{"timestamp":"2025-04-28T14:39:45.716160+0000","flow_id":693273184849472,"in_iface":"ens5","event_type":"fileinfo","src_ip":"1.1.9.113","src_port":80,"dest_ip":"1.1.67.66","dest_port":47658,"proto":"TCP","pkt_src":"wire/pcap","http":{"hostname":"ec2-5-7-2-1.compute-1.example.com","url":"/CTCWebService/CTCWebServiceBean","http_user_agent":"Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0","xff":"6.3.9.2","http_content_type":"text/html","http_method":"POST","protocol":"HTTP/1.1","status":200,"redirect":"https://ec2-5-7-2-1.compute-1.example.com/CTCWebService/CTCWebServiceBean","length":162},"app_proto":"http","fileinfo":{"filename":"/CTCWebService/CTCWebServiceBean","gaps":false,"state":"CLOSED","stored":false,"size":162,"tx_id":29}}
{"timestamp":"2025-04-28T14:39:44.565893+0000","flow_id":1614352653093004,"in_iface":"ens5","event_type":"http","src_ip":"1.1.67.66","src_port":50566,"dest_ip":"1.1.174.78","dest_port":80,"proto":"TCP","pkt_src":"wire/pcap","tx_id":365,"http":{"hostname":"ec2-5-7-2-1.compute-1.example.com","url":"/CTCWebService/CTCWebServiceBean","xff":"6.3.9.2","http_content_type":"text/html","http_method":"HEAD","protocol":"HTTP/1.1","status":200,"redirect":"https://ec2-5-7-2-1.compute-1.example.com/CTCWebService/CTCWebServiceBean","length":0}}
{"timestamp":"2025-04-28T14:39:44.565648+0000","flow_id":1614352653093004,"in_iface":"ens5","event_type":"fileinfo","src_ip":"1.1.174.78","src_port":80,"dest_ip":"1.1.67.66","dest_port":50566,"proto":"TCP","pkt_src":"wire/pcap","http":{"hostname":"ec2-5-7-2-1.compute-1.example.com","url":"/CTCWebService/CTCWebServiceBean","xff":"6.3.9.2","http_content_type":"text/html","http_method":"GET","protocol":"HTTP/1.1","status":200,"redirect":"https://ec2-5-7-2-1.compute-1.example.com/CTCWebService/CTCWebServiceBean","length":162},"app_proto":"http","fileinfo":{"filename":"/CTCWebService/CTCWebServiceBean","gaps":false,"state":"CLOSED","stored":false,"size":162,"tx_id":364}}
{"timestamp":"2025-04-28T14:39:44.504573+0000","flow_id":693273184849472,"in_iface":"ens5","event_type":"http","src_ip":"1.1.67.66","src_port":47658,"dest_ip":"1.1.9.113","dest_port":80,"proto":"TCP","pkt_src":"wire/pcap","tx_id":29,"http":{"hostname":"ec2-5-7-2-1.compute-1.example.com","url":"/CTCWebService/CTCWebServiceBean","http_user_agent":"Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0","xff":"6.3.9.2","http_content_type":"text/html","http_method":"POST","protocol":"HTTP/1.1","status":200,"redirect":"https://ec2-5-7-2-1.compute-1.example.com/CTCWebService/CTCWebServiceBean","length":162}}
{"timestamp":"2025-04-28T14:39:44.504573+0000","flow_id":693273184849472,"in_iface":"ens5","event_type":"fileinfo","src_ip":"1.1.67.66","src_port":47658,"dest_ip":"1.1.9.113","dest_port":80,"proto":"TCP","pkt_src":"wire/pcap","http":{"hostname":"ec2-5-7-2-1.compute-1.example.com","url":"/CTCWebService/CTCWebServiceBean","http_user_agent":"Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0","xff":"6.3.9.2","http_content_type":"text/html","http_method":"POST","protocol":"HTTP/1.1","status":200,"redirect":"https://ec2-5-7-2-1.compute-1.example.com/CTCWebService/CTCWebServiceBean","length":162},"app_proto":"http","fileinfo":{"filename":"/CTCWebService/CTCWebServiceBean","gaps":false,"state":"CLOSED","stored":false,"size":226,"tx_id":29}}
{"timestamp":"2025-04-28T14:39:44.473251+0000","flow_id":1614352653093004,"in_iface":"ens5","event_type":"http","src_ip":"1.1.67.66","src_port":50566,"dest_ip":"1.1.174.78","dest_port":80,"proto":"TCP","pkt_src":"wire/pcap","tx_id":364,"http":{"hostname":"ec2-5-7-2-1.compute-1.example.com","url":"/CTCWebService/CTCWebServiceBean","xff":"6.3.9.2","http_content_type":"text/html","http_method":"GET","protocol":"HTTP/1.1","status":200,"redirect":"https://ec2-5-7-2-1.compute-1.example.com/CTCWebService/CTCWebServiceBean","length":162}}
