Filename: Variant1.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etopen-all
Runtime: 9.66701197624 seconds
Hash: 41d34d07aa81f3cb5ee12315cc5c88a9
Uploaded: 1542380043

Logfiles


suricata-report-2018-11-16-T-14-54-13-11162018.1454-Variant1.pcap.txt - (18286 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/41d34d07aa81f3cb5ee12315cc5c88a9d2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/11162018.1454-Variant1.pcap -vvv -k none
elapsedtime:8.697621
stderr:
stdout:
16/11/2018 -- 14:54:04 - <Info> - Configuration node 'rule-files' redefined.
16/11/2018 -- 14:54:04 - <Notice> - This is Suricata version 4.0.0 RELEASE
16/11/2018 -- 14:54:04 - <Info> - CPUs/cores online: 1
16/11/2018 -- 14:54:04 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 31247 and 'request-body-inspect-window' set to 16875 after randomization.
16/11/2018 -- 14:54:04 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 31515 and 'response-body-inspect-window' set to 15787 after randomization.
16/11/2018 -- 14:54:04 - <Config> - DNS request flood protection level: 500
16/11/2018 -- 14:54:04 - <Config> - DNS per flow memcap (state-memcap): 524288
16/11/2018 -- 14:54:04 - <Config> - DNS global memcap: 16777216
16/11/2018 -- 14:54:04 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
16/11/2018 -- 14:54:04 - <Config> - preallocated 1000 hosts of size 136
16/11/2018 -- 14:54:04 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
16/11/2018 -- 14:54:04 - <Config> - using magic-file /usr/share/file/magic
16/11/2018 -- 14:54:04 - <Config> - Core dump size is unlimited.
16/11/2018 -- 14:54:04 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
16/11/2018 -- 14:54:04 - <Config> - preallocated 1000 defrag trackers of size 168
16/11/2018 -- 14:54:04 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
16/11/2018 -- 14:54:04 - <Config> - stream "prealloc-sessions": 2048 (per thread)
16/11/2018 -- 14:54:04 - <Config> - stream "memcap": 33554432
16/11/2018 -- 14:54:04 - <Config> - stream "midstream" session pickups: disabled
16/11/2018 -- 14:54:04 - <Config> - stream "async-oneside": disabled
16/11/2018 -- 14:54:04 - <Config> - stream "checksum-validation": disabled
16/11/2018 -- 14:54:04 - <Config> - stream."inline": disabled
16/11/2018 -- 14:54:04 - <Config> - stream "bypass": disabled
16/11/2018 -- 14:54:04 - <Config> - stream "max-synack-queued": 5
16/11/2018 -- 14:54:04 - <Config> - stream.reassembly "memcap": 134217728
16/11/2018 -- 14:54:04 - <Config> - stream.reassembly "depth": 0
16/11/2018 -- 14:54:04 - <Config> - stream.reassembly "toserver-chunk-size": 2505
16/11/2018 -- 14:54:04 - <Config> - stream.reassembly "toclient-chunk-size": 2639
16/11/2018 -- 14:54:04 - <Config> - stream.reassembly.raw: enabled
16/11/2018 -- 14:54:04 - <Config> - stream.reassembly "segment-prealloc": 2048
16/11/2018 -- 14:54:04 - <Config> - Delayed detect disabled
16/11/2018 -- 14:54:04 - <Config> - pattern matchers: MPM: ac, SPM: bm
16/11/2018 -- 14:54:04 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
16/11/2018 -- 14:54:04 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
16/11/2018 -- 14:54:04 - <Config> - prefilter engines: MPM
16/11/2018 -- 14:54:04 - <Config> - IP reputation disabled
16/11/2018 -- 14:54:04 - <Perf> - Registered 148 keyword profiling counters.
16/11/2018 -- 14:54:04 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-ftp.rules
16/11/2018 -- 14:54:04 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-policy.rules
16/11/2018 -- 14:54:04 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-trojan.rules
16/11/2018 -- 14:54:05 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-games.rules
16/11/2018 -- 14:54:05 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-pop3.rules
16/11/2018 -- 14:54:05 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-user_agents.rules
16/11/2018 -- 14:54:05 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-activex.rules
16/11/2018 -- 14:54:05 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-rpc.rules
16/11/2018 -- 14:54:05 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-attack_response.rules
16/11/2018 -- 14:54:05 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp.rules
16/11/2018 -- 14:54:05 - <Config> - No rules loaded from ET-emerging-icmp.rules.
16/11/2018 -- 14:54:05 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-scan.rules
16/11/2018 -- 14:54:06 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-voip.rules
16/11/2018 -- 14:54:06 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-chat.rules
16/11/2018 -- 14:54:06 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp_info.rules
16/11/2018 -- 14:54:06 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-info.rules
16/11/2018 -- 14:54:06 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-shellcode.rules
16/11/2018 -- 14:54:06 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_client.rules
16/11/2018 -- 14:54:06 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-imap.rules
16/11/2018 -- 14:54:06 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_server.rules
16/11/2018 -- 14:54:06 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-current_events.rules
16/11/2018 -- 14:54:06 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-inappropriate.rules
16/11/2018 -- 14:54:06 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-smtp.rules
16/11/2018 -- 14:54:06 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_specific_apps.rules
16/11/2018 -- 14:54:08 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-deleted.rules
16/11/2018 -- 14:54:08 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-malware.rules
16/11/2018 -- 14:54:08 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-snmp.rules
16/11/2018 -- 14:54:08 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-worm.rules
16/11/2018 -- 14:54:08 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dns.rules
16/11/2018 -- 14:54:08 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-misc.rules
16/11/2018 -- 14:54:08 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-sql.rules
16/11/2018 -- 14:54:08 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dos.rules
16/11/2018 -- 14:54:08 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-netbios.rules
16/11/2018 -- 14:54:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-telnet.rules
16/11/2018 -- 14:54:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-exploit.rules
16/11/2018 -- 14:54:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-p2p.rules
16/11/2018 -- 14:54:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-tftp.rules
16/11/2018 -- 14:54:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-mobile_malware.rules
16/11/2018 -- 14:54:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-botcc.rules
16/11/2018 -- 14:54:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-compromised.rules
16/11/2018 -- 14:54:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-drop.rules
16/11/2018 -- 14:54:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-dshield.rules
16/11/2018 -- 14:54:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-tor.rules
16/11/2018 -- 14:54:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-ciarmy.rules
16/11/2018 -- 14:54:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/local.rules
16/11/2018 -- 14:54:09 - <Config> - No rules loaded from local.rules.
16/11/2018 -- 14:54:09 - <Info> - 44 rule files processed. 18236 rules successfully loaded, 0 rules failed
16/11/2018 -- 14:54:09 - <Info> - Threshold config parsed: 0 rule(s) found
16/11/2018 -- 14:54:09 - <Perf> - using shared mpm ctx' for tcp-packet
16/11/2018 -- 14:54:09 - <Perf> - using shared mpm ctx' for tcp-stream
16/11/2018 -- 14:54:09 - <Perf> - using shared mpm ctx' for udp-packet
16/11/2018 -- 14:54:09 - <Perf> - using shared mpm ctx' for other-ip
16/11/2018 -- 14:54:09 - <Perf> - using shared mpm ctx' for http_uri
16/11/2018 -- 14:54:09 - <Perf> - using shared mpm ctx' for http_request_line
16/11/2018 -- 14:54:09 - <Perf> - using shared mpm ctx' for http_client_body
16/11/2018 -- 14:54:09 - <Perf> - using shared mpm ctx' for http_response_line
16/11/2018 -- 14:54:09 - <Perf> - using shared mpm ctx' for http_header
16/11/2018 -- 14:54:09 - <Perf> - using shared mpm ctx' for http_header
16/11/2018 -- 14:54:09 - <Perf> - using shared mpm ctx' for http_header_names
16/11/2018 -- 14:54:09 - <Perf> - using shared mpm ctx' for http_header_names
16/11/2018 -- 14:54:09 - <Perf> - using shared mpm ctx' for http_accept
16/11/2018 -- 14:54:09 - <Perf> - using shared mpm ctx' for http_accept_enc
16/11/2018 -- 14:54:09 - <Perf> - using shared mpm ctx' for http_accept_lang
16/11/2018 -- 14:54:09 - <Perf> - using shared mpm ctx' for http_referer
16/11/2018 -- 14:54:09 - <Perf> - using shared mpm ctx' for http_connection
16/11/2018 -- 14:54:09 - <Perf> - using shared mpm ctx' for http_content_len
16/11/2018 -- 14:54:09 - <Perf> - using shared mpm ctx' for http_content_len
16/11/2018 -- 14:54:09 - <Perf> - using shared mpm ctx' for http_content_type
16/11/2018 -- 14:54:09 - <Perf> - using shared mpm ctx' for http_content_type
16/11/2018 -- 14:54:09 - <Perf> - using shared mpm ctx' for http_protocol
16/11/2018 -- 14:54:09 - <Perf> - using shared mpm ctx' for http_protocol
16/11/2018 -- 14:54:09 - <Perf> - using shared mpm ctx' for http_start
16/11/2018 -- 14:54:09 - <Perf> - using shared mpm ctx' for http_start
16/11/2018 -- 14:54:09 - <Perf> - using shared mpm ctx' for http_raw_header
16/11/2018 -- 14:54:09 - <Perf> - using shared mpm ctx' for http_raw_header
16/11/2018 -- 14:54:09 - <Perf> - using shared mpm ctx' for http_method
16/11/2018 -- 14:54:09 - <Perf> - using shared mpm ctx' for http_cookie
16/11/2018 -- 14:54:09 - <Perf> - using shared mpm ctx' for http_cookie
16/11/2018 -- 14:54:09 - <Perf> - using shared mpm ctx' for http_raw_uri
16/11/2018 -- 14:54:09 - <Perf> - using shared mpm ctx' for http_user_agent
16/11/2018 -- 14:54:09 - <Perf> - using shared mpm ctx' for http_host
16/11/2018 -- 14:54:09 - <Perf> - using shared mpm ctx' for http_raw_host
16/11/2018 -- 14:54:09 - <Perf> - using shared mpm ctx' for http_stat_msg
16/11/2018 -- 14:54:09 - <Perf> - using shared mpm ctx' for http_stat_code
16/11/2018 -- 14:54:09 - <Perf> - using shared mpm ctx' for dns_query
16/11/2018 -- 14:54:09 - <Perf> - using shared mpm ctx' for tls_sni
16/11/2018 -- 14:54:09 - <Perf> - using shared mpm ctx' for tls_cert_issuer
16/11/2018 -- 14:54:09 - <Perf> - using shared mpm ctx' for tls_cert_subject
16/11/2018 -- 14:54:09 - <Perf> - using shared mpm ctx' for tls_cert_serial
16/11/2018 -- 14:54:09 - <Perf> - using shared mpm ctx' for dce_stub_data
16/11/2018 -- 14:54:09 - <Perf> - using shared mpm ctx' for dce_stub_data
16/11/2018 -- 14:54:09 - <Perf> - using shared mpm ctx' for ssh_protocol
16/11/2018 -- 14:54:09 - <Perf> - using shared mpm ctx' for ssh_protocol
16/11/2018 -- 14:54:09 - <Perf> - using shared mpm ctx' for ssh_software
16/11/2018 -- 14:54:09 - <Perf> - using shared mpm ctx' for ssh_software
16/11/2018 -- 14:54:09 - <Perf> - using shared mpm ctx' for file_data
16/11/2018 -- 14:54:09 - <Perf> - using shared mpm ctx' for file_data
16/11/2018 -- 14:54:09 - <Perf> - using shared mpm ctx' for http_request_line
16/11/2018 -- 14:54:09 - <Perf> - using shared mpm ctx' for http_response_line
16/11/2018 -- 14:54:09 - <Info> - 18241 signatures processed. 1175 are IP-only rules, 6125 are inspecting packet payload, 13172 inspect application layer, 0 are decoder event only
16/11/2018 -- 14:54:09 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
16/11/2018 -- 14:54:09 - <Perf> - TCP toserver: 41 port groups, 40 unique SGH's, 1 copies
16/11/2018 -- 14:54:09 - <Perf> - TCP toclient: 21 port groups, 21 unique SGH's, 0 copies
16/11/2018 -- 14:54:09 - <Perf> - UDP toserver: 41 port groups, 33 unique SGH's, 8 copies
16/11/2018 -- 14:54:09 - <Perf> - UDP toclient: 21 port groups, 15 unique SGH's, 6 copies
16/11/2018 -- 14:54:09 - <Perf> - OTHER toserver: 254 proto groups, 2 unique SGH's, 252 copies
16/11/2018 -- 14:54:09 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
16/11/2018 -- 14:54:10 - <Perf> - Unique rule groups: 111
16/11/2018 -- 14:54:10 - <Perf> - Builtin MPM "toserver TCP packet": 31
16/11/2018 -- 14:54:10 - <Perf> - Builtin MPM "toclient TCP packet": 20
16/11/2018 -- 14:54:10 - <Perf> - Builtin MPM "toserver TCP stream": 31
16/11/2018 -- 14:54:10 - <Perf> - Builtin MPM "toclient TCP stream": 21
16/11/2018 -- 14:54:10 - <Perf> - Builtin MPM "toserver UDP packet": 33
16/11/2018 -- 14:54:10 - <Perf> - Builtin MPM "toclient UDP packet": 15
16/11/2018 -- 14:54:10 - <Perf> - Builtin MPM "other IP packet": 2
16/11/2018 -- 14:54:10 - <Perf> - AppLayer MPM "toserver http_uri": 8
16/11/2018 -- 14:54:10 - <Perf> - AppLayer MPM "toserver http_request_line": 1
16/11/2018 -- 14:54:10 - <Perf> - AppLayer MPM "toserver http_client_body": 6
16/11/2018 -- 14:54:10 - <Perf> - AppLayer MPM "toclient http_response_line": 1
16/11/2018 -- 14:54:10 - <Perf> - AppLayer MPM "toserver http_header": 6
16/11/2018 -- 14:54:10 - <Perf> - AppLayer MPM "toclient http_header": 3
16/11/2018 -- 14:54:10 - <Perf> - AppLayer MPM "toserver http_header_names": 1
16/11/2018 -- 14:54:10 - <Perf> - AppLayer MPM "toserver http_accept": 1
16/11/2018 -- 14:54:10 - <Perf> - AppLayer MPM "toserver http_referer": 1
16/11/2018 -- 14:54:10 - <Perf> - AppLayer MPM "toserver http_content_len": 1
16/11/2018 -- 14:54:10 - <Perf> - AppLayer MPM "toserver http_content_type": 1
16/11/2018 -- 14:54:10 - <Perf> - AppLayer MPM "toclient http_content_type": 1
16/11/2018 -- 14:54:10 - <Perf> - AppLayer MPM "toserver http_start": 1
16/11/2018 -- 14:54:10 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
16/11/2018 -- 14:54:10 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
16/11/2018 -- 14:54:10 - <Perf> - AppLayer MPM "toserver http_method": 3
16/11/2018 -- 14:54:10 - <Perf> - AppLayer MPM "toserver http_cookie": 1
16/11/2018 -- 14:54:10 - <Perf> - AppLayer MPM "toclient http_cookie": 2
16/11/2018 -- 14:54:10 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
16/11/2018 -- 14:54:10 - <Perf> - AppLayer MPM "toserver http_user_agent": 4
16/11/2018 -- 14:54:10 - <Perf> - AppLayer MPM "toserver http_host": 2
16/11/2018 -- 14:54:10 - <Perf> - AppLayer MPM "toclient http_stat_code": 1
16/11/2018 -- 14:54:10 - <Perf> - AppLayer MPM "toserver dns_query": 4
16/11/2018 -- 14:54:10 - <Perf> - AppLayer MPM "toserver tls_sni": 1
16/11/2018 -- 14:54:10 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
16/11/2018 -- 14:54:10 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
16/11/2018 -- 14:54:10 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
16/11/2018 -- 14:54:10 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
16/11/2018 -- 14:54:10 - <Perf> - AppLayer MPM "toserver file_data": 1
16/11/2018 -- 14:54:10 - <Perf> - AppLayer MPM "toclient file_data": 5
16/11/2018 -- 14:54:11 - <Perf> - Registered 18241 rule profiling counters.
16/11/2018 -- 14:54:11 - <Info> - fast output device (regular) initialized: alert
16/11/2018 -- 14:54:11 - <Info> - eve-log output device (regular) initialized: eve.json
16/11/2018 -- 14:54:11 - <Config> - enabling 'eve-log' module 'alert'
16/11/2018 -- 14:54:11 - <Config> - enabling 'eve-log' module 'http'
16/11/2018 -- 14:54:11 - <Config> - enabling 'eve-log' module 'dns'
16/11/2018 -- 14:54:11 - <Config> - enabling 'eve-log' module 'tls'
16/11/2018 -- 14:54:11 - <Config> - enabling 'eve-log' module 'files'
16/11/2018 --

