4
]Ñév”Z+*È

À¨ð9¸¨ƒñÀÏP

]Ñév]Ñév”Z
çEÙÌ£À¨ð9¸¨ƒñÀÏPPé‹GET /c77/?T8n=QvqVUfW0qUZg2GqgCoqLYlolkZR3tAJSVjosFISZmnZZkWrgDNQoCetDMGThAICOBXZ9p/eo1XU=&I0GHc8=yL08b4gpCbv HTTP/1.1
Host: www.snatchedbyvee.com
Connection: close



]Ñév]Ñév”Z
çEÙÌ£À¨ð9¸¨ƒñÀÏPPé‹GET /c77/?T8n=QvqVUfW0qUZg2GqgCoqLYlolkZR3tAJSVjosFISZmnZZkWrgDNQoCetDMGThAICOBXZ9p/eo1XU=&I0GHc8=yL08b4gpCbv HTTP/1.1
Host: www.snatchedbyvee.com
Connection: close

4]Ñé¼
n	+*È

À¨ð9?ú#ÊÀÐPü]Ñé¼]Ñé¼
n	
àEÒ¥€À¨ð9?ú#ÊÀÐPPžGET /c77/?T8n=euaRkXwWBm+Uck2plnyrSfzC84zqz/A3iqWBImWoHJBJQQvJsaCwg2bh6UGAVwonXSLzC4H2Rc0=&I0GHc8=yL08b4gpCbv HTTP/1.1
Host: www.bantov.com
Connection: close

4]Ñé¿¢+*Ì

À¨ð9?ú#ÊÀÑPÞ]Ñé¿]Ñé¿¢
ÂE´ žÀ¨ð9?ú#ÊÀÑPP,íPOST /c77/ HTTP/1.1
Host: www.bantov.com
Connection: close
Content-Length: 2173
Cache-Control: no-cache
Origin: http://www.bantov.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.bantov.com/c77/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

T8n=WMWr6wtBEQ~cIBeK4gnrKpTt3pb55a81ydmTJGKyNpZVfSjjppuQ7H26lTObTRo_Rh(MPuTyMKfDZ2SfKpVAgcUSg7(ppAnMncDibpGRdtp_oWqRAkesMyFw8V(uWMRps0(5(croMtVQOF5krq~4ysCuxtak27jIF6BUEsMooBsf(vxocffIV66beqDe29MqdaFeP9wuPmRlBCyhidDpQKvhdRIS5l7R7eh2cJLsbhBoohRp1naYi3zwf5JqfcnUB7Cg2-KmOB7BD91ntTS3wZN9w-Gs4rue8nHQcHev74GxyZi5jXd1CjPXk68o2iWf57sb~S4ak1CXl7Uhhpa7oWfABxzPUAw4KBY57ei8qvLKR3iJwdRi5OFVuJtyBUe2G84CNLj8PzxiLUBwpuUV2MfBzJ~vGziJrlPLHTN_fkXCB48TYlZ3et1QJd0JBAfUnyKeqJLFW_TtUOQMtDZ4u3GX~FMB0NHIifbQWXeq43R3NFgOHFLnRUpR4F6b3iM_VkI_Xp9n7pCpnG~P1DoBvuCiBSFqbohAz4PVuEF9bcWUZHqKplNqHwbr9cla79oLFap-CR3nVB9-tXVFQcHpmEGu(aYcL7yhZpRe6W24IVWgSxeQh3tLvKV7DLC40D43DoHmUywwFmDczHluP-qfNHgfRfcKXKmr7GGi28j6aG4G(zgTELEa5aZ10W6nQ43TGpwDkvqnEi8fMUFskmQqzmkv2tga~AUYVpmZehRKl2HwPI3J~2PqCfYqLI1Hgy7ORkj8v9yUuSfVospNJs3ABckKCnMUnfJy4YwsJ1vW1f2M4ibpldIyWfCIH-CZDzSTW6f1BJKCNhCaXcccmpA2OQMv1dDsSdLGFjAbE5KAYDi_8pzCImAHXA5DGbwqCA91B3zH0SGfMOPLtN(9fB3luh7UfzsUMtZf5Bm_XqZNQyNyc53fJTo7HckoXC79Ln0_yllKry26N2IMfZMZ2Quf~VMBHqSbnAczDaX43SI-cV4Xv92XvLCwQwerRXp-S-lHX9UUY0bVÊ]Ñé¿]Ñé¿¢
®E ¡²À¨ð9?ú#ÊÀÑPP®õWPIP4WivjbYq3cefJDC2EU1p0_9cVDqlFwTUaDoydo~7S2drg4XTTmIfrb5nUlCZ(DJm(vMJFJ8t1pc-nSXtNGdc1yx7UDyvxrhWlfUZwT9OzCEzbijrBT7D3xDiQzOzxxeacI(pv7AM5dasOHdR8kZUula3bxrMPPha32dFBcdmE4vJFd06NnpWd-R6KUAQempVx66TzUDQjD8Y0XjOcrVtroHuy7yCjZgStRl5IGF266A4tdZ87mzRp600gVe1xjMKl2RhEkFmqjBUyuhAaMyUygOOvDflfhcJLMOZHJhRHmODXCZFm_A1CjRUfWaKnwXlJAJFKd7Y75Lgm-aESDaOLfLO009rp2K-Mh8_j2oAVzuhKP6fJmzQGa~Ff4wW2nhtdNpwIuvaDZ4Mma~jIq~DiEj6bpmVQDEvDHRsv9Y4(humgE0LbYApe2YXu-KobReI2BoKCH(RsCpxt8oQ7xPsYL(-knUn1rEeRCqPUlBs8eTWGM6odgVKwTwoQ2G8lMAAUwzwfpuzaNf-AtDY~5rsvwfsEKBPDz~sBwvdpwMJoqshSoKDrG27MKay8xkSgBgzcmPy4wShAoNir487N2xhs5o0WpJDGa0hGRJ18ZoRhSONW2LKq09OOUesRHh5s8kjtxohxE04FIkJEE~LTCzJ57dyEmRpJL7yo_GcZypKcvxRvt29IRImddMo8H48ogh3tiPuz8eQBte7TGs5Vru4algt90qauNrnAtJ6BVrcgQuoULNaQ1roduUWiw1UbkmSwctjj3MxNbteYLtz~dk6smGIgm(pLxSUxhGVBXELoVf44kNraQnjo0XXmej15beBOgtTbB01TtDqmswHbsghngcn0YlxRKdeJgBIKRdQoB0lMYR7(Docs05Qz2TNshaNWeeWCMTqvtXiqD9MVerUVn57sDg92cDammabeV4HLKUP0DXQQzTa26XqRyy8wHoC313ttvFPcu8jZxaasxegMmTxBj9-Okd9Wc7jQrymQdfZfRoj3LUzx-(iRVdzJg82k_o_B2wK1MWQ9Um6Rx(ZzYWJHNteC8TEJqL-Fpj3YH(fmMSZ51WQdxKBqCrvKDID68OFYaPYq3rpSCsm3mZdzbrumr6dyn5Dxtdrdk8XYDQ.4]Ñé¿Ñ+*Ì

