Filename: 04f9c9a1-d077-4d3c-95a7-e0a05e1199b7.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etopen-all
Runtime: 8.16887784004 seconds
Hash: 07e85c6b940160669d9b7bce43bdff8a
Uploaded: 1549288017

Logfiles


packet_stats.log - (14955 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6            29          1308683       45394216      35936441          1.0b   54.17
 IPv4      17            59          2772405       33962073      12385933        730.8m   37.99
 IPv6      17            12          2558626       45718534      12567356        150.8m    7.84
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6            29            67581        4537044        439499         12.7m   28.21
TMM_FLOWWORKER              IPv4      17            59           112615        9848542        507602         29.9m   66.28
TMM_RECEIVEPCAPFILE         IPv4       6            25             2547          17537          3465         86.6k    0.19
TMM_RECEIVEPCAPFILE         IPv4      17            59             2540           3592          2855        168.5k    0.37
TMM_DECODEPCAPFILE          IPv4       6            25             2656           9869          3197         79.9k    0.18
TMM_DECODEPCAPFILE          IPv4      17            59             2678           4186          2824        166.7k    0.37
TMM_FLOWWORKER              IPv6      17            12           102041         304888        157834          1.9m    4.19
TMM_RECEIVEPCAPFILE         IPv6      17            12             2542           4562          3056         36.7k    0.08
TMM_DECODEPCAPFILE          IPv6      17            12             2711          29025          5067         60.8k    0.13

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6            25             2862           4894          3316         82.9k  0.20  
flow                    IPv4      17            59             2674          10545          3492        206.1k  0.49  
stream                  IPv4       6            29             3568         650669         47071          1.4m  3.23  
app-layer               IPv4      17            59             2523          39853          4394        259.3k  0.61  
detect                  IPv4       6            29            45103        4481051        363222         10.5m  24.92 
detect                  IPv4      17            59            96339        9826381        474331         28.0m  66.20 
tcp-prune               IPv4       6            29             2543          18498          3489        101.2k  0.24  
flow                    IPv6      17            12             2661          12803          4450         53.4k  0.13  
app-layer               IPv6      17            12             2579          22896          6906         82.9k  0.20  
detect                  IPv6      17            12            86031         248124        133899          1.6m  3.80  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             2             3213          14068          8640         17.3k  32.89 
tls                     IPv4       6             2             2709           3465          3087          6.2k  11.75 
dns                     IPv4      17             2             7218          21863         14540         29.1k  55.35 
Proto detect            IPv4      17             9             2801           9164          4365         39.3k
Proto detect            IPv6      17             5             2927          15303          6373         31.9k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_JSON_DNS             IPv4      17             2            60262         748975        404618        809.2k  77.19 
LOGGER_JSON_HTTP            IPv4       6             1            67336          67336         67336         67.3k  6.42  
LOGGER_JSON_TLS             IPv4       6             1            73663          73663         73663         73.7k  7.03  
LOGGER_JSON_FILE            IPv4       6             1            98164          98164         98164         98.2k  9.36  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6            15             2562          79927         27980       419.7k  21.10 
payload                           IPv4      17            59             2940         221340         10490       619.0k  31.12 
stream                            IPv4       6            15             2540         209516         29582       443.7k  22.31 
http_uri                          IPv4       6             1             5401           5401          5401         5.4k  0.27  
http_request_line                 IPv4       6             1             6942           6942          6942         6.9k  0.35  
http_client_body                  IPv4       6             1             4507           4507          4507         4.5k  0.23  
http_header (request)             IPv4       6             1            61655          61655         61655        61.7k  3.10  
http_header (request trailer)     IPv4       6             1             2709           2709          2709         2.7k  0.14  
http_header_names (request)       IPv4       6             1            15682          15682         15682        15.7k  0.79  
http_accept (request)             IPv4       6             1             4261           4261          4261         4.3k  0.21  
http_referer (request)            IPv4       6             1             3527           3527          3527         3.5k  0.18  
http_content_len (request)        IPv4       6             1             3483           3483          3483         3.5k  0.18  
http_content_type (request)       IPv4       6             1             3452           3452          3452         3.5k  0.17  
http_start (request)              IPv4       6             1            11797          11797         11797        11.8k  0.59  
http_raw_header (request)         IPv4       6             1            10874          10874         10874        10.9k  0.55  
http_method                       IPv4       6             1             4296           4296          4296         4.3k  0.22  
http_cookie (request)             IPv4       6             1             3437           3437          3437         3.4k  0.17  
http_raw_uri                      IPv4       6             1             3573           3573          3573         3.6k  0.18  
http_user_agent                   IPv4       6             1            21839          21839         21839        21.8k  1.10  
http_host                         IPv4       6             1             8061           8061          8061         8.1k  0.41  
dns_query                         IPv4      17             1            10849          10849         10849        10.8k  0.55  
tls_sni                           IPv4       6             2             3699           9323          6511        13.0k  0.65  