This file has been truncated. Go here to download in full.


packet_stats.log - (19554 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       2             5        652725883      654229032     653391706          3.3b    0.27
 IPv4       6          2960         11889270      650043260     389279553       1152.3b   96.34
 IPv4      17            56         21590319      655325098     493737705         27.6b    2.31
 IPv6      17            17         27251449      654494345     562651632          9.6b    0.80
 IPv6      58             5        652628951      654276264     653354122          3.3b    0.27
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       2             5            72357         100499         81653        408.3k    0.05
TMM_FLOWWORKER              IPv4       6          2960            66107       12061235        252619        747.8m   88.00
TMM_FLOWWORKER              IPv4      17            56           131752       13977233        772310         43.2m    5.09
TMM_RECEIVEPCAPFILE         IPv4       2             5             2976           3529          3276         16.4k    0.00
TMM_RECEIVEPCAPFILE         IPv4       6          2951             2536         150007          3105          9.2m    1.08
TMM_RECEIVEPCAPFILE         IPv4      17            56             2557           4188          2849        159.6k    0.02
TMM_DECODEPCAPFILE          IPv4       2             5             3358           5146          3779         18.9k    0.00
TMM_DECODEPCAPFILE          IPv4       6          2951             2648       14961706         15188         44.8m    5.27
TMM_DECODEPCAPFILE          IPv4      17            56             2733           6746          3233        181.1k    0.02
TMM_FLOWWORKER              IPv6      17            17           121780         281039        199942          3.4m    0.40
TMM_FLOWWORKER              IPv6      58             5            66953          86922         73272        366.4k    0.04
TMM_RECEIVEPCAPFILE         IPv6      17            17             2599           3457          2895         49.2k    0.01
TMM_RECEIVEPCAPFILE         IPv6      58             5             2608           3408          3124         15.6k    0.00
TMM_DECODEPCAPFILE          IPv6      17            17             2883          15765          4242         72.1k    0.01
TMM_DECODEPCAPFILE          IPv6      58             5             3135          14976          5894         29.5k    0.00

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6          2951             2797         387790          3562         10.5m  1.46  
flow                    IPv4      17            56             2822       13427697        244347         13.7m  1.90  
stream                  IPv4       6          2960             2555        1189880         12629         37.4m  5.19  
app-layer               IPv4      17            56             2527          65888         11232        629.0k  0.09  
detect                  IPv4       2             5            67030          93924         75944        379.7k  0.05  
detect                  IPv4       6          2960            44690       12020919        210683        623.6m  86.56 
detect                  IPv4      17            56           115300        9688893        386702         21.7m  3.01  
tcp-prune               IPv4       6          2960             2514          58331          3061          9.1m  1.26  
flow                    IPv6      17            17             2819          13155          4053         68.9k  0.01  
flow                    IPv6      58             5             2837           4735          3364         16.8k  0.00  
app-layer               IPv6      17            17             2540          15548          4663         79.3k  0.01  
detect                  IPv6      17            17           105441         254714        180282          3.1m  0.43  
detect                  IPv6      58             5            56012          73871         61510        307.6k  0.04  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6            19             4743          59670         22035        418.7k  53.47 
http                    IPv4      17             2            29879          29879         29879         59.8k  7.63  
tls                     IPv4       6            11             2814           5989          3751         41.3k  5.27  
tls                     IPv4      17             1             3459           3459          3459          3.5k  0.44  
dns                     IPv4      17            25             3578          36407          7861        196.5k  25.10 
http                    IPv6      17             2            29879          29879         29879         59.8k  7.63  
dns                     IPv6      17             1             3578           3578          3578          3.6k  0.46  
Proto detect            IPv4      17            20             2811          20239          6397        127.9k
Proto detect            IPv6      17             4             3189           8806          4905         19.6k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6            12            19704         130187         62677        752.1k  4.29  
LOGGER_UNIFIED2             IPv4       6            12            20797         309954        102041          1.2m  6.98  
LOGGER_JSON_ALERT           IPv4       6            12            44566         246380         93829          1.1m  6.42  
LOGGER_JSON_DNS             IPv4      17            22            37075        4770007        294901          6.5m  36.97 
LOGGER_JSON_HTTP            IPv4       6            37            40098         234349        105419          3.9m  22.23 
LOGGER_JSON_TLS             IPv4       6             6             3431          91188         65071        390.4k  2.22  
LOGGER_JSON_FILE            IPv4       6            35            54772         184975        104809          3.7m  20.90 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6          1549             2593         109132         18941        29.3m  15.89 
payload                           IPv4      17            56             3026          58651         18196         1.0m  0.55  
stream                            IPv4       6          1549             2522       11896794         36825        57.0m  30.89 
http_uri                          IPv4       6            37             4262          43982         21302       788.2k  0.43  
http_request_line                 IPv4       6            37             3682          10307          6122       226.6k  0.12  
http_client_body                  IPv4       6            37             2789           4634          3253       120.4k  0.07  
http_header (request)             IPv4       6            37            22324         185357         60715         2.2m  1.22  
http_header (request trailer)     IPv4       6            37             2554           3159          2651        98.1k  0.05  
http_header_names (request)       IPv4       6            37             6613          41323         15820       585.3k  0.32  
http_accept (request)             IPv4       6            37             2932          37578          5676       210.0k  0.11  
http_referer (request)            IPv4       6            37             2890           7308          4387       162.3k  0.09  
http_content_len (request)        IPv4       6            37             2855          12900          3775       139.7k  0.08  
http_content_type (request)       IPv4       6            37             2904           4166          3329       123.2k  0.07  
http_start (request)              IPv4       6            37             6874          16033         10067       372.5k  0.20  
http_raw_header (request)         IPv4       6            37             8006          69467         12901       477.4k  0.26  
http_method                       IPv4       6            37             2976          17890          4375       161.9k  0.09  
http_cookie (request)             IPv4       6            37             2955          17561          3809       141.0k  0.08  
http_raw_uri                      IPv4       6            37             2853           8868          5246       194.1k  0.11  
http_user_agent                   IPv4       6            37            11077          62711         31254         1.2m  0.63  
http_host                         IPv4       6            37             3603          27736          6963       257.7k  0.14  
dns_query                         IPv4      17            11             4579          35598         11169       122.9k  0.07  
tls_sni                           IPv4       6            11             2630           3109          2873        31.6k  0.02  
http_response_line                IPv4       6            37             3232          20277          7168       265.2k  0.14  
http_header (response)            IPv4       6            37             9703          73326         33227         1.2m  0.67  
http_header (response trailer)    IPv4       6            37             2570          67016          7889       291.9k  0.16  
http_content_type (response)      IPv4       6            37             2782          24761          6180       228.7k  0.12  
http_raw_header (response)        IPv4       6          1321             3728         391063          5062         6.7m  3.62  
http_cookie (response)            IPv4       6            37             3002          15995          3979       147.2k  0.08  
http_stat_code                    IPv4       6            37             2645           5086          3859       142.8k  0.08  
tls_cert_issuer                   IPv4       6             6             4005          10697          8062        48.4k  0.03  
tls_cert_subject                  IPv4       6             6             3750           9808          6773        40.6k  0.02  
tls_cert_serial                   IPv4       6             6             3251           6999          4920        29.5k  0.02  
file_data (http response)         IPv4       6          1321             2562        5080413         60770        80.3m  43.48 
Total                             IPv4                  6687                                         27577       184.4m
payload                           IPv6      17            17             3252          44647         13177       224.0k  0.12  
payload                           IPv6      58             5             2802           5856          3724        18.6k  0.01  
Total                             IPv6                    22                                         11029       242.6k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       2             5            18801          32134         24464        122.3k  0.01  
PROF_DETECT_IPONLY          IPv4       6            57             3109          56266         23457          1.3m  0.15  
PROF_DETECT_IPONLY          IPv4      17            30            18900          61134         32884        986.5k  0.11  
PROF_DETECT_RULES           IPv4       2             5             2548           2553          2550         12.8k  0.00  
PROF_DETECT_RULES           IPv4       6          2960             2523        7843793         66175        195.9m  22.30 
PROF_DETECT_RULES           IPv4      17            56            45359         227893        107236          6.0m  0.68  
PROF_DETECT_STATEFUL_START    IPv4       6           889             5105        7588607        105857         94.1m  10.71 
PROF_DETECT_STATEFUL_CONT    IPv4       2             5             2538           3542          2875         14.4k  0.00  
PROF_DETECT_STATEFUL_CONT    IPv4       6          2960             2505        7586810          9901         29.3m  3.34  
PROF_DETECT_STATEFUL_CONT    IPv4      17            56             2527          27586          4083        228.7k  0.03  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6          2554             2549          91702          2872          7.3m  0.84  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17            22             2633           4463          3095         68.1k  0.01  
PROF_DETECT_PREFILTER       IPv4       2             5             7854           8290          8060         40.3k  0.00  
PROF_DETECT_PREFILTER       IPv4       6          2960             7684       11967530         89585        265.2m  30.19 
PROF_DETECT_PREFILTER       IPv4      17            56            24281         121892         46161          2.6m  0.29  
PROF_DETECT_PF_PAYLOAD      IPv4       6          1549            13750       11919284         64241         99.5m  11.33 
PROF_DETECT_PF_PAYLOAD      IPv4      17            56             8366          74880         24674          1.4m  0.16  
PROF_DETECT_PF_TX           IPv4       6          2554             2567        5097498         45004        114.9m  13.09 
PROF_DETECT_PF_TX           IPv4      17            11            10243          41975         17185        189.0k  0.02  
PROF_DETECT_PF_SORT1        IPv4       6           868             2514          31933          3331          2.9m  0.33  
PROF_DETECT_PF_SORT1        IPv4      17            56             2752           5653          3382        189.4k  0.02  
PROF_DETECT_PF_SORT2        IPv4       2             5             2514           2886          2596         13.0k  0.00  
PROF_DETECT_PF_SORT2        IPv4       6          2960             2513         156857          3068          9.1m  1.03  
PROF_DETECT_PF_SORT2        IPv4      17            56             2556          16665          3238        181.4k  0.02  
PROF_DETECT_NONMPMLIST      IPv4       2             5             2536           2791          2725         13.6k  0.00  
PROF_DETECT_NONMPMLIST      IPv4       6          2960             2523          94901          3059          9.1m  1.03  
PROF_DETECT_NONMPMLIST      IPv4      17            56             2523           4338          3030        169.7k  0.02  
PROF_DETECT_ALERT           IPv4       2             5             2554           3058          2744         13.7k  0.00  
PROF_DETECT_ALERT           IPv4       6          2960             2519        6629760          5107         15.1m  1.72  
PROF_DETECT_ALERT           IPv4      17            56             2523           4300          2725        152.6k  0.02  
PROF_DETECT_CLEANUP         IPv4       2             5             2535           2971          2630         13.2k  0.00  
PROF_DETECT_CLEANUP         IP

