Project

General

Profile

Download (155 KB)

Bug #1444 » eve2.json

Brandon Lattin, 04/08/2015 01:38 PM

 
Another example without the previous pattern.
{"timestamp":"2015-04-08T07:38:27.645163","flow_id":139760013002848,"in_iface":"snf0","event_type":"alert","vlan":3780,"src_ip":"134.84.92.125","src_port":64264,"dest_ip":"54.243.188.194","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2809857,"rev":2,"signature":"ETPRO MALWARE Win32\/VOPackage.AX Checkin","category":"A Network Trojan was Detected","severity":1,"tx_id":0},"payload":"cMla\/Xl\/AAAAEAAAfAEAAFBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMTU0DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjM1MzBcIixcImd1aWRcIjogXCJcIixcImNoYW5uZWxfaWRcIjogXCJcIiwgXCJ1dG1fYWRkaXRpb25cIjpcInByPXZvJnY9MjYmY2l2PTA=","payload_printable":"POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 154\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3530\\\",\\\"guid\\\": \\\"\\\",\\\"channel_id\\\": \\\"\\\", \\\"utm_addition\\\":\\\"pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}","stream":1,"packet":"fK10kj0AfK10kl+AgQAOxAgARQAANE4fQAB+BtgdhlRcfTbzvML7CABQy\/AaUUEHiDKAEBCwekYAAAEBCAoAAdiWmM35BQ=="}
{"timestamp":"2015-04-08T07:39:12.329871","flow_id":139760013002848,"in_iface":"snf0","event_type":"alert","vlan":3780,"src_ip":"134.84.92.125","src_port":64264,"dest_ip":"54.243.188.194","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2809857,"rev":2,"signature":"ETPRO MALWARE Win32\/VOPackage.AX Checkin","category":"A Network Trojan was Detected","severity":1,"tx_id":1},"payload":"cMla\/Xl\/AAAAEAAA\/w8AAFBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMTc4DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjM1MzFcIixcImd1aWRcIjogXCJcIixcImNoYW5uZWxfaWRcIjogXCJcIiwgXCJ1dG1fYWRkaXRpb25cIjpcImNvbW1hbmRfcGFyYW1ldGVycz0vaXZzJnByPXZvJnY9MjYmY2l2PTAmcGFjPUVwcGlua1wifSJ9UE9TVCAvIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogTlNJU19JbmV0YyAoTW96aWxsYSkNCkhvc3Q6IGliZi1jbWktMTkzODk1MzE3NS51cy1lYXN0LTEuZWxiLmFtYXpvbmF3cy5jb20NCkNvbnRlbnQtTGVuZ3RoOiAxNzgNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCnsidGFibGUiOiAiZXZlbnRfaGFzX3VzZXIiLCJkYXRhIjogIntcImV2ZW50X2V2ZW50X2lkXCI6IFwiMzUzMlwiLFwiZ3VpZFwiOiBcIlwiLFwiY2hhbm5lbF9pZFwiOiBcIlwiLCBcInV0bV9hZGRpdGlvblwiOlwiY29tbWFuZF9wYXJhbWV0ZXJzPS9pdnMmcHI9dm8mdj0yNiZjaXY9MCZwYWM9RXBwaW5rXCJ9In1QT1NUIC8gSFRUUC8xLjENCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpVc2VyLUFnZW50OiBOU0lTX0luZXRjIChNb3ppbGxhKQ0KSG9zdDogaWJmLWNtaS0xOTM4OTUzMTc1LnVzLWVhc3QtMS5lbGIuYW1hem9uYXdzLmNvbQ0KQ29udGVudC1MZW5ndGg6IDIxNA0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0KeyJ0YWJsZSI6ICJldmVudF9oYXNfdXNlciIsImRhdGEiOiAie1wiZXZlbnRfZXZlbnRfaWRcIjogXCIzNTMzXCIsXCJndWlkXCI6IFwiNzlEMDhGMDEtNTExNy0xMUNCLUFCNzgtRkZBQUQ5MDczOTgzXCIsXCJjaGFubmVsX2lkXCI6IFwiXCIsIFwidXRtX2FkZGl0aW9uXCI6XCJjb21tYW5kX3BhcmFtZXRlcnM9L2l2cyZwcj12byZ2PTI2JmNpdj0wJnBhYz1FcHBpbmtcIn0ifVBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjE0DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjMyMjBcIixcImd1aWRcIjogXCI3OUQwOEYwMS01MTE3LTExQ0ItQUI3OC1GRkFBRDkwNzM5ODNcIixcImNoYW5uZWxfaWRcIjogXCJcIiwgXCJ1dG1fYWRkaXRpb25cIjpcImNvbW1hbmRfcGFyYW1ldGVycz0vaXZzJnByPXZvJnY9MjYmY2l2PTAmcGFjPUVwcGlua1wifSJ9UE9TVCAvIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogTlNJU19JbmV0YyAoTW96aWxsYSkNCkhvc3Q6IGliZi1jbWktMTkzODk1MzE3NS51cy1lYXN0LTEuZWxiLmFtYXpvbmF3cy5jb20NCkNvbnRlbnQtTGVuZ3RoOiAxOTUNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCnsidGFibGUiOiAiZXZlbnRfaGFzX3VzZXIiLCJkYXRhIjogIntcImV2ZW50X2V2ZW50X2lkXCI6IFwiMzUyOFwiLFwiZ3VpZFwiOiBcIjc5RDA4RjAxLTUxMTctMTFDQi1BQjc4LUZGQUFEOTA3Mzk4M1wiLFwiY2hhbm5lbF9pZFwiOiBcIlhZMTIzXCIsIFwidXRtX2FkZGl0aW9uXCI6XCJwcj12byZ2PTI2JmNpdj0wJnBhYz1FcHBpbmtcIn0ifVBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjIxDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjMyMDlcIixcImd1aWRcIjogXCI3OUQwOEYwMS01MTE3LTExQ0ItQUI3OC1GRkFBRDkwNzM5ODNcIixcImNoYW5uZWxfaWRcIjogXCJYWTEyM1wiLCBcInV0bV9hZGRpdGlvblwiOlwiYmVmb3JlX2Rvd25sb2FkPXZvc3J2LmV4ZSZwcj12byZ2PTI2JmNpdj0wJnBhYz1FcHBpbmtcIn0ifVBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjIyDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjMyMTBcIixcImd1aWRcIjogXCI3OUQwOEYwMS01MTE3LTExQ0ItQUI3OC1GRkFBRDkwNzM5ODNcIixcImNoYW5uZWxfaWRcIjogXCJYWTEyM1wiLCBcInV0bV9hZGRpdGlvblwiOlwiYmVmb3JlX2Rvd25sb2FkPXJ1bmFzdS5leGUmcHI9dm8mdj0yNiZjaXY9MCZwYWM9RXBwaW5rXCJ9In1QT1NUIC8gSFRUUC8xLjENCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpVc2VyLUFnZW50OiBOU0lTX0luZXRjIChNb3ppbGxhKQ0KSG9zdDogaWJmLWNtaS0xOTM4OTUzMTc1LnVzLWVhc3QtMS5lbGIuYW1hem9uYXdzLmNvbQ0KQ29udGVudC1MZW5ndGg6IDIxNg0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0KeyJ0YWJsZSI6ICJldmVudF9oYXNfdXNlciIsImRhdGEiOiAie1wiZXZlbnRfZXZlbnRfaWRcIjogXCIzMjEyXCIsXCJndWlkXCI6IFwiNzlEMDhGMDEtNTExNy0xMUNCLUFCNzgtRkZBQUQ5MDczOTgzXCIsXCJjaGFubmVsX2lkXCI6IFwiWFkxMjNcIiwgXCJ1dG1fYWRkaXRpb25cIjpcImJlZm9yZV9ydW49dm9zcnYuZXhlJnByPXZvJnY9MjYmY2l2PTAmcGFjPUVwcGlua1wifSJ9UE9TVCAvIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogTlNJU19JbmV0YyAoTW96aWxsYSkNCkhvc3Q6IGliZi1jbWktMTkzODk1MzE3NS51cy1lYXN0LTEuZWxiLmFtYXpvbmF3cy5jb20NCkNvbnRlbnQtTGVuZ3RoOiAyMTUNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCnsidGFibGUiOiAiZXZlbnRfaGFzX3VzZXIiLCJkYXRhIjogIntcImV2ZW50X2V2ZW50X2lkXCI6IFwiMzIxMVwiLFwiZ3VpZFwiOiBcIjc5RDA4RjAxLTUxMTctMTFDQi1BQjc4LUZGQUFEOTA3Mzk4M1wiLFwiY2hhbm5lbF9pZFwiOiBcIlhZMTIzXCIsIFwidXRtX2FkZGl0aW9uXCI6XCJhZnRlcl9ydW49dm9zcnYuZXhlJnByPXZvJnY9MjYmY2l2PTAmcGFjPUVwcGlua1wifSJ9UE9TVCAvIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogTlNJU19JbmV0YyAoTW96aWxsYSkNCkhvc3Q6IGliZi1jbWktMTkzODk1MzE3NS51cy1lYXN0LTEuZWxiLmFtYXpvbmF3cy5jb20NCkNvbnRlbnQtTGVuZ3RoOiAyMjENCkNvbm5lY3Rpb246IEtlZXAt","payload_printable":"POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 178\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3531\\\",\\\"guid\\\": \\\"\\\",\\\"channel_id\\\": \\\"\\\", \\\"utm_addition\\\":\\\"command_parameters=\/ivs&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 178\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3532\\\",\\\"guid\\\": \\\"\\\",\\\"channel_id\\\": \\\"\\\", \\\"utm_addition\\\":\\\"command_parameters=\/ivs&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 214\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3533\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"\\\", \\\"utm_addition\\\":\\\"command_parameters=\/ivs&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 214\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3220\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"\\\", \\\"utm_addition\\\":\\\"command_parameters=\/ivs&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 195\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3528\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 221\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3209\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"before_download=vosrv.exe&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 222\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3210\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"before_download=runasu.exe&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 216\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3212\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"before_run=vosrv.exe&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 215\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3211\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"after_run=vosrv.exe&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 221\r\nConnection: Keep-Alive\r\nCache-Con","stream":1,"packet":"fK10kj0AfK10kl+AgQAOxAgARQAANFC+QAB+BtV+hlRcfTbzvML7CABQy\/A2FEEHmiOAEA+TEJgAAAEBCAoAAeoKmM4kqA=="}
{"timestamp":"2015-04-08T07:39:12.329871","flow_id":139760013002848,"in_iface":"snf0","event_type":"alert","vlan":3780,"src_ip":"134.84.92.125","src_port":64264,"dest_ip":"54.243.188.194","dest_port":80,"proto":"TCP","payload":"cMla\/Xl\/AAAAEAAA\/w8AAFBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMTc4DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjM1MzFcIixcImd1aWRcIjogXCJcIixcImNoYW5uZWxfaWRcIjogXCJcIiwgXCJ1dG1fYWRkaXRpb25cIjpcImNvbW1hbmRfcGFyYW1ldGVycz0vaXZzJnByPXZvJnY9MjYmY2l2PTAmcGFjPUVwcGlua1wifSJ9UE9TVCAvIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogTlNJU19JbmV0YyAoTW96aWxsYSkNCkhvc3Q6IGliZi1jbWktMTkzODk1MzE3NS51cy1lYXN0LTEuZWxiLmFtYXpvbmF3cy5jb20NCkNvbnRlbnQtTGVuZ3RoOiAxNzgNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCnsidGFibGUiOiAiZXZlbnRfaGFzX3VzZXIiLCJkYXRhIjogIntcImV2ZW50X2V2ZW50X2lkXCI6IFwiMzUzMlwiLFwiZ3VpZFwiOiBcIlwiLFwiY2hhbm5lbF9pZFwiOiBcIlwiLCBcInV0bV9hZGRpdGlvblwiOlwiY29tbWFuZF9wYXJhbWV0ZXJzPS9pdnMmcHI9dm8mdj0yNiZjaXY9MCZwYWM9RXBwaW5rXCJ9In1QT1NUIC8gSFRUUC8xLjENCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpVc2VyLUFnZW50OiBOU0lTX0luZXRjIChNb3ppbGxhKQ0KSG9zdDogaWJmLWNtaS0xOTM4OTUzMTc1LnVzLWVhc3QtMS5lbGIuYW1hem9uYXdzLmNvbQ0KQ29udGVudC1MZW5ndGg6IDIxNA0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0KeyJ0YWJsZSI6ICJldmVudF9oYXNfdXNlciIsImRhdGEiOiAie1wiZXZlbnRfZXZlbnRfaWRcIjogXCIzNTMzXCIsXCJndWlkXCI6IFwiNzlEMDhGMDEtNTExNy0xMUNCLUFCNzgtRkZBQUQ5MDczOTgzXCIsXCJjaGFubmVsX2lkXCI6IFwiXCIsIFwidXRtX2FkZGl0aW9uXCI6XCJjb21tYW5kX3BhcmFtZXRlcnM9L2l2cyZwcj12byZ2PTI2JmNpdj0wJnBhYz1FcHBpbmtcIn0ifVBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjE0DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjMyMjBcIixcImd1aWRcIjogXCI3OUQwOEYwMS01MTE3LTExQ0ItQUI3OC1GRkFBRDkwNzM5ODNcIixcImNoYW5uZWxfaWRcIjogXCJcIiwgXCJ1dG1fYWRkaXRpb25cIjpcImNvbW1hbmRfcGFyYW1ldGVycz0vaXZzJnByPXZvJnY9MjYmY2l2PTAmcGFjPUVwcGlua1wifSJ9UE9TVCAvIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogTlNJU19JbmV0YyAoTW96aWxsYSkNCkhvc3Q6IGliZi1jbWktMTkzODk1MzE3NS51cy1lYXN0LTEuZWxiLmFtYXpvbmF3cy5jb20NCkNvbnRlbnQtTGVuZ3RoOiAxOTUNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCnsidGFibGUiOiAiZXZlbnRfaGFzX3VzZXIiLCJkYXRhIjogIntcImV2ZW50X2V2ZW50X2lkXCI6IFwiMzUyOFwiLFwiZ3VpZFwiOiBcIjc5RDA4RjAxLTUxMTctMTFDQi1BQjc4LUZGQUFEOTA3Mzk4M1wiLFwiY2hhbm5lbF9pZFwiOiBcIlhZMTIzXCIsIFwidXRtX2FkZGl0aW9uXCI6XCJwcj12byZ2PTI2JmNpdj0wJnBhYz1FcHBpbmtcIn0ifVBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjIxDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjMyMDlcIixcImd1aWRcIjogXCI3OUQwOEYwMS01MTE3LTExQ0ItQUI3OC1GRkFBRDkwNzM5ODNcIixcImNoYW5uZWxfaWRcIjogXCJYWTEyM1wiLCBcInV0bV9hZGRpdGlvblwiOlwiYmVmb3JlX2Rvd25sb2FkPXZvc3J2LmV4ZSZwcj12byZ2PTI2JmNpdj0wJnBhYz1FcHBpbmtcIn0ifVBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjIyDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjMyMTBcIixcImd1aWRcIjogXCI3OUQwOEYwMS01MTE3LTExQ0ItQUI3OC1GRkFBRDkwNzM5ODNcIixcImNoYW5uZWxfaWRcIjogXCJYWTEyM1wiLCBcInV0bV9hZGRpdGlvblwiOlwiYmVmb3JlX2Rvd25sb2FkPXJ1bmFzdS5leGUmcHI9dm8mdj0yNiZjaXY9MCZwYWM9RXBwaW5rXCJ9In1QT1NUIC8gSFRUUC8xLjENCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpVc2VyLUFnZW50OiBOU0lTX0luZXRjIChNb3ppbGxhKQ0KSG9zdDogaWJmLWNtaS0xOTM4OTUzMTc1LnVzLWVhc3QtMS5lbGIuYW1hem9uYXdzLmNvbQ0KQ29udGVudC1MZW5ndGg6IDIxNg0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0KeyJ0YWJsZSI6ICJldmVudF9oYXNfdXNlciIsImRhdGEiOiAie1wiZXZlbnRfZXZlbnRfaWRcIjogXCIzMjEyXCIsXCJndWlkXCI6IFwiNzlEMDhGMDEtNTExNy0xMUNCLUFCNzgtRkZBQUQ5MDczOTgzXCIsXCJjaGFubmVsX2lkXCI6IFwiWFkxMjNcIiwgXCJ1dG1fYWRkaXRpb25cIjpcImJlZm9yZV9ydW49dm9zcnYuZXhlJnByPXZvJnY9MjYmY2l2PTAmcGFjPUVwcGlua1wifSJ9UE9TVCAvIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogTlNJU19JbmV0YyAoTW96aWxsYSkNCkhvc3Q6IGliZi1jbWktMTkzODk1MzE3NS51cy1lYXN0LTEuZWxiLmFtYXpvbmF3cy5jb20NCkNvbnRlbnQtTGVuZ3RoOiAyMTUNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCnsidGFibGUiOiAiZXZlbnRfaGFzX3VzZXIiLCJkYXRhIjogIntcImV2ZW50X2V2ZW50X2lkXCI6IFwiMzIxMVwiLFwiZ3VpZFwiOiBcIjc5RDA4RjAxLTUxMTctMTFDQi1BQjc4LUZGQUFEOTA3Mzk4M1wiLFwiY2hhbm5lbF9pZFwiOiBcIlhZMTIzXCIsIFwidXRtX2FkZGl0aW9uXCI6XCJhZnRlcl9ydW49dm9zcnYuZXhlJnByPXZvJnY9MjYmY2l2PTAmcGFjPUVwcGlua1wifSJ9UE9TVCAvIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogTlNJU19JbmV0YyAoTW96aWxsYSkNCkhvc3Q6IGliZi1jbWktMTkzODk1MzE3NS51cy1lYXN0LTEuZWxiLmFtYXpvbmF3cy5jb20NCkNvbnRlbnQtTGVuZ3RoOiAyMjENCkNvbm5lY3Rpb246IEtlZXAt","payload_printable":"POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 178\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3531\\\",\\\"guid\\\": \\\"\\\",\\\"channel_id\\\": \\\"\\\", \\\"utm_addition\\\":\\\"command_parameters=\/ivs&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 