metron-analytics/metron-profiler-storm/src/test/resources/telemetry.json

{"adapter.threatinteladapter.end.ts":"1530978697769","qclass_name":"qclass-32769","bro_timestamp":"1530978687.836793","qtype_name":"PTR","ip_dst_port":5353,"enrichmentsplitterbolt.splitter.end.ts":"1530978696551","qtype":12,"rejected":false,"enrichmentsplitterbolt.splitter.begin.ts":"1530978696550","adapter.hostfromjsonlistadapter.end.ts":"1530978696606","trans_id":0,"adapter.geoadapter.begin.ts":"1530978696857","uid":"CGs8rS1rqhyXRRgA64","protocol":"dns","original_string":"DNS | AA:false qclass_name:qclass-32769 id.orig_p:5353 qtype_name:PTR qtype:12 rejected:false id.resp_p:5353 query:_googlecast._tcp.local trans_id:0 TC:false RA:false uid:CGs8rS1rqhyXRRgA64 RD:false proto:udp id.orig_h:192.168.66.1 Z:0 qclass:32769 ts:1530978687.836793 id.resp_h:224.0.0.251","ip_dst_addr":"224.0.0.251","threatinteljoinbolt.joiner.ts":"1530978697808","enrichmentjoinbolt.joiner.ts":"1530978696932","adapter.hostfromjsonlistadapter.begin.ts":"1530978696606","threatintelsplitterbolt.splitter.begin.ts":"1530978696949","Z":0,"ip_src_addr":"192.168.66.1","qclass":32769,"timestamp":1530978687836,"AA":false,"query":"_googlecast._tcp.local","TC":false,"RA":false,"source.type":"bro","adapter.geoadapter.end.ts":"1530978696857","RD":false,"threatintelsplitterbolt.splitter.end.ts":"1530978696952","adapter.threatinteladapter.begin.ts":"1530978697764","ip_src_port":5353,"proto":"udp","guid":"90751ce5-703d-4b9f-8c2d-8e5c42e72262"}
{"adapter.threatinteladapter.end.ts":"1530978697772","bro_timestamp":"1530978687.77394","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978696605","enrichments.geo.ip_dst_addr.city":"Strasbourg","enrichments.geo.ip_dst_addr.latitude":"48.5839","enrichmentsplitterbolt.splitter.begin.ts":"1530978696605","adapter.hostfromjsonlistadapter.end.ts":"1530978696649","enrichments.geo.ip_dst_addr.country":"FR","enrichments.geo.ip_dst_addr.locID":"2973783","adapter.geoadapter.begin.ts":"1530978696857","enrichments.geo.ip_dst_addr.postalCode":"67100","uid":"CBJatv2DcsW8fow3Dg","resp_mime_types":["text\/html"],"trans_depth":1,"protocol":"http","original_string":"HTTP | id.orig_p:49186 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:\/ tags:[] uid:CBJatv2DcsW8fow3Dg referrer:http:\/\/va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in\/?285a4d4e4e5a4d4d4649584c5d43064b4745 resp_mime_types:[\"text\\\/html\"] trans_depth:1 host:r03afd2.c3008e.xc07r.b0f.a39.h7f0fa5eu.vb8fbl.e8mfzdgrf7g0.groupprograms.in status_msg:OK id.orig_h:192.168.138.158 response_body_len:121635 user_agent:Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978687.77394 id.resp_h:62.75.195.236 resp_fuids:[\"F77a061yn9H0cUBGVa\"]","ip_dst_addr":"62.75.195.236","threatinteljoinbolt.joiner.ts":"1530978697808","host":"r03afd2.c3008e.xc07r.b0f.a39.h7f0fa5eu.vb8fbl.e8mfzdgrf7g0.groupprograms.in","enrichmentjoinbolt.joiner.ts":"1530978696943","adapter.hostfromjsonlistadapter.begin.ts":"1530978696607","threatintelsplitterbolt.splitter.begin.ts":"1530978696952","enrichments.geo.ip_dst_addr.longitude":"7.7455","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["F77a061yn9H0cUBGVa"],"timestamp":1530978687773,"method":"GET","request_body_len":0,"uri":"\/","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978696858","referrer":"http:\/\/va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in\/?285a4d4e4e5a4d4d4649584c5d43064b4745","threatintelsplitterbolt.splitter.end.ts":"1530978696952","adapter.threatinteladapter.begin.ts":"1530978697769","ip_src_port":49186,"enrichments.geo.ip_dst_addr.location_point":"48.5839,7.7455","status_msg":"OK","guid":"f5b315b0-e776-481a-9f28-765fdb19e6e8","response_body_len":121635}
{"adapter.threatinteladapter.end.ts":"1530978697776","bro_timestamp":"1530978687.916811","ip_dst_port":8080,"enrichmentsplitterbolt.splitter.end.ts":"1530978696606","enrichmentsplitterbolt.splitter.begin.ts":"1530978696606","adapter.hostfromjsonlistadapter.end.ts":"1530978696650","adapter.geoadapter.begin.ts":"1530978696858","uid":"CUrRne3iLIxXavQtci","trans_depth":6,"protocol":"http","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:\/api\/v1\/clusters\/metron_cluster\/components\/?ServiceComponentInfo\/component_name=APP_TIMELINE_SERVER|ServiceComponentInfo\/category=MASTER&fields=ServiceComponentInfo\/service_name,host_components\/HostRoles\/display_name,host_components\/HostRoles\/host_name,host_components\/HostRoles\/state,host_components\/HostRoles\/maintenance_state,host_components\/HostRoles\/stale_configs,host_components\/HostRoles\/ha_state,host_components\/HostRoles\/desired_admin_state,,host_components\/metrics\/jvm\/memHeapUsedM,host_components\/metrics\/jvm\/HeapMemoryMax,host_components\/metrics\/jvm\/HeapMemoryUsed,host_components\/metrics\/jvm\/memHeapCommittedM,host_components\/metrics\/mapred\/jobtracker\/trackers_decommissioned,host_components\/metrics\/cpu\/cpu_wio,host_components\/metrics\/rpc\/client\/RpcQueueTime_avg_time,host_components\/metrics\/dfs\/FSNamesystem\/*,host_components\/metrics\/dfs\/namenode\/Version,host_components\/metrics\/dfs\/namenode\/LiveNodes,host_components\/metrics\/dfs\/namenode\/DeadNodes,host_components\/metrics\/dfs\/namenode\/DecomNodes,host_components\/metrics\/dfs\/namenode\/TotalFiles,host_components\/metrics\/dfs\/namenode\/UpgradeFinalized,host_components\/metrics\/dfs\/namenode\/Safemode,host_components\/metrics\/runtime\/StartTime,host_components\/metrics\/hbase\/master\/IsActiveMaster,host_components\/metrics\/hbase\/master\/MasterStartTime,host_components\/metrics\/hbase\/master\/MasterActiveTime,host_components\/metrics\/hbase\/master\/AverageLoad,host_components\/metrics\/master\/AssignmentManger\/ritCount,metrics\/api\/v1\/cluster\/summary,metrics\/api\/v1\/topology\/summary,metrics\/api\/v1\/nimbus\/summary,host_components\/metrics\/yarn\/Queue,host_components\/metrics\/yarn\/ClusterMetrics\/NumActiveNMs,host_components\/metrics\/yarn\/ClusterMetrics\/NumLostNMs,host_components\/metrics\/yarn\/ClusterMetrics\/NumUnhealthyNMs,host_components\/metrics\/yarn\/ClusterMetrics\/NumRebootedNMs,host_components\/metrics\/yarn\/ClusterMetrics\/NumDecommissionedNMs&minimal_response=true&_=1484168361295 tags:[] uid:CUrRne3iLIxXavQtci referrer:http:\/\/node1:8080\/ trans_depth:6 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/55.0.2883.95 Safari\/537.36 ts:1530978687.916811 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","threatinteljoinbolt.joiner.ts":"1530978697808","host":"node1","enrichmentjoinbolt.joiner.ts":"1530978696948","adapter.hostfromjsonlistadapter.begin.ts":"1530978696649","threatintelsplitterbolt.splitter.begin.ts":"1530978696953","ip_src_addr":"192.168.66.1","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/55.0.2883.95 Safari\/537.36","timestamp":1530978687916,"method":"GET","request_body_len":0,"uri":"\/api\/v1\/clusters\/metron_cluster\/components\/?ServiceComponentInfo\/component_name=APP_TIMELINE_SERVER|ServiceComponentInfo\/category=MASTER&fields=ServiceComponentInfo\/service_name,host_components\/HostRoles\/display_name,host_components\/HostRoles\/host_name,host_components\/HostRoles\/state,host_components\/HostRoles\/maintenance_state,host_components\/HostRoles\/stale_configs,host_components\/HostRoles\/ha_state,host_components\/HostRoles\/desired_admin_state,,host_components\/metrics\/jvm\/memHeapUsedM,host_components\/metrics\/jvm\/HeapMemoryMax,host_components\/metrics\/jvm\/HeapMemoryUsed,host_components\/metrics\/jvm\/memHeapCommittedM,host_components\/metrics\/mapred\/jobtracker\/trackers_decommissioned,host_components\/metrics\/cpu\/cpu_wio,host_components\/metrics\/rpc\/client\/RpcQueueTime_avg_time,host_components\/metrics\/dfs\/FSNamesystem\/*,host_components\/metrics\/dfs\/namenode\/Version,host_components\/metrics\/dfs\/namenode\/LiveNodes,host_components\/metrics\/dfs\/namenode\/DeadNodes,host_components\/metrics\/dfs\/namenode\/DecomNodes,host_components\/metrics\/dfs\/namenode\/TotalFiles,host_components\/metrics\/dfs\/namenode\/UpgradeFinalized,host_components\/metrics\/dfs\/namenode\/Safemode,host_components\/metrics\/runtime\/StartTime,host_components\/metrics\/hbase\/master\/IsActiveMaster,host_components\/metrics\/hbase\/master\/MasterStartTime,host_components\/metrics\/hbase\/master\/MasterActiveTime,host_components\/metrics\/hbase\/master\/AverageLoad,host_components\/metrics\/master\/AssignmentManger\/ritCount,metrics\/api\/v1\/cluster\/summary,metrics\/api\/v1\/topology\/summary,metrics\/api\/v1\/nimbus\/summary,host_components\/metrics\/yarn\/Queue,host_components\/metrics\/yarn\/ClusterMetrics\/NumActiveNMs,host_components\/metrics\/yarn\/ClusterMetrics\/NumLostNMs,host_components\/metrics\/yarn\/ClusterMetrics\/NumUnhealthyNMs,host_components\/metrics\/yarn\/ClusterMetrics\/NumRebootedNMs,host_components\/metrics\/yarn\/ClusterMetrics\/NumDecommissionedNMs&minimal_response=true&_=1484168361295","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978696858","referrer":"http:\/\/node1:8080\/","threatintelsplitterbolt.splitter.end.ts":"1530978696953","adapter.threatinteladapter.begin.ts":"1530978697772","ip_src_port":50451,"guid":"db5e7329-9439-4a8a-972b-05d22d08e1fa","response_body_len":0}
{"adapter.threatinteladapter.end.ts":"1530978697777","bro_timestamp":"1530978687.073175","status_code":404,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978696609","enrichments.geo.ip_dst_addr.city":"Phoenix","enrichments.geo.ip_dst_addr.latitude":"33.4499","enrichmentsplitterbolt.splitter.begin.ts":"1530978696609","adapter.hostfromjsonlistadapter.end.ts":"1530978696650","enrichments.geo.ip_dst_addr.country":"US","enrichments.geo.ip_dst_addr.locID":"5308655","adapter.geoadapter.begin.ts":"1530978696858","enrichments.geo.ip_dst_addr.postalCode":"85004","uid":"CxQY13LFLIWBK5kw6","resp_mime_types":["text\/html"],"trans_depth":1,"protocol":"http","original_string":"HTTP | id.orig_p:49203 status_code:404 method:POST request_body_len:110 id.resp_p:80 orig_mime_types:[\"text\\\/plain\"] uri:\/wp-content\/themes\/twentyfifteen\/img5.php?f=ka6nnuvccqlw9 tags:[] uid:CxQY13LFLIWBK5kw6 resp_mime_types:[\"text\\\/html\"] trans_depth:1 orig_fuids:[\"FUF7cQ2NWtIJObUXFf\"] host:runlove.us status_msg:Not Found id.orig_h:192.168.138.158 response_body_len:357 user_agent:Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978687.073175 id.resp_h:204.152.254.221 resp_fuids:[\"FNXPE1PFFrR89EeJa\"]","ip_dst_addr":"204.152.254.221","threatinteljoinbolt.joiner.ts":"1530978697808","enrichments.geo.ip_dst_addr.dmaCode":"753","host":"runlove.us","enrichmentjoinbolt.joiner.ts":"1530978696948","adapter.hostfromjsonlistadapter.begin.ts":"1530978696650","threatintelsplitterbolt.splitter.begin.ts":"1530978696953","enrichments.geo.ip_dst_addr.longitude":"-112.0712","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FNXPE1PFFrR89EeJa"],"timestamp":1530978687073,"method":"POST","request_body_len":110,"orig_mime_types":["text\/plain"],"uri":"\/wp-content\/themes\/twentyfifteen\/img5.php?f=ka6nnuvccqlw9","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978696870","threatintelsplitterbolt.splitter.end.ts":"1530978696953","adapter.threatinteladapter.begin.ts":"1530978697776","orig_fuids":["FUF7cQ2NWtIJObUXFf"],"ip_src_port":49203,"enrichments.geo.ip_dst_addr.location_point":"33.4499,-112.0712","status_msg":"Not Found","guid":"1d9eefeb-832b-4262-a800-5b67da9f7277","response_body_len":357}
{"adapter.threatinteladapter.end.ts":"1530978697780","bro_timestamp":"1530978687.027914","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978696609","enrichments.geo.ip_dst_addr.city":"Los Angeles","enrichments.geo.ip_dst_addr.latitude":"34.0494","enrichmentsplitterbolt.splitter.begin.ts":"1530978696609","adapter.hostfromjsonlistadapter.end.ts":"1530978696651","enrichments.geo.ip_dst_addr.country":"US","enrichments.geo.ip_dst_addr.locID":"5368361","adapter.geoadapter.begin.ts":"1530978696870","enrichments.geo.ip_dst_addr.postalCode":"90014","uid":"CxZIVD4f5vBwpXUjwf","resp_mime_types":["text\/plain"],"trans_depth":1,"protocol":"http","original_string":"HTTP | id.orig_p:49198 status_code:200 method:POST request_body_len:134 id.resp_p:80 orig_mime_types:[\"text\\\/plain\"] uri:\/wp-content\/themes\/grizzly\/img5.php?c=cdcnw7cfz43rmtg tags:[] uid:CxZIVD4f5vBwpXUjwf resp_mime_types:[\"text\\\/plain\"] trans_depth:1 orig_fuids:[\"FiPZ8g4gdpjEyHuez2\"] host:comarksecurity.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:14 user_agent:Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978687.027914 id.resp_h:72.34.49.86 resp_fuids:[\"FM8l2i6ib3vOd45ob\"]","ip_dst_addr":"72.34.49.86","threatinteljoinbolt.joiner.ts":"1530978697808","enrichments.geo.ip_dst_addr.dmaCode":"803","host":"comarksecurity.com","enrichmentjoinbolt.joiner.ts":"1530978696949","adapter.hostfromjsonlistadapter.begin.ts":"1530978696650","threatintelsplitterbolt.splitter.begin.ts":"1530978696953","enrichments.geo.ip_dst_addr.longitude":"-118.2641","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FM8l2i6ib3vOd45ob"],"timestamp":1530978687027,"method":"POST","request_body_len":134,"orig_mime_types":["text\/plain"],"uri":"\/wp-content\/themes\/grizzly\/img5.php?c=cdcnw7cfz43rmtg","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978696875","threatintelsplitterbolt.splitter.end.ts":"1530978696953","adapter.threatinteladapter.begin.ts":"1530978697778","orig_fuids":["FiPZ8g4gdpjEyHuez2"],"ip_src_port":49198,"enrichments.geo.ip_dst_addr.location_point":"34.0494,-118.2641","status_msg":"OK","guid":"0c21f313-5cb7-46de-b62a-b429c565bfb0","response_body_len":14}
{"adapter.threatinteladapter.end.ts":"1530978697782","bro_timestamp":"1530978687.58302","ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978696609","enrichments.geo.ip_dst_addr.latitude":"48.8582","enrichmentsplitterbolt.splitter.begin.ts":"1530978696609","adapter.hostfromjsonlistadapter.end.ts":"1530978696651","enrichments.geo.ip_dst_addr.country":"FR","adapter.geoadapter.begin.ts":"1530978696875","uid":"CT2ax04BCxPW20AlGc","trans_depth":1,"protocol":"http","original_string":"HTTP | id.orig_p:49195 method:GET request_body_len:0 id.resp_p:80 uri:\/ tags:[] uid:CT2ax04BCxPW20AlGc trans_depth:1 host:ip-addr.es id.orig_h:192.168.138.158 response_body_len:0 user_agent:Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978687.58302 id.resp_h:188.165.164.184","ip_dst_addr":"188.165.164.184","threatinteljoinbolt.joiner.ts":"1530978697809","host":"ip-addr.es","enrichmentjoinbolt.joiner.ts":"1530978696949","adapter.hostfromjsonlistadapter.begin.ts":"1530978696651","threatintelsplitterbolt.splitter.begin.ts":"1530978696953","enrichments.geo.ip_dst_addr.longitude":"2.3387000000000002","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","timestamp":1530978687583,"method":"GET","request_body_len":0,"uri":"\/","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978696879","threatintelsplitterbolt.splitter.end.ts":"1530978696953","adapter.threatinteladapter.begin.ts":"1530978697780","ip_src_port":49195,"enrichments.geo.ip_dst_addr.location_point":"48.8582,2.3387000000000002","guid":"ed0d58c1-88cb-4f4e-ab7b-ee1a36e7cdcb","response_body_len":0}
{"adapter.threatinteladapter.end.ts":"1530978697783","qclass_name":"C_INTERNET","bro_timestamp":"1530978687.445971","qtype_name":"PTR","ip_dst_port":5353,"enrichmentsplitterbolt.splitter.end.ts":"1530978696610","qtype":12,"rejected":false,"enrichmentsplitterbolt.splitter.begin.ts":"1530978696610","adapter.hostfromjsonlistadapter.end.ts":"1530978696651","trans_id":0,"adapter.geoadapter.begin.ts":"1530978696879","uid":"ChMDrL20pLP4UzCncj","protocol":"dns","original_string":"DNS | AA:false qclass_name:C_INTERNET id.orig_p:5353 qtype_name:PTR qtype:12 rejected:false id.resp_p:5353 query:_googlecast._tcp.local trans_id:0 TC:false RA:false uid:ChMDrL20pLP4UzCncj RD:false proto:udp id.orig_h:192.168.66.1 Z:0 qclass:1 ts:1530978687.445971 id.resp_h:224.0.0.251","ip_dst_addr":"224.0.0.251","threatinteljoinbolt.joiner.ts":"1530978697809","enrichmentjoinbolt.joiner.ts":"1530978696949","adapter.hostfromjsonlistadapter.begin.ts":"1530978696651","threatintelsplitterbolt.splitter.begin.ts":"1530978696953","Z":0,"ip_src_addr":"192.168.66.1","qclass":1,"timestamp":1530978687445,"AA":false,"query":"_googlecast._tcp.local","TC":false,"RA":false,"source.type":"bro","adapter.geoadapter.end.ts":"1530978696879","RD":false,"threatintelsplitterbolt.splitter.end.ts":"1530978696953","adapter.threatinteladapter.begin.ts":"1530978697783","ip_src_port":5353,"proto":"udp","guid":"a6f4fe3a-c485-4521-bcfe-b2600746885e"}
{"TTLs":[21599.0],"adapter.threatinteladapter.end.ts":"1530978697784","qclass_name":"C_INTERNET","bro_timestamp":"1530978687.053752","qtype_name":"A","ip_dst_port":53,"enrichmentsplitterbolt.splitter.end.ts":"1530978696610","qtype":1,"rejected":false,"answers":["188.165.164.184"],"enrichmentsplitterbolt.splitter.begin.ts":"1530978696610","adapter.hostfromjsonlistadapter.end.ts":"1530978696652","trans_id":15553,"adapter.geoadapter.begin.ts":"1530978696879","uid":"CoiTkw2sb9stNr10zg","protocol":"dns","original_string":"DNS | AA:false TTLs:[21599.0] qclass_name:C_INTERNET id.orig_p:53571 qtype_name:A qtype:1 rejected:false id.resp_p:53 query:ip-addr.es answers:[\"188.165.164.184\"] trans_id:15553 rcode:0 rcode_name:NOERROR TC:false RA:true uid:CoiTkw2sb9stNr10zg RD:true proto:udp id.orig_h:192.168.138.158 Z:0 qclass:1 ts:1530978687.053752 id.resp_h:192.168.138.2","ip_dst_addr":"192.168.138.2","threatinteljoinbolt.joiner.ts":"1530978697809","enrichmentjoinbolt.joiner.ts":"1530978696953","adapter.hostfromjsonlistadapter.begin.ts":"1530978696652","threatintelsplitterbolt.splitter.begin.ts":"1530978696961","Z":0,"ip_src_addr":"192.168.138.158","qclass":1,"timestamp":1530978687053,"AA":false,"query":"ip-addr.es","rcode":0,"rcode_name":"NOERROR","TC":false,"RA":true,"source.type":"bro","adapter.geoadapter.end.ts":"1530978696879","RD":true,"threatintelsplitterbolt.splitter.end.ts":"1530978696961","adapter.threatinteladapter.begin.ts":"1530978697783","ip_src_port":53571,"proto":"udp","guid":"bbfd5e54-db09-455e-b01f-b6cbbd444e88"}
{"adapter.threatinteladapter.end.ts":"1530978697784","bro_timestamp":"1530978687.267256","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978696610","enrichments.geo.ip_dst_addr.city":"Strasbourg","enrichments.geo.ip_dst_addr.latitude":"48.5839","enrichmentsplitterbolt.splitter.begin.ts":"1530978696610","adapter.hostfromjsonlistadapter.end.ts":"1530978696652","enrichments.geo.ip_dst_addr.country":"FR","enrichments.geo.ip_dst_addr.locID":"2973783","adapter.geoadapter.begin.ts":"1530978696880","enrichments.geo.ip_dst_addr.postalCode":"67100","uid":"CID7qb45BoqLfAMHic","trans_depth":1,"protocol":"http","original_string":"HTTP | id.orig_p:49193 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:\/?34eaf8bd50d85d8c6baacb45f0a7b22e tags:[] uid:CID7qb45BoqLfAMHic trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:0 user_agent:Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978687.267256 id.resp_h:62.75.195.236","ip_dst_addr":"62.75.195.236","threatinteljoinbolt.joiner.ts":"1530978697809","host":"62.75.195.236","enrichmentjoinbolt.joiner.ts":"1530978696953","adapter.hostfromjsonlistadapter.begin.ts":"1530978696652","threatintelsplitterbolt.splitter.begin.ts":"1530978696961","enrichments.geo.ip_dst_addr.longitude":"7.7455","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","timestamp":1530978687267,"method":"GET","request_body_len":0,"uri":"\/?34eaf8bd50d85d8c6baacb45f0a7b22e","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978696880","threatintelsplitterbolt.splitter.end.ts":"1530978696961","adapter.threatinteladapter.begin.ts":"1530978697784","ip_src_port":49193,"enrichments.geo.ip_dst_addr.location_point":"48.5839,7.7455","status_msg":"OK","guid":"ad2f6714-2a4a-4262-8ce0-1940f3e8f340","response_body_len":0}
{"adapter.threatinteladapter.end.ts":"1530978697786","bro_timestamp":"1530978687.417086","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978696610","enrichments.geo.ip_dst_addr.city":"Elektrostal","enrichments.geo.ip_dst_addr.latitude":"55.7896","enrichmentsplitterbolt.splitter.begin.ts":"1530978696610","adapter.hostfromjsonlistadapter.end.ts":"1530978696652","enrichments.geo.ip_dst_addr.country":"RU","enrichments.geo.ip_dst_addr.locID":"563523","adapter.geoadapter.begin.ts":"1530978696880","enrichments.geo.ip_dst_addr.postalCode":"144004","uid":"CEkDUW1JYqnTIkYzc1","resp_mime_types":["image\/png"],"trans_depth":2,"protocol":"http","original_string":"HTTP | id.orig_p:49210 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:\/img\/lb.png tags:[] uid:CEkDUW1JYqnTIkYzc1 referrer:http:\/\/7oqnsnzwwnm6zb7y.gigapaysun.com\/11iQmfg resp_mime_types:[\"image\\\/png\"] trans_depth:2 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:239 user_agent:Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978687.417086 id.resp_h:95.163.121.204 resp_fuids:[\"FZy6Lx4RGFmQ1AZeU8\"]","ip_dst_addr":"95.163.121.204","threatinteljoinbolt.joiner.ts":"1530978697809","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","enrichmentjoinbolt.joiner.ts":"1530978696953","adapter.hostfromjsonlistadapter.begin.ts":"1530978696652","threatintelsplitterbolt.splitter.begin.ts":"1530978696961","enrichments.geo.ip_dst_addr.longitude":"38.4467","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FZy6Lx4RGFmQ1AZeU8"],"timestamp":1530978687417,"method":"GET","request_body_len":0,"uri":"\/img\/lb.png","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978696887","referrer":"http:\/\/7oqnsnzwwnm6zb7y.gigapaysun.com\/11iQmfg","threatintelsplitterbolt.splitter.end.ts":"1530978696961","adapter.threatinteladapter.begin.ts":"1530978697784","ip_src_port":49210,"enrichments.geo.ip_dst_addr.location_point":"55.7896,38.4467","status_msg":"OK","guid":"9711e04e-9926-4606-a7e8-e719dac535e6","response_body_len":239}
{"adapter.threatinteladapter.end.ts":"1530978697786","qclass_name":"C_INTERNET","bro_timestamp":"1530978694.884106","qtype_name":"PTR","ip_dst_port":5353,"enrichmentsplitterbolt.splitter.end.ts":"1530978696611","qtype":12,"rejected":false,"enrichmentsplitterbolt.splitter.begin.ts":"1530978696611","adapter.hostfromjsonlistadapter.end.ts":"1530978696652","trans_id":0,"adapter.geoadapter.begin.ts":"1530978696887","uid":"CkwtUK1ANyyZwj0PW1","protocol":"dns","original_string":"DNS | AA:false qclass_name:C_INTERNET id.orig_p:5353 qtype_name:PTR qtype:12 rejected:false id.resp_p:5353 query:_googlecast._tcp.local trans_id:0 TC:false RA:false uid:CkwtUK1ANyyZwj0PW1 RD:false proto:udp id.orig_h:192.168.66.1 Z:0 qclass:1 ts:1530978694.884106 id.resp_h:224.0.0.251","ip_dst_addr":"224.0.0.251","threatinteljoinbolt.joiner.ts":"1530978697809","enrichmentjoinbolt.joiner.ts":"1530978696953","adapter.hostfromjsonlistadapter.begin.ts":"1530978696652","threatintelsplitterbolt.splitter.begin.ts":"1530978696961","Z":0,"ip_src_addr":"192.168.66.1","qclass":1,"timestamp":1530978694884,"AA":false,"query":"_googlecast._tcp.local","TC":false,"RA":false,"source.type":"bro","adapter.geoadapter.end.ts":"1530978696887","RD":false,"threatintelsplitterbolt.splitter.end.ts":"1530978696961","adapter.threatinteladapter.begin.ts":"1530978697786","ip_src_port":5353,"proto":"udp","guid":"f9c14d84-59c5-4598-97b7-5d6e95aba4e6"}
{"adapter.threatinteladapter.end.ts":"1530978697786","bro_timestamp":"1530978694.621046","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978696611","enrichments.geo.ip_dst_addr.city":"Strasbourg","enrichments.geo.ip_dst_addr.latitude":"48.5839","enrichmentsplitterbolt.splitter.begin.ts":"1530978696611","adapter.hostfromjsonlistadapter.end.ts":"1530978696653","enrichments.geo.ip_dst_addr.country":"FR","enrichments.geo.ip_dst_addr.locID":"2973783","adapter.geoadapter.begin.ts":"1530978696887","enrichments.geo.ip_dst_addr.postalCode":"67100","uid":"C1ia4w3K4ngOWPmAsi","resp_mime_types":["text\/html"],"trans_depth":1,"protocol":"http","original_string":"HTTP | id.orig_p:49186 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:\/ tags:[] uid:C1ia4w3K4ngOWPmAsi referrer:http:\/\/va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in\/?285a4d4e4e5a4d4d4649584c5d43064b4745 resp_mime_types:[\"text\\\/html\"] trans_depth:1 host:r03afd2.c3008e.xc07r.b0f.a39.h7f0fa5eu.vb8fbl.e8mfzdgrf7g0.groupprograms.in status_msg:OK id.orig_h:192.168.138.158 response_body_len:121635 user_agent:Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978694.621046 id.resp_h:62.75.195.236 resp_fuids:[\"FKGK2W1X8Bfk7D7XD9\"]","ip_dst_addr":"62.75.195.236","threatinteljoinbolt.joiner.ts":"1530978697809","host":"r03afd2.c3008e.xc07r.b0f.a39.h7f0fa5eu.vb8fbl.e8mfzdgrf7g0.groupprograms.in","enrichmentjoinbolt.joiner.ts":"1530978696953","adapter.hostfromjsonlistadapter.begin.ts":"1530978696652","threatintelsplitterbolt.splitter.begin.ts":"1530978696962","enrichments.geo.ip_dst_addr.longitude":"7.7455","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FKGK2W1X8Bfk7D7XD9"],"timestamp":1530978694621,"method":"GET","request_body_len":0,"uri":"\/","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978696887","referrer":"http:\/\/va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in\/?285a4d4e4e5a4d4d4649584c5d43064b4745","threatintelsplitterbolt.splitter.end.ts":"1530978696962","adapter.threatinteladapter.begin.ts":"1530978697786","ip_src_port":49186,"enrichments.geo.ip_dst_addr.location_point":"48.5839,7.7455","status_msg":"OK","guid":"98769db4-ee20-4f69-bb04-2e7005de9c6d","response_body_len":121635}