This file has been truncated. Go here to download in full.


unified2.alert.1542380051 - (82901 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
4Thÿ
ãÕv%ÈE¬¥¥PÁ,ThÿThÿ
ãEsøx%ÈE¬¥¥PÁ,P±
HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sun, 16 Nov 2014 02:11:52 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.4-14+deb7u14
Vary: Accept-Encoding
Content-Encoding: gzip

1f34
‹¬ýk³%Wrþ•Tö¢ªÄÂ~?ˆ*šM“4ë1#Gm3œ‰ü‘™'PȨ «Ùüï³Ö~Åö}â\@j©›( óÞs"öÃ}¹ûòå¿ûöøÃ÷ïþõßÿðå/¶Ÿ»ýþýúá/¾|øöÓ¶/þ‡ï>üôã—ǟøñqþáû÷ù»ýǏúËß}ùðÓwÿ|üå׿~$ç‚N9yýñ‹ñVه>o‰æËÇǯ¿þú×_¬I>=’vzûèMLåÏÏí§wۗRz÷ûwï·/]Nꁿú¼R^ÙB´	Ÿf|4Ée?>ÞóøãŽï~üáݏOÎuüëñ«ãg}~x§ñQ?|ú—wÿ7üÈùé?ÿ§ý¿~úp|õþïʛ¼ÿ
å㗨Ó–_£•³éãÃÇèb||þõ×ïñ²¿ýÏ×~PãûµÆ~ŒÞšåGþö¯ÿÓß½ÿÕ7åÛ~»}ùÓðÇOüÔþèû·ÿùïþö+.ŽñŸ¿ýõ×ö»ÿð×ÿé¯þþÏÞýæݟýÿþ÷¿yWVýÿÿ¯ûÿ«wïÿüë¯ÿ¿ö¯¾þú¯ÿþ¯ßýçÿíïÿîoßéߪwÿÓö×ïøšÛ÷_ý7ÿ÷ïÞÿôéË_|ý5?ŸŒU·
˜t4Ùf~Ë;,¿áý_þÙ¯¾yW^àãÃÚœþ²¼rÊéKy…wß=Þ}UöŸ·Ÿ¾|ú›Ÿ~úñ§ß~â?ÿêǏŸÞý‡ß¿S¿ú·ò	ÖgÅø\·?ý*¿ðŽ?ûïÞã;ßø¬ß¼{ÿï~xÿ
ó7ãWÿŸŸ¶/?þðâ—*¹üÆß~÷ë/ûõ
_	¿ñÛï~øøé_ÿÓã«÷n´‹ÊX•ìû_½ûK¾ÑOŸïwú›ÿôý—Oïú«oþý߯­§Òùv&?bs||y|‰)¯­Ê1„¬½KÖekĉüü“u_¾úÓçŸêüÓOŸŒmò¯·ãÓW¿úíçOÇß÷üÛ|7ŽÍ¿|ûÝ÷ŸÞ}õáWÿƗøêî§ßýyý0¾HùxþòcÃ[|³c¹þé^áßX¦¯ø½ßã/Õ7øŸß½óåó›wm?µÒ:g.:UÎÃöåñ[Ì7þðÿðÿòÝûß¼ÿáãÿòåþá˟¾í6“”6üU›¢Š©Þ†O°æþáãO¸mø­Ÿð+Ƕø×ã?þð[üúûoðñßþ×௏ÿ}}<o|þýSý?òÏÿP?bÇQþø˜žð‡øÛûøôS{भñåúº±]õË‡:Ë~þ©~<>ÿÿ{ù„À®¯ù÷÷7ø·ÿõ¯¬©ŸA»õñÛÿúòÛóáÏøˆõ)øYÿzÔß|üìƒÌ¿Ï¸6áZjü{ÿˆ¸Ôß}úò¡~Hݨ`-Ë{ã_\(ïÍWüV¬àòŠíñª…Äé.ThÿThÿ
ãEsøx%ÈE¬¥¥PÁ,P>Á‡$¹ì­.0=÷ñ‘P¿ñ,ïý¸ÿ\üëõÑí×?mܬ~6å×Ç3q‡–ßý§ïùŏú«üÓq'þ嗽‘ËÁF[Î}RN{ùJÿÄ_ýôÏ_æE4.«T1*—«íÿéðÁ¹/wOûü¨õ‹ƒq̈́:g`Hê÷>¾o»¾ÅðòçS3íúupþéûÇ÷\œéi=<Uˆü– ‚JõõhMšl7üWïþÏÿóÝõG¼•óµ[6ÿQ»óµƒ>ÿQ;»ë/~+?«ù‹ÇúGm[ç?jËþ«éáë²ýêWÿV÷à·åû¿|é&õß¿©¦Ø¨_}óïX¡hGBAß=¾’¿ó~Ï_)ö1è-dã>ýÅÑDþŽ…ÝðÁÿ¯ã§ï~ø\>.¥`¶Z—üüøü­ó¿ÿ³ýÏ虿˜hã–`*?Zoûg€LöÍ»ß}ÝPÓï¾ý´}üËßßßúËo?}ÿýÿÀóaûéÇï÷aû^ÃÍlÖ“üiûÝ×õ÷uýµ/ǟð_­ýÃ_üúß>~÷埿ßþôßý@7øçû÷?~ø§oöOßnçw?þôüéû¯þ—ŸÛ¿?þ—ÿÏßý-VQ>áwå#þâÇsû¾ÿû—ã§ÿéÓ»ï>þþýÿü駍>íËû¯ñÕÏ?ûâ÷¾ûøé‡ã»ÇŸž~k Æ?%§ÜncÐÆ>îÖ°§¾ÕøÇç/^¥-¨üÉ‹}ø|„ðÙéq²›€CÏ–ý3ìßíß=9âíö»¯>ÿqûÓ¹±Ûf5ê“?|†×ƞñ7~óûò¸AÛãk´öeË.ïð\G°&‡_ýïߔæúl¼rHë«÷.~°Î|°xjþppüÎјòCåï-~0°¿àÝüsA)«ÊÏáoðS>Ôÿ&å?Bûñ;ÀÏÉοcêÿ¹Ä_‰柅ÏKºü,>¤=D¨?ʇ‘Ãs}³öåü¸þzøüð׿þD%£=áLð0„}¤¬>?,pèçÿËTZm@δç]úo€ý›€öc*ßT>·ýƒï¢êÖïœ.×e?<lþ9]±¿nyeÝß!nÜã3æ¬B>ðáaT0ŸÎŗðFۄW}cqV±Qf~‡lll¯p­”X¸¶\&û
VߝNk¼7ÎstŒ˜âg¬Ž-_…¸K—ÒöHÊÄ=;ãÃü]ÀùÙ´/SózÍÿiê÷!(H›N*œA{“ôus„Pùó±‚á÷錿@ µ=\Ü®Å÷…¤µoGŒ'¼œtyÚ˪ãë|ÌzCôgN˜ñzÆ<h6¹ª|›sJãÒà4¸¤ÔÖvþ¶ˆ Äõ-[_ªìÚ¼Á8Èý§½µV^Æäû%›èùÖúÔÎØíúö76JmFé|ÆhU£øp&`C}Ôå8<5¬xØ°f׈BÄ+»ˆgª/ÑׇãƒÍòú"ðÔ¡­ŒÆÙ²åA4ÿ‘Ö‡ÇqíŒð¯rÿIÍ7W	§-Ô+‚“š}ÿ¥ëû0çÍáèœö ç#Ã=<÷gÏ\ÞŸàÌk\펠2ÉSÒb¾†Ú·%6
7i²ãgÚ²ûú"ÂP¥äÚç•Î±¿«Ñm"vcs6ďÀþðÊgìŠÃýÆ©ôå~㿒Î8–QÙ¸[N¼ƒÆÕm‹.‹Êÿ
»„Ⱥ¿©Í—E~²šž§ŠS£“ÓG2 Fòó#§²¨øgy4Ä;¬Öóù”s[¨õ¸ß,«ÞæÙÆÚThÿThÿ
ãêEÜø%ÈE¬¥¥PÁ,PD+ö€¹5a5sײ˜×Y«o"Î$VߎÛ47Ƌ㨜Óý8^K7ŽC?vâ`bóÓdæ´n?î†KÐZþ
.¬­_“Ë{ś³úØò³Ò'¼RrþÈؐü)´‰®ì¨pÜ}†%†¹Þ5îºØÜ_oŸ©~§k_W—Nßìvh?ò¸¼ýšv;
óo²U§F¼j
ŸÍ<r¶x8
_Z̶‡
Êãလv8:#ÎdÕÝòúNÕ½gBÖí€xñ*ekLýi<Y ¯„ƒ'þ3wo\VÌLÂS˜ñÑãÎ=,ö :/X¶õ–ðqø(Nף袸MÎFšcqtµoŽø¥3X^<e€„
%Ôð×îòáb‘¢½\Çåç%æ¾Iª;°WOÐý3B‹$šì	ë½9
°Ñ€XF‹i‚up°gG8§•ð˜'Óx¬åËڮ᷌]9á0­sGįàP{x)†óåk DÜg~Í»‹8yâ°«Ø,΋—’û [0J1†n~²k¼înüå6/_€ãƒ&~§]òh¼‹':g}œÙV:‘¤Pn9 Éħˆáòï•Ä?Qyy¦æg$‡[/|\°nF¯ïJƒ–¢¾ŽóϞþìôÝá¿þM¬`2¶=Åí{ǵøºG—qÕ8C®ûõøphñõÊ=ïjTÆ¥;¯ÆøÄ­6;Ú@Îý¡@ÔA‹½yk%ao‹;åå’Ãåç¹k]4*[âNç^Šu	ÀÄb]ތz´s¹Çy¡+óaü»<9æ%8½ýL£lǞ/&z`–Ÿ³|bOBn7KݝA³ü8ü˜©×ëf¹ê
òòãí0ŒeOl‹üÂüÛËo8uwþî"	81çï.§¼ë^å›o)^҆vNǾ¹†¨\‡ ‚Ý¡#œ0ìY`܈8+ÂÒª!ª60çp»¾óI¯prßzÕög¦œžŒîòC1áaîÂùû%šñáÍçÅigÖ#VçîQˆiô›ÒÖSÇ-ºŸ¸öXÏ°/<p‡°œÙ¨ǽb¹Ï1(Çÿ۝Š&‹$¿¹» òG€'“us•éb¼ý8é´Ü9A®HµÌ‹_,M3¨¾]y#¡¼ßy§ƒµ‹g¹Ÿ§#c²´.·g†ù ŸÍáèŸð^5?3LÌ7¥ŠÚSˆ§yò
¢¶ñœÈ71•£_œbÆf@dY™xˆÈà‘ÔÃêœè‚ÈxE-ÿGŽ€JÞàĀ³büg‹ñÅ¥G´éű+W8·tqÇyîØ·°WüÁ3­à•È+/AwLj>G%pb¼—üC‹õòøÂôèb…c»ªøœÔó,þ£åßp­\pêÄfzëÄûÈè×.pšÜ·âíÓÙï1.)1¸Û­,ÃW‚«¾Æ¶ˆ©´½‹m¹¼Nº<ìpO·„ò·õ5kØݙ
ºDB6ƃáÏ֏1¼²Y&— Jæ3*
—D ”)|ÄGq=äòc‰µ|(מÑ4×[ºº±uÓF¶Ñg7€3GQ…X-é‡aÚï။›ˆŒ
˜›Â‚ü+Q4¶=bYʖ±=¾
͂4oØwf¦càps°ü¦–v—O‡„‡Þ]N҂š˜B· õH¹ë×ãè?ôÔ$‡42FÁA0¦˜©Å·á÷³Ãÿ‡•Ù»=8|µø2Û³€ªUèoÖÃeaMϹ¶}qãÒñYEØ4뺘=m¡û7‰Ÿ5ÙÕãhCì‹êûyT#2–0Ȏœ¶®ûΔal{žSK)Ÿ‰+¢cÿ ‰BˆsMv±"‘,$ît܁dÄÜ`½Nø܄%‰¶&+2¦þŸë©
•7+|e°¿G2&4ThÿThÿ
ãE
øá%ÈE¬¥¥PÁ,PÔø"„ôø¾¨]*¡¥5&e…–Ù×O¡D4pyû÷õÏ/ëíø™öq8®’miSÏkk$Îð
B×}ð}#e˜à\I֞™(7«-õ’Nî–;qð£)6Ìf¦¤Ӑڤͦ¤Ï¤Tb2xÍAhQ,†NÃÏa¡<6*7ë.È)ÞU¼•LpÄ[;õa}« O㕾ìÇ*õÊPIþXÅb:áC³¸ÃÌ£jX<ËÀ÷Â1{˜çíÛaÅNœè)¿i¥z^3ú0¦<ŒË|ŒÅyrªTHð¿Q¥L›Ô¾T߀§koü|(d„šmK鬇b,T¯y¿ådOí±wùÈÚé
‰¯+*ðXã”;çÓ€íešßÄ~×}ÏzŽU®ÝÁIéÙ/4³[óPÌ®ç¥G†¯Üáõ´7#wSj7êºh2úÀî^øÐéé^ÉL˜k1싈oØ!¶tÐtÃ"0k¡ŽÃ?—ÏlnFY»±B|FüpŽ¬ ‚ð{Àåc“á¨tp¬ž%»Ã0åe\öWZ4ÚKj4-ÁtFM涸ˆ’¸5½–B\ê¬ ÌfqµÁAEÿаî@ކŠKñÄ&âØ:ØC¢FYCL0P~l3£¡&=ÊmMFŠœ¶„wWìŒð*ÁÂÈ×0Û\/‰6$â*F͞ñ#³gÛAwK”§öv8eØ`ÝŚ–C¶`o6G{"ærðhæw⎔÷¸¥„ê„ìˆ+TNÀxÕ²Oa{Z¼üÇ(FÅMg¸6¬d†k‹Ñü'Íb¦*àßj‹3bK²TùÝàhiAc{;šé_æžâX=âØvSC‹Âµq+ÐFxÝ‰›®v葩i¿%îbÁ~uÅ/ˆÏÕÎ_7Whû\ºVg	ÿ
; ìÉë6,Ž;}D÷‡É9“n»d‹·¸JDèŸ+6þ´Á¡|U/ÒÀ 2q”ÇÕ÷¢B"ï>"Y5j
ò5Ä-,³Ô픘	#÷jOY±‚ڏ®iµ^k¡CÄ
É9{»E¥Í3Œ3¤xj¶Øò`sá¢-®•	Ifã
«íõ ¨f»®-3~,€4|ºe×ôx¥yzùMÆlQðjÜ_½ØiÆv²võވñ0¤!žŒW“ïQA¼k'”½urÊ9OHש-ï”MŠ{ –Û)³®üŸüÓ©ùú¼éW—¨×À|´ºÕëª/ó–ÂË~êʁŒ0h¸9¢˜sàƒlI´@ä#NÎÍ_vÅ4‘ïð±¢ëôà.ÂN†¶£åõbý_·Ô»uO˜5Kmz”Ña&У=qu“¶!o´b#•è.
ì]±Ã©‡X¥@Š³Vc9ѐï<;õzJcC52ùn›-þ…?¦ê¦¸ÐàeÎf0<g()¤Ã`p^\D¯kr‡~,iD‘áÍ$˜eY<(3µ«´Z9
vj	·|0³…ⳕˆÂŽ(>n­Ì	;©àPó ö`X[1©WFiŸëîF€Ò˜…ã)õ½~ÇûIæÿò[Z9¼%—p’´:P«à˜AtKtó ï¨|Y€Â”ýF<!S\YuND²ònN¥ThÿThÿ
ãEsøx%ÈE¬¥¥PÁ,PŒìv¾—2acöí„ý 8l€Á‹,?æX=*5¾ÉX¬xe¯D¿L¯íj[gÒMsJˆ§–Ùd.(t¢Ô¸©á©nŽw	—uì ¸nh»9Ü·‡&«|à¾bÁtã ëz÷I¥ˆwÅ2yÇ=0’¿E¼V,·8·ƒºZ7®–¤¶jåÓNuÓÎ,…²y3uO&_°øz÷ÀµK£ÆZÃg ά²RÚ<È>ZëŸs9IÓ­ð·—ÉïöÁ«
pΟɳ_äH63A`¸\±.b7|¾Vé°#$ö"o…X:6–Îð"O£'lô&«ãɪ²u•eŒæ	ƒË¯hƒ‘3C1Ҏ,)aØUß3—7Ì«EŒÓʪ=Xr㬸õP2ƕګÞH&Ür?ù”ò/*#	Ū¾øn-ãÇZb­<`x2W­%³î†3°ÙÄóf(]‹wª°•sÙþ	¸¢2èÎz.õèÎq#fr‹8¹Whw=”Ì[ÕyZ‹em«Ø/Ü"i´',¨‰áÙh¸ËJ•QeY<ï&dÞ\©xü¨B'ô\g[¥°îªƒOó=‘tÝç[õX"CøÑ+©'wj%#!ªë‹2‹ü
µú¼aP¯4 ow·ÜV:;ØÍ-:ˌi8“tN‘–	3U3˜ðÕ©ÀLTi‡WÈ2…™”Ô«vëá°ë±’å»0øø^Ùb W‡'Jêt°¯2¢.÷Š.GÍbçS	¯´ÂQƒ£–	*Õ7`2æÂl‡¡&ÓY#¯&µ'Ù}éT;™ø÷ö`ºíAÃÔeË+‡d¬fÊ	_¾{Äw2œ<'µB«…ÎÃO“Tct5–p5
aÝ[RfÇÞ¾‚2‚6¶_˜žÿÐ=`’	;SÜÓW"Ýú–zE„»e«lƒ6Ævö