À¨ð9?ú#ÊÀÒPÞ]Ñé¿]Ñé¿Ñ
ÂE´ žÀ¨ð9?ú#ÊÀÒPPÿÛjkiyKONMe9njE45RAK94Qx0I1T8zPAnG4PtG9RnsgpOWMUsTUzwt_H3mFfuOwygyCjY5PgluksiWDbCvbB0mMwnndIQtAJnJFpo08LRqvg6YvN2o05svnK_~OuHZQoepTcCYlBEgQdgAheAw7jknYKgFwZ7(7TFf7WLwlHDMIEIHyPpNyS3inlQ~J8lriGBvoUh5o352-(PpCMMsGCgurwalNOrgP~R8CPwtLmsYcyIYTVMfp0fff9rNQw0zskKj77rAxVfLMO19POJdd5HcIxuHUj9(Ai85yoC5B4p0fhUGhPNl8NDHxIpZkwHGxNT98RdUcBu5HN4v26dVMEs3GIsiqbwDUOI8CJOQKxzG8MQJSaKirSLXad8NoyMJ1VKamTXzgjRlg~ejd(4wIzFlt2NTTAdUX~aslftEbkjBeNZQjOHdhm2Cso7LumDq2BiUbvj6gp81CnYRaVqzv20hcLSmKaqKL2kw12aaKp1p-IVqVOp9HJaR0cPiiXhz1(5k4cdxCpFNMvkRXQB(97kObjfXsUtjc7Ho1LAYBeCp1hZHT(rQ1z_XY4L3v06Ir5TMByPpX(ZV5S43-3LNlFPG2JjYcCUZjXF~xxj72aoG6mUMzC_PsFlB498XhISpXu9KnaMGN~g8iJ-lyiqFJhrM0bEtr91rKeIWC9CpomVvk9XNd5_w88QJPDWEDNC5r4_IUsdzbPBaiSpLG1WF-3-KpVxkX(zmMS9mTs-BUC7U3fRmODhBiosoBfT7ANE0i(5lArVbQ~Utq~0kGIg3Hosrsj1GdCHfCE0sxXfC4jAZTgrhdkpG6OQc3faU_ATo3VP~56aacdN0EcvTHanjESstMhSFIrGV8aNFAccTtmcushcbZoVRFvk91FnR3xABozHhfeMEBOK8TZekUO0v_p5boxugbfC4K85Nmw9j58UXiX7Ic2gaRSjG7fhnj3IHAAwaD4HekTDFMjsdcdMLKDOaIBsEYQDhjYmRCmGQKSJw-qX7Hj3Tjzr6gn1gCi17qCJJqwu9CwCyuIt3EgVuwwXbIX62ajkD75WfaeAqu74(j6cDu~hAufCQdHFsVx3ko5lpQ6qDZYW0PZx3UT4S9wzreqghOJ3uRqeKxoj6xfjIq~gNQ4oSU0IUjO-6eOX78YRjQPRfEJEq4jhIoI9eoLMHuSRooR9OUsy0ecyjKWnqCV53gPQNPlB04q5FEVgkTVVjNT4Xz4HDzJ1vc(Yg7QE25Y-3umqAjpFxAE4n84JoHHZ8oRzrAqDEIoe8voLFaPW3DoaGhngAG85INFni15c~xWm0QX-CmZ-ESyBnKU9jiLUU4XltCSfb5B6M7OiQcwJHXb28WhvIWKzqgdE(b88qgm1bqe5f8IRfGqluejHtMXJ5FvhZkXmMGzd8-XkkMxLtCAnUwepwNqLcÞ]Ñé¿]Ñé¿Ñ
ÂE´ žÀ¨ð9?ú#ÊÀÒPPˆïYhS5SHBqN0GrEN8z8QVBuWsr-jph-6_lWyvDHRV86BwETTp52btsPZLRAbvzhrWZthpWQ6mf_q_WDpUEc9WIwyOrBfIC_m-ZpQ4f1j916UKEk8o41LdUdfZvdkRrmCczix4I47sfUR9lIMkcuzYmYVZjIw1W3nGZYdrx9pjhD6e8N07(G7R90(a017NXDaMvmVVhZBWfvn8rPJoTTyxws~CaHFPU3Oy0ydUwBp-f_5UukfK9IA_9nGMWOHPbgoxWWCPYDpnsIt7URJ-Dn~k0_bE3KpoEHBwjS3a7MXC0GVIdk9oObiMZdOAUJKJ9fAGhXRtxfltRCikFaUGmgYe(WVFQrq4DDkveG9cxClT0CF2b6X4xbh3lrYwdrbSat7ekskxMBPkif3srPsLaSvHS_O1hWpaQ16P(vuTrmnbqWi0UcvKhb4dg-~sT7gsJaNbv0mFDUGRCcsMrdc9sgAmXnKCEQYnmw8o6h7dyhI0iL2ye_JllBvel9bX67No1NYwwTNuhM(PgTeaPuJzz4xiv_fAtAzy1v8HRih7uRxuEBmkeGCJgqHdkIaiMqgcjBu7HsHSpO8YxtJ8OO5XLLbbrG9SYqI7U-rP136GzxOl8AhFP1Nb4yDrZ_(THAmg7d~7UMXN0vi13APjh0GJxMd3fZZgoZhuUMhT8gVnh0J8qq1YhxiOhe3ntFj9jrFztZZgo9B2NTCayhm6rAGLFDNiJ2gfToC8SihRcApaIHVaXqZTc9En9jIpOKqNtNcWlzTzzsgRTeLFw8D-yQuQlfGaZCommeUzukz-0GrQ6KktYNaS5yEpsDFA9yIKlIMvdBezV28UjEJANhtjiv1Ji_GEMpFpulkKSNHFe4gmLFNbs9nianLngA4A1Xr6GcFwp6zYbuY300A6n10UX02zzdcGq7qZDWR-w6KNvEact0YAB-l04mH5H8bwgf~hpXvgRTQ7GRjquioNHb7qgCVizlUHHizEoTi4zfnFEAlBurtJUV0wIeYH5kTNju62eeXBiKQiPbuWs3MTXHQaETYdbT2S2o7J7g9C3vQ2YyRoQnXJT-KaqmCVRdS3215V5GoTMjAATFuP4fRTgLL4dr3dxlRidY2-W1g_HICBvqdPK4qsTSv3vN7nyAmG1wh68v20G5YozH0c7gxWZvMb0XjvbMdKve0Qq04_XLLK5l2fU4ya0h~UKooOR5EM(hJW(6tmE5zeJVM1wnzpG2gLD1QlkZVlbhypVoAk~AEt17APS2Ikx0u5hUkgo6MnBxuYkYCDITcAqbQBF_x_USSRXAclTpi1IxqUQxp-dcgv76t8TXhVaztoT7v6tuUKbaMZ(PD9Rb5zgcc1XtSWXiQ9Eai7eSN9VHpCw61Avd3PowI9UUWu0SSJD7DUnQcWpbBNoVPlJeBr3Swzm0X9SkeOoÞ]Ñé¿]Ñé¿Ñ
ÂE´ žÀ¨ð9?ú#ÊÀÒPPÜ<WtQVIxZBExbU2iWSr2BRCObrVeASqyW9MVJV8NbI0YRlvh3538bKdewvStE~pICe9mj5Z1lBXjFF84krAKyNuZXthaWrTQ5kL051SqaH_18yYjrfPPX0AsPf7Oo4MDK7XmKAD~4(Pv_(fuPo154hYsBu6IuwojNYpNNir2y8qqHzLYWPlkbI3vp87KNLTWaeMb1lONxI_Iys0khMPyuJRaiSbgE~zEIwhFJW82mLr6i~bgWkVRufSxxqar_CU7JBMpz(zipOyOKGMsib1GTFA(odrSzqHAq3UvpCGhrzk7LRWVmLEWDAUMd82gn3bPwhkG5Vq6sfZwHA2hcgQiG1ZRgLYGRDZEBHgAW0E2k6xIpCP0kK4UOvi~fOrrse2SVR5(iqwOsf9CChUHtoxxcipAxPTKvU6Jpdgc0AsTnShLrvdBWegvpLIk9V_H859VCZggZO6H54QCaNzWi3AC02kkyKEjWz-DVpfFNS8o0ldR8bdMWF9ZQie4Gir184mGVQcEts2CQ34GD9azx5U8Dt-EbEapgufp-(3tJGizV6EuuguG7zr3iO0j6IqBSVkxWwnIXgBS1iBPdxrX-6GKZl2xuF6S2DUof~tEjoq22sJHbX1uSeorLzQ5DrUYxlqhYsg03Ep2JXQDwWnywxvY3p2WyXKuG0s9T4MDBkfvdmfTcV-YeDqDwFuz9uo7VKAL0VsjkYYE-WjGGj80qnEhlHJ9nVT4TSgGAFtBziGSAZ3Q7Fs8VcIfM(1G6LP~pl0YqZqiRIpS2kFxntJf7mw1cMlGQ83ELhjUNErsJcTjiNjBCPXdrsSP4DF0RrywZxkifQqFoTPdoM02FeWs-bEqSzPSTLZJm83o8CWDuGs3IDMSpYHYwtJWbQYSDX3S-V6eOjh0PGd3tXv4DJiVOJQT6r2i9eA6FeUmTx6Ff5u6zgK4g4A4Cyx0qM7DzXhVQNryu9YCcgx81N8uALWFImItrj6yuhOwRd4OOnAwUFLLBkXxjShcBMkAzQMSaUP1gP7I7K1L49FRDKtLT6oOZOj5UWqpdNe08TlymP_iYGDOGmiTpkTgJkDAXtZMQTuyInoH6Ak8SMj0vl5JDto(WDWrX(8efZ-A5xdazKJDyaPiWI_hfxxv7aC2pn5J2nXrnLn4p8dQUakpRSqjSwmDWf8TBams2YL6Jmc0wM28Ru56Q2kWyHGPE(6hbnQ4A0kGPNb55EPprHKSRSsPJ05(qQ7XVMfilVedOpNFD(Y5zLVda6nwzO47Jp-viKcq4EyThdfst3dM8TvMiqCCgWr8N4lag~w0lM1V5fRhylp2AYYlnYKV30G3DpI62048GHbEuni8skBEzREgkXIQxd58HIqkKCBLE9srL6C596doGWxaGgkZJkjcX(CsBV0lQa0L4Hdt5eZWfbiAohARiEÞ]Ñé¿]Ñé¿Ñ