{"adapter.threatinteladapter.end.ts":"1530978697787","bro_timestamp":"1530978694.641679","ip_dst_port":8080,"enrichmentsplitterbolt.splitter.end.ts":"1530978696611","enrichmentsplitterbolt.splitter.begin.ts":"1530978696611","adapter.hostfromjsonlistadapter.end.ts":"1530978696653","adapter.geoadapter.begin.ts":"1530978696887","uid":"CUrRne3iLIxXavQtci","trans_depth":254,"protocol":"http","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:\/api\/v1\/persist\/wizard-data?_=1484169473684 tags:[] uid:CUrRne3iLIxXavQtci referrer:http:\/\/node1:8080\/ trans_depth:254 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/55.0.2883.95 Safari\/537.36 ts:1530978694.641679 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","threatinteljoinbolt.joiner.ts":"1530978697810","host":"node1","enrichmentjoinbolt.joiner.ts":"1530978696954","adapter.hostfromjsonlistadapter.begin.ts":"1530978696653","threatintelsplitterbolt.splitter.begin.ts":"1530978696962","ip_src_addr":"192.168.66.1","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/55.0.2883.95 Safari\/537.36","timestamp":1530978694641,"method":"GET","request_body_len":0,"uri":"\/api\/v1\/persist\/wizard-data?_=1484169473684","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978696887","referrer":"http:\/\/node1:8080\/","threatintelsplitterbolt.splitter.end.ts":"1530978696962","adapter.threatinteladapter.begin.ts":"1530978697787","ip_src_port":50451,"guid":"ffda80d8-44e3-42db-b72a-d2fa7cf38042","response_body_len":0}
{"adapter.threatinteladapter.end.ts":"1530978697788","bro_timestamp":"1530978694.388009","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978696611","enrichments.geo.ip_dst_addr.city":"Elektrostal","enrichments.geo.ip_dst_addr.latitude":"55.7896","enrichmentsplitterbolt.splitter.begin.ts":"1530978696611","adapter.hostfromjsonlistadapter.end.ts":"1530978696653","enrichments.geo.ip_dst_addr.country":"RU","enrichments.geo.ip_dst_addr.locID":"563523","adapter.geoadapter.begin.ts":"1530978696887","enrichments.geo.ip_dst_addr.postalCode":"144004","uid":"CJyQ1119VSEe7SGiTa","resp_mime_types":["image\/x-icon"],"trans_depth":2,"protocol":"http","original_string":"HTTP | id.orig_p:49207 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:\/favicon.ico tags:[] uid:CJyQ1119VSEe7SGiTa resp_mime_types:[\"image\\\/x-icon\"] trans_depth:2 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:318 user_agent:Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978694.388009 id.resp_h:95.163.121.204 resp_fuids:[\"F0Pvmv1dj2gRa9c7v\"]","ip_dst_addr":"95.163.121.204","threatinteljoinbolt.joiner.ts":"1530978697810","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","enrichmentjoinbolt.joiner.ts":"1530978696954","adapter.hostfromjsonlistadapter.begin.ts":"1530978696653","threatintelsplitterbolt.splitter.begin.ts":"1530978696962","enrichments.geo.ip_dst_addr.longitude":"38.4467","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["F0Pvmv1dj2gRa9c7v"],"timestamp":1530978694388,"method":"GET","request_body_len":0,"uri":"\/favicon.ico","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978696887","threatintelsplitterbolt.splitter.end.ts":"1530978696962","adapter.threatinteladapter.begin.ts":"1530978697787","ip_src_port":49207,"enrichments.geo.ip_dst_addr.location_point":"55.7896,38.4467","status_msg":"OK","guid":"66eda80b-7f24-4aec-85b9-e381e128dfc7","response_body_len":318}
{"adapter.threatinteladapter.end.ts":"1530978697788","bro_timestamp":"1530978694.979947","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978696611","enrichments.geo.ip_dst_addr.city":"Los Angeles","enrichments.geo.ip_dst_addr.latitude":"34.0494","enrichmentsplitterbolt.splitter.begin.ts":"1530978696611","adapter.hostfromjsonlistadapter.end.ts":"1530978696653","enrichments.geo.ip_dst_addr.country":"US","enrichments.geo.ip_dst_addr.locID":"5368361","adapter.geoadapter.begin.ts":"1530978696887","enrichments.geo.ip_dst_addr.postalCode":"90014","uid":"COZAhy4ljJ4lBc5bgf","resp_mime_types":["text\/plain"],"trans_depth":1,"protocol":"http","original_string":"HTTP | id.orig_p:49204 status_code:200 method:POST request_body_len:110 id.resp_p:80 orig_mime_types:[\"text\\\/plain\"] uri:\/wp-content\/themes\/grizzly\/img5.php?u=ka6nnuvccqlw9 tags:[] uid:COZAhy4ljJ4lBc5bgf resp_mime_types:[\"text\\\/plain\"] trans_depth:1 orig_fuids:[\"FgncKy2eauwZjDL6h9\"] host:comarksecurity.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:14 user_agent:Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978694.979947 id.resp_h:72.34.49.86 resp_fuids:[\"FDVxtiyWLP0KeNRg8\"]","ip_dst_addr":"72.34.49.86","threatinteljoinbolt.joiner.ts":"1530978697810","enrichments.geo.ip_dst_addr.dmaCode":"803","host":"comarksecurity.com","enrichmentjoinbolt.joiner.ts":"1530978696954","adapter.hostfromjsonlistadapter.begin.ts":"1530978696653","threatintelsplitterbolt.splitter.begin.ts":"1530978696962","enrichments.geo.ip_dst_addr.longitude":"-118.2641","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FDVxtiyWLP0KeNRg8"],"timestamp":1530978694979,"method":"POST","request_body_len":110,"orig_mime_types":["text\/plain"],"uri":"\/wp-content\/themes\/grizzly\/img5.php?u=ka6nnuvccqlw9","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978696887","threatintelsplitterbolt.splitter.end.ts":"1530978696962","adapter.threatinteladapter.begin.ts":"1530978697788","orig_fuids":["FgncKy2eauwZjDL6h9"],"ip_src_port":49204,"enrichments.geo.ip_dst_addr.location_point":"34.0494,-118.2641","status_msg":"OK","guid":"a5bc5b67-a861-43e2-9232-fb902239cea3","response_body_len":14}
{"adapter.threatinteladapter.end.ts":"1530978702605","bro_timestamp":"1530978694.045879","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978702588","enrichments.geo.ip_dst_addr.city":"Elektrostal","enrichments.geo.ip_dst_addr.latitude":"55.7896","enrichmentsplitterbolt.splitter.begin.ts":"1530978702588","adapter.hostfromjsonlistadapter.end.ts":"1530978702593","enrichments.geo.ip_dst_addr.country":"RU","enrichments.geo.ip_dst_addr.locID":"563523","adapter.geoadapter.begin.ts":"1530978702593","enrichments.geo.ip_dst_addr.postalCode":"144004","uid":"CmNSa535EEM4iN5uwh","resp_mime_types":["image\/png"],"trans_depth":1,"protocol":"http","original_string":"HTTP | id.orig_p:49209 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:\/img\/flags\/de.png tags:[] uid:CmNSa535EEM4iN5uwh referrer:http:\/\/7oqnsnzwwnm6zb7y.gigapaysun.com\/11iQmfg resp_mime_types:[\"image\\\/png\"] trans_depth:1 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:534 user_agent:Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978694.045879 id.resp_h:95.163.121.204 resp_fuids:[\"FZgahz2hSOfoAP9y1l\"]","ip_dst_addr":"95.163.121.204","threatinteljoinbolt.joiner.ts":"1530978702609","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","enrichmentjoinbolt.joiner.ts":"1530978702598","adapter.hostfromjsonlistadapter.begin.ts":"1530978702593","threatintelsplitterbolt.splitter.begin.ts":"1530978702601","enrichments.geo.ip_dst_addr.longitude":"38.4467","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FZgahz2hSOfoAP9y1l"],"timestamp":1530978694045,"method":"GET","request_body_len":0,"uri":"\/img\/flags\/de.png","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978702593","referrer":"http:\/\/7oqnsnzwwnm6zb7y.gigapaysun.com\/11iQmfg","threatintelsplitterbolt.splitter.end.ts":"1530978702601","adapter.threatinteladapter.begin.ts":"1530978702605","ip_src_port":49209,"enrichments.geo.ip_dst_addr.location_point":"55.7896,38.4467","status_msg":"OK","guid":"9e19e186-6aba-45ad-8b70-9e696ef02448","response_body_len":534}
{"adapter.threatinteladapter.end.ts":"1530978702605","bro_timestamp":"1530978694.98983","status_code":404,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978702589","enrichments.geo.ip_dst_addr.city":"Phoenix","enrichments.geo.ip_dst_addr.latitude":"33.4499","enrichmentsplitterbolt.splitter.begin.ts":"1530978702589","adapter.hostfromjsonlistadapter.end.ts":"1530978702593","enrichments.geo.ip_dst_addr.country":"US","enrichments.geo.ip_dst_addr.locID":"5308655","adapter.geoadapter.begin.ts":"1530978702593","enrichments.geo.ip_dst_addr.postalCode":"85004","uid":"CPbKPD2f2Vg9rvtXXk","resp_mime_types":["text\/html"],"trans_depth":1,"protocol":"http","original_string":"HTTP | id.orig_p:49199 status_code:404 method:POST request_body_len:96 id.resp_p:80 orig_mime_types:[\"text\\\/plain\"] uri:\/wp-content\/themes\/twentyfifteen\/img5.php?l=8r1gf1b2t1kuq42 tags:[] uid:CPbKPD2f2Vg9rvtXXk resp_mime_types:[\"text\\\/html\"] trans_depth:1 orig_fuids:[\"FVYpPq1KmqTn8vOfT\"] host:runlove.us status_msg:Not Found id.orig_h:192.168.138.158 response_body_len:357 user_agent:Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978694.98983 id.resp_h:204.152.254.221 resp_fuids:[\"FnmQJXPDEKwZZ8TMf\"]","ip_dst_addr":"204.152.254.221","threatinteljoinbolt.joiner.ts":"1530978702609","enrichments.geo.ip_dst_addr.dmaCode":"753","host":"runlove.us","enrichmentjoinbolt.joiner.ts":"1530978702598","adapter.hostfromjsonlistadapter.begin.ts":"1530978702593","threatintelsplitterbolt.splitter.begin.ts":"1530978702601","enrichments.geo.ip_dst_addr.longitude":"-112.0712","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FnmQJXPDEKwZZ8TMf"],"timestamp":1530978694989,"method":"POST","request_body_len":96,"orig_mime_types":["text\/plain"],"uri":"\/wp-content\/themes\/twentyfifteen\/img5.php?l=8r1gf1b2t1kuq42","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978702593","threatintelsplitterbolt.splitter.end.ts":"1530978702601","adapter.threatinteladapter.begin.ts":"1530978702605","orig_fuids":["FVYpPq1KmqTn8vOfT"],"ip_src_port":49199,"enrichments.geo.ip_dst_addr.location_point":"33.4499,-112.0712","status_msg":"Not Found","guid":"23070f86-2358-4f4c-9bf4-a612afc8c3e3","response_body_len":357}
{"adapter.threatinteladapter.end.ts":"1530978702605","bro_timestamp":"1530978694.665931","status_code":404,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978702589","enrichments.geo.ip_dst_addr.city":"Phoenix","enrichments.geo.ip_dst_addr.latitude":"33.4499","enrichmentsplitterbolt.splitter.begin.ts":"1530978702589","adapter.hostfromjsonlistadapter.end.ts":"1530978702593","enrichments.geo.ip_dst_addr.country":"US","enrichments.geo.ip_dst_addr.locID":"5308655","adapter.geoadapter.begin.ts":"1530978702593","enrichments.geo.ip_dst_addr.postalCode":"85004","uid":"CQPUy829Fo1TwbqZh5","resp_mime_types":["text\/html"],"trans_depth":1,"protocol":"http","original_string":"HTTP | id.orig_p:49203 status_code:404 method:POST request_body_len:110 id.resp_p:80 orig_mime_types:[\"text\\\/plain\"] uri:\/wp-content\/themes\/twentyfifteen\/img5.php?f=ka6nnuvccqlw9 tags:[] uid:CQPUy829Fo1TwbqZh5 resp_mime_types:[\"text\\\/html\"] trans_depth:1 orig_fuids:[\"FHf5Gv2fxGeTgj5aLk\"] host:runlove.us status_msg:Not Found id.orig_h:192.168.138.158 response_body_len:357 user_agent:Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978694.665931 id.resp_h:204.152.254.221 resp_fuids:[\"FuBgoE4Ro7nr1s5NO8\"]","ip_dst_addr":"204.152.254.221","threatinteljoinbolt.joiner.ts":"1530978702609","enrichments.geo.ip_dst_addr.dmaCode":"753","host":"runlove.us","enrichmentjoinbolt.joiner.ts":"1530978702599","adapter.hostfromjsonlistadapter.begin.ts":"1530978702593","threatintelsplitterbolt.splitter.begin.ts":"1530978702601","enrichments.geo.ip_dst_addr.longitude":"-112.0712","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FuBgoE4Ro7nr1s5NO8"],"timestamp":1530978694665,"method":"POST","request_body_len":110,"orig_mime_types":["text\/plain"],"uri":"\/wp-content\/themes\/twentyfifteen\/img5.php?f=ka6nnuvccqlw9","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978702593","threatintelsplitterbolt.splitter.end.ts":"1530978702601","adapter.threatinteladapter.begin.ts":"1530978702605","orig_fuids":["FHf5Gv2fxGeTgj5aLk"],"ip_src_port":49203,"enrichments.geo.ip_dst_addr.location_point":"33.4499,-112.0712","status_msg":"Not Found","guid":"41e087a9-84a3-41a2-af03-b0ade87ffa76","response_body_len":357}
{"adapter.threatinteladapter.end.ts":"1530978702605","bro_timestamp":"1530978694.939958","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978702590","enrichments.geo.ip_dst_addr.city":"Elektrostal","enrichments.geo.ip_dst_addr.latitude":"55.7896","enrichmentsplitterbolt.splitter.begin.ts":"1530978702589","adapter.hostfromjsonlistadapter.end.ts":"1530978702593","enrichments.geo.ip_dst_addr.country":"RU","enrichments.geo.ip_dst_addr.locID":"563523","adapter.geoadapter.begin.ts":"1530978702593","enrichments.geo.ip_dst_addr.postalCode":"144004","uid":"CA0G2ASkF1efFirs7","resp_mime_types":["image\/png"],"trans_depth":2,"protocol":"http","original_string":"HTTP | id.orig_p:49210 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:\/img\/lb.png tags:[] uid:CA0G2ASkF1efFirs7 referrer:http:\/\/7oqnsnzwwnm6zb7y.gigapaysun.com\/11iQmfg resp_mime_types:[\"image\\\/png\"] trans_depth:2 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:239 user_agent:Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978694.939958 id.resp_h:95.163.121.204 resp_fuids:[\"FXqalu3YBvkNyrelff\"]","ip_dst_addr":"95.163.121.204","threatinteljoinbolt.joiner.ts":"1530978702610","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","enrichmentjoinbolt.joiner.ts":"1530978702599","adapter.hostfromjsonlistadapter.begin.ts":"1530978702593","threatintelsplitterbolt.splitter.begin.ts":"1530978702601","enrichments.geo.ip_dst_addr.longitude":"38.4467","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FXqalu3YBvkNyrelff"],"timestamp":1530978694939,"method":"GET","request_body_len":0,"uri":"\/img\/lb.png","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978702593","referrer":"http:\/\/7oqnsnzwwnm6zb7y.gigapaysun.com\/11iQmfg","threatintelsplitterbolt.splitter.end.ts":"1530978702601","adapter.threatinteladapter.begin.ts":"1530978702605","ip_src_port":49210,"enrichments.geo.ip_dst_addr.location_point":"55.7896,38.4467","status_msg":"OK","guid":"b4a27884-579e-4266-b1d5-0c12f941924a","response_body_len":239}
{"adapter.threatinteladapter.end.ts":"1530978702605","bro_timestamp":"1530978694.291127","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978702590","enrichments.geo.ip_dst_addr.city":"Elektrostal","enrichments.geo.ip_dst_addr.latitude":"55.7896","enrichmentsplitterbolt.splitter.begin.ts":"1530978702590","adapter.hostfromjsonlistadapter.end.ts":"1530978702593","enrichments.geo.ip_dst_addr.country":"RU","enrichments.geo.ip_dst_addr.locID":"563523","adapter.geoadapter.begin.ts":"1530978702593","enrichments.geo.ip_dst_addr.postalCode":"144004","uid":"CodIOCgeqZXqVSCg6","resp_mime_types":["image\/png"],"trans_depth":4,"protocol":"http","original_string":"HTTP | id.orig_p:49205 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:\/img\/bitcoin.png tags:[] uid:CodIOCgeqZXqVSCg6 referrer:http:\/\/7oqnsnzwwnm6zb7y.gigapaysun.com\/11iQmfg resp_mime_types:[\"image\\\/png\"] trans_depth:4 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:5523 user_agent:Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978694.291127 id.resp_h:95.163.121.204 resp_fuids:[\"Ft8inr3vk76ny20gZ2\"]","ip_dst_addr":"95.163.121.204","threatinteljoinbolt.joiner.ts":"1530978702610","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","enrichmentjoinbolt.joiner.ts":"1530978702599","adapter.hostfromjsonlistadapter.begin.ts":"1530978702593","threatintelsplitterbolt.splitter.begin.ts":"1530978702601","enrichments.geo.ip_dst_addr.longitude":"38.4467","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["Ft8inr3vk76ny20gZ2"],"timestamp":1530978694291,"method":"GET","request_body_len":0,"uri":"\/img\/bitcoin.png","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978702593","referrer":"http:\/\/7oqnsnzwwnm6zb7y.gigapaysun.com\/11iQmfg","threatintelsplitterbolt.splitter.end.ts":"1530978702601","adapter.threatinteladapter.begin.ts":"1530978702605","ip_src_port":49205,"enrichments.geo.ip_dst_addr.location_point":"55.7896,38.4467","status_msg":"OK","guid":"105bf657-f1ec-4276-bfcd-091905599296","response_body_len":5523}
{"adapter.threatinteladapter.end.ts":"1530978702609","bro_timestamp":"1530978698.168044","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978702590","enrichments.geo.ip_dst_addr.city":"Strasbourg","enrichments.geo.ip_dst_addr.latitude":"48.5839","enrichmentsplitterbolt.splitter.begin.ts":"1530978702590","adapter.hostfromjsonlistadapter.end.ts":"1530978702597","enrichments.geo.ip_dst_addr.country":"FR","enrichments.geo.ip_dst_addr.locID":"2973783","adapter.geoadapter.begin.ts":"1530978702597","enrichments.geo.ip_dst_addr.postalCode":"67100","uid":"ChNCWL3i4gNIYPkoDe","trans_depth":1,"protocol":"http","original_string":"HTTP | id.orig_p:49194 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:\/?60dbe33b908e0086292196ef001816bc tags:[] uid:ChNCWL3i4gNIYPkoDe trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:0 user_agent:Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978698.168044 id.resp_h:62.75.195.236","ip_dst_addr":"62.75.195.236","threatinteljoinbolt.joiner.ts":"1530978702612","host":"62.75.195.236","enrichmentjoinbolt.joiner.ts":"1530978702601","adapter.hostfromjsonlistadapter.begin.ts":"1530978702597","threatintelsplitterbolt.splitter.begin.ts":"1530978702605","enrichments.geo.ip_dst_addr.longitude":"7.7455","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","timestamp":1530978698168,"method":"GET","request_body_len":0,"uri":"\/?60dbe33b908e0086292196ef001816bc","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978702597","threatintelsplitterbolt.splitter.end.ts":"1530978702605","adapter.threatinteladapter.begin.ts":"1530978702609","ip_src_port":49194,"enrichments.geo.ip_dst_addr.location_point":"48.5839,7.7455","status_msg":"OK","guid":"5bd73342-6081-4de8-af0d-b68efab3bf95","response_body_len":0}
{"adapter.threatinteladapter.end.ts":"1530978702609","bro_timestamp":"1530978698.840044","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978702590","enrichments.geo.ip_dst_addr.city":"Elektrostal","enrichments.geo.ip_dst_addr.latitude":"55.7896","enrichmentsplitterbolt.splitter.begin.ts":"1530978702590","adapter.hostfromjsonlistadapter.end.ts":"1530978702597","enrichments.geo.ip_dst_addr.country":"RU","enrichments.geo.ip_dst_addr.locID":"563523","adapter.geoadapter.begin.ts":"1530978702597","enrichments.geo.ip_dst_addr.postalCode":"144004","uid":"CX5zuR35fzQMB5VJmd","resp_mime_types":["text\/html"],"trans_depth":1,"protocol":"http","original_string":"HTTP | id.orig_p:49205 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:\/11iQmfg tags:[] uid:CX5zuR35fzQMB5VJmd resp_mime_types:[\"text\\\/html\"] trans_depth:1 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:3289 user_agent:Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978698.840044 id.resp_h:95.163.121.204 resp_fuids:[\"FjwIxc3D3tcVPcqmGc\"]","ip_dst_addr":"95.163.121.204","threatinteljoinbolt.joiner.ts":"1530978702612","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","enrichmentjoinbolt.joiner.ts":"1530978702601","adapter.hostfromjsonlistadapter.begin.ts":"1530978702597","threatintelsplitterbolt.splitter.begin.ts":"1530978702605","enrichments.geo.ip_dst_addr.longitude":"38.4467","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FjwIxc3D3tcVPcqmGc"],"timestamp":1530978698840,"method":"GET","request_body_len":0,"uri":"\/11iQmfg","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978702597","threatintelsplitterbolt.splitter.end.ts":"1530978702605","adapter.threatinteladapter.begin.ts":"1530978702609","ip_src_port":49205,"enrichments.geo.ip_dst_addr.location_point":"55.7896,38.4467","status_msg":"OK","guid":"f9dbf04b-bcc8-48a9-b858-8ca45b6f8274","response_body_len":3289}
{"adapter.threatinteladapter.end.ts":"1530978702609","bro_timestamp":"1530978698.949395","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978702590","enrichments.geo.ip_dst_addr.city":"Strasbourg","enrichments.geo.ip_dst_addr.latitude":"48.5839","enrichmentsplitterbolt.splitter.begin.ts":"1530978702590","adapter.hostfromjsonlistadapter.end.ts":"1530978702597","enrichments.geo.ip_dst_addr.country":"FR","enrichments.geo.ip_dst_addr.locID":"2973783","adapter.geoadapter.begin.ts":"1530978702598","enrichments.geo.ip_dst_addr.postalCode":"67100","uid":"C8Ljn32fwV1v4G45R8","trans_depth":1,"protocol":"http","original_string":"HTTP | id.orig_p:49188 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:\/aa25f5fe2875e3d0a244e6969e589cc4 tags:[] uid:C8Ljn32fwV1v4G45R8 trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:861 ts:1530978698.949395 id.resp_h:62.75.195.236 resp_fuids:[\"FfQLue1qc3s7ZfGzH5\"]","ip_dst_addr":"62.75.195.236","threatinteljoinbolt.joiner.ts":"1530978702612","host":"62.75.195.236","enrichmentjoinbolt.joiner.ts":"1530978702601","adapter.hostfromjsonlistadapter.begin.ts":"1530978702597","threatintelsplitterbolt.splitter.begin.ts":"1530978702605","enrichments.geo.ip_dst_addr.longitude":"7.7455","ip_src_addr":"192.168.138.158","resp_fuids":["FfQLue1qc3s7ZfGzH5"],"timestamp":1530978698949,"method":"GET","request_body_len":0,"uri":"\/aa25f5fe2875e3d0a244e6969e589cc4","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978702598","threatintelsplitterbolt.splitter.end.ts":"1530978702605","adapter.threatinteladapter.begin.ts":"1530978702609","ip_src_port":49188,"enrichments.geo.ip_dst_addr.location_point":"48.5839,7.7455","status_msg":"OK","guid":"e8cff10e-d3ab-4578-8aeb-f94c614b5bd6","response_body_len":861}
{"adapter.threatinteladapter.end.ts":"1530978702609","qclass_name":"qclass-32769","bro_timestamp":"1530978698.075525","qtype_name":"PTR","ip_dst_port":5353,"enrichmentsplitterbolt.splitter.end.ts":"1530978702590","qtype":12,"rejected":false,"enrichmentsplitterbolt.splitter.begin.ts":"1530978702590","adapter.hostfromjsonlistadapter.end.ts":"1530978702597","trans_id":0,"adapter.geoadapter.begin.ts":"1530978702598","uid":"C8DgGj1pj2jXyhi9g1","protocol":"dns","original_string":"DNS | AA:false qclass_name:qclass-32769 id.orig_p:5353 qtype_name:PTR qtype:12 rejected:false id.resp_p:5353 query:_googlecast._tcp.local trans_id:0 TC:false RA:false uid:C8DgGj1pj2jXyhi9g1 RD:false proto:udp id.orig_h:192.168.66.1 Z:0 qclass:32769 ts:1530978698.075525 id.resp_h:224.0.0.251","ip_dst_addr":"224.0.0.251","threatinteljoinbolt.joiner.ts":"1530978702612","enrichmentjoinbolt.joiner.ts":"1530978702602","adapter.hostfromjsonlistadapter.begin.ts":"1530978702597","threatintelsplitterbolt.splitter.begin.ts":"1530978702605","Z":0,"ip_src_addr":"192.168.66.1","qclass":32769,"timestamp":1530978698075,"AA":false,"query":"_googlecast._tcp.local","TC":false,"RA":false,"source.type":"bro","adapter.geoadapter.end.ts":"1530978702598","RD":false,"threatintelsplitterbolt.splitter.end.ts":"1530978702606","adapter.threatinteladapter.begin.ts":"1530978702609","ip_src_port":5353,"proto":"udp","guid":"f88c60ba-4062-411f-ae82-c9a86e0a0d1b"}
{"adapter.threatinteladapter.end.ts":"1530978702609","bro_timestamp":"1530978698.312623","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978702590","enrichments.geo.ip_dst_addr.city":"Strasbourg","enrichments.geo.ip_dst_addr.latitude":"48.5839","enrichmentsplitterbolt.splitter.begin.ts":"1530978702590","adapter.hostfromjsonlistadapter.end.ts":"1530978702597","enrichments.geo.ip_dst_addr.country":"FR","enrichments.geo.ip_dst_addr.locID":"2973783","adapter.geoadapter.begin.ts":"1530978702598","enrichments.geo.ip_dst_addr.postalCode":"67100","uid":"CCTaln3ggV4dOqGETi","trans_depth":1,"protocol":"http","original_string":"HTTP | id.orig_p:49194 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:\/?60dbe33b908e0086292196ef001816bc tags:[] uid:CCTaln3ggV4dOqGETi trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:0 user_agent:Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978698.312623 id.resp_h:62.75.195.236","ip_dst_addr":"62.75.195.236","threatinteljoinbolt.joiner.ts":"1530978702612","host":"62.75.195.236","enrichmentjoinbolt.joiner.ts":"1530978702602","adapter.hostfromjsonlistadapter.begin.ts":"1530978702597","threatintelsplitterbolt.splitter.begin.ts":"1530978702606","enrichments.geo.ip_dst_addr.longitude":"7.7455","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","timestamp":1530978698312,"method":"GET","request_body_len":0,"uri":"\/?60dbe33b908e0086292196ef001816bc","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978702598","threatintelsplitterbolt.splitter.end.ts":"1530978702606","adapter.threatinteladapter.begin.ts":"1530978702609","ip_src_port":49194,"enrichments.geo.ip_dst_addr.location_point":"48.5839,7.7455","status_msg":"OK","guid":"c0049477-bdc9-42ab-88fe-c088a7d9e76d","response_body_len":0}
