Filename: df62576f-dbb4-4bf1-8dc0-c95d0f7bc3b4.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 27.8675420284 seconds
Hash: 326656f6b86a50ebf831327feed088d9
Uploaded: 1562082788

Logfiles


packet_stats.log - (16760 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6            78           204859       79174200      56777576          4.4b   37.12
 IPv4      17            54          3600302       63468197      17697042        955.6m    8.01
 IPv6      17            96          3324951       85179015      43144547          4.1b   34.72
 IPv6      58            55         16187844       82466169      43699971          2.4b   20.15
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6            78            67383        4442771        422543         33.0m   38.31
TMM_FLOWWORKER              IPv4      17            54           119688       16329875        504359         27.2m   31.66
TMM_RECEIVEPCAPFILE         IPv4       6            72             2535           4101          2919        210.2k    0.24
TMM_RECEIVEPCAPFILE         IPv4      17            54             2540          11188          3125        168.8k    0.20
TMM_DECODEPCAPFILE          IPv4       6            72             2654           5032          2930        211.0k    0.25
TMM_DECODEPCAPFILE          IPv4      17            54             2683          26361          3357        181.3k    0.21
TMM_FLOWWORKER              IPv6      17            96           108417        5084102        207203         19.9m   23.12
TMM_FLOWWORKER              IPv6      58            55            65770         123862         76817          4.2m    4.91
TMM_RECEIVEPCAPFILE         IPv6      17            96             2547          11703          2939        282.2k    0.33
TMM_RECEIVEPCAPFILE         IPv6      58            55             2545          34185          3414        187.8k    0.22
TMM_DECODEPCAPFILE          IPv6      17            96             2678          31387          3218        309.0k    0.36
TMM_DECODEPCAPFILE          IPv6      58            55             2722          11055          3210        176.6k    0.21

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6            72             2862          48546          4488        323.2k  0.42  
flow                    IPv4      17            54             2726          19130          4140        223.6k  0.29  
stream                  IPv4       6            78             3013         374156         27337          2.1m  2.78  
app-layer               IPv4      17            54             2514          66605          4908        265.0k  0.35  
detect                  IPv4       6            78            45139        4369471        322342         25.1m  32.76 
detect                  IPv4      17            54           103481       16270900        480257         25.9m  33.79 
tcp-prune               IPv4       6            78             2545          40241          3607        281.4k  0.37  
flow                    IPv6      17            96             2732          35460          4021        386.1k  0.50  
flow                    IPv6      58            55             2826          16579          3481        191.5k  0.25  
app-layer               IPv6      17            96             2522          31102          4457        428.0k  0.56  
detect                  IPv6      17            96            91897        5058014        186386         17.9m  23.31 
detect                  IPv6      58            55            54505         110878         64482          3.5m  4.62  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             6             2963          55821         20427        122.6k  87.23 
dns                     IPv4      17             2             8746           9197          8971         17.9k  12.77 
Proto detect            IPv4      17             9             2785          46893         12960        116.6k
Proto detect            IPv6      17            18             2734          23073          5379         96.8k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6             3            26722          69040         48597        145.8k  7.16  
LOGGER_UNIFIED2             IPv4       6             3            25890         142684         66387        199.2k  9.78  
LOGGER_JSON_ALERT           IPv4       6             3            51811          88317         66705        200.1k  9.82  
LOGGER_JSON_DNS             IPv4      17             2            45546          79570         62558        125.1k  6.14  
LOGGER_JSON_HTTP            IPv4       6             7            29881         368671         97918        685.4k  33.65 
LOGGER_JSON_FILE            IPv4       6            10            44301         157342         68150        681.5k  33.45 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6            47             2608         117578         20341       956.1k  16.80 
payload                           IPv4      17            54             3337          38670         10244       553.2k  9.72  
stream                            IPv4       6            47             2534         253048         32233         1.5m  26.62 
http_uri                          IPv4       6             7             5131          59967         20173       141.2k  2.48  
http_request_line                 IPv4       6             7             3773           8581          6021        42.1k  0.74  
http_client_body                  IPv4       6            10             2802           8602          5014        50.1k  0.88  
http_header (request)             IPv4       6             7             6998          79017         30145       211.0k  3.71  
http_header (request trailer)     IPv4       6             7             2602           2868          2720        19.0k  0.33  
http_header_names (request)       IPv4       6             7             5269          22185         10840        75.9k  1.33  
http_accept (request)             IPv4       6             7             3025           4833          3673        25.7k  0.45  
http_referer (request)            IPv4       6             7             2781           3960          3232        22.6k  0.40  
http_content_len (request)        IPv4       6             7             2754           4382          3302        23.1k  0.41  
http_content_type (request)       IPv4       6             7             2694           4212          3280        23.0k  0.40  
http_protocol (request)           IPv4       6             7             2961           5924          4389        30.7k  0.54  
http_start (request)              IPv4       6             7             4156          14280          9042        63.3k  1.11  
http_raw_header (request)         IPv4       6            10             3748          12888          7231        72.3k  1.27  
http_method                       IPv4       6             7             4182           7355          5258        36.8k  0.65  
http_cookie (request)             IPv4       6             7             2785           3481          3063        21.4k  0.38  
http_raw_uri                      IPv4       6             7             3062           9212          5247        36.7k  0.65  
http_user_agent                   IPv4       6             7             2713          34506          7415        51.9k  0.91  
http_host                         IPv4       6             7             3406          10274          5578        39.1k  0.69  
dns_query                         IPv4      17             1             8302           8302          8302         8.3k  0.15  
http_response_line                IPv4       6            13             3818          19519          7387        96.0k  1.69  
http_header (response)            IPv4       6             7            18463          76676         34684       242.8k  4.27  
http_header (response trailer)    IPv4       6             7             2672           5933          4966        34.8k  0.61  
http_content_type (response)      IPv4       6             7             4231           8066          6113        42.8k  0.75  
http_raw_header (response)        IPv4       6            22             4352          24179          6803       149.7k  2.63  
http_cookie (response)            IPv4       6             7             2975           3317          3140        22.0k  0.39  
http_stat_code                    IPv4       6             7             2834           4290          3547        24.8k  0.44  
file_data (http response)         IPv4       6            15             2575           4530          2797        42.0k  0.74  
Total                             IPv4                   366                                         12769         4.7m
payload                           IPv6      17            96             3215          48092          8229       790.0k  13.88 
payload                           IPv6      58            55             2698          10086          4147       228.1k  4.01  
Total                             IPv6                   151                                          6742         1.0m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6             6            20238          98167         64200        385.2k  0.44  
PROF_DETECT_IPONLY          IPv4      17             9            37545          88768         62578        563.2k  0.65  
PROF_DETECT_RULES           IPv4       6            78             2536        3959683        175455         13.7m  15.76 
PROF_DETECT_RULES           IPv4      17            54            44637       16198518        398007         21.5m  24.76 
PROF_DETECT_STATEFUL_START    IPv4       6            32             5112        2254969        203946          6.5m  7.52  
PROF_DETECT_STATEFUL_CONT    IPv4       6            78             2516          61580         13038          1.0m  1.17  
PROF_DETECT_STATEFUL_CONT    IPv4      17            54             2516           7293          2917        157.5k  0.18  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6            66             2560           3899          2752        181.6k  0.21  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17             2             2989           3010          2999          6.0k  0.01  
PROF_DETECT_PREFILTER       IPv4       6            78             7865         498829         86658          6.8m  7.79  
PROF_DETECT_PREFILTER       IPv4      17            54            24125          61852         34114          1.8m  2.12  
PROF_DETECT_PF_PAYLOAD      IPv4       6            47            13984         294472         60668          2.9m  3.28  
PROF_DETECT_PF_PAYLOAD      IPv4      17            54             8395          43986         15598        842.3k  0.97  
PROF_DETECT_PF_TX           IPv4       6            66             2566         312926         38381          2.5m  2.92  
PROF_DETECT_PF_TX           IPv4      17             1            14221          14221         14221         14.2k  0.02  
PROF_DETECT_PF_SORT1        IPv4       6            30             2621          27643          5312        159.4k  0.18  
PROF_DETECT_PF_SORT1        IPv4      17            54             2573           5542          3419        184.6k  0.21  
PROF_DETECT_PF_SORT2        IPv4       6            78             2521           5133          3040        237.1k  0.27  
PROF_DETECT_PF_SORT2        IPv4      17            54             2547           4610          2815        152.0k  0.18  
PROF_DETECT_NONMPMLIST      IPv4       6            78             2558           4232          3024        235.9k  0.27  
PROF_DETECT_NONMPMLIST      IPv4      17            54             2525           3638          2833        153.0k  0.18  
PROF_DETECT_ALERT           IPv4       6            78             2516          10939          2858        222.9k  0.26  
PROF_DETECT_ALERT           IPv4      17            54             2523           4271          2689        145.2k  0.17  
PROF_DETECT_CLEANUP         IPv4       6            78             2579          19042          3215        250.8k  0.29  
PROF_DETECT_CLEANUP         IPv4      17            54             2516           4023          2773        149.8k  0.17  
PROF_DETECT_GETSGH          IPv4       6            78             2536          16757          3362        262.3k  0.30  
PROF_DETECT_GETSGH          IPv4      17            54             2516          23641          3781        204.2k  0.24  
PROF_DETECT_IPONLY          IPv6      17            18             2836          33756          6399        115.2k  0.13  
PROF_DETECT_IPONLY          IPv6      58             2             6653          10635          8644         17.3k  0.02  
PROF_DETECT_RULES           IPv6      17            96            33684         174586         60935          5.8m  6.74  
PROF_DETECT_RULES           IPv6      58            55             2522          30970          4742        260.8k  0.30  
PROF_DETECT_STATEFUL_CONT    IPv6      17            96             2503           4137          2867        275.3k  0.32  
PROF_DETECT_STATEFUL_CONT    IPv6      58            55             2707           3832          2930        161.1k  0.19  
PROF_DETECT_PREFILTER       IPv6      17            96            23847        4968761         84335          8.1m  9.33  
PROF_DETECT_PREFILTER       IPv6      58            55            18186          45539         22367          1.2m  1.42  
PROF_DETECT_PF_PAYLOAD      IPv6      17            96             8268          54730         14655          1.4m  1.62  
PROF_DETECT_PF_PAYLOAD      IPv6      58            55             7815          28820         10016        550.9k  0.63  
PROF_DETECT_PF_SORT1        IPv6      17            96             2572           6496          3181        305.5k  0.35  
PROF_DETECT_PF_SORT2        IPv6      17            96             2544        4944958         54610          5.2m  6.04  
PROF_DETECT_PF_SORT2        IPv6      58            55             2510           3763          2726        149.9k  0.17  
PROF_DETECT_NONMPMLIST      IPv6      17            96             2527           4060          2882        276.7k  0.32  
PROF_DETECT_NONMPMLIST      IPv6      58            55             2518          16135          3151        173.3k  0.20  
PROF_DETECT_ALERT           IPv6      17            96             2522          24423          3040        291.8k  0.34  
PROF_DETECT_ALERT           IPv6      58            55             2519          26053          3062        168.4k  0.19  
PROF_DETECT_CLEANUP         IPv6      17            96             2518           5977          2863        274.9k  