http_response_line                IPv4       6             1             7095           7095          7095         7.1k  0.36  
http_header (response)            IPv4       6             1            40617          40617         40617        40.6k  2.04  
http_header (response trailer)    IPv4       6             1             2597           2597          2597         2.6k  0.13  
http_content_type (response)      IPv4       6             1             4144           4144          4144         4.1k  0.21  
http_raw_header (response)        IPv4       6             1            28753          28753         28753        28.8k  1.45  
http_cookie (response)            IPv4       6             1             4030           4030          4030         4.0k  0.20  
http_stat_code                    IPv4       6             1             4137           4137          4137         4.1k  0.21  
tls_cert_issuer                   IPv4       6             1            59692          59692         59692        59.7k  3.00  
tls_cert_subject                  IPv4       6             1             5035           5035          5035         5.0k  0.25  
tls_cert_serial                   IPv4       6             1             5949           5949          5949         5.9k  0.30  
file_data (http response)         IPv4       6             1            39713          39713         39713        39.7k  2.00  
Total                             IPv4                   120                                         15696         1.9m
payload                           IPv6      17            12             3137          27584          8811       105.7k  5.32  
Total                             IPv6                    12                                          8811       105.7k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6             4            15139          39275         26477        105.9k  0.23  
PROF_DETECT_IPONLY          IPv4      17             9            19200          42218         29221        263.0k  0.57  
PROF_DETECT_RULES           IPv4       6            29             2543         436803         65882          1.9m  4.15  
PROF_DETECT_RULES           IPv4      17            59            38941        9762808        377621         22.3m  48.37 
PROF_DETECT_STATEFUL_START    IPv4       6             4             5409         176663        103575        414.3k  0.90  
PROF_DETECT_STATEFUL_CONT    IPv4       6            29             2514         106950         19384        562.2k  1.22  
PROF_DETECT_STATEFUL_CONT    IPv4      17            59             2505         397654          9480        559.4k  1.21  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6            21             2557           3248          2712         57.0k  0.12  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17             2             2969           3153          3061          6.1k  0.01  
PROF_DETECT_PREFILTER       IPv4       6            29             7856        4409346        232224          6.7m  14.62 
PROF_DETECT_PREFILTER       IPv4      17            59            23659         418516         41396          2.4m  5.30  
PROF_DETECT_PF_PAYLOAD      IPv4       6            15            17792        4396842        356946          5.4m  11.62 
PROF_DETECT_PF_PAYLOAD      IPv4      17            59             8203         226996         15838        934.4k  2.03  
PROF_DETECT_PF_TX           IPv4       6            21             2647         225722         25778        541.4k  1.18  
PROF_DETECT_PF_TX           IPv4      17             1            16916          16916         16916         16.9k  0.04  
PROF_DETECT_PF_SORT1        IPv4       6            13             2558           3650          3014         39.2k  0.09  
PROF_DETECT_PF_SORT1        IPv4      17            59             2561           4404          3165        186.7k  0.41  
PROF_DETECT_PF_SORT2        IPv4       6            29             2538         385624         16107        467.1k  1.01  
PROF_DETECT_PF_SORT2        IPv4      17            59             2544         381033          9170        541.1k  1.17  
PROF_DETECT_NONMPMLIST      IPv4       6            29             2557          17478          3475        100.8k  0.22  
PROF_DETECT_NONMPMLIST      IPv4      17            59             2518          30186          3200        188.8k  0.41  
PROF_DETECT_ALERT           IPv4       6            29             2518           3161          2648         76.8k  0.17  
PROF_DETECT_ALERT           IPv4      17            59             2529           3939          2672        157.7k  0.34  
PROF_DETECT_CLEANUP         IPv4       6            29             2562          10645          3203         92.9k  0.20  
PROF_DETECT_CLEANUP         IPv4      17            59             2517           6135          2784        164.3k  0.36  
PROF_DETECT_GETSGH          IPv4       6            29             2567          10709          3411         98.9k  0.21  
PROF_DETECT_GETSGH          IPv4      17            59             2521           6348          3293        194.3k  0.42  
PROF_DETECT_IPONLY          IPv6      17             5             3264          11115          5926         29.6k  0.06  
PROF_DETECT_RULES           IPv6      17            12            28833         114285         56428        677.1k  1.47  
PROF_DETECT_STATEFUL_CONT    IPv6      17            12             2516           3173          2730         32.8k  0.07  
PROF_DETECT_PREFILTER       IPv6      17            12            23871          55152         32975        395.7k  0.86  
PROF_DETECT_PF_PAYLOAD      IPv6      17            12             8399          32666         14070        168.9k  0.37  
PROF_DETECT_PF_SORT1        IPv6      17            12             2592           5357          3235         38.8k  0.08  
PROF_DETECT_PF_SORT2        IPv6      17            12             2552          12557          3672         44.1k  0.10  
PROF_DETECT_NONMPMLIST      IPv6      17            12             2536           3684          2789         33.5k  0.07  
PROF_DETECT_ALERT           IPv6      17            12             2532           4236          2792         33.5k  0.07  
PROF_DETECT_CLEANUP         IPv6      17            12             2532           4678          2950         35.4k  0.08  
PROF_DETECT_GETSGH          IPv6      17            12             2525          20904          6835         82.0k  0.18  


stats.log - (3134 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
------------------------------------------------------------------------------------
Date: 2/4/2019 -- 13:47:06 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 136
decoder.bytes                              | Total                     | 19170
decoder.ipv4                               | Total                     | 84