{"adapter.threatinteladapter.end.ts":"1530978702611","bro_timestamp":"1530978698.907146","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978702591","enrichments.geo.ip_dst_addr.city":"Elektrostal","enrichments.geo.ip_dst_addr.latitude":"55.7896","enrichmentsplitterbolt.splitter.begin.ts":"1530978702591","adapter.hostfromjsonlistadapter.end.ts":"1530978702597","enrichments.geo.ip_dst_addr.country":"RU","enrichments.geo.ip_dst_addr.locID":"563523","adapter.geoadapter.begin.ts":"1530978702598","enrichments.geo.ip_dst_addr.postalCode":"144004","uid":"Cnd9EM1uTP3PbJ0BS","resp_mime_types":["image\/png"],"trans_depth":1,"protocol":"http","original_string":"HTTP | id.orig_p:49209 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:\/img\/flags\/de.png tags:[] uid:Cnd9EM1uTP3PbJ0BS referrer:http:\/\/7oqnsnzwwnm6zb7y.gigapaysun.com\/11iQmfg resp_mime_types:[\"image\\\/png\"] trans_depth:1 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:534 user_agent:Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978698.907146 id.resp_h:95.163.121.204 resp_fuids:[\"Fck5px3MJLpCrDeCZ3\"]","ip_dst_addr":"95.163.121.204","threatinteljoinbolt.joiner.ts":"1530978702613","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","enrichmentjoinbolt.joiner.ts":"1530978702602","adapter.hostfromjsonlistadapter.begin.ts":"1530978702597","threatintelsplitterbolt.splitter.begin.ts":"1530978702607","enrichments.geo.ip_dst_addr.longitude":"38.4467","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["Fck5px3MJLpCrDeCZ3"],"timestamp":1530978698907,"method":"GET","request_body_len":0,"uri":"\/img\/flags\/de.png","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978702598","referrer":"http:\/\/7oqnsnzwwnm6zb7y.gigapaysun.com\/11iQmfg","threatintelsplitterbolt.splitter.end.ts":"1530978702607","adapter.threatinteladapter.begin.ts":"1530978702611","ip_src_port":49209,"enrichments.geo.ip_dst_addr.location_point":"55.7896,38.4467","status_msg":"OK","guid":"358e4eca-0f08-4c10-a307-881009c223b0","response_body_len":534}
{"adapter.threatinteladapter.end.ts":"1530978702611","bro_timestamp":"1530978698.884865","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978702591","enrichments.geo.ip_dst_addr.city":"Elektrostal","enrichments.geo.ip_dst_addr.latitude":"55.7896","enrichmentsplitterbolt.splitter.begin.ts":"1530978702591","adapter.hostfromjsonlistadapter.end.ts":"1530978702597","enrichments.geo.ip_dst_addr.country":"RU","enrichments.geo.ip_dst_addr.locID":"563523","adapter.geoadapter.begin.ts":"1530978702598","enrichments.geo.ip_dst_addr.postalCode":"144004","uid":"CJY1nx4uy46hVP4kmg","resp_mime_types":["text\/plain"],"trans_depth":1,"protocol":"http","original_string":"HTTP | id.orig_p:49206 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:\/img\/style.css tags:[] uid:CJY1nx4uy46hVP4kmg referrer:http:\/\/7oqnsnzwwnm6zb7y.gigapaysun.com\/11iQmfg resp_mime_types:[\"text\\\/plain\"] trans_depth:1 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:4492 user_agent:Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978698.884865 id.resp_h:95.163.121.204 resp_fuids:[\"FindPO2TsX283BvQw3\"]","ip_dst_addr":"95.163.121.204","threatinteljoinbolt.joiner.ts":"1530978702613","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","enrichmentjoinbolt.joiner.ts":"1530978702602","adapter.hostfromjsonlistadapter.begin.ts":"1530978702597","threatintelsplitterbolt.splitter.begin.ts":"1530978702607","enrichments.geo.ip_dst_addr.longitude":"38.4467","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FindPO2TsX283BvQw3"],"timestamp":1530978698884,"method":"GET","request_body_len":0,"uri":"\/img\/style.css","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978702598","referrer":"http:\/\/7oqnsnzwwnm6zb7y.gigapaysun.com\/11iQmfg","threatintelsplitterbolt.splitter.end.ts":"1530978702607","adapter.threatinteladapter.begin.ts":"1530978702611","ip_src_port":49206,"enrichments.geo.ip_dst_addr.location_point":"55.7896,38.4467","status_msg":"OK","guid":"94df9cde-8877-43bf-97a6-d2e0bbc840c4","response_body_len":4492}
{"adapter.threatinteladapter.end.ts":"1530978702611","bro_timestamp":"1530978698.521985","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978702591","enrichments.geo.ip_dst_addr.city":"Elektrostal","enrichments.geo.ip_dst_addr.latitude":"55.7896","enrichmentsplitterbolt.splitter.begin.ts":"1530978702591","adapter.hostfromjsonlistadapter.end.ts":"1530978702597","enrichments.geo.ip_dst_addr.country":"RU","enrichments.geo.ip_dst_addr.locID":"563523","adapter.geoadapter.begin.ts":"1530978702598","enrichments.geo.ip_dst_addr.postalCode":"144004","uid":"C1qlzE2SalKbpWSJGi","resp_mime_types":["image\/png"],"trans_depth":3,"protocol":"http","original_string":"HTTP | id.orig_p:49210 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:\/img\/button_pay.png tags:[] uid:C1qlzE2SalKbpWSJGi referrer:http:\/\/7oqnsnzwwnm6zb7y.gigapaysun.com\/11iQmfg resp_mime_types:[\"image\\\/png\"] trans_depth:3 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:727 user_agent:Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978698.521985 id.resp_h:95.163.121.204 resp_fuids:[\"Fd2ecB4nK7EKV7lLA1\"]","ip_dst_addr":"95.163.121.204","threatinteljoinbolt.joiner.ts":"1530978702613","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","enrichmentjoinbolt.joiner.ts":"1530978702602","adapter.hostfromjsonlistadapter.begin.ts":"1530978702597","threatintelsplitterbolt.splitter.begin.ts":"1530978702607","enrichments.geo.ip_dst_addr.longitude":"38.4467","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["Fd2ecB4nK7EKV7lLA1"],"timestamp":1530978698521,"method":"GET","request_body_len":0,"uri":"\/img\/button_pay.png","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978702598","referrer":"http:\/\/7oqnsnzwwnm6zb7y.gigapaysun.com\/11iQmfg","threatintelsplitterbolt.splitter.end.ts":"1530978702607","adapter.threatinteladapter.begin.ts":"1530978702611","ip_src_port":49210,"enrichments.geo.ip_dst_addr.location_point":"55.7896,38.4467","status_msg":"OK","guid":"024a7ece-fce2-4ec2-86ee-e5e7d0dc2a5d","response_body_len":727}
{"adapter.threatinteladapter.end.ts":"1530978702611","bro_timestamp":"1530978698.077529","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978702591","enrichments.geo.ip_dst_addr.city":"Elektrostal","enrichments.geo.ip_dst_addr.latitude":"55.7896","enrichmentsplitterbolt.splitter.begin.ts":"1530978702591","adapter.hostfromjsonlistadapter.end.ts":"1530978702597","enrichments.geo.ip_dst_addr.country":"RU","enrichments.geo.ip_dst_addr.locID":"563523","adapter.geoadapter.begin.ts":"1530978702598","enrichments.geo.ip_dst_addr.postalCode":"144004","uid":"C5UfKV32U65H7ojqJd","resp_mime_types":["image\/png"],"trans_depth":4,"protocol":"http","original_string":"HTTP | id.orig_p:49205 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:\/img\/bitcoin.png tags:[] uid:C5UfKV32U65H7ojqJd referrer:http:\/\/7oqnsnzwwnm6zb7y.gigapaysun.com\/11iQmfg resp_mime_types:[\"image\\\/png\"] trans_depth:4 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:5523 user_agent:Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978698.077529 id.resp_h:95.163.121.204 resp_fuids:[\"Fy6w2R347d11rin2hg\"]","ip_dst_addr":"95.163.121.204","threatinteljoinbolt.joiner.ts":"1530978702613","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","enrichmentjoinbolt.joiner.ts":"1530978702602","adapter.hostfromjsonlistadapter.begin.ts":"1530978702597","threatintelsplitterbolt.splitter.begin.ts":"1530978702607","enrichments.geo.ip_dst_addr.longitude":"38.4467","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["Fy6w2R347d11rin2hg"],"timestamp":1530978698077,"method":"GET","request_body_len":0,"uri":"\/img\/bitcoin.png","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978702598","referrer":"http:\/\/7oqnsnzwwnm6zb7y.gigapaysun.com\/11iQmfg","threatintelsplitterbolt.splitter.end.ts":"1530978702607","adapter.threatinteladapter.begin.ts":"1530978702611","ip_src_port":49205,"enrichments.geo.ip_dst_addr.location_point":"55.7896,38.4467","status_msg":"OK","guid":"626f9f8b-2af5-4c9f-a36a-3cfedea5614e","response_body_len":5523}
{"adapter.threatinteladapter.end.ts":"1530978702611","bro_timestamp":"1530978698.241724","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978702591","enrichments.geo.ip_dst_addr.city":"Los Angeles","enrichments.geo.ip_dst_addr.latitude":"34.0494","enrichmentsplitterbolt.splitter.begin.ts":"1530978702591","adapter.hostfromjsonlistadapter.end.ts":"1530978702597","enrichments.geo.ip_dst_addr.country":"US","enrichments.geo.ip_dst_addr.locID":"5368361","adapter.geoadapter.begin.ts":"1530978702598","enrichments.geo.ip_dst_addr.postalCode":"90014","uid":"CJNiGM3zcyXHHORzFb","resp_mime_types":["text\/plain"],"trans_depth":1,"protocol":"http","original_string":"HTTP | id.orig_p:49198 status_code:200 method:POST request_body_len:134 id.resp_p:80 orig_mime_types:[\"text\\\/plain\"] uri:\/wp-content\/themes\/grizzly\/img5.php?c=cdcnw7cfz43rmtg tags:[] uid:CJNiGM3zcyXHHORzFb resp_mime_types:[\"text\\\/plain\"] trans_depth:1 orig_fuids:[\"FJWjcF3Z0qYg56Pw65\"] host:comarksecurity.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:14 user_agent:Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978698.241724 id.resp_h:72.34.49.86 resp_fuids:[\"FrVBRXxij8xG1u239\"]","ip_dst_addr":"72.34.49.86","threatinteljoinbolt.joiner.ts":"1530978702614","enrichments.geo.ip_dst_addr.dmaCode":"803","host":"comarksecurity.com","enrichmentjoinbolt.joiner.ts":"1530978702603","adapter.hostfromjsonlistadapter.begin.ts":"1530978702597","threatintelsplitterbolt.splitter.begin.ts":"1530978702608","enrichments.geo.ip_dst_addr.longitude":"-118.2641","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FrVBRXxij8xG1u239"],"timestamp":1530978698241,"method":"POST","request_body_len":134,"orig_mime_types":["text\/plain"],"uri":"\/wp-content\/themes\/grizzly\/img5.php?c=cdcnw7cfz43rmtg","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978702598","threatintelsplitterbolt.splitter.end.ts":"1530978702608","adapter.threatinteladapter.begin.ts":"1530978702611","orig_fuids":["FJWjcF3Z0qYg56Pw65"],"ip_src_port":49198,"enrichments.geo.ip_dst_addr.location_point":"34.0494,-118.2641","status_msg":"OK","guid":"40b1b0b6-a51c-41a2-9d97-ef26badb79fa","response_body_len":14}
{"adapter.threatinteladapter.end.ts":"1530978710497","bro_timestamp":"1530978704.958145","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978710473","enrichments.geo.ip_dst_addr.city":"Strasbourg","enrichments.geo.ip_dst_addr.latitude":"48.5839","enrichmentsplitterbolt.splitter.begin.ts":"1530978710473","adapter.hostfromjsonlistadapter.end.ts":"1530978710476","enrichments.geo.ip_dst_addr.country":"FR","enrichments.geo.ip_dst_addr.locID":"2973783","adapter.geoadapter.begin.ts":"1530978710476","enrichments.geo.ip_dst_addr.postalCode":"67100","uid":"C7KeXZ1jvzj9qkSqt7","resp_mime_types":["application\/x-shockwave-flash"],"trans_depth":1,"protocol":"http","original_string":"HTTP | id.orig_p:49185 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:\/ tags:[] uid:C7KeXZ1jvzj9qkSqt7 referrer:http:\/\/va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in\/?285a4d4e4e5a4d4d4649584c5d43064b4745 resp_mime_types:[\"application\\\/x-shockwave-flash\"] trans_depth:1 host:ubb67.3c147o.u806a4.w07d919.o5f.f1.b80w.r0faf9.e8mfzdgrf7g0.groupprograms.in status_msg:OK id.orig_h:192.168.138.158 response_body_len:8973 user_agent:Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978704.958145 id.resp_h:62.75.195.236 resp_fuids:[\"Ft6fqj1vE6fmJBYPx6\"]","ip_dst_addr":"62.75.195.236","threatinteljoinbolt.joiner.ts":"1530978710501","host":"ubb67.3c147o.u806a4.w07d919.o5f.f1.b80w.r0faf9.e8mfzdgrf7g0.groupprograms.in","enrichmentjoinbolt.joiner.ts":"1530978710487","adapter.hostfromjsonlistadapter.begin.ts":"1530978710475","threatintelsplitterbolt.splitter.begin.ts":"1530978710493","enrichments.geo.ip_dst_addr.longitude":"7.7455","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["Ft6fqj1vE6fmJBYPx6"],"timestamp":1530978704958,"method":"GET","request_body_len":0,"uri":"\/","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978710476","referrer":"http:\/\/va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in\/?285a4d4e4e5a4d4d4649584c5d43064b4745","threatintelsplitterbolt.splitter.end.ts":"1530978710493","adapter.threatinteladapter.begin.ts":"1530978710497","ip_src_port":49185,"enrichments.geo.ip_dst_addr.location_point":"48.5839,7.7455","status_msg":"OK","guid":"f1d5ef09-d2e5-4cdd-a26b-fc23df82c385","response_body_len":8973}
{"adapter.threatinteladapter.end.ts":"1530978710497","bro_timestamp":"1530978704.608287","ip_dst_port":8080,"enrichmentsplitterbolt.splitter.end.ts":"1530978710477","enrichmentsplitterbolt.splitter.begin.ts":"1530978710477","adapter.hostfromjsonlistadapter.end.ts":"1530978710486","adapter.geoadapter.begin.ts":"1530978710486","uid":"CUrRne3iLIxXavQtci","trans_depth":40,"protocol":"http","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:\/api\/v1\/persist\/wizard-data?_=1484168498643 tags:[] uid:CUrRne3iLIxXavQtci referrer:http:\/\/node1:8080\/ trans_depth:40 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/55.0.2883.95 Safari\/537.36 ts:1530978704.608287 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","threatinteljoinbolt.joiner.ts":"1530978710501","host":"node1","enrichmentjoinbolt.joiner.ts":"1530978710491","adapter.hostfromjsonlistadapter.begin.ts":"1530978710486","threatintelsplitterbolt.splitter.begin.ts":"1530978710493","ip_src_addr":"192.168.66.1","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/55.0.2883.95 Safari\/537.36","timestamp":1530978704608,"method":"GET","request_body_len":0,"uri":"\/api\/v1\/persist\/wizard-data?_=1484168498643","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978710486","referrer":"http:\/\/node1:8080\/","threatintelsplitterbolt.splitter.end.ts":"1530978710493","adapter.threatinteladapter.begin.ts":"1530978710497","ip_src_port":50451,"guid":"438b5c9d-522a-4611-9d70-c3723645611b","response_body_len":0}
{"adapter.threatinteladapter.end.ts":"1530978710499","bro_timestamp":"1530978704.063932","ip_dst_port":8080,"enrichmentsplitterbolt.splitter.end.ts":"1530978710477","enrichmentsplitterbolt.splitter.begin.ts":"1530978710477","adapter.hostfromjsonlistadapter.end.ts":"1530978710489","adapter.geoadapter.begin.ts":"1530978710490","uid":"CUrRne3iLIxXavQtci","trans_depth":178,"protocol":"http","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:\/api\/v1\/clusters\/metron_cluster\/components\/?ServiceComponentInfo\/component_name=APP_TIMELINE_SERVER|ServiceComponentInfo\/category=MASTER&fields=ServiceComponentInfo\/service_name,host_components\/HostRoles\/display_name,host_components\/HostRoles\/host_name,host_components\/HostRoles\/state,host_components\/HostRoles\/maintenance_state,host_components\/HostRoles\/stale_configs,host_components\/HostRoles\/ha_state,host_components\/HostRoles\/desired_admin_state,,host_components\/metrics\/jvm\/memHeapUsedM,host_components\/metrics\/jvm\/HeapMemoryMax,host_components\/metrics\/jvm\/HeapMemoryUsed,host_components\/metrics\/jvm\/memHeapCommittedM,host_components\/metrics\/mapred\/jobtracker\/trackers_decommissioned,host_components\/metrics\/cpu\/cpu_wio,host_components\/metrics\/rpc\/client\/RpcQueueTime_avg_time,host_components\/metrics\/dfs\/FSNamesystem\/*,host_components\/metrics\/dfs\/namenode\/Version,host_components\/metrics\/dfs\/namenode\/LiveNodes,host_components\/metrics\/dfs\/namenode\/DeadNodes,host_components\/metrics\/dfs\/namenode\/DecomNodes,host_components\/metrics\/dfs\/namenode\/TotalFiles,host_components\/metrics\/dfs\/namenode\/UpgradeFinalized,host_components\/metrics\/dfs\/namenode\/Safemode,host_components\/metrics\/runtime\/StartTime,host_components\/metrics\/hbase\/master\/IsActiveMaster,host_components\/metrics\/hbase\/master\/MasterStartTime,host_components\/metrics\/hbase\/master\/MasterActiveTime,host_components\/metrics\/hbase\/master\/AverageLoad,host_components\/metrics\/master\/AssignmentManger\/ritCount,metrics\/api\/v1\/cluster\/summary,metrics\/api\/v1\/topology\/summary,metrics\/api\/v1\/nimbus\/summary,host_components\/metrics\/yarn\/Queue,host_components\/metrics\/yarn\/ClusterMetrics\/NumActiveNMs,host_components\/metrics\/yarn\/ClusterMetrics\/NumLostNMs,host_components\/metrics\/yarn\/ClusterMetrics\/NumUnhealthyNMs,host_components\/metrics\/yarn\/ClusterMetrics\/NumRebootedNMs,host_components\/metrics\/yarn\/ClusterMetrics\/NumDecommissionedNMs&minimal_response=true&_=1484169119448 tags:[] uid:CUrRne3iLIxXavQtci referrer:http:\/\/node1:8080\/ trans_depth:178 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/55.0.2883.95 Safari\/537.36 ts:1530978704.063932 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","threatinteljoinbolt.joiner.ts":"1530978710502","host":"node1","enrichmentjoinbolt.joiner.ts":"1530978710494","adapter.hostfromjsonlistadapter.begin.ts":"1530978710489","threatintelsplitterbolt.splitter.begin.ts":"1530978710497","ip_src_addr":"192.168.66.1","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/55.0.2883.95 Safari\/537.36","timestamp":1530978704063,"method":"GET","request_body_len":0,"uri":"\/api\/v1\/clusters\/metron_cluster\/components\/?ServiceComponentInfo\/component_name=APP_TIMELINE_SERVER|ServiceComponentInfo\/category=MASTER&fields=ServiceComponentInfo\/service_name,host_components\/HostRoles\/display_name,host_components\/HostRoles\/host_name,host_components\/HostRoles\/state,host_components\/HostRoles\/maintenance_state,host_components\/HostRoles\/stale_configs,host_components\/HostRoles\/ha_state,host_components\/HostRoles\/desired_admin_state,,host_components\/metrics\/jvm\/memHeapUsedM,host_components\/metrics\/jvm\/HeapMemoryMax,host_components\/metrics\/jvm\/HeapMemoryUsed,host_components\/metrics\/jvm\/memHeapCommittedM,host_components\/metrics\/mapred\/jobtracker\/trackers_decommissioned,host_components\/metrics\/cpu\/cpu_wio,host_components\/metrics\/rpc\/client\/RpcQueueTime_avg_time,host_components\/metrics\/dfs\/FSNamesystem\/*,host_components\/metrics\/dfs\/namenode\/Version,host_components\/metrics\/dfs\/namenode\/LiveNodes,host_components\/metrics\/dfs\/namenode\/DeadNodes,host_components\/metrics\/dfs\/namenode\/DecomNodes,host_components\/metrics\/dfs\/namenode\/TotalFiles,host_components\/metrics\/dfs\/namenode\/UpgradeFinalized,host_components\/metrics\/dfs\/namenode\/Safemode,host_components\/metrics\/runtime\/StartTime,host_components\/metrics\/hbase\/master\/IsActiveMaster,host_components\/metrics\/hbase\/master\/MasterStartTime,host_components\/metrics\/hbase\/master\/MasterActiveTime,host_components\/metrics\/hbase\/master\/AverageLoad,host_components\/metrics\/master\/AssignmentManger\/ritCount,metrics\/api\/v1\/cluster\/summary,metrics\/api\/v1\/topology\/summary,metrics\/api\/v1\/nimbus\/summary,host_components\/metrics\/yarn\/Queue,host_components\/metrics\/yarn\/ClusterMetrics\/NumActiveNMs,host_components\/metrics\/yarn\/ClusterMetrics\/NumLostNMs,host_components\/metrics\/yarn\/ClusterMetrics\/NumUnhealthyNMs,host_components\/metrics\/yarn\/ClusterMetrics\/NumRebootedNMs,host_components\/metrics\/yarn\/ClusterMetrics\/NumDecommissionedNMs&minimal_response=true&_=1484169119448","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978710490","referrer":"http:\/\/node1:8080\/","threatintelsplitterbolt.splitter.end.ts":"1530978710497","adapter.threatinteladapter.begin.ts":"1530978710499","ip_src_port":50451,"guid":"03546910-68c3-4aa4-90a3-6983bc23324e","response_body_len":0}
{"adapter.threatinteladapter.end.ts":"1530978710499","bro_timestamp":"1530978704.137918","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978710478","enrichments.geo.ip_dst_addr.city":"Elektrostal","enrichments.geo.ip_dst_addr.latitude":"55.7896","enrichmentsplitterbolt.splitter.begin.ts":"1530978710478","adapter.hostfromjsonlistadapter.end.ts":"1530978710489","enrichments.geo.ip_dst_addr.country":"RU","enrichments.geo.ip_dst_addr.locID":"563523","adapter.geoadapter.begin.ts":"1530978710490","enrichments.geo.ip_dst_addr.postalCode":"144004","uid":"Cx8Ucg1r67RywyWab1","resp_mime_types":["image\/png"],"trans_depth":2,"protocol":"http","original_string":"HTTP | id.orig_p:49205 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:\/img\/flags\/us.png tags:[] uid:Cx8Ucg1r67RywyWab1 referrer:http:\/\/7oqnsnzwwnm6zb7y.gigapaysun.com\/11iQmfg resp_mime_types:[\"image\\\/png\"] trans_depth:2 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:825 user_agent:Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978704.137918 id.resp_h:95.163.121.204 resp_fuids:[\"FCr63p4t8M7SUAumi3\"]","ip_dst_addr":"95.163.121.204","threatinteljoinbolt.joiner.ts":"1530978710502","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","enrichmentjoinbolt.joiner.ts":"1530978710494","adapter.hostfromjsonlistadapter.begin.ts":"1530978710489","threatintelsplitterbolt.splitter.begin.ts":"1530978710497","enrichments.geo.ip_dst_addr.longitude":"38.4467","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FCr63p4t8M7SUAumi3"],"timestamp":1530978704137,"method":"GET","request_body_len":0,"uri":"\/img\/flags\/us.png","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978710490","referrer":"http:\/\/7oqnsnzwwnm6zb7y.gigapaysun.com\/11iQmfg","threatintelsplitterbolt.splitter.end.ts":"1530978710497","adapter.threatinteladapter.begin.ts":"1530978710499","ip_src_port":49205,"enrichments.geo.ip_dst_addr.location_point":"55.7896,38.4467","status_msg":"OK","guid":"5ea15274-bf38-423e-9c3e-6fb0f3bf0270","response_body_len":825}
{"adapter.threatinteladapter.end.ts":"1530978710499","bro_timestamp":"1530978704.973595","ip_dst_port":8080,"enrichmentsplitterbolt.splitter.end.ts":"1530978710478","enrichmentsplitterbolt.splitter.begin.ts":"1530978710478","adapter.hostfromjsonlistadapter.end.ts":"1530978710489","adapter.geoadapter.begin.ts":"1530978710490","uid":"CUrRne3iLIxXavQtci","trans_depth":251,"protocol":"http","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:\/api\/v1\/clusters\/metron_cluster?fields=Clusters\/desired_configs\/cluster-env&_=1484169429016 tags:[] uid:CUrRne3iLIxXavQtci referrer:http:\/\/node1:8080\/ trans_depth:251 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/55.0.2883.95 Safari\/537.36 ts:1530978704.973595 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","threatinteljoinbolt.joiner.ts":"1530978710502","host":"node1","enrichmentjoinbolt.joiner.ts":"1530978710494","adapter.hostfromjsonlistadapter.begin.ts":"1530978710489","threatintelsplitterbolt.splitter.begin.ts":"1530978710497","ip_src_addr":"192.168.66.1","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/55.0.2883.95 Safari\/537.36","timestamp":1530978704973,"method":"GET","request_body_len":0,"uri":"\/api\/v1\/clusters\/metron_cluster?fields=Clusters\/desired_configs\/cluster-env&_=1484169429016","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978710490","referrer":"http:\/\/node1:8080\/","threatintelsplitterbolt.splitter.end.ts":"1530978710497","adapter.threatinteladapter.begin.ts":"1530978710499","ip_src_port":50451,"guid":"273e3d59-b616-424e-8c30-add81bd671b9","response_body_len":0}
{"adapter.threatinteladapter.end.ts":"1530978710499","bro_timestamp":"1530978704.973117","ip_dst_port":8080,"enrichmentsplitterbolt.splitter.end.ts":"1530978710478","enrichmentsplitterbolt.splitter.begin.ts":"1530978710478","adapter.hostfromjsonlistadapter.end.ts":"1530978710489","adapter.geoadapter.begin.ts":"1530978710490","uid":"CUrRne3iLIxXavQtci","trans_depth":247,"protocol":"http","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:\/api\/v1\/clusters?fields=Clusters\/provisioning_state&_=1484169420015 tags:[] uid:CUrRne3iLIxXavQtci referrer:http:\/\/node1:8080\/ trans_depth:247 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/55.0.2883.95 Safari\/537.36 ts:1530978704.973117 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","threatinteljoinbolt.joiner.ts":"1530978710502","host":"node1","enrichmentjoinbolt.joiner.ts":"1530978710494","adapter.hostfromjsonlistadapter.begin.ts":"1530978710489","threatintelsplitterbolt.splitter.begin.ts":"1530978710497","ip_src_addr":"192.168.66.1","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/55.0.2883.95 Safari\/537.36","timestamp":1530978704973,"method":"GET","request_body_len":0,"uri":"\/api\/v1\/clusters?fields=Clusters\/provisioning_state&_=1484169420015","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978710490","referrer":"http:\/\/node1:8080\/","threatintelsplitterbolt.splitter.end.ts":"1530978710497","adapter.threatinteladapter.begin.ts":"1530978710499","ip_src_port":50451,"guid":"9ba63d37-9e6b-4ba8-8504-cc418d9ce8aa","response_body_len":0}
