{"timestamp":"2023-08-26T18:05:40.202175+0000","flow_id":2210070665963323,"in_iface":"ens5","event_type":"flow","src_ip":"1.1.4.1","src_port":17954,"dest_ip":"1.2.23.137","dest_port":8443,"proto":"TCP","app_proto":"tls","flow":{"pkts_toserver":13,"pkts_toclient":15,"bytes_toserver":1496,"bytes_toclient":8852,"start":"2023-08-26T18:04:39.776716+0000","end":"2023-08-26T18:04:39.997838+0000","age":0,"state":"closed","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"1f","tcp_flags_ts":"1b","tcp_flags_tc":"1f","syn":true,"fin":true,"rst":true,"psh":true,"ack":true,"state":"closed","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-08-26T18:04:39.919257+0000","flow_id":2210070665963323,"in_iface":"ens5","event_type":"tls","src_ip":"1.1.4.1","src_port":17954,"dest_ip":"1.2.23.137","dest_port":8443,"proto":"TCP","pkt_src":"wire/pcap","tls":{"sni":"example.com","version":"TLS 1.3","ja3":{"hash":"123cd7cb9faa123487833865d516e123","string":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,0-5-10-11-13-65281-18-43-51,29-23-24-25,0"},"ja3s":{"hash":"123d94daa7e1234597e712a1fb6e705123","string":"771,4865,51-43"}}}
{"timestamp":"2023-08-26T18:02:57.738280+0000","flow_id":984751863281179,"in_iface":"ens5","event_type":"flow","src_ip":"1.1.9.8","src_port":48534,"dest_ip":"1.2.52.234","dest_port":10080,"proto":"TCP","app_proto":"http","flow":{"pkts_toserver":6,"pkts_toclient":4,"bytes_toserver":647,"bytes_toclient":500,"start":"2023-08-26T18:01:55.556960+0000","end":"2023-08-26T18:01:55.769701+0000","age":0,"state":"closed","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"1b","tcp_flags_ts":"1b","tcp_flags_tc":"1b","syn":true,"fin":true,"psh":true,"ack":true,"state":"closed","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-08-26T18:02:57.062822+0000","flow_id":921327351542507,"in_iface":"ens5","event_type":"flow","src_ip":"1.1.9.8","src_port":27642,"dest_ip":"1.2.29.110","dest_port":10080,"proto":"TCP","app_proto":"http","flow":{"pkts_toserver":6,"pkts_toclient":4,"bytes_toserver":645,"bytes_toclient":446,"start":"2023-08-26T18:01:55.542193+0000","end":"2023-08-26T18:01:55.756503+0000","age":0,"state":"closed","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"1b","tcp_flags_ts":"1b","tcp_flags_tc":"1b","syn":true,"fin":true,"psh":true,"ack":true,"state":"closed","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-08-26T18:01:55.698976+0000","flow_id":984751863281179,"in_iface":"ens5","event_type":"http","src_ip":"1.1.9.8","src_port":48534,"dest_ip":"1.2.52.234","dest_port":10080,"proto":"TCP","pkt_src":"wire/pcap","tx_id":0,"http":{"hostname":"example.com","url":"/","http_user_agent":"Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2309.372 Safari/537.36","http_method":"GET","protocol":"HTTP/1.1","status":200,"redirect":"https://example.com/","length":0}}
{"timestamp":"2023-08-26T18:01:55.685457+0000","flow_id":921327351542507,"in_iface":"ens5","event_type":"http","src_ip":"1.1.9.8","src_port":27642,"dest_ip":"1.2.29.110","dest_port":10080,"proto":"TCP","pkt_src":"wire/pcap","tx_id":0,"http":{"hostname":"example.com","url":"/","http_user_agent":"Mozilla/5.0 (Windows NT 6.4; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2225.0 Safari/537.36","http_method":"GET","protocol":"HTTP/1.1","status":200,"length":0}}