decoder.ipv6                               | Total                     | 12
decoder.ethernet                           | Total                     | 136
decoder.tcp                                | Total                     | 25
decoder.udp                                | Total                     | 71
decoder.avg_pkt_size                       | Total                     | 140
decoder.max_pkt_size                       | Total                     | 1294
flow.tcp                                   | Total                     | 2
flow.udp                                   | Total                     | 13
tcp.sessions                               | Total                     | 2
tcp.syn                                    | Total                     | 2
tcp.synack                                 | Total                     | 2
tcp.overlap                                | Total                     | 2
detect.mpm_list                            | Total                     | 8
detect.nonmpm_list                         | Total                     | 1
detect.match_list                          | Total                     | 8
app_layer.flow.http                        | Total                     | 1
app_layer.tx.http                          | Total                     | 1
app_layer.flow.tls                         | Total                     | 1
app_layer.flow.dns_udp                     | Total                     | 1
app_layer.tx.dns_udp                       | Total                     | 1
app_layer.flow.failed_udp                  | Total                     | 12
flow_mgr.new_pruned                        | Total                     | 7
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 11
flow_mgr.flows_notimeout                   | Total                     | 4
flow_mgr.flows_timeout                     | Total                     | 7
flow_mgr.flows_removed                     | Total                     | 7
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65525
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7078336


eve.json - (1928 bytes) - download
1
2
3
4
5
{"timestamp":"2019-02-04T12:48:03.873667+0000","flow_id":2206140897383619,"pcap_cnt":98,"event_type":"dns","src_ip":"192.168.100.109","src_port":56685,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":57075,"rrname":"www.kakaocorp.link","rrtype":"A","tx_id":0}}
{"timestamp":"2019-02-04T12:48:03.960664+0000","flow_id":2206140897383619,"pcap_cnt":99,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.109","dest_port":56685,"proto":"UDP","dns":{"type":"answer","id":57075,"rcode":"NOERROR","rrname":"www.kakaocorp.link","rrtype":"A","ttl":99,"rdata":"46.30.41.117"}}
{"timestamp":"2019-02-04T12:48:04.364918+0000","flow_id":130207109651359,"pcap_cnt":115,"event_type":"tls","src_ip":"192.168.100.109","src_port":49672,"dest_ip":"46.30.41.117","dest_port":443,"proto":"TCP","tls":{"subject":"CN=kakaocorp.link","issuerdn":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3"}}
{"timestamp":"2019-02-04T12:48:04.432154+0000","flow_id":353994233064693,"pcap_cnt":118,"event_type":"http","src_ip":"192.168.100.109","src_port":49671,"dest_ip":"46.30.41.117","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.kakaocorp.link","url":"\/","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"text\/html"}}
{"timestamp":"2019-02-04T12:48:21.820251+0000","flow_id":353994233064693,"event_type":"fileinfo","src_ip":"46.30.41.117","src_port":80,"dest_ip":"192.168.100.109","dest_port":49671,"proto":"TCP","http":{"hostname":"www.kakaocorp.link","url":"\/","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":301,"redirect":"https:\/\/kakaocorp.link\/","length":162},"app_proto":"http","fileinfo":{"filename":"\/","gaps":false,"state":"CLOSED","stored":false,"size":162,"tx_id":0}}


suricata-report-2019-02-04-T-13-47-06-02042019.1345-04f9c9a1-d077-4d3c-95a7-e0a05e1199b7.pcap.txt - (17803 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/07e85c6b940160669d9b7bce43bdff8ad2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/02042019.1345-04f9c9a1-d077-4d3c-95a7-e0a05e1199b7.pcap -vvv -k none
elapsedtime:7.282411
stderr:
stdout:
4/2/2019 -- 13:46:58 - <Info> - Configuration node 'rule-files' redefined.
4/2/2019 -- 13:46:58 - <Notice> - This is Suricata version 4.0.0 RELEASE
4/2/2019 -- 13:46:58 - <Info> - CPUs/cores online: 1
4/2/2019 -- 13:46:58 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 31561 and 'request-body-inspect-window' set to 15569 after randomization.
4/2/2019 -- 13:46:58 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 33066 and 'response-body-inspect-window' set to 16804 after randomization.
4/2/2019 -- 13:46:58 - <Config> - DNS request flood protection level: 500
4/2/2019 -- 13:46:58 - <Config> - DNS per flow memcap (state-memcap): 524288
4/2/2019 -- 13:46:58 - <Config> - DNS global memcap: 16777216
4/2/2019 -- 13:46:58 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
4/2/2019 -- 13:46:58 - <Config> - preallocated 1000 hosts of size 136
4/2/2019 -- 13:46:58 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
4/2/2019 -- 13:46:58 - <Config> - using magic-file /usr/share/file/magic
4/2/2019 -- 13:46:58 - <Config> - Core dump size is unlimited.
4/2/2019 -- 13:46:58 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
4/2/2019 -- 13:46:58 - <Config> - preallocated 1000 defrag trackers of size 168
4/2/2019 -- 13:46:58 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
4/2/2019 -- 13:46:58 - <Config> - stream "prealloc-sessions": 2048 (per thread)
4/2/2019 -- 13:46:58 - <Config> - stream "memcap": 33554432
4/2/2019 -- 13:46:58 - <Config> - stream "midstream" session pickups: disabled
4/2/2019 -- 13:46:58 - <Config> - stream "async-oneside": disabled
4/2/2019 -- 13:46:58 - <Config> - stream "checksum-validation": disabled
4/2/2019 -- 13:46:58 - <Config> - stream."inline": disabled
4/2/2019 -- 13:46:58 - <Config> - stream "bypass": disabled
4/2/2019 -- 13:46:58 - <Config> - stream "max-synack-queued": 5
4/2/2019 -- 13:46:58 - <Config> - stream.reassembly "memcap": 134217728
4/2/2019 -- 13:46:58 - <Config> - stream.reassembly "depth": 0
4/2/2019 -- 13:46:58 - <Config> - stream.reassembly "toserver-chunk-size": 2669
4/2/2019 -- 13:46:58 - <Config> - stream.reassembly "toclient-chunk-size": 2539
4/2/2019 -- 13:46:58 - <Config> - stream.reassembly.raw: enabled
4/2/2019 -- 13:46:58 - <Config> - stream.reassembly "segment-prealloc": 2048
4/2/2019 -- 13:46:58 - <Config> - Delayed detect disabled
4/2/2019 -- 13:46:58 - <Config> - pattern matchers: MPM: ac, SPM: bm
4/2/2019 -- 13:46:58 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
4/2/2019 -- 13:46:58 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
4/2/2019 -- 13:46:58 - <Config> - prefilter engines: MPM
4/2/2019 -- 13:46:58 - <Config> - IP reputation disabled
4/2/2019 -- 13:46:58 - <Perf> - Registered 148 keyword profiling counters.
