP/1.1\r\nHost: file.javblow.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://file.javblow.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 14 Jul 2025 20:46:35 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Tue, 04 Mar 2025 15:16:57 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"67c71969-4c5\"\r\nExpires: Mon, 14 Jul 2025 21:46:35 GMT\r\nCache-Control: max-age=3600\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1221,"size_decoded":0,"mime_type":"application/javascript","magic":"HTML document, ASCII text, with very long lines (554)","md5":"6406afc04e3f3947da89fc7523723d88","sha1":"603ba81b6126d1155c0650815d9894c73a1f685f","sha256":"fbdc2e9bf89dc80c12bf353ee447b178458eeb453ef04070bf5c88572d5d1ba7","sha512":"f6a101e82d266126a573156e705af1d8eae21b6910f61282f2a75077c11969fb1282f5c50b272156dc23873d4253770c36f0d4152610a1f7f631809d289cd7a8","ssdeep":"","tlshash":"b921c15efc05e2245f51287637bbedaca9ee1035600ad80659eec06d7d25ff94522a0c","first_seen":"2024-12-04T02:32:47.41657Z","last_seen":"2026-03-15T21:19:37.780077Z","times_seen":11,"resource_available":true,"data":null}},"time_used":88,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":87,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"file.javblow.com/Skins/4566/css/swiper.min.css","fqdn":"file.javblow.com","domain":"javblow.com","tld":"com"},"ip":{"addr":"50.2.254.166","port":80,"asn":62904,"as":"AS62904","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:30.875Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/4566/css/swiper.min.css HTTP/1.1\r\nHost: file.javblow.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://file.javblow.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 14 Jul 2025 20:46:30 GMT\r\nContent-Type: text/css;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":17483,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (17459)","md5":"38e4982a90c5d5bdbdeffe240a2bfc19","sha1":"a03a3d806f0a0d77278dbd3cab61a8d1765c5878","sha256":"513d915b018f385bcca60beb2c167297dfb701bac48ef65274b3eb58460b4b67","sha512":"9696c4d5c02839aa27e1ab9512df2c01eea678655226c40c121ecf2844968461636bb49218b1c009c63106a7b6d1ee4cd3b4d25f38a8dfc31db418247519f013","ssdeep":"192:b+0GpaNCO8jrfg5WHmXgyXyzSHF68DJB0SwD:b+52CXfgWHfyXyzSl68Pe","tlshash":"6672822c17002067f6324f1987c9e77c9715c8839e4368ef6650de48cbba5a9227f7a6","first_seen":"2023-05-10T09:17:05Z","last_seen":"2026-04-04T05:59:34.946491Z","times_seen":245,"resource_available":false,"data":null}},"time_used":167,"timings":{"blocked":64,"dns":0,"connect":0,"send":0,"wait":103,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.bjsmsie.com/Skins/4566/images/banner3.jpg","fqdn":"www.bjsmsie.com","domain":"bjsmsie.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:33.416Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/4566/images/banner3.jpg HTTP/1.1\r\nHost: www.bjsmsie.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://file.javblow.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/jpeg\r\nContent-Length: 346808\r\nConnection: keep-alive\r\nDate: Mon, 14 Jul 2025 20:46:34 GMT\r\nLast-Modified: Mon, 06 Jan 2025 09:26:09 GMT\r\nAccept-Ranges: bytes\r\nETag: \"80ee541d60db1:0\"\r\nX-Powered-By: ASP.NET-115.4.180\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache57.l2cn3129[50,49,200-0,M], cache67.l2cn3129[51,0], kunlun2.cn192[66,66,200-0,M], kunlun9.cn192[67,0]\r\nAli-Swift-Global-Savetime: 1752525994\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 14 Jul 2025 20:46:34 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01d17525259946847175e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":163689,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x600, components 3","md5":"f7bf4f9dc20179150d5130825a0bc941","sha1":"a833d38c913aa9e02e1f52a54870ce0a7f548a32","sha256":"da0ca36ffa86421452c92e1012b711d63b9ed5ab94911b6fe8b951ce07957995","sha512":"7f1e57e6a7b5747f7d3c0c9f365f98fbe8edb9abc817b016fab71a0e5d2a5e643c6237d0f6aa56f024ad5981d67d6a0c323aa7fc92e9d78906f980292ff200a2","ssdeep":"3072:A+LzUiIhA3NCwxa5HtqvCR5IeY1/+t1jY87XizlA9smsseYJGdhNAPiUky:NbIhjwY5NfD4c3LzsoJY+","tlshash":"dcf3129e3e58186c4e6bbb247e1ddea680435423bcb2fd46b6199d218c0e64b1c0ffc5","first_seen":"2025-07-14T20:47:05.291671Z","last_seen":"2025-07-14T20:47:05.291671Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2129,"timings":{"blocked":-1,"dns":878,"connect":270,"send":0,"wait":344,"receive":635,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-07-14T20:46:34Z","timestamp":1752525994,"ip_dst":{"addr":"172.18.0.20","port":39384,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-07-14T20:46:34.908663+0000\",\"flow_id\":1317371372007372,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":39384,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjsmsie.com\",\"url\":\"/Skins/4566/images/banner3.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://file.javblow.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":5,\"bytes_toserver\":664,\"bytes_toclient\":2506,\"start\":\"2025-07-14T20:46:34.290764+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.chem17.com/asyncstat.aspx?u=smszxl\u0026referer=\u0026title=DB%u7535%u7ADE%B7%28DBGAME%29%u5B98%u65B9%u7F51%u7AD9","fqdn":"www.chem17.com","domain":"chem17.com","tld":"com"},"ip":{"addr":"180.163.146.112","port":443,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:34.017Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.chem17.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Fri, 03 Jan 2025 06:14:58 GMT","end":"Mon, 02 Feb 2026 06:14:57 GMT"},"fingerprint":{"sha1":"EA:83:C4:F6:80:68:DA:E0:B9:5F:29:5F:25:1E:D7:C5:23:96:B4:5B","sha256":"F1:AD:AB:7C:0A:BE:EB:41:29:1E:D9:E5:50:CE:33:DC:53:3A:61:0B:3E:F8:FC:76:84:BF:3A:F4:D7:15:69:1F"}}},"request":{"raw":"GET /asyncstat.aspx?u=smszxl\u0026referer=\u0026title=DB%u7535%u7ADE%B7%28DBGAME%29%u5B98%u65B9%u7F51%u7AD9 HTTP/1.1\r\nHost: www.chem17.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://file.javblow.com/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 517\r\ndate: Mon, 14 Jul 2025 20:46:34 GMT\r\ncache-control: no-cache\r\npragma: no-cache\r\nexpires: -1\r\nx-aspnet-version: 4.0.30319\r\nset-cookie: ASP.NET_SessionId=ywibiby3n4uslzarsiipsfzt; path=/; HttpOnly; SameSite=Lax\nmtcached_mtsession_ywibiby3n4uslzarsiipsfzt=10.115.3.112:9719; domain=.chem17.com; path=/; HttpOnly\r\nx-powered-by: ASP.NET-hg4.25\r\ncontent-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;\r\nvia: cache72.l2cn3021[31,30,200-0,M], cache14.l2cn3021[31,0], kunlun3.cn7174[40,39,200-0,M], kunlun3.cn7174[41,0]\r\nali-swift-global-savetime: 1752525994\r\nx-cache: MISS TCP_MISS dirn:-2:-2\r\nx-swift-savetime: Mon, 14 Jul 2025 20:46:34 GMT\r\nx-swift-cachetime: 0\r\ntiming-allow-origin: *\r\neagleid: b4a3921717525259941116251e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":517,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (501), with CRLF line terminators","md5":"1afcf8d0938c7fb73f8d50473f0b5e3b","sha1":"90bbce7acfa851cb76492f4dc54e8a139f1ffc98","sha256":"cbe5ba33ac4f71e3bd086b22e1a38a147a2f541eaaaf569c09ffe6b8df6c28e4","sha512":"c46efca6aecf9ef3ad3fd5a810ec5982b2b494ab1d2820e5bf958f7d39b1e62ad146b16dad9bd3d499a2473add9bd6149dc860f874743dfdceca2e460bac39d3","ssdeep":"","tlshash":"eaf050674c01d2ea8c04a8e5de71d394c05b0f7f3151d973a112018533245bbb4acadf","first_seen":"2025-07-14T20:47:05.293006Z","last_seen":"2025-07-14T20:47:05.293006Z","times_seen":1,"resource_available":false,"data":null}},"time_used":274,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":273,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tp.xinxiyidiantong.com:5868/uploads/uqpu1x4t749lwvxkguwwsdova106pr.jpg","fqdn":"tp.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":5868,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:35.620Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"tp.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Thu, 22 May 2025 00:32:07 GMT","end":"Wed, 20 Aug 2025 00:32:06 GMT"},"fingerprint":{"sha1":"84:1E:FA:BE:5F:1B:66:20:7D:29:3D:22:B5:FE:A6:98:3E:F7:7A:27","sha256":"EE:90:4E:86:24:0D:49:8E:A5:CF:3D:22:CF:8E:36:D6:AB:0B:91:90:13:BF:25:E1:3E:9D:D3:A9:0D:32:77:5E"}}},"request":{"raw":"GET /uploads/uqpu1x4t749lwvxkguwwsdova106pr.jpg HTTP/1.1\r\nHost: tp.xinxiyidiantong.com:5868\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://file.javblow.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 14 Jul 2025 20:46:36 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 200943\r\nLast-Modified: Fri, 30 Sep 2022 18:42:07 GMT\r\nConnection: keep-alive\r\nETag: \"6337387f-310ef\"\r\nExpires: Wed, 13 Aug 2025 20:46:36 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":200943,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1000x200, components 3","md5":"93b5fd25fa34d9f1f81869e9aa56dda7","sha1":"dc51916e54c77eb33536ba9acb346fc1e86cbe62","sha256":"e612039673cad23b189f1b221bb32b9f8133ea1327fb12e3ea5ef4723606efb4","sha512":"31ebdd12f3bf07d18fb093b3ea7e3783f1242ad253c494413286a5c3403ac2c208904b3bfc067a4c8933628876507889b07fe23361818d2cf5d931139325cfde","ssdeep":"6144:e8qa7OrrWXdlKyAcrn9Y1OhN8zvJ20dJj6SI:4a7Oyd0ncm12kvj6SI","tlshash":"a91412342adb8aececd6b579af1017a6114b0df2d4499fd3c634a838967e20b0d5bd70","first_seen":"2023-05-06T09:40:17Z","last_seen":"2026-04-05T04:58:55.067165Z","times_seen":1663,"resource_available":false,"data":null}},"time_used":3167,"timings":{"blocked":922,"dns":13,"connect":309,"send":0,"wait":610,"receive":684,"ssl":622},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"file.javblow.com/Skins/4566/images/banner2.jpg","fqdn":"file.javblow.com","domain":"javblow.com","tld":"com"},"ip":{"addr":"50.2.254.166","port":80,"asn":62904,"as":"AS62904","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:30.903Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/4566/images/banner2.jpg HTTP/1.1\r\nHost: file.javblow.