¯1à÷ÊêÀ܇D¤G‚ØŽkRˆNf„g)%DøŽîrg„WÅ·áËü#¦Ìô%Bår•>a†ŽGô¸ÄIÂ~³çRLÏr_KËmñr ”ݘN;E„ª†yĨ,\·tC„ÕBÄý`J_¦SGÖHº½]²<ÃD®»)·J#˜¼ìݚcKÁt¤×3"ÁMÿâ'3ê/"SoðÆ##pÝt™µÀ™ð̱dàír¼L¦¸«ò}K¹‘%U>ùÌÊ),mӁwvL‘¤ôÕz˜‚Í÷¬‡%íöl‚YÊx¶=˽?¼†ïwçѺ¥y[«bÚpÕé5ëNªzèHüá[	,e™Þ%‘%0¸yñT°<-15Û׋­…®ñêÑؓ!^H‡5Þà„ÒžgfåJø§H°«4³¸ÛœXOõ$@?­=iwÅËìQt~&ÛÌ'a_­k‰¦Ë	Ýøé¼ÜFÊä8ÍòÓ{n÷ÞJk'ªây^ÍR	`2güƒœv¢Zæ,°>v+¾Ý;˜Yâ3-lxۊ"fˆ:#¾‹Ù{w¼Ïƒ<Wº½¬«/ÎÉ[î]ܳZ¢Î€³¥î¬¨XÓÐÁ@Žug§¬Ð…œo!k2CÙ»qh|õ#fæ¢Z£H2FÚÀ¶3RD,¢È¨H¹)µqQ¤ãÉÖßå‰òz®,›ò//¸pd&ÇtFZy„jŠÌHº2P`A×H}Àªû—Kõ–ά‘p´#)œÄb`Ú>u±&Δç§Ü’}*¿â8æ%›8Õùۂµs‚‹½1`Tä‘d2›¡n¶®	~6‡8’´ThÿThÿ
ãéEÛø%ÈE¬¥¥PÁ,PB|mwÄP²ôÀݬ§‹=•%¡‚ï±èð#Çó|U=
ɸªê2PØ ÂÊWbO5ì/Cv÷؛Àº4‹|N…ƒU„G†&de#¼K§½ò»S*
[æ}ÖK&z2Ô2\í$T7ZGöe)v)­û12ýã.ŸÞaŠ·Aõé|F°ýð•!Ôꇀ’©\£µ–%ä9JÉõƒ}ã?ãò.¤ƒ¨ëÞ™sÈ£|ÝÃÎq$j>H¬QRÃj¾JçH“œ]CákFFf{ïÔpü###sÈ=/ùœ§i¯+>6¹«K÷x*Ô"‹—ÕWÁƒ<kAsYi \Ëf—]¿[ñãÆ
ZS;€×ZHÔ¯{MЉµh¦8霝=®>ð4NPÅ#Y•X°±fL›¢`š<ûN‘dÝÉ\éMÂëf!ɞ¶ËBÊŔ|0 `?/¦šúõõ2ø0ØYujÜYgØÔHrg\¬ù¦¥°¬¯GFž¸ ³ze8˜ö5£¼PÖP´l'c ‘4e¦{,5åWž¼‘,ï„VìÎB-{܈S³ê?}ù]–´9…Àœf>€øÓÃá
ØT#NŸ]¶¥ññoIWÉL¯Ž½?sÉ• ;µ%˜ŒÓ‘;O"	;@k/Zd{kŒ4O9iRw­ŒhG0ƒÃ½‰7¦‘î÷Vº·^DÎÈÇÃRÆìH¦ô±@	¼bªá# G$‹Ø{³áza詆“ÇŽ
ÖZX‚‡±‡K»ÜڒA陑¶›Gˆ‹ö@PžUoªÿA¨—±D8¡¸hjÇD	€ÛUX#	‰È¼gg‰$X}ñê¹úâüà™Në)üëxruBX¼"ÞÂj„±H&h^°šZ‡Md
nlM;‚ƒÅh\
ãùç
æØF¦-¶¸9¸/åa˜LiY,2ƒC>	z;ÙÌFBEב߇ËÚÌU(iXMhÙ0ÛjT-]bÝe	$Tœú03Ãqh˜JE£;Ü"«—ijкMÈԞh»áB˜ÓbOÌ9"´ v(	ŒXyÆGèªvà#ò\ž2QW:G—RÃ_|âH˜Ï 4Lş²ÒíùP2î,¬`uÛ\Lûj	š5Íðã®:I²²:]Ž=NnþÊ%h=¡æS0V;çÅ?aúžþ"Fr¦™<šÌ$,•~œXß×Ì^Dçúêr©`K7mԙ¸ŸžõúÌØÀ2Vha¢1¬ö`±¼
q×l¶[RR½l<±âæeZlЍê`ïf™¤Ùš¯	×ÉV
ÖÓºxâka§Ý|¶Ÿ¯æL§”u²DÖírÒÍ×á¸Ã(}"v4J°Y¹ÑvaŒ*ó·#)KÚnÔ~8™^¦WmÃpO™ù…ÃQ¸}¸Rðéd^2åCãf=ÈÁc×h»z8ô™&í¡mF0"sˆŒ—˜mA<>—Û:•<ÑV]¼»aDÒáq͆“™œ|¹ÝÕ¨ža[xX™Ò1áÊ.ΉX‰ó!{¤¯`½!u"aN9}f+lM¤þå&L¹ ¤9Ù`IÌÙ½÷màµRç“ÿ©ç_&ƒtO}öGÒm	‹~*ƒß³ó}ù.’“o‡Ï·9kNCSÚx‹=L®yE&׉‚Cܝ3°¸lø0½ìñ¤[ѝ¨e¹3sàtQ'#’4
^0GåLD ÿ<)å{'Îeb	n]í^·=ÁaÏÌU‰¢µ~`õÕ$"zpºj„¬[j;÷ ¬•Úw«0l‹Èã'x¢¦ÖíÎr-µÞRΎ%ßp8ì
q$¹Á5ª,€&™€à
DÊE¨–ܽOâHôïçzÓsGüŒnÝá3£{°Ù}ølǐà\Vy¯ŠqD°Už÷©(µÄÊù
ThÿThÿ
ãEsøx%ÈE¬¥¥PÁ,P_1000
âH po´I?µ©	”<P/ìyØ¢él43µ±>hÆìëmiŸ<č…3VI¶€eçA¯tµÐ¬T¸Üü~Ò4]m®Ï¸†gX¾0gu.#߁;îµ9ÏÈ÷Š‡Åa¿I©Öù*k‹¼
©9™âNä;øÞO;ì_¡ÕX–-„Í;eH¬$:Ø]·Á’8]Wi8P°i™ñØ¡ÝæE®'ºÎGjÕŽó<»taîmníL#9è;%sœœ‚´aIí	à
»yИ<"sLe–X3€–ácöTKYL@wŒ7"»1ÆìEBñðË¥^tœ31óÃË*X£æ¼Êÿʔ.àÍUåzÎÿ.¼«:ÿoDÜ:É@ËéÞ
Þ-۟FÍ" =Ec9@æÄGÐLÐlgY‹Úõ¢R€ZÙ«¸³Í_ØczqojÃéüs	p56-àcT1Õ"-‘óЯ‚Ñ.‹€¾gnÊϘÞH‹nÕÅo™V1×U¬íç­ …'ßX88ÙʁŒ2ìÉ(´‘j¼Ø5Ūi) ¸M\Qi‡{‘ûªÓ”o”ôZV¡/›:ãñc½ÃÇ®ufy¦z¥ÊŒÐ.JÖRM2=Bè'—GšoPž]Î50¢§g.+³œœtQE¢vo°“_±WO»àwÀ^'#äÔWãÚF5h |“ØÖ›ž6ÚO«`Ù%cãð÷ð/µN®u°ŽÃž³!Å},…ŽE «.¨+—55tûª`Ó*Fo>*£Žà€p"VKte}+Ç
†­Þíî[¤Åñ©:ÝÄH›éõMZ¡Q²Új™¤¼ð`ŒÞ:RÐʎËÕèè€Vðþ¥ýS‘9‹g´roôT	4¼o-ƒtM1š0ΰ?#Ùø0Éy¾vuøM8^U«K|}%Цîùˆ…¦žºôL²#
.Fo˜iûB}C¶jœ€À߇7ÑÁí[êé¤Ú9™HöôôûÎ[ÖÊvc?xÒK^¼ç¢rÚàXq$ñÊI€úÀ2XÕÒá^^ßG—`Q™êƒ‡Â"kYÓÁŽI²Ô•TWΐ¥Ã*¦èQðZÎÎøÎÑ‘æÃR¼­8UøÙp•ŸŠÎK1"]x¢½þŒ„[î¶÷ÝUè²j‰‘ò]Dí¸Y J	ÊuPdãáJ§ŸFX^N3LÛ·#Öb¹“êä÷¥<¼2‹pª}Ï<7
ëê­éÍî{–NS6éŠÕÜNƒ8fÕ껐T8>‰mNl—0µ&
DAÊ&X…`~!eså.jgo/V©Q¬…ÛQöÕdŒÒ‘m+	’e—MbJXù±®¹T é0·ˆË
q»&Þz ËÌÞVü©
ª˜ügê¹Õ I¤GJÚ)NxY	-ÙæÜ#’g;!,„í‰ÂŒÞZ„›Ï™:>2b)Ÿ[Çhjñž’sÀñ[¡zíšbGҕøîÄEÞ]&ÿ¢šDÒO<±3#Ûÿ8o)ú~Ü܍HÛ<¥ûúYSâmàñ¶ ÍÆÚÂYèZ½ŠæÁ<ףꞰçÁ—Ú¬ýžÈ\—ËaZúä)·)ãsjT^ŸÛ”oËþ¶l‹ôÜH^JïÒ¨Ï̱DO9– ÔæÍ¥ N|!nÁAF6»•“ßšµH‹ˆÔƒ_w;¼ƒ'’brœrŸ×ìb
ÜSóKÿŽþZ!\5©(}`²¢°fjÆD'‡#©ÈtK¼š¯»ö¶jÞ>àvDU¸8ìLó2œThÿThÿ
ãEsøx%ÈE¬¥¥PÁ,P a{À
’±Ž ³µe)*úâ»"÷´&®IqÈ~öŠh
ƒ¤ùW#r4'–¢,k†<ñÍE^:ÀÍÏÃTš†ïsƒ8QÜVU~¤.ô°´g-R%×;=é4ÝäæG3ëDX=XsÀPRXÊ>°°XÏ°$eî#ï+ ãêéß~™R­$vK|X˜³8+±ƒ¨k>Òøu:ºˆÌÿ{ÊòæÜCÅÿ‰NâvtáŒ7ØLòY´;lÔ
ð‡œtbm".<Efv2±`¤“•i
Ý©R#J­ÄâTùÔÙO"o˜IØå»uºŽß3ª_@Ö%¦xËH„CØûlsÿP7¥Œ©)DíIC@Ø¯"ù?d;à¯hª#o6–.1R”}V¤ìH/<™qF( ÜÕ©ñËà=³ÔN;º0áãMév®àÕãî°÷ޒæìqðe#
LíÕ¯0˜]¹ª½¼
0k¸@gæšÇƒ(¯K=k*m×äé€t1¤®ï›—>ÕÅ|dÓ
j–ôÝ0]Y7ԒŠ–Y#X—MôKj2==ÞÓÑÛ©£fÒ<³'ŠM6̇ت+©Yo°¥S>¨ÀE
ˆª.ø7ؙ#m#“ˆº3Q/“48¬ÒEz?Væ†P1¹¬Þ?a3ar±„AJFvØö¡²jFmTj{ôÿ[퐋½¦¼O£»ø»lG)¸ š6Ÿ‰å–tß
k«Jóe­V$gØü“‹Bù#J"›Óx¹Aô
»7[æI”5YŽ}ݾÒUlŠL¹ÚÊ2`ãD´p×T	»äU{I>SQçúFºìÌӃµ×ǹÝ|JYE¶+9\*„0ù^ºaéϝQ³[-\O“ÙûØ° ry‹ø'ó«ˆiu֙}ü®Ö@—jHfžk§jŒ¾1Þ´¯-©oÄ0a؏jV¯ÍoN®\;ì¿wx&ƒ;€ßíÃø"ëìTË2ÉDZª”òž˜ž“j£¡ÂêÙt~¸BzÜe(¬O¼1`Ö[ä™ÌÊE¦,׊•²,%0×®ò3.[RsÒ£5Ázr`L0ôRü;vâ².ì€KúsèE5_ã¯s8~ NŒb²þpNÏÙUnbe˜"v•àv¼¤4TaÈHæ¦%ã§R†þðÜæCSù…‹äS*$mi9r#áL1ÊÀƓzáÙ}¬PŸKžÒï<ÄJ®mè
c]\”}$Ôɽãš,ÊӊɸªËËùžy™_ºY`f8ÇtÖòaHrôÌ'¹Z‹Iš-5σÖ;~C†Ž8ô½iZÇвÌ×-b³òlR»TIËÖË7uf’ßÄ铹ŠÎ/Ïϔ…îý./Ž€øð®ýuáx*? Œ³š@WÚªý@U{$¡OÀ¤wi\õL–4þ¤’ç"Žµ&½!ÎV[:cWT^_¯}œ6Œ©s°p™ªÍ	OÎH‡….£*PeA­¨ªdöh“¤’7N
-Ƨ£"‘!ÂÝŠt[äÞ7úiJøÈæÒFE„}™ÇÊW\a(͓#½Ý‘ …¤S§/Þa€Áí1>n¸t¥ŒË}â SÐÚ:•ƒ£yRæè
ÄÀaw!È֝ä:Fȱ̒/‹™ïzË}¿C;öCÁå	þÀ´vã8¾c2)v ´q•Íæï}*2*°Qhݺà恢¡ºK PƽûÀˆœmºà"FÄ/L=:@ {\諅üŠ‚o¦0D7†SThÿThÿ
ãEsøx%ÈE¬¥¥PÁ,P§TWòÔN[Þ´§£q:H´e6¶—¨ç‡2NºN%)C‹0aÂëdɲÕ~Öz…{ˆI–êówô€à׏·]¹¨ÐUfïöF–)§’È‹­‘eÐÜ#<Sʵº2%7VĚ?с$ûÏ­½æÄc!äxåI5fŸg°·)Wþ|­!C›)ZX©Œ;+-ˆ¿ºÇ¥Òz´ñ¹
$]û0ï%•Øߗ}+þ¾w&Ç
Y)$cà±ûÌûQ²È4V	9ì0’%wÁ”=ˆ†Ú8Ù	&£ç^¨5óçy½`v΀‡Ìú`ìñ(^5«šñF´ï(SLþš{‹ù‰èr~.ÏL´WûžšÄX<¹Ææ4ˆ„XŒ”¹vn;<9– GGáÜ¢OÒ0žÏq»µJù-*—N.5GÁ 8#y/¶JbO}š"òé9'IŽ‚Á¶¡ÖmÆX;xÅÙ(æpX•õƒç–ÄûJ¡ðÁ52ão÷@©®קAÒö·è™Cò~O›4s@d„àéIŒË¦±³5{²É©°³™+’zmQ)5mdn••'.}ŽöâökZç ,éÇÑÒÏ¿-	{]ýuá£Û%u0Ä°iHÊOè'tFù„þ™ñj
?óxŠ@ºjöúӝ[à:N‡X¥ôä#Ê	šeNøª—r°LäHï¸1Ë0	—/â‘O&s€Ý¼^Ï«oÞCZ–Þ¯+ÚYZü0LFkÉëØ`ýl3n™
jƒÓ
,Õ2
Ål)ØåÎÛÖÿ®´e*h‚ÓZb[¢”úmæå;#Tó;›å¹d‘¹×þæõÓ¿K”üë£ Î㠊óóoJ`¯”øìþÓ²¨ýè5¯Gµžøv¸×Ãq÷y”(râó⺬å¼Âê1OIB=‚•ƒ§¨"…Ú*ˆåˆÙË¬½çà‚¸ë»èÖí2¯D w½ézåêoŠ•ªv¯Î¸°'p=á:µóƒ˜«¡Ϋ)5»sàK\íXMÉ5þ"'Öâ¡Mn7xjÕ}—˜Ðó[ˆ£È„ù²B¯Ž-¢”l€Ê]qàÃkxûqA»Vົãþ´ Š¯¿äÉôMš¥dJØZŠ¢µž§äŒU
tð{²Y†öŽŽw‹ÒSÈ6m4¡ü7à‘Àþ@6x©ºî8m:ØTØ¹­Â´zTÆÆ%é°kZƒB7‚Y‚y=™ÝRdx{÷Ȟ„[¸³&˜*ü(þÒ.roT‹Oú)%Ë „_>ÙɁ0`åAK>™©=F$éR‚ËÌk2µµ|F7r¿r±¥¡ë­–bü»8)úêœJø­òn±7VCš—.¥å_­‹£fŽ‰Ik9_($êGSÛ)´H,bghÆ£™‘1jÏ]¦dZ‰r¿cwË2¬†Xºâ;cä|&ÌÖîÎ¥ˆ“«ôƒ¹ÚÏl¬y/¼JVE‘ú{nM©RÒÞö2å«÷ ’Œ¹}q\Ÿ­zç›e•À7êýÓÛu»!+fªU7L}†áaï½ñzp9Ç{—Ô3(™£)8¶å
œÅ˜™SÁÑô¤TU´9p–::@¼v‡q^È,¸Kù¹åiæïoºòí­3_<L5ˆ§÷	“¾G³3þ¼@%ÕŸÇ—åœßB¬‹éoF|žš®(àì†[GŸÁ³Dª#+z¡†l0ððe4Ü?Géi) ¦lg)Ýb¢…Úè'¹Ý1ä'>Œ§â¦n4Thÿ
ãØ6%ÈE¬¥¥PÁ,ThÿThÿ
ãEsøx%ÈE¬¥¥PÁ,P±
HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sun, 16 Nov 2014 02:11:52 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.4-14+deb7u14
Vary: Accept-Encoding
Content-Encoding: gzip