178\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3532\\\",\\\"guid\\\": \\\"\\\",\\\"channel_id\\\": \\\"\\\", \\\"utm_addition\\\":\\\"command_parameters=\/ivs&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 214\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3533\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"\\\", \\\"utm_addition\\\":\\\"command_parameters=\/ivs&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 214\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3220\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"\\\", \\\"utm_addition\\\":\\\"command_parameters=\/ivs&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 195\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3528\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 221\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3209\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"before_download=vosrv.exe&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 222\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3210\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"before_download=runasu.exe&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 216\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3212\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"before_run=vosrv.exe&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 215\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3211\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"after_run=vosrv.exe&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 221\r\nConnection: Keep-Alive\r\nCache-Con","stream":1,"packet":"fK10kj0AfK10kl+AgQAOxAgARQAANFC+QAB+BtV+hlRcfTbzvML7CABQy\/A2FEEHmiOAEA+TEJgAAAEBCAoAAeoKmM4kqA==","alert":{"action":"allowed","gid":1,"signature_id":2809857,"rev":2,"signature":"ETPRO MALWARE Win32\/VOPackage.AX Checkin","category":"A Network Trojan was Detected","severity":1,"tx_id":2}}
{"timestamp":"2015-04-08T07:39:12.329871","flow_id":139760013002848,"in_iface":"snf0","event_type":"alert","vlan":3780,"src_ip":"134.84.92.125","src_port":64264,"dest_ip":"54.243.188.194","dest_port":80,"proto":"TCP","payload":"cMla\/Xl\/AAAAEAAA\/w8AAFBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMTc4DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjM1MzFcIixcImd1aWRcIjogXCJcIixcImNoYW5uZWxfaWRcIjogXCJcIiwgXCJ1dG1fYWRkaXRpb25cIjpcImNvbW1hbmRfcGFyYW1ldGVycz0vaXZzJnByPXZvJnY9MjYmY2l2PTAmcGFjPUVwcGlua1wifSJ9UE9TVCAvIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogTlNJU19JbmV0YyAoTW96aWxsYSkNCkhvc3Q6IGliZi1jbWktMTkzODk1MzE3NS51cy1lYXN0LTEuZWxiLmFtYXpvbmF3cy5jb20NCkNvbnRlbnQtTGVuZ3RoOiAxNzgNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCnsidGFibGUiOiAiZXZlbnRfaGFzX3VzZXIiLCJkYXRhIjogIntcImV2ZW50X2V2ZW50X2lkXCI6IFwiMzUzMlwiLFwiZ3VpZFwiOiBcIlwiLFwiY2hhbm5lbF9pZFwiOiBcIlwiLCBcInV0bV9hZGRpdGlvblwiOlwiY29tbWFuZF9wYXJhbWV0ZXJzPS9pdnMmcHI9dm8mdj0yNiZjaXY9MCZwYWM9RXBwaW5rXCJ9In1QT1NUIC8gSFRUUC8xLjENCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpVc2VyLUFnZW50OiBOU0lTX0luZXRjIChNb3ppbGxhKQ0KSG9zdDogaWJmLWNtaS0xOTM4OTUzMTc1LnVzLWVhc3QtMS5lbGIuYW1hem9uYXdzLmNvbQ0KQ29udGVudC1MZW5ndGg6IDIxNA0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0KeyJ0YWJsZSI6ICJldmVudF9oYXNfdXNlciIsImRhdGEiOiAie1wiZXZlbnRfZXZlbnRfaWRcIjogXCIzNTMzXCIsXCJndWlkXCI6IFwiNzlEMDhGMDEtNTExNy0xMUNCLUFCNzgtRkZBQUQ5MDczOTgzXCIsXCJjaGFubmVsX2lkXCI6IFwiXCIsIFwidXRtX2FkZGl0aW9uXCI6XCJjb21tYW5kX3BhcmFtZXRlcnM9L2l2cyZwcj12byZ2PTI2JmNpdj0wJnBhYz1FcHBpbmtcIn0ifVBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjE0DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjMyMjBcIixcImd1aWRcIjogXCI3OUQwOEYwMS01MTE3LTExQ0ItQUI3OC1GRkFBRDkwNzM5ODNcIixcImNoYW5uZWxfaWRcIjogXCJcIiwgXCJ1dG1fYWRkaXRpb25cIjpcImNvbW1hbmRfcGFyYW1ldGVycz0vaXZzJnByPXZvJnY9MjYmY2l2PTAmcGFjPUVwcGlua1wifSJ9UE9TVCAvIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogTlNJU19JbmV0YyAoTW96aWxsYSkNCkhvc3Q6IGliZi1jbWktMTkzODk1MzE3NS51cy1lYXN0LTEuZWxiLmFtYXpvbmF3cy5jb20NCkNvbnRlbnQtTGVuZ3RoOiAxOTUNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCnsidGFibGUiOiAiZXZlbnRfaGFzX3VzZXIiLCJkYXRhIjogIntcImV2ZW50X2V2ZW50X2lkXCI6IFwiMzUyOFwiLFwiZ3VpZFwiOiBcIjc5RDA4RjAxLTUxMTctMTFDQi1BQjc4LUZGQUFEOTA3Mzk4M1wiLFwiY2hhbm5lbF9pZFwiOiBcIlhZMTIzXCIsIFwidXRtX2FkZGl0aW9uXCI6XCJwcj12byZ2PTI2JmNpdj0wJnBhYz1FcHBpbmtcIn0ifVBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjIxDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjMyMDlcIixcImd1aWRcIjogXCI3OUQwOEYwMS01MTE3LTExQ0ItQUI3OC1GRkFBRDkwNzM5ODNcIixcImNoYW5uZWxfaWRcIjogXCJYWTEyM1wiLCBcInV0bV9hZGRpdGlvblwiOlwiYmVmb3JlX2Rvd25sb2FkPXZvc3J2LmV4ZSZwcj12byZ2PTI2JmNpdj0wJnBhYz1FcHBpbmtcIn0ifVBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjIyDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjMyMTBcIixcImd1aWRcIjogXCI3OUQwOEYwMS01MTE3LTExQ0ItQUI3OC1GRkFBRDkwNzM5ODNcIixcImNoYW5uZWxfaWRcIjogXCJYWTEyM1wiLCBcInV0bV9hZGRpdGlvblwiOlwiYmVmb3JlX2Rvd25sb2FkPXJ1bmFzdS5leGUmcHI9dm8mdj0yNiZjaXY9MCZwYWM9RXBwaW5rXCJ9In1QT1NUIC8gSFRUUC8xLjENCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpVc2VyLUFnZW50OiBOU0lTX0luZXRjIChNb3ppbGxhKQ0KSG9zdDogaWJmLWNtaS0xOTM4OTUzMTc1LnVzLWVhc3QtMS5lbGIuYW1hem9uYXdzLmNvbQ0KQ29udGVudC1MZW5ndGg6IDIxNg0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0KeyJ0YWJsZSI6ICJldmVudF9oYXNfdXNlciIsImRhdGEiOiAie1wiZXZlbnRfZXZlbnRfaWRcIjogXCIzMjEyXCIsXCJndWlkXCI6IFwiNzlEMDhGMDEtNTExNy0xMUNCLUFCNzgtRkZBQUQ5MDczOTgzXCIsXCJjaGFubmVsX2lkXCI6IFwiWFkxMjNcIiwgXCJ1dG1fYWRkaXRpb25cIjpcImJlZm9yZV9ydW49dm9zcnYuZXhlJnByPXZvJnY9MjYmY2l2PTAmcGFjPUVwcGlua1wifSJ9UE9TVCAvIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogTlNJU19JbmV0YyAoTW96aWxsYSkNCkhvc3Q6IGliZi1jbWktMTkzODk1MzE3NS51cy1lYXN0LTEuZWxiLmFtYXpvbmF3cy5jb20NCkNvbnRlbnQtTGVuZ3RoOiAyMTUNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCnsidGFibGUiOiAiZXZlbnRfaGFzX3VzZXIiLCJkYXRhIjogIntcImV2ZW50X2V2ZW50X2lkXCI6IFwiMzIxMVwiLFwiZ3VpZFwiOiBcIjc5RDA4RjAxLTUxMTctMTFDQi1BQjc4LUZGQUFEOTA3Mzk4M1wiLFwiY2hhbm5lbF9pZFwiOiBcIlhZMTIzXCIsIFwidXRtX2FkZGl0aW9uXCI6XCJhZnRlcl9ydW49dm9zcnYuZXhlJnByPXZvJnY9MjYmY2l2PTAmcGFjPUVwcGlua1wifSJ9UE9TVCAvIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogTlNJU19JbmV0YyAoTW96aWxsYSkNCkhvc3Q6IGliZi1jbWktMTkzODk1MzE3NS51cy1lYXN0LTEuZWxiLmFtYXpvbmF3cy5jb20NCkNvbnRlbnQtTGVuZ3RoOiAyMjENCkNvbm5lY3Rpb246IEtlZXAt","payload_printable":"POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 178\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3531\\\",\\\"guid\\\": \\\"\\\",\\\"channel_id\\\": \\\"\\\", \\\"utm_addition\\\":\\\"command_parameters=\/ivs&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 178\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3532\\\",\\\"guid\\\": \\\"\\\",\\\"channel_id\\\": \\\"\\\", \\\"utm_addition\\\":\\\"command_parameters=\/ivs&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 214\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3533\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"\\\", \\\"utm_addition\\\":\\\"command_parameters=\/ivs&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 214\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3220\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"\\\", \\\"utm_addition\\\":\\\"command_parameters=\/ivs&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 195\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3528\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 221\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3209\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"before_download=vosrv.exe&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 222\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3210\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"before_download=runasu.exe&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 216\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3212\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"before_run=vosrv.exe&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 215\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3211\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"after_run=vosrv.exe&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 221\r\nConnection: Keep-Alive\r\nCache-Con","stream":1,"packet":"fK10kj0AfK10kl+AgQAOxAgARQAANFC+QAB+BtV+hlRcfTbzvML7CABQy\/A2FEEHmiOAEA+TEJgAAAEBCAoAAeoKmM4kqA==","alert":{"action":"allowed","gid":1,"signature_id":2809857,"rev":2,"signature":"ETPRO MALWARE Win32\/VOPackage.AX Checkin","category":"A Network Trojan was Detected","severity":1,"tx_id":3}}
{"timestamp":"2015-04-08T07:39:12.329871","flow_id":139760013002848,"in_iface":"snf0","event_type":"alert","vlan":3780,"src_ip":"134.84.92.125","src_port":64264,"dest_ip":"54.243.188.194","dest_port":80,"proto":"TCP","payload":"cMla\/Xl\/AAAAEAAA\/w8AAFBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMTc4DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjM1MzFcIixcImd1aWRcIjogXCJcIixcImNoYW5uZWxfaWRcIjogXCJcIiwgXCJ1dG1fYWRkaXRpb25cIjpcImNvbW1hbmRfcGFyYW1ldGVycz0vaXZzJnByPXZvJnY9MjYmY2l2PTAmcGFjPUVwcGlua1wifSJ9UE9TVCAvIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogTlNJU19JbmV0YyAoTW96aWxsYSkNCkhvc3Q6IGliZi1jbWktMTkzODk1MzE3NS51cy1lYXN0LTEuZWxiLmFtYXpvbmF3cy5jb20NCkNvbnRlbnQtTGVuZ3RoOiAxNzgNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCnsidGFibGUiOiAiZXZlbnRfaGFzX3VzZXIiLCJkYXRhIjogIntcImV2ZW50X2V2ZW50X2lkXCI6IFwiMzUzMlwiLFwiZ3VpZFwiOiBcIlwiLFwiY2hhbm5lbF9pZFwiOiBcIlwiLCBcInV0bV9hZGRpdGlvblwiOlwiY29tbWFuZF9wYXJhbWV0ZXJzPS9pdnMmcHI9dm8mdj0yNiZjaXY9MCZwYWM9RXBwaW5rXCJ9In1QT1NUIC8gSFRUUC8xLjENCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpVc2VyLUFnZW50OiBOU0lTX0luZXRjIChNb3ppbGxhKQ0KSG9zdDogaWJmLWNtaS0xOTM4OTUzMTc1LnVzLWVhc3QtMS5lbGIuYW1hem9uYXdzLmNvbQ0KQ29udGVudC1MZW5ndGg6IDIxNA0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0KeyJ0YWJsZSI6ICJldmVudF9oYXNfdXNlciIsImRhdGEiOiAie1wiZXZlbnRfZXZlbnRfaWRcIjogXCIzNTMzXCIsXCJndWlkXCI6IFwiNzlEMDhGMDEtNTExNy0xMUNCLUFCNzgtRkZBQUQ5MDczOTgzXCIsXCJjaGFubmVsX2lkXCI6IFwiXCIsIFwidXRtX2FkZGl0aW9uXCI6XCJjb21tYW5kX3BhcmFtZXRlcnM9L2l2cyZwcj12byZ2PTI2JmNpdj0wJnBhYz1FcHBpbmtcIn0ifVBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjE0DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjMyMjBcIixcImd1aWRcIjogXCI3OUQwOEYwMS01MTE3LTExQ0ItQUI3OC1GRkFBRDkwNzM5ODNcIixcImNoYW5uZWxfaWRcIjogXCJcIiwgXCJ1dG1fYWRkaXRpb25cIjpcImNvbW1hbmRfcGFyYW1ldGVycz0vaXZzJnByPXZvJnY9MjYmY2l2PTAmcGFjPUVwcGlua1wifSJ9UE9TVCAvIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogTlNJU19JbmV0YyAoTW96aWxsYSkNCkhvc3Q6IGliZi1jbWktMTkzODk1MzE3NS51cy1lYXN0LTEuZWxiLmFtYXpvbmF3cy5jb20NCkNvbnRlbnQtTGVuZ3RoOiAxOTUNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCnsidGFibGUiOiAiZXZlbnRfaGFzX3VzZXIiLCJkYXRhIjogIntcImV2ZW50X2V2ZW50X2lkXCI6IFwiMzUyOFwiLFwiZ3VpZFwiOiBcIjc5RDA4RjAxLTUxMTctMTFDQi1BQjc4LUZGQUFEOTA3Mzk4M1wiLFwiY2hhbm5lbF9pZFwiOiBcIlhZMTIzXCIsIFwidXRtX2FkZGl0aW9uXCI6XCJwcj12byZ2PTI2JmNpdj0wJnBhYz1FcHBpbmtcIn0ifVBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjIxDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjMyMDlcIixcImd1aWRcIjogXCI3OUQwOEYwMS01MTE3LTExQ0ItQUI3OC1GRkFBRDkwNzM5ODNcIixcImNoYW5uZWxfaWRcIjogXCJYWTEyM1wiLCBcInV0bV9hZGRpdGlvblwiOlwiYmVmb3JlX2Rvd25sb2FkPXZvc3J2LmV4ZSZwcj12byZ2PTI2JmNpdj0wJnBhYz1FcHBpbmtcIn0ifVBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjIyDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjMyMTBcIixcImd1aWRcIjogXCI3OUQwOEYwMS01MTE3LTExQ0ItQUI3OC1GRkFBRDkwNzM5ODNcIixcImNoYW5uZWxfaWRcIjogXCJYWTEyM1wiLCBcInV0bV9hZGRpdGlvblwiOlwiYmVmb3JlX2Rvd25sb2FkPXJ1bmFzdS5leGUmcHI9dm8mdj0yNiZjaXY9MCZwYWM9RXBwaW5rXCJ9In1QT1NUIC8gSFRUUC8xLjENCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpVc2VyLUFnZW50OiBOU0lTX0luZXRjIChNb3ppbGxhKQ0KSG9zdDogaWJmLWNtaS0xOTM4OTUzMTc1LnVzLWVhc3QtMS5lbGIuYW1hem9uYXdzLmNvbQ0KQ29udGVudC1MZW5ndGg6IDIxNg0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0KeyJ0YWJsZSI6ICJldmVudF9oYXNfdXNlciIsImRhdGEiOiAie1wiZXZlbnRfZXZlbnRfaWRcIjogXCIzMjEyXCIsXCJndWlkXCI6IFwiNzlEMDhGMDEtNTExNy0xMUNCLUFCNzgtRkZBQUQ5MDczOTgzXCIsXCJjaGFubmVsX2lkXCI6IFwiWFkxMjNcIiwgXCJ1dG1fYWRkaXRpb25cIjpcImJlZm9yZV9ydW49dm9zcnYuZXhlJnByPXZvJnY9MjYmY2l2PTAmcGFjPUVwcGlua1wifSJ9UE9TVCAvIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogTlNJU19JbmV0YyAoTW96aWxsYSkNCkhvc3Q6IGliZi1jbWktMTkzODk1MzE3NS51cy1lYXN0LTEuZWxiLmFtYXpvbmF3cy5jb20NCkNvbnRlbnQtTGVuZ3RoOiAyMTUNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCnsidGFibGUiOiAiZXZlbnRfaGFzX3VzZXIiLCJkYXRhIjogIntcImV2ZW50X2V2ZW50X2lkXCI6IFwiMzIxMVwiLFwiZ3VpZFwiOiBcIjc5RDA4RjAxLTUxMTctMTFDQi1BQjc4LUZGQUFEOTA3Mzk4M1wiLFwiY2hhbm5lbF9pZFwiOiBcIlhZMTIzXCIsIFwidXRtX2FkZGl0aW9uXCI6XCJhZnRlcl9ydW49dm9zcnYuZXhlJnByPXZvJnY9MjYmY2l2PTAmcGFjPUVwcGlua1wifSJ9UE9TVCAvIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogTlNJU19JbmV0YyAoTW96aWxsYSkNCkhvc3Q6IGliZi1jbWktMTkzODk1MzE3NS51cy1lYXN0LTEuZWxiLmFtYXpvbmF3cy5jb20NCkNvbnRlbnQtTGVuZ3RoOiAyMjENCkNvbm5lY3Rpb246IEtlZXAt","payload_printable":"POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 