This file has been truncated. Go here to download in full.


suricata-4.0.0-etpro-all-alert-2019-07-02-T-15-53-36-07022019.1553-df62576f-dbb4-4bf1-8dc0-c95d0f7bc3b4.pcap.txt - (669 bytes) - download
1
2
3
06/28/2019-09:08:32.385233  [**] [1:2829638:2] ETPRO POLICY External IP Address Lookup via ident .me [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 192.168.100.65:51541 -> 176.58.123.25:80
06/28/2019-09:08:32.626185  [**] [1:2829638:2] ETPRO POLICY External IP Address Lookup via ident .me [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 192.168.100.65:51541 -> 176.58.123.25:80
06/28/2019-09:08:32.985592  [**] [1:2829638:2] ETPRO POLICY External IP Address Lookup via ident .me [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 192.168.100.65:51541 -> 176.58.123.25:80


stats.log - (3291 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
------------------------------------------------------------------------------------
Date: 7/2/2019 -- 15:53:36 (uptime: 0d, 00h 00m 03s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 555
decoder.bytes                              | Total                     | 60449
decoder.ipv4                               | Total                     | 126
decoder.ipv6                               | Total                     | 151
decoder.ethernet                           | Total                     | 555
decoder.tcp                                | Total                     | 72
decoder.udp                                | Total                     | 150
decoder.icmpv6                             | Total                     | 55
decoder.avg_pkt_size                       | Total                     | 108
decoder.max_pkt_size                       | Total                     | 1260
flow.tcp                                   | Total                     | 3
flow.udp                                   | Total                     | 26
flow.icmpv6                                | Total                     | 2
tcp.sessions                               | Total                     | 3
tcp.syn                                    | Total                     | 3
tcp.synack                                 | Total                     | 3
detect.alert                               | Total                     | 3
detect.mpm_list                            | Total                     | 7
detect.nonmpm_list                         | Total                     | 1
detect.match_list                          | Total                     | 7
app_layer.flow.http                        | Total                     | 3
app_layer.tx.http                          | Total                     | 7
app_layer.flow.dns_udp                     | Total                     | 1
app_layer.tx.dns_udp                       | Total                     | 1
app_layer.flow.failed_udp                  | Total                     | 25
flow_mgr.new_pruned                        | Total                     | 23
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 22
flow_mgr.flows_notimeout                   | Total                     | 8
flow_mgr.flows_timeout                     | Total                     | 14
flow_mgr.flows_removed                     | Total                     | 14
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65509
flow_mgr.rows_empty                        | Total                     | 5
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7080640