ÂE´ žÀ¨ð9?ú#ÊÀÒPPªÒEfTZH23zNQPZfj9E2jODo2uPQ4RWr4aQvXzi-RLbpJ57MahsiAa9d(gKmKLbha5Q4On1Fr3oT6vWDaNq4wqJAqqrzvH5wAh0uL7k8K33_nO4jaIobdRFYYx~4kXMJfLD8Oq6spK3M8-BpjpbH5MUadM8IIqthjbfCVb5EddFX2D1PLqByW4ONkcKzUj(1hF5nHXIYXVGCOL0powy-Mh0NNYeAPx53wij6mXYm8izC1JM0YsrOz13Ypv3mF5Obx9zdFVZ5BPelUzEz7HDHhc3NM8eJA8YlYcp6cjjjaPRSVp2A1458~TpuaVIAzQrrq37jKB2GfEr8cfRzdVa4Q7kg8h(ugERBkFi58TmUlaBI6l0IPH3o7YFnyDDvJjo4bKe3SNuxiMVs5_LBta1zbLtKTLsqVH6Rna41w3erv2FpgzEDENSLwpGeRXR9SymSphD2Y4T0qAUB8CDivZsMcGKbFIh2I9RA~kCmtrqnW-dZNuXoPw3f0fTOYoJGfMv8fKYOTBuA2kQohC2k6-8XwruEjWvyomWudmvMMN74yWb7o66XyN0S4e45YUOutW5vCmWNY42tNmgKctPIZB9RXIyHZPHiYMzfG8sZiPIyioQBrvN7ejQRdtMcCTJSjf9xwqvHr1zK4zxrcq82aKGmUDUYIks1bz2XlCEjVcbJrSNNSy4EqezeqTaU1qmtc6aXYzzzh78wGcIekIuZaue1MJLTJemX(7tmb2(EWyaWfUVNsjXC5b3ficOJO7srhXqCzihJduvVVDaZxlsUXF~DcgwbnYeGYufGGiYof0LgV-KgTM7GCk6FP19WaW0Bb4TW2kt41FoSpJZl3QVjhO~9sYItz04u41(A6pNu~rwjk3hzRMUL5DIw5qPLxm9En7wOJuQzVG~cNqKhau02cJHEauVcdgJn5kpS1Hh1vVQLzO5KS7diT53lWnbyNMyDoxZPClviBBNZ~_(V6YgyAftJGsfZnA6-eov9OFWrKjLuOcZ_e4da2mHaCOrJJt(AUYLV4ub_gJdHonulfJ~Fu4lxuV4vdvihtORCv00Hgr(f1ZOjY_L3UwrGDFKUDdav4rBBdjtwBarMGBSvxskdOSBoNnd7vWpJFxMLjkZAQ3JtHO27JgiHsA60knGzzhpFS4nbnmrG(uofOg8mcsW5T_u5I5aCqMoRnykKjVJ2XsKqdp(wF0C6IQS3OA2vDBNZvYGDN2r6qq1k4ad9IXhuscnpaNkU8rpPak7qqeVpcjyYC2yiFKw4a2rXiWtBs51HTmI3wp8AimGq0iXQSnAaUnwX~9qZa3ZsvNowiDYp67~jyfhCr1wzMijm2CRIcFnzyMCGQ6yc6qxK9rPmGIow~ILtlfr3ur43WPssYOKFP3Jb4NAAd2m2jtQRL21bs5k_5KasuyqRi1b2PGiNA8JÞ]Ñé¿]Ñé¿Ñ
ÂE´ žÀ¨ð9?ú#ÊÀÒPPi¨TJx0iw-1nY2uUDyrjJnVSW7vyMJ2pAiPuPk29LU~K3kKA0OLwHyVIijT2YJ3XaycxYb3eWMqQ626qcchE(i7YnfIgmXn0i4(z1vBTLAuE5KoMDY(QHOAEU5rMOimUPcfJ1EFewLbUHn1ixuuBu-hQTK9suDrwM5m5W0rgwq776QDhxNTm0I0IQEmlO8kZTTTSF0N2WvWT(Is01gHJLrofnsAM8PpOxdj8sYi80UGx0fbVE9NGEWIBbmCcbv0p9KRQg6OlyiTRVf84oMZzkaI_xfI_8yBI5iOq8HvoCptlqJt4Zs(CEXs_OipNcOMyZv1OZXmmZINlBO3KyEGhmFY45L8o2IlgLHKxJcTaixb1riQ_LO(k89(e83oVXhXmUW8F6DKspk6VPmwGmlzSRcY8El4fKx0gW0zLVjdqVqvJGpTkO36GBXB1J2dfGsJJ0chke_QX~-zJEWGRKisms9dgsCXRUaWDQdv7JxjSR6IDgeVmBIQ3DpTjLGIpuH3CO7y5lab-LlloPNM7hT3bRNw6XxoKDon5PxRdJTbxNVV98wCZ0V1FywiXJXxwwInRm5kseyX27OxUtCnmb6qKvq9ZgIjFEB21TNDDHEtxx5zWMrkNNohJ1q0RWWPhXrlj2jUJl1ACSKslR1m49QPCe1zf3BX-WYX7psWWT_y2HUJCguc5tQq4plIAf3kNEcxE3X2d4PHv~ZTi3SEIkwm-zni_TtJs69Yd7-GBVWQ_52Cm61RqiJ2Ut9dSefKDnfSH0sdCUwbBCJAdkaK5RLQa3vWPU7pAtqJn3E1jokgWbMr42ONOk8MSKljdl1PDFZbfoandINll4YlzVRS-vDjz9t990LLXUhp81MDJpkGc(PKTKWroLn1TLuKd0LZMjJHye4E6NunonRoz(PD2TEOjhvRazsDA4h3kZCjb5bQTlEeuIv90~96-wVqTBZJysiQCZU88tty-SK0RNOucLVgRzWfuI5zT7pD7YZaoBe~CA03mUbW4iqhNvNMri8fynZu0mO5NgpzCY8PKplWtUv20gvxFlf3rwzwsc3kx~9iTOj5T08vVfRxkIfL1lQvV6FIc7DDydgYvdr5p5CCGt7ocp31C~MIvXzl2fQS3xaxBGezZvw(7zKbdinjPFq2yzZNOGTdSxv6kTHizyk7Fl76kZf5KjAtpqRzQlzfa9OVj(oMg2J8Pg3uULBQJ3lzUpj~BENNcY1t-8PhTCj4F1HnMyRgjCZ(agPG-JO1fHaPNl0JNA7DAtiJXrm01yTlEzrjIiVG1vZ0ZJky4YvEHML~DHw5iHY04biT5(j5Z(YtWpJKJIzhvTLhAjSeh(LvMsCxeJv21fO6WYx4mu4z8a37WrhizsiqQiehnN8GjfXZdFu~UHGIpvTTF~jgGNPt71tIOZyjkdZ11qdOPe2GÞ]Ñé¿]Ñé¿Ñ
ÂE´ žÀ¨ð9?ú#ÊÀÒPPa>omslgw8IoYa5hbCjqhuJk4JV128bSd-j6rpm-Fbi8g_SVsAoTItGqSKWtmma2VYgK1cDFdkrN8-0ZYvCnkxQ2JkkyJsO_CBLhF8LubRhScRe0Hb4NYxAqD2zswBi_M6VTlWUcVQmKkwodP-X8m4EpBT~MfoTFOdoCtsnVKgDhdBe90LUTdjLyrEcGN-(hlNlbL7dcemkUhBFcb9zBzV1NX2V60YWX8hi0i3BtTTXginmVWGZpBeADMGIUOB7UpoqdAX5pa0cqfZFMtdJag3k9gigmG3P5Ri8s1ViUKExM5_~3ezA14R0845bCfD3hRvGNgEepy4(Q5thvRKN6r88tX4Od4wZ80K7WqRSWCD6GSabb7qczAynhEq9c9F48RkFR(avlzih8~M6hsXWGSj7ygxzY2dozdaZQudtP0qWhBmYIgRyrLO3kOwI5F5dMkbZmeLw2~GyQpPsBKVNvu20FZTIBsyHL995cZ7HRqmjGTCOGEXpzaamyZvTuiWwWKfbfKCatJtIFSS6-M522tMLj0GGP8HXY(6r2ZDYQ9dvL7WXqGVvKIGmrnCNOWIUDl8tNXoGmjRroO8f5r_oqmV(-UxaYbKBplVnBM1uW0JETpfCWaiJxSPeOhSToe84TiTtBofscsQmxeVx3GbV6ttazpuuw1STt99TKlwPrIwK8x4UUE9N6oT7iSlAoNHYKH-rT3eUsZM85VxGnPQPzmbk-o6uQiso1~Jo2k5ia249tP9vZVY698TwaBVPBJ8i9WbojmAUboqIhfqm_nrMu7dNx8a(W8xYekU0G5Yi0sOk2~zjBQC6z96saO41KGZloHVqDTKh-Ys7AG7eu(tNWDjh4ROZhbx0s7G8VFeRH1Y5O2_Nos_R-y6ExpyZapjbPBRTStMi6Yjk2lhTMPo9MDVFSH3RAL9q_K7DVvVwg9mRHdPMBXo~V9OfhgA7Ju-MTv18E75LDCHe9~YMcqLGjlbhK5S24ZG47GK1wPJtkCfKeLlfOt6veCw2eCJbwZ2RCZOuE1eQtbATWnaGWoIQ6o4ApnrhRgWqEBGrdc0q284WjW8rFJ9(8ZOYhg80GZYABfSZiDZOkexztZ3gHQBhIsRXMuvLpiLOHw3WdY-lwaO8tKNwC6N4m0Y0ztN8a2n5xkS(uG7FpRDHyt8Auw84teqQlGKUXwSwaktz7VfyHFNrANPjgsdEDgNk7KArtCVJQEY4KWr9B(kLHhSwbNIVF2pBXDZH0xicw19VEa7(BObQInMdUTXntNpjquRR-6wSMxxW60bQSmfMZaEuCl7IfX8N0y3o52kpzRZfRV3p55qY2mabEQH4ohyKQiL6kvUxP9wFFXuZVI4aNpuXZRa2wj48wd2PmkWXm99oMpGTADEslYrAuLOC9qTWtki(3Haj_tnC38BV_f5IKbGOÞ]Ñé¿]Ñé¿Ñ
ÂE´ žÀ¨ð9?ú#ÊÀÒPPÒgUG9VaHwM5IewmWfKQMqx0rdS0FQ92w5M2d~q7-VulU16Z8tjWwgUXL18BIaLcX7_wP(PMEFc3ADOhrV3oSVzNDjfR3zafU2RzGUYcCVGHFoFZRxwtQqkRwGgQtJm4r7KuO4GgAJujrAwnzHBX5K-9GmCfprCIDppYm1cMQYjyb7s1504DUytzPqfGrSAXvHzR91qahqqj0VIDMh9AEJinyFpqANRGHay50nHHKZ2xH5536LUADv1nAAEGKnZUcV5RbOQiilzkFe_ccnd65CcW12ud0rFoiyYirkcYMphWsbqf9tGY-C4cD72TVk4zkN87OoJwKNyLk8Luy8ev3n5wtFhCMjmQLprLwaPg5mVq1w1K6DUxHpL98isot0fR_uLGs2bzvABxAnHiNqgSdl5ptmsBX8rnkxOTuxY13kPfSrTMvInvKc2azgyE2~fAxlurK236Sk0duWWLgtedgPnTYgOb322AxJMeC52RbWD39yqknTxABDBmx~XVU~wFPA8xIWNmoPRDpOpzyuPFxwAVIJkpNNXFeYInhwzswOaqI4GPIVnUmROl_BHQxDRiHi-63soy6r2w7BmBVhe04a91MdAqlC94m29AYao9yNMlmYKdhDKINqmgWA5Ytcldkw_1JuMaa5mFH5xziFLuataBy9sYFXo3s4_yfj5iKuOVAyx8PfaECHKvi17mnRuOldbOrg6oefIMsv2VYODwHe4v9k-pInf9baDJnuNpQh3GQZOVGaQzjW7AyRgtVUFXKqFLor4hcmvkauPWaCVbJLssp3yNXHGqV7VhNKgYYcOMoyuYpFIjVjj~GpFrs5yWDtogptQp3a132Pso6WLlbDdgSFUA-5iHyJXD15uauhjOLIMCFgonhQf89EfTumJArE9HHYhqWcdUyGU9cIzwfV6tKe2WWS-fBgcJt8v5_zuJIdRXvb4nCRuayiwHI7RVe(_NmjPV5MbXx9G8Mu2bzh-cnVOyLtsPS5OvZuA(sE6ucot1XwdLVq4FgY9LDQit8gVQS0tLZcZva77io3wzo~l07H_tp3kkE2Ggc4RboEwPbh8uduyWGTLd5s95hcK1O428D~WTO1MdIN_f5BBaAeJrZVWqBXieiX-v60pINyKHLxZLnkB0-cW8Zi_IY2I3tmx1s35663rXebWGqXYNMr58f8nHFmW681yOKtWCTnOvZCqcJ92u5YKp5FsXXROymAfPPsKMiIpufUZz7ig1ET4kcHbbRUUAeedbzWFV2vs7eq3jUT7GgMzXVKjoG6MXNk5Pty5evlgMxdH6EfkwMOuOiP4Ef8XdpjA8oQtNJm55N9wfXSaaybDz0EkicabI1994z1ZOUdSWjyFG_R5L611xevcrAh2tn54xmCnNoVoV5iVX5pEHg5Nlkqk8nwitpM6a3NNylp8X7n4]ÑéÏ
Íl+*È