1f34
‹¬ýk³%Wrþ•Tö¢ªÄÂ~?ˆ*šM“4ë1#Gm3œ‰ü‘™'PȨ «Ùüï³Ö~Åö}â\@j©›( óÞs"öÃ}¹ûòå¿ûöøÃ÷ïþõßÿðå/¶Ÿ»ýþýúá/¾|øöÓ¶/þ‡ï>üôã—ǟøñqþáû÷ù»ýǏúËß}ùðÓwÿ|üå׿~$ç‚N9yýñ‹ñVه>o‰æËÇǯ¿þú×_¬I>=’vzûèMLåÏÏí§wۗRz÷ûwï·/]Nꁿú¼R^ÙB´	Ÿf|4Ée?>ÞóøãŽï~üáݏOÎuüëñ«ãg}~x§ñQ?|ú—wÿ7üÈùé?ÿ§ý¿~úp|õþïʛ¼ÿ
å㗨Ó–_£•³éãÃÇèb||þõ×ïñ²¿ýÏ×~PãûµÆ~ŒÞšåGþö¯ÿÓß½ÿÕ7åÛ~»}ùÓðÇOüÔþèû·ÿùïþö+.ŽñŸ¿ýõ×ö»ÿð×ÿé¯þþÏÞýæݟýÿþ÷¿yWVýÿÿ¯ûÿ«wïÿüë¯ÿ¿ö¯¾þú¯ÿþ¯ßýçÿíïÿîoßéߪwÿÓö×ïøšÛ÷_ý7ÿ÷ïÞÿôéË_|ý5?ŸŒU·
˜t4Ùf~Ë;,¿áý_þÙ¯¾yW^àãÃÚœþ²¼rÊéKy…wß=Þ}UöŸ·Ÿ¾|ú›Ÿ~úñ§ß~â?ÿêǏŸÞý‡ß¿S¿ú·ò	ÖgÅø\·?ý*¿ðŽ?ûïÞã;ßø¬ß¼{ÿï~xÿ
ó7ãWÿŸŸ¶/?þðâ—*¹üÆß~÷ë/ûõ
_	¿ñÛï~øøé_ÿÓã«÷n´‹ÊX•ìû_½ûK¾ÑOŸïwú›ÿôý—Oïú«oþý߯­§Òùv&?bs||y|‰)¯­Ê1„¬½KÖekĉüü“u_¾úÓçŸêüÓOŸŒmò¯·ãÓW¿úíçOÇß÷üÛ|7ŽÍ¿|ûÝ÷ŸÞ}õáWÿƗøêî§ßýyý0¾HùxþòcÃ[|³c¹þé^áßX¦¯ø½ßã/Õ7øŸß½óåó›wm?µÒ:g.:UÎÃöåñ[Ì7þðÿðÿòÝûß¼ÿáãÿòåþá˟¾í6“”6üU›¢Š©Þ†O°æþáãO¸mø­Ÿð+Ƕø×ã?þð[üúûoðñßþ×௏ÿ}}<o|þýSý?òÏÿP?bÇQþø˜žð‡øÛûøôS{भñåúº±]õË‡:Ë~þ©~<>ÿÿ{ù„À®¯ù÷÷7ø·ÿõ¯¬©ŸA»õñÛÿúòÛóáÏøˆõ)øYÿzÔß|üìƒÌ¿Ï¸6áZjü{ÿˆ¸Ôß}úò¡~Hݨ`-Ë{ã_\(ïÍWüV¬àòŠíñª…Äé.ThÿThÿ
ãEsøx%ÈE¬¥¥PÁ,P>Á‡$¹ì­.0=÷ñ‘P¿ñ,ïý¸ÿ\üëõÑí×?mܬ~6å×Ç3q‡–ßý§ïùŏú«üÓq'þ嗽‘ËÁF[Î}RN{ùJÿÄ_ýôÏ_æE4.«T1*—«íÿéðÁ¹/wOûü¨õ‹ƒq̈́:g`Hê÷>¾o»¾ÅðòçS3íúupþéûÇ÷\œéi=<Uˆü– ‚JõõhMšl7üWïþÏÿóÝõG¼•óµ[6ÿQ»óµƒ>ÿQ;»ë/~+?«ù‹ÇúGm[ç?jËþ«éáë²ýêWÿV÷à·åû¿|é&õß¿©¦Ø¨_}óïX¡hGBAß=¾’¿ó~Ï_)ö1è-dã>ýÅÑDþŽ…ÝðÁÿ¯ã§ï~ø\>.¥`¶Z—üüøü­ó¿ÿ³ýÏ虿˜hã–`*?Zoûg€LöÍ»ß}ÝPÓï¾ý´}üËßßßúËo?}ÿýÿÀóaûéÇï÷aû^ÃÍlÖ“üiûÝ×õ÷uýµ/ǟð_­ýÃ_üúß>~÷埿ßþôßý@7øçû÷?~ø§oöOßnçw?þôüéû¯þ—ŸÛ¿?þ—ÿÏßý-VQ>áwå#þâÇsû¾ÿû—ã§ÿéÓ»ï>þþýÿü駍>íËû¯ñÕÏ?ûâ÷¾ûøé‡ã»ÇŸž~k Æ?%§ÜncÐÆ>îÖ°§¾ÕøÇç/^¥-¨üÉ‹}ø|„ðÙéq²›€CÏ–ý3ìßíß=9âíö»¯>ÿqûÓ¹±Ûf5ê“?|†×ƞñ7~óûò¸AÛãk´öeË.ïð\G°&‡_ýïߔæúl¼rHë«÷.~°Î|°xjþppüÎјòCåï-~0°¿àÝüsA)«ÊÏáoðS>Ôÿ&å?Bûñ;ÀÏÉοcêÿ¹Ä_‰柅ÏKºü,>¤=D¨?ʇ‘Ãs}³öåü¸þzøüð׿þD%£=áLð0„}¤¬>?,pèçÿËTZm@δç]úo€ý›€öc*ßT>·ýƒï¢êÖïœ.×e?<lþ9]±¿nyeÝß!nÜã3æ¬B>ðáaT0ŸÎŗðFۄW}cqV±Qf~‡lll¯p­”X¸¶\&û
VߝNk¼7ÎstŒ˜âg¬Ž-_…¸K—ÒöHÊÄ=;ãÃü]ÀùÙ´/SózÍÿiê÷!(H›N*œA{“ôus„Pùó±‚á÷錿@ µ=\Ü®Å÷…¤µoGŒ'¼œtyÚ˪ãë|ÌzCôgN˜ñzÆ<h6¹ª|›sJãÒà4¸¤ÔÖvþ¶ˆ Äõ-[_ªìÚ¼Á8Èý§½µV^Æäû%›èùÖúÔÎØíúö76JmFé|ÆhU£øp&`C}Ôå8<5¬xØ°f׈BÄ+»ˆgª/ÑׇãƒÍòú"ðÔ¡­ŒÆÙ²åA4ÿ‘Ö‡ÇqíŒð¯rÿIÍ7W	§-Ô+‚“š}ÿ¥ëû0çÍáèœö ç#Ã=<÷gÏ\ÞŸàÌk\펠2ÉSÒb¾†Ú·%6
7i²ãgÚ²ûú"ÂP¥äÚç•Î±¿«Ñm"vcs6ďÀþðÊgìŠÃýÆ©ôå~㿒Î8–QÙ¸[N¼ƒÆÕm‹.‹Êÿ
»„Ⱥ¿©Í—E~²šž§ŠS£“ÓG2 Fòó#§²¨øgy4Ä;¬Öóù”s[¨õ¸ß,«ÞæÙÆÚThÿThÿ
ãêEÜø%ÈE¬¥¥PÁ,PD+ö€¹5a5sײ˜×Y«o"Î$VߎÛ47Ƌ㨜Óý8^K7ŽC?vâ`bóÓdæ´n?î†KÐZþ
.¬­_“Ë{ś³úØò³Ò'¼RrþÈؐü)´‰®ì¨pÜ}†%†¹Þ5îºØÜ_oŸ©~§k_W—Nßìvh?ò¸¼ýšv;
óo²U§F¼j
ŸÍ<r¶x8
_Z̶‡
Êãလv8:#Îd