eve.json - (10157 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
{"timestamp":"2019-06-28T09:08:31.470027+0000","flow_id":184768839734267,"pcap_cnt":396,"event_type":"http","src_ip":"192.168.100.65","src_port":51521,"dest_ip":"104.237.255.195","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"104.237.255.195","url":"\/p.txt","http_content_type":"text\/plain"}}
{"timestamp":"2019-06-28T09:08:31.736129+0000","flow_id":257697384480750,"pcap_cnt":398,"event_type":"http","src_ip":"192.168.100.65","src_port":51528,"dest_ip":"91.132.139.196","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"91.132.139.196","url":"\/prxy.php?rCecms=H3OpAirStrike","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; rv:54.0) Gecko\/20100101 Firefox\/54.0","http_content_type":"text\/html"}}
{"timestamp":"2019-06-28T09:08:31.736129+0000","flow_id":257697384480750,"pcap_cnt":398,"event_type":"fileinfo","src_ip":"192.168.100.65","src_port":51528,"dest_ip":"91.132.139.196","dest_port":80,"proto":"TCP","http":{"hostname":"91.132.139.196","url":"\/prxy.php?rCecms=H3OpAirStrike","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; rv:54.0) Gecko\/20100101 Firefox\/54.0","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":18},"app_proto":"http","fileinfo":{"filename":"\/prxy.php","gaps":false,"state":"CLOSED","stored":false,"size":6,"tx_id":0}}
{"timestamp":"2019-06-28T09:08:32.121370+0000","flow_id":947971643464218,"pcap_cnt":400,"event_type":"dns","src_ip":"192.168.100.65","src_port":50862,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":42991,"rrname":"ident.me","rrtype":"A","tx_id":0}}
{"timestamp":"2019-06-28T09:08:32.133820+0000","flow_id":947971643464218,"pcap_cnt":401,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.65","dest_port":50862,"proto":"UDP","dns":{"type":"answer","id":42991,"rcode":"NOERROR","rrname":"ident.me","rrtype":"A","ttl":22,"rdata":"176.58.123.25"}}
{"timestamp":"2019-06-28T09:08:32.385233+0000","flow_id":693438996548947,"pcap_cnt":409,"event_type":"alert","src_ip":"192.168.100.65","src_port":51541,"dest_ip":"176.58.123.25","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2829638,"rev":2,"signature":"ETPRO POLICY External IP Address Lookup via ident .me","category":"Potential Corporate Privacy Violation","severity":1},"app_proto":"http"}
{"timestamp":"2019-06-28T09:08:32.385233+0000","flow_id":693438996548947,"pcap_cnt":409,"event_type":"http","src_ip":"192.168.100.65","src_port":51541,"dest_ip":"176.58.123.25","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"ident.me","url":"\/raw","http_content_type":"text\/plain"}}
{"timestamp":"2019-06-28T09:08:32.414583+0000","flow_id":693438996548947,"pcap_cnt":410,"event_type":"fileinfo","src_ip":"176.58.123.25","src_port":80,"dest_ip":"192.168.100.65","dest_port":51541,"proto":"TCP","http":{"hostname":"ident.me","url":"\/raw","http_content_type":"text\/plain","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":21},"app_proto":"http","fileinfo":{"filename":"\/raw","gaps":false,"state":"CLOSED","stored":false,"size":13,"tx_id":0}}
{"timestamp":"2019-06-28T09:08:32.459580+0000","flow_id":257697384480750,"pcap_cnt":412,"event_type":"fileinfo","src_ip":"91.132.139.196","src_port":80,"dest_ip":"192.168.100.65","dest_port":51528,"proto":"TCP","http":{"hostname":"91.132.139.196","url":"\/prxy.php?rCecms=H3OpAirStrike","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; rv:54.0) Gecko\/20100101 Firefox\/54.0","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":18},"app_proto":"http","fileinfo":{"filename":"\/prxy.php","gaps":false,"state":"CLOSED","stored":false,"size":10,"tx_id":0}}
{"timestamp":"2019-06-28T09:08:32.626185+0000","flow_id":693438996548947,"pcap_cnt":417,"event_type":"alert","src_ip":"192.168.100.65","src_port":51541,"dest_ip":"176.58.123.25","dest_port":80,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2829638,"rev":2,"signature":"ETPRO POLICY External IP Address Lookup via ident .me","category":"Potential Corporate Privacy Violation","severity":1},"app_proto":"http"}
{"timestamp":"2019-06-28T09:08:32.626185+0000","flow_id":693438996548947,"pcap_cnt":417,"event_type":"http","src_ip":"192.168.100.65","src_port":51541,"dest_ip":"176.58.123.25","dest_port":80,"proto":"TCP","tx_id":1,"http":{"hostname":"ident.me","url":"\/raw","http_content_type":"text\/plain"}}
{"timestamp":"2019-06-28T09:08:32.779187+0000","flow_id":693438996548947,"pcap_cnt":419,"event_type":"fileinfo","src_ip":"176.58.123.25","src_port":80,"dest_ip":"192.168.100.65","dest_port":51541,"proto":"TCP","http":{"hostname":"ident.me","url":"\/raw","http_content_type":"text\/plain","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":21},"app_proto":"http","fileinfo":{"filename":"\/raw","gaps":false,"state":"CLOSED","stored":false,"size":13,"tx_id":1}}
{"timestamp":"2019-06-28T09:08:32.799931+0000","flow_id":257697384480750,"pcap_cnt":420,"event_type":"http","src_ip":"192.168.100.65","src_port":51528,"dest_ip":"91.132.139.196","dest_port":80,"proto":"TCP","tx_id":1,"http":{"hostname":"91.132.139.196","url":"\/prxy.php?riHl=QTItMjAtNDQtRDYtODMtRDYtMEItODktMjAtQjAtMDctMjEtREQtNjUtNzctQjQqMTk4MSpBcHIw%0D%0ANCpNaWNyb3NvZnQgV2luZG93cyA3IFByb2Zlc3Npb25hbCozMi1iaXQqVVNFUi1QQypXT1JLR1JP%0D%0AVVAqVVNFUi1QQ1xhZG1pbioxOTIuMTY4LjEwMC42NSoxODUuNDMuMTEwLjE5","http_content_type":"text\/html"}}
{"timestamp":"2019-06-28T09:08:32.799931+0000","flow_id":257697384480750,"pcap_cnt":420,"event_type":"fileinfo","src_ip":"192.168.100.65","src_port":51528,"dest_ip":"91.132.139.196","dest_port":80,"proto":"TCP","http":{"hostname":"91.132.139.196","url":"\/prxy.php?riHl=QTItMjAtNDQtRDYtODMtRDYtMEItODktMjAtQjAtMDctMjEtREQtNjUtNzctQjQqMTk4MSpBcHIw%0D%0ANCpNaWNyb3NvZnQgV2luZG93cyA3IFByb2Zlc3Npb25hbCozMi1iaXQqVVNFUi1QQypXT1JLR1JP%0D%0AVVAqVVNFUi1QQ1xhZG1pbioxOTIuMTY4LjEwMC42NSoxODUuNDMuMTEwLjE5","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":12},"app_proto":"http","fileinfo":{"filename":"\/prxy.php","gaps":false,"state":"CLOSED","stored":false,"size":4,"tx_id":1}}
{"timestamp":"2019-06-28T09:08:32.827156+0000","flow_id":257697384480750,"pcap_cnt":421,"event_type":"fileinfo","src_ip":"91.132.139.196","src_port":80,"dest_ip":"192.168.100.65","dest_port":51528,"proto":"TCP","http":{"hostname":"91.132.139.196","url":"\/prxy.php?riHl=QTItMjAtNDQtRDYtODMtRDYtMEItODktMjAtQjAtMDctMjEtREQtNjUtNzctQjQqMTk4MSpBcHIw%0D%0ANCpNaWNyb3NvZnQgV2luZG93cyA3IFByb2Zlc3Npb25hbCozMi1iaXQqVVNFUi1QQypXT1JLR1JP%0D%0AVVAqVVNFUi1QQ1xhZG1pbioxOTIuMTY4LjEwMC42NSoxODUuNDMuMTEwLjE5","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":12},"app_proto":"http","fileinfo":{"filename":"\/prxy.php","gaps":false,"state":"CLOSED","stored":false,"size":4,"tx_id":1}}
{"timestamp":"2019-06-28T09:08:32.985592+0000","flow_id":693438996548947,"pcap_cnt":426,"event_type":"alert","src_ip":"192.168.100.65","src_port":51541,"dest_ip":"176.58.123.25","dest_port":80,"proto":"TCP","tx_id":2,"alert":{"action":"allowed","gid":1,"signature_id":2829638,"rev":2,"signature":"ETPRO POLICY External IP Address Lookup via ident .me","category":"Potential Corporate Privacy Violation","severity":1},"app_proto":"http"}
{"timestamp":"2019-06-28T09:08:32.985592+0000","flow_id":693438996548947,"pcap_cnt":426,"event_type":"http","src_ip":"192.168.100.65","src_port":51541,"dest_ip":"176.58.123.25","dest_port":80,"proto":"TCP","tx_id":2,"http":{"hostname":"ident.me","url":"\/raw","http_content_type":"text\/plain"}}
{"timestamp":"2019-06-28T09:08:33.188771+0000","flow_id":257697384480750,"pcap_cnt":427,"event_type":"http","src_ip":"192.168.100.65","src_port":51528,"dest_ip":"91.132.139.196","dest_port":80,"proto":"TCP","tx_id":2,"http":{"hostname":"91.132.139.196","url":"\/prxy.php?cienentit=QTItMjAtNDQtRDYtODMtRDYtMEItODktMjAtQjAtMDctMjEtREQtNjUtNzctQjQ=","http_content_type":"text\/html"}}
{"timestamp":"2019-06-28T09:08:33.188771+0000","flow_id":257697384480750,"pcap_cnt":427,"event_type":"fileinfo","src_ip":"192.168.100.65","src_port":51528,"dest_ip":"91.132.139.196","dest_port":80,"proto":"TCP","http":{"hostname":"91.132.139.196","url":"\/prxy.php?cienentit=QTItMjAtNDQtRDYtODMtRDYtMEItODktMjAtQjAtMDctMjEtREQtNjUtNzctQjQ=","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":12},"app_proto":"http","fileinfo":{"filename":"\/prxy.php","gaps":false,"state":"CLOSED","stored":false,"size":9,"tx_id":2}}
{"timestamp":"2019-06-28T09:08:36.186570+0000","flow_id":184768839734267,"pcap_cnt":435,"event_type":"fileinfo","src_ip":"104.237.255.195","src_port":80,"dest_ip":"192.168.100.65","dest_port":51521,"proto":"TCP","http":{"hostname":"104.237.255.195","url":"\/p.txt","http_content_type":"text\/plain","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":18081},"app_proto":"http","fileinfo":{"filename":"\/p.txt","gaps":false,"state":"CLOSED","stored":false,"size":18081,"tx_id":0}}
{"timestamp":"2019-06-28T09:08:37.884640+0000","flow_id":257697384480750,"pcap_cnt":437,"event_type":"fileinfo","src_ip":"91.132.139.196","src_port":80,"dest_ip":"192.168.100.65","dest_port":51528,"proto":"TCP","http":{"hostname":"91.132.139.196","url":"\/prxy.php?cienentit=QTItMjAtNDQtRDYtODMtRDYtMEItODktMjAtQjAtMDctMjEtREQtNjUtNzctQjQ=","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":12},"app_proto":"http","fileinfo":{"filename":"\/prxy.php","gaps":false,"state":"CLOSED","stored":false,"size":4,"tx_id":2}}
{"timestamp":"2019-06-28T09:08:47.780753+0000","flow_id":693438996548947,"pcap_cnt":449,"event_type":"fileinfo","src_ip":"176.58.123.25","src_port":80,"dest_ip":"192.168.100.65","dest_port":51541,"proto":"TCP","http":{"hostname":"ident.me","url":"\/raw","http_content_type":"text\/plain","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":21},"app_proto":"http","fileinfo":{"filename":"\/raw","gaps":false,"state":"CLOSED","stored":false,"size":13,"tx_id":2}}