178\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3531\\\",\\\"guid\\\": \\\"\\\",\\\"channel_id\\\": \\\"\\\", \\\"utm_addition\\\":\\\"command_parameters=\/ivs&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 178\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3532\\\",\\\"guid\\\": \\\"\\\",\\\"channel_id\\\": \\\"\\\", \\\"utm_addition\\\":\\\"command_parameters=\/ivs&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 214\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3533\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"\\\", \\\"utm_addition\\\":\\\"command_parameters=\/ivs&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 214\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3220\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"\\\", \\\"utm_addition\\\":\\\"command_parameters=\/ivs&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 195\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3528\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 221\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3209\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"before_download=vosrv.exe&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 222\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3210\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"before_download=runasu.exe&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 216\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3212\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"before_run=vosrv.exe&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 215\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3211\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"after_run=vosrv.exe&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 221\r\nConnection: Keep-Alive\r\nCache-Con","stream":1,"packet":"fK10kj0AfK10kl+AgQAOxAgARQAANFC+QAB+BtV+hlRcfTbzvML7CABQy\/A2FEEHmiOAEA+TEJgAAAEBCAoAAeoKmM4kqA==","alert":{"action":"allowed","gid":1,"signature_id":2809857,"rev":2,"signature":"ETPRO MALWARE Win32\/VOPackage.AX Checkin","category":"A Network Trojan was Detected","severity":1,"tx_id":4}}
{"timestamp":"2015-04-08T07:39:12.329871","flow_id":139760013002848,"in_iface":"snf0","event_type":"alert","vlan":3780,"src_ip":"134.84.92.125","src_port":64264,"dest_ip":"54.243.188.194","dest_port":80,"proto":"TCP","payload":"cMla\/Xl\/AAAAEAAA\/w8AAFBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMTc4DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjM1MzFcIixcImd1aWRcIjogXCJcIixcImNoYW5uZWxfaWRcIjogXCJcIiwgXCJ1dG1fYWRkaXRpb25cIjpcImNvbW1hbmRfcGFyYW1ldGVycz0vaXZzJnByPXZvJnY9MjYmY2l2PTAmcGFjPUVwcGlua1wifSJ9UE9TVCAvIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogTlNJU19JbmV0YyAoTW96aWxsYSkNCkhvc3Q6IGliZi1jbWktMTkzODk1MzE3NS51cy1lYXN0LTEuZWxiLmFtYXpvbmF3cy5jb20NCkNvbnRlbnQtTGVuZ3RoOiAxNzgNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCnsidGFibGUiOiAiZXZlbnRfaGFzX3VzZXIiLCJkYXRhIjogIntcImV2ZW50X2V2ZW50X2lkXCI6IFwiMzUzMlwiLFwiZ3VpZFwiOiBcIlwiLFwiY2hhbm5lbF9pZFwiOiBcIlwiLCBcInV0bV9hZGRpdGlvblwiOlwiY29tbWFuZF9wYXJhbWV0ZXJzPS9pdnMmcHI9dm8mdj0yNiZjaXY9MCZwYWM9RXBwaW5rXCJ9In1QT1NUIC8gSFRUUC8xLjENCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpVc2VyLUFnZW50OiBOU0lTX0luZXRjIChNb3ppbGxhKQ0KSG9zdDogaWJmLWNtaS0xOTM4OTUzMTc1LnVzLWVhc3QtMS5lbGIuYW1hem9uYXdzLmNvbQ0KQ29udGVudC1MZW5ndGg6IDIxNA0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0KeyJ0YWJsZSI6ICJldmVudF9oYXNfdXNlciIsImRhdGEiOiAie1wiZXZlbnRfZXZlbnRfaWRcIjogXCIzNTMzXCIsXCJndWlkXCI6IFwiNzlEMDhGMDEtNTExNy0xMUNCLUFCNzgtRkZBQUQ5MDczOTgzXCIsXCJjaGFubmVsX2lkXCI6IFwiXCIsIFwidXRtX2FkZGl0aW9uXCI6XCJjb21tYW5kX3BhcmFtZXRlcnM9L2l2cyZwcj12byZ2PTI2JmNpdj0wJnBhYz1FcHBpbmtcIn0ifVBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjE0DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjMyMjBcIixcImd1aWRcIjogXCI3OUQwOEYwMS01MTE3LTExQ0ItQUI3OC1GRkFBRDkwNzM5ODNcIixcImNoYW5uZWxfaWRcIjogXCJcIiwgXCJ1dG1fYWRkaXRpb25cIjpcImNvbW1hbmRfcGFyYW1ldGVycz0vaXZzJnByPXZvJnY9MjYmY2l2PTAmcGFjPUVwcGlua1wifSJ9UE9TVCAvIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogTlNJU19JbmV0YyAoTW96aWxsYSkNCkhvc3Q6IGliZi1jbWktMTkzODk1MzE3NS51cy1lYXN0LTEuZWxiLmFtYXpvbmF3cy5jb20NCkNvbnRlbnQtTGVuZ3RoOiAxOTUNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCnsidGFibGUiOiAiZXZlbnRfaGFzX3VzZXIiLCJkYXRhIjogIntcImV2ZW50X2V2ZW50X2lkXCI6IFwiMzUyOFwiLFwiZ3VpZFwiOiBcIjc5RDA4RjAxLTUxMTctMTFDQi1BQjc4LUZGQUFEOTA3Mzk4M1wiLFwiY2hhbm5lbF9pZFwiOiBcIlhZMTIzXCIsIFwidXRtX2FkZGl0aW9uXCI6XCJwcj12byZ2PTI2JmNpdj0wJnBhYz1FcHBpbmtcIn0ifVBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjIxDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjMyMDlcIixcImd1aWRcIjogXCI3OUQwOEYwMS01MTE3LTExQ0ItQUI3OC1GRkFBRDkwNzM5ODNcIixcImNoYW5uZWxfaWRcIjogXCJYWTEyM1wiLCBcInV0bV9hZGRpdGlvblwiOlwiYmVmb3JlX2Rvd25sb2FkPXZvc3J2LmV4ZSZwcj12byZ2PTI2JmNpdj0wJnBhYz1FcHBpbmtcIn0ifVBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjIyDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjMyMTBcIixcImd1aWRcIjogXCI3OUQwOEYwMS01MTE3LTExQ0ItQUI3OC1GRkFBRDkwNzM5ODNcIixcImNoYW5uZWxfaWRcIjogXCJYWTEyM1wiLCBcInV0bV9hZGRpdGlvblwiOlwiYmVmb3JlX2Rvd25sb2FkPXJ1bmFzdS5leGUmcHI9dm8mdj0yNiZjaXY9MCZwYWM9RXBwaW5rXCJ9In1QT1NUIC8gSFRUUC8xLjENCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpVc2VyLUFnZW50OiBOU0lTX0luZXRjIChNb3ppbGxhKQ0KSG9zdDogaWJmLWNtaS0xOTM4OTUzMTc1LnVzLWVhc3QtMS5lbGIuYW1hem9uYXdzLmNvbQ0KQ29udGVudC1MZW5ndGg6IDIxNg0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0KeyJ0YWJsZSI6ICJldmVudF9oYXNfdXNlciIsImRhdGEiOiAie1wiZXZlbnRfZXZlbnRfaWRcIjogXCIzMjEyXCIsXCJndWlkXCI6IFwiNzlEMDhGMDEtNTExNy0xMUNCLUFCNzgtRkZBQUQ5MDczOTgzXCIsXCJjaGFubmVsX2lkXCI6IFwiWFkxMjNcIiwgXCJ1dG1fYWRkaXRpb25cIjpcImJlZm9yZV9ydW49dm9zcnYuZXhlJnByPXZvJnY9MjYmY2l2PTAmcGFjPUVwcGlua1wifSJ9UE9TVCAvIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogTlNJU19JbmV0YyAoTW96aWxsYSkNCkhvc3Q6IGliZi1jbWktMTkzODk1MzE3NS51cy1lYXN0LTEuZWxiLmFtYXpvbmF3cy5jb20NCkNvbnRlbnQtTGVuZ3RoOiAyMTUNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCnsidGFibGUiOiAiZXZlbnRfaGFzX3VzZXIiLCJkYXRhIjogIntcImV2ZW50X2V2ZW50X2lkXCI6IFwiMzIxMVwiLFwiZ3VpZFwiOiBcIjc5RDA4RjAxLTUxMTctMTFDQi1BQjc4LUZGQUFEOTA3Mzk4M1wiLFwiY2hhbm5lbF9pZFwiOiBcIlhZMTIzXCIsIFwidXRtX2FkZGl0aW9uXCI6XCJhZnRlcl9ydW49dm9zcnYuZXhlJnByPXZvJnY9MjYmY2l2PTAmcGFjPUVwcGlua1wifSJ9UE9TVCAvIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogTlNJU19JbmV0YyAoTW96aWxsYSkNCkhvc3Q6IGliZi1jbWktMTkzODk1MzE3NS51cy1lYXN0LTEuZWxiLmFtYXpvbmF3cy5jb20NCkNvbnRlbnQtTGVuZ3RoOiAyMjENCkNvbm5lY3Rpb246IEtlZXAt","payload_printable":"POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 178\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3531\\\",\\\"guid\\\": \\\"\\\",\\\"channel_id\\\": \\\"\\\", \\\"utm_addition\\\":\\\"command_parameters=\/ivs&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 178\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3532\\\",\\\"guid\\\": \\\"\\\",\\\"channel_id\\\": \\\"\\\", \\\"utm_addition\\\":\\\"command_parameters=\/ivs&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 214\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3533\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"\\\", \\\"utm_addition\\\":\\\"command_parameters=\/ivs&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 214\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3220\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"\\\", \\\"utm_addition\\\":\\\"command_parameters=\/ivs&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 195\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3528\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 221\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3209\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"before_download=vosrv.exe&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 222\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3210\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"before_download=runasu.exe&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 216\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3212\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"before_run=vosrv.exe&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 215\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3211\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"after_run=vosrv.exe&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 221\r\nConnection: Keep-Alive\r\nCache-Con","stream":1,"packet":"fK10kj0AfK10kl+AgQAOxAgARQAANFC+QAB+BtV+hlRcfTbzvML7CABQy\/A2FEEHmiOAEA+TEJgAAAEBCAoAAeoKmM4kqA==","alert":{"action":"allowed","gid":1,"signature_id":2809857,"rev":2,"signature":"ETPRO MALWARE Win32\/VOPackage.AX Checkin","category":"A Network Trojan was Detected","severity":1,"tx_id":5}}
{"timestamp":"2015-04-08T07:39:12.329871","flow_id":139760013002848,"in_iface":"snf0","event_type":"alert","vlan":3780,"src_ip":"134.84.92.125","src_port":64264,"dest_ip":"54.243.188.194","dest_port":80,"proto":"TCP","payload":"cMla\/Xl\/AAAAEAAA\/w8AAFBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMTc4DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjM1MzFcIixcImd1aWRcIjogXCJcIixcImNoYW5uZWxfaWRcIjogXCJcIiwgXCJ1dG1fYWRkaXRpb25cIjpcImNvbW1hbmRfcGFyYW1ldGVycz0vaXZzJnByPXZvJnY9MjYmY2l2PTAmcGFjPUVwcGlua1wifSJ9UE9TVCAvIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogTlNJU19JbmV0YyAoTW96aWxsYSkNCkhvc3Q6IGliZi1jbWktMTkzODk1MzE3NS51cy1lYXN0LTEuZWxiLmFtYXpvbmF3cy5jb20NCkNvbnRlbnQtTGVuZ3RoOiAxNzgNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCnsidGFibGUiOiAiZXZlbnRfaGFzX3VzZXIiLCJkYXRhIjogIntcImV2ZW50X2V2ZW50X2lkXCI6IFwiMzUzMlwiLFwiZ3VpZFwiOiBcIlwiLFwiY2hhbm5lbF9pZFwiOiBcIlwiLCBcInV0bV9hZGRpdGlvblwiOlwiY29tbWFuZF9wYXJhbWV0ZXJzPS9pdnMmcHI9dm8mdj0yNiZjaXY9MCZwYWM9RXBwaW5rXCJ9In1QT1NUIC8gSFRUUC8xLjENCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpVc2VyLUFnZW50OiBOU0lTX0luZXRjIChNb3ppbGxhKQ0KSG9zdDogaWJmLWNtaS0xOTM4OTUzMTc1LnVzLWVhc3QtMS5lbGIuYW1hem9uYXdzLmNvbQ0KQ29udGVudC1MZW5ndGg6IDIxNA0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0KeyJ0YWJsZSI6ICJldmVudF9oYXNfdXNlciIsImRhdGEiOiAie1wiZXZlbnRfZXZlbnRfaWRcIjogXCIzNTMzXCIsXCJndWlkXCI6IFwiNzlEMDhGMDEtNTExNy0xMUNCLUFCNzgtRkZBQUQ5MDczOTgzXCIsXCJjaGFubmVsX2lkXCI6IFwiXCIsIFwidXRtX2FkZGl0aW9uXCI6XCJjb21tYW5kX3BhcmFtZXRlcnM9L2l2cyZwcj12byZ2PTI2JmNpdj0wJnBhYz1FcHBpbmtcIn0ifVBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjE0DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjMyMjBcIixcImd1aWRcIjogXCI3OUQwOEYwMS01MTE3LTExQ0ItQUI3OC1GRkFBRDkwNzM5ODNcIixcImNoYW5uZWxfaWRcIjogXCJcIiwgXCJ1dG1fYWRkaXRpb25cIjpcImNvbW1hbmRfcGFyYW1ldGVycz0vaXZzJnByPXZvJnY9MjYmY2l2PTAmcGFjPUVwcGlua1wifSJ9UE9TVCAvIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogTlNJU19JbmV0YyAoTW96aWxsYSkNCkhvc3Q6IGliZi1jbWktMTkzODk1MzE3NS51cy1lYXN0LTEuZWxiLmFtYXpvbmF3cy5jb20NCkNvbnRlbnQtTGVuZ3RoOiAxOTUNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCnsidGFibGUiOiAiZXZlbnRfaGFzX3VzZXIiLCJkYXRhIjogIntcImV2ZW50X2V2ZW50X2lkXCI6IFwiMzUyOFwiLFwiZ3VpZFwiOiBcIjc5RDA4RjAxLTUxMTctMTFDQi1BQjc4LUZGQUFEOTA3Mzk4M1wiLFwiY2hhbm5lbF9pZFwiOiBcIlhZMTIzXCIsIFwidXRtX2FkZGl0aW9uXCI6XCJwcj12byZ2PTI2JmNpdj0wJnBhYz1FcHBpbmtcIn0ifVBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjIxDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjMyMDlcIixcImd1aWRcIjogXCI3OUQwOEYwMS01MTE3LTExQ0ItQUI3OC1GRkFBRDkwNzM5ODNcIixcImNoYW5uZWxfaWRcIjogXCJYWTEyM1wiLCBcInV0bV9hZGRpdGlvblwiOlwiYmVmb3JlX2Rvd25sb2FkPXZvc3J2LmV4ZSZwcj12byZ2PTI2JmNpdj0wJnBhYz1FcHBpbmtcIn0ifVBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjIyDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjMyMTBcIixcImd1aWRcIjogXCI3OUQwOEYwMS01MTE3LTExQ0ItQUI3OC1GRkFBRDkwNzM5ODNcIixcImNoYW5uZWxfaWRcIjogXCJYWTEyM1wiLCBcInV0bV9hZGRpdGlvblwiOlwiYmVmb3JlX2Rvd25sb2FkPXJ1bmFzdS5leGUmcHI9dm8mdj0yNiZjaXY9MCZwYWM9RXBwaW5rXCJ9In1QT1NUIC8gSFRUUC8xLjENCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpVc2VyLUFnZW50OiBOU0lTX0luZXRjIChNb3ppbGxhKQ0KSG9zdDogaWJmLWNtaS0xOTM4OTUzMTc1LnVzLWVhc3QtMS5lbGIuYW1hem9uYXdzLmNvbQ0KQ29udGVudC1MZW5ndGg6IDIxNg0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0KeyJ0YWJsZSI6ICJldmVudF9oYXNfdXNlciIsImRhdGEiOiAie1wiZXZlbnRfZXZlbnRfaWRcIjogXCIzMjEyXCIsXCJndWlkXCI6IFwiNzlEMDhGMDEtNTExNy0xMUNCLUFCNzgtRkZBQUQ5MDczOTgzXCIsXCJjaGFubmVsX2lkXCI6IFwiWFkxMjNcIiwgXCJ1dG1fYWRkaXRpb25cIjpcImJlZm9yZV9ydW49dm9zcnYuZXhlJnByPXZvJnY9MjYmY2l2PTAmcGFjPUVwcGlua1wifSJ9UE9TVCAvIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogTlNJU19JbmV0YyAoTW96aWxsYSkNCkhvc3Q6IGliZi1jbWktMTkzODk1MzE3NS51cy1lYXN0LTEuZWxiLmFtYXpvbmF3cy5jb20NCkNvbnRlbnQtTGVuZ3RoOiAyMTUNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCnsidGFibGUiOiAiZXZlbnRfaGFzX3VzZXIiLCJkYXRhIjogIntcImV2ZW50X2V2ZW50X2lkXCI6IFwiMzIxMVwiLFwiZ3VpZFwiOiBcIjc5RDA4RjAxLTUxMTctMTFDQi1BQjc4LUZGQUFEOTA3Mzk4M1wiLFwiY2hhbm5lbF9pZFwiOiBcIlhZMTIzXCIsIFwidXRtX2FkZGl0aW9uXCI6XCJhZnRlcl9ydW49dm9zcnYuZXhlJnByPXZvJnY9MjYmY2l2PTAmcGFjPUVwcGlua1wifSJ9UE9TVCAvIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogTlNJU19JbmV0YyAoTW96aWxsYSkNCkhvc3Q6IGliZi1jbWktMTkzODk1MzE3NS51cy1lYXN0LTEuZWxiLmFtYXpvbmF3cy5jb20NCkNvbnRlbnQtTGVuZ3RoOiAyMjENCkNvbm5lY3Rpb246IEtlZXAt","payload_printable":"POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 