{"timestamp":"2025-04-28T08:34:16.823608+0000","flow_id":689634081262443,"in_iface":"ens5","event_type":"http","src_ip":"1.1.5.152","src_port":62696,"dest_ip":"1.1.144.226","dest_port":80,"proto":"TCP","pkt_src":"wire/pcap","tx_id":67,"http":{"hostname":"ec2-1-5-2-1.ap-southeast-2.compute.example.com","url":"/CTCWebService/CTCWebServiceBean","xff":"6.3.1.1","http_content_type":"text/html","http_method":"HEAD","protocol":"HTTP/1.1","status":200,"redirect":"https://ec2-1-5-2-1.ap-southeast-2.compute.example.com/CTCWebService/CTCWebServiceBean","length":0}}
{"timestamp":"2025-04-28T08:34:16.595628+0000","flow_id":79363753032413,"in_iface":"ens5","event_type":"fileinfo","src_ip":"1.1.56.211","src_port":80,"dest_ip":"1.1.5.152","dest_port":29266,"proto":"TCP","pkt_src":"wire/pcap","http":{"hostname":"ec2-1-5-2-1.ap-southeast-2.compute.example.com","url":"/CTCWebService/CTCWebServiceBean","http_user_agent":"Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0","xff":"6.3.1.1","http_content_type":"text/html","http_method":"POST","protocol":"HTTP/1.1","status":200,"redirect":"https://ec2-1-5-2-1.ap-southeast-2.compute.example.com/CTCWebService/CTCWebServiceBean","length":162},"app_proto":"http","fileinfo":{"filename":"/CTCWebService/CTCWebServiceBean","gaps":false,"state":"CLOSED","stored":false,"size":162,"tx_id":110}}
{"timestamp":"2025-04-28T08:34:16.288277+0000","flow_id":923197425393690,"in_iface":"ens5","event_type":"fileinfo","src_ip":"1.1.151.188","src_port":80,"dest_ip":"1.1.5.152","dest_port":9036,"proto":"TCP","pkt_src":"wire/pcap","http":{"hostname":"ec2-1-5-2-1.ap-southeast-2.compute.example.com","url":"/CTCWebService/CTCWebServiceBean","xff":"6.3.1.1","http_content_type":"text/html","http_method":"GET","protocol":"HTTP/1.1","status":200,"redirect":"https://ec2-1-5-2-1.ap-southeast-2.compute.example.com/CTCWebService/CTCWebServiceBean","length":162},"app_proto":"http","fileinfo":{"filename":"/CTCWebService/CTCWebServiceBean","gaps":false,"state":"CLOSED","stored":false,"size":162,"tx_id":210}}
{"timestamp":"2025-04-28T08:34:16.213653+0000","flow_id":79363753032413,"in_iface":"ens5","event_type":"http","src_ip":"1.1.5.152","src_port":29266,"dest_ip":"1.1.56.211","dest_port":80,"proto":"TCP","pkt_src":"wire/pcap","tx_id":110,"http":{"hostname":"ec2-1-5-2-1.ap-southeast-2.compute.example.com","url":"/CTCWebService/CTCWebServiceBean","http_user_agent":"Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0","xff":"6.3.1.1","http_content_type":"text/html","http_method":"POST","protocol":"HTTP/1.1","status":200,"redirect":"https://ec2-1-5-2-1.ap-southeast-2.compute.example.com/CTCWebService/CTCWebServiceBean","length":162}}
{"timestamp":"2025-04-28T08:34:16.213653+0000","flow_id":79363753032413,"in_iface":"ens5","event_type":"fileinfo","src_ip":"1.1.5.152","src_port":29266,"dest_ip":"1.1.56.211","dest_port":80,"proto":"TCP","pkt_src":"wire/pcap","http":{"hostname":"ec2-1-5-2-1.ap-southeast-2.compute.example.com","url":"/CTCWebService/CTCWebServiceBean","http_user_agent":"Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0","xff":"6.3.1.1","http_content_type":"text/html","http_method":"POST","protocol":"HTTP/1.1","status":200,"redirect":"https://ec2-1-5-2-1.ap-southeast-2.compute.example.com/CTCWebService/CTCWebServiceBean","length":162},"app_proto":"http","fileinfo":{"filename":"/CTCWebService/CTCWebServiceBean","gaps":false,"state":"CLOSED","stored":false,"size":226,"tx_id":110}}
{"timestamp":"2025-04-28T08:34:15.909748+0000","flow_id":923197425393690,"in_iface":"ens5","event_type":"http","src_ip":"1.1.5.152","src_port":9036,"dest_ip":"1.1.151.188","dest_port":80,"proto":"TCP","pkt_src":"wire/pcap","tx_id":210,"http":{"hostname":"ec2-1-5-2-1.ap-southeast-2.compute.example.com","url":"/CTCWebService/CTCWebServiceBean","xff":"6.3.1.1","http_content_type":"text/html","http_method":"GET","protocol":"HTTP/1.1","status":200,"redirect":"https://ec2-1-5-2-1.ap-southeast-2.compute.example.com/CTCWebService/CTCWebServiceBean","length":162}}