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://file.javblow.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 14 Jul 2025 20:46:33 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.bjsmsie.com/Skins/4566/images/banner2.jpg\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":null,"data":{"size":213612,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":2307,"timings":{"blocked":2203,"dns":0,"connect":0,"send":0,"wait":104,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.bjsmsie.com/Skins/4566/images/footli1.png","fqdn":"www.bjsmsie.com","domain":"bjsmsie.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:34.655Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/4566/images/footli1.png HTTP/1.1\r\nHost: www.bjsmsie.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://file.javblow.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 2749\r\nConnection: keep-alive\r\nDate: Mon, 14 Jul 2025 20:46:36 GMT\r\nLast-Modified: Wed, 25 Dec 2024 06:04:25 GMT\r\nAccept-Ranges: bytes\r\nETag: \"803a64d99256db1:0\"\r\nX-Powered-By: ASP.NET-115.4.180\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache33.l2cn2647[18,17,200-0,M], cache60.l2cn2647[19,0], kunlun6.cn192[29,29,200-0,M], kunlun2.cn192[31,0]\r\nAli-Swift-Global-Savetime: 1752525996\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 14 Jul 2025 20:46:36 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01617525259959944114e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2749,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 19 x 19, 8-bit/color RGBA, non-interlaced","md5":"bfa6cce8bd645b1ece91b138416de875","sha1":"6635e91cf84837a9b62520cb3b18b6e2b7ec701f","sha256":"b433844a4d6b59513e62ee8231d0a630bc1ace58a00e5d12b2e89a2e10904e60","sha512":"8e2274061261a2b05afb3067d9846fc5192af8a7620670fbfd0925443ad607acfef5ec6c38493dfe259395e875f92442ac23e3fab4beaeb14b15eceef2204039","ssdeep":"","tlshash":"c6516348fc9068905a5df985aafda046a6f74fc08e912859edc8cc032d605fdcdda9c7","first_seen":"2025-03-09T15:25:07.238052Z","last_seen":"2026-03-20T10:57:50.322092Z","times_seen":26,"resource_available":false,"data":null}},"time_used":1526,"timings":{"blocked":1213,"dns":0,"connect":0,"send":0,"wait":302,"receive":11,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-07-14T20:46:46Z","timestamp":1752526006,"ip_dst":{"addr":"172.18.0.20","port":39368,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-07-14T20:46:46.442884+0000\",\"flow_id\":1662289458130278,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":39368,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjsmsie.com\",\"url\":\"/Skins/4566/images/footli1.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://file.javblow.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2749},\"files\":[{\"filename\":\"/Skins/4566/images/footli1.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2749,\"tx_id\":3}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":47,\"pkts_toclient\":66,\"bytes_toserver\":4099,\"bytes_toclient\":83917,\"start\":\"2025-07-14T20:46:34.290150+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"file.javblow.com/Skins/4566/images/footli1.png","fqdn":"file.javblow.com","domain":"javblow.com","tld":"com"},"ip":{"addr":"50.2.254.166","port":80,"asn":62904,"as":"AS62904","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:34.097Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/4566/images/footli1.png HTTP/1.1\r\nHost: file.javblow.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://file.javblow.com/Skins/4566/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 14 Jul 2025 20:46:34 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.bjsmsie.com/Skins/4566/images/footli1.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":null,"data":{"size":2749,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":309,"timings":{"blocked":192,"dns":0,"connect":0,"send":0,"wait":117,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"sdk.51.la/js-sdk-pro.min.js","fqdn":"sdk.51.la","domain":"51.la","tld":"la"},"ip":{"addr":"38.54.123.55","port":80,"asn":138915,"as":"Kaopu Cloud HK Limited","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:35.714Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /js-sdk-pro.min.js HTTP/1.1\r\nHost: sdk.51.la\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://file.javblow.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 14 Jul 2025 20:46:37 GMT\r\nContent-Type: text/plain; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: openresty\r\nCache-Control: no-store\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Credentials: true\r\nvia: EU-FRA-marseille-EDGE3-CACHE14[235],EU-FRA-marseille-EDGE3-CACHE14[ovl,232],EU-FRA-marseille-EDGE1-CACHE1[ovl,232],EA-HKG-EDGE1-CACHE1[ovl,41],EA-HKG-EDGE2-CACHE6[ovl,40],EA-HKG-GLOBAL1-CACHE28[ovl,38],CHN-GDdongguan-GLOBAL1-CACHE118[ovl,31]\r\nX-CCDN-REQ-ID-46B1: 5df0836a1226e4cf4217b4a94b4e617f\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":36115,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (35899)","md5":"b8a41c9449b73e8ba0224c6be1f0b7e8","sha1":"33d79319d4110bcf5c44c36f7dd4a291972ac546","sha256":"52079c09a7355f4ce3af750602ebb9aebae8238583601f8a06268eecccf13565","sha512":"472d0395a65a3ade2d215559b196a88ffcdacde3ac0f573eb8663b524f201d72c9339bcacbc198d82452a0ac367c0efd407b12795943cdd2755d95a8cf71b977","ssdeep":"768:swetbD3SkE+a/l1jaKUiQU5eqEh9GMXBOXAA/EXBeJMlbJfuPT:BetbD3SVT/3+KUc5eqEh9GMXBYEXBeJ7","tlshash":"dbf23d9577c0317cc3c783ea362b501ae1a69e910059a8bcf345f6907d34e56a37fba8","first_seen":"2025-03-10T03:40:31.536734Z","last_seen":"2026-04-05T07:45:35.102707Z","times_seen":81715,"resource_available":true,"data":null}},"time_used":1776,"timings":{"blocked":-1,"dns":1382,"connect":45,"send":0,"wait":281,"receive":67,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"file.javblow.com/Skins/4566/images/kefu-tb.png","fqdn":"file.javblow.com","domain":"javblow.com","tld":"com"},"ip":{"addr":"50.2.254.166","port":80,"asn":62904,"as":"AS62904","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:34.102Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/4566/images/kefu-tb.png HTTP/1.1\r\nHost: file.javblow.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://file.javblow.com/Skins/4566/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 14 Jul 2025 20:46:34 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.bjsmsie.com/Skins/4566/images/kefu-tb.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":null,"data":{"size":20057,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":285,"timings":{"blocked":177,"dns":0,"connect":0,"send":0,"wait":108,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.bjsmsie.com/Skins/4566/images/arrows2.png","fqdn":"www.bjsmsie.com","domain":"bjsmsie.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:34.611Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/4566/images/arrows2.png HTTP/1.1\r\nHost: www.bjsmsie.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://file.javblow.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 1362\r\nConnection: keep-alive\r\nDate: Mon, 14 Jul 2025 20:46:35 GMT\r\nLast-Modified: Wed, 25 Dec 2024 06:04:05 GMT\r\nAccept-Ranges: bytes\r\nETag: \"807878cd9256db1:0\"\r\nX-Powered-By: ASP.NET-115.4.180\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache42.l2cn7492[22,21,200-0,M], cache7.l2cn7492[23,0], kunlun9.cn192[43,43,200-0,M], kunlun9.cn192[44,0]\r\nAli-Swift-Global-Savetime: 1752525995\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 14 Jul 2025 20:46:35 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01d17525259956678598e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1362,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced","md5":"ec451b748d47a1b45901f49f273710aa","sha1":"4d4354b46e0370c57488fbac3492628411cb6cb9","sha256":"b80ab4ab02d0ebc35df5557233eae0f55c565c1a516c8a9541c99ddd70ee63d7","sha512":"ea551f7fafc0b9e128cdb969746386e91c13554293d1887c7dae7cf066747dd53c67a72f4dd76720672f3e0afc777bf941d72805fcb3f3d86ae54f9383041b6b","ssdeep":"","tlshash":"f421502af9b064806798649228efe0a28b270a84c5e0e5d1fdcfd12b88714f4b4086db","first_seen":"2023-07-08T23:43:21Z","last_seen":"2026-03-22T12:26:17.043998Z","times_seen":133,"resource_available":false,"data":null}},"time_used":1239,"timings":{"blocked":935,"dns":0,"connect":0,"send":0,"wait":304,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-07-14T20:46:35Z","timestamp":1752525995,"ip_dst":{"addr":"172.18.0.20","port":39422,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-07-14T20:46:35.850154+0000\",\"flow_id\":909847695087382,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":39422,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjsmsie.com\",\"url\":\"/Skins/4566/images/arrows2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://file.javblow.