178\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3531\\\",\\\"guid\\\": \\\"\\\",\\\"channel_id\\\": \\\"\\\", \\\"utm_addition\\\":\\\"command_parameters=\/ivs&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 178\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3532\\\",\\\"guid\\\": \\\"\\\",\\\"channel_id\\\": \\\"\\\", \\\"utm_addition\\\":\\\"command_parameters=\/ivs&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 214\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3533\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"\\\", \\\"utm_addition\\\":\\\"command_parameters=\/ivs&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 214\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3220\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"\\\", \\\"utm_addition\\\":\\\"command_parameters=\/ivs&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 195\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3528\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 221\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3209\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"before_download=vosrv.exe&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 222\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3210\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"before_download=runasu.exe&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 216\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3212\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"before_run=vosrv.exe&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 215\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3211\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"after_run=vosrv.exe&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 221\r\nConnection: Keep-Alive\r\nCache-Con","stream":1,"packet":"fK10kj0AfK10kl+AgQAOxAgARQAANFC+QAB+BtV+hlRcfTbzvML7CABQy\/A2FEEHmiOAEA+TEJgAAAEBCAoAAeoKmM4kqA==","alert":{"action":"allowed","gid":1,"signature_id":2809857,"rev":2,"signature":"ETPRO MALWARE Win32\/VOPackage.AX Checkin","category":"A Network Trojan was Detected","severity":1,"tx_id":6}}
{"timestamp":"2015-04-08T07:39:12.329871","flow_id":139760013002848,"in_iface":"snf0","event_type":"alert","vlan":3780,"src_ip":"134.84.92.125","src_port":64264,"dest_ip":"54.243.188.194","dest_port":80,"proto":"TCP","payload":"cMla\/Xl\/AAAAEAAA\/w8AAFBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMTc4DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjM1MzFcIixcImd1aWRcIjogXCJcIixcImNoYW5uZWxfaWRcIjogXCJcIiwgXCJ1dG1fYWRkaXRpb25cIjpcImNvbW1hbmRfcGFyYW1ldGVycz0vaXZzJnByPXZvJnY9MjYmY2l2PTAmcGFjPUVwcGlua1wifSJ9UE9TVCAvIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogTlNJU19JbmV0YyAoTW96aWxsYSkNCkhvc3Q6IGliZi1jbWktMTkzODk1MzE3NS51cy1lYXN0LTEuZWxiLmFtYXpvbmF3cy5jb20NCkNvbnRlbnQtTGVuZ3RoOiAxNzgNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCnsidGFibGUiOiAiZXZlbnRfaGFzX3VzZXIiLCJkYXRhIjogIntcImV2ZW50X2V2ZW50X2lkXCI6IFwiMzUzMlwiLFwiZ3VpZFwiOiBcIlwiLFwiY2hhbm5lbF9pZFwiOiBcIlwiLCBcInV0bV9hZGRpdGlvblwiOlwiY29tbWFuZF9wYXJhbWV0ZXJzPS9pdnMmcHI9dm8mdj0yNiZjaXY9MCZwYWM9RXBwaW5rXCJ9In1QT1NUIC8gSFRUUC8xLjENCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpVc2VyLUFnZW50OiBOU0lTX0luZXRjIChNb3ppbGxhKQ0KSG9zdDogaWJmLWNtaS0xOTM4OTUzMTc1LnVzLWV{"timestamp":"2015-04-08T07:39:12.329871","flow_id":139760013002848,"in_iface":"snf0","event_type":"alert","vlan":3780,"src_ip":"134.84.92.125","src_port":64264,"dest_ip":"54.243.188.194","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2809857,"rev":2,"signature":"ETPRO MALWARE Win32\/VOPackage.AX Checkin","category":"A Network Trojan was Detected","severity":1,"tx_id":1},"payload":"cMla\/Xl\/AAAAEAAA\/w8AAFBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMTc4DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjM1MzFcIixcImd1aWRcIjogXCJcIixcImNoYW5uZWxfaWRcIjogXCJcIiwgXCJ1dG1fYWRkaXRpb25cIjpcImNvbW1hbmRfcGFyYW1ldGVycz0vaXZzJnByPXZvJnY9MjYmY2l2PTAmcGFjPUVwcGlua1wifSJ9UE9TVCAvIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogTlNJU19JbmV0YyAoTW96aWxsYSkNCkhvc3Q6IGliZi1jbWktMTkzODk1MzE3NS51cy1lYXN0LTEuZWxiLmFtYXpvbmF3cy5jb20NCkNvbnRlbnQtTGVuZ3RoOiAxNzgNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCnsidGFibGUiOiAiZXZlbnRfaGFzX3VzZXIiLCJkYXRhIjogIntcImV2ZW50X2V2ZW50X2lkXCI6IFwiMzUzMlwiLFwiZ3VpZFwiOiBcIlwiLFwiY2hhbm5lbF9pZFwiOiBcIlwiLCBcInV0bV9hZGRpdGlvblwiOlwiY29tbWFuZF9wYXJhbWV0ZXJzPS9pdnMmcHI9dm8mdj0yNiZjaXY9MCZwYWM9RXBwaW5rXCJ9In1QT1NUIC8gSFRUUC8xLjENCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpVc2VyLUFnZW50OiBOU0lTX0luZXRjIChNb3ppbGxhKQ0KSG9zdDogaWJmLWNtaS0xOTM4OTUzMTc1LnVzLWVhc3QtMS5lbGIuYW1hem9uYXdzLmNvbQ0KQ29udGVudC1MZW5ndGg6IDIxNA0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0KeyJ0YWJsZSI6ICJldmVudF9oYXNfdXNlciIsImRhdGEiOiAie1wiZXZlbnRfZXZlbnRfaWRcIjogXCIzNTMzXCIsXCJndWlkXCI6IFwiNzlEMDhGMDEtNTExNy0xMUNCLUFCNzgtRkZBQUQ5MDczOTgzXCIsXCJjaGFubmVsX2lkXCI6IFwiXCIsIFwidXRtX2FkZGl0aW9uXCI6XCJjb21tYW5kX3BhcmFtZXRlcnM9L2l2cyZwcj12byZ2PTI2JmNpdj0wJnBhYz1FcHBpbmtcIn0ifVBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjE0DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjMyMjBcIixcImd1aWRcIjogXCI3OUQwOEYwMS01MTE3LTExQ0ItQUI3OC1GRkFBRDkwNzM5ODNcIixcImNoYW5uZWxfaWRcIjogXCJcIiwgXCJ1dG1fYWRkaXRpb25cIjpcImNvbW1hbmRfcGFyYW1ldGVycz0vaXZzJnByPXZvJnY9MjYmY2l2PTAmcGFjPUVwcGlua1wifSJ9UE9TVCAvIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogTlNJU19JbmV0YyAoTW96aWxsYSkNCkhvc3Q6IGliZi1jbWktMTkzODk1MzE3NS51cy1lYXN0LTEuZWxiLmFtYXpvbmF3cy5jb20NCkNvbnRlbnQtTGVuZ3RoOiAxOTUNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCnsidGFibGUiOiAiZXZlbnRfaGFzX3VzZXIiLCJkYXRhIjogIntcImV2ZW50X2V2ZW50X2lkXCI6IFwiMzUyOFwiLFwiZ3VpZFwiOiBcIjc5RDA4RjAxLTUxMTctMTFDQi1BQjc4LUZGQUFEOTA3Mzk4M1wiLFwiY2hhbm5lbF9pZFwiOiBcIlhZMTIzXCIsIFwidXRtX2FkZGl0aW9uXCI6XCJwcj12byZ2PTI2JmNpdj0wJnBhYz1FcHBpbmtcIn0ifVBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjIxDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjMyMDlcIixcImd1aWRcIjogXCI3OUQwOEYwMS01MTE3LTExQ0ItQUI3OC1GRkFBRDkwNzM5ODNcIixcImNoYW5uZWxfaWRcIjogXCJYWTEyM1wiLCBcInV0bV9hZGRpdGlvblwiOlwiYmVmb3JlX2Rvd25sb2FkPXZvc3J2LmV4ZSZwcj12byZ2PTI2JmNpdj0wJnBhYz1FcHBpbmtcIn0ifVBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjIyDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjMyMTBcIixcImd1aWRcIjogXCI3OUQwOEYwMS01MTE3LTExQ0ItQUI3OC1GRkFBRDkwNzM5ODNcIixcImNoYW5uZWxfaWRcIjogXCJYWTEyM1wiLCBcInV0bV9hZGRpdGlvblwiOlwiYmVmb3JlX2Rvd25sb2FkPXJ1bmFzdS5leGUmcHI9dm8mdj0yNiZjaXY9MCZwYWM9RXBwaW5rXCJ9In1QT1NUIC8gSFRUUC8xLjENCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpVc2VyLUFnZW50OiBOU0lTX0luZXRjIChNb3ppbGxhKQ0KSG9zdDogaWJmLWNtaS0xOTM4OTUzMTc1LnVzLWVhc3QtMS5lbGIuYW1hem9uYXdzLmNvbQ0KQ29udGVudC1MZW5ndGg6IDIxNg0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0KeyJ0YWJsZSI6ICJldmVudF9oYXNfdXNlciIsImRhdGEiOiAie1wiZXZlbnRfZXZlbnRfaWRcIjogXCIzMjEyXCIsXCJndWlkXCI6IFwiNzlEMDhGMDEtNTExNy0xMUNCLUFCNzgtRkZBQUQ5MDczOTgzXCIsXCJjaGFubmVsX2lkXCI6IFwiWFkxMjNcIiwgXCJ1dG1fYWRkaXRpb25cIjpcImJlZm9yZV9ydW49dm9zcnYuZXhlJnByPXZvJnY9MjYmY2l2PTAmcGFjPUVwcGlua1wifSJ9UE9TVCAvIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogTlNJU19JbmV0YyAoTW96aWxsYSkNCkhvc3Q6IGliZi1jbWktMTkzODk1MzE3NS51cy1lYXN0LTEuZWxiLmFtYXpvbmF3cy5jb20NCkNvbnRlbnQtTGVuZ3RoOiAyMTUNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCnsidGFibGUiOiAiZXZlbnRfaGFzX3VzZXIiLCJkYXRhIjogIntcImV2ZW50X2V2ZW50X2lkXCI6IFwiMzIxMVwiLFwiZ3VpZFwiOiBcIjc5RDA4RjAxLTUxMTctMTFDQi1BQjc4LUZGQUFEOTA3Mzk4M1wiLFwiY2hhbm5lbF9pZFwiOiBcIlhZMTIzXCIsIFwidXRtX2FkZGl0aW9uXCI6XCJhZnRlcl9ydW49dm9zcnYuZXhlJnByPXZvJnY9MjYmY2l2PTAmcGFjPUVwcGlua1wifSJ9UE9TVCAvIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogTlNJU19JbmV0YyAoTW96aWxsYSkNCkhvc3Q6IGliZi1jbWktMTkzODk1MzE3NS51cy1lYXN0LTEuZWxiLmFtYXpvbmF3cy5jb20NCkNvbnRlbnQtTGVuZ3RoOiAyMjENCkNvbm5lY3Rpb246IEtlZXAt","payload_printable":"POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 178\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3531\\\",\\\"guid\\\": \\\"\\\",\\\"channel_id\\\": \\\"\\\", \\\"utm_addition\\\":\\\"command_parameters=\/ivs&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 178\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3532\\\",\\\"guid\\\": \\\"\\\",\\\"channel_id\\\": \\\"\\\", \\\"utm_addition\\\":\\\"command_parameters=\/ivs&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 214\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3533\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"\\\", \\\"utm_addition\\\":\\\"command_parameters=\/ivs&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 214\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3220\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"\\\", \\\"utm_addition\\\":\\\"command_parameters=\/ivs&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 195\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3528\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 221\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3209\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"before_download=vosrv.exe&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 222\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3210\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"before_download=runasu.exe&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 216\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3212\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"before_run=vosrv.exe&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 215\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3211\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"after_run=vosrv.exe&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 221\r\nConnection: Keep-Alive\r\nCache-Con","stream":1,"packet":"fK10kj0AfK10kl+AgQAOxAgARQAANFC+QAB+BtV+hlRcfTbzvML7CABQy\/A2FEEHmiOAEA+TEJgAAAEBCAoAAeoKmM4kqA=="}