4/2/2019 -- 13:46:58 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-ftp.rules
4/2/2019 -- 13:46:58 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-policy.rules
4/2/2019 -- 13:46:58 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-trojan.rules
4/2/2019 -- 13:47:00 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-games.rules
4/2/2019 -- 13:47:00 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-pop3.rules
4/2/2019 -- 13:47:00 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-user_agents.rules
4/2/2019 -- 13:47:00 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-activex.rules
4/2/2019 -- 13:47:00 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-rpc.rules
4/2/2019 -- 13:47:00 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-attack_response.rules
4/2/2019 -- 13:47:00 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp.rules
4/2/2019 -- 13:47:00 - <Config> - No rules loaded from ET-emerging-icmp.rules.
4/2/2019 -- 13:47:00 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-scan.rules
4/2/2019 -- 13:47:00 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-voip.rules
4/2/2019 -- 13:47:00 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-chat.rules
4/2/2019 -- 13:47:00 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp_info.rules
4/2/2019 -- 13:47:00 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-info.rules
4/2/2019 -- 13:47:00 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-shellcode.rules
4/2/2019 -- 13:47:00 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_client.rules
4/2/2019 -- 13:47:00 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-imap.rules
4/2/2019 -- 13:47:00 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_server.rules
4/2/2019 -- 13:47:00 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-current_events.rules
4/2/2019 -- 13:47:01 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-inappropriate.rules
4/2/2019 -- 13:47:01 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-smtp.rules
4/2/2019 -- 13:47:01 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_specific_apps.rules
4/2/2019 -- 13:47:02 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-deleted.rules
4/2/2019 -- 13:47:02 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-malware.rules
4/2/2019 -- 13:47:02 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-snmp.rules
4/2/2019 -- 13:47:02 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-worm.rules
4/2/2019 -- 13:47:02 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dns.rules
4/2/2019 -- 13:47:02 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-misc.rules
4/2/2019 -- 13:47:02 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-sql.rules
4/2/2019 -- 13:47:02 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dos.rules
4/2/2019 -- 13:47:02 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-netbios.rules
4/2/2019 -- 13:47:03 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-telnet.rules
4/2/2019 -- 13:47:03 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-exploit.rules
4/2/2019 -- 13:47:03 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-p2p.rules
4/2/2019 -- 13:47:03 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-tftp.rules
4/2/2019 -- 13:47:03 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-mobile_malware.rules
4/2/2019 -- 13:47:03 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-botcc.rules
4/2/2019 -- 13:47:03 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-compromised.rules
4/2/2019 -- 13:47:03 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-drop.rules
4/2/2019 -- 13:47:03 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-dshield.rules
4/2/2019 -- 13:47:03 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-tor.rules
4/2/2019 -- 13:47:03 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-ciarmy.rules
4/2/2019 -- 13:47:03 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/local.rules
4/2/2019 -- 13:47:03 - <Config> - No rules loaded from local.rules.