suricata-report-2019-07-02-T-15-53-36-07022019.1553-df62576f-dbb4-4bf1-8dc0-c95d0f7bc3b4.pcap.txt - (17493 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/326656f6b86a50ebf831327feed088d956b33745cb75ec8c950e11a498e082d2 -r /var/pcap/07022019.1553-df62576f-dbb4-4bf1-8dc0-c95d0f7bc3b4.pcap -vvv -k none
elapsedtime:26.728729
stderr:
stdout:
2/7/2019 -- 15:53:09 - <Info> - Configuration node 'rule-files' redefined.
2/7/2019 -- 15:53:09 - <Notice> - This is Suricata version 4.0.0 RELEASE
2/7/2019 -- 15:53:09 - <Info> - CPUs/cores online: 1
2/7/2019 -- 15:53:09 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 32720 and 'request-body-inspect-window' set to 16769 after randomization.
2/7/2019 -- 15:53:09 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 34129 and 'response-body-inspect-window' set to 15571 after randomization.
2/7/2019 -- 15:53:09 - <Config> - DNS request flood protection level: 500
2/7/2019 -- 15:53:09 - <Config> - DNS per flow memcap (state-memcap): 524288
2/7/2019 -- 15:53:09 - <Config> - DNS global memcap: 16777216
2/7/2019 -- 15:53:09 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
2/7/2019 -- 15:53:09 - <Config> - preallocated 1000 hosts of size 136
2/7/2019 -- 15:53:09 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
2/7/2019 -- 15:53:09 - <Config> - using magic-file /usr/share/file/magic
2/7/2019 -- 15:53:09 - <Config> - Core dump size is unlimited.
2/7/2019 -- 15:53:09 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
2/7/2019 -- 15:53:09 - <Config> - preallocated 1000 defrag trackers of size 168
2/7/2019 -- 15:53:09 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
2/7/2019 -- 15:53:09 - <Config> - stream "prealloc-sessions": 2048 (per thread)
2/7/2019 -- 15:53:09 - <Config> - stream "memcap": 33554432
2/7/2019 -- 15:53:09 - <Config> - stream "midstream" session pickups: disabled
2/7/2019 -- 15:53:09 - <Config> - stream "async-oneside": disabled
2/7/2019 -- 15:53:09 - <Config> - stream "checksum-validation": disabled
2/7/2019 -- 15:53:09 - <Config> - stream."inline": disabled
2/7/2019 -- 15:53:09 - <Config> - stream "bypass": disabled
2/7/2019 -- 15:53:09 - <Config> - stream "max-synack-queued": 5
2/7/2019 -- 15:53:09 - <Config> - stream.reassembly "memcap": 134217728
2/7/2019 -- 15:53:09 - <Config> - stream.reassembly "depth": 0
2/7/2019 -- 15:53:09 - <Config> - stream.reassembly "toserver-chunk-size": 2492
2/7/2019 -- 15:53:09 - <Config> - stream.reassembly "toclient-chunk-size": 2611
2/7/2019 -- 15:53:09 - <Config> - stream.reassembly.raw: enabled
2/7/2019 -- 15:53:09 - <Config> - stream.reassembly "segment-prealloc": 2048
2/7/2019 -- 15:53:09 - <Config> - Delayed detect disabled
2/7/2019 -- 15:53:09 - <Config> - pattern matchers: MPM: ac, SPM: bm
2/7/2019 -- 15:53:09 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
2/7/2019 -- 15:53:09 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
2/7/2019 -- 15:53:09 - <Config> - prefilter engines: MPM
2/7/2019 -- 15:53:09 - <Config> - IP reputation disabled
2/7/2019 -- 15:53:09 - <Perf> - Registered 148 keyword profiling counters.
2/7/2019 -- 15:53:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
2/7/2019 -- 15:53:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
2/7/2019 -- 15:53:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
2/7/2019 -- 15:53:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
2/7/2019 -- 15:53:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
2/7/2019 -- 15:53:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
2/7/2019 -- 15:53:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
2/7/2019 -- 15:53:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
2/7/2019 -- 15:53:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
2/7/2019 -- 15:53:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
2/7/2019 -- 15:53:15 - <Config> - No rules loaded from ET-icmp.rules.
2/7/2019 -- 15:53:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
2/7/2019 -- 15:53:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
2/7/2019 -- 15:53:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
2/7/2019 -- 15:53:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
2/7/2019 -- 15:53:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
2/7/2019 -- 15:53:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
2/7/2019 -- 15:53:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
2/7/2019 -- 15:53:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
2/7/2019 -- 15:53:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
2/7/2019 -- 15:53:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
2/7/2019 -- 15:53:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
2/7/2019 -- 15:53:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
2/7/2019 -- 15:53:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
2/7/2019 -- 15:53:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
2/7/2019 -- 15:53:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
2/7/2019 -- 15:53:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
2/7/2019 -- 15:53:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
2/7/2019 -- 15:53:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
2/7/2019 -- 15:53:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
2/7/2019 -- 15:53:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
2/7/2019 -- 15:53:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
2/7/2019 -- 15:53:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
2/7/2019 -- 15:53:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
2/7/2019 -- 15:53:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
2/7/2019 -- 15:53:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
2/7/2019 -- 15:53:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
2/7/2019 -- 15:53:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
2/7/2019 -- 15:53:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
2/7/2019 -- 15:53:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
2/7/2019 -- 15:53:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
2/7/2019 -- 15:53:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
2/7/2019 -- 15:53:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
2/7/2019 -- 15:53:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
2/7/2019 -- 15:53:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
2/7/2019 -- 15:53:24 - <Config> - No rules loaded from local.rules.
2/7/2019 -- 15:53:24 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
2/7/2019 -- 15:53:24 - <Info> - Threshold config parsed: 0 rule(s) found
2/7/2019 -- 15:53:25 - <Perf> - using shared mpm ctx' for tcp-packet
2/7/2019 -- 15:53:25 - <Perf> - using shared mpm ctx' for tcp-stream
2/7/2019 -- 15:53:25 - <Perf> - using shared mpm ctx' for udp-packet
2/7/2019 -- 15:53:25 - <Perf> - using shared mpm ctx' for other-ip
2/7/2019 -- 15:53:25 - <Perf> - using shared mpm ctx' for http_uri
2/7/2019 -- 15:53:25 - <Perf> - using shared mpm ctx' for http_request_line
2/7/2019 -- 15:53:25 - <Perf> - using shared mpm ctx' for http_client_body
2/7/2019 -- 15:53:25 - <Perf> - using shared mpm ctx' for http_response_line
2/7/2019 -- 15:53:25 - <Perf> - using shared mpm ctx' for http_header
2/7/2019 -- 15:53:25 - <Perf> - using shared mpm ctx' for http_header
2/7/2019 -- 15:53:25 - <Perf> - using shared mpm ctx' for http_header_names
2/7/2019 -- 15:53:25 - <Perf> - using shared mpm ctx' for http_header_names