This file has been truncated. Go here to download in full.


suricata-4.0.0-etopen-all-alert-2018-11-16-T-14-54-13-11162018.1454-Variant1.pcap.txt - (4871 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
11/16/2014-02:12:15.859619  [**] [1:2020726:2] ET CURRENT_EVENTS RIG EK Landing March 20 2015 M2 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 37.200.69.143:80 -> 172.16.165.165:49452
11/16/2014-02:12:15.859619  [**] [1:2021430:3] ET CURRENT_EVENTS Possible IE MSMXL Detection of Local SYS (Likely Malicious) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 37.200.69.143:80 -> 172.16.165.165:49452
11/16/2014-02:12:16.013328  [**] [1:2020726:2] ET CURRENT_EVENTS RIG EK Landing March 20 2015 M2 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 37.200.69.143:80 -> 172.16.165.165:49451
11/16/2014-02:12:16.013328  [**] [1:2021430:3] ET CURRENT_EVENTS Possible IE MSMXL Detection of Local SYS (Likely Malicious) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 37.200.69.143:80 -> 172.16.165.165:49451
11/16/2014-02:12:24.886233  [**] [1:2018297:2] ET CURRENT_EVENTS GoonEK encrypted binary (3)  [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 37.200.69.143:80 -> 172.16.165.165:49452
11/16/2014-02:12:34.952204  [**] [1:2018297:2] ET CURRENT_EVENTS GoonEK encrypted binary (3)  [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 37.200.69.143:80 -> 172.16.165.165:49451
11/16/2014-02:12:41.948035  [**] [1:2014726:110] ET POLICY Outdated Flash Version M1 [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 172.16.165.165:49452 -> 37.200.69.143:80
11/16/2014-02:13:01.035250  [**] [1:2011582:52] ET POLICY Vulnerable Java Version 1.6.x Detected [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 172.16.165.165:49454 -> 37.200.69.143:80
11/16/2014-02:13:01.054846  [**] [1:2017064:18] ET CURRENT_EVENTS Cool/BHEK/Goon Applet with Alpha-Numeric Encoded HTML entity [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 37.200.69.143:80 -> 172.16.165.165:49454
11/16/2014-02:13:01.563016  [**] [1:2011582:52] ET POLICY Vulnerable Java Version 1.6.x Detected [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 172.16.165.165:49455 -> 37.200.69.143:80
11/16/2014-02:13:01.563230  [**] [1:2017064:18] ET CURRENT_EVENTS Cool/BHEK/Goon Applet with Alpha-Numeric Encoded HTML entity [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 37.200.69.143:80 -> 172.16.165.165:49455
11/16/2014-02:13:09.495964  [**] [1:2018297:2] ET CURRENT_EVENTS GoonEK encrypted binary (3)  [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 37.200.69.143:80 -> 172.16.165.165:49456
11/16/2014-02:13:10.986333  [**] [1:2016540:3] ET CURRENT_EVENTS SUSPICIOUS JAR Download by Java UA with non JAR EXT matches various EKs [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 37.200.69.143:80 -> 172.16.165.165:49454
11/16/2014-02:13:10.986333  [**] [1:2014473:5] ET INFO JAVA - Java Archive Download By Vulnerable Client [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 37.200.69.143:80 -> 172.16.165.165:49454
11/16/2014-02:13:10.986333  [**] [1:2014526:3] ET CURRENT_EVENTS Exploit Kit Delivering JAR Archive to Client [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 37.200.69.143:80 -> 172.16.165.165:49454
11/16/2014-02:13:10.986333  [**] [1:2017637:2] ET INFO Java File Sent With X-Powered By HTTP Header - Common In Exploit Kits [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 37.200.69.143:80 -> 172.16.165.165:49454
11/16/2014-02:13:10.986333  [**] [1:2017639:7] ET INFO JAR Size Under 30K Size - Potentially Hostile [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 37.200.69.143:80 -> 172.16.165.165:49454
11/16/2014-02:13:10.986516  [**] [1:2016540:3] ET CURRENT_EVENTS SUSPICIOUS JAR Download by Java UA with non JAR EXT matches various EKs [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 37.200.69.143:80 -> 172.16.165.165:49455
11/16/2014-02:13:10.986516  [**] [1:2014473:5] ET INFO JAVA - Java Archive Download By Vulnerable Client [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 37.200.69.143:80 -> 172.16.165.165:49455
11/16/2014-02:13:10.986516  [**] [1:2014526:3] ET CURRENT_EVENTS Exploit Kit Delivering JAR Archive to Client [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 37.200.69.143:80 -> 172.16.165.165:49455
11/16/2014-02:13:10.986516  [**] [1:2017637:2] ET INFO Java File Sent With X-Powered By HTTP Header - Common In Exploit Kits [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 37.200.69.143:80 -> 172.16.165.165:49455
11/16/2014-02:13:10.986516  [**] [1:2017639:7] ET INFO JAR Size Under 30K Size - Potentially Hostile [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 37.200.69.143:80 -> 172.16.165.165:49455


stats.log - (3686 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
------------------------------------------------------------------------------------
Date: 11/16/2018 -- 14:54:13 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 3053
decoder.bytes                              | Total                     | 2502525
decoder.ipv4                               | Total                     | 3012
decoder.ipv6                               | Total                     | 22
decoder.ethernet                           | Total                     | 3053
decoder.tcp                                | Total                     | 2951
decoder.udp                                | Total                     | 73
decoder.icmpv6                             | Total                     | 5
decoder.avg_pkt_size                       | Total                     | 819
decoder.max_pkt_size                       | Total                     | 1514
flow.tcp                                   | Total                     | 32
flow.udp                                   | Total                     | 22
flow.icmpv6                                | Total                     | 1
tcp.sessions                               | Total                     | 22
tcp.syn                                    | Total                     | 22
tcp.synack                                 | Total                     | 314
tcp.rst                                    | Total                     | 26
tcp.overlap                                | Total                     | 66
detect.alert                               | Total                     | 22
detect.mpm_list                            | Total                     | 2
detect.nonmpm_list                         | Total                     | 1
detect.match_list                          | Total                     | 2
app_layer.flow.http                        | Total                     | 16
app_layer.tx.http                          | Total                     | 37
app_layer.flow.tls                         | Total                     | 6
app_layer.flow.dns_udp                     | Total                     | 11
app_layer.tx.dns_udp                       | Total                     | 11
app_layer.flow.failed_udp                  | Total                     | 11
flow_mgr.closed_pruned                     | Total                     | 13
flow_mgr.new_pruned                        | Total                     | 20
flow_mgr.est_pruned                        | Total                     | 11
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 55
flow_mgr.flows_notimeout                   | Total                     | 2
flow_mgr.flows_timeout                     | Total                     | 53
flow_mgr.flows_timeout_inuse               | Total                     | 9
flow_mgr.flows_removed                     | Total                     | 44
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65481
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7090144