{"timestamp":"2023-08-26T17:53:14.734453+0000","flow_id":1592683703686769,"in_iface":"ens5","event_type":"flow","src_ip":"1.1.1.1","src_port":16292,"dest_ip":"1.2.43.129","dest_port":1444,"proto":"TCP","app_proto":"tls","flow":{"pkts_toserver":11,"pkts_toclient":13,"bytes_toserver":1381,"bytes_toclient":6286,"start":"2023-08-26T17:52:13.108681+0000","end":"2023-08-26T17:52:13.329343+0000","age":0,"state":"closed","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"1f","tcp_flags_ts":"1b","tcp_flags_tc":"1f","syn":true,"fin":true,"rst":true,"psh":true,"ack":true,"state":"closed","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-08-26T17:53:12.474222+0000","flow_id":653489105689533,"in_iface":"ens5","event_type":"flow","src_ip":"1.1.4.1","src_port":41834,"dest_ip":"1.2.49.95","dest_port":443,"proto":"TCP","app_proto":"tls","flow":{"pkts_toserver":12,"pkts_toclient":13,"bytes_toserver":1414,"bytes_toclient":6270,"start":"2023-08-26T17:52:1.807512+0000","end":"2023-08-26T17:52:11.022465+0000","age":1,"state":"closed","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"1f","tcp_flags_ts":"1b","tcp_flags_tc":"1f","syn":true,"fin":true,"rst":true,"psh":true,"ack":true,"state":"closed","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-08-26T17:52:13.252192+0000","flow_id":1592683703686769,"in_iface":"ens5","event_type":"tls","src_ip":"1.1.1.1","src_port":16292,"dest_ip":"1.2.43.129","dest_port":1444,"proto":"TCP","pkt_src":"wire/pcap","tls":{"sni":"example.com","version":"TLS 1.3","ja3":{"hash":"123cd7cb9faa123487833865d516e123","string":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,0-5-10-11-13-65281-18-43-51,29-23-24-25,0"},"ja3s":{"hash":"123d94daa7e1234597e712a1fb6e705123","string":"771,4865,51-43"}}}
{"timestamp":"2023-08-26T17:52:1.948200+0000","flow_id":653489105689533,"in_iface":"ens5","event_type":"tls","src_ip":"1.1.4.1","src_port":41834,"dest_ip":"1.2.49.95","dest_port":443,"proto":"TCP","pkt_src":"wire/pcap","tls":{"sni":"example.com","version":"TLS 1.3","ja3":{"hash":"123cd7cb9faa123487833865d516e123","string":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,0-5-10-11-13-65281-18-43-51,29-23-24-25,0"},"ja3s":{"hash":"123d94daa7e1234597e712a1fb6e705123","string":"771,4865,51-43"}}}
{"timestamp":"2023-08-26T17:35:52.078321+0000","flow_id":1027906318158853,"in_iface":"ens5","event_type":"flow","src_ip":"1.1.1.1","src_port":23190,"dest_ip":"1.2.52.234","dest_port":10443,"proto":"TCP","app_proto":"tls","flow":{"pkts_toserver":12,"pkts_toclient":12,"bytes_toserver":1735,"bytes_toclient":4570,"start":"2023-08-26T17:34:51.173792+0000","end":"2023-08-26T17:34:51.463357+0000","age":0,"state":"closed","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"1f","tcp_flags_ts":"1f","tcp_flags_tc":"1e","syn":true,"fin":true,"rst":true,"psh":true,"ack":true,"state":"closed","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-08-26T17:34:51.317725+0000","flow_id":1027906318158853,"in_iface":"ens5","event_type":"tls","src_ip":"1.1.1.1","src_port":23190,"dest_ip":"1.2.52.234","dest_port":10443,"proto":"TCP","pkt_src":"wire/pcap","tls":{"sni":"example.com","version":"TLS 1.3","ja3":{"hash":"123cd7cb9faa123487833865d516e123","string":"771,49195-49199-49196-49200-52393-52392-49161-49171-49162-49172-156-157-47-53-49170-10-4865-4866-4867,0-5-10-11-13-65281-18-43-51,29-23-24-25,0"},"ja3s":{"hash":"123d94daa7e1234597e712a1fb6e705123","string":"771,4865,51-43"}}}