2/7/2019 -- 15:53:25 - <Perf> - using shared mpm ctx' for http_accept
2/7/2019 -- 15:53:25 - <Perf> - using shared mpm ctx' for http_accept_enc
2/7/2019 -- 15:53:25 - <Perf> - using shared mpm ctx' for http_accept_lang
2/7/2019 -- 15:53:25 - <Perf> - using shared mpm ctx' for http_referer
2/7/2019 -- 15:53:25 - <Perf> - using shared mpm ctx' for http_connection
2/7/2019 -- 15:53:25 - <Perf> - using shared mpm ctx' for http_content_len
2/7/2019 -- 15:53:25 - <Perf> - using shared mpm ctx' for http_content_len
2/7/2019 -- 15:53:25 - <Perf> - using shared mpm ctx' for http_content_type
2/7/2019 -- 15:53:25 - <Perf> - using shared mpm ctx' for http_content_type
2/7/2019 -- 15:53:25 - <Perf> - using shared mpm ctx' for http_protocol
2/7/2019 -- 15:53:25 - <Perf> - using shared mpm ctx' for http_protocol
2/7/2019 -- 15:53:25 - <Perf> - using shared mpm ctx' for http_start
2/7/2019 -- 15:53:25 - <Perf> - using shared mpm ctx' for http_start
2/7/2019 -- 15:53:25 - <Perf> - using shared mpm ctx' for http_raw_header
2/7/2019 -- 15:53:25 - <Perf> - using shared mpm ctx' for http_raw_header
2/7/2019 -- 15:53:25 - <Perf> - using shared mpm ctx' for http_method
2/7/2019 -- 15:53:25 - <Perf> - using shared mpm ctx' for http_cookie
2/7/2019 -- 15:53:25 - <Perf> - using shared mpm ctx' for http_cookie
2/7/2019 -- 15:53:25 - <Perf> - using shared mpm ctx' for http_raw_uri
2/7/2019 -- 15:53:25 - <Perf> - using shared mpm ctx' for http_user_agent
2/7/2019 -- 15:53:25 - <Perf> - using shared mpm ctx' for http_host
2/7/2019 -- 15:53:25 - <Perf> - using shared mpm ctx' for http_raw_host
2/7/2019 -- 15:53:25 - <Perf> - using shared mpm ctx' for http_stat_msg
2/7/2019 -- 15:53:25 - <Perf> - using shared mpm ctx' for http_stat_code
2/7/2019 -- 15:53:25 - <Perf> - using shared mpm ctx' for dns_query
2/7/2019 -- 15:53:25 - <Perf> - using shared mpm ctx' for tls_sni
2/7/2019 -- 15:53:25 - <Perf> - using shared mpm ctx' for tls_cert_issuer
2/7/2019 -- 15:53:25 - <Perf> - using shared mpm ctx' for tls_cert_subject
2/7/2019 -- 15:53:25 - <Perf> - using shared mpm ctx' for tls_cert_serial
2/7/2019 -- 15:53:25 - <Perf> - using shared mpm ctx' for dce_stub_data
2/7/2019 -- 15:53:25 - <Perf> - using shared mpm ctx' for dce_stub_data
2/7/2019 -- 15:53:25 - <Perf> - using shared mpm ctx' for ssh_protocol
2/7/2019 -- 15:53:25 - <Perf> - using shared mpm ctx' for ssh_protocol
2/7/2019 -- 15:53:25 - <Perf> - using shared mpm ctx' for ssh_software
2/7/2019 -- 15:53:25 - <Perf> - using shared mpm ctx' for ssh_software
2/7/2019 -- 15:53:25 - <Perf> - using shared mpm ctx' for file_data
2/7/2019 -- 15:53:25 - <Perf> - using shared mpm ctx' for file_data
2/7/2019 -- 15:53:25 - <Perf> - using shared mpm ctx' for http_request_line
2/7/2019 -- 15:53:25 - <Perf> - using shared mpm ctx' for http_response_line
2/7/2019 -- 15:53:25 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
2/7/2019 -- 15:53:25 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
2/7/2019 -- 15:53:25 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
2/7/2019 -- 15:53:25 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
2/7/2019 -- 15:53:25 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
2/7/2019 -- 15:53:25 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
2/7/2019 -- 15:53:25 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
2/7/2019 -- 15:53:25 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
2/7/2019 -- 15:53:31 - <Perf> - Unique rule groups: 104
2/7/2019 -- 15:53:31 - <Perf> - Builtin MPM "toserver TCP packet": 35
2/7/2019 -- 15:53:31 - <Perf> - Builtin MPM "toclient TCP packet": 17
2/7/2019 -- 15:53:31 - <Perf> - Builtin MPM "toserver TCP stream": 33
2/7/2019 -- 15:53:31 - <Perf> - Builtin MPM "toclient TCP stream": 19
2/7/2019 -- 15:53:31 - <Perf> - Builtin MPM "toserver UDP packet": 27
2/7/2019 -- 15:53:31 - <Perf> - Builtin MPM "toclient UDP packet": 17
2/7/2019 -- 15:53:31 - <Perf> - Builtin MPM "other IP packet": 3
2/7/2019 -- 15:53:31 - <Perf> - AppLayer MPM "toserver http_uri": 14
2/7/2019 -- 15:53:31 - <Perf> - AppLayer MPM "toserver http_request_line": 1
2/7/2019 -- 15:53:31 - <Perf> - AppLayer MPM "toserver http_client_body": 6
2/7/2019 -- 15:53:31 - <Perf> - AppLayer MPM "toclient http_response_line": 1
2/7/2019 -- 15:53:31 - <Perf> - AppLayer MPM "toserver http_header": 10
2/7/2019 -- 15:53:31 - <Perf> - AppLayer MPM "toclient http_header": 6
2/7/2019 -- 15:53:31 - <Perf> - AppLayer MPM "toserver http_header_names": 2
2/7/2019 -- 15:53:31 - <Perf> - AppLayer MPM "toserver http_accept": 1
2/7/2019 -- 15:53:31 - <Perf> - AppLayer MPM "toserver http_referer": 1
2/7/2019 -- 15:53:31 - <Perf> - AppLayer MPM "toserver http_content_len": 1
2/7/2019 -- 15:53:31 - <Perf> - AppLayer MPM "toserver http_content_type": 1
2/7/2019 -- 15:53:31 - <Perf> - AppLayer MPM "toclient http_content_type": 1
2/7/2019 -- 15:53:31 - <Perf> - AppLayer MPM "toserver http_protocol": 1
2/7/2019 -- 15:53:31 - <Perf> - AppLayer MPM "toserver http_start": 1
2/7/2019 -- 15:53:31 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
2/7/2019 -- 15:53:31 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
2/7/2019 -- 15:53:31 - <Perf> - AppLayer MPM "toserver http_method": 5
2/7/2019 -- 15:53:31 - <Perf> - AppLayer MPM "toserver http_cookie": 1
2/7/2019 -- 15:53:31 - <Perf> - AppLayer MPM "toclient http_cookie": 2
2/7/2019 -- 15:53:31 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
2/7/2019 -- 15:53:31 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
2/7/2019 -- 15:53:31 - <Perf> - AppLayer MPM "toserver http_host": 2
2/7/2019 -- 15:53:31 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
2/7/2019 -- 15:53:31 - <Perf> - AppLayer MPM "toserver dns_query": 4
2/7/2019 -- 15:53:31 - <Perf> - AppLayer MPM "toserver tls_sni": 2
2/7/2019 -- 15:53:31 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
2/7/2019 -- 15:53:31 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
2/7/2019 -- 15:53:31 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
2/7/2019 -- 15:53:31 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
2/7/2019 -- 15:53:31 - <Perf> - AppLayer MPM "toserver file_data": 1
2/7/2019 -- 15:53:31 - <Perf> - AppLayer MPM "toclient file_data": 7
2/7/2019 -- 15:53:33 - <Perf> - Registered 39590 rule profiling counters.
2/7/2019 -- 15:53:33 - <Info> - fast output device (regular) initialized: alert
2/7/2019 -- 15:53:33 - <Info> - eve-log output device (regular) initialized: eve.json
2/7/2019 -- 15:53:33 - <Config> - enabling 'eve-log' module 'alert'
2/7/2019 -- 15:53:33 - <Config> - enabling 'eve-log' module 'http'
2/7/2019 -- 15:53:33 - <Config> - enabling 'eve-log' module 'dns'
2/7/2019 -- 15:53:33 - <Config> - enabling 'eve-log' module 'tls'
2/7/2019 -- 15:53:33 - <Config> - enabling 'eve-log' module 'files'
2/7/2019 -- 15:53:33 - <Config> - enabling 'eve-log' module 'ssh'
2/7/2019 -- 15:53:33 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
2/7/2019 -- 15:53:34 - <Info> - stats output device (regular) initialized: stats.log
2/7/2019 -- 15:53:34 - <Config> - AutoFP mode using "Hash" flow load balancer
2/7/2019 -- 15:53:34 - <Info> - reading pcap file /var/pcap/07022019.1553-df62576f-dbb4-4bf1-8dc0-c95d0f7bc3b4.pcap
2/7/2019 -- 15:53:34 - <Config> - using 1 flow manager threads
2/7/2019 -- 15:53:34 - <Config> - using 1 flow recycler threads
2/7/2019 -- 15:53:34 - <Notice> - all 2 packet processing threads, 4 management threads initialized, engin

