{
  "rule_ids": [
    "raw_ip_url",
    "plain_http_to_sink"
  ],
  "severity": "HIGH",
  "command_redacted": "curl -s --connect-timeout 3 http://159.75.182.71:8080/particle-flow-field.html |...",
  "findings": [
    {
      "rule_id": "raw_ip_url",
      "severity": "MEDIUM",
      "title": "URL uses raw IP address",
      "description": "URL points to IP address 159.75.182.71 instead of a domain name",
      "evidence": [
        {
          "type": "url",
          "raw": "159.75.182.71"
        }
      ]
    },
    {
      "rule_id": "plain_http_to_sink",
      "severity": "HIGH",
      "title": "Plain HTTP URL in execution context",
      "description": "URL 'http://159.75.182.71:8080/particle-flow-field.html' uses unencrypted HTTP and is being passed to a command that downloads or executes content. An attacker on the network could modify the content.",
      "evidence": [
        {
          "type": "url",
          "raw": "http://159.75.182.71:8080/particle-flow-field.html"
        }
      ]
    }
  ],
  "timestamp": "2026-05-19T03:51:11.057051529+00:00"
}