{"timestamp":"2023-08-26T17:33:49.046992+0000","flow_id":1721668272505892,"in_iface":"ens5","event_type":"flow","src_ip":"1.1.4.1","src_port":53306,"dest_ip":"1.2.49.95","dest_port":10080,"proto":"TCP","app_proto":"http","flow":{"pkts_toserver":6,"pkts_toclient":5,"bytes_toserver":950,"bytes_toclient":591,"start":"2023-08-26T17:32:46.466393+0000","end":"2023-08-26T17:32:46.614816+0000","age":0,"state":"closed","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"1f","tcp_flags_ts":"1b","tcp_flags_tc":"1e","syn":true,"fin":true,"rst":true,"psh":true,"ack":true,"state":"closed","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-08-26T17:33:43.562008+0000","flow_id":2058211963720355,"in_iface":"ens5","event_type":"flow","src_ip":"1.1.1.1","src_port":28906,"dest_ip":"1.2.29.110","dest_port":10080,"proto":"TCP","app_proto":"http","flow":{"pkts_toserver":7,"pkts_toclient":5,"bytes_toserver":1018,"bytes_toclient":512,"start":"2023-08-26T17:32:39.020462+0000","end":"2023-08-26T17:32:39.234917+0000","age":0,"state":"closed","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"1b","tcp_flags_ts":"1b","tcp_flags_tc":"1b","syn":true,"fin":true,"psh":true,"ack":true,"state":"closed","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-08-26T17:33:41.162459+0000","flow_id":46260702529943,"in_iface":"ens5","event_type":"flow","src_ip":"2.1.1.1","src_port":17398,"dest_ip":"1.2.49.95","dest_port":10080,"proto":"TCP","app_proto":"http","flow":{"pkts_toserver":7,"pkts_toclient":5,"bytes_toserver":997,"bytes_toclient":577,"start":"2023-08-26T17:32:40.076306+0000","end":"2023-08-26T17:32:40.295193+0000","age":0,"state":"closed","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"1b","tcp_flags_ts":"1b","tcp_flags_tc":"1b","syn":true,"fin":true,"psh":true,"ack":true,"state":"closed","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-08-26T17:33:40.160957+0000","flow_id":1443516934909491,"in_iface":"ens5","event_type":"flow","src_ip":"1.1.9.8","src_port":22210,"dest_ip":"1.2.47.165","dest_port":10080,"proto":"TCP","app_proto":"http","flow":{"pkts_toserver":6,"pkts_toclient":5,"bytes_toserver":942,"bytes_toclient":587,"start":"2023-08-26T17:32:37.991454+0000","end":"2023-08-26T17:32:38.135147+0000","age":1,"state":"closed","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"1f","tcp_flags_ts":"1b","tcp_flags_tc":"1e","syn":true,"fin":true,"rst":true,"psh":true,"ack":true,"state":"closed","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-08-26T17:33:33.406756+0000","flow_id":2042577694521088,"in_iface":"ens5","event_type":"flow","src_ip":"1.9.9.2","src_port":18810,"dest_ip":"1.2.52.234","dest_port":10080,"proto":"TCP","app_proto":"http","flow":{"pkts_toserver":6,"pkts_toclient":5,"bytes_toserver":950,"bytes_toclient":512,"start":"2023-08-26T17:32:31.410038+0000","end":"2023-08-26T17:32:31.552090+0000","age":0,"state":"closed","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"1f","tcp_flags_ts":"1b","tcp_flags_tc":"1e","syn":true,"fin":true,"rst":true,"psh":true,"ack":true,"state":"closed","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-08-26T17:32:46.608260+0000","flow_id":1721668272505892,"in_iface":"ens5","event_type":"http","src_ip":"1.1.4.1","src_port":53306,"dest_ip":"1.2.49.95","dest_port":10080,"proto":"TCP","pkt_src":"wire/pcap","tx_id":0,"http":{"hostname":"example.com","url":"/webauth_operation.php/webauth_operation.php?PHPRC=/var/tmp/evilfileof.ini","http_user_agent":"Mozilla/5.0 (Windows NT 4.