This file has been truncated. Go here to download in full.


keyword_perf.log - (12625 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 7/2/2019 -- 15:53:36
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             1100825         332             332             18862           3315.00         3315.00         0.00           
  content          2456743         632             470             60836           3887.00         3993.00         3577.00        
  pcre             917273          122             13              24749           7518.00         7551.00         7514.00        
  byte_test        196029          55              48              31765           3564.00         2997.00         7451.00        
  byte_jump        52695           15              15              11064           3513.00         3513.00         0.00           
  isdataat         2811            1               0               2811            2811.00         0.00            2811.00        
  flowbits         110192          31              9               14424           3554.00         5116.00         2915.00        
  urilen           297920          82              47              19915           3633.00         3276.00         4112.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             1100825         332             332             18862           3315.00         3315.00         0.00           
  flowbits         67253           23              1               3864            2924.00         3111.00         2915.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          396728          108             72              21435           3673.00         3766.00         3487.00        
  pcre             76041           12              0               21219           6336.00         0.00            6336.00        
  byte_test        164264          54              48              6119            3041.00         2997.00         3398.00        
  byte_jump        52695           15              15              11064           3513.00         3513.00         0.00           
  isdataat         2811            1               0               2811            2811.00         0.00            2811.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         42939           8               8               14424           5367.00         5367.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          730604          186             133             20640           3927.00         3949.00         3873.00        
  pcre             624103          86              6               23315           7257.00         6848.00         7287.00        
  urilen           297920          82              47              19915           3633.00         3276.00         4112.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_client_body
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          35325           10              0               4404            3532.00         0.00            3532.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          21932           7               0               3909            3133.00         0.00            3133.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          20613           6               0               4176            3435.00         0.00            3435.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          860967          208             180             60836           4139.00         4261.00         3353.00        
  pcre             207162          22              7               24749           9416.00         8153.00         10005.00       
  byte_test        31765           1               0               31765           31765.00        0.00            31765.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          120852          33              29              4880            3662.00         3592.00         4167.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          33109           6               6               16755           5518.00         5518.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          129031          38              30              4938            3395.00         3421.00         3296.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          64229           16              12              6029            4014.00         4067.00         3855.00        
  pcre             9967            2               0               5150            4983.00         0.00            4983.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_host
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          9669            3               3               3470            3223.00         3223.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          33684           11              5               3365            3062.00         3020.00         3096.00        


unified2.alert.1562082813 - (585 bytes) - download
1
2
3
4
5
6
7
8
9
4]ÙàÑ+-F!À¨dA°:{ÉUP]Ù]ÙàÑsEejVÀ¨dA°:{ÉUPPªGET /raw HTTP/1.1
Host: ident.me
Connection: Keep-Alive