{"timestamp":"2015-04-08T07:39:12.329871","flow_id":139760013002848,"in_iface":"snf0","event_type":"alert","vlan":3780,"src_ip":"134.84.92.125","src_port":64264,"dest_ip":"54.243.188.194","dest_port":80,"proto":"TCP","payload":"cMla\/Xl\/AAAAEAAA\/w8AAFBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMTc4DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjM1MzFcIixcImd1aWRcIjogXCJcIixcImNoYW5uZWxfaWRcIjogXCJcIiwgXCJ1dG1fYWRkaXRpb25cIjpcImNvbW1hbmRfcGFyYW1ldGVycz0vaXZzJnByPXZvJnY9MjYmY2l2PTAmcGFjPUVwcGlua1wifSJ9UE9TVCAvIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogTlNJU19JbmV0YyAoTW96aWxsYSkNCkhvc3Q6IGliZi1jbWktMTkzODk1MzE3NS51cy1lYXN0LTEuZWxiLmFtYXpvbmF3cy5jb20NCkNvbnRlbnQtTGVuZ3RoOiAxNzgNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCnsidGFibGUiOiAiZXZlbnRfaGFzX3VzZXIiLCJkYXRhIjogIntcImV2ZW50X2V2ZW50X2lkXCI6IFwiMzUzMlwiLFwiZ3VpZFwiOiBcIlwiLFwiY2hhbm5lbF9pZFwiOiBcIlwiLCBcInV0bV9hZGRpdGlvblwiOlwiY29tbWFuZF9wYXJhbWV0ZXJzPS9pdnMmcHI9dm8mdj0yNiZjaXY9MCZwYWM9RXBwaW5rXCJ9In1QT1NUIC8gSFRUUC8xLjENCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpVc2VyLUFnZW50OiBOU0lTX0luZXRjIChNb3ppbGxhKQ0KSG9zdDogaWJmLWNtaS0xOTM4OTUzMTc1LnVzLWV{"timestamp":"2015-04-08T07:39:12.552198","flow_id":139759014506128,"in_iface":"snf0","event_type":"alert","vlan":3710,"src_ip":"178.63.154.93","src_port":443,"dest_ip":"128.101.44.33","dest_port":58645,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2522452,"rev":2175,"signature":"ET TOR Known Tor Relay\/Router (Not Exit) Node Traffic group 227","category":"Misc Attack","severity":2},"payload":"","stream":0,"packet":"fK10kl+AfK10kj0AgQAOfggARQAANJ2PQAAyBrIRsj+aXYBlLCEBu+UVwyPNFjVy6DSAEAO5BOcAAAEBCApjCuyAMaJfGg=="}
{"timestamp":"2015-04-08T07:39:24.270948","flow_id":139760013002848,"in_iface":"snf0","event_type":"alert","vlan":3780,"src_ip":"134.84.92.125","src_port":64264,"dest_ip":"54.243.188.194","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2809857,"rev":2,"signature":"ETPRO MALWARE Win32\/VOPackage.AX Checkin","category":"A Network Trojan was Detected","severity":1,"tx_id":17},"payload":"cMla\/Xl\/AAAAEAAA\/w8AAFBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjQ1DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjM0MTZcIixcImd1aWRcIjogXCI3OUQwOEYwMS01MTE3LTExQ0ItQUI3OC1GRkFBRDkwNzM5ODNcIixcImNoYW5uZWxfaWRcIjogXCJYWTEyM1wiLCBcInV0bV9hZGRpdGlvblwiOlwiZGxvY19zdGFnZT01JmNvbW1hbmRfcGFyYW1ldGVycz0vaXZzJnZvc3RhZ2U9bWFpbiZwcj12byZ2PTI2JmNpdj0wJnBhYz1FcHBpbmtcIn0ifVBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjQ1DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjM2NTBcIixcImd1aWRcIjogXCI3OUQwOEYwMS01MTE3LTExQ0ItQUI3OC1GRkFBRDkwNzM5ODNcIixcImNoYW5uZWxfaWRcIjogXCJYWTEyM1wiLCBcInV0bV9hZGRpdGlvblwiOlwiZGxvY19zdGFnZT05JmNvbW1hbmRfcGFyYW1ldGVycz0vaXZzJnZvc3RhZ2U9bWFpbiZwcj12byZ2PTI2JmNpdj0wJnBhYz1FcHBpbmtcIn0ifVBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjQ2DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjM2NTJcIixcImd1aWRcIjogXCI3OUQwOEYwMS01MTE3LTExQ0ItQUI3OC1GRkFBRDkwNzM5ODNcIixcImNoYW5uZWxfaWRcIjogXCJYWTEyM1wiLCBcInV0bV9hZGRpdGlvblwiOlwiZGxvY19zdGFnZT0xMCZjb21tYW5kX3BhcmFtZXRlcnM9L2l2cyZ2b3N0YWdlPW1haW4mcHI9dm8mdj0yNiZjaXY9MCZwYWM9RXBwaW5rXCJ9In1QT1NUIC8gSFRUUC8xLjENCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpVc2VyLUFnZW50OiBOU0lTX0luZXRjIChNb3ppbGxhKQ0KSG9zdDogaWJmLWNtaS0xOTM4OTUzMTc1LnVzLWVhc3QtMS5lbGIuYW1hem9uYXdzLmNvbQ0KQ29udGVudC1MZW5ndGg6IDI0Ng0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0KeyJ0YWJsZSI6ICJldmVudF9oYXNfdXNlciIsImRhdGEiOiAie1wiZXZlbnRfZXZlbnRfaWRcIjogXCIzNjUzXCIsXCJndWlkXCI6IFwiNzlEMDhGMDEtNTExNy0xMUNCLUFCNzgtRkZBQUQ5MDczOTgzXCIsXCJjaGFubmVsX2lkXCI6IFwiWFkxMjNcIiwgXCJ1dG1fYWRkaXRpb25cIjpcImRsb2Nfc3RhZ2U9MTEmY29tbWFuZF9wYXJhbWV0ZXJzPS9pdnMmdm9zdGFnZT1tYWluJnByPXZvJnY9MjYmY2l2PTAmcGFjPUVwcGlua1wifSJ9UE9TVCAvIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogTlNJU19JbmV0YyAoTW96aWxsYSkNCkhvc3Q6IGliZi1jbWktMTkzODk1MzE3NS51cy1lYXN0LTEuZWxiLmFtYXpvbmF3cy5jb20NCkNvbnRlbnQtTGVuZ3RoOiAyNDYNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCnsidGFibGUiOiAiZXZlbnRfaGFzX3VzZXIiLCJkYXRhIjogIntcImV2ZW50X2V2ZW50X2lkXCI6IFwiMzY1NVwiLFwiZ3VpZFwiOiBcIjc5RDA4RjAxLTUxMTctMTFDQi1BQjc4LUZGQUFEOTA3Mzk4M1wiLFwiY2hhbm5lbF9pZFwiOiBcIlhZMTIzXCIsIFwidXRtX2FkZGl0aW9uXCI6XCJkbG9jX3N0YWdlPTEzJmNvbW1hbmRfcGFyYW1ldGVycz0vaXZzJnZvc3RhZ2U9bWFpbiZwcj12byZ2PTI2JmNpdj0wJnBhYz1FcHBpbmtcIn0ifVBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjQ2DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjM2NjdcIixcImd1aWRcIjogXCI3OUQwOEYwMS01MTE3LTExQ0ItQUI3OC1GRkFBRDkwNzM5ODNcIixcImNoYW5uZWxfaWRcIjogXCJYWTEyM1wiLCBcInV0bV9hZGRpdGlvblwiOlwiZGxvY19zdGFnZT0xNCZjb21tYW5kX3BhcmFtZXRlcnM9L2l2cyZ2b3N0YWdlPW1haW4mcHI9dm8mdj0yNiZjaXY9MCZwYWM9RXBwaW5rXCJ9In1QT1NUIC8gSFRUUC8xLjENCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpVc2VyLUFnZW50OiBOU0lTX0luZXRjIChNb3ppbGxhKQ0KSG9zdDogaWJmLWNtaS0xOTM4OTUzMTc1LnVzLWVhc3QtMS5lbGIuYW1hem9uYXdzLmNvbQ0KQ29udGVudC1MZW5ndGg6IDI0Ng0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0KeyJ0YWJsZSI6ICJldmVudF9oYXNfdXNlciIsImRhdGEiOiAie1wiZXZlbnRfZXZlbnRfaWRcIjogXCIzNjY5XCIsXCJndWlkXCI6IFwiNzlEMDhGMDEtNTExNy0xMUNCLUFCNzgtRkZBQUQ5MDczOTgzXCIsXCJjaGFubmVsX2lkXCI6IFwiWFkxMjNcIiwgXCJ1dG1fYWRkaXRpb25cIjpcImRsb2Nfc3RhZ2U9MTUmY29tbWFuZF9wYXJhbWV0ZXJzPS9pdnMmdm9zdGFnZT1tYWluJnByPXZvJnY9MjYmY2l2PTAmcGFjPUVwcGlua1wifSJ9UE9TVCAvIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogTlNJU19JbmV0YyAoTW96aWxsYSkNCkhvc3Q6IGliZi1jbWktMTkzODk1MzE3NS51cy1lYXN0LTEuZWxiLmFtYXpvbmF3cy5jb20NCkNvbnRlbnQtTGVuZ3RoOiAyNDYNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCnsidGFibGUiOiAiZXZlbnRfaGFzX3VzZXIiLCJkYXRhIjogIntcImV2ZW50X2V2ZW50X2lkXCI6IFwiMzY3MlwiLFwiZ3VpZFwiOiBcIjc5RDA4RjAxLTUxMTctMTFDQi1BQjc4LUZGQUFEOTA3Mzk4M1wiLFwiY2hhbm5lbF9pZFwiOiBcIlhZMTIzXCIsIFwidXRtX2FkZGl0aW9uXCI6XCJkbG9jX3N0YWdlPTE4JmNvbW1hbmRfcGFyYW1ldGVycz0vaXZzJnZvc3RhZ2U9bWFpbiZwcj12byZ2PTI2JmNpdj0wJnBhYz1FcHBpbmtcIn0ifVBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjQ2DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjM2NzRcIixcImd1aWRcIjogXCI3","payload_printable":"POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 245\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3416\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"dloc_stage=5&command_parameters=\/ivs&vostage=main&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 245\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3650\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"dloc_stage=9&command_parameters=\/ivs&vostage=main&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 246\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3652\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"dloc_stage=10&command_parameters=\/ivs&vostage=main&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 246\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3653\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"dloc_stage=11&command_parameters=\/ivs&vostage=main&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 246\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3655\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"dloc_stage=13&command_parameters=\/ivs&vostage=main&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 246\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3667\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"dloc_stage=14&command_parameters=\/ivs&vostage=main&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 246\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3669\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"dloc_stage=15&command_parameters=\/ivs&vostage=main&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 246\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3672\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"dloc_stage=18&command_parameters=\/ivs&vostage=main&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 246\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3674\\\",\\\"guid\\\": \\\"79D08F01-5117-11C","stream":1,"packet":"fK10kj0AfK10kl+AgQAOxAgARQAAKFEbQAB+BtUthlRcfTbzvML7CABQy\/BNwEEHqNJQFAAA2mUAAAAAAAAAAA=="}
{"timestamp":"2015-04-08T07:39:24.270948","flow_id":139760013002848,"in_iface":"snf0","event_type":"alert","vlan":3780,"src_ip":"134.84.92.125","src_port":64264,"dest_ip":"54.243.188.194","dest_port":80,"proto":"TCP","payload":"cMla\/Xl\/AAAAEAAA\/w8AAFBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjQ1DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjM0MTZcIixcImd1aWRcIjogXCI3OUQwOEYwMS01MTE3LTExQ0ItQUI3OC1GRkFBRDkwNzM5ODNcIixcImNoYW5uZWxfaWRcIjogXCJYWTEyM1wiLCBcInV0bV9hZGRpdGlvblwiOlwiZGxvY19zdGFnZT01JmNvbW1hbmRfcGFyYW1ldGVycz0vaXZzJnZvc3RhZ2U9bWFpbiZwcj12byZ2PTI2JmNpdj0wJnBhYz1FcHBpbmtcIn0ifVBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjQ1DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjM2NTBcIixcImd1aWRcIjogXCI3OUQwOEYwMS01MTE3LTExQ0ItQUI3OC1GRkFBRDkwNzM5ODNcIixcImNoYW5uZWxfaWRcIjogXCJYWTEyM1wiLCBcInV0bV9hZGRpdGlvblwiOlwiZGxvY19zdGFnZT05JmNvbW1hbmRfcGFyYW1ldGVycz0vaXZzJnZvc3RhZ2U9bWFpbiZwcj12byZ2PTI2JmNpdj0wJnBhYz1FcHBpbmtcIn0ifVBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjQ2DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjM2NTJcIixcImd1aWRcIjogXCI3OUQwOEYwMS01MTE3LTExQ0ItQUI3OC1GRkFBRDkwNzM5ODNcIixcImNoYW5uZWxfaWRcIjogXCJYWTEyM1wiLCBcInV0bV9hZGRpdGlvblwiOlwiZGxvY19zdGFnZT0xMCZjb21tYW5kX3BhcmFtZXRlcnM9L2l2cyZ2b3N0YWdlPW1haW4mcHI9dm8mdj0yNiZjaXY9MCZwYWM9RXBwaW5rXCJ9In1QT1NUIC8gSFRUUC8xLjENCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpVc2VyLUFnZW50OiBOU0lTX0luZXRjIChNb3ppbGxhKQ0KSG9zdDogaWJmLWNtaS0xOTM4OTUzMTc1LnVzLWVhc3QtMS5lbGIuYW1hem9uYXdzLmNvbQ0KQ29udGVudC1MZW5ndGg6IDI0Ng0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0KeyJ0YWJsZSI6ICJldmVudF9oYXNfdXNlciIsImRhdGEiOiAie1wiZXZlbnRfZXZlbnRfaWRcIjogXCIzNjUzXCIsXCJndWlkXCI6IFwiNzlEMDhGMDEtNTExNy0xMUNCLUFCNzgtRkZBQUQ5MDczOTgzXCIsXCJjaGFubmVsX2lkXCI6IFwiWFkxMjNcIiwgXCJ1dG1fYWRkaXRpb25cIjpcImRsb2Nfc3RhZ2U9MTEmY29tbWFuZF9wYXJhbWV0ZXJzPS9pdnMmdm9zdGFnZT1tYWluJnByPXZvJnY9MjYmY2l2PTAmcGFjPUVwcGlua1wifSJ9UE9TVCAvIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogTlNJU19JbmV0YyAoTW96aWxsYSkNCkhvc3Q6IGliZi1jbWktMTkzODk1MzE3NS51cy1lYXN0LTEuZWxiLmFtYXpvbmF3cy5jb20NCkNvbnRlbnQtTGVuZ3RoOiAyNDYNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCnsidGFibGUiOiAiZXZlbnRfaGFzX3VzZXIiLCJkYXRhIjogIntcImV2ZW50X2V2ZW50X2lkXCI6IFwiMzY1NVwiLFwiZ3VpZFwiOiBcIjc5RDA4RjAxLTUxMTctMTFDQi1BQjc4LUZGQUFEOTA3Mzk4M1wiLFwiY2hhbm5lbF9pZFwiOiBcIlhZMTIzXCIsIFwidXRtX2FkZGl0aW9uXCI6XCJkbG9jX3N0YWdlPTEzJmNvbW1hbmRfcGFyYW1ldGVycz0vaXZzJnZvc3RhZ2U9bWFpbiZwcj12byZ2PTI2JmNpdj0wJnBhYz1FcHBpbmtcIn0ifVBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjQ2DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjM2NjdcIixcImd1aWRcIjogXCI3OUQwOEYwMS01MTE3LTExQ0ItQUI3OC1GRkFBRDkwNzM5ODNcIixcImNoYW5uZWxfaWRcIjogXCJYWTEyM1wiLCBcInV0bV9hZGRpdGlvblwiOlwiZGxvY19zdGFnZT0xNCZjb21tYW5kX3BhcmFtZXRlcnM9L2l2cyZ2b3N0YWdlPW1haW4mcHI9dm8mdj0yNiZjaXY9MCZwYWM9RXBwaW5rXCJ9In1QT1NUIC8gSFRUUC8xLjENCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpVc2VyLUFnZW50OiBOU0lTX0luZXRjIChNb3ppbGxhKQ0KSG9zdDogaWJmLWNtaS0xOTM4OTUzMTc1LnVzLWVhc3QtMS5lbGIuYW1hem9uYXdzLmNvbQ0KQ29udGVudC1MZW5ndGg6IDI0Ng0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0KeyJ0YWJsZSI6ICJldmVudF9oYXNfdXNlciIsImRhdGEiOiAie1wiZXZlbnRfZXZlbnRfaWRcIjogXCIzNjY5XCIsXCJndWlkXCI6IFwiNzlEMDhGMDEtNTExNy0xMUNCLUFCNzgtRkZBQUQ5MDczOTgzXCIsXCJjaGFubmVsX2lkXCI6IFwiWFkxMjNcIiwgXCJ1dG1fYWRkaXRpb25cIjpcImRsb2Nfc3RhZ2U9MTUmY29tbWFuZF9wYXJhbWV0ZXJzPS9pdnMmdm9zdGFnZT1tYWluJnByPXZvJnY9MjYmY2l2PTAmcGFjPUVwcGlua1wifSJ9UE9TVCAvIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogTlNJU19JbmV0YyAoTW96aWxsYSkNCkhvc3Q6IGliZi1jbWktMTkzODk1MzE3NS51cy1lYXN0LTEuZWxiLmFtYXpvbmF3cy5jb20NCkNvbnRlbnQtTGVuZ3RoOiAyNDYNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCnsidGFibGUiOiAiZXZlbnRfaGFzX3VzZXIiLCJkYXRhIjogIntcImV2ZW50X2V2ZW50X2lkXCI6IFwiMzY3MlwiLFwiZ3VpZFwiOiBcIjc5RDA4RjAxLTUxMTctMTFDQi1BQjc4LUZGQUFEOTA3Mzk4M1wiLFwiY2hhbm5lbF9pZFwiOiBcIlhZMTIzXCIsIFwidXRtX2FkZGl0aW9uXCI6XCJkbG9jX3N0YWdlPTE4JmNvbW1hbmRfcGFyYW1ldGVycz0vaXZzJnZvc3RhZ2U9bWFpbiZwcj12byZ2PTI2JmNpdj0wJnBhYz1FcHBpbmtcIn0ifVBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjQ2DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjM2NzRcIixcImd1aWRcIjogXCI3","payload_printable":"POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 245\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3416\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"dloc_stage=5&command_parameters=\/ivs&vostage=main&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 245\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3650\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"dloc_stage=9&command_parameters=\/ivs&vostage=main&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 246\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3652\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"dloc_stage=10&command_parameters=\/ivs&vostage=main&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 246\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3653\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"dloc_stage=11&command_parameters=\/ivs&vostage=main&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 246\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3655\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"dloc_stage=13&command_parameters=\/ivs&vostage=main&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 246\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3667\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"dloc_stage=14&command_parameters=\/ivs&vostage=main&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 246\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3669\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"dloc_stage=15&command_parameters=\/ivs&vostage=main&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 246\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3672\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"dloc_stage=18&command_parameters=\/ivs&vostage=main&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 246\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3674\\\",\\\"guid\\\": \\\"79D08F01-5117-11C","stream":1,"packet":"fK10kj0AfK10kl+AgQAOxAgARQAAKFEbQAB+BtUthlRcfTbzvML7CABQy\/BNwEEHqNJQFAAA2mUAAAAAAAAAAA==","alert":{"action":"allowed","gid":1,"signature_id":2809857,"rev":2,"signature":"ETPRO MALWARE Win32\/VOPackage.AX Checkin","category":"A Network Trojan was Detected","severity":1,"tx_id":18}}