eve.json - (67489 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
{"timestamp":"2014-11-16T02:11:50.994963+0000","flow_id":1691729768361619,"pcap_cnt":42,"event_type":"dns","src_ip":"172.16.165.165","src_port":62720,"dest_ip":"172.16.165.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":51895,"rrname":"ssl.bing.com","rrtype":"A","tx_id":0}}
{"timestamp":"2014-11-16T02:11:51.914894+0000","flow_id":1691729768361619,"pcap_cnt":65,"event_type":"dns","src_ip":"172.16.165.2","src_port":53,"dest_ip":"172.16.165.165","dest_port":62720,"proto":"UDP","dns":{"type":"answer","id":51895,"rcode":"NOERROR","rrname":"ssl.bing.com","rrtype":"CNAME","ttl":5,"rdata":"ssl-bing-com.a-0001.a-msedge.net"}}
{"timestamp":"2014-11-16T02:11:51.914894+0000","flow_id":1691729768361619,"pcap_cnt":65,"event_type":"dns","src_ip":"172.16.165.2","src_port":53,"dest_ip":"172.16.165.165","dest_port":62720,"proto":"UDP","dns":{"type":"answer","id":51895,"rcode":"NOERROR","rrname":"ssl-bing-com.a-0001.a-msedge.net","rrtype":"CNAME","ttl":5,"rdata":"a-0001.a-msedge.net"}}
{"timestamp":"2014-11-16T02:11:51.914894+0000","flow_id":1691729768361619,"pcap_cnt":65,"event_type":"dns","src_ip":"172.16.165.2","src_port":53,"dest_ip":"172.16.165.165","dest_port":62720,"proto":"UDP","dns":{"type":"answer","id":51895,"rcode":"NOERROR","rrname":"a-0001.a-msedge.net","rrtype":"A","ttl":5,"rdata":"204.79.197.200"}}
{"timestamp":"2014-11-16T02:11:53.685362+0000","flow_id":461268882912562,"pcap_cnt":116,"event_type":"dns","src_ip":"172.16.165.165","src_port":51415,"dest_ip":"172.16.165.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":7601,"rrname":"www.ciniholland.nl","rrtype":"A","tx_id":0}}
{"timestamp":"2014-11-16T02:11:54.493624+0000","flow_id":461268882912562,"pcap_cnt":139,"event_type":"dns","src_ip":"172.16.165.2","src_port":53,"dest_ip":"172.16.165.165","dest_port":51415,"proto":"UDP","dns":{"type":"answer","id":7601,"rcode":"NOERROR","rrname":"www.ciniholland.nl","rrtype":"A","ttl":5,"rdata":"82.150.140.30"}}
{"timestamp":"2014-11-16T02:11:56.195673+0000","flow_id":1815605215558745,"pcap_cnt":193,"event_type":"dns","src_ip":"172.16.165.165","src_port":60914,"dest_ip":"172.16.165.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":31133,"rrname":"adultbiz.in","rrtype":"A","tx_id":0}}
{"timestamp":"2014-11-16T02:11:56.905440+0000","flow_id":1815605215558745,"pcap_cnt":248,"event_type":"dns","src_ip":"172.16.165.2","src_port":53,"dest_ip":"172.16.165.165","dest_port":60914,"proto":"UDP","dns":{"type":"answer","id":31133,"rcode":"NOERROR","rrname":"adultbiz.in","rrtype":"A","ttl":5,"rdata":"185.53.178.9"}}
{"timestamp":"2014-11-16T02:11:57.571930+0000","flow_id":976826019777147,"pcap_cnt":319,"event_type":"http","src_ip":"172.16.165.165","src_port":49437,"dest_ip":"82.150.140.30","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.ciniholland.nl","url":"\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","http_content_type":"text\/html"}}
{"timestamp":"2014-11-16T02:11:57.572707+0000","flow_id":1180310833002655,"pcap_cnt":320,"event_type":"http","src_ip":"172.16.165.165","src_port":49439,"dest_ip":"82.150.140.30","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.ciniholland.nl","url":"\/wp-content\/plugins\/contact-form-7\/includes\/css\/styles.css?ver=3.7.2","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","http_content_type":"text\/css"}}
{"timestamp":"2014-11-16T02:11:57.572802+0000","flow_id":734690796173996,"pcap_cnt":321,"event_type":"http","src_ip":"172.16.165.165","src_port":49441,"dest_ip":"82.150.140.30","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.ciniholland.nl","url":"\/wp-content\/plugins\/sitemap\/css\/page-list.css?ver=4.2","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","http_content_type":"text\/css"}}
{"timestamp":"2014-11-16T02:11:57.572898+0000","flow_id":672048698161989,"pcap_cnt":322,"event_type":"http","src_ip":"172.16.165.165","src_port":49442,"dest_ip":"82.150.140.30","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.ciniholland.nl","url":"\/wp-content\/themes\/cini\/js\/functions.js","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","http_content_type":"text\/javascript"}}
{"timestamp":"2014-11-16T02:11:57.573250+0000","flow_id":1180310833002655,"pcap_cnt":323,"event_type":"fileinfo","src_ip":"82.150.140.30","src_port":80,"dest_ip":"172.16.165.165","dest_port":49439,"proto":"TCP","http":{"hostname":"www.ciniholland.nl","url":"\/wp-content\/plugins\/contact-form-7\/includes\/css\/styles.css?ver=3.7.2","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","http_content_type":"text\/css","http_refer":"http:\/\/www.ciniholland.nl\/","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":927},"app_proto":"http","fileinfo":{"filename":"\/wp-content\/plugins\/contact-form-7\/includes\/css\/styles.css","gaps":false,"state":"CLOSED","stored":false,"size":927,"tx_id":0}}
{"timestamp":"2014-11-16T02:11:57.573444+0000","flow_id":734690796173996,"pcap_cnt":324,"event_type":"fileinfo","src_ip":"82.150.140.30","src_port":80,"dest_ip":"172.16.165.165","dest_port":49441,"proto":"TCP","http":{"hostname":"www.ciniholland.nl","url":"\/wp-content\/plugins\/sitemap\/css\/page-list.css?ver=4.2","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","http_content_type":"text\/css","http_refer":"http:\/\/www.ciniholland.nl\/","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":702},"app_proto":"http","fileinfo":{"filename":"\/wp-content\/plugins\/sitemap\/css\/page-list.css","gaps":false,"state":"CLOSED","stored":false,"size":702,"tx_id":0}}
{"timestamp":"2014-11-16T02:11:57.573445+0000","flow_id":672048698161989,"pcap_cnt":325,"event_type":"fileinfo","src_ip":"82.150.140.30","src_port":80,"dest_ip":"172.16.165.165","dest_port":49442,"proto":"TCP","http":{"hostname":"www.ciniholland.nl","url":"\/wp-content\/themes\/cini\/js\/functions.js","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","http_content_type":"text\/javascript","http_refer":"http:\/\/www.ciniholland.nl\/","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":237},"app_proto":"http","fileinfo":{"filename":"\/wp-content\/themes\/cini\/js\/functions.js","gaps":false,"state":"CLOSED","stored":false,"size":237,"tx_id":0}}
{"timestamp":"2014-11-16T02:11:58.044800+0000","flow_id":976826019777147,"pcap_cnt":343,"event_type":"fileinfo","src_ip":"82.150.140.30","src_port":80,"dest_ip":"172.16.165.165","dest_port":49437,"proto":"TCP","http":{"hostname":"www.ciniholland.nl","url":"\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","http_content_type":"text\/html","http_refer":"http:\/\/www.bing.com\/search?q=ciniholland.nl&qs=ds&form=QBLH","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":61354},"app_proto":"http","fileinfo":{"filename":"\/","gaps":false,"state":"CLOSED","stored":false,"size":61319,"tx_id":0}}
{"timestamp":"2014-11-16T02:11:58.142257+0000","flow_id":1933867140052928,"pcap_cnt":359,"event_type":"http","src_ip":"172.16.165.165","src_port":49438,"dest_ip":"82.150.140.30","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.ciniholland.nl","url":"\/wp-content\/themes\/cini\/style.css","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","http_content_type":"text\/css"}}
{"timestamp":"2014-11-16T02:11:58.142309+0000","flow_id":1384014689401225,"pcap_cnt":360,"event_type":"http","src_ip":"172.16.165.165","src_port":49440,"dest_ip":"82.150.140.30","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.ciniholland.nl","url":"\/wp-includes\/js\/jquery\/jquery-migrate.min.js?ver=1.2.1","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","http_content_type":"text\/javascript"}}
{"timestamp":"2014-11-16T02:11:58.610839+0000","flow_id":976826019777147,"pcap_cnt":402,"event_type":"http","src_ip":"172.16.165.165","src_port":49437,"dest_ip":"82.150.140.30","dest_port":80,"proto":"TCP","tx_id":1,"http":{"hostname":"www.ciniholland.nl","url":"\/wp-content\/themes\/cini\/reset.css","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","http_content_type":"text\/css"}}
{"timestamp":"2014-11-16T02:11:59.145311+0000","flow_id":672048698161989,"pcap_cnt":449,"event_type":"http","src_ip":"172.16.165.165","src_port":49442,"dest_ip":"82.150.140.30","dest_port":80,"proto":"TCP","tx_id":1,"http":{"hostname":"www.ciniholland.nl","url":"\/wp-content\/plugins\/contact-form-7\/includes\/js\/scripts.js?ver=3.7.2","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","http_content_type":"text\/javascript"}}
{"timestamp":"2014-11-16T02:11:59.177798+0000","flow_id":734690796173996,"pcap_cnt":459,"event_type":"http","src_ip":"172.16.165.165","src_port":49441,"dest_ip":"82.150.140.30","dest_port":80,"proto":"TCP","tx_id":1,"http":{"hostname":"www.ciniholland.nl","url":"\/wp-content\/plugins\/contact-form-7\/includes\/js\/jquery.form.min.js?ver=3.50.0-2014.02.05","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","http_content_type":"text\/javascript"}}
{"timestamp":"2014-11-16T02:11:59.719978+0000","flow_id":1595359292609147,"pcap_cnt":515,"event_type":"http","src_ip":"172.16.165.165","src_port":49443,"dest_ip":"185.53.178.9","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"adultbiz.in","url":"\/new\/jquery.php","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","http_content_type":"text\/html"}}
{"timestamp":"2014-11-16T02:11:59.904706+0000","flow_id":1180310833002655,"pcap_cnt":534,"event_type":"http","src_ip":"172.16.165.165","src_port":49439,"dest_ip":"82.150.140.30","dest_port":80,"proto":"TCP","tx_id":1,"http":{"hostname":"www.ciniholland.nl","url":"\/wp-includes\/js\/jquery\/jquery.js?ver=1.10.2","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","http_content_type":"text\/javascript"}}
{"timestamp":"2014-11-16T02:11:59.922790+0000","flow_id":1933867140052928,"pcap_cnt":536,"event_type":"fileinfo","src_ip":"82.150.140.30","src_port":80,"dest_ip":"172.16.165.165","dest_port":49438,"proto":"TCP","http":{"hostname":"www.ciniholland.nl","url":"\/wp-content\/themes\/cini\/style.css","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","http_content_type":"text\/css","http_refer":"http:\/\/www.ciniholland.nl\/","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":4807},"app_proto":"http","fileinfo":{"filename":"\/wp-content\/themes\/cini\/style.css","gaps":false,"state":"CLOSED","stored":false,"size":4807,"tx_id":0}}
{"timestamp":"2014-11-16T02:11:59.923046+0000","flow_id":1384014689401225,"pcap_cnt":539,"event_type":"fileinfo","src_ip":"82.150.140.30","src_port":80,"dest_ip":"172.16.165.165","dest_port":49440,"proto":"TCP","http":{"hostname":"www.ciniholland.nl","url":"\/wp-includes\/js\/jquery\/jquery-migrate.min.js?ver=1.2.1","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","http_content_type":"text\/javascript","http_refer":"http:\/\/www.ciniholland.nl\/","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":7200},"app_proto":"http","fileinfo":{"filename":"\/wp-includes\/js\/jquery\/jquery-migrate.min.js","gaps":false,"state":"CLOSED","stored":false,"size":7200,"tx_id":0}}
{"timestamp":"2014-11-16T02:11:59.923087+0000","flow_id":976826019777147,"pcap_cnt":540,"event_type":"fileinfo","src_ip":"82.150.140.30","src_port":80,"dest_ip":"172.16.165.165","dest_port":49437,"proto":"TCP","http":{"hostname":"www.ciniholland.nl","url":"\/wp-content\/themes\/cini\/reset.css","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","http_content_type":"text\/css","http_refer":"http:\/\/www.ciniholland.nl\/","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":1092},"app_proto":"http","fileinfo":{"filename":"\/wp-content\/themes\/cini\/reset.css","gaps":false,"state":"CLOSED","stored":false,"size":1092,"tx_id":1}}
{"timestamp":"2014-11-16T02:11:59.923286+0000","flow_id":672048698161989,"pcap_cnt":542,"event_type":"fileinfo","src_ip":"82.150.140.30","src_port":80,"dest_ip":"172.16.165.165","dest_port":49442,"proto":"TCP","http":{"hostname":"www.ciniholland.nl","url":"\/wp-content\/plugins\/contact-form-7\/includes\/js\/scripts.js?ver=3.7.2","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","http_content_type":"text\/javascript","http_refer":"http:\/\/www.ciniholland.nl\/","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":8913},"app_proto":"http","fileinfo":{"filename":"\/wp-content\/plugins\/contact-form-7\/includes\/js\/scripts.js","gaps":false,"state":"CLOSED","stored":false,"size":8913,"tx_id":1}}
{"timestamp":"2014-11-16T02:11:59.923480+0000","flow_id":734690796173996,"pcap_cnt":544,"event_type":"fileinfo","src_ip":"82.150.140.30","src_port":80,"dest_ip":"172.16.165.165","dest_port":49441,"proto":"TCP","http":{"hostname":"www.ciniholland.nl","url":"\/wp-content\/plugins\/contact-form-7\/includes\/js\/jquery.form.min.js?ver=3.50.0-2014.02.05","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","http_content_type":"text\/javascript","http_refer":"http:\/\/www.ciniholland.nl\/","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":16305},"app_proto":"http","fileinfo":{"filename":"\/wp-content\/plugins\/contact-form-7\/includes\/js\/jquery.form.min.js","gaps":false,"state":"CLOSED","stored":false,"size":16305,"tx_id":1}}
{"timestamp":"2014-11-16T02:11:59.923677+0000","flow_id":1180310833002655,"pcap_cnt":546,"event_type":"fileinfo","src_ip":"82.150.140.30","src_port":80,"dest_ip":"172.16.165.165","dest_port":49439,"proto":"TCP","http":{"hostname":"www.ciniholland.nl","url":"\/wp-includes\/js\/jquery\/jquery.js?ver=1.10.2","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","http_content_type":"text\/javascript","http_refer":"http:\/\/www.ciniholland.nl\/","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":93085},"app_proto":"http","fileinfo":{"filename":"\/wp-in

This file has been truncated. Go here to download in full.


keyword_perf.log - (14935 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 11/16/2018 -- 14:54:13
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             12907971        3926            3926            242722          3287.00         3287.00         0.00           
  threshold        62417           8               3               18651           7802.00         7502.00         7982.00        
  content          36035854        5931            2193            235776          6075.00         7849.00         5035.00        
  pcre             9678639         2528            62              98586           3828.00         6246.00         3767.00        
  byte_test        406575          107             44              31607           3799.00         4989.00         2968.00        
  byte_jump        16345           4               0               4728            4086.00         0.00            4086.00        
  isdataat         44644           15              2               3557            2976.00         2613.00         3032.00        
  flowbits         1885100         596             207             45659           3162.00         3323.00         3077.00        
  urilen           1548954         474             223             61589           3267.00         3121.00         3397.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             12907971        3926            3926            242722          3287.00         3287.00         0.00           
  flowbits         1740334         564             175             45659           3085.00         3103.00         3077.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          2214864         573             176             43723           3865.00         4553.00         3560.00        
  pcre             189083          41              0               21268           4611.00         0.00            4611.00        
  byte_test        379011          101             42              31607           3752.00         4886.00         2945.00        
  byte_jump        16345           4               0               4728            4086.00         0.00            4086.00        
  isdataat         39418           13              0               3557            3032.00         0.00            3032.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         144766          32              32              30139           4523.00         4523.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: threshold
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  threshold        62417           8               3               18651           7802.00         7502.00         7982.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3061896         785             426             33171           3900.00         3973.00         3814.00        
  pcre             2313487         433             23              98586           5342.00         5923.00         5310.00        
  isdataat         5226            2               2               2613            2613.00         2613.00         0.00           
  urilen           1548954         474             223             61589           3267.00         3121.00         3397.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          126272          36              0               15532           3507.00         0.00            3507.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          24361612        2886            451             235776          8441.00         22735.00        5793.00        
  pcre             6323160         1945            8               78761           3250.00         6667.00         3236.00        
  byte_test        13283           4               0               4218            3320.00         0.00            3320.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          2169422         541             325             20413           4010.00         4233.00         3673.00        
  pcre             852909          109             31              33736           7824.00         6377.00         8400.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          481458          132             85              8649            3647.00         3782.00         3403.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_accept
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          10692           3               3               3608            3564.00         3564.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_accept_enc
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          11084           3               3               4093            3694.00         3694.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_len
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  byte_test        14281           2               2               7558            7140.00         7140.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          6772            2               2               3470            3386.00         3386.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_start
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          10054           3               3               3540            3351.00         3351.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          386870          110             36              23311           3517.00         3714.00         3420.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3158083         846             672             55341           3732.00         3809.00         3438.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          36775           11              11              4207            3343.00         3343.00         0.00           