4/2/2019 -- 13:47:03 - <Info> - 44 rule files processed. 18236 rules successfully loaded, 0 rules failed
4/2/2019 -- 13:47:03 - <Info> - Threshold config parsed: 0 rule(s) found
4/2/2019 -- 13:47:03 - <Perf> - using shared mpm ctx' for tcp-packet
4/2/2019 -- 13:47:03 - <Perf> - using shared mpm ctx' for tcp-stream
4/2/2019 -- 13:47:03 - <Perf> - using shared mpm ctx' for udp-packet
4/2/2019 -- 13:47:03 - <Perf> - using shared mpm ctx' for other-ip
4/2/2019 -- 13:47:03 - <Perf> - using shared mpm ctx' for http_uri
4/2/2019 -- 13:47:03 - <Perf> - using shared mpm ctx' for http_request_line
4/2/2019 -- 13:47:03 - <Perf> - using shared mpm ctx' for http_client_body
4/2/2019 -- 13:47:03 - <Perf> - using shared mpm ctx' for http_response_line
4/2/2019 -- 13:47:03 - <Perf> - using shared mpm ctx' for http_header
4/2/2019 -- 13:47:03 - <Perf> - using shared mpm ctx' for http_header
4/2/2019 -- 13:47:03 - <Perf> - using shared mpm ctx' for http_header_names
4/2/2019 -- 13:47:03 - <Perf> - using shared mpm ctx' for http_header_names
4/2/2019 -- 13:47:03 - <Perf> - using shared mpm ctx' for http_accept
4/2/2019 -- 13:47:03 - <Perf> - using shared mpm ctx' for http_accept_enc
4/2/2019 -- 13:47:03 - <Perf> - using shared mpm ctx' for http_accept_lang
4/2/2019 -- 13:47:03 - <Perf> - using shared mpm ctx' for http_referer
4/2/2019 -- 13:47:03 - <Perf> - using shared mpm ctx' for http_connection
4/2/2019 -- 13:47:03 - <Perf> - using shared mpm ctx' for http_content_len
4/2/2019 -- 13:47:03 - <Perf> - using shared mpm ctx' for http_content_len
4/2/2019 -- 13:47:03 - <Perf> - using shared mpm ctx' for http_content_type
4/2/2019 -- 13:47:03 - <Perf> - using shared mpm ctx' for http_content_type
4/2/2019 -- 13:47:03 - <Perf> - using shared mpm ctx' for http_protocol
4/2/2019 -- 13:47:03 - <Perf> - using shared mpm ctx' for http_protocol
4/2/2019 -- 13:47:03 - <Perf> - using shared mpm ctx' for http_start
4/2/2019 -- 13:47:03 - <Perf> - using shared mpm ctx' for http_start
4/2/2019 -- 13:47:03 - <Perf> - using shared mpm ctx' for http_raw_header
4/2/2019 -- 13:47:03 - <Perf> - using shared mpm ctx' for http_raw_header
4/2/2019 -- 13:47:03 - <Perf> - using shared mpm ctx' for http_method
4/2/2019 -- 13:47:03 - <Perf> - using shared mpm ctx' for http_cookie
4/2/2019 -- 13:47:03 - <Perf> - using shared mpm ctx' for http_cookie
4/2/2019 -- 13:47:03 - <Perf> - using shared mpm ctx' for http_raw_uri
4/2/2019 -- 13:47:03 - <Perf> - using shared mpm ctx' for http_user_agent
4/2/2019 -- 13:47:03 - <Perf> - using shared mpm ctx' for http_host
4/2/2019 -- 13:47:03 - <Perf> - using shared mpm ctx' for http_raw_host
4/2/2019 -- 13:47:03 - <Perf> - using shared mpm ctx' for http_stat_msg
4/2/2019 -- 13:47:03 - <Perf> - using shared mpm ctx' for http_stat_code
4/2/2019 -- 13:47:03 - <Perf> - using shared mpm ctx' for dns_query
4/2/2019 -- 13:47:03 - <Perf> - using shared mpm ctx' for tls_sni
4/2/2019 -- 13:47:03 - <Perf> - using shared mpm ctx' for tls_cert_issuer
4/2/2019 -- 13:47:03 - <Perf> - using shared mpm ctx' for tls_cert_subject
4/2/2019 -- 13:47:03 - <Perf> - using shared mpm ctx' for tls_cert_serial
4/2/2019 -- 13:47:03 - <Perf> - using shared mpm ctx' for dce_stub_data
4/2/2019 -- 13:47:03 - <Perf> - using shared mpm ctx' for dce_stub_data
4/2/2019 -- 13:47:03 - <Perf> - using shared mpm ctx' for ssh_protocol
4/2/2019 -- 13:47:03 - <Perf> - using shared mpm ctx' for ssh_protocol
4/2/2019 -- 13:47:03 - <Perf> - using shared mpm ctx' for ssh_software
4/2/2019 -- 13:47:03 - <Perf> - using shared mpm ctx' for ssh_software
4/2/2019 -- 13:47:03 - <Perf> - using shared mpm ctx' for file_data
4/2/2019 -- 13:47:03 - <Perf> - using shared mpm ctx' for file_data
4/2/2019 -- 13:47:03 - <Perf> - using shared mpm ctx' for http_request_line
4/2/2019 -- 13:47:03 - <Perf> - using shared mpm ctx' for http_response_line
4/2/2019 -- 13:47:03 - <Info> - 18241 signatures processed. 1175 are IP-only rules, 6125 are inspecting packet payload, 13172 inspect application layer, 0 are decoder event only
4/2/2019 -- 13:47:03 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
4/2/2019 -- 13:47:03 - <Perf> - TCP toserver: 41 port groups, 40 unique SGH's, 1 copies