{"timestamp":"2025-04-28T06:03:44.097903+0000","flow_id":802646050947087,"in_iface":"ens5","event_type":"fileinfo","src_ip":"1.1.116.81","src_port":80,"dest_ip":"1.1.130.228","dest_port":34924,"proto":"TCP","pkt_src":"wire/pcap","http":{"hostname":"ec2-3-2-1-7.compute-1.example.com","url":"/CTCWebService/CTCWebServiceBean","http_user_agent":"Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0","xff":"1.7.1.2","http_content_type":"text/html","http_method":"POST","protocol":"HTTP/1.1","status":200,"redirect":"https://ec2-3-2-1-7.compute-1.example.com/CTCWebService/CTCWebServiceBean","length":162},"app_proto":"http","fileinfo":{"filename":"/CTCWebService/CTCWebServiceBean","gaps":false,"state":"CLOSED","stored":false,"size":162,"tx_id":363}}
{"timestamp":"2025-04-28T06:03:43.825385+0000","flow_id":1072311111996059,"in_iface":"ens5","event_type":"http","src_ip":"1.1.130.228","src_port":47158,"dest_ip":"1.1.184.226","dest_port":80,"proto":"TCP","pkt_src":"wire/pcap","metadata":{"flowbits":["ET.cve.2021.34473","ET.CVE20206287.1"]},"tx_id":363,"http":{"hostname":"ec2-3-2-1-7.compute-1.example.com","url":"/CTCWebService/CTCWebServiceBean","xff":"1.7.1.2","http_content_type":"text/html","http_method":"HEAD","protocol":"HTTP/1.1","status":200,"redirect":"https://ec2-3-2-1-7.compute-1.example.com/CTCWebService/CTCWebServiceBean","length":0}}
{"timestamp":"2025-04-28T06:03:43.825258+0000","flow_id":1072311111996059,"in_iface":"ens5","event_type":"fileinfo","src_ip":"1.1.184.226","src_port":80,"dest_ip":"1.1.130.228","dest_port":47158,"proto":"TCP","pkt_src":"wire/pcap","metadata":{"flowbits":["ET.cve.2021.34473","ET.CVE20206287.1"]},"http":{"hostname":"ec2-3-2-1-7.compute-1.example.com","url":"/CTCWebService/CTCWebServiceBean","xff":"1.7.1.2","http_content_type":"text/html","http_method":"GET","protocol":"HTTP/1.1","status":200,"redirect":"https://ec2-3-2-1-7.compute-1.example.com/CTCWebService/CTCWebServiceBean","length":162},"app_proto":"http","fileinfo":{"filename":"/CTCWebService/CTCWebServiceBean","gaps":false,"state":"CLOSED","stored":false,"size":162,"tx_id":362}}
{"timestamp":"2025-04-28T06:03:43.692824+0000","flow_id":802646050947087,"in_iface":"ens5","event_type":"http","src_ip":"1.1.130.228","src_port":34924,"dest_ip":"1.1.116.81","dest_port":80,"proto":"TCP","pkt_src":"wire/pcap","tx_id":363,"http":{"hostname":"ec2-3-2-1-7.compute-1.example.com","url":"/CTCWebService/CTCWebServiceBean","http_user_agent":"Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0","xff":"1.7.1.2","http_content_type":"text/html","http_method":"POST","protocol":"HTTP/1.1","status":200,"redirect":"https://ec2-3-2-1-7.compute-1.example.com/CTCWebService/CTCWebServiceBean","length":162}}
{"timestamp":"2025-04-28T06:03:43.692824+0000","flow_id":802646050947087,"in_iface":"ens5","event_type":"fileinfo","src_ip":"1.1.130.228","src_port":34924,"dest_ip":"1.1.116.81","dest_port":80,"proto":"TCP","pkt_src":"wire/pcap","http":{"hostname":"ec2-3-2-1-7.compute-1.example.com","url":"/CTCWebService/CTCWebServiceBean","http_user_agent":"Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0","xff":"1.7.1.2","http_content_type":"text/html","http_method":"POST","protocol":"HTTP/1.1","status":200,"redirect":"https://ec2-3-2-1-7.compute-1.example.com/CTCWebService/CTCWebServiceBean","length":162},"app_proto":"http","fileinfo":{"filename":"/CTCWebService/CTCWebServiceBean","gaps":false,"state":"CLOSED","stored":false,"size":226,"tx_id":363}}
{"timestamp":"2025-04-28T06:03:43.625614+0000","flow_id":1072311111996059,"in_iface":"ens5","event_type":"http","src_ip":"1.1.130.228","src_port":47158,"dest_ip":"1.1.184.226","dest_port":80,"proto":"TCP","pkt_src":"wire/pcap","metadata":{"flowbits":["ET.cve.2021.34473","ET.CVE20206287.1"]},"tx_id":362,"http":{"hostname":"ec2-3-2-1-7.compute-1.example.com","url":"/CTCWebService/CTCWebServiceBean","xff":"1.7.1.2","http_content_type":"text/html","http_method":"GET","protocol":"HTTP/1.1","status":200,"redirect":"https://ec2-3-2-1-7.compute-1.example.com/CTCWebService/CTCWebServiceBean","length":162}}