À¨ð9Ì80ÀÓP
]ÑéÏ]ÑéÏ
Íl
çEÙÀ¨ð9Ì80ÀÓPPؘGET /c77/?T8n=0nt/ui4yvNnQ/fqyXeUzhk+IDc4jpTJkI6sYnD498zCU5xXPqDS7kQGQthlPDde51Czw7QHkOeA=&I0GHc8=yL08b4gpCbv HTTP/1.1
Host: www.myviralonline.com
Connection: close

4]Ñéâ:1+*È

À¨ð9®"¶ÒÀÖPÿ]Ñéâ]Ñéâ:1
ãEÕ¤LÀ¨ð9®"¶ÒÀÖPPã?GET /c77/?T8n=O4XzalypxE3zaGMxlZvDb3tZKy+urTKbwlPmEbmFHmi5SnVR4Jel5SEe26b/13dvPBGKsMhBY7E=&I0GHc8=yL08b4gpCbv HTTP/1.1
Host: www.tchuifeng.com
Connection: close

4]Ñéä›+*Ì

À¨ð9®"¶ÒÀØP]Ñéä]Ñéä›
êEÜŸEÀ¨ð9®"¶ÒÀØPP,ºmh8XCzq_fz(vLixqfAiS1BtIQinPiiq0C9mhdkUqg_YDu-PcX-5M5N1sS4sqbA1t8jXnrseV1HP-4WHL4EZ_DXroTXECyz2-xcsnmXFrZw~buUrTdGvqDR8WqyKZWgw-VMGlkuEtHNDypXUtzVpdGpKUxFLafOS1GN(pJ3nvgEz-8yGv~-am(CSXxw1kQbAbxzXM7LwHAPJfNa5ZbWfhtlO4UwfOOy4BCrY3VxtZYIHB6Cs10RRVyQFhfjQ1AUOYnoe8uzhs6TqM5OwFv1fwwI1DHo2asjS5md47(QRB6tQJArWnHUkrtFQCk1UcI9qDKIaqk8~QvFibQ01LPlAwk1AUl7fBymE9GYRR5weazWzdLnOahz0LfTOtImfFYa(O513py7xpjbL8yMQ4Li7Cj1sk79kA2RKSEA5aT3KZSEihi_NlMFUrkITihiZeJsG088GYfBprwqvXQ3U1kls9kpVLB36YqM7qJmkrODmTC3FnwX~qbGr99lwOsf~dKMFxpjqrAV8cyUssiEdY~tBiu9RvLb1C4U04jr4rg521GGo534Dhw-U0A8EPCYXa12PSh5PrxeDamV2QX0TNOktthqaPZ2MlWXOECV(IGaUR2d(dmKRXC3~gqtvKca~2NmtFVUS9rbtBNoQdPIGOzT3Gvvnfvrcj7njhd0ty8g5rdcstngCf(4NRs_QH1jDEmRnI5JFl~Bb3zq1pNnlmy4DkSAS01N44glVvsal0KERRnwzRgTdBubyDTAA0T2eAPP5hnIqKuu(PfhUfMUW-fUlQHGFmVsgUVG5CmWxMfxQU~Puoi8obsqCSJdb5gY71lIKuY_2m0zgz1e7ZreuLQ0b8DAJ2XwVoY3c4~KnQh7fi8Dilc97cWEhhD2H2BPVCp5SJY1l55woSJmhuOaRnVQTdA4ubzSUTU_OUu0Yx~Mdvm2xmgpKMyMXb9Nz5J3MMWr0S3VTaQ-DbQfomP7uwEyNMWY0RY9(ezlJtcBek997SuMb8~ZINACLBMXIqoJQleBKeRuSqU0cjSO7bQ7fGuvHB1szSy9hURhbeK16-AwT02ZAhfQO9VhQfhNcMaE2g6bdgI8mLl9BnCm(AJhJdLCGQ~SnZeNvzaVHSXir-1vGc1QfIDUpkN1CuxbIaxEe3OCpDtT6FBqCm6ax_ANYVSJS54ezBdbIlfIJdekC_33(UFijj1_6mbGSDrxmBwPxj~K7lGUFx30(asIWfWsVgiIjN

Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6           499          4906832      243507966     155277994         77.5b   86.47
 IPv4      17            77          3529598      252405914     140789265         10.8b   12.10
 IPv4     256             8         50236316       56940674      53592135        428.7m    0.48
 IPv6       0             8         49874358       56770834      53374939        427.0m    0.48
 IPv6      17             1          4342600        4342600       4342600          4.3m    0.00
 IPv6     256             8         49874358       56770834      53374939        427.0m    0.48
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6           499           116220       21058688        478444        238.7m   72.08
TMM_FLOWWORKER              IPv4      17            77           136630       18998696       1106703         85.2m   25.73
TMM_RECEIVEPCAPFILE         IPv4       6           464             4450          17982          5233          2.4m    0.73
TMM_RECEIVEPCAPFILE         IPv4      17            77             4446          11580          4911        378.2k    0.11
TMM_DECODEPCAPFILE          IPv4       6           464             4566          16760          5007          2.3m    0.70
TMM_DECODEPCAPFILE          IPv4      17            77             4604         260292          9394        723.4k    0.22
TMM_FLOWWORKER              IPv6       0             8            97168         182098        111935        895.5k    0.27
TMM_FLOWWORKER              IPv6      17             1           482520         482520        482520        482.5k    0.15
TMM_RECEIVEPCAPFILE         IPv6      17             1             5016           5016          5016          5.0k    0.00
TMM_DECODEPCAPFILE          IPv6      17             1            22374          22374         22374         22.4k    0.01

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6           464             4782          35884          5496          2.6m  0.91  
flow                    IPv4      17            77             4670          49436          7299        562.0k  0.20  
stream                  IPv4       6           499             4832        1129362         21981         11.0m  3.91  
app-layer               IPv4      17            77             4492          61784         21695          1.7m  0.60  
detect                  IPv4       6           499            77814       20544188        402303        200.7m  71.51 
detect                  IPv4      17            77            99316       14382802        784305         60.4m  21.51 
tcp-prune               IPv4       6           499             4452          22696          5085          2.5m  0.90  
flow                    IPv6      17             1            14202          14202         14202         14.2k  0.01  
app-layer               IPv6      17             1            14212          14212         14212         14.2k  0.01  
detect                  IPv6       0             8            87464         172612        102325        818.6k  0.29  
detect                  IPv6      17             1           435366         435366        435366        435.4k  0.16  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6            36             4658          41008         10068        362.5k  39.72 
tls                     IPv4       6             3             4524           7240          5686         17.1k  1.87  
dns                     IPv4      17            74             4690          24654          7203        533.1k  58.41 
Proto detect            IPv4       6             4             5370           9154          7413         29.7k
Proto detect            IPv4      17            73             5076          45736          9529        695.7k
Proto detect            IPv6      17             1             5198           5198          5198          5.2k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6            10            20620          83336         51735        517.4k  1.90  
LOGGER_UNIFIED2             IPv4       6            10            38410         141586         74752        747.5k  2.75  
LOGGER_JSON_ALERT           IPv4       6            10            42778         131996         79971        799.7k  2.94  
LOGGER_JSON_DNS             IPv4      17            44            34866       17900716        472087         20.8m  76.39 
LOGGER_JSON_HTTP            IPv4       6            24            30054         201652         74046          1.8m  6.54  
LOGGER_JSON_TLS             IPv4       6             2            56634          96992         76813        153.6k  0.56  
LOGGER_JSON_FILE            IPv4       6            20            49336         170776         76419          1.5m  5.62  
LOGGER_JSON_VARS            IPv6     256             8            97168         182098        111935        895.5k  3.29  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6           242             4496         284164         44519        10.8m  18.93 
payload                           IPv4      17            69             6012         114548         32350         2.2m  3.92  
stream                            IPv4       6           242             4446        1280294         69451        16.8m  29.54 
http_uri                          IPv4       6            34             4512          60122         19984       679.5k  1.19  
http_request_line                 IPv4       6            34             6598          26316         11508       391.3k  0.69  
http_client_body                  IPv4       6           101             4494        1490056         65145         6.6m  11.56 
http_header (request)             IPv4       6            18            18008        8308342        525507         9.5m  16.62 
http_header (request trailer)     IPv4       6            17             4516           6084          4706        80.0k  0.14  
http_header_names (request)       IPv4       6            18            10268          46612         21900       394.2k  0.69  
http_accept (request)             IPv4       6            18             5052           8622          5749       103.5k  0.18  
http_referer (request)            IPv4       6            18             4716          10212          6332       114.0k  0.20  
http_content_len (request)        IPv4       6            18             4818           7568          5776       104.0k  0.18  
http_content_type (request)       IPv4       6            18             4738          22494          8863       159.5k  0.28  
http_protocol (request)           IPv4       6            34             4448          19978          7429       252.6k  0.44  
http_start (request)              IPv4       6            18             9658          31706         16193       291.5k  0.51  
http_raw_header (request)         IPv4       6           101             7086          24826          9386       948.0k  1.67  
http_method                       IPv4       6            34             4482          24232          8495       288.8k  0.51  
http_cookie (request)             IPv4       6            18             4764          24714          6423       115.6k  0.20  
http_raw_uri                      IPv4       6            34             4462          29152          7931       269.7k  0.47  
http_user_agent                   IPv4       6            18             4968         459166         41277       743.0k  1.31  
http_host                         IPv4       6            18             6558          14716         11601       208.8k  0.37  
dns_query                         IPv4      17            22             6134          18192         12897       283.7k  0.50  
tls_sni                           IPv4       6             2            13604          14560         14082        28.2k  0.05  
http_response_line                IPv4       6            14             5532          24468         11714       164.0k  0.29  
http_header (response)            IPv4       6            14            14786          77348         52720       738.1k  1.30  
http_header (response trailer)    IPv4       6            14             4508          38124          7121        99.7k  0.18  
http_content_type (response)      IPv4       6            14             7128          14210         10463       146.5k  0.26  
http_raw_header (response)        IPv4       6            55             7138          24216          9715       534.3k  0.94  
http_cookie (response)            IPv4       6            14             4794          10348          5667        79.3k  0.14  
http_stat_code                    IPv4       6            14             4682          22946          7330       102.6k  0.18  
tls_cert_issuer                   IPv4       6             2             9882          10030          9956        19.9k  0.03  
tls_cert_subject                  IPv4       6             2            16734          17778         17256        34.5k  0.06  
tls_cert_serial                   IPv4       6             2             7212           7354          7283        14.6k  0.03  
file_data (http response)         IPv4       6            41             4490        1632380         88381         3.6m  6.37  
Total                             IPv4                  1332                                         42691        56.9m
payload                           IPv6      17             1            35412          35412         35412        35.4k  0.06  
Total                             IPv6                     1                                         35412        35.4k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6            38             6496         114140         51568          2.0m  0.59  
PROF_DETECT_IPONLY          IPv4      17            45             5858         201140         42956          1.9m  0.58  
PROF_DETECT_RULES           IPv4       6           499             4440       10498748        158712         79.2m  23.83 
PROF_DETECT_RULES           IPv4      17            77            13634       14244910        596310         45.9m  13.81 
PROF_DETECT_STATEFUL_START    IPv4       6           162             4720        2393548        154564         25.0m  7.53  
PROF_DETECT_STATEFUL_CONT    IPv4       6           499             4420         568750         16989          8.5m  2.55  
PROF_DETECT_STATEFUL_CONT    IPv4      17            77             4670          50744          9263        713.3k  0.21  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6           409             4468          28912          4868          2.0m  0.60  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17            74             4468           7408          4852        359.1k  0.11  
PROF_DETECT_PREFILTER       IPv4       6           499            13612        9962508        152786         76.2m  22.94 
PROF_DETECT_PREFILTER       IPv4      17            77            13632         153676         76568          5.9m  1.77  
PROF_DETECT_PF_PAYLOAD      IPv4       6           242            23016        1298752        128328         31.1m  9.34  
PROF_DETECT_PF_PAYLOAD      IPv4      17            69            14916         123740         42063          2.9m  0.87  
PROF_DETECT_PF_TX           IPv4       6           409             4520        9410758         80551         32.9m  9.91  
PROF_DETECT_PF_TX           IPv4      17            37             4478          35358         15529        574.6k  0.17  
PROF_DETECT_PF_SORT1        IPv4       6           160             4436          12254          5531        885.0k  0.27  
PROF_DETECT_PF_SORT1        IPv4      17            69             4858           8370          6050        417.5k  0.13  
PROF_DETECT_PF_SORT2        IPv4       6           499             4434          21932          4987          2.5m  0.75  
PROF_DETECT_PF_SORT2        IPv4      17            77             4484          21634          5416        417.1k  0.13  
PROF_DETECT_NONMPMLIST      IPv4       6           499             4438          39772          5126          2.6m  0.77  
PROF_DETECT_NONMPMLIST      IPv4      17            77             4426          18658          5184        399.2k  0.12  
PROF_DETECT_ALERT           IPv4       6           499             4424          30922          4907          2.4m  0.74  
PROF_DETECT_ALERT           IPv4      17            77             4432          22238          5117        394.1k  0.12  
PROF_DETECT_CLEANUP         IPv4       6           499             4476          21972          4977          2.5m  0.75  
PROF_DETECT_CLEANUP         IPv4      17            77             4440          21722          5414        416.9k  0.13  
PROF_DETECT_GETSGH          IPv4       6           499             4430          27802          5358          2.7m  0.80  
PROF_DETECT_GETSGH          IPv4      17            77             4436          28374          8218        632.8k  0.19  
PROF_DETECT_IPONLY          IPv6       0             8             5254          89664         17848        142.8k  0.04  
PROF_DETECT_IPONLY          IPv6      17             1            30462          30462         30462         30.5k  0.01  
PROF_DETECT_RULES           IPv6       0             8             4450           4596          4482         35.9k  0.01  
PROF_DETECT_RULES           IPv6      17             1           222804         222804        222804        222.8k  0.07  
PROF_DETECT_STATEFUL_CONT    IPv6       0             8             4452           4732          4605         36.8k  0.01  
PROF_DETECT_STATEFUL_CONT    IPv6      17             1             4412           4412          4412          4.4k  0.00  
PROF_DETECT_PREFILTER       IPv6       0             8            13842          16350         14346        114.8k  0.03  
PROF_DETECT_PREFILTER       IPv6      17             1            75518          75518         75518         75.5k  0.02  
PROF_DETECT_PF_PAYLOAD      IPv6      17             1            44514          44514         44514         44.5k  0.01  
PROF_DETECT_PF_SORT1        IPv6      17             1             6720           6720          6720          6.7k  0.00  
PROF_DETECT_PF_SORT2        IPv6       0             8             4450           5020          4598         36.8k  0.01  
PROF_DETECT_PF_SORT2        IPv6      17             1             6080           6080          6080          6.1k  0.00  
PROF_DETECT_NONMPMLIST      IPv6       0    

