The webshield is scanning all HTTP (and if enabled also HTTPS) traffic from
the machine, so the originator must not be a browser. It is very probable, that it
is some kind of virus/spyware that is causing the traffic. To find the originator,
You can use tools like netstat, lsof or wireshark.