{"timestamp":"2015-04-08T07:39:24.270948","flow_id":139760013002848,"in_iface":"snf0","event_type":"alert","vlan":3780,"src_ip":"134.84.92.125","src_port":64264,"dest_ip":"54.243.188.194","dest_port":80,"proto":"TCP","payload":"cMla\/Xl\/AAAAEAAA\/w8AAFBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjQ1DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjM0MTZcIixcImd1aWRcIjogXCI3OUQwOEYwMS01MTE3LTExQ0ItQUI3OC1GRkFBRDkwNzM5ODNcIixcImNoYW5uZWxfaWRcIjogXCJYWTEyM1wiLCBcInV0bV9hZGRpdGlvblwiOlwiZGxvY19zdGFnZT01JmNvbW1hbmRfcGFyYW1ldGVycz0vaXZzJnZvc3RhZ2U9bWFpbiZwcj12byZ2PTI2JmNpdj0wJnBhYz1FcHBpbmtcIn0ifVBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjQ1DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjM2NTBcIixcImd1aWRcIjogXCI3OUQwOEYwMS01MTE3LTExQ0ItQUI3OC1GRkFBRDkwNzM5ODNcIixcImNoYW5uZWxfaWRcIjogXCJYWTEyM1wiLCBcInV0bV9hZGRpdGlvblwiOlwiZGxvY19zdGFnZT05JmNvbW1hbmRfcGFyYW1ldGVycz0vaXZzJnZvc3RhZ2U9bWFpbiZwcj12byZ2PTI2JmNpdj0wJnBhYz1FcHBpbmtcIn0ifVBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjQ2DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjM2NTJcIixcImd1aWRcIjogXCI3OUQwOEYwMS01MTE3LTExQ0ItQUI3OC1GRkFBRDkwNzM5ODNcIixcImNoYW5uZWxfaWRcIjogXCJYWTEyM1wiLCBcInV0bV9hZGRpdGlvblwiOlwiZGxvY19zdGFnZT0xMCZjb21tYW5kX3BhcmFtZXRlcnM9L2l2cyZ2b3N0YWdlPW1haW4mcHI9dm8mdj0yNiZjaXY9MCZwYWM9RXBwaW5rXCJ9In1QT1NUIC8gSFRUUC8xLjENCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpVc2VyLUFnZW50OiBOU0lTX0luZXRjIChNb3ppbGxhKQ0KSG9zdDogaWJmLWNtaS0xOTM4OTUzMTc1LnVzLWVhc3QtMS5lbGIuYW1hem9uYXdzLmNvbQ0KQ29udGVudC1MZW5ndGg6IDI0Ng0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0KeyJ0YWJsZSI6ICJldmVudF9oYXNfdXNlciIsImRhdGEiOiAie1wiZXZlbnRfZXZlbnRfaWRcIjogXCIzNjUzXCIsXCJndWlkXCI6IFwiNzlEMDhGMDEtNTExNy0xMUNCLUFCNzgtRkZBQUQ5MDczOTgzXCIsXCJjaGFubmVsX2lkXCI6IFwiWFkxMjNcIiwgXCJ1dG1fYWRkaXRpb25cIjpcImRsb2Nfc3RhZ2U9MTEmY29tbWFuZF9wYXJhbWV0ZXJzPS9pdnMmdm9zdGFnZT1tYWluJnByPXZvJnY9MjYmY2l2PTAmcGFjPUVwcGlua1wifSJ9UE9TVCAvIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogTlNJU19JbmV0YyAoTW96aWxsYSkNCkhvc3Q6IGliZi1jbWktMTkzODk1MzE3NS51cy1lYXN0LTEuZWxiLmFtYXpvbmF3cy5jb20NCkNvbnRlbnQtTGVuZ3RoOiAyNDYNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCnsidGFibGUiOiAiZXZlbnRfaGFzX3VzZXIiLCJkYXRhIjogIntcImV2ZW50X2V2ZW50X2lkXCI6IFwiMzY1NVwiLFwiZ3VpZFwiOiBcIjc5RDA4RjAxLTUxMTctMTFDQi1BQjc4LUZGQUFEOTA3Mzk4M1wiLFwiY2hhbm5lbF9pZFwiOiBcIlhZMTIzXCIsIFwidXRtX2FkZGl0aW9uXCI6XCJkbG9jX3N0YWdlPTEzJmNvbW1hbmRfcGFyYW1ldGVycz0vaXZzJnZvc3RhZ2U9bWFpbiZwcj12byZ2PTI2JmNpdj0wJnBhYz1FcHBpbmtcIn0ifVBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjQ2DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjM2NjdcIixcImd1aWRcIjogXCI3OUQwOEYwMS01MTE3LTExQ0ItQUI3OC1GRkFBRDkwNzM5ODNcIixcImNoYW5uZWxfaWRcIjogXCJYWTEyM1wiLCBcInV0bV9hZGRpdGlvblwiOlwiZGxvY19zdGFnZT0xNCZjb21tYW5kX3BhcmFtZXRlcnM9L2l2cyZ2b3N0YWdlPW1haW4mcHI9dm8mdj0yNiZjaXY9MCZwYWM9RXBwaW5rXCJ9In1QT1NUIC8gSFRUUC8xLjENCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpVc2VyLUFnZW50OiBOU0lTX0luZXRjIChNb3ppbGxhKQ0KSG9zdDogaWJmLWNtaS0xOTM4OTUzMTc1LnVzLWVhc3QtMS5lbGIuYW1hem9uYXdzLmNvbQ0KQ29udGVudC1MZW5ndGg6IDI0Ng0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0KeyJ0YWJsZSI6ICJldmVudF9oYXNfdXNlciIsImRhdGEiOiAie1wiZXZlbnRfZXZlbnRfaWRcIjogXCIzNjY5XCIsXCJndWlkXCI6IFwiNzlEMDhGMDEtNTExNy0xMUNCLUFCNzgtRkZBQUQ5MDczOTgzXCIsXCJjaGFubmVsX2lkXCI6IFwiWFkxMjNcIiwgXCJ1dG1fYWRkaXRpb25cIjpcImRsb2Nfc3RhZ2U9MTUmY29tbWFuZF9wYXJhbWV0ZXJzPS9pdnMmdm9zdGFnZT1tYWluJnByPXZvJnY9MjYmY2l2PTAmcGFjPUVwcGlua1wifSJ9UE9TVCAvIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogTlNJU19JbmV0YyAoTW96aWxsYSkNCkhvc3Q6IGliZi1jbWktMTkzODk1MzE3NS51cy1lYXN0LTEuZWxiLmFtYXpvbmF3cy5jb20NCkNvbnRlbnQtTGVuZ3RoOiAyNDYNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCnsidGFibGUiOiAiZXZlbnRfaGFzX3VzZXIiLCJkYXRhIjogIntcImV2ZW50X2V2ZW50X2lkXCI6IFwiMzY3MlwiLFwiZ3VpZFwiOiBcIjc5RDA4RjAxLTUxMTctMTFDQi1BQjc4LUZGQUFEOTA3Mzk4M1wiLFwiY2hhbm5lbF9pZFwiOiBcIlhZMTIzXCIsIFwidXRtX2FkZGl0aW9uXCI6XCJkbG9jX3N0YWdlPTE4JmNvbW1hbmRfcGFyYW1ldGVycz0vaXZzJnZvc3RhZ2U9bWFpbiZwcj12byZ2PTI2JmNpdj0wJnBhYz1FcHBpbmtcIn0ifVBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjQ2DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjM2NzRcIixcImd1aWRcIjogXCI3","payload_printable":"POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 245\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3416\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"dloc_stage=5&command_parameters=\/ivs&vostage=main&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 245\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3650\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"dloc_stage=9&command_parameters=\/ivs&vostage=main&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 246\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3652\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"dloc_stage=10&command_parameters=\/ivs&vostage=main&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 246\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3653\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"dloc_stage=11&command_parameters=\/ivs&vostage=main&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 246\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3655\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"dloc_stage=13&command_parameters=\/ivs&vostage=main&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 246\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3667\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"dloc_stage=14&command_parameters=\/ivs&vostage=main&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 246\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3669\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"dloc_stage=15&command_parameters=\/ivs&vostage=main&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 246\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3672\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"dloc_stage=18&command_parameters=\/ivs&vostage=main&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 246\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3674\\\",\\\"guid\\\": \\\"79D08F01-5117-11C","stream":1,"packet":"fK10kj0AfK10kl+AgQAOxAgARQAAKFEbQAB+BtUthlRcfTbzvML7CABQy\/BNwEEHqNJQFAAA2mUAAAAAAAAAAA==","alert":{"action":"allowed","gid":1,"signature_id":2809857,"rev":2,"signature":"ETPRO MALWARE Win32\/VOPackage.AX Checkin","category":"A Network Trojan was Detected","severity":1,"tx_id":19}}
{"timestamp":"2015-04-08T07:39:24.270948","flow_id":139760013002848,"in_iface":"snf0","event_type":"alert","vlan":3780,"src_ip":"134.84.92.125","src_port":64264,"dest_ip":"54.243.188.194","dest_port":80,"proto":"TCP","payload":"cMla\/Xl\/AAAAEAAA\/w8AAFBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjQ1DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjM0MTZcIixcImd1aWRcIjogXCI3OUQwOEYwMS01MTE3LTExQ0ItQUI3OC1GRkFBRDkwNzM5ODNcIixcImNoYW5uZWxfaWRcIjogXCJYWTEyM1wiLCBcInV0bV9hZGRpdGlvblwiOlwiZGxvY19zdGFnZT01JmNvbW1hbmRfcGFyYW1ldGVycz0vaXZzJnZvc3RhZ2U9bWFpbiZwcj12byZ2PTI2JmNpdj0wJnBhYz1FcHBpbmtcIn0ifVBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjQ1DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjM2NTBcIixcImd1aWRcIjogXCI3OUQwOEYwMS01MTE3LTExQ0ItQUI3OC1GRkFBRDkwNzM5ODNcIixcImNoYW5uZWxfaWRcIjogXCJYWTEyM1wiLCBcInV0bV9hZGRpdGlvblwiOlwiZGxvY19zdGFnZT05JmNvbW1hbmRfcGFyYW1ldGVycz0vaXZzJnZvc3RhZ2U9bWFpbiZwcj12byZ2PTI2JmNpdj0wJnBhYz1FcHBpbmtcIn0ifVBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjQ2DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjM2NTJcIixcImd1aWRcIjogXCI3OUQwOEYwMS01MTE3LTExQ0ItQUI3OC1GRkFBRDkwNzM5ODNcIixcImNoYW5uZWxfaWRcIjogXCJYWTEyM1wiLCBcInV0bV9hZGRpdGlvblwiOlwiZGxvY19zdGFnZT0xMCZjb21tYW5kX3BhcmFtZXRlcnM9L2l2cyZ2b3N0YWdlPW1haW4mcHI9dm8mdj0yNiZjaXY9MCZwYWM9RXBwaW5rXCJ9In1QT1NUIC8gSFRUUC8xLjENCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpVc2VyLUFnZW50OiBOU0lTX0luZXRjIChNb3ppbGxhKQ0KSG9zdDogaWJmLWNtaS0xOTM4OTUzMTc1LnVzLWVhc3QtMS5lbGIuYW1hem9uYXdzLmNvbQ0KQ29udGVudC1MZW5ndGg6IDI0Ng0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0KeyJ0YWJsZSI6ICJldmVudF9oYXNfdXNlciIsImRhdGEiOiAie1wiZXZlbnRfZXZlbnRfaWRcIjogXCIzNjUzXCIsXCJndWlkXCI6IFwiNzlEMDhGMDEtNTExNy0xMUNCLUFCNzgtRkZBQUQ5MDczOTgzXCIsXCJjaGFubmVsX2lkXCI6IFwiWFkxMjNcIiwgXCJ1dG1fYWRkaXRpb25cIjpcImRsb2Nfc3RhZ2U9MTEmY29tbWFuZF9wYXJhbWV0ZXJzPS9pdnMmdm9zdGFnZT1tYWluJnByPXZvJnY9MjYmY2l2PTAmcGFjPUVwcGlua1wifSJ9UE9TVCAvIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogTlNJU19JbmV0YyAoTW96aWxsYSkNCkhvc3Q6IGliZi1jbWktMTkzODk1MzE3NS51cy1lYXN0LTEuZWxiLmFtYXpvbmF3cy5jb20NCkNvbnRlbnQtTGVuZ3RoOiAyNDYNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCnsidGFibGUiOiAiZXZlbnRfaGFzX3VzZXIiLCJkYXRhIjogIntcImV2ZW50X2V2ZW50X2lkXCI6IFwiMzY1NVwiLFwiZ3VpZFwiOiBcIjc5RDA4RjAxLTUxMTctMTFDQi1BQjc4LUZGQUFEOTA3Mzk4M1wiLFwiY2hhbm5lbF9pZFwiOiBcIlhZMTIzXCIsIFwidXRtX2FkZGl0aW9uXCI6XCJkbG9jX3N0YWdlPTEzJmNvbW1hbmRfcGFyYW1ldGVycz0vaXZzJnZvc3RhZ2U9bWFpbiZwcj12byZ2PTI2JmNpdj0wJnBhYz1FcHBpbmtcIn0ifVBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjQ2DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjM2NjdcIixcImd1aWRcIjogXCI3OUQwOEYwMS01MTE3LTExQ0ItQUI3OC1GRkFBRDkwNzM5ODNcIixcImNoYW5uZWxfaWRcIjogXCJYWTEyM1wiLCBcInV0bV9hZGRpdGlvblwiOlwiZGxvY19zdGFnZT0xNCZjb21tYW5kX3BhcmFtZXRlcnM9L2l2cyZ2b3N0YWdlPW1haW4mcHI9dm8mdj0yNiZjaXY9MCZwYWM9RXBwaW5rXCJ9In1QT1NUIC8gSFRUUC8xLjENCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpVc2VyLUFnZW50OiBOU0lTX0luZXRjIChNb3ppbGxhKQ0KSG9zdDogaWJmLWNtaS0xOTM4OTUzMTc1LnVzLWVhc3QtMS5lbGIuYW1hem9uYXdzLmNvbQ0KQ29udGVudC1MZW5ndGg6IDI0Ng0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0KeyJ0YWJsZSI6ICJldmVudF9oYXNfdXNlciIsImRhdGEiOiAie1wiZXZlbnRfZXZlbnRfaWRcIjogXCIzNjY5XCIsXCJndWlkXCI6IFwiNzlEMDhGMDEtNTExNy0xMUNCLUFCNzgtRkZBQUQ5MDczOTgzXCIsXCJjaGFubmVsX2lkXCI6IFwiWFkxMjNcIiwgXCJ1dG1fYWRkaXRpb25cIjpcImRsb2Nfc3RhZ2U9MTUmY29tbWFuZF9wYXJhbWV0ZXJzPS9pdnMmdm9zdGFnZT1tYWluJnByPXZvJnY9MjYmY2l2PTAmcGFjPUVwcGlua1wifSJ9UE9TVCAvIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogTlNJU19JbmV0YyAoTW96aWxsYSkNCkhvc3Q6IGliZi1jbWktMTkzODk1MzE3NS51cy1lYXN0LTEuZWxiLmFtYXpvbmF3cy5jb20NCkNvbnRlbnQtTGVuZ3RoOiAyNDYNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCnsidGFibGUiOiAiZXZlbnRfaGFzX3VzZXIiLCJkYXRhIjogIntcImV2ZW50X2V2ZW50X2lkXCI6IFwiMzY3MlwiLFwiZ3VpZFwiOiBcIjc5RDA4RjAxLTUxMTctMTFDQi1BQjc4LUZGQUFEOTA3Mzk4M1wiLFwiY2hhbm5lbF9pZFwiOiBcIlhZMTIzXCIsIFwidXRtX2FkZGl0aW9uXCI6XCJkbG9jX3N0YWdlPTE4JmNvbW1hbmRfcGFyYW1ldGVycz0vaXZzJnZvc3RhZ2U9bWFpbiZwcj12byZ2PTI2JmNpdj0wJnBhYz1FcHBpbmtcIn0ifVBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjQ2DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjM2NzRcIixcImd1aWRcIjogXCI3","payload_printable":"POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 245\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3416\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"dloc_stage=5&command_parameters=\/ivs&vostage=main&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 