------------------------------------------------------------------------------------
Date: 11/18/2019 -- 09:20:24 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 548
decoder.bytes                              | Total                     | 379886
decoder.ipv4                               | Total                     | 541
decoder.ipv6                               | Total                     | 9
decoder.ethernet                           | Total                     | 548
decoder.tcp                                | Total                     | 464
decoder.udp                                | Total                     | 78
decoder.teredo                             | Total                     | 8
decoder.avg_pkt_size                       | Total                     | 693
decoder.max_pkt_size                       | Total                     | 1514
flow.tcp                                   | Total                     | 19
flow.udp                                   | Total                     | 24
tcp.sessions                               | Total                     | 19
tcp.syn                                    | Total                     | 22
tcp.synack                                 | Total                     | 19
tcp.rst                                    | Total                     | 7
tcp.overlap                                | Total                     | 4
detect.alert                               | Total                     | 10
detect.mpm_list                            | Total                     | 5
detect.nonmpm_list                         | Total                     | 2
detect.fnonmpm_list                        | Total                     | 1
detect.match_list                          | Total                     | 6
app_layer.flow.http                        | Total                     | 13
app_layer.tx.http                          | Total                     | 27
app_layer.flow.tls                         | Total                     | 2
app_layer.flow.dns_udp                     | Total                     | 22
app_layer.tx.dns_udp                       | Total                     | 22
app_layer.flow.failed_udp                  | Total                     | 2
flow_mgr.new_pruned                        | Total                     | 2
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 33
flow_mgr.flows_notimeout                   | Total                     | 32
flow_mgr.flows_timeout                     | Total                     | 1
flow_mgr.flows_timeout_inuse               | Total                     | 1
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65503
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7086112

11/18/2019-00:44:38.365658  [**] [1:2829000:5] ETPRO TROJAN FormBook CnC Checkin (GET) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.240.57:49359 -> 184.168.131.241:80
11/18/2019-00:45:48.683529  [**] [1:2829000:5] ETPRO TROJAN FormBook CnC Checkin (GET) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.240.57:49360 -> 63.250.35.202:80
11/18/2019-00:45:51.041483  [**] [1:2829004:4] ETPRO TROJAN FormBook CnC Checkin (POST) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.240.57:49361 -> 63.250.35.202:80
11/18/2019-00:45:51.577804  [**] [1:2829004:4] ETPRO TROJAN FormBook CnC Checkin (POST) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.240.57:49362 -> 63.250.35.202:80
11/18/2019-00:46:07.118124  [**] [1:2829000:5] ETPRO TROJAN FormBook CnC Checkin (GET) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.240.57:49363 -> 204.11.56.48:80
11/18/2019-00:46:26.014897  [**] [1:2829000:5] ETPRO TROJAN FormBook CnC Checkin (GET) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.240.57:49366 -> 174.34.182.210:80
11/18/2019-00:46:28.000923  [**] [1:2829004:4] ETPRO TROJAN FormBook CnC Checkin (POST) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.240.57:49368 -> 174.34.182.210:80
11/18/2019-00:47:02.992024  [**] [1:2829004:4] ETPRO TROJAN FormBook CnC Checkin (POST) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.240.57:49364 -> 204.11.56.48:80
11/18/2019-00:47:02.992024  [**] [1:2829004:4] ETPRO TROJAN FormBook CnC Checkin (POST) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.240.57:49365 -> 204.11.56.48:80
11/18/2019-00:47:02.992024  [**] [1:2829004:4] ETPRO TROJAN FormBook CnC Checkin (POST) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.240.57:49367 -> 174.34.182.210:80