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":5,\"bytes_toserver\":664,\"bytes_toclient\":2406,\"start\":\"2025-07-14T20:46:34.546582+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"file.javblow.com/Skins/4566/images/artico.png","fqdn":"file.javblow.com","domain":"javblow.com","tld":"com"},"ip":{"addr":"50.2.254.166","port":80,"asn":62904,"as":"AS62904","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:34.095Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/4566/images/artico.png HTTP/1.1\r\nHost: file.javblow.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://file.javblow.com/Skins/4566/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 14 Jul 2025 20:46:34 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.bjsmsie.com/Skins/4566/images/artico.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":null,"data":{"size":2706,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":309,"timings":{"blocked":187,"dns":0,"connect":0,"send":0,"wait":121,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.bjsmsie.com/Skins/4566/images/artico.png","fqdn":"www.bjsmsie.com","domain":"bjsmsie.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:34.652Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/4566/images/artico.png HTTP/1.1\r\nHost: www.bjsmsie.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://file.javblow.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 2706\r\nConnection: keep-alive\r\nDate: Mon, 14 Jul 2025 20:46:35 GMT\r\nLast-Modified: Wed, 25 Dec 2024 06:04:05 GMT\r\nAccept-Ranges: bytes\r\nETag: \"807878cd9256db1:0\"\r\nX-Powered-By: ASP.NET-115.4.179\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache16.l2cn8000[20,20,200-0,M], cache8.l2cn8000[21,0], kunlun2.cn192[35,34,200-0,M], kunlun9.cn192[37,0]\r\nAli-Swift-Global-Savetime: 1752525996\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 14 Jul 2025 20:46:36 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01d17525259959711049e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2706,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 26 x 30, 8-bit/color RGBA, non-interlaced","md5":"673e1e71335d50688414e84e7ec3ac8d","sha1":"184273452c6334cc20127b7c8a5e0110fca90719","sha256":"93cb041e55b0b50b58477084dd5a742f490a1ffaf20ee7b121687604c6f5a717","sha512":"1a4553c4c2348911d21da0c64cead29c7f31484a952841076893fa94acffca9b55d092424b5eeb31aff36b4b3a433838554ee531e07861ad2297fb8b5a7d88ae","ssdeep":"","tlshash":"94516106f8a1ac44551df18996fca24357b34ed48ed2285daecd8c020d609edcd8d9e7","first_seen":"2025-03-09T15:25:07.240412Z","last_seen":"2026-03-20T10:57:50.321321Z","times_seen":23,"resource_available":false,"data":null}},"time_used":1498,"timings":{"blocked":1198,"dns":0,"connect":0,"send":0,"wait":297,"receive":3,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-07-14T20:46:36Z","timestamp":1752525996,"ip_dst":{"addr":"172.18.0.20","port":39422,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-07-14T20:46:36.149918+0000\",\"flow_id\":909847695087382,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":39422,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjsmsie.com\",\"url\":\"/Skins/4566/images/artico.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://file.javblow.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2170},\"files\":[{\"filename\":\"/Skins/4566/images/artico.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":2170,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":9,\"bytes_toserver\":1199,\"bytes_toclient\":6078,\"start\":\"2025-07-14T20:46:34.546582+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"file.javblow.com/Skins/4566/images/flbtbg2.png","fqdn":"file.javblow.com","domain":"javblow.com","tld":"com"},"ip":{"addr":"50.2.254.166","port":80,"asn":62904,"as":"AS62904","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:34.082Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/4566/images/flbtbg2.png HTTP/1.1\r\nHost: file.javblow.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://file.javblow.com/Skins/4566/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 14 Jul 2025 20:46:34 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.bjsmsie.com/Skins/4566/images/flbtbg2.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":null,"data":{"size":6513,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":182,"timings":{"blocked":73,"dns":0,"connect":0,"send":0,"wait":108,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.bjsmsie.com/Skins/4566/images/kefu.png","fqdn":"www.bjsmsie.com","domain":"bjsmsie.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:34.649Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/4566/images/kefu.png HTTP/1.1\r\nHost: www.bjsmsie.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://file.javblow.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 14606\r\nConnection: keep-alive\r\nDate: Mon, 14 Jul 2025 20:46:35 GMT\r\nLast-Modified: Wed, 25 Dec 2024 06:04:29 GMT\r\nAccept-Ranges: bytes\r\nETag: \"8094c6db9256db1:0\"\r\nX-Powered-By: ASP.NET-115.4.182\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache24.l2cn2655[48,47,200-0,M], cache51.l2cn2655[77,0], kunlun2.cn192[92,91,200-0,M], kunlun7.cn192[93,0]\r\nAli-Swift-Global-Savetime: 1752525995\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 14 Jul 2025 20:46:35 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01b17525259955834780e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":14606,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced","md5":"16658b683d9a02bebe05eb5cde7a0777","sha1":"6adff7842cd7dd643d3586ef4ba951035f6026a7","sha256":"b4879663ffec007ad7e56832c8463ee3a0cfaaec037516fbc4c84ce58155fdda","sha512":"936028030ec1ad0950b85fb4a9a20718e32f7a12f11744301c0216fa38741470fb9f3e76c6eea44b1e8889c17aeec4b049f90ce32b0f6dda8e9fec7fe0756c15","ssdeep":"384:QaDnEBgLk55MB6VzHFS5nRSllkWvmMZ64iIJW1sP/RA:VDEw6BeAlkW64LAqPi","tlshash":"2662af41fd230844834aee00a5cdd297ab17138ddbd1e1456ac6c8276f326fd8c5ee9a","first_seen":"2025-07-14T20:47:05.299597Z","last_seen":"2026-01-26T20:16:24.705594Z","times_seen":12,"resource_available":false,"data":null}},"time_used":1185,"timings":{"blocked":831,"dns":0,"connect":0,"send":0,"wait":338,"receive":16,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-07-14T20:46:35Z","timestamp":1752525995,"ip_dst":{"addr":"172.18.0.20","port":39398,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-07-14T20:46:35.821368+0000\",\"flow_id\":778810390376515,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":39398,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjsmsie.com\",\"url\":\"/Skins/4566/images/kefu.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://file.javblow.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2168},\"files\":[{\"filename\":\"/Skins/4566/images/kefu.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":2168,\"tx_id\":3}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":14,\"pkts_toclient\":21,\"bytes_toserver\":2263,\"bytes_toclient\":22175,\"start\":\"2025-07-14T20:46:34.290883+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"file.javblow.com/js/JSChat.js","fqdn":"file.javblow.com","domain":"javblow.com","tld":"com"},"ip":{"addr":"50.2.254.166","port":80,"asn":62904,"as":"AS62904","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:30.888Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /js/JSChat.js HTTP/1.1\r\nHost: file.javblow.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://file.javblow.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 14 Jul 2025 20:46:30 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1596,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"Unicode text, UTF-8 text","md5":"5122b87041a34991740a2418cf688de4","sha1":"ae0142e84d1e0f3c4749ea58827ae56d2a32fbbc","sha256":"40061d6dc948529ad974ca45b9b63d65ff87037086f65629d1e958cb1de10ccd","sha512":"a96700940fd242137764811caa4748780c79b6925f05ad2b31238126ee24d24ab70c05f0c72de11fde17efd99247a5b3225dbdc708249c59f9b047d5e435a481","ssdeep":"","tlshash":"de31edb24a53931209094ea3c71a134ce267915b9117e8623d3d6d643f88927b7997f0","first_seen":"2025-04-06T23:54:49.048059Z","last_seen":"2026-04-05T04:58:55.064088Z","times_seen":470,"resource_available":false,"data":null}},"time_used":241,"timings":{"blocked":49,"dns":1,"connect":86,"send":0,"wait":104,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"file.javblow.com/Skins/4566/images/morejt.png","fqdn":"file.javblow.com","domain":"javblow.com","tld":"com"},"ip":{"addr":"50.2.254.166","port":80,"asn":62904,"as":"AS62904","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:34.076Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/4566/images/morejt.png HTTP/1.1\r\nHost: file.javblow.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://file.javblow.com/Skins/4566/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 14 Jul 2025 20:46:34 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.bjsmsie.com/Skins/4566/images/morejt.