{"timestamp":"2025-04-28T06:03:43.625614+0000","flow_id":1072311111996059,"in_iface":"ens5","event_type":"alert","src_ip":"1.1.130.228","src_port":47158,"dest_ip":"1.1.184.226","dest_port":80,"proto":"TCP","pkt_src":"wire/pcap","metadata":{"flowbits":["ET.cve.2021.34473","ET.CVE20206287.1"]},"tx_id":362,"alert":{"action":"allowed","gid":1,"signature_id":2030576,"rev":2,"signature":"ET EXPLOIT Possible SAP NetWeaver CVE-2020-6287 Probe","category":"Attempted Information Leak","severity":2,"metadata":{"confidence":["Medium"],"created_at":["2020_07_22"],"cve":["CVE_2020_6287"],"deployment":["SSLDecrypt"],"signature_severity":["Major"],"tag":["CISA_KEV"],"updated_at":["2020_07_22"]}},"http":{"hostname":"ec2-3-2-1-7.compute-1.example.com","url":"/CTCWebService/CTCWebServiceBean","xff":"1.7.1.2","http_content_type":"text/html","http_method":"GET","protocol":"HTTP/1.1","status":200,"redirect":"https://ec2-3-2-1-7.compute-1.example.com/CTCWebService/CTCWebServiceBean","length":162},"app_proto":"http","direction":"to_server","flow":{"pkts_toserver":727,"pkts_toclient":365,"bytes_toserver":124603,"bytes_toclient":169661,"start":"2025-04-28T06:02:51.708418+0000","src_ip":"1.1.130.228","dest_ip":"1.1.184.226","src_port":47158,"dest_port":80}}
{"timestamp":"2025-04-28T04:24:51.104014+0000","flow_id":704478630665073,"in_iface":"ens5","event_type":"http","src_ip":"1.8.1.146","src_port":57090,"dest_ip":"1.1.105.25","dest_port":80,"proto":"TCP","pkt_src":"wire/pcap","tx_id":7,"http":{"hostname":"ec2-1-2-2-2.compute-1.example.com","url":"/CTCWebService/CTCWebServiceBean","http_content_type":"text/html","http_method":"HEAD","protocol":"HTTP/1.1","status":200,"redirect":"https://ec2-1-2-2-2.compute-1.example.com/CTCWebService/CTCWebServiceBean","length":0}}
{"timestamp":"2025-04-28T04:24:50.942706+0000","flow_id":704478630665073,"in_iface":"ens5","event_type":"fileinfo","src_ip":"1.1.105.25","src_port":80,"dest_ip":"1.8.1.146","dest_port":57090,"proto":"TCP","pkt_src":"wire/pcap","http":{"hostname":"ec2-1-2-2-2.compute-1.example.com","url":"/CTCWebService/CTCWebServiceBean","http_user_agent":"Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0","http_content_type":"text/html","http_method":"POST","protocol":"HTTP/1.1","status":200,"redirect":"https://ec2-1-2-2-2.compute-1.example.com/CTCWebService/CTCWebServiceBean","length":162},"app_proto":"http","fileinfo":{"filename":"/CTCWebService/CTCWebServiceBean","gaps":false,"state":"CLOSED","stored":false,"size":162,"tx_id":5}}
{"timestamp":"2025-04-28T04:24:50.942594+0000","flow_id":704478630665073,"in_iface":"ens5","event_type":"http","src_ip":"1.8.1.146","src_port":57090,"dest_ip":"1.1.105.25","dest_port":80,"proto":"TCP","pkt_src":"wire/pcap","tx_id":5,"http":{"hostname":"ec2-1-2-2-2.compute-1.example.com","url":"/CTCWebService/CTCWebServiceBean","http_user_agent":"Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0","http_content_type":"text/html","http_method":"POST","protocol":"HTTP/1.1","status":200,"redirect":"https://ec2-1-2-2-2.compute-1.example.com/CTCWebService/CTCWebServiceBean","length":162}}
{"timestamp":"2025-04-28T04:24:50.942594+0000","flow_id":704478630665073,"in_iface":"ens5","event_type":"fileinfo","src_ip":"1.8.1.146","src_port":57090,"dest_ip":"1.1.105.25","dest_port":80,"proto":"TCP","pkt_src":"wire/pcap","http":{"hostname":"ec2-1-2-2-2.compute-1.example.com","url":"/CTCWebService/CTCWebServiceBean","http_user_agent":"Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0","http_content_type":"text/html","http_method":"POST","protocol":"HTTP/1.1","status":200,"redirect":"https://ec2-1-2-2-2.compute-1.example.com/CTCWebService/CTCWebServiceBean","length":162},"app_proto":"http","fileinfo":{"filename":"/CTCWebService/CTCWebServiceBean","gaps":false,"state":"CLOSED","stored":false,"size":226,"tx_id":5}}