4/2/2019 -- 13:47:03 - <Perf> - TCP toclient: 21 port groups, 21 unique SGH's, 0 copies
4/2/2019 -- 13:47:03 - <Perf> - UDP toserver: 41 port groups, 33 unique SGH's, 8 copies
4/2/2019 -- 13:47:03 - <Perf> - UDP toclient: 21 port groups, 15 unique SGH's, 6 copies
4/2/2019 -- 13:47:03 - <Perf> - OTHER toserver: 254 proto groups, 2 unique SGH's, 252 copies
4/2/2019 -- 13:47:03 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
4/2/2019 -- 13:47:04 - <Perf> - Unique rule groups: 111
4/2/2019 -- 13:47:04 - <Perf> - Builtin MPM "toserver TCP packet": 31
4/2/2019 -- 13:47:04 - <Perf> - Builtin MPM "toclient TCP packet": 20
4/2/2019 -- 13:47:04 - <Perf> - Builtin MPM "toserver TCP stream": 31
4/2/2019 -- 13:47:04 - <Perf> - Builtin MPM "toclient TCP stream": 21
4/2/2019 -- 13:47:04 - <Perf> - Builtin MPM "toserver UDP packet": 33
4/2/2019 -- 13:47:04 - <Perf> - Builtin MPM "toclient UDP packet": 15
4/2/2019 -- 13:47:04 - <Perf> - Builtin MPM "other IP packet": 2
4/2/2019 -- 13:47:04 - <Perf> - AppLayer MPM "toserver http_uri": 8
4/2/2019 -- 13:47:04 - <Perf> - AppLayer MPM "toserver http_request_line": 1
4/2/2019 -- 13:47:04 - <Perf> - AppLayer MPM "toserver http_client_body": 6
4/2/2019 -- 13:47:04 - <Perf> - AppLayer MPM "toclient http_response_line": 1
4/2/2019 -- 13:47:04 - <Perf> - AppLayer MPM "toserver http_header": 6
4/2/2019 -- 13:47:04 - <Perf> - AppLayer MPM "toclient http_header": 3
4/2/2019 -- 13:47:04 - <Perf> - AppLayer MPM "toserver http_header_names": 1
4/2/2019 -- 13:47:04 - <Perf> - AppLayer MPM "toserver http_accept": 1
4/2/2019 -- 13:47:04 - <Perf> - AppLayer MPM "toserver http_referer": 1
4/2/2019 -- 13:47:04 - <Perf> - AppLayer MPM "toserver http_content_len": 1
4/2/2019 -- 13:47:04 - <Perf> - AppLayer MPM "toserver http_content_type": 1
4/2/2019 -- 13:47:04 - <Perf> - AppLayer MPM "toclient http_content_type": 1
4/2/2019 -- 13:47:04 - <Perf> - AppLayer MPM "toserver http_start": 1
4/2/2019 -- 13:47:04 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
4/2/2019 -- 13:47:04 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
4/2/2019 -- 13:47:04 - <Perf> - AppLayer MPM "toserver http_method": 3
4/2/2019 -- 13:47:04 - <Perf> - AppLayer MPM "toserver http_cookie": 1
4/2/2019 -- 13:47:04 - <Perf> - AppLayer MPM "toclient http_cookie": 2
4/2/2019 -- 13:47:04 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
4/2/2019 -- 13:47:04 - <Perf> - AppLayer MPM "toserver http_user_agent": 4
4/2/2019 -- 13:47:04 - <Perf> - AppLayer MPM "toserver http_host": 2
4/2/2019 -- 13:47:04 - <Perf> - AppLayer MPM "toclient http_stat_code": 1
4/2/2019 -- 13:47:04 - <Perf> - AppLayer MPM "toserver dns_query": 4
4/2/2019 -- 13:47:04 - <Perf> - AppLayer MPM "toserver tls_sni": 1
4/2/2019 -- 13:47:04 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
4/2/2019 -- 13:47:04 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
4/2/2019 -- 13:47:04 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
4/2/2019 -- 13:47:04 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
4/2/2019 -- 13:47:04 - <Perf> - AppLayer MPM "toserver file_data": 1
4/2/2019 -- 13:47:04 - <Perf> - AppLayer MPM "toclient file_data": 5
4/2/2019 -- 13:47:05 - <Perf> - Registered 18241 rule profiling counters.
4/2/2019 -- 13:47:05 - <Info> - fast output device (regular) initialized: alert
4/2/2019 -- 13:47:05 - <Info> - eve-log output device (regular) initialized: eve.json
4/2/2019 -- 13:47:05 - <Config> - enabling 'eve-log' module 'alert'
4/2/2019 -- 13:47:05 - <Config> - enabling 'eve-log' module 'http'
4/2/2019 -- 13:47:05 - <Config> - enabling 'eve-log' module 'dns'
4/2/2019 -- 13:47:05 - <Config> - enabling 'eve-log' module 'tls'
4/2/2019 -- 13:47:05 - <Config> - enabling 'eve-log' module 'files'
4/2/2019 -- 13:47:05 - <Config> - enabling 'eve-log' module 'ssh'
4/2/2019 -- 13:47:05 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
4/2/2019 -- 13:47:05 - <Info> - stats output device (regular) initialized: stats.log
4/2/2019 -- 13:47:05 - <Config> - AutoFP mode using "Hash" flow load balancer
4/2/2019 -- 13:47:05 - <Info> - reading

This file has been truncated. Go here to download in full.