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":null,"data":{"size":2464,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":105,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":105,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.bjsmsie.com/Skins/4566/images/morejt2.png","fqdn":"www.bjsmsie.com","domain":"bjsmsie.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:34.644Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/4566/images/morejt2.png HTTP/1.1\r\nHost: www.bjsmsie.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://file.javblow.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 2742\r\nConnection: keep-alive\r\nDate: Mon, 14 Jul 2025 20:46:35 GMT\r\nLast-Modified: Wed, 25 Dec 2024 06:04:32 GMT\r\nAccept-Ranges: bytes\r\nETag: \"05890dd9256db1:0\"\r\nX-Powered-By: ASP.NET-115.4.179\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache7.l2cn7492[15,14,200-0,M], cache1.l2cn7492[16,0], kunlun9.cn192[29,28,200-0,M], kunlun8.cn192[30,0]\r\nAli-Swift-Global-Savetime: 1752525995\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 14 Jul 2025 20:46:35 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01c17525259959377530e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2742,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced","md5":"64d50a7e5f4df019d2d2aba0bde8cd28","sha1":"32535dbd6e969f1a42fc22335d1fb25449728b25","sha256":"2d784e9a870833dcf327f2d68353df0d0d4c19a056b66809da7a19718a002a17","sha512":"1b46780c3e1a88fa5bdc48adbf364a7f3662e386594dc6f11d99e6ca6fadaf949185cccf08343fd1ba668158a0a7cb237eabc3dd21a355a6df1cb983ce575461","ssdeep":"","tlshash":"4e510c0dfc6068515a4ef989d9fc924297b71fc08e6168499ecac8135d604f9cdcd9cb","first_seen":"2025-03-09T15:25:07.225187Z","last_seen":"2026-03-20T10:57:50.310609Z","times_seen":23,"resource_available":false,"data":null}},"time_used":1467,"timings":{"blocked":1188,"dns":0,"connect":0,"send":0,"wait":278,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-07-14T20:46:36Z","timestamp":1752525996,"ip_dst":{"addr":"172.18.0.20","port":39432,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-07-14T20:46:36.395283+0000\",\"flow_id\":1855277371119475,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":39432,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjsmsie.com\",\"url\":\"/Skins/4566/images/morejt2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://file.javblow.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2742},\"files\":[{\"filename\":\"/Skins/4566/images/morejt2.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2742,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":9,\"bytes_toserver\":1640,\"bytes_toclient\":6099,\"start\":\"2025-07-14T20:46:34.546675+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tp.xinxiyidiantong.com:5868/uploads/ndo5u75d8mk1is8ldrdhiw1h429tnk.gif","fqdn":"tp.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":5868,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:35.625Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"tp.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Thu, 22 May 2025 00:32:07 GMT","end":"Wed, 20 Aug 2025 00:32:06 GMT"},"fingerprint":{"sha1":"84:1E:FA:BE:5F:1B:66:20:7D:29:3D:22:B5:FE:A6:98:3E:F7:7A:27","sha256":"EE:90:4E:86:24:0D:49:8E:A5:CF:3D:22:CF:8E:36:D6:AB:0B:91:90:13:BF:25:E1:3E:9D:D3:A9:0D:32:77:5E"}}},"request":{"raw":"GET /uploads/ndo5u75d8mk1is8ldrdhiw1h429tnk.gif HTTP/1.1\r\nHost: tp.xinxiyidiantong.com:5868\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://file.javblow.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 14 Jul 2025 20:46:37 GMT\r\nContent-Type: image/gif\r\nContent-Length: 458771\r\nLast-Modified: Tue, 11 May 2021 11:49:00 GMT\r\nConnection: keep-alive\r\nETag: \"609a6f2c-70013\"\r\nExpires: Wed, 13 Aug 2025 20:46:37 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":458771,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1000 x 300","md5":"70f984740f0767b3a77491391f9fd051","sha1":"315ee281e1f8d78a98c9495ae21a85620f52365e","sha256":"8ca0d1746eea53fd71559c3903ea72e3c7020cbd546667c32511257fdc53dff6","sha512":"6a3c8cd2ceca01d278bc2affca199747c7c1c2318ac74f67bfbfed3027c9fec60102c513c1460edef51b9e6d0d0c4dcea3ade2b62c66f9b9a22960fab7769c59","ssdeep":"12288:LKGXVMvoygGLsJBQQNIqwVYHLMuJNEJnSftlyTAUozFb:hXWVhkFweLMuqSVI36","tlshash":"9ea42312575a395c0ab3a8e35c26ff8b4d35a1962322f03aa30fe57fd4404e794b6763","first_seen":"2023-10-31T02:49:06Z","last_seen":"2026-04-05T04:58:55.065613Z","times_seen":1481,"resource_available":false,"data":null}},"time_used":6191,"timings":{"blocked":1575,"dns":0,"connect":0,"send":0,"wait":648,"receive":3968,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"file.javblow.com/Skins/4566/images/banner3.jpg","fqdn":"file.javblow.com","domain":"javblow.com","tld":"com"},"ip":{"addr":"50.2.254.166","port":80,"asn":62904,"as":"AS62904","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:30.905Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/4566/images/banner3.jpg HTTP/1.1\r\nHost: file.javblow.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://file.javblow.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 14 Jul 2025 20:46:33 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.bjsmsie.com/Skins/4566/images/banner3.jpg\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":null,"data":{"size":163689,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":2307,"timings":{"blocked":2201,"dns":0,"connect":0,"send":0,"wait":106,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"file.javblow.com/Skins/4566/images/arrows1.png","fqdn":"file.javblow.com","domain":"javblow.com","tld":"com"},"ip":{"addr":"50.2.254.166","port":80,"asn":62904,"as":"AS62904","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:34.048Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/4566/images/arrows1.png HTTP/1.1\r\nHost: file.javblow.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://file.javblow.com/Skins/4566/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 14 Jul 2025 20:46:34 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.bjsmsie.com/Skins/4566/images/arrows1.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":null,"data":{"size":1360,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":105,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":104,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hm.baidu.com/hm.js?0cc6fef9f641d34578b96b317316a0f3","fqdn":"hm.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"183.240.98.228","port":443,"asn":56040,"as":"China Mobile communications corporation","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:36.491Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"baidu.com","organization":"Beijing Baidu Netcom Science Technology Co., Ltd"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 08 Jul 2024 01:41:02 GMT","end":"Sat, 09 Aug 2025 01:41:01 GMT"},"fingerprint":{"sha1":"EF:0F:BE:13:02:E2:C4:D4:89:BA:8F:BA:88:EF:6F:95:DC:CF:7B:E0","sha256":"90:73:DE:D9:D9:93:A9:34:C2:9C:5E:C3:C6:AF:A7:28:6D:2F:0F:88:48:35:2F:94:D0:20:35:86:5D:85:68:E2"}}},"request":{"raw":"GET /hm.js?0cc6fef9f641d34578b96b317316a0f3 HTTP/1.1\r\nHost: hm.baidu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://file.javblow.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Length: 0\r\nDate: Mon, 14 Jul 2025 20:46:37 GMT\r\nServer: apache\r\nStrict-Transport-Security: max-age=172800\r\nContent-Type: text/plain; charset=utf-8\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":2685,"timings":{"blocked":1202,"dns":288,"connect":236,"send":0,"wait":298,"receive":0,"ssl":657},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"file.javblow.com/Skins/4566/images/flbtbg1.png","fqdn":"file.javblow.com","domain":"javblow.com","tld":"com"},"ip":{"addr":"50.2.254.166","port":80,"asn":62904,"as":"AS62904","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:34.080Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/4566/images/flbtbg1.png HTTP/1.1\r\nHost: file.javblow.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://file.javblow.com/Skins/4566/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 14 Jul 2025 20:46:34 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.bjsmsie.com/Skins/4566/images/flbtbg1.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":null,"data":{"size":8691,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":107,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":107,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tp.xinxiyidiantong.com:5868/uploads/9ac8ygliapz5ww4p3uuacykkfhn6am4w6t6hqand.png","fqdn":"tp.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":5868,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:35.607Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"tp.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Thu, 22 May 2025 00:32:07 GMT","end":"Wed, 20 Aug 2025 00:32:06 GMT"},"fingerprint":{"sha1":"84:1E:FA:BE:5F:1B:66:20:7D:29:3D:22:B5:FE:A6:98:3E:F7:7A:27","sha256":"EE:90:4E:86:24:0D:49:8E:A5:CF:3D:22:CF:8E:36:D6:AB:0B:91:90:13:BF:25:E1:3E:9D:D3:A9:0D:32:77:5E"}}},"request":{"raw":"GET /uploads/9ac8ygliapz5ww4p3uuacykkfhn6am4w6t6hqand.png HTTP/1.1\r\nHost: tp.xinxiyidiantong.com:5868\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://file.javblow.