{"adapter.threatinteladapter.end.ts":"1530978710499","qclass_name":"C_INTERNET","bro_timestamp":"1530978704.094553","qtype_name":"PTR","ip_dst_port":5353,"enrichmentsplitterbolt.splitter.end.ts":"1530978710479","qtype":12,"rejected":false,"enrichmentsplitterbolt.splitter.begin.ts":"1530978710479","adapter.hostfromjsonlistadapter.end.ts":"1530978710489","trans_id":0,"adapter.geoadapter.begin.ts":"1530978710490","uid":"C03Lir2lgO0AxyDctk","protocol":"dns","original_string":"DNS | AA:false qclass_name:C_INTERNET id.orig_p:5353 qtype_name:PTR qtype:12 rejected:false id.resp_p:5353 query:_googlecast._tcp.local trans_id:0 TC:false RA:false uid:C03Lir2lgO0AxyDctk RD:false proto:udp id.orig_h:192.168.66.1 Z:0 qclass:1 ts:1530978704.094553 id.resp_h:224.0.0.251","ip_dst_addr":"224.0.0.251","threatinteljoinbolt.joiner.ts":"1530978710502","enrichmentjoinbolt.joiner.ts":"1530978710494","adapter.hostfromjsonlistadapter.begin.ts":"1530978710489","threatintelsplitterbolt.splitter.begin.ts":"1530978710497","Z":0,"ip_src_addr":"192.168.66.1","qclass":1,"timestamp":1530978704094,"AA":false,"query":"_googlecast._tcp.local","TC":false,"RA":false,"source.type":"bro","adapter.geoadapter.end.ts":"1530978710490","RD":false,"threatintelsplitterbolt.splitter.end.ts":"1530978710497","adapter.threatinteladapter.begin.ts":"1530978710499","ip_src_port":5353,"proto":"udp","guid":"b5849fa0-3b1f-44a8-8b89-0eb3e823ba6f"}
{"adapter.threatinteladapter.end.ts":"1530978710499","bro_timestamp":"1530978704.896579","ip_dst_port":8080,"enrichmentsplitterbolt.splitter.end.ts":"1530978710479","enrichmentsplitterbolt.splitter.begin.ts":"1530978710479","adapter.hostfromjsonlistadapter.end.ts":"1530978710489","adapter.geoadapter.begin.ts":"1530978710490","uid":"CUrRne3iLIxXavQtci","trans_depth":132,"protocol":"http","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:\/api\/v1\/clusters\/metron_cluster\/components\/?fields=ServiceComponentInfo\/service_name,ServiceComponentInfo\/category,ServiceComponentInfo\/installed_count,ServiceComponentInfo\/started_count,ServiceComponentInfo\/init_count,ServiceComponentInfo\/install_failed_count,ServiceComponentInfo\/unknown_count,ServiceComponentInfo\/total_count,ServiceComponentInfo\/display_name,host_components\/HostRoles\/host_name&minimal_response=true&_=1484168884281 tags:[] uid:CUrRne3iLIxXavQtci referrer:http:\/\/node1:8080\/ trans_depth:132 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/55.0.2883.95 Safari\/537.36 ts:1530978704.896579 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","threatinteljoinbolt.joiner.ts":"1530978710502","host":"node1","enrichmentjoinbolt.joiner.ts":"1530978710495","adapter.hostfromjsonlistadapter.begin.ts":"1530978710489","threatintelsplitterbolt.splitter.begin.ts":"1530978710497","ip_src_addr":"192.168.66.1","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/55.0.2883.95 Safari\/537.36","timestamp":1530978704896,"method":"GET","request_body_len":0,"uri":"\/api\/v1\/clusters\/metron_cluster\/components\/?fields=ServiceComponentInfo\/service_name,ServiceComponentInfo\/category,ServiceComponentInfo\/installed_count,ServiceComponentInfo\/started_count,ServiceComponentInfo\/init_count,ServiceComponentInfo\/install_failed_count,ServiceComponentInfo\/unknown_count,ServiceComponentInfo\/total_count,ServiceComponentInfo\/display_name,host_components\/HostRoles\/host_name&minimal_response=true&_=1484168884281","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978710490","referrer":"http:\/\/node1:8080\/","threatintelsplitterbolt.splitter.end.ts":"1530978710497","adapter.threatinteladapter.begin.ts":"1530978710499","ip_src_port":50451,"guid":"bc257399-d461-4dd2-b6ac-d18c26af2dd2","response_body_len":0}
{"adapter.threatinteladapter.end.ts":"1530978710499","bro_timestamp":"1530978704.015832","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978710479","enrichments.geo.ip_dst_addr.city":"Los Angeles","enrichments.geo.ip_dst_addr.latitude":"34.0494","enrichmentsplitterbolt.splitter.begin.ts":"1530978710479","adapter.hostfromjsonlistadapter.end.ts":"1530978710489","enrichments.geo.ip_dst_addr.country":"US","enrichments.geo.ip_dst_addr.locID":"5368361","adapter.geoadapter.begin.ts":"1530978710490","enrichments.geo.ip_dst_addr.postalCode":"90014","uid":"CpBTZB1XlDvW4TC9o4","resp_mime_types":["image\/png"],"trans_depth":1,"protocol":"http","original_string":"HTTP | id.orig_p:49202 status_code:200 method:POST request_body_len:162 id.resp_p:80 orig_mime_types:[\"text\\\/plain\"] uri:\/wp-content\/themes\/grizzly\/img5.php?u=mfymi71rapdzk tags:[] uid:CpBTZB1XlDvW4TC9o4 resp_mime_types:[\"image\\\/png\"] trans_depth:1 orig_fuids:[\"F2Jzoe3KKRC5QVAA72\"] host:comarksecurity.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:45662 user_agent:Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978704.015832 id.resp_h:72.34.49.86 resp_fuids:[\"FUTx241N7osQc8nSH1\"]","ip_dst_addr":"72.34.49.86","threatinteljoinbolt.joiner.ts":"1530978710503","enrichments.geo.ip_dst_addr.dmaCode":"803","host":"comarksecurity.com","enrichmentjoinbolt.joiner.ts":"1530978710495","adapter.hostfromjsonlistadapter.begin.ts":"1530978710489","threatintelsplitterbolt.splitter.begin.ts":"1530978710497","enrichments.geo.ip_dst_addr.longitude":"-118.2641","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FUTx241N7osQc8nSH1"],"timestamp":1530978704015,"method":"POST","request_body_len":162,"orig_mime_types":["text\/plain"],"uri":"\/wp-content\/themes\/grizzly\/img5.php?u=mfymi71rapdzk","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978710490","threatintelsplitterbolt.splitter.end.ts":"1530978710497","adapter.threatinteladapter.begin.ts":"1530978710499","orig_fuids":["F2Jzoe3KKRC5QVAA72"],"ip_src_port":49202,"enrichments.geo.ip_dst_addr.location_point":"34.0494,-118.2641","status_msg":"OK","guid":"48802e94-0e14-43b6-aa8b-14e3b59e72a6","response_body_len":45662}
{"adapter.threatinteladapter.end.ts":"1530978710499","bro_timestamp":"1530978704.264989","status_code":304,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978710480","enrichments.geo.ip_dst_addr.city":"Elektrostal","enrichments.geo.ip_dst_addr.latitude":"55.7896","enrichmentsplitterbolt.splitter.begin.ts":"1530978710480","adapter.hostfromjsonlistadapter.end.ts":"1530978710489","enrichments.geo.ip_dst_addr.country":"RU","enrichments.geo.ip_dst_addr.locID":"563523","adapter.geoadapter.begin.ts":"1530978710490","enrichments.geo.ip_dst_addr.postalCode":"144004","uid":"CX9L2c29ZYGsLN10n5","trans_depth":4,"protocol":"http","original_string":"HTTP | id.orig_p:49206 status_code:304 method:GET request_body_len:0 id.resp_p:80 uri:\/img\/style.css tags:[] uid:CX9L2c29ZYGsLN10n5 referrer:http:\/\/7oqnsnzwwnm6zb7y.gigapaysun.com\/11iQmfg trans_depth:4 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:Not Modified id.orig_h:192.168.138.158 response_body_len:0 user_agent:Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978704.264989 id.resp_h:95.163.121.204","ip_dst_addr":"95.163.121.204","threatinteljoinbolt.joiner.ts":"1530978710503","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","enrichmentjoinbolt.joiner.ts":"1530978710495","adapter.hostfromjsonlistadapter.begin.ts":"1530978710489","threatintelsplitterbolt.splitter.begin.ts":"1530978710497","enrichments.geo.ip_dst_addr.longitude":"38.4467","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","timestamp":1530978704264,"method":"GET","request_body_len":0,"uri":"\/img\/style.css","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978710490","referrer":"http:\/\/7oqnsnzwwnm6zb7y.gigapaysun.com\/11iQmfg","threatintelsplitterbolt.splitter.end.ts":"1530978710497","adapter.threatinteladapter.begin.ts":"1530978710499","ip_src_port":49206,"enrichments.geo.ip_dst_addr.location_point":"55.7896,38.4467","status_msg":"Not Modified","guid":"f627bf99-57d1-4844-94e8-f44f10530bd8","response_body_len":0}
{"adapter.threatinteladapter.end.ts":"1530978710499","bro_timestamp":"1530978708.760542","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978710480","enrichments.geo.ip_dst_addr.city":"Elektrostal","enrichments.geo.ip_dst_addr.latitude":"55.7896","enrichmentsplitterbolt.splitter.begin.ts":"1530978710480","adapter.hostfromjsonlistadapter.end.ts":"1530978710489","enrichments.geo.ip_dst_addr.country":"RU","enrichments.geo.ip_dst_addr.locID":"563523","adapter.geoadapter.begin.ts":"1530978710490","enrichments.geo.ip_dst_addr.postalCode":"144004","uid":"Cx7JE83AWXe9eyppvg","resp_mime_types":["image\/x-icon"],"trans_depth":2,"protocol":"http","original_string":"HTTP | id.orig_p:49207 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:\/favicon.ico tags:[] uid:Cx7JE83AWXe9eyppvg resp_mime_types:[\"image\\\/x-icon\"] trans_depth:2 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:318 user_agent:Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978708.760542 id.resp_h:95.163.121.204 resp_fuids:[\"FABIhF7C2XrovcYCi\"]","ip_dst_addr":"95.163.121.204","threatinteljoinbolt.joiner.ts":"1530978710503","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","enrichmentjoinbolt.joiner.ts":"1530978710495","adapter.hostfromjsonlistadapter.begin.ts":"1530978710489","threatintelsplitterbolt.splitter.begin.ts":"1530978710497","enrichments.geo.ip_dst_addr.longitude":"38.4467","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FABIhF7C2XrovcYCi"],"timestamp":1530978708760,"method":"GET","request_body_len":0,"uri":"\/favicon.ico","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978710490","threatintelsplitterbolt.splitter.end.ts":"1530978710497","adapter.threatinteladapter.begin.ts":"1530978710499","ip_src_port":49207,"enrichments.geo.ip_dst_addr.location_point":"55.7896,38.4467","status_msg":"OK","guid":"3aae739b-f036-4e3f-8a7c-fd4bd2924471","response_body_len":318}
{"TTLs":[14069.0],"adapter.threatinteladapter.end.ts":"1530978710499","qclass_name":"C_INTERNET","bro_timestamp":"1530978708.288392","qtype_name":"A","ip_dst_port":53,"enrichmentsplitterbolt.splitter.end.ts":"1530978710481","qtype":1,"rejected":false,"answers":["204.152.254.221"],"enrichmentsplitterbolt.splitter.begin.ts":"1530978710480","adapter.hostfromjsonlistadapter.end.ts":"1530978710490","trans_id":23625,"adapter.geoadapter.begin.ts":"1530978710490","uid":"CAS65s1sNWsjjDoLH3","protocol":"dns","original_string":"DNS | AA:false TTLs:[14069.0] qclass_name:C_INTERNET id.orig_p:61720 qtype_name:A qtype:1 rejected:false id.resp_p:53 query:runlove.us answers:[\"204.152.254.221\"] trans_id:23625 rcode:0 rcode_name:NOERROR TC:false RA:true uid:CAS65s1sNWsjjDoLH3 RD:true proto:udp id.orig_h:192.168.138.158 Z:0 qclass:1 ts:1530978708.288392 id.resp_h:192.168.138.2","ip_dst_addr":"192.168.138.2","threatinteljoinbolt.joiner.ts":"1530978710503","enrichmentjoinbolt.joiner.ts":"1530978710495","adapter.hostfromjsonlistadapter.begin.ts":"1530978710490","threatintelsplitterbolt.splitter.begin.ts":"1530978710497","Z":0,"ip_src_addr":"192.168.138.158","qclass":1,"timestamp":1530978708288,"AA":false,"query":"runlove.us","rcode":0,"rcode_name":"NOERROR","TC":false,"RA":true,"source.type":"bro","adapter.geoadapter.end.ts":"1530978710490","RD":true,"threatintelsplitterbolt.splitter.end.ts":"1530978710497","adapter.threatinteladapter.begin.ts":"1530978710499","ip_src_port":61720,"proto":"udp","guid":"5e2bca3e-47d7-45f3-8442-08c2a2768f2b"}
{"adapter.threatinteladapter.end.ts":"1530978710500","bro_timestamp":"1530978708.670419","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978710481","enrichments.geo.ip_dst_addr.city":"Strasbourg","enrichments.geo.ip_dst_addr.latitude":"48.5839","enrichmentsplitterbolt.splitter.begin.ts":"1530978710481","adapter.hostfromjsonlistadapter.end.ts":"1530978710490","enrichments.geo.ip_dst_addr.country":"FR","enrichments.geo.ip_dst_addr.locID":"2973783","adapter.geoadapter.begin.ts":"1530978710490","enrichments.geo.ip_dst_addr.postalCode":"67100","uid":"CYQq8E1GZOt01YVHq1","trans_depth":1,"protocol":"http","original_string":"HTTP | id.orig_p:49192 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:\/?d71e0bd86db9587158745a986a4b3606 tags:[] uid:CYQq8E1GZOt01YVHq1 trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:0 user_agent:Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978708.670419 id.resp_h:62.75.195.236","ip_dst_addr":"62.75.195.236","threatinteljoinbolt.joiner.ts":"1530978710503","host":"62.75.195.236","enrichmentjoinbolt.joiner.ts":"1530978710495","adapter.hostfromjsonlistadapter.begin.ts":"1530978710490","threatintelsplitterbolt.splitter.begin.ts":"1530978710497","enrichments.geo.ip_dst_addr.longitude":"7.7455","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","timestamp":1530978708670,"method":"GET","request_body_len":0,"uri":"\/?d71e0bd86db9587158745a986a4b3606","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978710490","threatintelsplitterbolt.splitter.end.ts":"1530978710497","adapter.threatinteladapter.begin.ts":"1530978710500","ip_src_port":49192,"enrichments.geo.ip_dst_addr.location_point":"48.5839,7.7455","status_msg":"OK","guid":"cef73766-56af-4c44-a595-e5118795a708","response_body_len":0}
{"adapter.threatinteladapter.end.ts":"1530978710500","bro_timestamp":"1530978708.883522","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978710482","enrichments.geo.ip_dst_addr.city":"Elektrostal","enrichments.geo.ip_dst_addr.latitude":"55.7896","enrichmentsplitterbolt.splitter.begin.ts":"1530978710482","adapter.hostfromjsonlistadapter.end.ts":"1530978710490","enrichments.geo.ip_dst_addr.country":"RU","enrichments.geo.ip_dst_addr.locID":"563523","adapter.geoadapter.begin.ts":"1530978710490","enrichments.geo.ip_dst_addr.postalCode":"144004","uid":"ClNvrm11cIpvatxVR2","resp_mime_types":["image\/x-icon"],"trans_depth":2,"protocol":"http","original_string":"HTTP | id.orig_p:49207 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:\/favicon.ico tags:[] uid:ClNvrm11cIpvatxVR2 resp_mime_types:[\"image\\\/x-icon\"] trans_depth:2 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:318 user_agent:Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978708.883522 id.resp_h:95.163.121.204 resp_fuids:[\"FlIiHFeqqHoJP0GH4\"]","ip_dst_addr":"95.163.121.204","threatinteljoinbolt.joiner.ts":"1530978710503","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","enrichmentjoinbolt.joiner.ts":"1530978710495","adapter.hostfromjsonlistadapter.begin.ts":"1530978710490","threatintelsplitterbolt.splitter.begin.ts":"1530978710497","enrichments.geo.ip_dst_addr.longitude":"38.4467","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FlIiHFeqqHoJP0GH4"],"timestamp":1530978708883,"method":"GET","request_body_len":0,"uri":"\/favicon.ico","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978710490","threatintelsplitterbolt.splitter.end.ts":"1530978710497","adapter.threatinteladapter.begin.ts":"1530978710500","ip_src_port":49207,"enrichments.geo.ip_dst_addr.location_point":"55.7896,38.4467","status_msg":"OK","guid":"eb723658-e320-472d-9d19-8c832f93dd37","response_body_len":318}
{"adapter.threatinteladapter.end.ts":"1530978710500","qclass_name":"C_INTERNET","bro_timestamp":"1530978708.430175","qtype_name":"PTR","ip_dst_port":5353,"enrichmentsplitterbolt.splitter.end.ts":"1530978710482","qtype":12,"rejected":false,"enrichmentsplitterbolt.splitter.begin.ts":"1530978710482","adapter.hostfromjsonlistadapter.end.ts":"1530978710490","trans_id":0,"adapter.geoadapter.begin.ts":"1530978710490","uid":"Cx7bil4EcuyIC1pVvb","protocol":"dns","original_string":"DNS | AA:false qclass_name:C_INTERNET id.orig_p:5353 qtype_name:PTR qtype:12 rejected:false id.resp_p:5353 query:_googlecast._tcp.local trans_id:0 TC:false RA:false uid:Cx7bil4EcuyIC1pVvb RD:false proto:udp id.orig_h:192.168.66.1 Z:0 qclass:1 ts:1530978708.430175 id.resp_h:224.0.0.251","ip_dst_addr":"224.0.0.251","threatinteljoinbolt.joiner.ts":"1530978710504","enrichmentjoinbolt.joiner.ts":"1530978710495","adapter.hostfromjsonlistadapter.begin.ts":"1530978710490","threatintelsplitterbolt.splitter.begin.ts":"1530978710497","Z":0,"ip_src_addr":"192.168.66.1","qclass":1,"timestamp":1530978708430,"AA":false,"query":"_googlecast._tcp.local","TC":false,"RA":false,"source.type":"bro","adapter.geoadapter.end.ts":"1530978710490","RD":false,"threatintelsplitterbolt.splitter.end.ts":"1530978710497","adapter.threatinteladapter.begin.ts":"1530978710500","ip_src_port":5353,"proto":"udp","guid":"be730290-a5d9-4a4e-b251-014a2694b9d2"}
{"adapter.threatinteladapter.end.ts":"1530978714364","bro_timestamp":"1530978708.970988","status_code":304,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978714345","enrichments.geo.ip_dst_addr.city":"Elektrostal","enrichments.geo.ip_dst_addr.latitude":"55.7896","enrichmentsplitterbolt.splitter.begin.ts":"1530978714345","adapter.hostfromjsonlistadapter.end.ts":"1530978714351","enrichments.geo.ip_dst_addr.country":"RU","enrichments.geo.ip_dst_addr.locID":"563523","adapter.geoadapter.begin.ts":"1530978714353","enrichments.geo.ip_dst_addr.postalCode":"144004","uid":"CFYsPe4XJH9BV5pQ2c","trans_depth":4,"protocol":"http","original_string":"HTTP | id.orig_p:49206 status_code:304 method:GET request_body_len:0 id.resp_p:80 uri:\/img\/style.css tags:[] uid:CFYsPe4XJH9BV5pQ2c referrer:http:\/\/7oqnsnzwwnm6zb7y.gigapaysun.com\/11iQmfg trans_depth:4 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:Not Modified id.orig_h:192.168.138.158 response_body_len:0 user_agent:Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978708.970988 id.resp_h:95.163.121.204","ip_dst_addr":"95.163.121.204","threatinteljoinbolt.joiner.ts":"1530978714420","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","enrichmentjoinbolt.joiner.ts":"1530978714358","adapter.hostfromjsonlistadapter.begin.ts":"1530978714351","threatintelsplitterbolt.splitter.begin.ts":"1530978714362","enrichments.geo.ip_dst_addr.longitude":"38.4467","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","timestamp":1530978708970,"method":"GET","request_body_len":0,"uri":"\/img\/style.css","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978714353","referrer":"http:\/\/7oqnsnzwwnm6zb7y.gigapaysun.com\/11iQmfg","threatintelsplitterbolt.splitter.end.ts":"1530978714362","adapter.threatinteladapter.begin.ts":"1530978714364","ip_src_port":49206,"enrichments.geo.ip_dst_addr.location_point":"55.7896,38.4467","status_msg":"Not Modified","guid":"a0844630-4535-402b-b4c7-b271bc55ea3c","response_body_len":0}
{"TTLs":[14069.0],"adapter.threatinteladapter.end.ts":"1530978714364","qclass_name":"C_INTERNET","bro_timestamp":"1530978708.667408","qtype_name":"A","ip_dst_port":53,"enrichmentsplitterbolt.splitter.end.ts":"1530978714346","qtype":1,"rejected":false,"answers":["204.152.254.221"],"enrichmentsplitterbolt.splitter.begin.ts":"1530978714346","adapter.hostfromjsonlistadapter.end.ts":"1530978714351","trans_id":23625,"adapter.geoadapter.begin.ts":"1530978714353","uid":"C8vTE82vZNVedhnxh5","protocol":"dns","original_string":"DNS | AA:false TTLs:[14069.0] qclass_name:C_INTERNET id.orig_p:61720 qtype_name:A qtype:1 rejected:false id.resp_p:53 query:runlove.us answers:[\"204.152.254.221\"] trans_id:23625 rcode:0 rcode_name:NOERROR TC:false RA:true uid:C8vTE82vZNVedhnxh5 RD:true proto:udp id.orig_h:192.168.138.158 Z:0 qclass:1 ts:1530978708.667408 id.resp_h:192.168.138.2","ip_dst_addr":"192.168.138.2","threatinteljoinbolt.joiner.ts":"1530978714421","enrichmentjoinbolt.joiner.ts":"1530978714358","adapter.hostfromjsonlistadapter.begin.ts":"1530978714351","threatintelsplitterbolt.splitter.begin.ts":"1530978714362","Z":0,"ip_src_addr":"192.168.138.158","qclass":1,"timestamp":1530978708667,"AA":false,"query":"runlove.us","rcode":0,"rcode_name":"NOERROR","TC":false,"RA":true,"source.type":"bro","adapter.geoadapter.end.ts":"1530978714353","RD":true,"threatintelsplitterbolt.splitter.end.ts":"1530978714362","adapter.threatinteladapter.begin.ts":"1530978714364","ip_src_port":61720,"proto":"udp","guid":"ef958b8c-d356-4f81-ba1a-5b4e5050c7da"}
{"adapter.threatinteladapter.end.ts":"1530978714364","bro_timestamp":"1530978708.709189","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978714346","enrichments.geo.ip_dst_addr.city":"Strasbourg","enrichments.geo.ip_dst_addr.latitude":"48.5839","enrichmentsplitterbolt.splitter.begin.ts":"1530978714346","adapter.hostfromjsonlistadapter.end.ts":"1530978714351","enrichments.geo.ip_dst_addr.country":"FR","enrichments.geo.ip_dst_addr.locID":"2973783","adapter.geoadapter.begin.ts":"1530978714353","enrichments.geo.ip_dst_addr.postalCode":"67100","uid":"CqpQlxu995hhX7Ooa","trans_depth":1,"protocol":"http","original_string":"HTTP | id.orig_p:49188 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:\/aa25f5fe2875e3d0a244e6969e589cc4 tags:[] uid:CqpQlxu995hhX7Ooa trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:861 ts:1530978708.709189 id.resp_h:62.75.195.236 resp_fuids:[\"FqjRj7tQ2u0nCuYKi\"]","ip_dst_addr":"62.75.195.236","threatinteljoinbolt.joiner.ts":"1530978714421","host":"62.75.195.236","enrichmentjoinbolt.joiner.ts":"1530978714359","adapter.hostfromjsonlistadapter.begin.ts":"1530978714351","threatintelsplitterbolt.splitter.begin.ts":"1530978714362","enrichments.geo.ip_dst_addr.longitude":"7.7455","ip_src_addr":"192.168.138.158","resp_fuids":["FqjRj7tQ2u0nCuYKi"],"timestamp":1530978708709,"method":"GET","request_body_len":0,"uri":"\/aa25f5fe2875e3d0a244e6969e589cc4","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978714353","threatintelsplitterbolt.splitter.end.ts":"1530978714362","adapter.threatinteladapter.begin.ts":"1530978714364","ip_src_port":49188,"enrichments.geo.ip_dst_addr.location_point":"48.5839,7.7455","status_msg":"OK","guid":"a9c0251b-50db-4ec4-a923-9aab8ebc40eb","response_body_len":861}
{"TTLs":[14277.0],"adapter.threatinteladapter.end.ts":"1530978714364","qclass_name":"C_INTERNET","bro_timestamp":"1530978708.469342","qtype_name":"A","ip_dst_port":53,"enrichmentsplitterbolt.splitter.end.ts":"1530978714346","qtype":1,"rejected":false,"answers":["95.163.121.204"],"enrichmentsplitterbolt.splitter.begin.ts":"1530978714346","adapter.hostfromjsonlistadapter.end.ts":"1530978714351","trans_id":5810,"adapter.geoadapter.begin.ts":"1530978714353","uid":"CU5LbB1StA2bxIOFb5","protocol":"dns","original_string":"DNS | AA:false TTLs:[14277.0] qclass_name:C_INTERNET id.orig_p:50329 qtype_name:A qtype:1 rejected:false id.resp_p:53 query:7oqnsnzwwnm6zb7y.gigapaysun.com answers:[\"95.163.121.204\"] trans_id:5810 rcode:0 rcode_name:NOERROR TC:false RA:true uid:CU5LbB1StA2bxIOFb5 RD:true proto:udp id.orig_h:192.168.138.158 Z:0 qclass:1 ts:1530978708.469342 id.resp_h:192.168.138.2","ip_dst_addr":"192.168.138.2","threatinteljoinbolt.joiner.ts":"1530978714421","enrichmentjoinbolt.joiner.ts":"1530978714359","adapter.hostfromjsonlistadapter.begin.ts":"1530978714351","threatintelsplitterbolt.splitter.begin.ts":"1530978714362","Z":0,"ip_src_addr":"192.168.138.158","qclass":1,"timestamp":1530978708469,"AA":false,"query":"7oqnsnzwwnm6zb7y.gigapaysun.com","rcode":0,"rcode_name":"NOERROR","TC":false,"RA":true,"source.type":"bro","adapter.geoadapter.end.ts":"1530978714353","RD":true,"threatintelsplitterbolt.splitter.end.ts":"1530978714362","adapter.threatinteladapter.begin.ts":"1530978714364","ip_src_port":50329,"proto":"udp","guid":"84d667e2-e710-4766-a3fa-9bbc86301e36"}
{"adapter.threatinteladapter.end.ts":"1530978714364","bro_timestamp":"1530978708.870464","ip_dst_port":8080,"enrichmentsplitterbolt.splitter.end.ts":"1530978714346","enrichmentsplitterbolt.splitter.begin.ts":"1530978714346","adapter.hostfromjsonlistadapter.end.ts":"1530978714351","adapter.geoadapter.begin.ts":"1530978714353","uid":"CUrRne3iLIxXavQtci","trans_depth":1,"protocol":"http","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:\/api\/v1\/clusters\/metron_cluster\/requests?to=end&page_size=10&fields=Requests&_=1484168316902 tags:[] uid:CUrRne3iLIxXavQtci referrer:http:\/\/node1:8080\/ trans_depth:1 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/55.0.2883.95 Safari\/537.36 ts:1530978708.870464 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","threatinteljoinbolt.joiner.ts":"1530978714421","host":"node1","enrichmentjoinbolt.joiner.ts":"1530978714359","adapter.hostfromjsonlistadapter.begin.ts":"1530978714351","threatintelsplitterbolt.splitter.begin.ts":"1530978714362","ip_src_addr":"192.168.66.1","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/55.0.2883.95 Safari\/537.36","timestamp":1530978708870,"method":"GET","request_body_len":0,"uri":"\/api\/v1\/clusters\/metron_cluster\/requests?to=end&page_size=10&fields=Requests&_=1484168316902","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978714353","referrer":"http:\/\/node1:8080\/","threatintelsplitterbolt.splitter.end.ts":"1530978714362","adapter.threatinteladapter.begin.ts":"1530978714364","ip_src_port":50451,"guid":"1c06bdf1-c93a-4a25-afb4-38706fe66dad","response_body_len":0}