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36","http_method":"GET","protocol":"HTTP/1.1","status":200,"redirect":"https://example.com/webauth_operation.php/webauth_operation.php?PHPRC=/var/tmp/evilfileof.ini","length":0}}
{"timestamp":"2023-08-26T17:32:46.608260+0000","flow_id":1721668272505892,"in_iface":"ens5","event_type":"fileinfo","src_ip":"1.1.4.1","src_port":53306,"dest_ip":"1.2.49.95","dest_port":10080,"proto":"TCP","pkt_src":"wire/pcap","http":{"hostname":"example.com","url":"/webauth_operation.php/webauth_operation.php?PHPRC=/var/tmp/evilfileof.ini","http_user_agent":"Mozilla/5.0 (Windows NT 4.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36","http_method":"GET","protocol":"HTTP/1.1","status":200,"redirect":"https://example.com/webauth_operation.php/webauth_operation.php?PHPRC=/var/tmp/evilfileof.ini","length":0},"app_proto":"http","fileinfo":{"filename":"/webauth_operation.php/webauth_operation.php?PHPRC=/var/tmp/evilfileof.ini","gaps":false,"state":"CLOSED","stored":false,"size":236,"tx_id":0}}
{"timestamp":"2023-08-26T17:32:40.223111+0000","flow_id":46260702529943,"in_iface":"ens5","event_type":"http","src_ip":"2.1.1.1","src_port":17398,"dest_ip":"1.2.49.95","dest_port":10080,"proto":"TCP","pkt_src":"wire/pcap","tx_id":0,"http":{"hostname":"example.com","url":"/webauth_operation.php/webauth_operation.php?PHPRC=/var/tmp/evilfileof.ini","http_user_agent":"Mozilla/5.0 (Windows NT 1.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.93 Safari/537.36","http_method":"GET","protocol":"HTTP/1.1","status":200,"redirect":"https://example.com/webauth_operation.php/webauth_operation.php?PHPRC=/var/tmp/evilfileof.ini","length":0}}
{"timestamp":"2023-08-26T17:32:40.223111+0000","flow_id":46260702529943,"in_iface":"ens5","event_type":"fileinfo","src_ip":"2.1.1.1","src_port":17398,"dest_ip":"1.2.49.95","dest_port":10080,"proto":"TCP","pkt_src":"wire/pcap","http":{"hostname":"example.com","url":"/webauth_operation.php/webauth_operation.php?PHPRC=/var/tmp/evilfileof.ini","http_user_agent":"Mozilla/5.0 (Windows NT 1.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.93 Safari/537.36","http_method":"GET","protocol":"HTTP/1.1","status":200,"redirect":"https://example.com/webauth_operation.php/webauth_operation.php?PHPRC=/var/tmp/evilfileof.ini","length":0},"app_proto":"http","fileinfo":{"filename":"/webauth_operation.php/webauth_operation.php?PHPRC=/var/tmp/evilfileof.ini","gaps":false,"state":"CLOSED","stored":false,"size":236,"tx_id":0}}
{"timestamp":"2023-08-26T17:32:39.163677+0000","flow_id":2058211963720355,"in_iface":"ens5","event_type":"http","src_ip":"1.1.1.1","src_port":28906,"dest_ip":"1.2.29.110","dest_port":10080,"proto":"TCP","pkt_src":"wire/pcap","tx_id":0,"http":{"hostname":"example.com","url":"/webauth_operation.php/webauth_operation.php?PHPRC=/var/tmp/evilfileof.ini","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2762.73 Safari/537.36","http_method":"GET","protocol":"HTTP/1.1","status":200,"length":0}}