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 14 Jul 2025 20:46:36 GMT\r\nContent-Type: image/png\r\nContent-Length: 178073\r\nLast-Modified: Fri, 14 Jun 2024 06:35:05 GMT\r\nConnection: keep-alive\r\nETag: \"666be499-2b799\"\r\nExpires: Wed, 13 Aug 2025 20:46:36 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":178073,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1000 x 200","md5":"f10b57811b5cbd80cc2adb677fcbe3e2","sha1":"9c566090638bacef4fb11e5ce3798f6162f52770","sha256":"f4d197904303977c5b8764801ab45de427c7ea38e212e9e158aff5b3bdad6473","sha512":"f3665bcd909bba365acb53d64a6e95d2e1212eaf4f1f8a31419611e1d9a839366f058b9014caa35a429e8492643d49ea7937afce230f8fae1846317ab0a92893","ssdeep":"3072:kmOFOk0AYABeHXNScStRzJmQ3aNIYlmwLs6CLWBOcV8u2OPvr8qFw8Y79C6vaQgL:1AboHXNXStRzAUauwLaLWBOW7hw8elGV","tlshash":"4c0412697de7e838c12bd8d7c2cc57984810cc7c929d4023a6a74d406a77af2ce8d7ca","first_seen":"2024-02-16T22:50:56Z","last_seen":"2026-04-05T04:58:55.070565Z","times_seen":829,"resource_available":false,"data":null}},"time_used":3437,"timings":{"blocked":929,"dns":33,"connect":307,"send":0,"wait":603,"receive":939,"ssl":624},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"sdk.51.la/js-sdk-pro.min.js","fqdn":"sdk.51.la","domain":"51.la","tld":"la"},"ip":{"addr":"38.54.123.55","port":80,"asn":138915,"as":"Kaopu Cloud HK Limited","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:35.710Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /js-sdk-pro.min.js HTTP/1.1\r\nHost: sdk.51.la\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://file.javblow.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 14 Jul 2025 20:46:37 GMT\r\nContent-Type: text/plain; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: openresty\r\nCache-Control: no-store\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Credentials: true\r\nvia: EU-FRA-marseille-EDGE3-CACHE8[209],EU-FRA-marseille-EDGE3-CACHE8[ovl,207],EU-FRA-marseille-EDGE1-CACHE2[ovl,206],EA-HKG-EDGE1-CACHE2[ovl,37],EA-HKG-EDGE2-CACHE3[ovl,36],EA-HKG-GLOBAL1-CACHE35[ovl,33],CHN-GDdongguan-GLOBAL1-CACHE57[ovl,29]\r\nX-CCDN-REQ-ID-46B1: 7f18683674d4b85a61f7a74550420fa1\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":36115,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (35899)","md5":"b8a41c9449b73e8ba0224c6be1f0b7e8","sha1":"33d79319d4110bcf5c44c36f7dd4a291972ac546","sha256":"52079c09a7355f4ce3af750602ebb9aebae8238583601f8a06268eecccf13565","sha512":"472d0395a65a3ade2d215559b196a88ffcdacde3ac0f573eb8663b524f201d72c9339bcacbc198d82452a0ac367c0efd407b12795943cdd2755d95a8cf71b977","ssdeep":"768:swetbD3SkE+a/l1jaKUiQU5eqEh9GMXBOXAA/EXBeJMlbJfuPT:BetbD3SVT/3+KUc5eqEh9GMXBYEXBeJ7","tlshash":"dbf23d9577c0317cc3c783ea362b501ae1a69e910059a8bcf345f6907d34e56a37fba8","first_seen":"2025-03-10T03:40:31.536734Z","last_seen":"2026-04-05T07:45:35.102707Z","times_seen":81715,"resource_available":true,"data":null}},"time_used":1775,"timings":{"blocked":-1,"dns":1390,"connect":46,"send":0,"wait":254,"receive":85,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.bjsmsie.com/Skins/4566/images/banner1.jpg","fqdn":"www.bjsmsie.com","domain":"bjsmsie.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:33.421Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/4566/images/banner1.jpg HTTP/1.1\r\nHost: www.bjsmsie.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://file.javblow.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/jpeg\r\nContent-Length: 228933\r\nConnection: keep-alive\r\nDate: Mon, 14 Jul 2025 20:46:34 GMT\r\nLast-Modified: Mon, 06 Jan 2025 09:21:03 GMT\r\nAccept-Ranges: bytes\r\nETag: \"8029814e1c60db1:0\"\r\nX-Powered-By: ASP.NET-115.4.179\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache28.l2cn3147[37,37,200-0,M], cache18.l2cn3147[38,0], kunlun6.cn192[69,68,200-0,M], kunlun2.cn192[70,0]\r\nAli-Swift-Global-Savetime: 1752525994\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 14 Jul 2025 20:46:34 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01617525259946872420e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":209231,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x600, components 3","md5":"930c6abf5e55be9b4e17d3eabe2ec49a","sha1":"c7c36400e24284f38f1350db37179d5af88fd3ae","sha256":"0df47ec59d4cb18e7c86ee27176a84d0a057b1ee5037d751f7266bbeafea49da","sha512":"76296d130685288987dcb0de2474f1d2a4dc3c3cb9aecbd4b81e1f7ee543ab023ea7483ec8aec7f6478cf8524a080bff4e067da228ebb5374b964243725add18","ssdeep":"3072:4e9UyYKwR6WX/VNNMibfEL2w8H9f1SUh+RCfABnErt4MLkQtLY0lG+g:4qURL31fL1dLsRmqEr+atLYeG+g","tlshash":"6c14236d3feb68259d331eb6d1369d1664c20f17b8d880898996c6362386fb6d08f5c3","first_seen":"2025-07-14T20:47:05.304617Z","last_seen":"2025-07-14T20:47:05.304617Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2119,"timings":{"blocked":0,"dns":867,"connect":270,"send":0,"wait":344,"receive":636,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-07-14T20:46:34Z","timestamp":1752525994,"ip_dst":{"addr":"172.18.0.20","port":39402,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-07-14T20:46:34.903357+0000\",\"flow_id\":176494914203877,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":39402,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjsmsie.com\",\"url\":\"/Skins/4566/images/banner1.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://file.javblow.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2070},\"files\":[{\"filename\":\"/Skins/4566/images/banner1.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":2070,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":6,\"bytes_toserver\":718,\"bytes_toclient\":4632,\"start\":\"2025-07-14T20:46:34.291045+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.bjsmsie.com/Skins/4566/images/footli2.png","fqdn":"www.bjsmsie.com","domain":"bjsmsie.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:34.656Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/4566/images/footli2.png HTTP/1.1\r\nHost: www.bjsmsie.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://file.javblow.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 2021\r\nConnection: keep-alive\r\nDate: Mon, 14 Jul 2025 20:46:36 GMT\r\nLast-Modified: Wed, 25 Dec 2024 06:04:26 GMT\r\nAccept-Ranges: bytes\r\nETag: \"0d1fcd99256db1:0\"\r\nX-Powered-By: ASP.NET-114.4.178\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache31.l2cn3147[35,35,200-0,M], cache28.l2cn3147[37,0], kunlun9.cn192[67,67,200-0,M], kunlun10.cn192[69,0]\r\nAli-Swift-Global-Savetime: 1752525996\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 14 Jul 2025 20:46:36 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01e17525259959744169e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2021,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 20 x 19, 8-bit/color RGBA, non-interlaced","md5":"85216bea28db82b74127839626f76f08","sha1":"459a6c52809a0a5d3485b681f88a40501c2845da","sha256":"0ad724a8fd924a3241f8d422a72cd4c570e36124cf8357bf537bdf4d190f6c5c","sha512":"78c4673ff22d694b12a5201221cd623f087ea17b5c44ce4df74e7b140ea44ea9b02a3294a4bc220005cdd3c689754d96afc2e29fea9e314f7ab2a165a432cd23","ssdeep":"","tlshash":"6841b489e9d12c406a4dfd4a29e94283aa7f46c4d7836445bcdec48759321bbec8d4c3","first_seen":"2025-03-09T15:25:07.222524Z","last_seen":"2026-03-20T10:57:50.31123Z","times_seen":26,"resource_available":false,"data":null}},"time_used":1526,"timings":{"blocked":1215,"dns":0,"connect":0,"send":0,"wait":311,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-07-14T20:46:46Z","timestamp":1752526006,"ip_dst":{"addr":"172.18.0.20","port":39452,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-07-14T20:46:46.445333+0000\",\"flow_id\":274931269654599,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":39452,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjsmsie.com\",\"url\":\"/Skins/4566/images/footli2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://file.javblow.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2021},\"files\":[{\"filename\":\"/Skins/4566/images/footli2.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2021,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":27,\"pkts_toclient\":27,\"bytes_toserver\":2610,\"bytes_toclient\":27691,\"start\":\"2025-07-14T20:46:34.546887+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.bjsmsie.com/Skins/4566/images/hengf.jpg","fqdn":"www.bjsmsie.com","domain":"bjsmsie.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:33.402Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/4566/images/hengf.jpg HTTP/1.1\r\nHost: www.bjsmsie.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://file.javblow.