{"adapter.threatinteladapter.end.ts":"1530978714364","bro_timestamp":"1530978712.058367","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978714346","enrichments.geo.ip_dst_addr.city":"Strasbourg","enrichments.geo.ip_dst_addr.latitude":"48.5839","enrichmentsplitterbolt.splitter.begin.ts":"1530978714346","adapter.hostfromjsonlistadapter.end.ts":"1530978714351","enrichments.geo.ip_dst_addr.country":"FR","enrichments.geo.ip_dst_addr.locID":"2973783","adapter.geoadapter.begin.ts":"1530978714353","enrichments.geo.ip_dst_addr.postalCode":"67100","uid":"CuIYie338ayQ4QvzPi","trans_depth":1,"protocol":"http","original_string":"HTTP | id.orig_p:49193 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:\/?34eaf8bd50d85d8c6baacb45f0a7b22e tags:[] uid:CuIYie338ayQ4QvzPi trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:0 user_agent:Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978712.058367 id.resp_h:62.75.195.236","ip_dst_addr":"62.75.195.236","threatinteljoinbolt.joiner.ts":"1530978714421","host":"62.75.195.236","enrichmentjoinbolt.joiner.ts":"1530978714359","adapter.hostfromjsonlistadapter.begin.ts":"1530978714351","threatintelsplitterbolt.splitter.begin.ts":"1530978714362","enrichments.geo.ip_dst_addr.longitude":"7.7455","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","timestamp":1530978712058,"method":"GET","request_body_len":0,"uri":"\/?34eaf8bd50d85d8c6baacb45f0a7b22e","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978714353","threatintelsplitterbolt.splitter.end.ts":"1530978714362","adapter.threatinteladapter.begin.ts":"1530978714364","ip_src_port":49193,"enrichments.geo.ip_dst_addr.location_point":"48.5839,7.7455","status_msg":"OK","guid":"f51a85af-13fb-4876-8dc5-a37510654832","response_body_len":0}
{"adapter.threatinteladapter.end.ts":"1530978714364","bro_timestamp":"1530978712.722503","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978714346","enrichments.geo.ip_dst_addr.city":"Los Angeles","enrichments.geo.ip_dst_addr.latitude":"34.0494","enrichmentsplitterbolt.splitter.begin.ts":"1530978714346","adapter.hostfromjsonlistadapter.end.ts":"1530978714351","enrichments.geo.ip_dst_addr.country":"US","enrichments.geo.ip_dst_addr.locID":"5368361","adapter.geoadapter.begin.ts":"1530978714353","enrichments.geo.ip_dst_addr.postalCode":"90014","uid":"CsyRyi4LZvVfzdaS2e","resp_mime_types":["image\/png"],"trans_depth":1,"protocol":"http","original_string":"HTTP | id.orig_p:49202 status_code:200 method:POST request_body_len:162 id.resp_p:80 orig_mime_types:[\"text\\\/plain\"] uri:\/wp-content\/themes\/grizzly\/img5.php?u=mfymi71rapdzk tags:[] uid:CsyRyi4LZvVfzdaS2e resp_mime_types:[\"image\\\/png\"] trans_depth:1 orig_fuids:[\"Fl9usz3US821agwyb\"] host:comarksecurity.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:45662 user_agent:Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978712.722503 id.resp_h:72.34.49.86 resp_fuids:[\"Fgjkrn1QODy4ZEaGf7\"]","ip_dst_addr":"72.34.49.86","threatinteljoinbolt.joiner.ts":"1530978714421","enrichments.geo.ip_dst_addr.dmaCode":"803","host":"comarksecurity.com","enrichmentjoinbolt.joiner.ts":"1530978714359","adapter.hostfromjsonlistadapter.begin.ts":"1530978714351","threatintelsplitterbolt.splitter.begin.ts":"1530978714362","enrichments.geo.ip_dst_addr.longitude":"-118.2641","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["Fgjkrn1QODy4ZEaGf7"],"timestamp":1530978712722,"method":"POST","request_body_len":162,"orig_mime_types":["text\/plain"],"uri":"\/wp-content\/themes\/grizzly\/img5.php?u=mfymi71rapdzk","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978714353","threatintelsplitterbolt.splitter.end.ts":"1530978714362","adapter.threatinteladapter.begin.ts":"1530978714364","orig_fuids":["Fl9usz3US821agwyb"],"ip_src_port":49202,"enrichments.geo.ip_dst_addr.location_point":"34.0494,-118.2641","status_msg":"OK","guid":"cb82531d-9a62-47a9-ac17-c9cbe841be64","response_body_len":45662}
{"adapter.threatinteladapter.end.ts":"1530978714364","bro_timestamp":"1530978712.051866","ip_dst_port":8080,"enrichmentsplitterbolt.splitter.end.ts":"1530978714346","enrichmentsplitterbolt.splitter.begin.ts":"1530978714346","adapter.hostfromjsonlistadapter.end.ts":"1530978714351","adapter.geoadapter.begin.ts":"1530978714353","uid":"CUrRne3iLIxXavQtci","trans_depth":129,"protocol":"http","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:\/api\/v1\/clusters\/metron_cluster\/alerts?format=groupedSummary&_=1484168877436 tags:[] uid:CUrRne3iLIxXavQtci referrer:http:\/\/node1:8080\/ trans_depth:129 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/55.0.2883.95 Safari\/537.36 ts:1530978712.051866 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","threatinteljoinbolt.joiner.ts":"1530978714421","host":"node1","enrichmentjoinbolt.joiner.ts":"1530978714359","adapter.hostfromjsonlistadapter.begin.ts":"1530978714351","threatintelsplitterbolt.splitter.begin.ts":"1530978714362","ip_src_addr":"192.168.66.1","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/55.0.2883.95 Safari\/537.36","timestamp":1530978712051,"method":"GET","request_body_len":0,"uri":"\/api\/v1\/clusters\/metron_cluster\/alerts?format=groupedSummary&_=1484168877436","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978714353","referrer":"http:\/\/node1:8080\/","threatintelsplitterbolt.splitter.end.ts":"1530978714362","adapter.threatinteladapter.begin.ts":"1530978714364","ip_src_port":50451,"guid":"24cd0763-288e-4353-ba28-5af2da4363de","response_body_len":0}
{"adapter.threatinteladapter.end.ts":"1530978714364","bro_timestamp":"1530978712.535296","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978714347","enrichments.geo.ip_dst_addr.city":"Elektrostal","enrichments.geo.ip_dst_addr.latitude":"55.7896","enrichmentsplitterbolt.splitter.begin.ts":"1530978714347","adapter.hostfromjsonlistadapter.end.ts":"1530978714351","enrichments.geo.ip_dst_addr.country":"RU","enrichments.geo.ip_dst_addr.locID":"563523","adapter.geoadapter.begin.ts":"1530978714353","enrichments.geo.ip_dst_addr.postalCode":"144004","uid":"CX9L2c29ZYGsLN10n5","resp_mime_types":["text\/plain"],"trans_depth":1,"protocol":"http","original_string":"HTTP | id.orig_p:49206 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:\/img\/style.css tags:[] uid:CX9L2c29ZYGsLN10n5 referrer:http:\/\/7oqnsnzwwnm6zb7y.gigapaysun.com\/11iQmfg resp_mime_types:[\"text\\\/plain\"] trans_depth:1 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:4492 user_agent:Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978712.535296 id.resp_h:95.163.121.204 resp_fuids:[\"Fzfuja3jgtxmJaOSLl\"]","ip_dst_addr":"95.163.121.204","threatinteljoinbolt.joiner.ts":"1530978714421","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","enrichmentjoinbolt.joiner.ts":"1530978714359","adapter.hostfromjsonlistadapter.begin.ts":"1530978714351","threatintelsplitterbolt.splitter.begin.ts":"1530978714362","enrichments.geo.ip_dst_addr.longitude":"38.4467","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["Fzfuja3jgtxmJaOSLl"],"timestamp":1530978712535,"method":"GET","request_body_len":0,"uri":"\/img\/style.css","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978714353","referrer":"http:\/\/7oqnsnzwwnm6zb7y.gigapaysun.com\/11iQmfg","threatintelsplitterbolt.splitter.end.ts":"1530978714362","adapter.threatinteladapter.begin.ts":"1530978714364","ip_src_port":49206,"enrichments.geo.ip_dst_addr.location_point":"55.7896,38.4467","status_msg":"OK","guid":"c7e9c878-0a2e-4312-b273-fa956293e614","response_body_len":4492}
{"adapter.threatinteladapter.end.ts":"1530978714364","bro_timestamp":"1530978712.06239","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978714348","enrichments.geo.ip_dst_addr.city":"Strasbourg","enrichments.geo.ip_dst_addr.latitude":"48.5839","enrichmentsplitterbolt.splitter.begin.ts":"1530978714348","adapter.hostfromjsonlistadapter.end.ts":"1530978714351","enrichments.geo.ip_dst_addr.country":"FR","enrichments.geo.ip_dst_addr.locID":"2973783","adapter.geoadapter.begin.ts":"1530978714353","enrichments.geo.ip_dst_addr.postalCode":"67100","uid":"Cmwl0u2GEZFDTv6OLh","resp_mime_types":["text\/html"],"trans_depth":1,"protocol":"http","original_string":"HTTP | id.orig_p:49184 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:\/?285a4d4e4e5a4d4d4649584c5d43064b4745 tags:[] uid:Cmwl0u2GEZFDTv6OLh resp_mime_types:[\"text\\\/html\"] trans_depth:1 host:va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in status_msg:OK id.orig_h:192.168.138.158 response_body_len:560 user_agent:Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978712.06239 id.resp_h:62.75.195.236 resp_fuids:[\"FJRfjlMKNsEu63NAh\"]","ip_dst_addr":"62.75.195.236","threatinteljoinbolt.joiner.ts":"1530978714421","host":"va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in","enrichmentjoinbolt.joiner.ts":"1530978714359","adapter.hostfromjsonlistadapter.begin.ts":"1530978714351","threatintelsplitterbolt.splitter.begin.ts":"1530978714362","enrichments.geo.ip_dst_addr.longitude":"7.7455","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FJRfjlMKNsEu63NAh"],"timestamp":1530978712062,"method":"GET","request_body_len":0,"uri":"\/?285a4d4e4e5a4d4d4649584c5d43064b4745","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978714353","threatintelsplitterbolt.splitter.end.ts":"1530978714362","adapter.threatinteladapter.begin.ts":"1530978714364","ip_src_port":49184,"enrichments.geo.ip_dst_addr.location_point":"48.5839,7.7455","status_msg":"OK","guid":"5a67d7b6-a747-4cf2-bcda-7d8d855b8454","response_body_len":560}
{"adapter.threatinteladapter.end.ts":"1530978714364","bro_timestamp":"1530978712.296445","status_code":404,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978714349","enrichments.geo.ip_dst_addr.city":"Phoenix","enrichments.geo.ip_dst_addr.latitude":"33.4499","enrichmentsplitterbolt.splitter.begin.ts":"1530978714348","adapter.hostfromjsonlistadapter.end.ts":"1530978714351","enrichments.geo.ip_dst_addr.country":"US","enrichments.geo.ip_dst_addr.locID":"5308655","adapter.geoadapter.begin.ts":"1530978714353","enrichments.geo.ip_dst_addr.postalCode":"85004","uid":"CDW8Tf2Tcs6fh21wG2","resp_mime_types":["text\/html"],"trans_depth":1,"protocol":"http","original_string":"HTTP | id.orig_p:49199 status_code:404 method:POST request_body_len:96 id.resp_p:80 orig_mime_types:[\"text\\\/plain\"] uri:\/wp-content\/themes\/twentyfifteen\/img5.php?l=8r1gf1b2t1kuq42 tags:[] uid:CDW8Tf2Tcs6fh21wG2 resp_mime_types:[\"text\\\/html\"] trans_depth:1 orig_fuids:[\"FkHP9x3nWdAJWySSUf\"] host:runlove.us status_msg:Not Found id.orig_h:192.168.138.158 response_body_len:357 user_agent:Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978712.296445 id.resp_h:204.152.254.221 resp_fuids:[\"FJOPgf2GhG5SBYMCo7\"]","ip_dst_addr":"204.152.254.221","threatinteljoinbolt.joiner.ts":"1530978714421","enrichments.geo.ip_dst_addr.dmaCode":"753","host":"runlove.us","enrichmentjoinbolt.joiner.ts":"1530978714360","adapter.hostfromjsonlistadapter.begin.ts":"1530978714351","threatintelsplitterbolt.splitter.begin.ts":"1530978714362","enrichments.geo.ip_dst_addr.longitude":"-112.0712","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FJOPgf2GhG5SBYMCo7"],"timestamp":1530978712296,"method":"POST","request_body_len":96,"orig_mime_types":["text\/plain"],"uri":"\/wp-content\/themes\/twentyfifteen\/img5.php?l=8r1gf1b2t1kuq42","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978714353","threatintelsplitterbolt.splitter.end.ts":"1530978714362","adapter.threatinteladapter.begin.ts":"1530978714364","orig_fuids":["FkHP9x3nWdAJWySSUf"],"ip_src_port":49199,"enrichments.geo.ip_dst_addr.location_point":"33.4499,-112.0712","status_msg":"Not Found","guid":"6a265634-59a6-4983-a9c1-051bc7b8a19d","response_body_len":357}
{"adapter.threatinteladapter.end.ts":"1530978714364","bro_timestamp":"1530978712.630998","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978714349","enrichments.geo.ip_dst_addr.city":"Elektrostal","enrichments.geo.ip_dst_addr.latitude":"55.7896","enrichmentsplitterbolt.splitter.begin.ts":"1530978714349","adapter.hostfromjsonlistadapter.end.ts":"1530978714351","enrichments.geo.ip_dst_addr.country":"RU","enrichments.geo.ip_dst_addr.locID":"563523","adapter.geoadapter.begin.ts":"1530978714353","enrichments.geo.ip_dst_addr.postalCode":"144004","uid":"Cm8nbh1mEqDSWqLB61","resp_mime_types":["image\/png"],"trans_depth":3,"protocol":"http","original_string":"HTTP | id.orig_p:49210 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:\/img\/button_pay.png tags:[] uid:Cm8nbh1mEqDSWqLB61 referrer:http:\/\/7oqnsnzwwnm6zb7y.gigapaysun.com\/11iQmfg resp_mime_types:[\"image\\\/png\"] trans_depth:3 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:727 user_agent:Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978712.630998 id.resp_h:95.163.121.204 resp_fuids:[\"F4UU9y2L5THk5eQzNl\"]","ip_dst_addr":"95.163.121.204","threatinteljoinbolt.joiner.ts":"1530978714422","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","enrichmentjoinbolt.joiner.ts":"1530978714360","adapter.hostfromjsonlistadapter.begin.ts":"1530978714351","threatintelsplitterbolt.splitter.begin.ts":"1530978714362","enrichments.geo.ip_dst_addr.longitude":"38.4467","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["F4UU9y2L5THk5eQzNl"],"timestamp":1530978712630,"method":"GET","request_body_len":0,"uri":"\/img\/button_pay.png","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978714353","referrer":"http:\/\/7oqnsnzwwnm6zb7y.gigapaysun.com\/11iQmfg","threatintelsplitterbolt.splitter.end.ts":"1530978714362","adapter.threatinteladapter.begin.ts":"1530978714364","ip_src_port":49210,"enrichments.geo.ip_dst_addr.location_point":"55.7896,38.4467","status_msg":"OK","guid":"310ef43e-7a93-4111-9035-f6a96aa51054","response_body_len":727}
{"TTLs":[21599.0],"adapter.threatinteladapter.end.ts":"1530978714365","qclass_name":"C_INTERNET","bro_timestamp":"1530978712.462277","qtype_name":"A","ip_dst_port":53,"enrichmentsplitterbolt.splitter.end.ts":"1530978714349","qtype":1,"rejected":false,"answers":["188.165.164.184"],"enrichmentsplitterbolt.splitter.begin.ts":"1530978714349","adapter.hostfromjsonlistadapter.end.ts":"1530978714351","trans_id":15553,"adapter.geoadapter.begin.ts":"1530978714353","uid":"CbGIVF37GpnLr9Yl9b","protocol":"dns","original_string":"DNS | AA:false TTLs:[21599.0] qclass_name:C_INTERNET id.orig_p:53571 qtype_name:A qtype:1 rejected:false id.resp_p:53 query:ip-addr.es answers:[\"188.165.164.184\"] trans_id:15553 rcode:0 rcode_name:NOERROR TC:false RA:true uid:CbGIVF37GpnLr9Yl9b RD:true proto:udp id.orig_h:192.168.138.158 Z:0 qclass:1 ts:1530978712.462277 id.resp_h:192.168.138.2","ip_dst_addr":"192.168.138.2","threatinteljoinbolt.joiner.ts":"1530978714422","enrichmentjoinbolt.joiner.ts":"1530978714360","adapter.hostfromjsonlistadapter.begin.ts":"1530978714351","threatintelsplitterbolt.splitter.begin.ts":"1530978714362","Z":0,"ip_src_addr":"192.168.138.158","qclass":1,"timestamp":1530978712462,"AA":false,"query":"ip-addr.es","rcode":0,"rcode_name":"NOERROR","TC":false,"RA":true,"source.type":"bro","adapter.geoadapter.end.ts":"1530978714353","RD":true,"threatintelsplitterbolt.splitter.end.ts":"1530978714362","adapter.threatinteladapter.begin.ts":"1530978714364","ip_src_port":53571,"proto":"udp","guid":"9cea11f4-a8fa-4d01-a50e-0cf67e593b2b"}
{"adapter.threatinteladapter.end.ts":"1530978714365","bro_timestamp":"1530978712.979947","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978714349","enrichments.geo.ip_dst_addr.city":"Los Angeles","enrichments.geo.ip_dst_addr.latitude":"34.0494","enrichmentsplitterbolt.splitter.begin.ts":"1530978714349","adapter.hostfromjsonlistadapter.end.ts":"1530978714351","enrichments.geo.ip_dst_addr.country":"US","enrichments.geo.ip_dst_addr.locID":"5368361","adapter.geoadapter.begin.ts":"1530978714353","enrichments.geo.ip_dst_addr.postalCode":"90014","uid":"COZAhy4ljJ4lBc5bgf","resp_mime_types":["text\/plain"],"trans_depth":1,"protocol":"http","original_string":"HTTP | id.orig_p:49204 status_code:200 method:POST request_body_len:110 id.resp_p:80 orig_mime_types:[\"text\\\/plain\"] uri:\/wp-content\/themes\/grizzly\/img5.php?u=ka6nnuvccqlw9 tags:[] uid:COZAhy4ljJ4lBc5bgf resp_mime_types:[\"text\\\/plain\"] trans_depth:1 orig_fuids:[\"FgncKy2eauwZjDL6h9\"] host:comarksecurity.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:14 user_agent:Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978712.979947 id.resp_h:72.34.49.86 resp_fuids:[\"FDVxtiyWLP0KeNRg8\"]","ip_dst_addr":"72.34.49.86","threatinteljoinbolt.joiner.ts":"1530978714422","enrichments.geo.ip_dst_addr.dmaCode":"803","host":"comarksecurity.com","enrichmentjoinbolt.joiner.ts":"1530978714360","adapter.hostfromjsonlistadapter.begin.ts":"1530978714351","threatintelsplitterbolt.splitter.begin.ts":"1530978714362","enrichments.geo.ip_dst_addr.longitude":"-118.2641","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FDVxtiyWLP0KeNRg8"],"timestamp":1530978712979,"method":"POST","request_body_len":110,"orig_mime_types":["text\/plain"],"uri":"\/wp-content\/themes\/grizzly\/img5.php?u=ka6nnuvccqlw9","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978714353","threatintelsplitterbolt.splitter.end.ts":"1530978714362","adapter.threatinteladapter.begin.ts":"1530978714365","orig_fuids":["FgncKy2eauwZjDL6h9"],"ip_src_port":49204,"enrichments.geo.ip_dst_addr.location_point":"34.0494,-118.2641","status_msg":"OK","guid":"363f87f6-73aa-4737-9090-0ffb8568fe6e","response_body_len":14}
{"adapter.threatinteladapter.end.ts":"1530978714365","bro_timestamp":"1530978712.964196","ip_dst_port":8080,"enrichmentsplitterbolt.splitter.end.ts":"1530978714349","enrichmentsplitterbolt.splitter.begin.ts":"1530978714349","adapter.hostfromjsonlistadapter.end.ts":"1530978714351","adapter.geoadapter.begin.ts":"1530978714353","uid":"CUrRne3iLIxXavQtci","trans_depth":234,"protocol":"http","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:\/api\/v1\/clusters\/metron_cluster\/components\/?ServiceComponentInfo\/component_name=APP_TIMELINE_SERVER|ServiceComponentInfo\/category=MASTER&fields=ServiceComponentInfo\/service_name,host_components\/HostRoles\/display_name,host_components\/HostRoles\/host_name,host_components\/HostRoles\/state,host_components\/HostRoles\/maintenance_state,host_components\/HostRoles\/stale_configs,host_components\/HostRoles\/ha_state,host_components\/HostRoles\/desired_admin_state,,host_components\/metrics\/jvm\/memHeapUsedM,host_components\/metrics\/jvm\/HeapMemoryMax,host_components\/metrics\/jvm\/HeapMemoryUsed,host_components\/metrics\/jvm\/memHeapCommittedM,host_components\/metrics\/mapred\/jobtracker\/trackers_decommissioned,host_components\/metrics\/cpu\/cpu_wio,host_components\/metrics\/rpc\/client\/RpcQueueTime_avg_time,host_components\/metrics\/dfs\/FSNamesystem\/*,host_components\/metrics\/dfs\/namenode\/Version,host_components\/metrics\/dfs\/namenode\/LiveNodes,host_components\/metrics\/dfs\/namenode\/DeadNodes,host_components\/metrics\/dfs\/namenode\/DecomNodes,host_components\/metrics\/dfs\/namenode\/TotalFiles,host_components\/metrics\/dfs\/namenode\/UpgradeFinalized,host_components\/metrics\/dfs\/namenode\/Safemode,host_components\/metrics\/runtime\/StartTime,host_components\/metrics\/hbase\/master\/IsActiveMaster,host_components\/metrics\/hbase\/master\/MasterStartTime,host_components\/metrics\/hbase\/master\/MasterActiveTime,host_components\/metrics\/hbase\/master\/AverageLoad,host_components\/metrics\/master\/AssignmentManger\/ritCount,metrics\/api\/v1\/cluster\/summary,metrics\/api\/v1\/topology\/summary,metrics\/api\/v1\/nimbus\/summary,host_components\/metrics\/yarn\/Queue,host_components\/metrics\/yarn\/ClusterMetrics\/NumActiveNMs,host_components\/metrics\/yarn\/ClusterMetrics\/NumLostNMs,host_components\/metrics\/yarn\/ClusterMetrics\/NumUnhealthyNMs,host_components\/metrics\/yarn\/ClusterMetrics\/NumRebootedNMs,host_components\/metrics\/yarn\/ClusterMetrics\/NumDecommissionedNMs&minimal_response=true&_=1484169361350 tags:[] uid:CUrRne3iLIxXavQtci referrer:http:\/\/node1:8080\/ trans_depth:234 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/55.0.2883.95 Safari\/537.36 ts:1530978712.964196 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","threatinteljoinbolt.joiner.ts":"1530978714422","host":"node1","enrichmentjoinbolt.joiner.ts":"1530978714360","adapter.hostfromjsonlistadapter.begin.ts":"1530978714351","threatintelsplitterbolt.splitter.begin.ts":"1530978714362","ip_src_addr":"192.168.66.1","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/55.0.2883.95 Safari\/537.36","timestamp":1530978712964,"method":"GET","request_body_len":0,"uri":"\/api\/v1\/clusters\/metron_cluster\/components\/?ServiceComponentInfo\/component_name=APP_TIMELINE_SERVER|ServiceComponentInfo\/category=MASTER&fields=ServiceComponentInfo\/service_name,host_components\/HostRoles\/display_name,host_components\/HostRoles\/host_name,host_components\/HostRoles\/state,host_components\/HostRoles\/maintenance_state,host_components\/HostRoles\/stale_configs,host_components\/HostRoles\/ha_state,host_components\/HostRoles\/desired_admin_state,,host_components\/metrics\/jvm\/memHeapUsedM,host_components\/metrics\/jvm\/HeapMemoryMax,host_components\/metrics\/jvm\/HeapMemoryUsed,host_components\/metrics\/jvm\/memHeapCommittedM,host_components\/metrics\/mapred\/jobtracker\/trackers_decommissioned,host_components\/metrics\/cpu\/cpu_wio,host_components\/metrics\/rpc\/client\/RpcQueueTime_avg_time,host_components\/metrics\/dfs\/FSNamesystem\/*,host_components\/metrics\/dfs\/namenode\/Version,host_components\/metrics\/dfs\/namenode\/LiveNodes,host_components\/metrics\/dfs\/namenode\/DeadNodes,host_components\/metrics\/dfs\/namenode\/DecomNodes,host_components\/metrics\/dfs\/namenode\/TotalFiles,host_components\/metrics\/dfs\/namenode\/UpgradeFinalized,host_components\/metrics\/dfs\/namenode\/Safemode,host_components\/metrics\/runtime\/StartTime,host_components\/metrics\/hbase\/master\/IsActiveMaster,host_components\/metrics\/hbase\/master\/MasterStartTime,host_components\/metrics\/hbase\/master\/MasterActiveTime,host_components\/metrics\/hbase\/master\/AverageLoad,host_components\/metrics\/master\/AssignmentManger\/ritCount,metrics\/api\/v1\/cluster\/summary,metrics\/api\/v1\/topology\/summary,metrics\/api\/v1\/nimbus\/summary,host_components\/metrics\/yarn\/Queue,host_components\/metrics\/yarn\/ClusterMetrics\/NumActiveNMs,host_components\/metrics\/yarn\/ClusterMetrics\/NumLostNMs,host_components\/metrics\/yarn\/ClusterMetrics\/NumUnhealthyNMs,host_components\/metrics\/yarn\/ClusterMetrics\/NumRebootedNMs,host_components\/metrics\/yarn\/ClusterMetrics\/NumDecommissionedNMs&minimal_response=true&_=1484169361350","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978714353","referrer":"http:\/\/node1:8080\/","threatintelsplitterbolt.splitter.end.ts":"1530978714362","adapter.threatinteladapter.begin.ts":"1530978714365","ip_src_port":50451,"guid":"cb259950-845c-4fd3-bf57-e5da6a024244","response_body_len":0}
{"adapter.threatinteladapter.end.ts":"1530978721981","bro_timestamp":"1530978716.980649","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978721955","enrichments.geo.ip_dst_addr.city":"Strasbourg","enrichments.geo.ip_dst_addr.latitude":"48.5839","enrichmentsplitterbolt.splitter.begin.ts":"1530978721954","adapter.hostfromjsonlistadapter.end.ts":"1530978721960","enrichments.geo.ip_dst_addr.country":"FR","enrichments.geo.ip_dst_addr.locID":"2973783","adapter.geoadapter.begin.ts":"1530978721960","enrichments.geo.ip_dst_addr.postalCode":"67100","uid":"CeScgBTiBLSNBBT39","trans_depth":1,"protocol":"http","original_string":"HTTP | id.orig_p:49191 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:\/?3a08b0be8322c244f5a1cb9c1057d941 tags:[] uid:CeScgBTiBLSNBBT39 trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:0 user_agent:Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978716.980649 id.resp_h:62.75.195.236","ip_dst_addr":"62.75.195.236","threatinteljoinbolt.joiner.ts":"1530978721985","host":"62.75.195.236","enrichmentjoinbolt.joiner.ts":"1530978721967","adapter.hostfromjsonlistadapter.begin.ts":"1530978721960","threatintelsplitterbolt.splitter.begin.ts":"1530978721974","enrichments.geo.ip_dst_addr.longitude":"7.7455","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","timestamp":1530978716980,"method":"GET","request_body_len":0,"uri":"\/?3a08b0be8322c244f5a1cb9c1057d941","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978721960","threatintelsplitterbolt.splitter.end.ts":"1530978721974","adapter.threatinteladapter.begin.ts":"1530978721981","ip_src_port":49191,"enrichments.geo.ip_dst_addr.location_point":"48.5839,7.7455","status_msg":"OK","guid":"22f56903-ea89-4207-8385-ac2de659da35","response_body_len":0}