245\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3650\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"dloc_stage=9&command_parameters=\/ivs&vostage=main&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 246\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3652\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"dloc_stage=10&command_parameters=\/ivs&vostage=main&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 246\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3653\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"dloc_stage=11&command_parameters=\/ivs&vostage=main&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 246\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3655\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"dloc_stage=13&command_parameters=\/ivs&vostage=main&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 246\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3667\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"dloc_stage=14&command_parameters=\/ivs&vostage=main&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 246\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3669\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"dloc_stage=15&command_parameters=\/ivs&vostage=main&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 246\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3672\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"dloc_stage=18&command_parameters=\/ivs&vostage=main&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 246\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3674\\\",\\\"guid\\\": \\\"79D08F01-5117-11C","stream":1,"packet":"fK10kj0AfK10kl+AgQAOxAgARQAAKFEbQAB+BtUthlRcfTbzvML7CABQy\/BNwEEHqNJQFAAA2mUAAAAAAAAAAA==","alert":{"action":"allowed","gid":1,"signature_id":2809857,"rev":2,"signature":"ETPRO MALWARE Win32\/VOPackage.AX Checkin","category":"A Network Trojan was Detected","severity":1,"tx_id":20}}
{"timestamp":"2015-04-08T07:39:24.270948","flow_id":139760013002848,"in_iface":"snf0","event_type":"alert","vlan":3780,"src_ip":"134.84.92.125","src_port":64264,"dest_ip":"54.243.188.194","dest_port":80,"proto":"TCP","payload":"cMla\/Xl\/AAAAEAAA\/w8AAFBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjQ1DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjM0MTZcIixcImd1aWRcIjogXCI3OUQwOEYwMS01MTE3LTExQ0ItQUI3OC1GRkFBRDkwNzM5ODNcIixcImNoYW5uZWxfaWRcIjogXCJYWTEyM1wiLCBcInV0bV9hZGRpdGlvblwiOlwiZGxvY19zdGFnZT01JmNvbW1hbmRfcGFyYW1ldGVycz0vaXZzJnZvc3RhZ2U9bWFpbiZwcj12byZ2PTI2JmNpdj0wJnBhYz1FcHBpbmtcIn0ifVBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjQ1DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjM2NTBcIixcImd1aWRcIjogXCI3OUQwOEYwMS01MTE3LTExQ0ItQUI3OC1GRkFBRDkwNzM5ODNcIixcImNoYW5uZWxfaWRcIjogXCJYWTEyM1wiLCBcInV0bV9hZGRpdGlvblwiOlwiZGxvY19zdGFnZT05JmNvbW1hbmRfcGFyYW1ldGVycz0vaXZzJnZvc3RhZ2U9bWFpbiZwcj12byZ2PTI2JmNpdj0wJnBhYz1FcHBpbmtcIn0ifVBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjQ2DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjM2NTJcIixcImd1aWRcIjogXCI3OUQwOEYwMS01MTE3LTExQ0ItQUI3OC1GRkFBRDkwNzM5ODNcIixcImNoYW5uZWxfaWRcIjogXCJYWTEyM1wiLCBcInV0bV9hZGRpdGlvblwiOlwiZGxvY19zdGFnZT0xMCZjb21tYW5kX3BhcmFtZXRlcnM9L2l2cyZ2b3N0YWdlPW1haW4mcHI9dm8mdj0yNiZjaXY9MCZwYWM9RXBwaW5rXCJ9In1QT1NUIC8gSFRUUC8xLjENCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpVc2VyLUFnZW50OiBOU0lTX0luZXRjIChNb3ppbGxhKQ0KSG9zdDogaWJmLWNtaS0xOTM4OTUzMTc1LnVzLWVhc3QtMS5lbGIuYW1hem9uYXdzLmNvbQ0KQ29udGVudC1MZW5ndGg6IDI0Ng0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0KeyJ0YWJsZSI6ICJldmVudF9oYXNfdXNlciIsImRhdGEiOiAie1wiZXZlbnRfZXZlbnRfaWRcIjogXCIzNjUzXCIsXCJndWlkXCI6IFwiNzlEMDhGMDEtNTExNy0xMUNCLUFCNzgtRkZBQUQ5MDczOTgzXCIsXCJjaGFubmVsX2lkXCI6IFwiWFkxMjNcIiwgXCJ1dG1fYWRkaXRpb25cIjpcImRsb2Nfc3RhZ2U9MTEmY29tbWFuZF9wYXJhbWV0ZXJzPS9pdnMmdm9zdGFnZT1tYWluJnByPXZvJnY9MjYmY2l2PTAmcGFjPUVwcGlua1wifSJ9UE9TVCAvIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogTlNJU19JbmV0YyAoTW96aWxsYSkNCkhvc3Q6IGliZi1jbWktMTkzODk1MzE3NS51cy1lYXN0LTEuZWxiLmFtYXpvbmF3cy5jb20NCkNvbnRlbnQtTGVuZ3RoOiAyNDYNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCnsidGFibGUiOiAiZXZlbnRfaGFzX3VzZXIiLCJkYXRhIjogIntcImV2ZW50X2V2ZW50X2lkXCI6IFwiMzY1NVwiLFwiZ3VpZFwiOiBcIjc5RDA4RjAxLTUxMTctMTFDQi1BQjc4LUZGQUFEOTA3Mzk4M1wiLFwiY2hhbm5lbF9pZFwiOiBcIlhZMTIzXCIsIFwidXRtX2FkZGl0aW9uXCI6XCJkbG9jX3N0YWdlPTEzJmNvbW1hbmRfcGFyYW1ldGVycz0vaXZzJnZvc3RhZ2U9bWFpbiZwcj12byZ2PTI2JmNpdj0wJnBhYz1FcHBpbmtcIn0ifVBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjQ2DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjM2NjdcIixcImd1aWRcIjogXCI3OUQwOEYwMS01MTE3LTExQ0ItQUI3OC1GRkFBRDkwNzM5ODNcIixcImNoYW5uZWxfaWRcIjogXCJYWTEyM1wiLCBcInV0bV9hZGRpdGlvblwiOlwiZGxvY19zdGFnZT0xNCZjb21tYW5kX3BhcmFtZXRlcnM9L2l2cyZ2b3N0YWdlPW1haW4mcHI9dm8mdj0yNiZjaXY9MCZwYWM9RXBwaW5rXCJ9In1QT1NUIC8gSFRUUC8xLjENCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpVc2VyLUFnZW50OiBOU0lTX0luZXRjIChNb3ppbGxhKQ0KSG9zdDogaWJmLWNtaS0xOTM4OTUzMTc1LnVzLWVhc3QtMS5lbGIuYW1hem9uYXdzLmNvbQ0KQ29udGVudC1MZW5ndGg6IDI0Ng0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0KeyJ0YWJsZSI6ICJldmVudF9oYXNfdXNlciIsImRhdGEiOiAie1wiZXZlbnRfZXZlbnRfaWRcIjogXCIzNjY5XCIsXCJndWlkXCI6IFwiNzlEMDhGMDEtNTExNy0xMUNCLUFCNzgtRkZBQUQ5MDczOTgzXCIsXCJjaGFubmVsX2lkXCI6IFwiWFkxMjNcIiwgXCJ1dG1fYWRkaXRpb25cIjpcImRsb2Nfc3RhZ2U9MTUmY29tbWFuZF9wYXJhbWV0ZXJzPS9pdnMmdm9zdGFnZT1tYWluJnByPXZvJnY9MjYmY2l2PTAmcGFjPUVwcGlua1wifSJ9UE9TVCAvIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogTlNJU19JbmV0YyAoTW96aWxsYSkNCkhvc3Q6IGliZi1jbWktMTkzODk1MzE3NS51cy1lYXN0LTEuZWxiLmFtYXpvbmF3cy5jb20NCkNvbnRlbnQtTGVuZ3RoOiAyNDYNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCnsidGFibGUiOiAiZXZlbnRfaGFzX3VzZXIiLCJkYXRhIjogIntcImV2ZW50X2V2ZW50X2lkXCI6IFwiMzY3MlwiLFwiZ3VpZFwiOiBcIjc5RDA4RjAxLTUxMTctMTFDQi1BQjc4LUZGQUFEOTA3Mzk4M1wiLFwiY2hhbm5lbF9pZFwiOiBcIlhZMTIzXCIsIFwidXRtX2FkZGl0aW9uXCI6XCJkbG9jX3N0YWdlPTE4JmNvbW1hbmRfcGFyYW1ldGVycz0vaXZzJnZvc3RhZ2U9bWFpbiZwcj12byZ2PTI2JmNpdj0wJnBhYz1FcHBpbmtcIn0ifVBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjQ2DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjM2NzRcIixcImd1aWRcIjogXCI3","payload_printable":"POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 245\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3416\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"dloc_stage=5&command_parameters=\/ivs&vostage=main&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 245\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3650\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"dloc_stage=9&command_parameters=\/ivs&vostage=main&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 246\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3652\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"dloc_stage=10&command_parameters=\/ivs&vostage=main&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 246\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3653\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"dloc_stage=11&command_parameters=\/ivs&vostage=main&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 246\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3655\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"dloc_stage=13&command_parameters=\/ivs&vostage=main&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 246\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3667\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"dloc_stage=14&command_parameters=\/ivs&vostage=main&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 246\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3669\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"dloc_stage=15&command_parameters=\/ivs&vostage=main&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 246\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3672\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"dloc_stage=18&command_parameters=\/ivs&vostage=main&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 246\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3674\\\",\\\"guid\\\": \\\"79D08F01-5117-11C","stream":1,"packet":"fK10kj0AfK10kl+AgQAOxAgARQAAKFEbQAB+BtUthlRcfTbzvML7CABQy\/BNwEEHqNJQFAAA2mUAAAAAAAAAAA==","alert":{"action":"allowed","gid":1,"signature_id":2809857,"rev":2,"signature":"ETPRO MALWARE Win32\/VOPackage.AX Checkin","category":"A Network Trojan was Detected","severity":1,"tx_id":21}}
{"timestamp":"2015-04-08T07:39:24.270948","flow_id":139760013002848,"in_iface":"snf0","event_type":"alert","vlan":3780,"src_ip":"134.84.92.125","src_port":64264,"dest_ip":"54.243.188.194","dest_port":80,"proto":"TCP","payload":"cMla\/Xl\/AAAAEAAA\/w8AAFBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjQ1DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjM0MTZcIixcImd1aWRcIjogXCI3OUQwOEYwMS01MTE3LTExQ0ItQUI3OC1GRkFBRDkwNzM5ODNcIixcImNoYW5uZWxfaWRcIjogXCJYWTEyM1wiLCBcInV0bV9hZGRpdGlvblwiOlwiZGxvY19zdGFnZT01JmNvbW1hbmRfcGFyYW1ldGVycz0vaXZzJnZvc3RhZ2U9bWFpbiZwcj12byZ2PTI2JmNpdj0wJnBhYz1FcHBpbmtcIn0ifVBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjQ1DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjM2NTBcIixcImd1aWRcIjogXCI3OUQwOEYwMS01MTE3LTExQ0ItQUI3OC1GRkFBRDkwNzM5ODNcIixcImNoYW5uZWxfaWRcIjogXCJYWTEyM1wiLCBcInV0bV9hZGRpdGlvblwiOlwiZGxvY19zdGFnZT05JmNvbW1hbmRfcGFyYW1ldGVycz0vaXZzJnZvc3RhZ2U9bWFpbiZwcj12byZ2PTI2JmNpdj0wJnBhYz1FcHBpbmtcIn0ifVBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjQ2DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjM2NTJcIixcImd1aWRcIjogXCI3OUQwOEYwMS01MTE3LTExQ0ItQUI3OC1GRkFBRDkwNzM5ODNcIixcImNoYW5uZWxfaWRcIjogXCJYWTEyM1wiLCBcInV0bV9hZGRpdGlvblwiOlwiZGxvY19zdGFnZT0xMCZjb21tYW5kX3BhcmFtZXRlcnM9L2l2cyZ2b3N0YWdlPW1haW4mcHI9dm8mdj0yNiZjaXY9MCZwYWM9RXBwaW5rXCJ9In1QT1NUIC8gSFRUUC8xLjENCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpVc2VyLUFnZW50OiBOU0lTX0luZXRjIChNb3ppbGxhKQ0KSG9zdDogaWJmLWNtaS0xOTM4OTUzMTc1LnVzLWVhc3QtMS5lbGIuYW1hem9uYXdzLmNvbQ0KQ29udGVudC1MZW5ndGg6IDI0Ng0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0KeyJ0YWJsZSI6ICJldmVudF9oYXNfdXNlciIsImRhdGEiOiAie1wiZXZlbnRfZXZlbnRfaWRcIjogXCIzNjUzXCIsXCJndWlkXCI6IFwiNzlEMDhGMDEtNTExNy0xMUNCLUFCNzgtRkZBQUQ5MDczOTgzXCIsXCJjaGFubmVsX2lkXCI6IFwiWFkxMjNcIiwgXCJ1dG1fYWRkaXRpb25cIjpcImRsb2Nfc3RhZ2U9MTEmY29tbWFuZF9wYXJhbWV0ZXJzPS9pdnMmdm9zdGFnZT1tYWluJnByPXZvJnY9MjYmY2l2PTAmcGFjPUVwcGlua1wifSJ9UE9TVCAvIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogTlNJU19JbmV0YyAoTW96aWxsYSkNCkhvc3Q6IGliZi1jbWktMTkzODk1MzE3NS51cy1lYXN0LTEuZWxiLmFtYXpvbmF3cy5jb20NCkNvbnRlbnQtTGVuZ3RoOiAyNDYNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCnsidGFibGUiOiAiZXZlbnRfaGFzX3VzZXIiLCJkYXRhIjogIntcImV2ZW50X2V2ZW50X2lkXCI6IFwiMzY1NVwiLFwiZ3VpZFwiOiBcIjc5RDA4RjAxLTUxMTctMTFDQi1BQjc4LUZGQUFEOTA3Mzk4M1wiLFwiY2hhbm5lbF9pZFwiOiBcIlhZMTIzXCIsIFwidXRtX2FkZGl0aW9uXCI6XCJkbG9jX3N0YWdlPTEzJmNvbW1hbmRfcGFyYW1ldGVycz0vaXZzJnZvc3RhZ2U9bWFpbiZwcj12byZ2PTI2JmNpdj0wJnBhYz1FcHBpbmtcIn0ifVBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjQ2DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjM2NjdcIixcImd1aWRcIjogXCI3OUQwOEYwMS01MTE3LTExQ0ItQUI3OC1GRkFBRDkwNzM5ODNcIixcImNoYW5uZWxfaWRcIjogXCJYWTEyM1wiLCBcInV0bV9hZGRpdGlvblwiOlwiZGxvY19zdGFnZT0xNCZjb21tYW5kX3BhcmFtZXRlcnM9L2l2cyZ2b3N0YWdlPW1haW4mcHI9dm8mdj0yNiZjaXY9MCZwYWM9RXBwaW5rXCJ9In1QT1NUIC8gSFRUUC8xLjENCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpVc2VyLUFnZW50OiBOU0lTX0luZXRjIChNb3ppbGxhKQ0KSG9zdDogaWJmLWNtaS0xOTM4OTUzMTc1LnVzLWVhc3QtMS5lbGIuYW1hem9uYXdzLmNvbQ0KQ29udGVudC1MZW5ndGg6IDI0Ng0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0KeyJ0YWJsZSI6ICJldmVudF9oYXNfdXNlciIsImRhdGEiOiAie1wiZXZlbnRfZXZlbnRfaWRcIjogXCIzNjY5XCIsXCJndWlkXCI6IFwiNzlEMDhGMDEtNTExNy0xMUNCLUFCNzgtRkZBQUQ5MDczOTgzXCIsXCJjaGFubmVsX2lkXCI6IFwiWFkxMjNcIiwgXCJ1dG1fYWRkaXRpb25cIjpcImRsb2Nfc3RhZ2U9MTUmY29tbWFuZF9wYXJhbWV0ZXJzPS9pdnMmdm9zdGFnZT1tYWluJnByPXZvJnY9MjYmY2l2PTAmcGFjPUVwcGlua1wifSJ9UE9TVCAvIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogTlNJU19JbmV0YyAoTW96aWxsYSkNCkhvc3Q6IGliZi1jbWktMTkzODk1MzE3NS51cy1lYXN0LTEuZWxiLmFtYXpvbmF3cy5jb20NCkNvbnRlbnQtTGVuZ3RoOiAyNDYNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCnsidGFibGUiOiAiZXZlbnRfaGFzX3VzZXIiLCJkYXRhIjogIntcImV2ZW50X2V2ZW50X2lkXCI6IFwiMzY3MlwiLFwiZ3VpZFwiOiBcIjc5RDA4RjAxLTUxMTctMTFDQi1BQjc4LUZGQUFEOTA3Mzk4M1wiLFwiY2hhbm5lbF9pZFwiOiBcIlhZMTIzXCIsIFwidXRtX2FkZGl0aW9uXCI6XCJkbG9jX3N0YWdlPTE4JmNvbW1hbmRfcGFyYW1ldGVycz0vaXZzJnZvc3RhZ2U9bWFpbiZwcj12byZ2PTI2JmNpdj0wJnBhYz1FcHBpbmtcIn0ifVBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjQ2DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjM2NzRcIixcImd1aWRcIjogXCI3","payload_printable":"POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 