{"timestamp":"2025-04-28T04:24:50.876869+0000","flow_id":704478630665073,"in_iface":"ens5","event_type":"fileinfo","src_ip":"1.1.105.25","src_port":80,"dest_ip":"1.8.1.146","dest_port":57090,"proto":"TCP","pkt_src":"wire/pcap","http":{"hostname":"ec2-1-2-2-2.compute-1.example.com","url":"/CTCWebService/CTCWebServiceBean","http_content_type":"text/html","http_method":"GET","protocol":"HTTP/1.1","status":200,"redirect":"https://ec2-1-2-2-2.compute-1.example.com/CTCWebService/CTCWebServiceBean","length":162},"app_proto":"http","fileinfo":{"filename":"/CTCWebService/CTCWebServiceBean","gaps":false,"state":"CLOSED","stored":false,"size":162,"tx_id":4}}
{"timestamp":"2025-04-28T04:24:50.876763+0000","flow_id":704478630665073,"in_iface":"ens5","event_type":"http","src_ip":"1.8.1.146","src_port":57090,"dest_ip":"1.1.105.25","dest_port":80,"proto":"TCP","pkt_src":"wire/pcap","tx_id":4,"http":{"hostname":"ec2-1-2-2-2.compute-1.example.com","url":"/CTCWebService/CTCWebServiceBean","http_content_type":"text/html","http_method":"GET","protocol":"HTTP/1.1","status":200,"redirect":"https://ec2-1-2-2-2.compute-1.example.com/CTCWebService/CTCWebServiceBean","length":162}}
{"timestamp":"2025-04-28T04:10:38.674482+0000","flow_id":1448326922995083,"in_iface":"ens5","event_type":"http","src_ip":"1.8.1.125","src_port":36312,"dest_ip":"1.1.39.158","dest_port":80,"proto":"TCP","pkt_src":"wire/pcap","tx_id":8,"http":{"hostname":"example.com","url":"/CTCWebService/CTCWebServiceBean","http_content_type":"text/html","http_method":"HEAD","protocol":"HTTP/1.1","status":200,"redirect":"https://example.com/CTCWebService/CTCWebServiceBean","length":0}}
{"timestamp":"2025-04-28T04:10:38.513523+0000","flow_id":1448326922995083,"in_iface":"ens5","event_type":"fileinfo","src_ip":"1.1.39.158","src_port":80,"dest_ip":"1.8.1.125","dest_port":36312,"proto":"TCP","pkt_src":"wire/pcap","http":{"hostname":"example.com","url":"/CTCWebService/CTCWebServiceBean","http_user_agent":"Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0","http_content_type":"text/html","http_method":"POST","protocol":"HTTP/1.1","status":200,"redirect":"https://example.com/CTCWebService/CTCWebServiceBean","length":162},"app_proto":"http","fileinfo":{"filename":"/CTCWebService/CTCWebServiceBean","gaps":false,"state":"CLOSED","stored":false,"size":162,"tx_id":6}}
{"timestamp":"2025-04-28T04:10:38.513474+0000","flow_id":1448326922995083,"in_iface":"ens5","event_type":"http","src_ip":"1.8.1.125","src_port":36312,"dest_ip":"1.1.39.158","dest_port":80,"proto":"TCP","pkt_src":"wire/pcap","tx_id":6,"http":{"hostname":"example.com","url":"/CTCWebService/CTCWebServiceBean","http_user_agent":"Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0","http_content_type":"text/html","http_method":"POST","protocol":"HTTP/1.1","status":200,"redirect":"https://example.com/CTCWebService/CTCWebServiceBean","length":162}}
{"timestamp":"2025-04-28T04:10:38.513474+0000","flow_id":1448326922995083,"in_iface":"ens5","event_type":"fileinfo","src_ip":"1.8.1.125","src_port":36312,"dest_ip":"1.1.39.158","dest_port":80,"proto":"TCP","pkt_src":"wire/pcap","http":{"hostname":"example.com","url":"/CTCWebService/CTCWebServiceBean","http_user_agent":"Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0","http_content_type":"text/html","http_method":"POST","protocol":"HTTP/1.1","status":200,"redirect":"https://example.com/CTCWebService/CTCWebServiceBean","length":162},"app_proto":"http","fileinfo":{"filename":"/CTCWebService/CTCWebServiceBean","gaps":false,"state":"CLOSED","stored":false,"size":226,"tx_id":6}}
{"timestamp":"2025-04-28T04:10:38.447707+0000","flow_id":1448326922995083,"in_iface":"ens5","event_type":"fileinfo","src_ip":"1.1.39.158","src_port":80,"dest_ip":"1.8.1.125","dest_port":36312,"proto":"TCP","pkt_src":"wire/pcap","http":{"hostname":"example.com","url":"/CTCWebService/CTCWebServiceBean","http_content_type":"text/html","http_method":"GET","protocol":"HTTP/1.1","status":200,"redirect":"https://example.com/CTCWebService/CTCWebServiceBean","length":162},"app_proto":"http","fileinfo":{"filename":"/CTCWebService/CTCWebServiceBean","gaps":false,"state":"CLOSED","stored":false,"size":162,"tx_id":5}}