{"adapter.threatinteladapter.end.ts":"1530978721984","bro_timestamp":"1530978716.395041","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978721955","enrichments.geo.ip_dst_addr.city":"Elektrostal","enrichments.geo.ip_dst_addr.latitude":"55.7896","enrichmentsplitterbolt.splitter.begin.ts":"1530978721955","adapter.hostfromjsonlistadapter.end.ts":"1530978721960","enrichments.geo.ip_dst_addr.country":"RU","enrichments.geo.ip_dst_addr.locID":"563523","adapter.geoadapter.begin.ts":"1530978721960","enrichments.geo.ip_dst_addr.postalCode":"144004","uid":"CdmrWIO9csTm3yLv9","resp_mime_types":["image\/png"],"trans_depth":2,"protocol":"http","original_string":"HTTP | id.orig_p:49205 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:\/img\/flags\/us.png tags:[] uid:CdmrWIO9csTm3yLv9 referrer:http:\/\/7oqnsnzwwnm6zb7y.gigapaysun.com\/11iQmfg resp_mime_types:[\"image\\\/png\"] trans_depth:2 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:825 user_agent:Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978716.395041 id.resp_h:95.163.121.204 resp_fuids:[\"FvyeyH3W8TkTNUHi88\"]","ip_dst_addr":"95.163.121.204","threatinteljoinbolt.joiner.ts":"1530978721990","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","enrichmentjoinbolt.joiner.ts":"1530978721969","adapter.hostfromjsonlistadapter.begin.ts":"1530978721960","threatintelsplitterbolt.splitter.begin.ts":"1530978721979","enrichments.geo.ip_dst_addr.longitude":"38.4467","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FvyeyH3W8TkTNUHi88"],"timestamp":1530978716395,"method":"GET","request_body_len":0,"uri":"\/img\/flags\/us.png","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978721960","referrer":"http:\/\/7oqnsnzwwnm6zb7y.gigapaysun.com\/11iQmfg","threatintelsplitterbolt.splitter.end.ts":"1530978721980","adapter.threatinteladapter.begin.ts":"1530978721984","ip_src_port":49205,"enrichments.geo.ip_dst_addr.location_point":"55.7896,38.4467","status_msg":"OK","guid":"4079606b-b5b2-414c-b8d1-b635ab7feba2","response_body_len":825}
{"TTLs":[13888.0],"adapter.threatinteladapter.end.ts":"1530978721984","qclass_name":"C_INTERNET","bro_timestamp":"1530978716.362076","qtype_name":"A","ip_dst_port":53,"enrichmentsplitterbolt.splitter.end.ts":"1530978721957","qtype":1,"rejected":false,"answers":["72.34.49.86"],"enrichmentsplitterbolt.splitter.begin.ts":"1530978721956","adapter.hostfromjsonlistadapter.end.ts":"1530978721960","trans_id":41589,"adapter.geoadapter.begin.ts":"1530978721960","uid":"Cw3zPc1Lrwkxsn4oK","protocol":"dns","original_string":"DNS | AA:false TTLs:[13888.0] qclass_name:C_INTERNET id.orig_p:56753 qtype_name:A qtype:1 rejected:false id.resp_p:53 query:comarksecurity.com answers:[\"72.34.49.86\"] trans_id:41589 rcode:0 rcode_name:NOERROR TC:false RA:true uid:Cw3zPc1Lrwkxsn4oK RD:true proto:udp id.orig_h:192.168.138.158 Z:0 qclass:1 ts:1530978716.362076 id.resp_h:192.168.138.2","ip_dst_addr":"192.168.138.2","threatinteljoinbolt.joiner.ts":"1530978721990","enrichmentjoinbolt.joiner.ts":"1530978721970","adapter.hostfromjsonlistadapter.begin.ts":"1530978721960","threatintelsplitterbolt.splitter.begin.ts":"1530978721980","Z":0,"ip_src_addr":"192.168.138.158","qclass":1,"timestamp":1530978716362,"AA":false,"query":"comarksecurity.com","rcode":0,"rcode_name":"NOERROR","TC":false,"RA":true,"source.type":"bro","adapter.geoadapter.end.ts":"1530978721960","RD":true,"threatintelsplitterbolt.splitter.end.ts":"1530978721980","adapter.threatinteladapter.begin.ts":"1530978721984","ip_src_port":56753,"proto":"udp","guid":"277c57ce-577c-441d-b66a-592b1440750f"}
{"adapter.threatinteladapter.end.ts":"1530978721984","bro_timestamp":"1530978716.529291","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978721957","enrichments.geo.ip_dst_addr.city":"Elektrostal","enrichments.geo.ip_dst_addr.latitude":"55.7896","enrichmentsplitterbolt.splitter.begin.ts":"1530978721957","adapter.hostfromjsonlistadapter.end.ts":"1530978721960","enrichments.geo.ip_dst_addr.country":"RU","enrichments.geo.ip_dst_addr.locID":"563523","adapter.geoadapter.begin.ts":"1530978721960","enrichments.geo.ip_dst_addr.postalCode":"144004","uid":"CU2iXc2cpNDX4bSQg4","resp_mime_types":["image\/png"],"trans_depth":1,"protocol":"http","original_string":"HTTP | id.orig_p:49210 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:\/img\/lt.png tags:[] uid:CU2iXc2cpNDX4bSQg4 referrer:http:\/\/7oqnsnzwwnm6zb7y.gigapaysun.com\/11iQmfg resp_mime_types:[\"image\\\/png\"] trans_depth:1 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:240 user_agent:Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978716.529291 id.resp_h:95.163.121.204 resp_fuids:[\"FJVM34yr7CRJiObpb\"]","ip_dst_addr":"95.163.121.204","threatinteljoinbolt.joiner.ts":"1530978721990","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","enrichmentjoinbolt.joiner.ts":"1530978721970","adapter.hostfromjsonlistadapter.begin.ts":"1530978721960","threatintelsplitterbolt.splitter.begin.ts":"1530978721980","enrichments.geo.ip_dst_addr.longitude":"38.4467","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FJVM34yr7CRJiObpb"],"timestamp":1530978716529,"method":"GET","request_body_len":0,"uri":"\/img\/lt.png","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978721960","referrer":"http:\/\/7oqnsnzwwnm6zb7y.gigapaysun.com\/11iQmfg","threatintelsplitterbolt.splitter.end.ts":"1530978721980","adapter.threatinteladapter.begin.ts":"1530978721984","ip_src_port":49210,"enrichments.geo.ip_dst_addr.location_point":"55.7896,38.4467","status_msg":"OK","guid":"af5d8842-4e9a-4a90-ac6d-feb4357168ba","response_body_len":240}
{"adapter.threatinteladapter.end.ts":"1530978721984","bro_timestamp":"1530978716.267981","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978721957","enrichments.geo.ip_dst_addr.city":"Elektrostal","enrichments.geo.ip_dst_addr.latitude":"55.7896","enrichmentsplitterbolt.splitter.begin.ts":"1530978721957","adapter.hostfromjsonlistadapter.end.ts":"1530978721960","enrichments.geo.ip_dst_addr.country":"RU","enrichments.geo.ip_dst_addr.locID":"563523","adapter.geoadapter.begin.ts":"1530978721960","enrichments.geo.ip_dst_addr.postalCode":"144004","uid":"CAMU6hVkiTheUH4z4","resp_mime_types":["image\/png"],"trans_depth":2,"protocol":"http","original_string":"HTTP | id.orig_p:49210 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:\/img\/lb.png tags:[] uid:CAMU6hVkiTheUH4z4 referrer:http:\/\/7oqnsnzwwnm6zb7y.gigapaysun.com\/11iQmfg resp_mime_types:[\"image\\\/png\"] trans_depth:2 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:239 user_agent:Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978716.267981 id.resp_h:95.163.121.204 resp_fuids:[\"FAleJd1zw6L9UPfNii\"]","ip_dst_addr":"95.163.121.204","threatinteljoinbolt.joiner.ts":"1530978721990","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","enrichmentjoinbolt.joiner.ts":"1530978721970","adapter.hostfromjsonlistadapter.begin.ts":"1530978721960","threatintelsplitterbolt.splitter.begin.ts":"1530978721980","enrichments.geo.ip_dst_addr.longitude":"38.4467","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FAleJd1zw6L9UPfNii"],"timestamp":1530978716267,"method":"GET","request_body_len":0,"uri":"\/img\/lb.png","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978721960","referrer":"http:\/\/7oqnsnzwwnm6zb7y.gigapaysun.com\/11iQmfg","threatintelsplitterbolt.splitter.end.ts":"1530978721980","adapter.threatinteladapter.begin.ts":"1530978721984","ip_src_port":49210,"enrichments.geo.ip_dst_addr.location_point":"55.7896,38.4467","status_msg":"OK","guid":"e1e321c7-f04c-46c3-a09a-5c9aba818f82","response_body_len":239}
{"adapter.threatinteladapter.end.ts":"1530978721984","bro_timestamp":"1530978716.421926","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978721957","enrichments.geo.ip_dst_addr.city":"Strasbourg","enrichments.geo.ip_dst_addr.latitude":"48.5839","enrichmentsplitterbolt.splitter.begin.ts":"1530978721957","adapter.hostfromjsonlistadapter.end.ts":"1530978721960","enrichments.geo.ip_dst_addr.country":"FR","enrichments.geo.ip_dst_addr.locID":"2973783","adapter.geoadapter.begin.ts":"1530978721960","enrichments.geo.ip_dst_addr.postalCode":"67100","uid":"Ci6H8p2J9hTYmaR6Xj","trans_depth":1,"protocol":"http","original_string":"HTTP | id.orig_p:49191 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:\/?3a08b0be8322c244f5a1cb9c1057d941 tags:[] uid:Ci6H8p2J9hTYmaR6Xj trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:0 user_agent:Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978716.421926 id.resp_h:62.75.195.236","ip_dst_addr":"62.75.195.236","threatinteljoinbolt.joiner.ts":"1530978721991","host":"62.75.195.236","enrichmentjoinbolt.joiner.ts":"1530978721970","adapter.hostfromjsonlistadapter.begin.ts":"1530978721960","threatintelsplitterbolt.splitter.begin.ts":"1530978721980","enrichments.geo.ip_dst_addr.longitude":"7.7455","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","timestamp":1530978716421,"method":"GET","request_body_len":0,"uri":"\/?3a08b0be8322c244f5a1cb9c1057d941","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978721960","threatintelsplitterbolt.splitter.end.ts":"1530978721980","adapter.threatinteladapter.begin.ts":"1530978721984","ip_src_port":49191,"enrichments.geo.ip_dst_addr.location_point":"48.5839,7.7455","status_msg":"OK","guid":"2e1f0eb2-76de-4064-8acc-7f001f1459fa","response_body_len":0}
{"adapter.threatinteladapter.end.ts":"1530978721984","bro_timestamp":"1530978716.788839","ip_dst_port":8080,"enrichmentsplitterbolt.splitter.end.ts":"1530978721958","enrichmentsplitterbolt.splitter.begin.ts":"1530978721957","adapter.hostfromjsonlistadapter.end.ts":"1530978721960","adapter.geoadapter.begin.ts":"1530978721960","uid":"CUrRne3iLIxXavQtci","trans_depth":200,"protocol":"http","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:\/api\/v1\/clusters\/metron_cluster\/services?fields=ServiceInfo\/state,ServiceInfo\/maintenance_state,components\/ServiceComponentInfo\/component_name&minimal_response=true&_=1484169228168 tags:[] uid:CUrRne3iLIxXavQtci referrer:http:\/\/node1:8080\/ trans_depth:200 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/55.0.2883.95 Safari\/537.36 ts:1530978716.788839 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","threatinteljoinbolt.joiner.ts":"1530978721991","host":"node1","enrichmentjoinbolt.joiner.ts":"1530978721971","adapter.hostfromjsonlistadapter.begin.ts":"1530978721960","threatintelsplitterbolt.splitter.begin.ts":"1530978721980","ip_src_addr":"192.168.66.1","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/55.0.2883.95 Safari\/537.36","timestamp":1530978716788,"method":"GET","request_body_len":0,"uri":"\/api\/v1\/clusters\/metron_cluster\/services?fields=ServiceInfo\/state,ServiceInfo\/maintenance_state,components\/ServiceComponentInfo\/component_name&minimal_response=true&_=1484169228168","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978721960","referrer":"http:\/\/node1:8080\/","threatintelsplitterbolt.splitter.end.ts":"1530978721980","adapter.threatinteladapter.begin.ts":"1530978721984","ip_src_port":50451,"guid":"8c559118-72a7-4df9-a876-34c0e2fb82e5","response_body_len":0}
{"adapter.threatinteladapter.end.ts":"1530978721984","bro_timestamp":"1530978716.778337","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978721958","enrichments.geo.ip_dst_addr.city":"Los Angeles","enrichments.geo.ip_dst_addr.latitude":"34.0494","enrichmentsplitterbolt.splitter.begin.ts":"1530978721958","adapter.hostfromjsonlistadapter.end.ts":"1530978721960","enrichments.geo.ip_dst_addr.country":"US","enrichments.geo.ip_dst_addr.locID":"5368361","adapter.geoadapter.begin.ts":"1530978721960","enrichments.geo.ip_dst_addr.postalCode":"90014","uid":"Cbe8Jk2tJb38gjFUJ1","resp_mime_types":["image\/png"],"trans_depth":1,"protocol":"http","original_string":"HTTP | id.orig_p:49202 status_code:200 method:POST request_body_len:162 id.resp_p:80 orig_mime_types:[\"text\\\/plain\"] uri:\/wp-content\/themes\/grizzly\/img5.php?u=mfymi71rapdzk tags:[] uid:Cbe8Jk2tJb38gjFUJ1 resp_mime_types:[\"image\\\/png\"] trans_depth:1 orig_fuids:[\"F0mGwV142T4ZO12UIe\"] host:comarksecurity.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:45662 user_agent:Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978716.778337 id.resp_h:72.34.49.86 resp_fuids:[\"FCYJUSdhsQQ0aRjQc\"]","ip_dst_addr":"72.34.49.86","threatinteljoinbolt.joiner.ts":"1530978721991","enrichments.geo.ip_dst_addr.dmaCode":"803","host":"comarksecurity.com","enrichmentjoinbolt.joiner.ts":"1530978721971","adapter.hostfromjsonlistadapter.begin.ts":"1530978721960","threatintelsplitterbolt.splitter.begin.ts":"1530978721980","enrichments.geo.ip_dst_addr.longitude":"-118.2641","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FCYJUSdhsQQ0aRjQc"],"timestamp":1530978716778,"method":"POST","request_body_len":162,"orig_mime_types":["text\/plain"],"uri":"\/wp-content\/themes\/grizzly\/img5.php?u=mfymi71rapdzk","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978721960","threatintelsplitterbolt.splitter.end.ts":"1530978721980","adapter.threatinteladapter.begin.ts":"1530978721984","orig_fuids":["F0mGwV142T4ZO12UIe"],"ip_src_port":49202,"enrichments.geo.ip_dst_addr.location_point":"34.0494,-118.2641","status_msg":"OK","guid":"598faabb-e1ae-42f3-9858-9ff491849ce4","response_body_len":45662}
{"adapter.threatinteladapter.end.ts":"1530978721985","bro_timestamp":"1530978716.814225","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978721966","enrichments.geo.ip_dst_addr.city":"Strasbourg","enrichments.geo.ip_dst_addr.latitude":"48.5839","enrichmentsplitterbolt.splitter.begin.ts":"1530978721966","adapter.hostfromjsonlistadapter.end.ts":"1530978721970","enrichments.geo.ip_dst_addr.country":"FR","enrichments.geo.ip_dst_addr.locID":"2973783","adapter.geoadapter.begin.ts":"1530978721970","enrichments.geo.ip_dst_addr.postalCode":"67100","uid":"CW5RvsMStnenkVMN9","resp_mime_types":["application\/x-dosexec"],"trans_depth":1,"protocol":"http","original_string":"HTTP | id.orig_p:49189 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:\/?b514ee6f0fe486009a6d83b035a4c0bd tags:[] uid:CW5RvsMStnenkVMN9 resp_mime_types:[\"application\\\/x-dosexec\"] trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:221184 user_agent:Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978716.814225 id.resp_h:62.75.195.236 resp_fuids:[\"FJbBkl1yTXU8JMGR4l\"]","ip_dst_addr":"62.75.195.236","threatinteljoinbolt.joiner.ts":"1530978721991","host":"62.75.195.236","enrichmentjoinbolt.joiner.ts":"1530978721973","adapter.hostfromjsonlistadapter.begin.ts":"1530978721970","threatintelsplitterbolt.splitter.begin.ts":"1530978721981","enrichments.geo.ip_dst_addr.longitude":"7.7455","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FJbBkl1yTXU8JMGR4l"],"timestamp":1530978716814,"method":"GET","request_body_len":0,"uri":"\/?b514ee6f0fe486009a6d83b035a4c0bd","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978721970","threatintelsplitterbolt.splitter.end.ts":"1530978721982","adapter.threatinteladapter.begin.ts":"1530978721985","ip_src_port":49189,"enrichments.geo.ip_dst_addr.location_point":"48.5839,7.7455","status_msg":"OK","guid":"2edc3fb8-bc67-4134-af08-45a45ef9b8f6","response_body_len":221184}
{"adapter.threatinteladapter.end.ts":"1530978721997","bro_timestamp":"1530978716.588208","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978721967","enrichments.geo.ip_dst_addr.city":"Elektrostal","enrichments.geo.ip_dst_addr.latitude":"55.7896","enrichmentsplitterbolt.splitter.begin.ts":"1530978721967","adapter.hostfromjsonlistadapter.end.ts":"1530978721970","enrichments.geo.ip_dst_addr.country":"RU","enrichments.geo.ip_dst_addr.locID":"563523","adapter.geoadapter.begin.ts":"1530978721970","enrichments.geo.ip_dst_addr.postalCode":"144004","uid":"CDRWth1RkZQBuVOyX2","resp_mime_types":["image\/x-icon"],"trans_depth":2,"protocol":"http","original_string":"HTTP | id.orig_p:49207 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:\/favicon.ico tags:[] uid:CDRWth1RkZQBuVOyX2 resp_mime_types:[\"image\\\/x-icon\"] trans_depth:2 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:318 user_agent:Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978716.588208 id.resp_h:95.163.121.204 resp_fuids:[\"FJygKu2sv9kbVQLbhh\"]","ip_dst_addr":"95.163.121.204","threatinteljoinbolt.joiner.ts":"1530978722000","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","enrichmentjoinbolt.joiner.ts":"1530978721980","adapter.hostfromjsonlistadapter.begin.ts":"1530978721970","threatintelsplitterbolt.splitter.begin.ts":"1530978721986","enrichments.geo.ip_dst_addr.longitude":"38.4467","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FJygKu2sv9kbVQLbhh"],"timestamp":1530978716588,"method":"GET","request_body_len":0,"uri":"\/favicon.ico","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978721970","threatintelsplitterbolt.splitter.end.ts":"1530978721986","adapter.threatinteladapter.begin.ts":"1530978721997","ip_src_port":49207,"enrichments.geo.ip_dst_addr.location_point":"55.7896,38.4467","status_msg":"OK","guid":"37680d59-d404-4034-afcc-58e3ab40ef13","response_body_len":318}
{"adapter.threatinteladapter.end.ts":"1530978721997","bro_timestamp":"1530978720.836714","ip_dst_port":8080,"enrichmentsplitterbolt.splitter.end.ts":"1530978721968","enrichmentsplitterbolt.splitter.begin.ts":"1530978721967","adapter.hostfromjsonlistadapter.end.ts":"1530978721970","adapter.geoadapter.begin.ts":"1530978721970","uid":"CUrRne3iLIxXavQtci","trans_depth":194,"protocol":"http","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:\/api\/v1\/clusters\/metron_cluster\/requests?to=end&page_size=10&fields=Requests&_=1484169178878 tags:[] uid:CUrRne3iLIxXavQtci referrer:http:\/\/node1:8080\/ trans_depth:194 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/55.0.2883.95 Safari\/537.36 ts:1530978720.836714 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","threatinteljoinbolt.joiner.ts":"1530978722000","host":"node1","enrichmentjoinbolt.joiner.ts":"1530978721980","adapter.hostfromjsonlistadapter.begin.ts":"1530978721970","threatintelsplitterbolt.splitter.begin.ts":"1530978721986","ip_src_addr":"192.168.66.1","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/55.0.2883.95 Safari\/537.36","timestamp":1530978720836,"method":"GET","request_body_len":0,"uri":"\/api\/v1\/clusters\/metron_cluster\/requests?to=end&page_size=10&fields=Requests&_=1484169178878","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978721970","referrer":"http:\/\/node1:8080\/","threatintelsplitterbolt.splitter.end.ts":"1530978721986","adapter.threatinteladapter.begin.ts":"1530978721997","ip_src_port":50451,"guid":"a18186b3-c18a-43d6-b963-4984871d7e34","response_body_len":0}
{"adapter.threatinteladapter.end.ts":"1530978722005","bro_timestamp":"1530978720.52134","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978721980","enrichments.geo.ip_dst_addr.city":"Strasbourg","enrichments.geo.ip_dst_addr.latitude":"48.5839","enrichmentsplitterbolt.splitter.begin.ts":"1530978721979","adapter.hostfromjsonlistadapter.end.ts":"1530978721993","enrichments.geo.ip_dst_addr.country":"FR","enrichments.geo.ip_dst_addr.locID":"2973783","adapter.geoadapter.begin.ts":"1530978721994","enrichments.geo.ip_dst_addr.postalCode":"67100","uid":"Cniyw631RU6tL0SDij","trans_depth":1,"protocol":"http","original_string":"HTTP | id.orig_p:49188 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:\/aa25f5fe2875e3d0a244e6969e589cc4 tags:[] uid:Cniyw631RU6tL0SDij trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:861 ts:1530978720.52134 id.resp_h:62.75.195.236 resp_fuids:[\"FBQW2X3B0fup5s5Ln9\"]","ip_dst_addr":"62.75.195.236","threatinteljoinbolt.joiner.ts":"1530978722008","host":"62.75.195.236","enrichmentjoinbolt.joiner.ts":"1530978721998","adapter.hostfromjsonlistadapter.begin.ts":"1530978721993","threatintelsplitterbolt.splitter.begin.ts":"1530978722002","enrichments.geo.ip_dst_addr.longitude":"7.7455","ip_src_addr":"192.168.138.158","resp_fuids":["FBQW2X3B0fup5s5Ln9"],"timestamp":1530978720521,"method":"GET","request_body_len":0,"uri":"\/aa25f5fe2875e3d0a244e6969e589cc4","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978721994","threatintelsplitterbolt.splitter.end.ts":"1530978722002","adapter.threatinteladapter.begin.ts":"1530978722005","ip_src_port":49188,"enrichments.geo.ip_dst_addr.location_point":"48.5839,7.7455","status_msg":"OK","guid":"045cbfab-748d-4bd0-adf5-24bf2a016a8b","response_body_len":861}
{"adapter.threatinteladapter.end.ts":"1530978722005","bro_timestamp":"1530978720.080146","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978721980","enrichments.geo.ip_dst_addr.city":"Strasbourg","enrichments.geo.ip_dst_addr.latitude":"48.5839","enrichmentsplitterbolt.splitter.begin.ts":"1530978721980","adapter.hostfromjsonlistadapter.end.ts":"1530978721993","enrichments.geo.ip_dst_addr.country":"FR","enrichments.geo.ip_dst_addr.locID":"2973783","adapter.geoadapter.begin.ts":"1530978721994","enrichments.geo.ip_dst_addr.postalCode":"67100","uid":"CitfgJ3XKMUwMApZeb","trans_depth":1,"protocol":"http","original_string":"HTTP | id.orig_p:49193 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:\/?34eaf8bd50d85d8c6baacb45f0a7b22e tags:[] uid:CitfgJ3XKMUwMApZeb trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:0 user_agent:Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978720.080146 id.resp_h:62.75.195.236","ip_dst_addr":"62.75.195.236","threatinteljoinbolt.joiner.ts":"1530978722008","host":"62.75.195.236","enrichmentjoinbolt.joiner.ts":"1530978721998","adapter.hostfromjsonlistadapter.begin.ts":"1530978721993","threatintelsplitterbolt.splitter.begin.ts":"1530978722002","enrichments.geo.ip_dst_addr.longitude":"7.7455","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","timestamp":1530978720080,"method":"GET","request_body_len":0,"uri":"\/?34eaf8bd50d85d8c6baacb45f0a7b22e","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978721994","threatintelsplitterbolt.splitter.end.ts":"1530978722002","adapter.threatinteladapter.begin.ts":"1530978722005","ip_src_port":49193,"enrichments.geo.ip_dst_addr.location_point":"48.5839,7.7455","status_msg":"OK","guid":"bc61632d-5795-41ca-a0a9-e2530807be33","response_body_len":0}
{"adapter.threatinteladapter.end.ts":"1530978722005","qclass_name":"C_INTERNET","bro_timestamp":"1530978720.819805","qtype_name":"PTR","ip_dst_port":5353,"enrichmentsplitterbolt.splitter.end.ts":"1530978721980","qtype":12,"rejected":false,"enrichmentsplitterbolt.splitter.begin.ts":"1530978721980","adapter.hostfromjsonlistadapter.end.ts":"1530978721994","trans_id":0,"adapter.geoadapter.begin.ts":"1530978721994","uid":"CHXOlu44YwhzMgdZpj","protocol":"dns","original_string":"DNS | AA:false qclass_name:C_INTERNET id.orig_p:5353 qtype_name:PTR qtype:12 rejected:false id.resp_p:5353 query:_googlecast._tcp.local trans_id:0 TC:false RA:false uid:CHXOlu44YwhzMgdZpj RD:false proto:udp id.orig_h:192.168.66.1 Z:0 qclass:1 ts:1530978720.819805 id.resp_h:224.0.0.251","ip_dst_addr":"224.0.0.251","threatinteljoinbolt.joiner.ts":"1530978722008","enrichmentjoinbolt.joiner.ts":"1530978721998","adapter.hostfromjsonlistadapter.begin.ts":"1530978721994","threatintelsplitterbolt.splitter.begin.ts":"1530978722002","Z":0,"ip_src_addr":"192.168.66.1","qclass":1,"timestamp":1530978720819,"AA":false,"query":"_googlecast._tcp.local","TC":false,"RA":false,"source.type":"bro","adapter.geoadapter.end.ts":"1530978721994","RD":false,"threatintelsplitterbolt.splitter.end.ts":"1530978722002","adapter.threatinteladapter.begin.ts":"1530978722005","ip_src_port":5353,"proto":"udp","guid":"614f12d4-2ec4-4616-8b0a-95296278bf93"}
{"adapter.threatinteladapter.end.ts":"1530978722005","bro_timestamp":"1530978720.992674","ip_dst_port":8080,"enrichmentsplitterbolt.splitter.end.ts":"1530978721980","enrichmentsplitterbolt.splitter.begin.ts":"1530978721980","adapter.hostfromjsonlistadapter.end.ts":"1530978721994","adapter.geoadapter.begin.ts":"1530978721994","uid":"CUrRne3iLIxXavQtci","trans_depth":78,"protocol":"http","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:\/api\/v1\/clusters\/metron_cluster?fields=Clusters\/health_report,Clusters\/total_hosts,alerts_summary_hosts&minimal_response=true&_=1484168593029 tags:[] uid:CUrRne3iLIxXavQtci referrer:http:\/\/node1:8080\/ trans_depth:78 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/55.0.2883.95 Safari\/537.36 ts:1530978720.992674 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","threatinteljoinbolt.joiner.ts":"1530978722008","host":"node1","enrichmentjoinbolt.joiner.ts":"1530978721998","adapter.hostfromjsonlistadapter.begin.ts":"1530978721994","threatintelsplitterbolt.splitter.begin.ts":"1530978722002","ip_src_addr":"192.168.66.1","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/55.0.2883.95 Safari\/537.36","timestamp":1530978720992,"method":"GET","request_body_len":0,"uri":"\/api\/v1\/clusters\/metron_cluster?fields=Clusters\/health_report,Clusters\/total_hosts,alerts_summary_hosts&minimal_response=true&_=1484168593029","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978721994","referrer":"http:\/\/node1:8080\/","threatintelsplitterbolt.splitter.end.ts":"1530978722002","adapter.threatinteladapter.begin.ts":"1530978722005","ip_src_port":50451,"guid":"30e3043b-84be-48d9-9862-ab09ad073b6d","response_body_len":0}