4]Ù	Ž	+-F!À¨dA°:{ÉUPw]Ù]Ù	Ž	[EMjnÀ¨dA°:{ÉUPP¹ÅGET /raw HTTP/1.1
Host: ident.me

4]Ù	ø+-F!À¨dA°:{ÉUPw]Ù]Ù	ø[EMjnÀ¨dA°:{ÉUPP¹ÅGET /raw HTTP/1.1
Host: ident.me


IDSDeathBlossom.py.log - (1176 bytes) - download
1
2
3
4
5
6
7
8
2019-07-02 15:53:08,776 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-07-02 15:53:09,580 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-07-02 15:53:09,580 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-07-02 15:53:09,581 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-07-02 15:53:09,581 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-07-02 15:53:09,581 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/326656f6b86a50ebf831327feed088d956b33745cb75ec8c950e11a498e082d2 -r /var/pcap/07022019.1553-df62576f-dbb4-4bf1-8dc0-c95d0f7bc3b4.pcap -vvv -k none
2019-07-02 15:53:36,311 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-07-02 15:53:36,312 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 27.5515270233


suricata-4.0.0-etpro-all-perf.txt-2019-07-02-T-15-53-36-07022019.1553-df62576f-dbb4-4bf1-8dc0-c95d0f7bc3b4.pcap.txt - (27221 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 7/2/2019 -- 15:53:36. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2827580      1        7        206134       1.16   3        0        163291      68711.33    0.00        68711.33   
  2        2016537      1        2        728570       4.10   24       4        94751       30357.08    68999.00    22628.70   
  3        2827279      1        5        84793        0.48   1        0        84793       84793.00    0.00        84793.00   
  4        2816922      1        5        80211        0.45   1        0        80211       80211.00    0.00        80211.00   
  5        2816910      1        2        79245        0.45   1        0        79245       79245.00    0.00        79245.00   
  6        2821615      1        2        180146       1.01   3        0        77280       60048.67    0.00        60048.67   
  7        2828008      1        2        76716        0.43   1        0        76716       76716.00    0.00        76716.00   
  8        2805348      1        4        725491       4.09   15       0        76529       48366.07    0.00        48366.07   
  9        2812616      1        2        74813        0.42   1        0        74813       74813.00    0.00        74813.00   
  10       2829607      1        1        110173       0.62   2        0        73380       55086.50    0.00        55086.50   
  11       2816895      1        2        134892       0.76   3        0        69743       44964.00    0.00        44964.00   
  12       2828190      1        2        69539        0.39   1        0        69539       69539.00    0.00        69539.00   
  13       2816909      1        2        68966        0.39   1        0        68966       68966.00    0.00        68966.00   
  14       2021399      1        3        148242       0.83   3        0        67546       49414.00    0.00        49414.00   
  15       2816925      1        3        65879        0.37   1        0        65879       65879.00    0.00        65879.00   
  16       2023083      1        2        203766       1.15   6        0        63959       33961.00    0.00        33961.00   
  17       2826256      1        2        333034       1.88   7        0        63359       47576.29    0.00        47576.29   
  18       2815182      1        3        121147       0.68   3        0        61985       40382.33    0.00        40382.33   
  19       2830124      1        1        107726       0.61   2        0        61476       53863.00    0.00        53863.00   
  20       2819673      1        4        57290        0.32   1        0        57290       57290.00    0.00        57290.00   
  21       2021067      1        2        57191        0.32   1        1        57191       57191.00    57191.00    0.00       
  22       2808793      1        3        55592        0.31   1        0        55592       55592.00    0.00        55592.00   
  23       2823858      1        3        169215       0.95   5        0        54923       33843.00    0.00        33843.00   
  24       2014442      1        6        123000       0.69   3        0        54315       41000.00    0.00        41000.00   
  25       2816940      1        2        54203        0.31   1        0        54203       54203.00    0.00        54203.00   
  26       2017261      1        3        133561       0.75   3        0        54095       44520.33    0.00        44520.33   
  27       2816927      1        3        53952        0.30   1        0        53952       53952.00    0.00        53952.00   
  28       2807682      1        2        94489        0.53   3        0        53498       31496.33    0.00        31496.33   
  29       2008120      1        4        443948       2.50   143      0        52253       3104.53     0.00        3104.53    
  30       2811905      1        3        127312       0.72   3        0        50884       42437.33    0.00        42437.33   
  31       2812433      1        2        172244       0.97   6        0        50245       28707.33    0.00        28707.33   
  32       2815181      1        3        109981       0.62   3        0        50053       36660.33    0.00        36660.33   
  33       2021718      1        4        118609       0.67   3        0        48018       39536.33    0.00        39536.33   
  34       2019378      1        12       88652        0.50   3        0        47692       29550.67    0.00        29550.67   
  35       2021413      1        2        106431       0.60   3        0        47373       35477.00    0.00        35477.00   
  36       2017456      1        3        100105       0.56   3        0        47223       33368.33    0.00        33368.33   
  37       2816165      1        5        279259       1.57   9        0        46896       31028.78    0.00        31028.78   
  38       2021418      1        9        119487       0.67   3        0        46769       39829.00    0.00        39829.00   
  39       2814205      1        3        46137        0.26   1        0        46137       46137.00    0.00        46137.00   
  40       2815886      1        2        86913        0.49   3        0        45654       28971.00    0.00        28971.00   
  41       2015877      1        6        107382       0.60   3        0        45390       35794.00    0.00        35794.00   
  42       2809363      1        3        109095       0.61   3        0        44848       36365.00    0.00        36365.00   
  43       2025064      1        5        44790        0.25   1        0        44790       44790.00    0.00        44790.00   
  44       2016809      1        5        116023       0.65   3        0        44135       38674.33    0.00        38674.33   
  45       2815180      1        3        98976        0.56   3        0        43867       32992.00    0.00        32992.00   
  46       2816928      1        3        43607        0.25   1        0        43607       43607.00    0.00        43607.00   
  47       2019094      1        5        99251        0.56   3        0        42870       33083.67    0.00        33083.67   
  48       2815156      1        2        98049        0.55   3        0        42603       32683.00    0.00        32683.00   
  49       2022901      1        2        98245        0.55   3        0        41976       32748.33    0.00        32748.33   
  50       2828426      1        2        41938        0.24   1        0        41938       41938.00    0.00        41938.00   
  51       2017552      1        6        435594       2.45   25       0        41932       17423.76    0.00        17423.76   
  52       2020964      1        2        100469       0.57   3        0        41772       33489.67    0.00        33489.67   
  53       2018359      1        3        40975        0.23   1        0        40975       40975.00    0.00        40975.00   
  54       2827505      1        2        40945        0.23   1        0        40945       40945.00    0.00        40945.00   
  55       2829848      1        2        94598        0.53   3        0        39921       31532.67    0.00        31532.67   
  56       2016706      1        20       99942        0.56   3        0        39243       33314.00    0.00        33314.00   
  57       2816929      1        4        39188        0.22   1        0        39188       39188.00    0.00        39188.00   
  58       2816930      1        4        39170        0.22   1        0        39170       39170.00    0.00        39170.00   