keyword_perf.log - (8682 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 2/4/2019 -- 13:47:06
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             84307           25              25              4517            3372.00         3372.00         0.00           
  content          523215          144             57              30886           3633.00         3808.00         3518.00        
  pcre             37617           7               3               8959            5373.00         6260.00         4709.00        
  byte_test        36740           11              3               5253            3340.00         3050.00         3448.00        
  byte_jump        5091            1               0               5091            5091.00         0.00            5091.00        
  isdataat         3012            1               0               3012            3012.00         0.00            3012.00        
  flowbits         24782           7               3               6403            3540.00         4499.00         2821.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             84307           25              25              4517            3372.00         3372.00         0.00           
  flowbits         15013           5               1               3728            3002.00         3728.00         2821.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          212367          65              29              10178           3267.00         3739.00         2886.00        
  pcre             14788           3               0               8959            4929.00         0.00            4929.00        
  byte_test        36740           11              3               5253            3340.00         3050.00         3448.00        
  byte_jump        5091            1               0               5091            5091.00         0.00            5091.00        
  isdataat         3012            1               0               3012            3012.00         0.00            3012.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         9769            2               2               6403            4884.00         4884.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          13590           4               0               4221            3397.00         0.00            3397.00        
  pcre             4048            1               0               4048            4048.00         0.00            4048.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          43799           12              9               4667            3649.00         3767.00         3297.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          51781           13              11              4976            3983.00         4084.00         3424.00        
  pcre             18781           3               3               6995            6260.00         6260.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3699            1               1               3699            3699.00         3699.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: tls_cert_issuer
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          26086           7               7               4715            3726.00         3726.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: tls_cert_subject
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          171893          42              0               30886           4092.00         0.00            4092.00        


IDSDeathBlossom.py.log - (1179 bytes) - download
1
2
3
4
5
6
7
8
2019-02-04 13:46:58,116 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-02-04 13:46:58,836 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-02-04 13:46:58,836 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etopen-all
2019-02-04 13:46:58,836 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-02-04 13:46:58,836 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-02-04 13:46:58,837 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/07e85c6b940160669d9b7bce43bdff8ad2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/02042019.1345-04f9c9a1-d077-4d3c-95a7-e0a05e1199b7.pcap -vvv -k none
2019-02-04 13:47:06,121 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-02-04 13:47:06,121 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 8.01207900047


suricata-4.0.0-etopen-all-perf.txt-2019-02-04-T-13-47-06-02042019.1345-04f9c9a1-d077-4d3c-95a7-e0a05e1199b7.pcap.txt - (12501 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
  --------------------------------------------------------------------------
  Date: 2/4/2019 -- 13:47:06. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2008120      1        4        9853102      69.28  63       0        9687250     156398.44   0.00        156398.44  
  2        2023622      1        3        601052       4.23   67       0        387435      8970.93     0.00        8970.93    
  3        2021749      1        6        150028       1.05   1        0        150028      150028.00   0.00        150028.00  
  4        2024771      1        1        77052        0.54   1        0        77052       77052.00    0.00        77052.00   
  5        2025330      1        1        75982        0.53   1        0        75982       75982.00    0.00        75982.00   
  6        2018005      1        6        59443        0.42   1        0        59443       59443.00    0.00        59443.00   
  7        2024720      1        3        57575        0.40   1        0        57575       57575.00    0.00        57575.00   
  8        2019343      1        3        57165        0.40   1        1        57165       57165.00    57165.00    0.00       
  9        2017114      1        5        44277        0.31   1        0        44277       44277.00    0.00        44277.00   
  10       2020855      1        3        42511        0.30   1        0        42511       42511.00    0.00        42511.00   
  11       2017295      1        6        40951        0.29   1        0        40951       40951.00    0.00        40951.00   
  12       2017693      1        2        39662        0.28   1        0        39662       39662.00    0.00        39662.00   
  13       2025064      1        5        39424        0.28   1        0        39424       39424.00    0.00        39424.00   
  14       2023462      1        2        36242        0.25   1        1        36242       36242.00    36242.00    0.00       
  15       2025194      1        1        95586        0.67   6        0        36138       15931.00    0.00        15931.00   
  16       2024601      1        2        35478        0.25   1        0        35478       35478.00    0.00        35478.00   
  17       2024227      1        3        78772        0.55   6        0        34815       13128.67    0.00        13128.67   
  18       2023916      1        2        30110        0.21   1        0        30110       30110.00    0.00        30110.00   
  19       2012612      1        16       29172        0.21   1        0        29172       29172.00    0.00        29172.00   
  20       2025189      1        1        70265        0.49   6        0        28301       11710.83    0.00        11710.83   
  21       2017913      1        3        27001        0.19   1        0        27001       27001.00    0.00        27001.00   
  22       2025190      1        1        67859        0.48   6        0        26466       11309.83    0.00        11309.83   
  23       2025192      1        1        68094        0.48   6        0        26422       11349.00    0.00        11349.00   
  24       2025193      1        1        97410        0.68   6        0        26114       16235.00    0.00        16235.00   
  25       2025191      1        1        66862        0.47   6        0        25797       11143.67    0.00        11143.67   
  26       2017552      1        6        36471        0.26   2        0        22220       18235.50    0.00        18235.50   
  27       2009702      1        5        24782        0.17   2        0        21864       12391.00    0.00        12391.00   
  28       2023316      1        2        21603        0.15   1        0        21603       21603.00    0.00        21603.00   
  29       2014701      1        12       23266        0.16   2        0        20633       11633.00    0.00        11633.00   