{"adapter.threatinteladapter.end.ts":"1530978725883","bro_timestamp":"1530978720.600685","ip_dst_port":8080,"enrichmentsplitterbolt.splitter.end.ts":"1530978725865","enrichmentsplitterbolt.splitter.begin.ts":"1530978725865","adapter.hostfromjsonlistadapter.end.ts":"1530978725876","adapter.geoadapter.begin.ts":"1530978725868","uid":"CUrRne3iLIxXavQtci","trans_depth":66,"protocol":"http","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:\/api\/v1\/clusters\/metron_cluster\/alerts?format=groupedSummary&_=1484168566981 tags:[] uid:CUrRne3iLIxXavQtci referrer:http:\/\/node1:8080\/ trans_depth:66 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/55.0.2883.95 Safari\/537.36 ts:1530978720.600685 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","threatinteljoinbolt.joiner.ts":"1530978725886","host":"node1","enrichmentjoinbolt.joiner.ts":"1530978725877","adapter.hostfromjsonlistadapter.begin.ts":"1530978725876","threatintelsplitterbolt.splitter.begin.ts":"1530978725881","ip_src_addr":"192.168.66.1","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/55.0.2883.95 Safari\/537.36","timestamp":1530978720600,"method":"GET","request_body_len":0,"uri":"\/api\/v1\/clusters\/metron_cluster\/alerts?format=groupedSummary&_=1484168566981","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978725868","referrer":"http:\/\/node1:8080\/","threatintelsplitterbolt.splitter.end.ts":"1530978725881","adapter.threatinteladapter.begin.ts":"1530978725883","ip_src_port":50451,"guid":"60abfcb4-fed1-4867-9974-c3c02326e6a7","response_body_len":0}
{"adapter.threatinteladapter.end.ts":"1530978725883","bro_timestamp":"1530978720.419558","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978725866","enrichments.geo.ip_dst_addr.city":"Elektrostal","enrichments.geo.ip_dst_addr.latitude":"55.7896","enrichmentsplitterbolt.splitter.begin.ts":"1530978725866","adapter.hostfromjsonlistadapter.end.ts":"1530978725876","enrichments.geo.ip_dst_addr.country":"RU","enrichments.geo.ip_dst_addr.locID":"563523","adapter.geoadapter.begin.ts":"1530978725869","enrichments.geo.ip_dst_addr.postalCode":"144004","uid":"CnlAPI2zWmgFfLxi3j","resp_mime_types":["image\/png"],"trans_depth":1,"protocol":"http","original_string":"HTTP | id.orig_p:49207 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:\/img\/flags\/es.png tags:[] uid:CnlAPI2zWmgFfLxi3j referrer:http:\/\/7oqnsnzwwnm6zb7y.gigapaysun.com\/11iQmfg resp_mime_types:[\"image\\\/png\"] trans_depth:1 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:634 user_agent:Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978720.419558 id.resp_h:95.163.121.204 resp_fuids:[\"FQZuDx2tatMj8BVT2a\"]","ip_dst_addr":"95.163.121.204","threatinteljoinbolt.joiner.ts":"1530978725887","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","enrichmentjoinbolt.joiner.ts":"1530978725877","adapter.hostfromjsonlistadapter.begin.ts":"1530978725876","threatintelsplitterbolt.splitter.begin.ts":"1530978725881","enrichments.geo.ip_dst_addr.longitude":"38.4467","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FQZuDx2tatMj8BVT2a"],"timestamp":1530978720419,"method":"GET","request_body_len":0,"uri":"\/img\/flags\/es.png","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978725869","referrer":"http:\/\/7oqnsnzwwnm6zb7y.gigapaysun.com\/11iQmfg","threatintelsplitterbolt.splitter.end.ts":"1530978725881","adapter.threatinteladapter.begin.ts":"1530978725883","ip_src_port":49207,"enrichments.geo.ip_dst_addr.location_point":"55.7896,38.4467","status_msg":"OK","guid":"3ac5455c-5dae-412a-925c-c15e647b1554","response_body_len":634}
{"adapter.threatinteladapter.end.ts":"1530978725883","bro_timestamp":"1530978720.723386","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978725866","enrichments.geo.ip_dst_addr.city":"Elektrostal","enrichments.geo.ip_dst_addr.latitude":"55.7896","enrichmentsplitterbolt.splitter.begin.ts":"1530978725866","adapter.hostfromjsonlistadapter.end.ts":"1530978725876","enrichments.geo.ip_dst_addr.country":"RU","enrichments.geo.ip_dst_addr.locID":"563523","adapter.geoadapter.begin.ts":"1530978725869","enrichments.geo.ip_dst_addr.postalCode":"144004","uid":"Cc9Ml62nY1dMHMe475","resp_mime_types":["image\/png"],"trans_depth":2,"protocol":"http","original_string":"HTTP | id.orig_p:49210 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:\/img\/lb.png tags:[] uid:Cc9Ml62nY1dMHMe475 referrer:http:\/\/7oqnsnzwwnm6zb7y.gigapaysun.com\/11iQmfg resp_mime_types:[\"image\\\/png\"] trans_depth:2 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:239 user_agent:Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978720.723386 id.resp_h:95.163.121.204 resp_fuids:[\"FAjI4U27ebPkwNwsCe\"]","ip_dst_addr":"95.163.121.204","threatinteljoinbolt.joiner.ts":"1530978725887","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","enrichmentjoinbolt.joiner.ts":"1530978725877","adapter.hostfromjsonlistadapter.begin.ts":"1530978725876","threatintelsplitterbolt.splitter.begin.ts":"1530978725881","enrichments.geo.ip_dst_addr.longitude":"38.4467","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FAjI4U27ebPkwNwsCe"],"timestamp":1530978720723,"method":"GET","request_body_len":0,"uri":"\/img\/lb.png","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978725869","referrer":"http:\/\/7oqnsnzwwnm6zb7y.gigapaysun.com\/11iQmfg","threatintelsplitterbolt.splitter.end.ts":"1530978725881","adapter.threatinteladapter.begin.ts":"1530978725883","ip_src_port":49210,"enrichments.geo.ip_dst_addr.location_point":"55.7896,38.4467","status_msg":"OK","guid":"9b9046f8-0a15-4144-8b34-c3ea6fa8ba6d","response_body_len":239}
{"adapter.threatinteladapter.end.ts":"1530978725883","bro_timestamp":"1530978720.511788","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978725866","enrichments.geo.ip_dst_addr.city":"Strasbourg","enrichments.geo.ip_dst_addr.latitude":"48.5839","enrichmentsplitterbolt.splitter.begin.ts":"1530978725866","adapter.hostfromjsonlistadapter.end.ts":"1530978725876","enrichments.geo.ip_dst_addr.country":"FR","enrichments.geo.ip_dst_addr.locID":"2973783","adapter.geoadapter.begin.ts":"1530978725869","enrichments.geo.ip_dst_addr.postalCode":"67100","uid":"CRGLdEasAJUDL8Tu4","resp_mime_types":["application\/x-shockwave-flash"],"trans_depth":1,"protocol":"http","original_string":"HTTP | id.orig_p:49185 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:\/ tags:[] uid:CRGLdEasAJUDL8Tu4 referrer:http:\/\/va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in\/?285a4d4e4e5a4d4d4649584c5d43064b4745 resp_mime_types:[\"application\\\/x-shockwave-flash\"] trans_depth:1 host:ubb67.3c147o.u806a4.w07d919.o5f.f1.b80w.r0faf9.e8mfzdgrf7g0.groupprograms.in status_msg:OK id.orig_h:192.168.138.158 response_body_len:8973 user_agent:Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978720.511788 id.resp_h:62.75.195.236 resp_fuids:[\"FHMpUl2B1lUkpzZoQi\"]","ip_dst_addr":"62.75.195.236","threatinteljoinbolt.joiner.ts":"1530978725887","host":"ubb67.3c147o.u806a4.w07d919.o5f.f1.b80w.r0faf9.e8mfzdgrf7g0.groupprograms.in","enrichmentjoinbolt.joiner.ts":"1530978725877","adapter.hostfromjsonlistadapter.begin.ts":"1530978725876","threatintelsplitterbolt.splitter.begin.ts":"1530978725881","enrichments.geo.ip_dst_addr.longitude":"7.7455","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FHMpUl2B1lUkpzZoQi"],"timestamp":1530978720511,"method":"GET","request_body_len":0,"uri":"\/","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978725869","referrer":"http:\/\/va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in\/?285a4d4e4e5a4d4d4649584c5d43064b4745","threatintelsplitterbolt.splitter.end.ts":"1530978725881","adapter.threatinteladapter.begin.ts":"1530978725883","ip_src_port":49185,"enrichments.geo.ip_dst_addr.location_point":"48.5839,7.7455","status_msg":"OK","guid":"9ee8ee16-daf7-4115-9e8f-e0c022eb8217","response_body_len":8973}
{"adapter.threatinteladapter.end.ts":"1530978725883","qclass_name":"C_INTERNET","bro_timestamp":"1530978720.863134","qtype_name":"PTR","ip_dst_port":5353,"enrichmentsplitterbolt.splitter.end.ts":"1530978725866","qtype":12,"rejected":false,"enrichmentsplitterbolt.splitter.begin.ts":"1530978725866","adapter.hostfromjsonlistadapter.end.ts":"1530978725876","trans_id":0,"adapter.geoadapter.begin.ts":"1530978725869","uid":"CeViBZ1CapumWgfFd3","protocol":"dns","original_string":"DNS | AA:false qclass_name:C_INTERNET id.orig_p:5353 qtype_name:PTR qtype:12 rejected:false id.resp_p:5353 query:_googlecast._tcp.local trans_id:0 TC:false RA:false uid:CeViBZ1CapumWgfFd3 RD:false proto:udp id.orig_h:192.168.66.1 Z:0 qclass:1 ts:1530978720.863134 id.resp_h:224.0.0.251","ip_dst_addr":"224.0.0.251","threatinteljoinbolt.joiner.ts":"1530978725887","enrichmentjoinbolt.joiner.ts":"1530978725877","adapter.hostfromjsonlistadapter.begin.ts":"1530978725876","threatintelsplitterbolt.splitter.begin.ts":"1530978725881","Z":0,"ip_src_addr":"192.168.66.1","qclass":1,"timestamp":1530978720863,"AA":false,"query":"_googlecast._tcp.local","TC":false,"RA":false,"source.type":"bro","adapter.geoadapter.end.ts":"1530978725869","RD":false,"threatintelsplitterbolt.splitter.end.ts":"1530978725881","adapter.threatinteladapter.begin.ts":"1530978725883","ip_src_port":5353,"proto":"udp","guid":"eabdac1d-b441-4db5-a623-9a672c0ed23b"}
{"adapter.threatinteladapter.end.ts":"1530978725883","bro_timestamp":"1530978724.628751","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978725866","enrichments.geo.ip_dst_addr.city":"Elektrostal","enrichments.geo.ip_dst_addr.latitude":"55.7896","enrichmentsplitterbolt.splitter.begin.ts":"1530978725866","adapter.hostfromjsonlistadapter.end.ts":"1530978725876","enrichments.geo.ip_dst_addr.country":"RU","enrichments.geo.ip_dst_addr.locID":"563523","adapter.geoadapter.begin.ts":"1530978725869","enrichments.geo.ip_dst_addr.postalCode":"144004","uid":"CMVPGXJHk7JvyZCNa","resp_mime_types":["text\/html"],"trans_depth":2,"protocol":"http","original_string":"HTTP | id.orig_p:49209 status_code:200 method:POST request_body_len:14 id.resp_p:80 orig_mime_types:[\"text\\\/plain\"] uri:\/11iQmfg tags:[] uid:CMVPGXJHk7JvyZCNa referrer:http:\/\/7oqnsnzwwnm6zb7y.gigapaysun.com\/11iQmfg resp_mime_types:[\"text\\\/html\"] trans_depth:2 orig_fuids:[\"FF6cSD3gsoO9FhYLkh\"] host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:14641 user_agent:Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978724.628751 id.resp_h:95.163.121.204 resp_fuids:[\"F63yZr4e1MYOvR4Mi9\"]","ip_dst_addr":"95.163.121.204","threatinteljoinbolt.joiner.ts":"1530978725887","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","enrichmentjoinbolt.joiner.ts":"1530978725878","adapter.hostfromjsonlistadapter.begin.ts":"1530978725876","threatintelsplitterbolt.splitter.begin.ts":"1530978725881","enrichments.geo.ip_dst_addr.longitude":"38.4467","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["F63yZr4e1MYOvR4Mi9"],"timestamp":1530978724628,"method":"POST","request_body_len":14,"orig_mime_types":["text\/plain"],"uri":"\/11iQmfg","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978725869","referrer":"http:\/\/7oqnsnzwwnm6zb7y.gigapaysun.com\/11iQmfg","threatintelsplitterbolt.splitter.end.ts":"1530978725881","adapter.threatinteladapter.begin.ts":"1530978725883","orig_fuids":["FF6cSD3gsoO9FhYLkh"],"ip_src_port":49209,"enrichments.geo.ip_dst_addr.location_point":"55.7896,38.4467","status_msg":"OK","guid":"e5e335df-d201-4bd5-8900-84ae22d4b479","response_body_len":14641}
{"adapter.threatinteladapter.end.ts":"1530978725883","bro_timestamp":"1530978724.057812","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978725866","enrichments.geo.ip_dst_addr.city":"Strasbourg","enrichments.geo.ip_dst_addr.latitude":"48.5839","enrichmentsplitterbolt.splitter.begin.ts":"1530978725866","adapter.hostfromjsonlistadapter.end.ts":"1530978725876","enrichments.geo.ip_dst_addr.country":"FR","enrichments.geo.ip_dst_addr.locID":"2973783","adapter.geoadapter.begin.ts":"1530978725869","enrichments.geo.ip_dst_addr.postalCode":"67100","uid":"CR2Y0926uadDbgt7A2","resp_mime_types":["application\/x-shockwave-flash"],"trans_depth":1,"protocol":"http","original_string":"HTTP | id.orig_p:49185 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:\/ tags:[] uid:CR2Y0926uadDbgt7A2 referrer:http:\/\/va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in\/?285a4d4e4e5a4d4d4649584c5d43064b4745 resp_mime_types:[\"application\\\/x-shockwave-flash\"] trans_depth:1 host:ubb67.3c147o.u806a4.w07d919.o5f.f1.b80w.r0faf9.e8mfzdgrf7g0.groupprograms.in status_msg:OK id.orig_h:192.168.138.158 response_body_len:8973 user_agent:Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978724.057812 id.resp_h:62.75.195.236 resp_fuids:[\"FlWuOV1SeCMAoAtlc\"]","ip_dst_addr":"62.75.195.236","threatinteljoinbolt.joiner.ts":"1530978725887","host":"ubb67.3c147o.u806a4.w07d919.o5f.f1.b80w.r0faf9.e8mfzdgrf7g0.groupprograms.in","enrichmentjoinbolt.joiner.ts":"1530978725878","adapter.hostfromjsonlistadapter.begin.ts":"1530978725876","threatintelsplitterbolt.splitter.begin.ts":"1530978725881","enrichments.geo.ip_dst_addr.longitude":"7.7455","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FlWuOV1SeCMAoAtlc"],"timestamp":1530978724057,"method":"GET","request_body_len":0,"uri":"\/","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978725869","referrer":"http:\/\/va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in\/?285a4d4e4e5a4d4d4649584c5d43064b4745","threatintelsplitterbolt.splitter.end.ts":"1530978725881","adapter.threatinteladapter.begin.ts":"1530978725883","ip_src_port":49185,"enrichments.geo.ip_dst_addr.location_point":"48.5839,7.7455","status_msg":"OK","guid":"1368c61b-b97e-4a08-8250-11261e0a2853","response_body_len":8973}
{"adapter.threatinteladapter.end.ts":"1530978725883","bro_timestamp":"1530978724.468395","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978725866","enrichments.geo.ip_dst_addr.city":"Strasbourg","enrichments.geo.ip_dst_addr.latitude":"48.5839","enrichmentsplitterbolt.splitter.begin.ts":"1530978725866","adapter.hostfromjsonlistadapter.end.ts":"1530978725876","enrichments.geo.ip_dst_addr.country":"FR","enrichments.geo.ip_dst_addr.locID":"2973783","adapter.geoadapter.begin.ts":"1530978725869","enrichments.geo.ip_dst_addr.postalCode":"67100","uid":"CKC27s27NkdWd5dlzh","resp_mime_types":["application\/x-dosexec"],"trans_depth":1,"protocol":"http","original_string":"HTTP | id.orig_p:49189 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:\/?b514ee6f0fe486009a6d83b035a4c0bd tags:[] uid:CKC27s27NkdWd5dlzh resp_mime_types:[\"application\\\/x-dosexec\"] trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:221184 user_agent:Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978724.468395 id.resp_h:62.75.195.236 resp_fuids:[\"FwC0pj2qXLNlZWorPe\"]","ip_dst_addr":"62.75.195.236","threatinteljoinbolt.joiner.ts":"1530978725887","host":"62.75.195.236","enrichmentjoinbolt.joiner.ts":"1530978725878","adapter.hostfromjsonlistadapter.begin.ts":"1530978725876","threatintelsplitterbolt.splitter.begin.ts":"1530978725881","enrichments.geo.ip_dst_addr.longitude":"7.7455","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FwC0pj2qXLNlZWorPe"],"timestamp":1530978724468,"method":"GET","request_body_len":0,"uri":"\/?b514ee6f0fe486009a6d83b035a4c0bd","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978725869","threatintelsplitterbolt.splitter.end.ts":"1530978725881","adapter.threatinteladapter.begin.ts":"1530978725883","ip_src_port":49189,"enrichments.geo.ip_dst_addr.location_point":"48.5839,7.7455","status_msg":"OK","guid":"4e0c6951-54f8-49f9-b1c4-7986c020f4d3","response_body_len":221184}
{"adapter.threatinteladapter.end.ts":"1530978725884","bro_timestamp":"1530978724.348984","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978725866","enrichments.geo.ip_dst_addr.city":"Elektrostal","enrichments.geo.ip_dst_addr.latitude":"55.7896","enrichmentsplitterbolt.splitter.begin.ts":"1530978725866","adapter.hostfromjsonlistadapter.end.ts":"1530978725876","enrichments.geo.ip_dst_addr.country":"RU","enrichments.geo.ip_dst_addr.locID":"563523","adapter.geoadapter.begin.ts":"1530978725869","enrichments.geo.ip_dst_addr.postalCode":"144004","uid":"CvtyM13PVeCo2WyZzg","resp_mime_types":["image\/png"],"trans_depth":2,"protocol":"http","original_string":"HTTP | id.orig_p:49208 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:\/img\/rb.png tags:[] uid:CvtyM13PVeCo2WyZzg referrer:http:\/\/7oqnsnzwwnm6zb7y.gigapaysun.com\/11iQmfg resp_mime_types:[\"image\\\/png\"] trans_depth:2 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:237 user_agent:Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978724.348984 id.resp_h:95.163.121.204 resp_fuids:[\"FPTipF484ZUebA4Q8k\"]","ip_dst_addr":"95.163.121.204","threatinteljoinbolt.joiner.ts":"1530978725887","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","enrichmentjoinbolt.joiner.ts":"1530978725880","adapter.hostfromjsonlistadapter.begin.ts":"1530978725876","threatintelsplitterbolt.splitter.begin.ts":"1530978725882","enrichments.geo.ip_dst_addr.longitude":"38.4467","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FPTipF484ZUebA4Q8k"],"timestamp":1530978724348,"method":"GET","request_body_len":0,"uri":"\/img\/rb.png","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978725869","referrer":"http:\/\/7oqnsnzwwnm6zb7y.gigapaysun.com\/11iQmfg","threatintelsplitterbolt.splitter.end.ts":"1530978725882","adapter.threatinteladapter.begin.ts":"1530978725884","ip_src_port":49208,"enrichments.geo.ip_dst_addr.location_point":"55.7896,38.4467","status_msg":"OK","guid":"831bc8b8-aeb5-4cb7-b76b-577c7ae94fc9","response_body_len":237}
{"adapter.threatinteladapter.end.ts":"1530978725884","bro_timestamp":"1530978724.56314","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978725866","enrichments.geo.ip_dst_addr.city":"Los Angeles","enrichments.geo.ip_dst_addr.latitude":"34.0494","enrichmentsplitterbolt.splitter.begin.ts":"1530978725866","adapter.hostfromjsonlistadapter.end.ts":"1530978725876","enrichments.geo.ip_dst_addr.country":"US","enrichments.geo.ip_dst_addr.locID":"5368361","adapter.geoadapter.begin.ts":"1530978725869","enrichments.geo.ip_dst_addr.postalCode":"90014","uid":"C56tVGV3yQ6s1VSj9","resp_mime_types":["text\/plain"],"trans_depth":1,"protocol":"http","original_string":"HTTP | id.orig_p:49200 status_code:200 method:POST request_body_len:96 id.resp_p:80 orig_mime_types:[\"text\\\/plain\"] uri:\/wp-content\/themes\/grizzly\/img5.php?t=8r1gf1b2t1kuq42 tags:[] uid:C56tVGV3yQ6s1VSj9 resp_mime_types:[\"text\\\/plain\"] trans_depth:1 orig_fuids:[\"Fz3UYt2bSuP0vAIV08\"] host:comarksecurity.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:996 user_agent:Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978724.56314 id.resp_h:72.34.49.86 resp_fuids:[\"FEXpeXHD91rXhhyoc\"]","ip_dst_addr":"72.34.49.86","threatinteljoinbolt.joiner.ts":"1530978725887","enrichments.geo.ip_dst_addr.dmaCode":"803","host":"comarksecurity.com","enrichmentjoinbolt.joiner.ts":"1530978725880","adapter.hostfromjsonlistadapter.begin.ts":"1530978725876","threatintelsplitterbolt.splitter.begin.ts":"1530978725882","enrichments.geo.ip_dst_addr.longitude":"-118.2641","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FEXpeXHD91rXhhyoc"],"timestamp":1530978724563,"method":"POST","request_body_len":96,"orig_mime_types":["text\/plain"],"uri":"\/wp-content\/themes\/grizzly\/img5.php?t=8r1gf1b2t1kuq42","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978725869","threatintelsplitterbolt.splitter.end.ts":"1530978725882","adapter.threatinteladapter.begin.ts":"1530978725884","orig_fuids":["Fz3UYt2bSuP0vAIV08"],"ip_src_port":49200,"enrichments.geo.ip_dst_addr.location_point":"34.0494,-118.2641","status_msg":"OK","guid":"442494bc-df16-450e-9909-c0b65c5f4f52","response_body_len":996}
{"TTLs":[14277.0],"adapter.threatinteladapter.end.ts":"1530978725884","qclass_name":"C_INTERNET","bro_timestamp":"1530978724.929184","qtype_name":"A","ip_dst_port":53,"enrichmentsplitterbolt.splitter.end.ts":"1530978725866","qtype":1,"rejected":false,"answers":["95.163.121.204"],"enrichmentsplitterbolt.splitter.begin.ts":"1530978725866","adapter.hostfromjsonlistadapter.end.ts":"1530978725876","trans_id":5810,"adapter.geoadapter.begin.ts":"1530978725869","uid":"CnArm31VD2mmBoGuG9","protocol":"dns","original_string":"DNS | AA:false TTLs:[14277.0] qclass_name:C_INTERNET id.orig_p:50329 qtype_name:A qtype:1 rejected:false id.resp_p:53 query:7oqnsnzwwnm6zb7y.gigapaysun.com answers:[\"95.163.121.204\"] trans_id:5810 rcode:0 rcode_name:NOERROR TC:false RA:true uid:CnArm31VD2mmBoGuG9 RD:true proto:udp id.orig_h:192.168.138.158 Z:0 qclass:1 ts:1530978724.929184 id.resp_h:192.168.138.2","ip_dst_addr":"192.168.138.2","threatinteljoinbolt.joiner.ts":"1530978725888","enrichmentjoinbolt.joiner.ts":"1530978725880","adapter.hostfromjsonlistadapter.begin.ts":"1530978725876","threatintelsplitterbolt.splitter.begin.ts":"1530978725882","Z":0,"ip_src_addr":"192.168.138.158","qclass":1,"timestamp":1530978724929,"AA":false,"query":"7oqnsnzwwnm6zb7y.gigapaysun.com","rcode":0,"rcode_name":"NOERROR","TC":false,"RA":true,"source.type":"bro","adapter.geoadapter.end.ts":"1530978725869","RD":true,"threatintelsplitterbolt.splitter.end.ts":"1530978725882","adapter.threatinteladapter.begin.ts":"1530978725884","ip_src_port":50329,"proto":"udp","guid":"9f0c4dbc-fdfe-4ee0-9029-871d1664dd9e"}
{"adapter.threatinteladapter.end.ts":"1530978725884","bro_timestamp":"1530978724.442684","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978725866","enrichments.geo.ip_dst_addr.city":"Elektrostal","enrichments.geo.ip_dst_addr.latitude":"55.7896","enrichmentsplitterbolt.splitter.begin.ts":"1530978725866","adapter.hostfromjsonlistadapter.end.ts":"1530978725876","enrichments.geo.ip_dst_addr.country":"RU","enrichments.geo.ip_dst_addr.locID":"563523","adapter.geoadapter.begin.ts":"1530978725869","enrichments.geo.ip_dst_addr.postalCode":"144004","uid":"CXVtpNU35nZ84YA8","resp_mime_types":["text\/plain"],"trans_depth":1,"protocol":"http","original_string":"HTTP | id.orig_p:49206 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:\/img\/style.css tags:[] uid:CXVtpNU35nZ84YA8 referrer:http:\/\/7oqnsnzwwnm6zb7y.gigapaysun.com\/11iQmfg resp_mime_types:[\"text\\\/plain\"] trans_depth:1 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:4492 user_agent:Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978724.442684 id.resp_h:95.163.121.204 resp_fuids:[\"FPdNKp4VPGRjd0dvRd\"]","ip_dst_addr":"95.163.121.204","threatinteljoinbolt.joiner.ts":"1530978725888","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","enrichmentjoinbolt.joiner.ts":"1530978725880","adapter.hostfromjsonlistadapter.begin.ts":"1530978725876","threatintelsplitterbolt.splitter.begin.ts":"1530978725882","enrichments.geo.ip_dst_addr.longitude":"38.4467","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FPdNKp4VPGRjd0dvRd"],"timestamp":1530978724442,"method":"GET","request_body_len":0,"uri":"\/img\/style.css","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978725869","referrer":"http:\/\/7oqnsnzwwnm6zb7y.gigapaysun.com\/11iQmfg","threatintelsplitterbolt.splitter.end.ts":"1530978725882","adapter.threatinteladapter.begin.ts":"1530978725884","ip_src_port":49206,"enrichments.geo.ip_dst_addr.location_point":"55.7896,38.4467","status_msg":"OK","guid":"7bae6dbf-55c2-4668-9662-1cc1bf9e7485","response_body_len":4492}
{"adapter.threatinteladapter.end.ts":"1530978725884","bro_timestamp":"1530978724.584019","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978725867","enrichments.geo.ip_dst_addr.city":"Elektrostal","enrichments.geo.ip_dst_addr.latitude":"55.7896","enrichmentsplitterbolt.splitter.begin.ts":"1530978725867","adapter.hostfromjsonlistadapter.end.ts":"1530978725876","enrichments.geo.ip_dst_addr.country":"RU","enrichments.geo.ip_dst_addr.locID":"563523","adapter.geoadapter.begin.ts":"1530978725869","enrichments.geo.ip_dst_addr.postalCode":"144004","uid":"CVxPm9xkzN80U39i9","resp_mime_types":["image\/png"],"trans_depth":3,"protocol":"http","original_string":"HTTP | id.orig_p:49205 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:\/img\/rt.png tags:[] uid:CVxPm9xkzN80U39i9 referrer:http:\/\/7oqnsnzwwnm6zb7y.gigapaysun.com\/11iQmfg resp_mime_types:[\"image\\\/png\"] trans_depth:3 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:242 user_agent:Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978724.584019 id.resp_h:95.163.121.204 resp_fuids:[\"FM9IXt063nGYHO8F7\"]","ip_dst_addr":"95.163.121.204","threatinteljoinbolt.joiner.ts":"1530978725888","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","enrichmentjoinbolt.joiner.ts":"1530978725880","adapter.hostfromjsonlistadapter.begin.ts":"1530978725876","threatintelsplitterbolt.splitter.begin.ts":"1530978725882","enrichments.geo.ip_dst_addr.longitude":"38.4467","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FM9IXt063nGYHO8F7"],"timestamp":1530978724584,"method":"GET","request_body_len":0,"uri":"\/img\/rt.png","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978725869","referrer":"http:\/\/7oqnsnzwwnm6zb7y.gigapaysun.com\/11iQmfg","threatintelsplitterbolt.splitter.end.ts":"1530978725882","adapter.threatinteladapter.begin.ts":"1530978725884","ip_src_port":49205,"enrichments.geo.ip_dst_addr.location_point":"55.7896,38.4467","status_msg":"OK","guid":"467db5b0-35d4-483b-ab1f-1640a8af971c","response_body_len":242}