{"timestamp":"2025-04-28T04:10:38.447643+0000","flow_id":1448326922995083,"in_iface":"ens5","event_type":"http","src_ip":"1.8.1.125","src_port":36312,"dest_ip":"1.1.39.158","dest_port":80,"proto":"TCP","pkt_src":"wire/pcap","tx_id":5,"http":{"hostname":"example.com","url":"/CTCWebService/CTCWebServiceBean","http_content_type":"text/html","http_method":"GET","protocol":"HTTP/1.1","status":200,"redirect":"https://example.com/CTCWebService/CTCWebServiceBean","length":162}}
{"timestamp":"2025-04-28T01:09:09.676390+0000","flow_id":1134989474095628,"in_iface":"ens5","event_type":"http","src_ip":"6.3.1.84","src_port":59090,"dest_ip":"1.1.19.69","dest_port":80,"proto":"TCP","pkt_src":"wire/pcap","tx_id":7,"http":{"hostname":"ec2-4-2-3-1.compute-1.example.com","url":"/CTCWebService/CTCWebServiceBean","http_content_type":"text/html","http_method":"HEAD","protocol":"HTTP/1.1","status":200,"redirect":"https://ec2-4-2-3-1.compute-1.example.com/CTCWebService/CTCWebServiceBean","length":0}}
{"timestamp":"2025-04-28T01:09:09.425035+0000","flow_id":1134989474095628,"in_iface":"ens5","event_type":"fileinfo","src_ip":"1.1.19.69","src_port":80,"dest_ip":"6.3.1.84","dest_port":59090,"proto":"TCP","pkt_src":"wire/pcap","http":{"hostname":"ec2-4-2-3-1.compute-1.example.com","url":"/CTCWebService/CTCWebServiceBean","http_user_agent":"Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0","http_content_type":"text/html","http_method":"POST","protocol":"HTTP/1.1","status":200,"redirect":"https://ec2-4-2-3-1.compute-1.example.com/CTCWebService/CTCWebServiceBean","length":162},"app_proto":"http","fileinfo":{"filename":"/CTCWebService/CTCWebServiceBean","gaps":false,"state":"CLOSED","stored":false,"size":162,"tx_id":5}}
{"timestamp":"2025-04-28T01:09:09.424936+0000","flow_id":1134989474095628,"in_iface":"ens5","event_type":"http","src_ip":"6.3.1.84","src_port":59090,"dest_ip":"1.1.19.69","dest_port":80,"proto":"TCP","pkt_src":"wire/pcap","tx_id":5,"http":{"hostname":"ec2-4-2-3-1.compute-1.example.com","url":"/CTCWebService/CTCWebServiceBean","http_user_agent":"Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0","http_content_type":"text/html","http_method":"POST","protocol":"HTTP/1.1","status":200,"redirect":"https://ec2-4-2-3-1.compute-1.example.com/CTCWebService/CTCWebServiceBean","length":162}}
{"timestamp":"2025-04-28T01:09:09.424936+0000","flow_id":1134989474095628,"in_iface":"ens5","event_type":"fileinfo","src_ip":"6.3.1.84","src_port":59090,"dest_ip":"1.1.19.69","dest_port":80,"proto":"TCP","pkt_src":"wire/pcap","http":{"hostname":"ec2-4-2-3-1.compute-1.example.com","url":"/CTCWebService/CTCWebServiceBean","http_user_agent":"Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0","http_content_type":"text/html","http_method":"POST","protocol":"HTTP/1.1","status":200,"redirect":"https://ec2-4-2-3-1.compute-1.example.com/CTCWebService/CTCWebServiceBean","length":162},"app_proto":"http","fileinfo":{"filename":"/CTCWebService/CTCWebServiceBean","gaps":false,"state":"CLOSED","stored":false,"size":226,"tx_id":5}}
{"timestamp":"2025-04-28T01:09:09.314027+0000","flow_id":1134989474095628,"in_iface":"ens5","event_type":"fileinfo","src_ip":"1.1.19.69","src_port":80,"dest_ip":"6.3.1.84","dest_port":59090,"proto":"TCP","pkt_src":"wire/pcap","http":{"hostname":"ec2-4-2-3-1.compute-1.example.com","url":"/CTCWebService/CTCWebServiceBean","http_content_type":"text/html","http_method":"GET","protocol":"HTTP/1.1","status":200,"redirect":"https://ec2-4-2-3-1.compute-1.example.com/CTCWebService/CTCWebServiceBean","length":162},"app_proto":"http","fileinfo":{"filename":"/CTCWebService/CTCWebServiceBean","gaps":false,"state":"CLOSED","stored":false,"size":162,"tx_id":4}}