245\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3416\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"dloc_stage=5&command_parameters=\/ivs&vostage=main&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 245\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3650\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"dloc_stage=9&command_parameters=\/ivs&vostage=main&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 246\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3652\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"dloc_stage=10&command_parameters=\/ivs&vostage=main&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 246\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3653\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"dloc_stage=11&command_parameters=\/ivs&vostage=main&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 246\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3655\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"dloc_stage=13&command_parameters=\/ivs&vostage=main&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 246\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3667\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"dloc_stage=14&command_parameters=\/ivs&vostage=main&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 246\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3669\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"dloc_stage=15&command_parameters=\/ivs&vostage=main&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 246\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3672\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"dloc_stage=18&command_parameters=\/ivs&vostage=main&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 246\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3674\\\",\\\"guid\\\": \\\"79D08F01-5117-11C","stream":1,"packet":"fK10kj0AfK10kl+AgQAOxAgARQAAKFEbQAB+BtUthlRcfTbzvML7CABQy\/BNwEEHqNJQFAAA2mUAAAAAAAAAAA==","alert":{"action":"allowed","gid":1,"signature_id":2809857,"rev":2,"signature":"ETPRO MALWARE Win32\/VOPackage.AX Checkin","category":"A Network Trojan was Detected","severity":1,"tx_id":22}}
{"timestamp":"2015-04-08T07:39:24.270948","flow_id":139760013002848,"in_iface":"snf0","event_type":"alert","vlan":3780,"src_ip":"134.84.92.125","src_port":64264,"dest_ip":"54.243.188.194","dest_port":80,"proto":"TCP","payload":"cMla\/Xl\/AAAAEAAA\/w8AAFBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjQ1DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjM0MTZcIixcImd1aWRcIjogXCI3OUQwOEYwMS01MTE3LTExQ0ItQUI3OC1GRkFBRDkwNzM5ODNcIixcImNoYW5uZWxfaWRcIjogXCJYWTEyM1wiLCBcInV0bV9hZGRpdGlvblwiOlwiZGxvY19zdGFnZT01JmNvbW1hbmRfcGFyYW1ldGVycz0vaXZzJnZvc3RhZ2U9bWFpbiZwcj12byZ2PTI2JmNpdj0wJnBhYz1FcHBpbmtcIn0ifVBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjQ1DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjM2NTBcIixcImd1aWRcIjogXCI3OUQwOEYwMS01MTE3LTExQ0ItQUI3OC1GRkFBRDkwNzM5ODNcIixcImNoYW5uZWxfaWRcIjogXCJYWTEyM1wiLCBcInV0bV9hZGRpdGlvblwiOlwiZGxvY19zdGFnZT05JmNvbW1hbmRfcGFyYW1ldGVycz0vaXZzJnZvc3RhZ2U9bWFpbiZwcj12byZ2PTI2JmNpdj0wJnBhYz1FcHBpbmtcIn0ifVBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50L{"timestamp":"2015-04-08T07:39:24.270948","flow_id":139760013002848,"in_iface":"snf0","event_type":"alert","vlan":3780,"src_ip":"134.84.92.125","src_port":64264,"dest_ip":"54.243.188.194","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2809857,"rev":2,"signature":"ETPRO MALWARE Win32\/VOPackage.AX Checkin","category":"A Network Trojan was Detected","severity":1,"tx_id":17},"payload":"cMla\/Xl\/AAAAEAAA\/w8AAFBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjQ1DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjM0MTZcIixcImd1aWRcIjogXCI3OUQwOEYwMS01MTE3LTExQ0ItQUI3OC1GRkFBRDkwNzM5ODNcIixcImNoYW5uZWxfaWRcIjogXCJYWTEyM1wiLCBcInV0bV9hZGRpdGlvblwiOlwiZGxvY19zdGFnZT01JmNvbW1hbmRfcGFyYW1ldGVycz0vaXZzJnZvc3RhZ2U9bWFpbiZwcj12byZ2PTI2JmNpdj0wJnBhYz1FcHBpbmtcIn0ifVBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjQ1DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjM2NTBcIixcImd1aWRcIjogXCI3OUQwOEYwMS01MTE3LTExQ0ItQUI3OC1GRkFBRDkwNzM5ODNcIixcImNoYW5uZWxfaWRcIjogXCJYWTEyM1wiLCBcInV0bV9hZGRpdGlvblwiOlwiZGxvY19zdGFnZT05JmNvbW1hbmRfcGFyYW1ldGVycz0vaXZzJnZvc3RhZ2U9bWFpbiZwcj12byZ2PTI2JmNpdj0wJnBhYz1FcHBpbmtcIn0ifVBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjQ2DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjM2NTJcIixcImd1aWRcIjogXCI3OUQwOEYwMS01MTE3LTExQ0ItQUI3OC1GRkFBRDkwNzM5ODNcIixcImNoYW5uZWxfaWRcIjogXCJYWTEyM1wiLCBcInV0bV9hZGRpdGlvblwiOlwiZGxvY19zdGFnZT0xMCZjb21tYW5kX3BhcmFtZXRlcnM9L2l2cyZ2b3N0YWdlPW1haW4mcHI9dm8mdj0yNiZjaXY9MCZwYWM9RXBwaW5rXCJ9In1QT1NUIC8gSFRUUC8xLjENCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpVc2VyLUFnZW50OiBOU0lTX0luZXRjIChNb3ppbGxhKQ0KSG9zdDogaWJmLWNtaS0xOTM4OTUzMTc1LnVzLWVhc3QtMS5lbGIuYW1hem9uYXdzLmNvbQ0KQ29udGVudC1MZW5ndGg6IDI0Ng0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0KeyJ0YWJsZSI6ICJldmVudF9oYXNfdXNlciIsImRhdGEiOiAie1wiZXZlbnRfZXZlbnRfaWRcIjogXCIzNjUzXCIsXCJndWlkXCI6IFwiNzlEMDhGMDEtNTExNy0xMUNCLUFCNzgtRkZBQUQ5MDczOTgzXCIsXCJjaGFubmVsX2lkXCI6IFwiWFkxMjNcIiwgXCJ1dG1fYWRkaXRpb25cIjpcImRsb2Nfc3RhZ2U9MTEmY29tbWFuZF9wYXJhbWV0ZXJzPS9pdnMmdm9zdGFnZT1tYWluJnByPXZvJnY9MjYmY2l2PTAmcGFjPUVwcGlua1wifSJ9UE9TVCAvIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogTlNJU19JbmV0YyAoTW96aWxsYSkNCkhvc3Q6IGliZi1jbWktMTkzODk1MzE3NS51cy1lYXN0LTEuZWxiLmFtYXpvbmF3cy5jb20NCkNvbnRlbnQtTGVuZ3RoOiAyNDYNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCnsidGFibGUiOiAiZXZlbnRfaGFzX3VzZXIiLCJkYXRhIjogIntcImV2ZW50X2V2ZW50X2lkXCI6IFwiMzY1NVwiLFwiZ3VpZFwiOiBcIjc5RDA4RjAxLTUxMTctMTFDQi1BQjc4LUZGQUFEOTA3Mzk4M1wiLFwiY2hhbm5lbF9pZFwiOiBcIlhZMTIzXCIsIFwidXRtX2FkZGl0aW9uXCI6XCJkbG9jX3N0YWdlPTEzJmNvbW1hbmRfcGFyYW1ldGVycz0vaXZzJnZvc3RhZ2U9bWFpbiZwcj12byZ2PTI2JmNpdj0wJnBhYz1FcHBpbmtcIn0ifVBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjQ2DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjM2NjdcIixcImd1aWRcIjogXCI3OUQwOEYwMS01MTE3LTExQ0ItQUI3OC1GRkFBRDkwNzM5ODNcIixcImNoYW5uZWxfaWRcIjogXCJYWTEyM1wiLCBcInV0bV9hZGRpdGlvblwiOlwiZGxvY19zdGFnZT0xNCZjb21tYW5kX3BhcmFtZXRlcnM9L2l2cyZ2b3N0YWdlPW1haW4mcHI9dm8mdj0yNiZjaXY9MCZwYWM9RXBwaW5rXCJ9In1QT1NUIC8gSFRUUC8xLjENCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpVc2VyLUFnZW50OiBOU0lTX0luZXRjIChNb3ppbGxhKQ0KSG9zdDogaWJmLWNtaS0xOTM4OTUzMTc1LnVzLWVhc3QtMS5lbGIuYW1hem9uYXdzLmNvbQ0KQ29udGVudC1MZW5ndGg6IDI0Ng0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0KeyJ0YWJsZSI6ICJldmVudF9oYXNfdXNlciIsImRhdGEiOiAie1wiZXZlbnRfZXZlbnRfaWRcIjogXCIzNjY5XCIsXCJndWlkXCI6IFwiNzlEMDhGMDEtNTExNy0xMUNCLUFCNzgtRkZBQUQ5MDczOTgzXCIsXCJjaGFubmVsX2lkXCI6IFwiWFkxMjNcIiwgXCJ1dG1fYWRkaXRpb25cIjpcImRsb2Nfc3RhZ2U9MTUmY29tbWFuZF9wYXJhbWV0ZXJzPS9pdnMmdm9zdGFnZT1tYWluJnByPXZvJnY9MjYmY2l2PTAmcGFjPUVwcGlua1wifSJ9UE9TVCAvIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogTlNJU19JbmV0YyAoTW96aWxsYSkNCkhvc3Q6IGliZi1jbWktMTkzODk1MzE3NS51cy1lYXN0LTEuZWxiLmFtYXpvbmF3cy5jb20NCkNvbnRlbnQtTGVuZ3RoOiAyNDYNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCnsidGFibGUiOiAiZXZlbnRfaGFzX3VzZXIiLCJkYXRhIjogIntcImV2ZW50X2V2ZW50X2lkXCI6IFwiMzY3MlwiLFwiZ3VpZFwiOiBcIjc5RDA4RjAxLTUxMTctMTFDQi1BQjc4LUZGQUFEOTA3Mzk4M1wiLFwiY2hhbm5lbF9pZFwiOiBcIlhZMTIzXCIsIFwidXRtX2FkZGl0aW9uXCI6XCJkbG9jX3N0YWdlPTE4JmNvbW1hbmRfcGFyYW1ldGVycz0vaXZzJnZvc3RhZ2U9bWFpbiZwcj12byZ2PTI2JmNpdj0wJnBhYz1FcHBpbmtcIn0ifVBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjQ2DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjM2NzRcIixcImd1aWRcIjogXCI3","payload_printable":"POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 245\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3416\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"dloc_stage=5&command_parameters=\/ivs&vostage=main&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 245\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3650\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"dloc_stage=9&command_parameters=\/ivs&vostage=main&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 246\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3652\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"dloc_stage=10&command_parameters=\/ivs&vostage=main&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 246\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3653\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"dloc_stage=11&command_parameters=\/ivs&vostage=main&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 246\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3655\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"dloc_stage=13&command_parameters=\/ivs&vostage=main&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 246\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3667\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"dloc_stage=14&command_parameters=\/ivs&vostage=main&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 246\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3669\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"dloc_stage=15&command_parameters=\/ivs&vostage=main&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 246\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3672\\\",\\\"guid\\\": \\\"79D08F01-5117-11CB-AB78-FFAAD9073983\\\",\\\"channel_id\\\": \\\"XY123\\\", \\\"utm_addition\\\":\\\"dloc_stage=18&command_parameters=\/ivs&vostage=main&pr=vo&v=26&civ=0&pac=Eppink\\\"}\"}POST \/ HTTP\/1.1\r\nContent-Type: application\/x-www-form-urlencoded\r\nUser-Agent: NSIS_Inetc (Mozilla)\r\nHost: ibf-cmi-1938953175.us-east-1.elb.amazonaws.com\r\nContent-Length: 246\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n{\"table\": \"event_has_user\",\"data\": \"{\\\"event_event_id\\\": \\\"3674\\\",\\\"guid\\\": \\\"79D08F01-5117-11C","stream":1,"packet":"fK10kj0AfK10kl+AgQAOxAgARQAAKFEbQAB+BtUthlRcfTbzvML7CABQy\/BNwEEHqNJQFAAA2mUAAAAAAAAAAA=="}
{"timestamp":"2015-04-08T07:39:24.270948","flow_id":139760013002848,"in_iface":"snf0","event_type":"alert","vlan":3780,"src_ip":"134.84.92.125","src_port":64264,"dest_ip":"54.243.188.194","dest_port":80,"proto":"TCP","payload":"cMla\/Xl\/AAAAEAAA\/w8AAFBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjQ1DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjM0MTZcIixcImd1aWRcIjogXCI3OUQwOEYwMS01MTE3LTExQ0ItQUI3OC1GRkFBRDkwNzM5ODNcIixcImNoYW5uZWxfaWRcIjogXCJYWTEyM1wiLCBcInV0bV9hZGRpdGlvblwiOlwiZGxvY19zdGFnZT01JmNvbW1hbmRfcGFyYW1ldGVycz0vaXZzJnZvc3RhZ2U9bWFpbiZwcj12byZ2PTI2JmNpdj0wJnBhYz1FcHBpbmtcIn0ifVBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50LUxlbmd0aDogMjQ1DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InRhYmxlIjogImV2ZW50X2hhc191c2VyIiwiZGF0YSI6ICJ7XCJldmVudF9ldmVudF9pZFwiOiBcIjM2NTBcIixcImd1aWRcIjogXCI3OUQwOEYwMS01MTE3LTExQ0ItQUI3OC1GRkFBRDkwNzM5ODNcIixcImNoYW5uZWxfaWRcIjogXCJYWTEyM1wiLCBcInV0bV9hZGRpdGlvblwiOlwiZGxvY19zdGFnZT05JmNvbW1hbmRfcGFyYW1ldGVycz0vaXZzJnZvc3RhZ2U9bWFpbiZwcj12byZ2PTI2JmNpdj0wJnBhYz1FcHBpbmtcIn0ifVBPU1QgLyBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE5TSVNfSW5ldGMgKE1vemlsbGEpDQpIb3N0OiBpYmYtY21pLTE5Mzg5NTMxNzUudXMtZWFzdC0xLmVsYi5hbWF6b25hd3MuY29tDQpDb250ZW50L{"timestamp":"2015-04-08T07:39:24.839092","flow_id":139791028512928,"in_iface":"snf0","event_type":"alert","vlan":3710,"src_ip":"46.183.220.250","src_port":3099,"dest_ip":"160.94.33.224","dest_port":1604,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2804670,"rev":2,"signature":"ETPRO EXPLOIT VMware vCenter Chargeback Manager Information Disclosure","category":"Attempted Information Leak","severity":2},"payload":"Ki4uMi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLiEuLi4uLi4uLi4uLi4u","payload_printable":"*..2........................!.............","stream":0,"packet":"fK10kl+AfK10kj0AgQAOfggARQAARm52AAB4EQZBLrfc+qBeIeAMGwZEADIw2ioAATIC\/ajjAAAAAAAAAAAAAAAAAAAAAAAAAAAhAAIAAAAAAAAAAAAAAA=="}
(2-2/2)