{"timestamp":"2023-10-25T18:34:16.270913+0000","flow_id":1472040591136286,"pcap_cnt":87031,"event_type":"http","src_ip":"10.0.255.150","src_port":49902,"dest_ip":"31.192.237.75","dest_port":80,"proto":"TCP","pkt_src":"wire/pcap","tx_id":7,"http":{"hostname":"31.192.237.75","url":"/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/sqlite3.dll","http_user_agent":"SunShineMoonLight","http_method":"GET","protocol":"HTTP/1.1","length":0,"request_headers":[{"name":"Content-Type","value":"text/plain;"},{"name":"User-Agent","value":"SunShineMoonLight"},{"name":"Host","value":"31.192.237.75"},{"name":"Connection","value":"Keep-Alive"},{"name":"Cache-Control","value":"no-cache"}]}}
{"timestamp":"2023-10-25T18:34:17.215306+0000","flow_id":1472040591136286,"pcap_cnt":87856,"event_type":"http","src_ip":"10.0.255.150","src_port":49902,"dest_ip":"31.192.237.75","dest_port":80,"proto":"TCP","pkt_src":"wire/pcap","tx_id":8,"http":{"hostname":"31.192.237.75","url":"/d03a9289f9eeb76a724bc8f50b972d1f","http_user_agent":"SunShineMoonLight","http_method":"POST","protocol":"HTTP/1.1","length":0,"request_headers":[{"name":"Accept","value":"*/*"},{"name":"Content-Type","value":"multipart/form-data; boundary=uT62d749kd0wb0x6"},{"name":"User-Agent","value":"SunShineMoonLight"},{"name":"Host","value":"31.192.237.75"},{"name":"Content-Length","value":"1464"},{"name":"Connection","value":"Keep-Alive"},{"name":"Cache-Control","value":"no-cache"}]}}
{"timestamp":"2023-10-25T18:34:22.299112+0000","flow_id":1472040591136286,"pcap_cnt":87944,"event_type":"http","src_ip":"10.0.255.150","src_port":49902,"dest_ip":"31.192.237.75","dest_port":80,"proto":"TCP","pkt_src":"wire/pcap","tx_id":9,"http":{"hostname":"31.192.237.75","url":"/d03a9289f9eeb76a724bc8f50b972d1f","http_user_agent":"SunShineMoonLight","http_method":"POST","protocol":"HTTP/1.1","length":0,"request_headers":[{"name":"Accept","value":"*/*"},{"name":"Content-Type","value":"multipart/form-data; boundary=XB26mNSNBUeCYJ4f"},{"name":"User-Agent","value":"SunShineMoonLight"},{"name":"Host","value":"31.192.237.75"},{"name":"Content-Length","value":"7098"},{"name":"Connection","value":"Keep-Alive"},{"name":"Cache-Control","value":"no-cache"}]}}
{"timestamp":"2023-10-25T18:32:13.338973+0000","flow_id":1472040591136286,"event_type":"http","src_ip":"10.0.255.150","src_port":49902,"dest_ip":"31.192.237.75","dest_port":80,"proto":"TCP","pkt_src":"stream (flow timeout)","tx_id":10,"http":{"hostname":"31.192.237.75","url":"/d03a9289f9eeb76a724bc8f50b972d1f","http_user_agent":"SunShineMoonLight","http_method":"POST","protocol":"HTTP/1.1","length":0,"request_headers":[{"name":"Accept","value":"*/*"},{"name":"Content-Type","value":"multipart/form-data; boundary=7fXZaq2Dl7Z2OpOt"},{"name":"User-Agent","value":"SunShineMoonLight"},{"name":"Host","value":"31.192.237.75"},{"name":"Content-Length","value":"15962"},{"name":"Connection","value":"Keep-Alive"},{"name":"Cache-Control","value":"no-cache"}]}}
{"timestamp":"2023-10-04T15:29:20.884220+0000","flow_id":117703072249891,"pcap_cnt":42,"event_type":"http","src_ip":"10.0.254.29","src_port":49906,"dest_ip":"208.95.112.1","dest_port":80,"proto":"TCP","pkt_src":"wire/pcap","tx_id":0,"http":{"hostname":"ip-api.com","url":"/csv","http_user_agent":"BunnyRequester","http_content_type":"text/plain","http_method":"GET","protocol":"HTTP/1.1","status":200,"length":172,"request_headers":[{"name":"User-Agent","value":"BunnyRequester"},{"name":"Host","value":"ip-api.com"},{"name":"Cache-Control","value":"no-cache"}],"response_headers":[{"name":"Date","value":"Wed, 04 Oct 2023 15:29:20 GMT"},{"name":"Content-Type","value":"text/plain; charset=utf-8"},{"name":"Content-Length","value":"172"},{"name":"Access-Control-Allow-Origin","value":"*"},{"name":"X-Ttl","value":"60"},{"name":"X-Rl","value":"44"}]}}
