We have an ASA 5510 and have it set to enable Threat Detection and "Shun hosts detected by scanning threat". I attached a screenshot of the ASDM. Once a month we send out a video to our member firms and one firm will continually get shunned. It happened again yesterday (2 weeks after the video was sent out) and I checked the web server logs - it was only accessed once by this firm. I did a test from a remote location and saw the same things in the web logs yet I did not get shunned. We don't have a syslog server, but is there a way to identify why this one location gets shunned when accessing our site?