{"adapter.threatinteladapter.end.ts":"1530978725884","qclass_name":"C_INTERNET","bro_timestamp":"1530978724.85904","qtype_name":"PTR","ip_dst_port":5353,"enrichmentsplitterbolt.splitter.end.ts":"1530978725867","qtype":12,"rejected":false,"enrichmentsplitterbolt.splitter.begin.ts":"1530978725867","adapter.hostfromjsonlistadapter.end.ts":"1530978725876","trans_id":0,"adapter.geoadapter.begin.ts":"1530978725869","uid":"Cg7uac12cgFflf6Fp7","protocol":"dns","original_string":"DNS | AA:false qclass_name:C_INTERNET id.orig_p:5353 qtype_name:PTR qtype:12 rejected:false id.resp_p:5353 query:_googlecast._tcp.local trans_id:0 TC:false RA:false uid:Cg7uac12cgFflf6Fp7 RD:false proto:udp id.orig_h:192.168.66.1 Z:0 qclass:1 ts:1530978724.85904 id.resp_h:224.0.0.251","ip_dst_addr":"224.0.0.251","threatinteljoinbolt.joiner.ts":"1530978725888","enrichmentjoinbolt.joiner.ts":"1530978725880","adapter.hostfromjsonlistadapter.begin.ts":"1530978725876","threatintelsplitterbolt.splitter.begin.ts":"1530978725882","Z":0,"ip_src_addr":"192.168.66.1","qclass":1,"timestamp":1530978724859,"AA":false,"query":"_googlecast._tcp.local","TC":false,"RA":false,"source.type":"bro","adapter.geoadapter.end.ts":"1530978725869","RD":false,"threatintelsplitterbolt.splitter.end.ts":"1530978725882","adapter.threatinteladapter.begin.ts":"1530978725884","ip_src_port":5353,"proto":"udp","guid":"01750143-0fe6-4a96-bdd7-55ece2d0fe44"}
{"adapter.threatinteladapter.end.ts":"1530978725884","bro_timestamp":"1530978724.932079","ip_dst_port":8080,"enrichmentsplitterbolt.splitter.end.ts":"1530978725867","enrichmentsplitterbolt.splitter.begin.ts":"1530978725867","adapter.hostfromjsonlistadapter.end.ts":"1530978725876","adapter.geoadapter.begin.ts":"1530978725869","uid":"CUrRne3iLIxXavQtci","trans_depth":225,"protocol":"http","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:\/api\/v1\/persist\/wizard-data?_=1484169340974 tags:[] uid:CUrRne3iLIxXavQtci referrer:http:\/\/node1:8080\/ trans_depth:225 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/55.0.2883.95 Safari\/537.36 ts:1530978724.932079 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","threatinteljoinbolt.joiner.ts":"1530978725888","host":"node1","enrichmentjoinbolt.joiner.ts":"1530978725881","adapter.hostfromjsonlistadapter.begin.ts":"1530978725876","threatintelsplitterbolt.splitter.begin.ts":"1530978725882","ip_src_addr":"192.168.66.1","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/55.0.2883.95 Safari\/537.36","timestamp":1530978724932,"method":"GET","request_body_len":0,"uri":"\/api\/v1\/persist\/wizard-data?_=1484169340974","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978725869","referrer":"http:\/\/node1:8080\/","threatintelsplitterbolt.splitter.end.ts":"1530978725882","adapter.threatinteladapter.begin.ts":"1530978725884","ip_src_port":50451,"guid":"71af5025-ebad-4fce-9acb-c50fa3b94af8","response_body_len":0}
{"adapter.threatinteladapter.end.ts":"1530978733714","bro_timestamp":"1530978728.982768","ip_dst_port":8080,"enrichmentsplitterbolt.splitter.end.ts":"1530978733703","enrichmentsplitterbolt.splitter.begin.ts":"1530978733703","adapter.hostfromjsonlistadapter.end.ts":"1530978733706","adapter.geoadapter.begin.ts":"1530978733706","uid":"CUrRne3iLIxXavQtci","trans_depth":240,"protocol":"http","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:\/api\/v1\/clusters\/metron_cluster\/services\/KAFKA\/components\/KAFKA_BROKER?fields=metrics\/kafka\/server\/BrokerTopicMetrics\/AllTopicsBytesInPerSec\/1MinuteRate[1484165785,1484169385,15],metrics\/kafka\/server\/BrokerTopicMetrics\/AllTopicsBytesOutPerSec\/1MinuteRate[1484165785,1484169385,15],metrics\/kafka\/server\/BrokerTopicMetrics\/AllTopicsMessagesInPerSec\/1MinuteRate[1484165785,1484169385,15],metrics\/kafka\/controller\/KafkaController\/ActiveControllerCount[1484165785,1484169385,15],metrics\/kafka\/controller\/ControllerStats\/LeaderElectionRateAndTimeMs\/1MinuteRate[1484165785,1484169385,15],metrics\/kafka\/controller\/ControllerStats\/UncleanLeaderElectionsPerSec\/1MinuteRate[1484165785,1484169385,15],metrics\/kafka\/server\/ReplicaFetcherManager\/Replica-MaxLag[1484165785,1484169385,15],metrics\/kafka\/server\/ReplicaManager\/PartitionCount[1484165785,1484169385,15],metrics\/kafka\/server\/ReplicaManager\/UnderReplicatedPartitions[1484165785,1484169385,15],metrics\/kafka\/server\/ReplicaManager\/LeaderCount[1484165785,1484169385,15]&format=null_padding&_=1484169386025 tags:[] uid:CUrRne3iLIxXavQtci referrer:http:\/\/node1:8080\/ trans_depth:240 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/55.0.2883.95 Safari\/537.36 ts:1530978728.982768 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","threatinteljoinbolt.joiner.ts":"1530978733716","host":"node1","enrichmentjoinbolt.joiner.ts":"1530978733709","adapter.hostfromjsonlistadapter.begin.ts":"1530978733706","threatintelsplitterbolt.splitter.begin.ts":"1530978733711","ip_src_addr":"192.168.66.1","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/55.0.2883.95 Safari\/537.36","timestamp":1530978728982,"method":"GET","request_body_len":0,"uri":"\/api\/v1\/clusters\/metron_cluster\/services\/KAFKA\/components\/KAFKA_BROKER?fields=metrics\/kafka\/server\/BrokerTopicMetrics\/AllTopicsBytesInPerSec\/1MinuteRate[1484165785,1484169385,15],metrics\/kafka\/server\/BrokerTopicMetrics\/AllTopicsBytesOutPerSec\/1MinuteRate[1484165785,1484169385,15],metrics\/kafka\/server\/BrokerTopicMetrics\/AllTopicsMessagesInPerSec\/1MinuteRate[1484165785,1484169385,15],metrics\/kafka\/controller\/KafkaController\/ActiveControllerCount[1484165785,1484169385,15],metrics\/kafka\/controller\/ControllerStats\/LeaderElectionRateAndTimeMs\/1MinuteRate[1484165785,1484169385,15],metrics\/kafka\/controller\/ControllerStats\/UncleanLeaderElectionsPerSec\/1MinuteRate[1484165785,1484169385,15],metrics\/kafka\/server\/ReplicaFetcherManager\/Replica-MaxLag[1484165785,1484169385,15],metrics\/kafka\/server\/ReplicaManager\/PartitionCount[1484165785,1484169385,15],metrics\/kafka\/server\/ReplicaManager\/UnderReplicatedPartitions[1484165785,1484169385,15],metrics\/kafka\/server\/ReplicaManager\/LeaderCount[1484165785,1484169385,15]&format=null_padding&_=1484169386025","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978733706","referrer":"http:\/\/node1:8080\/","threatintelsplitterbolt.splitter.end.ts":"1530978733711","adapter.threatinteladapter.begin.ts":"1530978733714","ip_src_port":50451,"guid":"d351c087-d7f7-44df-90e4-17c8d04eddca","response_body_len":0}
{"adapter.threatinteladapter.end.ts":"1530978733715","bro_timestamp":"1530978728.735143","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978733703","enrichments.geo.ip_dst_addr.city":"Elektrostal","enrichments.geo.ip_dst_addr.latitude":"55.7896","enrichmentsplitterbolt.splitter.begin.ts":"1530978733703","adapter.hostfromjsonlistadapter.end.ts":"1530978733706","enrichments.geo.ip_dst_addr.country":"RU","enrichments.geo.ip_dst_addr.locID":"563523","adapter.geoadapter.begin.ts":"1530978733706","enrichments.geo.ip_dst_addr.postalCode":"144004","uid":"CO3j3c3y1c3rKDnyWg","resp_mime_types":["image\/x-icon"],"trans_depth":2,"protocol":"http","original_string":"HTTP | id.orig_p:49207 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:\/favicon.ico tags:[] uid:CO3j3c3y1c3rKDnyWg resp_mime_types:[\"image\\\/x-icon\"] trans_depth:2 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:318 user_agent:Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978728.735143 id.resp_h:95.163.121.204 resp_fuids:[\"FNP9PL3iYwRt9GHHC5\"]","ip_dst_addr":"95.163.121.204","threatinteljoinbolt.joiner.ts":"1530978733718","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","enrichmentjoinbolt.joiner.ts":"1530978733709","adapter.hostfromjsonlistadapter.begin.ts":"1530978733706","threatintelsplitterbolt.splitter.begin.ts":"1530978733712","enrichments.geo.ip_dst_addr.longitude":"38.4467","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FNP9PL3iYwRt9GHHC5"],"timestamp":1530978728735,"method":"GET","request_body_len":0,"uri":"\/favicon.ico","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978733706","threatintelsplitterbolt.splitter.end.ts":"1530978733712","adapter.threatinteladapter.begin.ts":"1530978733715","ip_src_port":49207,"enrichments.geo.ip_dst_addr.location_point":"55.7896,38.4467","status_msg":"OK","guid":"28fa0321-6cf6-4756-83d0-1637c313a2ca","response_body_len":318}
{"adapter.threatinteladapter.end.ts":"1530978733715","bro_timestamp":"1530978728.008015","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978733704","enrichments.geo.ip_dst_addr.city":"Strasbourg","enrichments.geo.ip_dst_addr.latitude":"48.5839","enrichmentsplitterbolt.splitter.begin.ts":"1530978733704","adapter.hostfromjsonlistadapter.end.ts":"1530978733706","enrichments.geo.ip_dst_addr.country":"FR","enrichments.geo.ip_dst_addr.locID":"2973783","adapter.geoadapter.begin.ts":"1530978733706","enrichments.geo.ip_dst_addr.postalCode":"67100","uid":"CfoW9t3ShlDqC1h9Di","resp_mime_types":["text\/html"],"trans_depth":1,"protocol":"http","original_string":"HTTP | id.orig_p:49186 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:\/ tags:[] uid:CfoW9t3ShlDqC1h9Di referrer:http:\/\/va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in\/?285a4d4e4e5a4d4d4649584c5d43064b4745 resp_mime_types:[\"text\\\/html\"] trans_depth:1 host:r03afd2.c3008e.xc07r.b0f.a39.h7f0fa5eu.vb8fbl.e8mfzdgrf7g0.groupprograms.in status_msg:OK id.orig_h:192.168.138.158 response_body_len:121635 user_agent:Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978728.008015 id.resp_h:62.75.195.236 resp_fuids:[\"F88opA2s5OI0StZ2v8\"]","ip_dst_addr":"62.75.195.236","threatinteljoinbolt.joiner.ts":"1530978733718","host":"r03afd2.c3008e.xc07r.b0f.a39.h7f0fa5eu.vb8fbl.e8mfzdgrf7g0.groupprograms.in","enrichmentjoinbolt.joiner.ts":"1530978733709","adapter.hostfromjsonlistadapter.begin.ts":"1530978733706","threatintelsplitterbolt.splitter.begin.ts":"1530978733712","enrichments.geo.ip_dst_addr.longitude":"7.7455","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["F88opA2s5OI0StZ2v8"],"timestamp":1530978728008,"method":"GET","request_body_len":0,"uri":"\/","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978733706","referrer":"http:\/\/va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in\/?285a4d4e4e5a4d4d4649584c5d43064b4745","threatintelsplitterbolt.splitter.end.ts":"1530978733712","adapter.threatinteladapter.begin.ts":"1530978733715","ip_src_port":49186,"enrichments.geo.ip_dst_addr.location_point":"48.5839,7.7455","status_msg":"OK","guid":"47ae2bf0-d99c-44b8-a178-b0682cc13114","response_body_len":121635}
{"adapter.threatinteladapter.end.ts":"1530978733715","bro_timestamp":"1530978728.390198","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978733704","enrichments.geo.ip_dst_addr.city":"Los Angeles","enrichments.geo.ip_dst_addr.latitude":"34.0494","enrichmentsplitterbolt.splitter.begin.ts":"1530978733704","adapter.hostfromjsonlistadapter.end.ts":"1530978733706","enrichments.geo.ip_dst_addr.country":"US","enrichments.geo.ip_dst_addr.locID":"5368361","adapter.geoadapter.begin.ts":"1530978733706","enrichments.geo.ip_dst_addr.postalCode":"90014","uid":"CNR0er3VctfgZs8gPk","resp_mime_types":["text\/plain"],"trans_depth":1,"protocol":"http","original_string":"HTTP | id.orig_p:49198 status_code:200 method:POST request_body_len:134 id.resp_p:80 orig_mime_types:[\"text\\\/plain\"] uri:\/wp-content\/themes\/grizzly\/img5.php?c=cdcnw7cfz43rmtg tags:[] uid:CNR0er3VctfgZs8gPk resp_mime_types:[\"text\\\/plain\"] trans_depth:1 orig_fuids:[\"Fye3Fl1hLzBGT9AaSe\"] host:comarksecurity.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:14 user_agent:Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978728.390198 id.resp_h:72.34.49.86 resp_fuids:[\"FcOXvA3E4EdG9Vaaxd\"]","ip_dst_addr":"72.34.49.86","threatinteljoinbolt.joiner.ts":"1530978733718","enrichments.geo.ip_dst_addr.dmaCode":"803","host":"comarksecurity.com","enrichmentjoinbolt.joiner.ts":"1530978733709","adapter.hostfromjsonlistadapter.begin.ts":"1530978733706","threatintelsplitterbolt.splitter.begin.ts":"1530978733712","enrichments.geo.ip_dst_addr.longitude":"-118.2641","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FcOXvA3E4EdG9Vaaxd"],"timestamp":1530978728390,"method":"POST","request_body_len":134,"orig_mime_types":["text\/plain"],"uri":"\/wp-content\/themes\/grizzly\/img5.php?c=cdcnw7cfz43rmtg","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978733706","threatintelsplitterbolt.splitter.end.ts":"1530978733712","adapter.threatinteladapter.begin.ts":"1530978733715","orig_fuids":["Fye3Fl1hLzBGT9AaSe"],"ip_src_port":49198,"enrichments.geo.ip_dst_addr.location_point":"34.0494,-118.2641","status_msg":"OK","guid":"4f5ba7da-0820-4f3f-8e3f-e28949e025e7","response_body_len":14}
{"adapter.threatinteladapter.end.ts":"1530978733715","bro_timestamp":"1530978728.613828","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978733704","enrichments.geo.ip_dst_addr.city":"Elektrostal","enrichments.geo.ip_dst_addr.latitude":"55.7896","enrichmentsplitterbolt.splitter.begin.ts":"1530978733704","adapter.hostfromjsonlistadapter.end.ts":"1530978733706","enrichments.geo.ip_dst_addr.country":"RU","enrichments.geo.ip_dst_addr.locID":"563523","adapter.geoadapter.begin.ts":"1530978733706","enrichments.geo.ip_dst_addr.postalCode":"144004","uid":"CcaM7Z1MyBBX9E8EC","resp_mime_types":["image\/png"],"trans_depth":3,"protocol":"http","original_string":"HTTP | id.orig_p:49206 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:\/img\/flags\/fr.png tags:[] uid:CcaM7Z1MyBBX9E8EC referrer:http:\/\/7oqnsnzwwnm6zb7y.gigapaysun.com\/11iQmfg resp_mime_types:[\"image\\\/png\"] trans_depth:3 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:694 user_agent:Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978728.613828 id.resp_h:95.163.121.204 resp_fuids:[\"FpjJ2mpIuKnU39Gve\"]","ip_dst_addr":"95.163.121.204","threatinteljoinbolt.joiner.ts":"1530978733718","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","enrichmentjoinbolt.joiner.ts":"1530978733710","adapter.hostfromjsonlistadapter.begin.ts":"1530978733706","threatintelsplitterbolt.splitter.begin.ts":"1530978733712","enrichments.geo.ip_dst_addr.longitude":"38.4467","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FpjJ2mpIuKnU39Gve"],"timestamp":1530978728613,"method":"GET","request_body_len":0,"uri":"\/img\/flags\/fr.png","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978733706","referrer":"http:\/\/7oqnsnzwwnm6zb7y.gigapaysun.com\/11iQmfg","threatintelsplitterbolt.splitter.end.ts":"1530978733712","adapter.threatinteladapter.begin.ts":"1530978733715","ip_src_port":49206,"enrichments.geo.ip_dst_addr.location_point":"55.7896,38.4467","status_msg":"OK","guid":"6a9e2340-8861-4f67-b81b-521462edacd1","response_body_len":694}
{"adapter.threatinteladapter.end.ts":"1530978733715","qclass_name":"C_INTERNET","bro_timestamp":"1530978728.872321","qtype_name":"PTR","ip_dst_port":5353,"enrichmentsplitterbolt.splitter.end.ts":"1530978733704","qtype":12,"rejected":false,"enrichmentsplitterbolt.splitter.begin.ts":"1530978733704","adapter.hostfromjsonlistadapter.end.ts":"1530978733706","trans_id":0,"adapter.geoadapter.begin.ts":"1530978733706","uid":"CGs8rS1rqhyXRRgA64","protocol":"dns","original_string":"DNS | AA:false qclass_name:C_INTERNET id.orig_p:5353 qtype_name:PTR qtype:12 rejected:false id.resp_p:5353 query:_googlecast._tcp.local trans_id:0 TC:false RA:false uid:CGs8rS1rqhyXRRgA64 RD:false proto:udp id.orig_h:192.168.66.1 Z:0 qclass:1 ts:1530978728.872321 id.resp_h:224.0.0.251","ip_dst_addr":"224.0.0.251","threatinteljoinbolt.joiner.ts":"1530978733718","enrichmentjoinbolt.joiner.ts":"1530978733710","adapter.hostfromjsonlistadapter.begin.ts":"1530978733706","threatintelsplitterbolt.splitter.begin.ts":"1530978733712","Z":0,"ip_src_addr":"192.168.66.1","qclass":1,"timestamp":1530978728872,"AA":false,"query":"_googlecast._tcp.local","TC":false,"RA":false,"source.type":"bro","adapter.geoadapter.end.ts":"1530978733706","RD":false,"threatintelsplitterbolt.splitter.end.ts":"1530978733712","adapter.threatinteladapter.begin.ts":"1530978733715","ip_src_port":5353,"proto":"udp","guid":"c9f200a6-aac8-4f4d-a463-0808d97bdc2a"}
{"TTLs":[29.0],"adapter.threatinteladapter.end.ts":"1530978733715","qclass_name":"C_INTERNET","bro_timestamp":"1530978728.926757","qtype_name":"A","ip_dst_port":53,"enrichmentsplitterbolt.splitter.end.ts":"1530978733704","qtype":1,"rejected":false,"answers":["62.75.195.236"],"enrichmentsplitterbolt.splitter.begin.ts":"1530978733704","adapter.hostfromjsonlistadapter.end.ts":"1530978733706","trans_id":18350,"adapter.geoadapter.begin.ts":"1530978733706","uid":"CVf8zv3sBOdNwWTrbl","protocol":"dns","original_string":"DNS | AA:false TTLs:[29.0] qclass_name:C_INTERNET id.orig_p:60078 qtype_name:A qtype:1 rejected:false id.resp_p:53 query:va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in answers:[\"62.75.195.236\"] trans_id:18350 rcode:0 rcode_name:NOERROR TC:false RA:true uid:CVf8zv3sBOdNwWTrbl RD:true proto:udp id.orig_h:192.168.138.158 Z:0 qclass:1 ts:1530978728.926757 id.resp_h:192.168.138.2","ip_dst_addr":"192.168.138.2","threatinteljoinbolt.joiner.ts":"1530978733718","enrichmentjoinbolt.joiner.ts":"1530978733710","adapter.hostfromjsonlistadapter.begin.ts":"1530978733706","threatintelsplitterbolt.splitter.begin.ts":"1530978733712","Z":0,"ip_src_addr":"192.168.138.158","qclass":1,"timestamp":1530978728926,"AA":false,"query":"va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in","rcode":0,"rcode_name":"NOERROR","TC":false,"RA":true,"source.type":"bro","adapter.geoadapter.end.ts":"1530978733706","RD":true,"threatintelsplitterbolt.splitter.end.ts":"1530978733712","adapter.threatinteladapter.begin.ts":"1530978733715","ip_src_port":60078,"proto":"udp","guid":"94f632a3-cc25-43d6-8962-a25cd2a051ce"}
{"adapter.threatinteladapter.end.ts":"1530978733715","bro_timestamp":"1530978728.787972","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978733704","enrichments.geo.ip_dst_addr.city":"Elektrostal","enrichments.geo.ip_dst_addr.latitude":"55.7896","enrichmentsplitterbolt.splitter.begin.ts":"1530978733704","adapter.hostfromjsonlistadapter.end.ts":"1530978733706","enrichments.geo.ip_dst_addr.country":"RU","enrichments.geo.ip_dst_addr.locID":"563523","adapter.geoadapter.begin.ts":"1530978733706","enrichments.geo.ip_dst_addr.postalCode":"144004","uid":"Cm8nbh1mEqDSWqLB61","resp_mime_types":["image\/png"],"trans_depth":1,"protocol":"http","original_string":"HTTP | id.orig_p:49210 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:\/img\/lt.png tags:[] uid:Cm8nbh1mEqDSWqLB61 referrer:http:\/\/7oqnsnzwwnm6zb7y.gigapaysun.com\/11iQmfg resp_mime_types:[\"image\\\/png\"] trans_depth:1 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:240 user_agent:Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978728.787972 id.resp_h:95.163.121.204 resp_fuids:[\"FUTQYW12ZHQdPoUnCk\"]","ip_dst_addr":"95.163.121.204","threatinteljoinbolt.joiner.ts":"1530978733718","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","enrichmentjoinbolt.joiner.ts":"1530978733710","adapter.hostfromjsonlistadapter.begin.ts":"1530978733706","threatintelsplitterbolt.splitter.begin.ts":"1530978733712","enrichments.geo.ip_dst_addr.longitude":"38.4467","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FUTQYW12ZHQdPoUnCk"],"timestamp":1530978728787,"method":"GET","request_body_len":0,"uri":"\/img\/lt.png","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978733706","referrer":"http:\/\/7oqnsnzwwnm6zb7y.gigapaysun.com\/11iQmfg","threatintelsplitterbolt.splitter.end.ts":"1530978733713","adapter.threatinteladapter.begin.ts":"1530978733715","ip_src_port":49210,"enrichments.geo.ip_dst_addr.location_point":"55.7896,38.4467","status_msg":"OK","guid":"4dfb979e-77b6-4d15-9bf9-79826cc25de5","response_body_len":240}
{"adapter.threatinteladapter.end.ts":"1530978733715","bro_timestamp":"1530978728.911648","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978733704","enrichments.geo.ip_dst_addr.city":"Elektrostal","enrichments.geo.ip_dst_addr.latitude":"55.7896","enrichmentsplitterbolt.splitter.begin.ts":"1530978733704","adapter.hostfromjsonlistadapter.end.ts":"1530978733706","enrichments.geo.ip_dst_addr.country":"RU","enrichments.geo.ip_dst_addr.locID":"563523","adapter.geoadapter.begin.ts":"1530978733706","enrichments.geo.ip_dst_addr.postalCode":"144004","uid":"C7jsKl2DTsgO8OIddk","resp_mime_types":["image\/png"],"trans_depth":3,"protocol":"http","original_string":"HTTP | id.orig_p:49210 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:\/img\/button_pay.png tags:[] uid:C7jsKl2DTsgO8OIddk referrer:http:\/\/7oqnsnzwwnm6zb7y.gigapaysun.com\/11iQmfg resp_mime_types:[\"image\\\/png\"] trans_depth:3 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:727 user_agent:Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978728.911648 id.resp_h:95.163.121.204 resp_fuids:[\"Fc2oDG41kRtOgFcqc1\"]","ip_dst_addr":"95.163.121.204","threatinteljoinbolt.joiner.ts":"1530978733718","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","enrichmentjoinbolt.joiner.ts":"1530978733710","adapter.hostfromjsonlistadapter.begin.ts":"1530978733706","threatintelsplitterbolt.splitter.begin.ts":"1530978733713","enrichments.geo.ip_dst_addr.longitude":"38.4467","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["Fc2oDG41kRtOgFcqc1"],"timestamp":1530978728911,"method":"GET","request_body_len":0,"uri":"\/img\/button_pay.png","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978733706","referrer":"http:\/\/7oqnsnzwwnm6zb7y.gigapaysun.com\/11iQmfg","threatintelsplitterbolt.splitter.end.ts":"1530978733713","adapter.threatinteladapter.begin.ts":"1530978733715","ip_src_port":49210,"enrichments.geo.ip_dst_addr.location_point":"55.7896,38.4467","status_msg":"OK","guid":"b21bd1cd-fa36-4d66-9d72-d998adc580d3","response_body_len":727}
{"adapter.threatinteladapter.end.ts":"1530978733715","bro_timestamp":"1530978728.955487","status_code":200,"ip_dst_port":80,"enrichmentsplitterbolt.splitter.end.ts":"1530978733704","enrichments.geo.ip_dst_addr.city":"Elektrostal","enrichments.geo.ip_dst_addr.latitude":"55.7896","enrichmentsplitterbolt.splitter.begin.ts":"1530978733704","adapter.hostfromjsonlistadapter.end.ts":"1530978733706","enrichments.geo.ip_dst_addr.country":"RU","enrichments.geo.ip_dst_addr.locID":"563523","adapter.geoadapter.begin.ts":"1530978733706","enrichments.geo.ip_dst_addr.postalCode":"144004","uid":"CA0G2ASkF1efFirs7","resp_mime_types":["image\/png"],"trans_depth":3,"protocol":"http","original_string":"HTTP | id.orig_p:49210 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:\/img\/button_pay.png tags:[] uid:CA0G2ASkF1efFirs7 referrer:http:\/\/7oqnsnzwwnm6zb7y.gigapaysun.com\/11iQmfg resp_mime_types:[\"image\\\/png\"] trans_depth:3 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:727 user_agent:Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1530978728.955487 id.resp_h:95.163.121.204 resp_fuids:[\"F7c5Lp3iMksOUQHIbl\"]","ip_dst_addr":"95.163.121.204","threatinteljoinbolt.joiner.ts":"1530978733718","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","enrichmentjoinbolt.joiner.ts":"1530978733710","adapter.hostfromjsonlistadapter.begin.ts":"1530978733706","threatintelsplitterbolt.splitter.begin.ts":"1530978733713","enrichments.geo.ip_dst_addr.longitude":"38.4467","ip_src_addr":"192.168.138.158","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["F7c5Lp3iMksOUQHIbl"],"timestamp":1530978728955,"method":"GET","request_body_len":0,"uri":"\/img\/button_pay.png","tags":[],"source.type":"bro","adapter.geoadapter.end.ts":"1530978733706","referrer":"http:\/\/7oqnsnzwwnm6zb7y.gigapaysun.com\/11iQmfg","threatintelsplitterbolt.splitter.end.ts":"1530978733713","adapter.threatinteladapter.begin.ts":"1530978733715","ip_src_port":49210,"enrichments.geo.ip_dst_addr.location_point":"55.7896,38.4467","status_msg":"OK","guid":"243fcd99-2905-403d-9e9e-b0c1f30ca53f","response_body_len":727}