  59       2816931      1        3        39074        0.22   1        0        39074       39074.00    0.00        39074.00   
  60       2014380      1        4        119947       0.68   5        0        38972       23989.40    0.00        23989.40   
  61       2815220      1        2        93480        0.53   3        0        38398       31160.00    0.00        31160.00   
  62       2012612      1        16       38091        0.21   1        0        38091       38091.00    0.00        38091.00   
  63       2021075      1        2        106218       0.60   3        3        38044       35406.00    35406.00    0.00       
  64       2816619      1        2        184136       1.04   19       0        37601       9691.37     0.00        9691.37    
  65       2023916      1        2        37162        0.21   1        0        37162       37162.00    0.00        37162.00   
  66       2828060      1        4        93200        0.52   3        0        37118       31066.67    0.00        31066.67   
  67       2828123      1        2        36988        0.21   1        0        36988       36988.00    0.00        36988.00   
  68       2820851      1        5        36932        0.21   1        0        36932       36932.00    0.00        36932.00   
  69       2821471      1        2        93861        0.53   3        0        36923       31287.00    0.00        31287.00   
  70       2017036      1        3        79096        0.45   3        0        36696       26365.33    0.00        26365.33   
  71       2020181      1        8        106664       0.60   3        0        36385       35554.67    0.00        35554.67   
  72       2017454      1        12       94000        0.53   3        0        36344       31333.33    0.00        31333.33   
  73       2024768      1        2        36270        0.20   1        0        36270       36270.00    0.00        36270.00   
  74       2024771      1        1        87225        0.49   16       0        36178       5451.56     0.00        5451.56    
  75       2017119      1        4        91477        0.52   3        0        36105       30492.33    0.00        30492.33   
  76       2017076      1        9        92438        0.52   3        0        36060       30812.67    0.00        30812.67   
  77       2805089      1        6        36033        0.20   1        0        36033       36033.00    0.00        36033.00   
  78       2804095      1        2        35921        0.20   1        0        35921       35921.00    0.00        35921.00   
  79       2805155      1        3        35649        0.20   1        0        35649       35649.00    0.00        35649.00   
  80       2830035      1        2        70155        0.40   2        0        35487       35077.50    0.00        35077.50   
  81       2829638      1        2        102513       0.58   3        3        35466       34171.00    34171.00    0.00       
  82       2811826      1        7        101925       0.57   3        0        35438       33975.00    0.00        33975.00   
  83       2017556      1        3        91023        0.51   3        0        35350       30341.00    0.00        30341.00   
  84       2813027      1        3        76880        0.43   3        0        34427       25626.67    0.00        25626.67   
  85       2830036      1        1        68551        0.39   2        0        34342       34275.50    0.00        34275.50   
  86       2014967      1        3        76419        0.43   3        0        34292       25473.00    0.00        25473.00   
  87       2807970      1        8        88797        0.50   3        0        33989       29599.00    0.00        29599.00   
  88       2819882      1        2        61853        0.35   3        0        32984       20617.67    0.00        20617.67   
  89       2023583      1        4        32948        0.19   1        0        32948       32948.00    0.00        32948.00   
  90       2021775      1        2        95562        0.54   3        0        32516       31854.00    0.00        31854.00   
  91       2020963      1        2        88757        0.50   3        0        32326       29585.67    0.00        29585.67   
  92       2013739      1        15       415892       2.34   141      0        32170       2949.59     0.00        2949.59    
  93       2815817      1        5        31766        0.18   1        0        31766       31766.00    0.00        31766.00   
  94       2018055      1        3        85091        0.48   16       0        31736       5318.19     0.00        5318.19    
  95       2020962      1        3        88028        0.50   3        0        31222       29342.67    0.00        29342.67   
  96       2827363      1        2        31102        0.18   1        0        31102       31102.00    0.00        31102.00   
  97       2022205      1        2        86252        0.49   3        0        30826       28750.67    0.00        28750.67   
  98       2816327      1        4        30623        0.17   1        0        30623       30623.00    0.00        30623.00   
  99       2828986      1        2        85604        0.48   3        0        30450       28534.67    0.00        28534.67   
  100      2017948      1        2        116736       0.66   6        0        30369       19456.00    0.00        19456.00   
  101      2807793      1        4        85392        0.48   3        0        30117       28464.00    0.00        28464.00   
  102      2010142      1        4        408198       2.30   142      0        30075       2874.63     0.00        2874.63    
  103      2816525      1        10       29442        0.17   1        0        29442       29442.00    0.00        29442.00   
  104      2025162      1        2        56880        0.32   2        0        29212       28440.00    0.00        28440.00   
  105      2823166      1        3        29024        0.16   1        0        29024       29024.00    0.00        29024.00   
  106      2809267      1        8        55708        0.31   2        0        28936       27854.00    0.00        27854.00   
  107      2816526      1        13       28838        0.16   1        0        28838       28838.00    0.00        28838.00   
  108      2816328      1        5        28799        0.16   1        0        28799       28799.00    0.00        28799.00   
  109      2806713      1        2        28748        0.16   1        0        28748       28748.00    0.00        28748.00   
  110      2008377      1        5        85583        0.48   3        0        28739       28527.67    0.00        28527.67   
  111      2022197      1        3        28660        0.16   1        0        28660       28660.00    0.00        28660.00   
  112      2815568      1        2        83680        0.47   3        0        28426       27893.33    0.00        27893.33   
  113      2822100      1        2        79723        0.45   3        0        28317       26574.33    0.00        26574.33   
  114      2829644      1        1        56152        0.32   2        0        28286       28076.00    0.00        28076.00   
  115      2022914      1        1        28140        0.16   1        0        28140       28140.00    0.00        28140.00   
  116      2014409      1        5        27818        0.16   1        0        27818       27818.00    0.00        27818.00   
  117      2816924      1        4        27088        0.15   1        0        27088       27088.00    0.00        27088.00   
  118      2012707      1        5        149979       0.84   7        0        26549       21425.57    0.00        21425.57   
  119      2024606      1        2        72993        0.41   3        0        26479       24331.00    0.00        24331.00   
  120      2816899      1        2        64061        0.36   3        0        25591       21353.67    0.00        21353.67   
  121      2809511      1        4        69985        0.39   3        0        24279       23328.33    0.00        23328.33   
  122      2804626      1        9        23687        0.13   1        0        23687       23687.00    0.00        23687.00   
  123      2009702      1        5        26376        0.15   2        0        22970       13188.00    0.00        13188.00   
  124      2023623      1        3        122833       0.69   39       0        22959       3149.56     0.00        3149.56    
  125      2023316      1        2        22

This file has been truncated. Go here to download in full.