{"timestamp":"2025-04-28T01:09:09.313919+0000","flow_id":1134989474095628,"in_iface":"ens5","event_type":"http","src_ip":"6.3.1.84","src_port":59090,"dest_ip":"1.1.19.69","dest_port":80,"proto":"TCP","pkt_src":"wire/pcap","tx_id":4,"http":{"hostname":"ec2-4-2-3-1.compute-1.example.com","url":"/CTCWebService/CTCWebServiceBean","http_content_type":"text/html","http_method":"GET","protocol":"HTTP/1.1","status":200,"redirect":"https://ec2-4-2-3-1.compute-1.example.com/CTCWebService/CTCWebServiceBean","length":162}}
{"timestamp":"2025-04-27T23:31:28.400817+0000","flow_id":1980770482783156,"in_iface":"ens5","event_type":"http","src_ip":"1.8.1.15","src_port":33241,"dest_ip":"1.1.27.12","dest_port":80,"proto":"TCP","pkt_src":"wire/pcap","tx_id":4,"http":{"hostname":"ec2-5-2-2-8.compute-1.example.com","url":"/CTCWebService/CTCWebServiceBean","http_content_type":"text/html","http_method":"HEAD","protocol":"HTTP/1.1","status":200,"redirect":"https://ec2-5-2-2-8.compute-1.example.com/CTCWebService/CTCWebServiceBean","length":0}}
{"timestamp":"2025-04-27T23:31:28.240938+0000","flow_id":1980770482783156,"in_iface":"ens5","event_type":"fileinfo","src_ip":"1.1.27.12","src_port":80,"dest_ip":"1.8.1.15","dest_port":33241,"proto":"TCP","pkt_src":"wire/pcap","http":{"hostname":"ec2-5-2-2-8.compute-1.example.com","url":"/CTCWebService/CTCWebServiceBean","http_user_agent":"Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0","http_content_type":"text/html","http_method":"POST","protocol":"HTTP/1.1","status":200,"redirect":"https://ec2-5-2-2-8.compute-1.example.com/CTCWebService/CTCWebServiceBean","length":162},"app_proto":"http","fileinfo":{"filename":"/CTCWebService/CTCWebServiceBean","gaps":false,"state":"CLOSED","stored":false,"size":162,"tx_id":2}}
{"timestamp":"2025-04-27T23:31:28.240876+0000","flow_id":1980770482783156,"in_iface":"ens5","event_type":"http","src_ip":"1.8.1.15","src_port":33241,"dest_ip":"1.1.27.12","dest_port":80,"proto":"TCP","pkt_src":"wire/pcap","tx_id":2,"http":{"hostname":"ec2-5-2-2-8.compute-1.example.com","url":"/CTCWebService/CTCWebServiceBean","http_user_agent":"Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0","http_content_type":"text/html","http_method":"POST","protocol":"HTTP/1.1","status":200,"redirect":"https://ec2-5-2-2-8.compute-1.example.com/CTCWebService/CTCWebServiceBean","length":162}}
{"timestamp":"2025-04-27T23:31:28.240876+0000","flow_id":1980770482783156,"in_iface":"ens5","event_type":"fileinfo","src_ip":"1.8.1.15","src_port":33241,"dest_ip":"1.1.27.12","dest_port":80,"proto":"TCP","pkt_src":"wire/pcap","http":{"hostname":"ec2-5-2-2-8.compute-1.example.com","url":"/CTCWebService/CTCWebServiceBean","http_user_agent":"Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0","http_content_type":"text/html","http_method":"POST","protocol":"HTTP/1.1","status":200,"redirect":"https://ec2-5-2-2-8.compute-1.example.com/CTCWebService/CTCWebServiceBean","length":162},"app_proto":"http","fileinfo":{"filename":"/CTCWebService/CTCWebServiceBean","gaps":false,"state":"CLOSED","stored":false,"size":226,"tx_id":2}}
{"timestamp":"2025-04-27T23:31:28.175599+0000","flow_id":1980770482783156,"in_iface":"ens5","event_type":"fileinfo","src_ip":"1.1.27.12","src_port":80,"dest_ip":"1.8.1.15","dest_port":33241,"proto":"TCP","pkt_src":"wire/pcap","http":{"hostname":"ec2-5-2-2-8.compute-1.example.com","url":"/CTCWebService/CTCWebServiceBean","http_content_type":"text/html","http_method":"GET","protocol":"HTTP/1.1","status":200,"redirect":"https://ec2-5-2-2-8.compute-1.example.com/CTCWebService/CTCWebServiceBean","length":162},"app_proto":"http","fileinfo":{"filename":"/CTCWebService/CTCWebServiceBean","gaps":false,"state":"CLOSED","stored":false,"size":162,"tx_id":1}}
{"timestamp":"2025-04-27T23:31:28.175542+0000","flow_id":1980770482783156,"in_iface":"ens5","event_type":"http","src_ip":"1.8.1.15","src_port":33241,"dest_ip":"1.1.27.12","dest_port":80,"proto":"TCP","pkt_src":"wire/pcap","tx_id":1,"http":{"hostname":"ec2-5-2-2-8.compute-1.example.com","url":"/CTCWebService/CTCWebServiceBean","http_content_type":"text/html","http_method":"GET","protocol":"HTTP/1.1","status":200,"redirect":"https://ec2-5-2-2-8.compute-1.example.com/CTCWebService/CTCWebServiceBean","length":162}}