  30       2010140      1        7        272587       1.92   62       0        20620       4396.56     0.00        4396.56    
  31       2022914      1        1        50308        0.35   4        0        20585       12577.00    0.00        12577.00   
  32       2022543      1        1        17226        0.12   1        0        17226       17226.00    0.00        17226.00   
  33       2013382      1        3        16693        0.12   1        0        16693       16693.00    0.00        16693.00   
  34       2016537      1        2        16126        0.11   1        0        16126       16126.00    0.00        16126.00   
  35       2024513      1        5        15041        0.11   1        0        15041       15041.00    0.00        15041.00   
  36       2014702      1        9        17897        0.13   2        0        15039       8948.50     0.00        8948.50    
  37       2025005      1        13       14633        0.10   1        0        14633       14633.00    0.00        14633.00   
  38       2025114      1        1        14538        0.10   1        0        14538       14538.00    0.00        14538.00   
  39       2014703      1        9        17204        0.12   2        0        13977       8602.00     0.00        8602.00    
  40       2023624      1        3        156912       1.10   55       0        13812       2852.95     0.00        2852.95    
  41       2023621      1        4        28051        0.20   9        0        7115        3116.78     0.00        3116.78    
  42       2019010      1        3        43678        0.31   14       0        6701        3119.86     0.00        3119.86    
  43       2023617      1        3        36511        0.26   12       0        6604        3042.58     0.00        3042.58    
  44       2023626      1        3        141895       1.00   53       0        6553        2677.26     0.00        2677.26    
  45       2018789      1        3        5988         0.04   1        0        5988        5988.00     0.00        5988.00    
  46       2021977      1        6        4244         0.03   1        0        4244        4244.00     0.00        4244.00    
  47       2008297      1        5        4133         0.03   1        0        4133        4133.00     0.00        4133.00    
  48       2103238      1        4        4027         0.03   1        0        4027        4027.00     0.00        4027.00    
  49       2020369      1        3        3976         0.03   1        0        3976        3976.00     0.00        3976.00    
  50       2008420      1        4        6800         0.05   2        0        3940        3400.00     0.00        3400.00    
  51       2016363      1        2        23267        0.16   8        0        3905        2908.38     0.00        2908.38    
  52       2102523      1        8        7607         0.05   2        0        3868        3803.50     0.00        3803.50    
  53       2008116      1        4        49674        0.35   18       0        3842        2759.67     0.00        2759.67    
  54       2009243      1        2        41702        0.29   15       0        3770        2780.13     0.00        2780.13    
  55       2009387      1        4        3742         0.03   1        0        3742        3742.00     0.00        3742.00    
  56       2100327      1        10       6423         0.05   2        0        3713        3211.50     0.00        3211.50    
  57       2100540      1        12       9356         0.07   3        0        3630        3118.67     0.00        3118.67    
  58       2019011      1        3        51093        0.36   18       0        3628        2838.50     0.00        2838.50    
  59       2010143      1        3        169378       1.19   62       0        3514        2731.90     0.00        2731.90    
  60       2025200      1        1        6725         0.05   2        0        3509        3362.50     0.00        3362.50    
  61       2001330      1        8        17763        0.12   6        0        3502        2960.50     0.00        2960.50    
  62       2015986      1        5        3501         0.02   1        0        3501        3501.00     0.00        3501.00    
  63       2020388      1        8        3467         0.02   1        0        3467        3467.00     0.00        3467.00    
  64       2100518      1        8        49974        0.35   18       0        3467        2776.33     0.00        2776.33    
  65       2021976      1        2        3461         0.02   1        0        3461        3461.00     0.00        3461.00    
  66       2010142      1        4        160923       1.13   62       0        3448        2595.53     0.00        2595.53    
  67       2018281      1        4        3444         0.02   1        0        3444        3444.00     0.00        3444.00    
  68       2100566      1        5        23016        0.16   8        0        3435        2877.00     0.00        2877.00    
  69       2023623      1        3        106723       0.75   41       0        3413        2603.00     0.00        2603.00    
  70       2023627      1        3        121424       0.85   45       0        3395        2698.31     0.00        2698.31    
  71       2023614      1        3        26633        0.19   10       0        3374        2663.30     0.00        2663.30    
  72       2016323      1        1        23852        0.17   8        0        3354        2981.50     0.00        2981.50    
  73       2102190      1        5        8875         0.06   3        0        3314        2958.33     0.00        2958.33    
  74       2103158      1        6        11658        0.08   4        0        3304        2914.50     0.00        2914.50    
  75       2008117      1        3        53801        0.38   20       0        3284        2690.05     0.00        2690.05    
  76       2023613      1        3        21949        0.15   8        0        3276        2743.62     0.00        2743.62    
  77       2023625      1        3        121732       0.86   46       0        3275        2646.35     0.00        2646.35    
  78       2022547      1        1        14368        0.10   5        0        3267        2873.60     0.00        2873.60    
  79       2019017      1        3        37993        0.27   14       0        3264        2713.79     0.00        2713.79    
  80       2100540      1        12       8820         0.06   3        0        3261        2940.00     0.00        2940.00    
  81       2103159      1        4        6509         0.05   2        0        3260        3254.50     0.00        3254.50    
  82       2017935      1        3        3258         0.02   1        0        3258        3258.00     0.00        3258.00    
  83       2023619      1        3        11375        0.08   4        0        3238        2843.75     0.00        2843.75    
  84       2101892      1        7        3195         0.02   1        0        3195        3195.00     0.00        3195.00    
  85       2019016      1        3        49128        0.35   18       0        3166        2729.33     0.00        2729.33    
  86       2008118      1        3        41438        0.29   15       0        3155        2762.53     0.00        2762.53    
  87       2021978      1        6        3141         0.02   1        0        3141        3141.00     0.00        3141.00    
  88       2008306      1        3        5677         0.04   2        0        3135        2838.50     0.00        2838.50    
  89       2024777      1        2        5617         0.04   2        0        3083        2808.50     0.00        2808.50    
  90       2023612      1        4        33095        0.23   12       0        3076        2757.92     0.00        2757.92    
  91       2102523      1        8        5675         0.04   2        0        2971        2837.50     0.00        2837.50    
  92       2023615      1        3        20914        0.15   8        0        2881        2614.25     0.00        2614.25    
  93       2018283      1        5        2805         0.02   1        0        2805        2805.00     0.00        2805.00    
  94       2013075      1        8        2594         0.02   1        0        2594        2594.00     0.00        2594.00