{"timestamp":"2023-08-26T17:32:39.163677+0000","flow_id":2058211963720355,"in_iface":"ens5","event_type":"fileinfo","src_ip":"1.1.1.1","src_port":28906,"dest_ip":"1.2.29.110","dest_port":10080,"proto":"TCP","pkt_src":"wire/pcap","http":{"hostname":"example.com","url":"/webauth_operation.php/webauth_operation.php?PHPRC=/var/tmp/evilfileof.ini","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2762.73 Safari/537.36","http_method":"GET","protocol":"HTTP/1.1","status":200,"length":0},"app_proto":"http","fileinfo":{"filename":"/webauth_operation.php/webauth_operation.php?PHPRC=/var/tmp/evilfileof.ini","gaps":false,"state":"CLOSED","stored":false,"size":236,"tx_id":0}}
{"timestamp":"2023-08-26T17:32:38.134975+0000","flow_id":1443516934909491,"in_iface":"ens5","event_type":"http","src_ip":"1.1.9.8","src_port":22210,"dest_ip":"1.2.47.165","dest_port":10080,"proto":"TCP","pkt_src":"wire/pcap","tx_id":0,"http":{"hostname":"example.com","url":"/webauth_operation.php/webauth_operation.php?PHPRC=/var/tmp/evilfileof.ini","http_user_agent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36","http_method":"GET","protocol":"HTTP/1.1","status":200,"redirect":"https://example.com/webauth_operation.php/webauth_operation.php?PHPRC=/var/tmp/evilfileof.ini","length":0}}
{"timestamp":"2023-08-26T17:32:38.134975+0000","flow_id":1443516934909491,"in_iface":"ens5","event_type":"fileinfo","src_ip":"1.1.9.8","src_port":22210,"dest_ip":"1.2.47.165","dest_port":10080,"proto":"TCP","pkt_src":"wire/pcap","http":{"hostname":"example.com","url":"/webauth_operation.php/webauth_operation.php?PHPRC=/var/tmp/evilfileof.ini","http_user_agent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36","http_method":"GET","protocol":"HTTP/1.1","status":200,"redirect":"https://example.com/webauth_operation.php/webauth_operation.php?PHPRC=/var/tmp/evilfileof.ini","length":0},"app_proto":"http","fileinfo":{"filename":"/webauth_operation.php/webauth_operation.php?PHPRC=/var/tmp/evilfileof.ini","gaps":false,"state":"CLOSED","stored":false,"size":236,"tx_id":0}}
{"timestamp":"2023-08-26T17:32:31.551970+0000","flow_id":2042577694521088,"in_iface":"ens5","event_type":"http","src_ip":"1.9.9.2","src_port":18810,"dest_ip":"1.2.52.234","dest_port":10080,"proto":"TCP","pkt_src":"wire/pcap","tx_id":0,"http":{"hostname":"example.com","url":"/webauth_operation.php/webauth_operation.php?PHPRC=/var/tmp/evilfileof.ini","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1944.0 Safari/537.36","http_method":"GET","protocol":"HTTP/1.1","status":200,"length":0}}
{"timestamp":"2023-08-26T17:32:31.551970+0000","flow_id":2042577694521088,"in_iface":"ens5","event_type":"fileinfo","src_ip":"1.9.9.2","src_port":18810,"dest_ip":"1.2.52.234","dest_port":10080,"proto":"TCP","pkt_src":"wire/pcap","http":{"hostname":"example.com","url":"/webauth_operation.php/webauth_operation.php?PHPRC=/var/tmp/evilfileof.ini","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1944.0 Safari/537.36","http_method":"GET","protocol":"HTTP/1.1","status":200,"length":0},"app_proto":"http","fileinfo":{"filename":"/webauth_operation.php/webauth_operation.php?PHPRC=/var/tmp/evilfileof.ini","gaps":false,"state":"CLOSED","stored":false,"size":236,"tx_id":0}}