{"timestamp":"2025-04-27T16:45:52.950876+0000","flow_id":41044877598316,"in_iface":"ens5","event_type":"http","src_ip":"1.8.1.113","src_port":54782,"dest_ip":"1.1.114.86","dest_port":80,"proto":"TCP","pkt_src":"wire/pcap","tx_id":4,"http":{"hostname":"ec2-1-2-1-1.compute-1.example.com","url":"/CTCWebService/CTCWebServiceBean","http_content_type":"text/html","http_method":"HEAD","protocol":"HTTP/1.1","status":200,"redirect":"https://ec2-1-2-1-1.compute-1.example.com/CTCWebService/CTCWebServiceBean","length":0}}
{"timestamp":"2025-04-27T16:45:52.789915+0000","flow_id":41044877598316,"in_iface":"ens5","event_type":"fileinfo","src_ip":"1.1.114.86","src_port":80,"dest_ip":"1.8.1.113","dest_port":54782,"proto":"TCP","pkt_src":"wire/pcap","http":{"hostname":"ec2-1-2-1-1.compute-1.example.com","url":"/CTCWebService/CTCWebServiceBean","http_user_agent":"Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0","http_content_type":"text/html","http_method":"POST","protocol":"HTTP/1.1","status":200,"redirect":"https://ec2-1-2-1-1.compute-1.example.com/CTCWebService/CTCWebServiceBean","length":162},"app_proto":"http","fileinfo":{"filename":"/CTCWebService/CTCWebServiceBean","gaps":false,"state":"CLOSED","stored":false,"size":162,"tx_id":2}}
{"timestamp":"2025-04-27T16:45:52.789825+0000","flow_id":41044877598316,"in_iface":"ens5","event_type":"http","src_ip":"1.8.1.113","src_port":54782,"dest_ip":"1.1.114.86","dest_port":80,"proto":"TCP","pkt_src":"wire/pcap","tx_id":2,"http":{"hostname":"ec2-1-2-1-1.compute-1.example.com","url":"/CTCWebService/CTCWebServiceBean","http_user_agent":"Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0","http_content_type":"text/html","http_method":"POST","protocol":"HTTP/1.1","status":200,"redirect":"https://ec2-1-2-1-1.compute-1.example.com/CTCWebService/CTCWebServiceBean","length":162}}
{"timestamp":"2025-04-27T16:45:52.789825+0000","flow_id":41044877598316,"in_iface":"ens5","event_type":"fileinfo","src_ip":"1.8.1.113","src_port":54782,"dest_ip":"1.1.114.86","dest_port":80,"proto":"TCP","pkt_src":"wire/pcap","http":{"hostname":"ec2-1-2-1-1.compute-1.example.com","url":"/CTCWebService/CTCWebServiceBean","http_user_agent":"Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0","http_content_type":"text/html","http_method":"POST","protocol":"HTTP/1.1","status":200,"redirect":"https://ec2-1-2-1-1.compute-1.example.com/CTCWebService/CTCWebServiceBean","length":162},"app_proto":"http","fileinfo":{"filename":"/CTCWebService/CTCWebServiceBean","gaps":false,"state":"CLOSED","stored":false,"size":226,"tx_id":2}}
{"timestamp":"2025-04-27T16:45:52.724308+0000","flow_id":41044877598316,"in_iface":"ens5","event_type":"fileinfo","src_ip":"1.1.114.86","src_port":80,"dest_ip":"1.8.1.113","dest_port":54782,"proto":"TCP","pkt_src":"wire/pcap","http":{"hostname":"ec2-1-2-1-1.compute-1.example.com","url":"/CTCWebService/CTCWebServiceBean","http_content_type":"text/html","http_method":"GET","protocol":"HTTP/1.1","status":200,"redirect":"https://ec2-1-2-1-1.compute-1.example.com/CTCWebService/CTCWebServiceBean","length":162},"app_proto":"http","fileinfo":{"filename":"/CTCWebService/CTCWebServiceBean","gaps":false,"state":"CLOSED","stored":false,"size":162,"tx_id":1}}
{"timestamp":"2025-04-27T16:45:52.724195+0000","flow_id":41044877598316,"in_iface":"ens5","event_type":"http","src_ip":"1.8.1.113","src_port":54782,"dest_ip":"1.1.114.86","dest_port":80,"proto":"TCP","pkt_src":"wire/pcap","tx_id":1,"http":{"hostname":"ec2-1-2-1-1.compute-1.example.com","url":"/CTCWebService/CTCWebServiceBean","http_content_type":"text/html","http_method":"GET","protocol":"HTTP/1.1","status":200,"redirect":"https://ec2-1-2-1-1.compute-1.example.com/CTCWebService/CTCWebServiceBean","length":162}}