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/jpeg\r\nContent-Length: 65600\r\nConnection: keep-alive\r\nDate: Mon, 14 Jul 2025 20:46:34 GMT\r\nLast-Modified: Wed, 25 Dec 2024 06:04:26 GMT\r\nAccept-Ranges: bytes\r\nETag: \"0d1fcd99256db1:0\"\r\nX-Powered-By: ASP.NET-115.4.182\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache15.l2cn3147[49,48,200-0,M], cache57.l2cn3147[50,0], kunlun2.cn192[82,81,200-0,M], kunlun2.cn192[83,0]\r\nAli-Swift-Global-Savetime: 1752525994\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 14 Jul 2025 20:46:34 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01617525259946902424e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":65600,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x243, components 3","md5":"0f1ac92730274f885286d6a62290e5eb","sha1":"a4bdf7a16796c88359f9401fb275874f932b1b5e","sha256":"3a3996404d0f4b488c09295b8c93532ca83a19ccc850a4f52326db5e6d1a5ae0","sha512":"4c8ab7aff0433820b4a1e38dcb72bc69aa4d582a30b4c64287266a6a61833b9551dff95a62244ad15469b4b9d83898809add41fecd0a4ef413754291db01e0a0","ssdeep":"1536:lrYB3Dr+u+19Dv+Pee8wybp0bq47VLLQ4RLqHxn1NGbDLA7i7:iGDbm2e0LWLQ45qwei7","tlshash":"f953023ebb11c1a3650b666204e62ab3107843f39fdd1ecec4e05a076c695d2e1dbb5b","first_seen":"2025-07-14T20:47:05.307446Z","last_seen":"2026-03-07T04:19:34.377302Z","times_seen":10,"resource_available":false,"data":null}},"time_used":1815,"timings":{"blocked":-1,"dns":891,"connect":273,"send":0,"wait":355,"receive":295,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-07-14T20:46:34Z","timestamp":1752525994,"ip_dst":{"addr":"172.18.0.20","port":39368,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-07-14T20:46:34.918967+0000\",\"flow_id\":1662289458130278,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":39368,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjsmsie.com\",\"url\":\"/Skins/4566/images/hengf.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://file.javblow.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":5,\"bytes_toserver\":662,\"bytes_toclient\":2506,\"start\":\"2025-07-14T20:46:34.290150+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.chem17.com/stat.aspx?u=smszxl\u0026referer=\u0026title=DB%u7535%u7ADE%uFFFD%28DBGAME%29%u5B98%u65B9%u7F51%u7AD9\u0026httpreferer=http%3A//file.javblow.com/","fqdn":"www.chem17.com","domain":"chem17.com","tld":"com"},"ip":{"addr":"180.163.146.112","port":443,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"","requested_by":"https://www.chem17.com/asyncstat.aspx?u=smszxl\u0026referer=\u0026title=DB%u7535%u7ADE%B7%28DBGAME%29%u5B98%u65B9%u7F51%u7AD9","date":"2025-07-14T20:46:34.423Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.chem17.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Fri, 03 Jan 2025 06:14:58 GMT","end":"Mon, 02 Feb 2026 06:14:57 GMT"},"fingerprint":{"sha1":"EA:83:C4:F6:80:68:DA:E0:B9:5F:29:5F:25:1E:D7:C5:23:96:B4:5B","sha256":"F1:AD:AB:7C:0A:BE:EB:41:29:1E:D9:E5:50:CE:33:DC:53:3A:61:0B:3E:F8:FC:76:84:BF:3A:F4:D7:15:69:1F"}}},"request":{"raw":"GET /stat.aspx?u=smszxl\u0026referer=\u0026title=DB%u7535%u7ADE%uFFFD%28DBGAME%29%u5B98%u65B9%u7F51%u7AD9\u0026httpreferer=http%3A//file.javblow.com/ HTTP/1.1\r\nHost: www.chem17.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.chem17.com/asyncstat.aspx?u=smszxl\u0026referer=\u0026title=DB%u7535%u7ADE%B7%28DBGAME%29%u5B98%u65B9%u7F51%u7AD9\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-length: 0\r\ndate: Mon, 14 Jul 2025 20:46:34 GMT\r\ncache-control: no-cache\r\npragma: no-cache\r\nexpires: -1\r\nx-aspnet-version: 4.0.30319\r\nset-cookie: ASP.NET_SessionId=dwfet5vhup53feoz21zyrw1n; path=/; HttpOnly; SameSite=Lax\nmtcached_mtsession_dwfet5vhup53feoz21zyrw1n=10.115.3.112:9719; domain=.chem17.com; path=/; HttpOnly\r\nx-powered-by: ASP.NET-4.21\r\ncontent-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;\r\nvia: cache37.l2cn3021[66,66,200-0,M], cache5.l2cn3021[67,0], kunlun1.cn7174[71,70,200-0,M], kunlun3.cn7174[73,0]\r\nali-swift-global-savetime: 1752525994\r\nx-cache: MISS TCP_MISS dirn:-2:-2\r\nx-swift-savetime: Mon, 14 Jul 2025 20:46:34 GMT\r\nx-swift-cachetime: 0\r\ntiming-allow-origin: *\r\neagleid: b4a3921717525259945146867e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":302,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":302,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.bjsmsie.com/Skins/4566/images/arrows1.png","fqdn":"www.bjsmsie.com","domain":"bjsmsie.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:34.609Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/4566/images/arrows1.png HTTP/1.1\r\nHost: www.bjsmsie.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://file.javblow.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 1360\r\nConnection: keep-alive\r\nDate: Mon, 14 Jul 2025 20:46:35 GMT\r\nLast-Modified: Wed, 25 Dec 2024 06:04:05 GMT\r\nAccept-Ranges: bytes\r\nETag: \"807878cd9256db1:0\"\r\nX-Powered-By: ASP.NET-115.4.181\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache23.l2cn2629[15,14,200-0,M], cache18.l2cn2629[16,0], kunlun6.cn192[38,38,200-0,M], kunlun8.cn192[40,0]\r\nAli-Swift-Global-Savetime: 1752525995\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 14 Jul 2025 20:46:35 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01c17525259956517058e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1360,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced","md5":"ca18c3400f1ccb39f1b891a315f9a2b8","sha1":"ca6c69282f82f17db11a115bc1428308b30320e5","sha256":"a799ce0e4e9e26454e8950dabef8eb6725bfb96afd5ac732bbefe9395168d684","sha512":"353ee8aa7765a7d8194f9997950a7be2ec716f1a592d96c887949f6251f066126b2868ffee43f31867c74d5799c989e95281d8378f91a987d3adecf058c32cd4","ssdeep":"","tlshash":"842141defd74d881d5a5a49135f72517e8560e4082e0ac477d8bd012483b0e1b97d1ce","first_seen":"2023-07-08T23:43:21Z","last_seen":"2026-03-22T12:26:17.032611Z","times_seen":133,"resource_available":false,"data":null}},"time_used":1222,"timings":{"blocked":936,"dns":0,"connect":0,"send":0,"wait":285,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-07-14T20:46:35Z","timestamp":1752525995,"ip_dst":{"addr":"172.18.0.20","port":39432,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-07-14T20:46:35.829085+0000\",\"flow_id\":1855277371119475,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":39432,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjsmsie.com\",\"url\":\"/Skins/4566/images/arrows1.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://file.javblow.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":610,\"bytes_toclient\":2339,\"start\":\"2025-07-14T20:46:34.546675+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.bjsmsie.com/Skins/4566/images/morejt.png","fqdn":"www.bjsmsie.com","domain":"bjsmsie.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:34.630Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/4566/images/morejt.png HTTP/1.1\r\nHost: www.bjsmsie.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://file.javblow.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 2464\r\nConnection: keep-alive\r\nDate: Mon, 14 Jul 2025 20:46:35 GMT\r\nLast-Modified: Wed, 25 Dec 2024 06:04:32 GMT\r\nAccept-Ranges: bytes\r\nETag: \"05890dd9256db1:0\"\r\nX-Powered-By: ASP.NET-115.4.178\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache15.l2cn8047[24,24,200-0,M], cache60.l2cn8047[26,0], kunlun3.cn192[48,48,200-0,M], kunlun2.cn192[49,0]\r\nAli-Swift-Global-Savetime: 1752525995\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 14 Jul 2025 20:46:35 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01617525259956723666e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2464,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced","md5":"c831edb956d626cfd991255b172797ae","sha1":"7254408fdec4f8b94a8fb6c4d7b2b90037bb742d","sha256":"29de051144a5f54260ee9b44dc18adb12f155353062bd7439efe0a5b3735266c","sha512":"39d723aedaf152ed101494f9b253c008fbaf37d14b0155d049b12965cb4d8da2cf4066328f1d8a324b02157df41db4ccb28fbef0d9d4d0ab6b56d06eb7fb8c75","ssdeep":"","tlshash":"3b514309bc516c911a0ef58a9efc524397b70fc08f52541aaeddcc525d204f98edd5cb","first_seen":"2025-03-09T15:25:07.227511Z","last_seen":"2026-03-20T10:57:50.320484Z","times_seen":23,"resource_available":false,"data":null}},"time_used":1237,"timings":{"blocked":916,"dns":0,"connect":0,"send":0,"wait":321,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-07-14T20:46:36Z","timestamp":1752525996,"ip_dst":{"addr":"172.18.0.20","port":39368,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-07-14T20:46:36.139119+0000\",\"flow_id\":1662289458130278,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":39368,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjsmsie.com\",\"url\":\"/Skins/4566/images/morejt.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://file.javblow.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2464},\"files\":[{\"filename\":\"/Skins/4566/images/morejt.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2464,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":44,\"pkts_toclient\":62,\"bytes_toserver\":3925,\"bytes_toclient\":80201,\"start\":\"2025-07-14T20:46:34.290150+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tp.xinxiyidiantong.com:5868/uploads/zdxu27gbnptd1nlnoezm734xiww2lz8gs5rh881c.gif","fqdn":"tp.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":5868,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:35.618Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"tp.