suricata-4.0.0-etopen-all-perf.txt-2018-11-16-T-14-54-13-11162018.1454-Variant1.pcap.txt - (54231 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 11/16/2018 -- 14:54:13. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2024771      1        1        13990348     7.84   1117     0        7578024     12524.93    0.00        12524.93   
  2        2016537      1        2        14249661     7.98   520      0        6185960     27403.19    0.00        27403.19   
  3        2018440      1        4        9452709      5.30   2        0        5087973     4726354.50  0.00        4726354.50 
  4        2015977      1        7        3267930      1.83   2        0        1653056     1633965.00  0.00        1633965.00 
  5        2018469      1        2        1744269      0.98   2        0        924818      872134.50   0.00        872134.50  
  6        2018342      1        2        10611225     5.95   35       0        794197      303177.86   0.00        303177.86  
  7        2018299      1        3        2880412      1.61   11       0        592777      261855.64   0.00        261855.64  
  8        2015690      1        2        525862       0.29   6        0        347839      87643.67    0.00        87643.67   
  9        2025185      1        3        3851542      2.16   35       0        315991      110044.06   0.00        110044.06  
  10       2016786      1        5        311989       0.17   6        0        295537      51998.17    0.00        51998.17   
  11       2020318      1        8        1798837      1.01   12       0        268973      149903.08   0.00        149903.08  
  12       2021749      1        6        1352330      0.76   10       0        234920      135233.00   0.00        135233.00  
  13       2017072      1        3        227210       0.13   1        0        227210      227210.00   0.00        227210.00  
  14       2020865      1        3        9327462      5.23   70       0        226519      133249.46   0.00        133249.46  
  15       2021429      1        2        388098       0.22   2        0        215196      194049.00   0.00        194049.00  
  16       2015978      1        7        671386       0.38   9        0        192200      74598.44    0.00        74598.44   
  17       2023587      1        2        311653       0.17   2        0        179838      155826.50   0.00        155826.50  
  18       2016393      1        3        973886       0.55   9        0        173846      108209.56   0.00        108209.56  
  19       2018225      1        2        239658       0.13   2        0        167229      119829.00   0.00        119829.00  
  20       2023586      1        2        328857       0.18   2        0        165960      164428.50   0.00        164428.50  
  21       2017166      1        4        154784       0.09   1        0        154784      154784.00   0.00        154784.00  
  22       2019378      1        12       456049       0.26   10       0        154622      45604.90    0.00        45604.90   
  23       2017038      1        4        284036       0.16   6        0        151696      47339.33    0.00        47339.33   
  24       2015045      1        4        149994       0.08   1        0        149994      149994.00   0.00        149994.00  
  25       2017948      1        2        417063       0.23   11       0        149567      37914.82    0.00        37914.82   
  26       2016587      1        6        667213       0.37   9        0        134029      74134.78    0.00        74134.78   
  27       2016734      1        2        650805       0.36   9        0        133300      72311.67    0.00        72311.67   
  28       2016242      1        6        676464       0.38   9        0        132109      75162.67    0.00        75162.67   
  29       2016333      1        4        128009       0.07   1        0        128009      128009.00   0.00        128009.00  
  30       2017785      1        2        236325       0.13   2        0        127289      118162.50   0.00        118162.50  
  31       2018346      1        3        238481       0.13   2        0        126212      119240.50   0.00        119240.50  
  32       2021035      1        3        296415       0.17   6        0        126201      49402.50    0.00        49402.50   
  33       2015739      1        6        597576       0.33   9        0        125943      66397.33    0.00        66397.33   
  34       2015823      1        6        583185       0.33   9        0        125551      64798.33    0.00        64798.33   
  35       2018262      1        3        228140       0.13   2        0        121393      114070.00   0.00        114070.00  
  36       2019344      1        5        1264837      0.71   31       0        120826      40801.19    0.00        40801.19   
  37       2001330      1        8        3772019      2.11   1245     0        113293      3029.73     0.00        3029.73    
  38       2019514      1        4        242785       0.14   6        0        113251      40464.17    0.00        40464.17   
  39       2024606      1        2        362647       0.20   11       0        110490      32967.91    0.00        32967.91   
  40       2018377      1        3        326591       0.18   77       0        106432      4241.44     0.00        4241.44    
  41       2017181      1        6        190816       0.11   2        0        102995      95408.00    0.00        95408.00   
  42       2016503      1        2        1633274      0.92   80       0        99969       20415.92    0.00        20415.92   
  43       2017552      1        6        8287072      4.64   557      0        96469       14878.05    0.00        14878.05   
  44       2019368      1        3        190130       0.11   2        0        95132       95065.00    0.00        95065.00   
  45       2016581      1        4        272589       0.15   6        0        94926       45431.50    0.00        45431.50   
  46       2016933      1        5        295040       0.17   6        0        93460       49173.33    0.00        49173.33   
  47       2017811      1        2        276968       0.16   6        0        93118       46161.33    0.00        46161.33   
  48       2022054      1        3        241551       0.14   3        0        92362       80517.00    0.00        80517.00   
  49       2017568      1        3        170656       0.10   2        0        89689       85328.00    0.00        85328.00   
  50       2018005      1        6        655769       0.37   11       0        88245       59615.36    0.00        59615.36   
  51       2017595      1        9        235135       0.13   6        0        86627       39189.17    0.00        39189.17   
  52       2022609      1        2        996726       0.56   27       0        85985       36915.78    0.00        36915.78   
  53       2015846      1        3        160504       0.09   2        0        85878       80252.00    0.00        80252.00   
  54       2015923      1        3        164727       0.09   4        0        85410       41181.75    0.00        41181.75   
  55       2016521      1        5        222247       0.12   6        0        83786       37041.17    0.00        37041.17   
  56       2016539      1        7        353691       0.20   6        6        79577       58948.50    58948.50    0.00       
  57       2022545      1        1        78656        0.04   1        0        78656       78656.00    0.00        78656.00   
  58       2016013      1        6        273639       0.15   6        0        76211       45606.50    0.00        45606.50   
  59       2018981      1        4        993285       0.56   31       0        75241       32041.45    0.00        32041.45   
  60       2017554      1        3        290673       0.16   6        0        74523       48445.50    0.00        48445.50   
  61       2025064      1        5        1231630      0.69   31       1        74140       39730.00    74140.00    38583.00   
  62       2017261      1        3        367155       0.21   11       0        73425       33377.73    0.00        33377.73   
  63       2016223      1        10       781756       0.44   35       0        73282       22335.89    0.00        22335.89   
  64       2015711      1        6        71493        0.04   1        0        71493       71493.00    0.00        71493.00   
  65       2024769      1        2        133871       0.08   2        0        71254       66935.50    0.00        66935.50   
  66       2022666      1        4        129790       0.07   2        0        70960       64895.00    0.00        64895.00   
  67       2019094      1        5        381349       0.21   11       0        70402       34668.09    0.00        34668.09   
  68       2021430      1        3        136336       0.08   2        2        70113       68168.00    68168.00    0.00       
  69       2024909      1        2        1296438      0.73   64       0        69892       20256.84    0.00        20256.84   
  70       2017459      1        3        255710       0.14   6        0        69854       42618.33    0.00        42618.33   
  71       2019091      1        3        69583        0.04   1        0        69583       69583.00    0.00        69583.00   
  72       2015942      1        4        198093       0.11   6        0        69498       33015.50    0.00        33015.50   
  73       2017613      1        9        1035227      0.58   31       0        68170       33394.42    0.00        33394.42   
  74       2015707      1        2        370238       0.21   9        0        65453       41137.56    0.00        41137.56   
  75       2018452      1        15       1169881      0.66   31       0        65166       37738.10    0.00        37738.10   
  76       2017199      1        4        236741       0.13   6        0        64761       39456.83    0.00        39456.83   
  77       2016709      1        8        196404       0.11   6        0        63194       32734.00    0.00        32734.00   
  78       2018358      1        7        1174914      0.66   31       0        63047       37900.45    0.00        37900.45   
  79       2012707      1        5        847160       0.47   36       0        62085       23532.22    0.00        23532.22   
  80       2016540      1        3        131204       0.07   9        2        61354       14578.22    54000.00    3314.86    
  81       2017454      1        12       371407       0.21   10       0        61147       37140.70    0.00        37140.70   
  82       2020388      1        8        163214       0.09   31       0        60828       5264.97     0.00        5264.97    
  83       2014750      1        2        229688       0.13   6        0        60517       38281.33    0.00        38281.33   
  84       2019881      1        3        917682       0.51   31       0        60386       29602.65    0.00        29602.65   
  85       2017036      1        3        390179       0.22   10       0        59092       39017.90    0.00        39017.90   
  86       2014519      1        7        891179       0.50   43       0        58730       20725.09    0.00        20725.09   
  87       2016502      1        2        1549910      0.87   80       0        58456       19373.88    0.00        19373.88   
  88       2021418      1        9        355655       0.20   11       0        58361       32332.27    0.00        32332.27   
  89       2017458      1        3        229915       0.13   6        0        58309       38319.17    0.00        38319.17   
  90       2021413      1        2        383219       0.21   11       0        57977       34838.09    0.00        34838.09   
  91       2021381      1        7        93342        0.05   2        0        57537       46671.00    0.00        46671.00   
  92       2022234      1        3        196647       0.11   4        0        56750       49161.75    0.00        49161.75   
  93       2020822      1        6        359275       0.20   10       0        56482       35927.50    0.00        35927.50   
  94       2016229      1        11       219921       0.12   6        0        56467       36653.50    0.00        36653.50   
  95       2018457      1        1        231507       0.13   7        0        56384       33072.43    0.00        33072.43   
  96       2023150      1        3        111780       0.06   2        0        56192       55890.00    0.00        55890.00   
  97       2018958      1        18       740709       0.42   31       0        56176       23893.84    0.00        23893.84   
  98       2022682      1        3        110128       0.06   2        0        56074       55064.00    0.00        55064.00   
  99       2016143      1        3        1616004      0.91   81       0        55997       19950.67    0.00        19950.67   
  100      2020476      1        3        193195       0.11   6        0        55474       32199.17    0.00        32199.17   
  101      2009702      1        5        384782       0.22   23       0        55196       16729.65    0.00        16729.65   
  102      2015000      1        6        201381       0.11   6        0        55041       33563.50    0.00        33563.50   
  103      2014912      1        6        219206       0.12   6        0        54133       36534.33    0.00        36534.33   
  104      2012173      1        2        164258       0.09   4        0        53566       41064.50    0.00        41064.50   
  105      2016858      1        10       965257       0.54   31       0        53499       31137.32    0.00        31137.32   
  106      2017064      1        18       104807       0.06   2        2        53240       52403.50    52403.50    0.00       
  107      2013035      1        3        187996       0.11   6        6        53185       31332.67    31332.67    0.00       
  108      2022552      1        2        2693073      1.51   129      0        52755       20876.53    0.00        20876.53   
  109      2014442      1        6        424699       0.24   10       0        52392       42469.90    0.00        42469.90   
  110      2022055      1        2        85701        0.05   2        2        52127       42850.50    42850.50    0.00       
  111      2021718      1        4        324730       0.18   10       0        52008       32473.00    0.00        32473.00   
  112      2017078      1        6        212892       0.12   6        0        51742       35482.00    0.00        35482.00   
  113      2015990      1        2        188914       0.11   6        0        51686       31485.67    0.00        31485.67   
  114      2012970      1        2        51625        0.03   1        0        51625       51625.00    0.00        51625.00   
  115      2017457      1        3        216214       0.12   6        0        51037       36035.67    0.00        36035.67   
  116      2010067      1        10       92334        0.05   2        0        50860       46167.00    0.00        46167.00   
  117      2020726      1        2        185007       0.10   34       2        50836       5441.38     46760.00    2858.97    
  118      2017076      1        9        360207       0.20   10       0        50824       36020.70    0.00        36020.70   
  119      2018234      1        2        109264       0.06   9        0        50670       12140.44    0.00        12140.44   
  120      2017556      1        3        346437       0.19   10       0        50212       34643.70    0.00        34643.70   
  121      2016319      1        2        91576        0.05   2        0        49687       45788.00    0.00        45788.00   
  122      2017270      1        7        89696        0.05   2        0        49637       44848.00    0.00        44848.00   
  123      2020963      1        2        307948       0.17   10       0        49349       30794.80    0.00        30794.80   
  124      2016504      1        4        197406       0.11   6        0        49230       32901.00    0.00        32901.00   
  125      2017456      1        3        

This file has been truncated. Go here to download in full.


IDSDeathBlossom.py.log - (1151 bytes) - download
1
2
3
4
5
6
7
8
2018-11-16 14:54:03,655 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2018-11-16 14:54:04,427 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2018-11-16 14:54:04,428 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etopen-all
2018-11-16 14:54:04,428 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2018-11-16 14:54:04,428 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2018-11-16 14:54:04,428 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/41d34d07aa81f3cb5ee12315cc5c88a9d2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/11162018.1454-Variant1.pcap -vvv -k none
2018-11-16 14:54:13,127 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2018-11-16 14:54:13,128 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 9.48105192184