{"timestamp":"2023-10-04T15:29:20.871531+0000","flow_id":17433464293012,"pcap_cnt":34,"event_type":"http","src_ip":"10.0.254.29","src_port":49905,"dest_ip":"64.185.227.156","dest_port":80,"proto":"TCP","pkt_src":"wire/pcap","tx_id":0,"http":{"hostname":"api.ipify.org","url":"/","http_user_agent":"BunnyRequester","http_content_type":"text/plain","http_method":"GET","protocol":"HTTP/1.1","status":200,"length":14,"request_headers":[{"name":"User-Agent","value":"BunnyRequester"},{"name":"Host","value":"api.ipify.org"},{"name":"Cache-Control","value":"no-cache"}],"response_headers":[{"name":"Server","value":"nginx/1.25.1"},{"name":"Date","value":"Wed, 04 Oct 2023 15:29:20 GMT"},{"name":"Content-Type","value":"text/plain"},{"name":"Content-Length","value":"14"},{"name":"Connection","value":"keep-alive"},{"name":"Vary","value":"Origin"}]}}
{"timestamp":"2023-10-04T15:29:01.931874+0000","flow_id":17433464293012,"event_type":"fileinfo","src_ip":"64.185.227.156","src_port":80,"dest_ip":"10.0.254.29","dest_port":49905,"proto":"TCP","pkt_src":"stream (flow timeout)","http":{"hostname":"api.ipify.org","url":"/","http_user_agent":"BunnyRequester","http_content_type":"text/plain","http_method":"GET","protocol":"HTTP/1.1","status":200,"length":14},"app_proto":"http","fileinfo":{"filename":"/","gaps":false,"state":"CLOSED","stored":false,"size":14,"tx_id":0}}
{"timestamp":"2023-10-04T15:29:01.931874+0000","flow_id":117703072249891,"event_type":"fileinfo","src_ip":"208.95.112.1","src_port":80,"dest_ip":"10.0.254.29","dest_port":49906,"proto":"TCP","pkt_src":"stream (flow timeout)","http":{"hostname":"ip-api.com","url":"/csv","http_user_agent":"BunnyRequester","http_content_type":"text/plain","http_method":"GET","protocol":"HTTP/1.1","status":200,"length":172},"app_proto":"http","fileinfo":{"filename":"/csv","gaps":false,"state":"CLOSED","stored":false,"size":172,"tx_id":0}}
{"timestamp":"2023-01-12T18:46:59.103156+0000","flow_id":966231561944961,"pcap_cnt":9910,"event_type":"http","src_ip":"192.168.196.131","src_port":50837,"dest_ip":"192.168.196.129","dest_port":8000,"proto":"TCP","pkt_src":"wire/pcap","tx_id":0,"http":{"hostname":"192.168.196.129","http_port":8000,"url":"/runme.exe","http_user_agent":"WinHTTP Example/1.0","http_content_type":"application/x-msdos-program","http_method":"GET","protocol":"HTTP/1.1","status":200,"length":7168,"request_headers":[{"name":"Connection","value":"Keep-Alive"},{"name":"User-Agent","value":"WinHTTP Example/1.0"},{"name":"Host","value":"192.168.196.129:8000"}],"response_headers":[{"name":"Server","value":"SimpleHTTP/0.6 Python/3.10.4"},{"name":"Date","value":"Thu, 12 Jan 2023 18:46:57 GMT"},{"name":"Content-type","value":"application/x-msdos-program"},{"name":"Content-Length","value":"7168"},{"name":"Last-Modified","value":"Thu, 12 Jan 2023 18:39:28 GMT"}]}}
{"timestamp":"2023-01-12T18:46:59.105535+0000","flow_id":966231561944961,"pcap_cnt":9912,"event_type":"fileinfo","src_ip":"192.168.196.129","src_port":8000,"dest_ip":"192.168.196.131","dest_port":50837,"proto":"TCP","pkt_src":"wire/pcap","http":{"hostname":"192.168.196.129","http_port":8000,"url":"/runme.exe","http_user_agent":"WinHTTP Example/1.0","http_content_type":"application/x-msdos-program","http_method":"GET","protocol":"HTTP/1.1","status":200,"length":7168},"app_proto":"http","fileinfo":{"filename":"/runme.exe","gaps":false,"state":"CLOSED","stored":false,"size":7168,"tx_id":0}}