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Thu, 22 May 2025 00:32:07 GMT","end":"Wed, 20 Aug 2025 00:32:06 GMT"},"fingerprint":{"sha1":"84:1E:FA:BE:5F:1B:66:20:7D:29:3D:22:B5:FE:A6:98:3E:F7:7A:27","sha256":"EE:90:4E:86:24:0D:49:8E:A5:CF:3D:22:CF:8E:36:D6:AB:0B:91:90:13:BF:25:E1:3E:9D:D3:A9:0D:32:77:5E"}}},"request":{"raw":"GET /uploads/zdxu27gbnptd1nlnoezm734xiww2lz8gs5rh881c.gif HTTP/1.1\r\nHost: tp.xinxiyidiantong.com:5868\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://file.javblow.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 14 Jul 2025 20:46:36 GMT\r\nContent-Type: image/gif\r\nContent-Length: 36274\r\nLast-Modified: Wed, 19 Feb 2020 07:01:50 GMT\r\nConnection: keep-alive\r\nETag: \"5e4cdd5e-8db2\"\r\nExpires: Wed, 13 Aug 2025 20:46:36 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":36274,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 1000x200, components 3","md5":"7e5d039a1efc18bb7bea97fd777c69af","sha1":"68ef09f74077052dcb97d54c3223d60b3cc8b571","sha256":"49f4dac0c9655023462733d66e03a78de44377c97c6e1c78347a571f93696ba5","sha512":"eb933bd838dfa2cb7b6b4d78b9675ab1243290dba4ab65c49e15ed82e51c10264cc1217ca042cb4d4589c9335f3e03b35788f7c5e982170352fe6c33ffc1cffd","ssdeep":"768:HqqTTVl/XyWz5/SfYem+xeUFFXEBYj5GEeseg5mT25HFwSCJvu0us:Kql5d1iX58UaYXr62X/yvu0us","tlshash":"3df2e1a4a7d09c6cc76715ffdb37f6f0270194709874227a8b982a681d38cf1cae2795","first_seen":"2023-05-06T09:40:17Z","last_seen":"2026-04-05T04:58:55.071089Z","times_seen":1287,"resource_available":false,"data":null}},"time_used":2593,"timings":{"blocked":958,"dns":37,"connect":310,"send":0,"wait":613,"receive":11,"ssl":658},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"file.javblow.com/","fqdn":"file.javblow.com","domain":"javblow.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-07-14T20:46:30.264Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: file.javblow.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":89,"timings":{"blocked":89,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"file.javblow.com/Skins/4566/images/hengf.jpg","fqdn":"file.javblow.com","domain":"javblow.com","tld":"com"},"ip":{"addr":"50.2.254.166","port":80,"asn":62904,"as":"AS62904","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:30.932Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/4566/images/hengf.jpg HTTP/1.1\r\nHost: file.javblow.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://file.javblow.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 14 Jul 2025 20:46:33 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.bjsmsie.com/Skins/4566/images/hengf.jpg\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":null,"data":{"size":65600,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":2276,"timings":{"blocked":2173,"dns":0,"connect":0,"send":0,"wait":103,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"file.javblow.com/Skins/4566/images/kefu.png","fqdn":"file.javblow.com","domain":"javblow.com","tld":"com"},"ip":{"addr":"50.2.254.166","port":80,"asn":62904,"as":"AS62904","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:34.100Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/4566/images/kefu.png HTTP/1.1\r\nHost: file.javblow.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://file.javblow.com/Skins/4566/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 14 Jul 2025 20:46:34 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.bjsmsie.com/Skins/4566/images/kefu.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":null,"data":{"size":14606,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":271,"timings":{"blocked":165,"dns":0,"connect":0,"send":0,"wait":105,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"file.javblow.com/Skins/4566/images/banner1.jpg","fqdn":"file.javblow.com","domain":"javblow.com","tld":"com"},"ip":{"addr":"50.2.254.166","port":80,"asn":62904,"as":"AS62904","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:30.902Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/4566/images/banner1.jpg HTTP/1.1\r\nHost: file.javblow.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://file.javblow.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 14 Jul 2025 20:46:33 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.bjsmsie.com/Skins/4566/images/banner1.jpg\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":null,"data":{"size":209231,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":2374,"timings":{"blocked":2267,"dns":0,"connect":0,"send":0,"wait":106,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.bjsmsie.com/Skins/4566/images/banner2.jpg","fqdn":"www.bjsmsie.com","domain":"bjsmsie.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:33.414Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/4566/images/banner2.jpg HTTP/1.1\r\nHost: www.bjsmsie.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://file.javblow.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/jpeg\r\nContent-Length: 218779\r\nConnection: keep-alive\r\nDate: Mon, 14 Jul 2025 20:46:34 GMT\r\nLast-Modified: Mon, 06 Jan 2025 09:26:09 GMT\r\nAccept-Ranges: bytes\r\nETag: \"33c02751d60db1:0\"\r\nX-Powered-By: ASP.NET-114.4.178\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache42.l2cn3130[39,38,200-0,M], cache5.l2cn3130[40,0], kunlun6.cn192[62,61,200-0,M], kunlun1.cn192[64,0]\r\nAli-Swift-Global-Savetime: 1752525994\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 14 Jul 2025 20:46:34 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01517525259946862011e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":213612,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x600, components 3","md5":"5cc0a821a1289d63d602ab3280c06212","sha1":"59ff8e8461f8b08fe7c869ad4d1c720ff811a423","sha256":"17fe8a4aa5c01084f531972ec4f71e07c2fa6621e9b20778b5947d0718269133","sha512":"807da401a541bad64d6864245a8dd2c9b66c8a9aabd1fc05d2998a3b186b711430cf57809c8327e4313add6af16cf5ac8bec6623a9c314bc80b955529d168f33","ssdeep":"6144:IE186CBvNipsxVWwnUOwYMNJQTb2J/gUQkX1eErOq:l18rBvksCwnUOHGOHE/lQ81ei","tlshash":"112412e7e2e6ef860cceba4ec0ee710551924f219041167255c614bd37eb26fde2d816","first_seen":"2025-07-14T20:47:05.31215Z","last_seen":"2025-07-14T20:47:05.31215Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2131,"timings":{"blocked":-1,"dns":880,"connect":270,"send":0,"wait":333,"receive":645,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-07-14T20:46:34Z","timestamp":1752525994,"ip_dst":{"addr":"172.18.0.20","port":39376,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-07-14T20:46:34.896644+0000\",\"flow_id\":1885404419223332,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":39376,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjsmsie.com\",\"url\":\"/Skins/4566/images/banner2.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://file.javblow.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":5,\"bytes_toserver\":664,\"bytes_toclient\":2506,\"start\":\"2025-07-14T20:46:34.290596+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"file.javblow.com/Skins/4566/images/indnew_bg.jpg","fqdn":"file.javblow.com","domain":"javblow.com","tld":"com"},"ip":{"addr":"50.2.254.166","port":80,"asn":62904,"as":"AS62904","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:34.090Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/4566/images/indnew_bg.jpg HTTP/1.1\r\nHost: file.javblow.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://file.javblow.com/Skins/4566/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 14 Jul 2025 20:46:34 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.bjsmsie.com/Skins/4566/images/indnew_bg.jpg\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":null,"data":{"size":108281,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":187,"timings":{"blocked":81,"dns":0,"connect":0,"send":0,"wait":104,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"file.javblow.com/Skins/4566/images/footli2.png","fqdn":"file.javblow.com","domain":"javblow.com","tld":"com"},"ip":{"addr":"50.2.254.166","port":80,"asn":62904,"as":"AS62904","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:34.098Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/4566/images/footli2.png HTTP/1.1\r\nHost: file.javblow.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://file.javblow.com/Skins/4566/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 14 Jul 2025 20:46:34 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.bjsmsie.com/Skins/4566/images/footli2.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":null,"data":{"size":2021,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":308,"timings":{"blocked":191,"dns":0,"connect":0,"send":0,"wait":117,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.bjsmsie.com/Skins/4566/images/flbtbg2.png","fqdn":"www.bjsmsie.com","domain":"bjsmsie.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:34.639Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/4566/images/flbtbg2.png HTTP/1.1\r\nHost: www.bjsmsie.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://file.javblow.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 6513\r\nConnection: keep-alive\r\nDate: Mon, 14 Jul 2025 20:46:35 GMT\r\nLast-Modified: Wed, 25 Dec 2024 06:04:25 GMT\r\nAccept-Ranges: bytes\r\nETag: \"803a64d99256db1:0\"\r\nX-Powered-By: ASP.NET-115.4.179\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache8.l2cn2655[19,18,200-0,M], cache68.l2cn2655[20,0], kunlun4.cn192[49,48,200-0,M], kunlun2.cn192[50,0]\r\nAli-Swift-Global-Savetime: 1752525995\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 14 Jul 2025 20:46:35 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01617525259953403210e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":6513,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 119 x 179, 8-bit/color RGBA, non-interlaced","md5":"102ddad9d6e5308044e5fb01afdcf994","sha1":"325342b21806f92d5c495190ee4e7cd0aab0d1cf","sha256":"dcfa4a4b2ebab065e025dd556103ca6817893108bd661f2a0621abefdfc163fe","sha512":"c8e81702089898407cbc2a606700af50708d3e9648956ffb509cdcc1d385f01e52d0e19c7b4f48fb9428ec2eb6be25addb38ec4aec382dc89a9be24ad8b922e0","ssdeep":"192:ZS87F8knEbsigoFp1BSg73JmB3UyA1n2ri/p5a7o+:A8NnEAfoFp1BLC3UFMriH5+","tlshash":"dfd18d0def926a2017dcad95fa99808316771f8092c370c02ccedc4628a44fbc91d6c6","first_seen":"2025-03-09T15:25:07.23129Z","last_seen":"2026-03-20T10:57:50.309523Z","times_seen":26,"resource_available":false,"data":null}},"time_used":907,"timings":{"blocked":576,"dns":0,"connect":0,"send":0,"wait":330,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-07-14T20:46:35Z","timestamp":1752525995,"ip_dst":{"addr":"172.18.0.20","port":39368,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-07-14T20:46:35.539285+0000\",\"flow_id\":1662289458130278,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":39368,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjsmsie.com\",\"url\":\"/Skins/4566/images/flbtbg2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://file.javblow.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1460},\"files\":[{\"filename\":\"/Skins/4566/images/flbtbg2.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":1460,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":38,\"pkts_toclient\":55,\"bytes_toserver\":2842,\"bytes_toclient\":74476,\"start\":\"2025-07-14T20:46:34.290150+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fcl.xueyuxingfeng.com:6987/067/ade/sj.js","fqdn":"fcl.xueyuxingfeng.com","domain":"xueyuxingfeng.com","tld":"com"},"ip":{"addr":"27.124.44.6","port":6987,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:30.953Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"fcl.xueyuxingfeng.com","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Thu, 22 May 2025 00:31:46 GMT","end":"Wed, 20 Aug 2025 00:31:45 GMT"},"fingerprint":{"sha1":"E7:96:14:8D:F2:8D:F8:B1:86:D8:06:58:51:4C:5F:5D:42:C3:BA:3B","sha256":"C6:14:88:00:54:6C:4B:D6:54:D7:72:CA:F5:FA:21:D4:A7:6B:EF:7F:0B:B3:9F:91:4D:5C:CC:33:15:34:0C:72"}}},"request":{"raw":"GET /067/ade/sj.js HTTP/1.1\r\nHost: fcl.xueyuxingfeng.com:6987\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://file.javblow.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 14 Jul 2025 20:46:33 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Fri, 13 Dec 2024 04:59:05 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"675bbf19-d26\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3366,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text","md5":"fa19716607c7d8137d9cfbe623dba7cb","sha1":"e46242940c345610d692c2b1ce8fe9c1152aa46c","sha256":"cc9193fc7e8e2722b308b5de9881b0442e21363e33b296824381d574816bae16","sha512":"391ff0cdc99fdcfb81af8a0a72425b9e178309d74d5ec96642dbfc1fdd98be8529260af73ac6896dd45266adde8cfcfa96083e4c94a10ef1a3e593de0915d60b","ssdeep":"","tlshash":"4b611f54ef8d20338e133155ae6f958c24be68577d48eca7f84c64d44fa0d38852beac","first_seen":"2024-12-18T10:35:23.532443Z","last_seen":"2026-04-04T22:13:19.170087Z","times_seen":212,"resource_available":true,"data":null}},"time_used":5682,"timings":{"blocked":2687,"dns":1762,"connect":302,"send":0,"wait":308,"receive":0,"ssl":617},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"file.javblow.com/Skins/4566/images/morejt2.png","fqdn":"file.javblow.com","domain":"javblow.com","tld":"com"},"ip":{"addr":"50.2.254.166","port":80,"asn":62904,"as":"AS62904","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:34.094Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/4566/images/morejt2.png HTTP/1.1\r\nHost: file.javblow.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://file.javblow.com/Skins/4566/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Mon, 14 Jul 2025 20:46:34 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.bjsmsie.com/Skins/4566/images/morejt2.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":null,"data":{"size":2742,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":188,"timings":{"blocked":85,"dns":0,"connect":0,"send":0,"wait":103,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.bjsmsie.com/Skins/4566/images/zxbtn.png","fqdn":"www.bjsmsie.com","domain":"bjsmsie.com","tld":"com"},"ip":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:34.648Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/4566/images/zxbtn.png HTTP/1.1\r\nHost: www.bjsmsie.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://file.javblow.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 6189\r\nConnection: keep-alive\r\nDate: Mon, 14 Jul 2025 20:46:35 GMT\r\nLast-Modified: Wed, 25 Dec 2024 06:04:40 GMT\r\nAccept-Ranges: bytes\r\nETag: \"0c55e29256db1:0\"\r\nX-Powered-By: ASP.NET-115.4.181\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache44.l2ea120-8[23,22,200-0,M], cache78.l2ea120-8[24,0], kunlun6.cn192[39,39,200-0,M], kunlun7.cn192[40,0]\r\nAli-Swift-Global-Savetime: 1752525995\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Mon, 14 Jul 2025 20:46:35 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3adad01b17525259959375336e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":6189,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 198 x 64, 8-bit/color RGBA, non-interlaced","md5":"c1ebdc0a09701af244f9a5e63a440a09","sha1":"df8a6d61c4de4811029866d8c0fbd5f64325370c","sha256":"bb8a0c10dccde739dd02a839c0c7301f537eacb2bfea8703255afe8b3bc82704","sha512":"beba2e8bca3ad3c071126324733cb2b42078b3862bfd3564142dd0660d13faac78486d282f408305dadf9a5bc2992d937277d52c0cda9f43715f9f6bc4bcc526","ssdeep":"192:CSQ7F8knFWMICIBedJWJaStRlt1MnxS1jCHDJfX76q+yHe2:dQNnFWMIC0edJWJaSTlTMnkCN76Qe2","tlshash":"3fd14b8cbe91dc80198dbf9a389ee7e2653b1fc08ed37128fcf9540b5950175d82e58a","first_seen":"2025-03-09T15:25:07.216317Z","last_seen":"2026-03-20T10:57:50.316221Z","times_seen":19,"resource_available":false,"data":null}},"time_used":1478,"timings":{"blocked":1187,"dns":0,"connect":0,"send":0,"wait":284,"receive":7,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-07-14T20:46:36Z","timestamp":1752525996,"ip_dst":{"addr":"172.18.0.20","port":39398,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"58.218.215.104","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-07-14T20:46:36.123253+0000\",\"flow_id\":778810390376515,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"58.218.215.104\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":39398,\"proto\":\"TCP\",\"tx_id\":4,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjsmsie.com\",\"url\":\"/Skins/4566/images/zxbtn.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://file.javblow.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1460},\"files\":[{\"filename\":\"/Skins/4566/images/zxbtn.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":1460,\"tx_id\":4}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":22,\"pkts_toclient\":35,\"bytes_toserver\":3079,\"bytes_toclient\":39040,\"start\":\"2025-07-14T20:46:34.290883+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"file.javblow.com/jquery.min.js","fqdn":"file.javblow.com","domain":"javblow.com","tld":"com"},"ip":{"addr":"50.2.254.166","port":80,"asn":62904,"as":"AS62904","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"","requested_by":"http://file.javblow.com/","date":"2025-07-14T20:46:30.867Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /jquery.min.js HTTP/1.1\r\nHost: file.javblow.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://file.javblow.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 14 Jul 2025 20:46:30 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 718\r\nLast-Modified: Tue, 04 Mar 2025 15:16:57 GMT\r\nConnection: keep-alive\r\nETag: \"67c71969-2ce\"\r\nExpires: Mon, 14 Jul 2025 21:46:30 GMT\r\nCache-Control: max-age=3600\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":718,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (718), with no line terminators","md5":"a75ada17c3011458d74a0e4c5cc17ffa","sha1":"8e57d597b1caeb46af5a4578034187eda8bf8b26","sha256":"8056951f7605e0cc00e96769abe87124de09d74273e83efb7992dddc056390ce","sha512":"b56551f614e99478ac6a0e273fe4bb4b796c29e118732b903d11ec3dfc8368f0872386a3970dad897a0b5dceb21adb5557827c6dad66a642480a1f52c45fef4e","ssdeep":"","tlshash":"d30181d8c7c4d89baecc5e43ea24deca25b3813b97d832838318fe8c01ad157c89c049","first_seen":"2023-03-07T12:26:46Z","last_seen":"2026-04-02T16:01:36.350899Z","times_seen":124,"resource_available":true,"data":null}},"time_used":87,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":87,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}