{"timestamp":"2019-11-18T00:44:35.303163+0000","flow_id":50839149584443,"pcap_cnt":7,"event_type":"dns","src_ip":"192.168.240.57","src_port":57547,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":63149,"rrname":"www.snatchedbyvee.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-11-18T00:44:35.321596+0000","flow_id":50839149584443,"pcap_cnt":8,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.57","dest_port":57547,"proto":"UDP","dns":{"type":"answer","id":63149,"rcode":"NOERROR","rrname":"www.snatchedbyvee.com","rrtype":"CNAME","ttl":3599,"rdata":"snatchedbyvee.com"}}
{"timestamp":"2019-11-18T00:44:35.321596+0000","flow_id":50839149584443,"pcap_cnt":8,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.57","dest_port":57547,"proto":"UDP","dns":{"type":"answer","id":63149,"rcode":"NOERROR","rrname":"snatchedbyvee.com","rrtype":"A","ttl":599,"rdata":"184.168.131.241"}}
{"timestamp":"2019-11-18T00:44:38.365658+0000","flow_id":2140808890754998,"pcap_cnt":19,"event_type":"alert","src_ip":"192.168.240.57","src_port":49359,"dest_ip":"184.168.131.241","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2829000,"rev":5,"signature":"ETPRO TROJAN FormBook CnC Checkin (GET)","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2019-11-18T00:44:38.365658+0000","flow_id":2140808890754998,"pcap_cnt":19,"event_type":"http","src_ip":"192.168.240.57","src_port":49359,"dest_ip":"184.168.131.241","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.snatchedbyvee.com","url":"\/c77\/?T8n=QvqVUfW0qUZg2GqgCoqLYlolkZR3tAJSVjosFISZmnZZkWrgDNQoCetDMGThAICOBXZ9p\/eo1XU=&I0GHc8=yL08b4gpCbv","http_content_type":"text\/html"}}
{"timestamp":"2019-11-18T00:44:38.381441+0000","flow_id":2140808890754998,"pcap_cnt":21,"event_type":"http","src_ip":"192.168.240.57","src_port":49359,"dest_ip":"184.168.131.241","dest_port":80,"proto":"TCP","tx_id":1,"http":{}}
{"timestamp":"2019-11-18T00:44:38.381441+0000","flow_id":2140808890754998,"pcap_cnt":21,"event_type":"fileinfo","src_ip":"184.168.131.241","src_port":80,"dest_ip":"192.168.240.57","dest_port":49359,"proto":"TCP","http":{"hostname":"www.snatchedbyvee.com","url":"\/c77\/?T8n=QvqVUfW0qUZg2GqgCoqLYlolkZR3tAJSVjosFISZmnZZkWrgDNQoCetDMGThAICOBXZ9p\/eo1XU=&I0GHc8=yL08b4gpCbv","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":556},"app_proto":"http","fileinfo":{"filename":"\/c77\/","gaps":false,"state":"CLOSED","stored":false,"size":546,"tx_id":0}}
{"timestamp":"2019-11-18T00:45:01.613125+0000","flow_id":608978741320453,"pcap_cnt":22,"event_type":"dns","src_ip":"192.168.240.57","src_port":53298,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":17055,"rrname":"www.eatwellthailand.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-11-18T00:45:01.745460+0000","flow_id":608978741320453,"pcap_cnt":26,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.57","dest_port":53298,"proto":"UDP","dns":{"type":"answer","id":17055,"rcode":"SERVFAIL","rrname":"www.eatwellthailand.com"}}
{"timestamp":"2019-11-18T00:45:08.332432+0000","flow_id":1852831335453328,"pcap_cnt":31,"event_type":"dns","src_ip":"192.168.240.57","src_port":65167,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":26967,"rrname":"www.eatwellthailand.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-11-18T00:45:08.148489+0000","flow_id":1852831335453328,"pcap_cnt":36,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.57","dest_port":65167,"proto":"UDP","dns":{"type":"answer","id":26967,"rcode":"SERVFAIL","rrname":"www.eatwellthailand.com"}}
{"timestamp":"2019-11-18T00:45:13.095882+0000","flow_id":52316620813962,"pcap_cnt":37,"event_type":"dns","src_ip":"192.168.240.57","src_port":53682,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":29328,"rrname":"www.eatwellthailand.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-11-18T00:45:12.876335+0000","flow_id":52316620813962,"pcap_cnt":44,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.57","dest_port":53682,"proto":"UDP","dns":{"type":"answer","id":29328,"rcode":"SERVFAIL","rrname":"www.eatwellthailand.com"}}
{"timestamp":"2019-11-18T00:45:17.823890+0000","flow_id":1458372949676626,"pcap_cnt":45,"event_type":"dns","src_ip":"192.168.240.57","src_port":56064,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":15194,"rrname":"www.gordonnikolic.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-11-18T00:45:12.894082+0000","flow_id":1458372949676626,"pcap_cnt":46,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.57","dest_port":56064,"proto":"UDP","dns":{"type":"answer","id":15194,"rcode":"NXDOMAIN","rrname":"www.gordonnikolic.com"}}
{"timestamp":"2019-11-18T00:45:12.894082+0000","flow_id":1458372949676626,"pcap_cnt":46,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.57","dest_port":56064,"proto":"UDP","dns":{"type":"answer","id":15194,"rcode":"NXDOMAIN","rrname":"com","rrtype":"SOA","ttl":899}}
{"timestamp":"2019-11-18T00:45:34.630765+0000","flow_id":1781981556678637,"pcap_cnt":50,"event_type":"dns","src_ip":"192.168.240.57","src_port":60787,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":20305,"rrname":"www.kitchenrenovationwarehouse.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-11-18T00:45:29.659682+0000","flow_id":1781981556678637,"pcap_cnt":51,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.57","dest_port":60787,"proto":"UDP","dns":{"type":"answer","id":20305,"rcode":"NXDOMAIN","rrname":"www.kitchenrenovationwarehouse.com"}}
{"timestamp":"2019-11-18T00:45:29.659682+0000","flow_id":1781981556678637,"pcap_cnt":51,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.57","dest_port":60787,"proto":"UDP","dns":{"type":"answer","id":20305,"rcode":"NXDOMAIN","rrname":"com","rrtype":"SOA","ttl":899}}
{"timestamp":"2019-11-18T00:45:53.534767+0000","flow_id":47832677558511,"pcap_cnt":54,"event_type":"dns","src_ip":"192.168.240.57","src_port":60367,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":15448,"rrname":"www.bantov.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-11-18T00:45:48.593056+0000","flow_id":47832677558511,"pcap_cnt":55,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.57","dest_port":60367,"proto":"UDP","dns":{"type":"answer","id":15448,"rcode":"NOERROR","rrname":"www.bantov.com","rrtype":"A","ttl":1798,"rdata":"63.250.35.202"}}
{"timestamp":"2019-11-18T00:45:48.683529+0000","flow_id":1103496984226349,"pcap_cnt":63,"event_type":"alert","src_ip":"192.168.240.57","src_port":49360,"dest_ip":"63.250.35.202","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2829000,"rev":5,"signature":"ETPRO TROJAN FormBook CnC Checkin (GET)","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2019-11-18T00:45:48.683529+0000","flow_id":1103496984226349,"pcap_cnt":63,"event_type":"http","src_ip":"192.168.240.57","src_port":49360,"dest_ip":"63.250.35.202","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.bantov.com","url":"\/c77\/?T8n=euaRkXwWBm+Uck2plnyrSfzC84zqz\/A3iqWBImWoHJBJQQvJsaCwg2bh6UGAVwonXSLzC4H2Rc0=&I0GHc8=yL08b4gpCbv","http_content_type":"text\/html"}}
{"timestamp":"2019-11-18T00:45:49.111101+0000","flow_id":1103496984226349,"pcap_cnt":65,"event_type":"http","src_ip":"192.168.240.57","src_port":49360,"dest_ip":"63.250.35.202","dest_port":80,"proto":"TCP","tx_id":1,"http":{}}
{"timestamp":"2019-11-18T00:45:49.111101+0000","flow_id":1103496984226349,"pcap_cnt":65,"event_type":"fileinfo","src_ip":"63.250.35.202","src_port":80,"dest_ip":"192.168.240.57","dest_port":49360,"proto":"TCP","http":{"hostname":"www.bantov.com","url":"\/c77\/?T8n=euaRkXwWBm+Uck2plnyrSfzC84zqz\/A3iqWBImWoHJBJQQvJsaCwg2bh6UGAVwonXSLzC4H2Rc0=&I0GHc8=yL08b4gpCbv","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":404,"length":327},"app_proto":"http","fileinfo":{"filename":"\/c77\/","gaps":false,"state":"CLOSED","stored":false,"size":327,"tx_id":0}}
{"timestamp":"2019-11-18T00:45:51.041483+0000","flow_id":1428656073416370,"pcap_cnt":74,"event_type":"alert","src_ip":"192.168.240.57","src_port":49361,"dest_ip":"63.250.35.202","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2829004,"rev":4,"signature":"ETPRO TROJAN FormBook CnC Checkin (POST)","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2019-11-18T00:45:51.041483+0000","flow_id":1428656073416370,"pcap_cnt":74,"event_type":"http","src_ip":"192.168.240.57","src_port":49361,"dest_ip":"63.250.35.202","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.bantov.com","url":"\/c77\/","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Win64; x64; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"text\/html"}}
{"timestamp":"2019-11-18T00:45:51.041483+0000","flow_id":1428656073416370,"pcap_cnt":74,"event_type":"fileinfo","src_ip":"192.168.240.57","src_port":49361,"dest_ip":"63.250.35.202","dest_port":80,"proto":"TCP","http":{"hostname":"www.bantov.com","url":"\/c77\/","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Win64; x64; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"text\/html","http_refer":"http:\/\/www.bantov.com\/c77\/","http_method":"POST","protocol":"HTTP\/1.1","status":404,"length":291},"app_proto":"http","fileinfo":{"filename":"\/c77\/","gaps":false,"state":"CLOSED","stored":false,"size":2173,"tx_id":0}}
{"timestamp":"2019-11-18T00:45:56.437512+0000","flow_id":1428656073416370,"pcap_cnt":75,"event_type":"http","src_ip":"192.168.240.57","src_port":49361,"dest_ip":"63.250.35.202","dest_port":80,"proto":"TCP","tx_id":1,"http":{}}
{"timestamp":"2019-11-18T00:45:51.577804+0000","flow_id":1276798914840332,"pcap_cnt":118,"event_type":"alert","src_ip":"192.168.240.57","src_port":49362,"dest_ip":"63.250.35.202","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2829004,"rev":4,"signature":"ETPRO TROJAN FormBook CnC Checkin (POST)","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2019-11-18T00:45:51.658485+0000","flow_id":1276798914840332,"pcap_cnt":146,"event_type":"http","src_ip":"192.168.240.57","src_port":49362,"dest_ip":"63.250.35.202","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.bantov.com","url":"\/c77\/","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Win64; x64; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"text\/html"}}
{"timestamp":"2019-11-18T00:45:51.658485+0000","flow_id":1276798914840332,"pcap_cnt":146,"event_type":"fileinfo","src_ip":"192.168.240.57","src_port":49362,"dest_ip":"63.250.35.202","dest_port":80,"proto":"TCP","http":{"hostname":"www.bantov.com","url":"\/c77\/","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Win64; x64; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"text\/html","http_refer":"http:\/\/www.bantov.com\/c77\/","http_method":"POST","protocol":"HTTP\/1.1","status":404,"length":291},"app_proto":"http","fileinfo":{"filename":"\/c77\/","gaps":false,"state":"CLOSED","stored":false,"size":60953,"tx_id":0}}
{"timestamp":"2019-11-18T00:45:56.885690+0000","flow_id":1276798914840332,"pcap_cnt":147,"event_type":"http","src_ip":"192.168.240.57","src_port":49362,"dest_ip":"63.250.35.202","dest_port":80,"proto":"TCP","tx_id":1,"http":{}}
{"timestamp":"2019-11-18T00:46:12.089161+0000","flow_id":2041925864807497,"pcap_cnt":148,"event_type":"dns","src_ip":"192.168.240.57","src_port":53323,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":32117,"rrname":"www.myviralonline.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-11-18T00:46:06.915282+0000","flow_id":2041925864807497,"pcap_cnt":149,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.57","dest_port":53323,"proto":"UDP","dns":{"type":"answer","id":32117,"rcode":"NOERROR","rrname":"www.myviralonline.com","rrtype":"A","ttl":299,"rdata":"204.11.56.48"}}
{"timestamp":"2019-11-18T00:46:07.118124+0000","flow_id":1042843457303061,"pcap_cnt":165,"event_type":"alert","src_ip":"192.168.240.57","src_port":49363,"dest_ip":"204.11.56.48","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2829000,"rev":5,"signature":"ETPRO TROJAN FormBook CnC Checkin (GET)","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2019-11-18T00:46:07.158624+0000","flow_id":1042843457303061,"pcap_cnt":173,"event_type":"http","src_ip":"192.168.240.57","src_port":49363,"dest_ip":"204.11.56.48","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.myviralonline.com","url":"\/c77\/?T8n=0nt\/ui4yvNnQ\/fqyXeUzhk+IDc4jpTJkI6sYnD498zCU5xXPqDS7kQGQthlPDde51Czw7QHkOeA=&I0GHc8=yL08b4gpCbv","http_content_type":"text\/html"}}
{"timestamp":"2019-11-18T00:46:07.198492+0000","flow_id":1042843457303061,"pcap_cnt":175,"event_type":"http","src_ip":"192.168.240.57","src_port":49363,"dest_ip":"204.11.56.48","dest_port":80,"proto":"TCP","tx_id":1,"http":{}}
{"timestamp":"2019-11-18T00:46:07.198492+0000","flow_id":1042843457303061,"pcap_cnt":175,"event_type":"fileinfo","src_ip":"204.11.56.48","src_port":80,"dest_ip":"192.168.240.57","dest_port":49363,"proto":"TCP","http":{"hostname":"www.myviralonline.com","url":"\/c77\/?T8n=0nt\/ui4yvNnQ\/fqyXeUzhk+IDc4jpTJkI6sYnD498zCU5xXPqDS7kQGQthlPDde51Czw7QHkOeA=&I0GHc8=yL08b4gpCbv","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":22795},"app_proto":"http","fileinfo":{"filename":"\/c77\/","gaps":false,"state":"CLOSED","stored":false,"size":22784,"tx_id":0}}
{"timestamp":"2019-11-18T00:46:31.622626+0000","flow_id":2100642363965474,"pcap_cnt":188,"event_type":"dns","src_ip":"192.168.240.57","src_port":60621,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":32685,"rrname":"www.tchuifeng.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-11-18T00:46:25.997574+0000","flow_id":2100642363965474,"pcap_cnt":189,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.57","dest_port":60621,"proto":"UDP","dns":{"type":"answer","id":32685,"rcode":"NOERROR","rrname":"www.tchuifeng.com","rrtype":"A","ttl":599,"rdata":"174.34.182.210"}}
{"timestamp":"2019-11-18T00:46:26.014897+0000","flow_id":2043390449889482,"pcap_cnt":196,"event_type":"alert","src_ip":"192.168.240.57","src_port":49366,"dest_ip":"174.34.182.210","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2829000,"rev":5,"signature":"ETPRO TROJAN FormBook CnC Checkin (GET)","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2019-11-18T00:46:26.014897+0000","flow_id":2043390449889482,"pcap_cnt":196,"event_type":"http","src_ip":"192.168.240.57","src_port":49366,"dest_ip":"174.34.182.210","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.tchuifeng.com","url":"\/c77\/?T8n=O4XzalypxE3zaGMxlZvDb3tZKy+urTKbwlPmEbmFHmi5SnVR4Jel5SEe26b\/13dvPBGKsMhBY7E=&I0GHc8=yL08b4gpCbv","http_content_type":"text\/html"}}
{"timestamp":"2019-11-18T00:46:26.021600+0000","flow_id":2043390449889482,"pcap_cnt":198,"event_type":"http","src_ip":"192.168.240.57","src_port":49366,"dest_ip":"174.34.182.210","dest_port":80,"proto":"TCP","tx_id":1,"http":{}}
{"timestamp":"2019-11-18T00:46:26.021600+0000","flow_id":2043390449889482,"pcap_cnt":198,"event_type":"fileinfo","src_ip":"174.34.182.210","src_port":80,"dest_ip":"192.168.240.57","dest_port":49366,"proto":"TCP","http":{"hostname":"www.tchuifeng.com","url":"\/c77\/?T8n=O4XzalypxE3zaGMxlZvDb3tZKy+urTKbwlPmEbmFHmi5SnVR4Jel5SEe26b\/13dvPBGKsMhBY7E=&I0GHc8=yL08b4gpCbv","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":1072},"app_proto":"http","fileinfo":{"filename":"\/c77\/","gaps":false,"state":"CLOSED","stored":false,"size":1072,"tx_id":0}}
{"timestamp":"2019-11-18T00:46:28.000923+0000","flow_id":68899494783684,"pcap_cnt":254,"event_type":"alert","src_ip":"192.168.240.57","src_port"

lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/a8ccc519523240ffbfd49ae52fee39d356b33745cb75ec8c950e11a498e082d2 -r /var/pcap/11182019.0920-35104496d4ae5538f6340fd2b2dc9c4e9bda391363ef7d2fac42732df78eb18c_network.pcap -vvv -k none
elapsedtime:23.190457
stderr:
stdout:
18/11/2019 -- 09:20:01 - <Info> - Configuration node 'rule-files' redefined.
18/11/2019 -- 09:20:01 - <Notice> - This is Suricata version 4.0.0 RELEASE
18/11/2019 -- 09:20:01 - <Info> - CPUs/cores online: 1
18/11/2019 -- 09:20:01 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 32071 and 'request-body-inspect-window' set to 16292 after randomization.
18/11/2019 -- 09:20:01 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 31802 and 'response-body-inspect-window' set to 16708 after randomization.
18/11/2019 -- 09:20:01 - <Config> - DNS request flood protection level: 500
18/11/2019 -- 09:20:01 - <Config> - DNS per flow memcap (state-memcap): 524288
18/11/2019 -- 09:20:01 - <Config> - DNS global memcap: 16777216
18/11/2019 -- 09:20:01 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
18/11/2019 -- 09:20:01 - <Config> - preallocated 1000 hosts of size 136
18/11/2019 -- 09:20:01 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
18/11/2019 -- 09:20:01 - <Config> - using magic-file /usr/share/file/magic
18/11/2019 -- 09:20:01 - <Config> - Core dump size is unlimited.
18/11/2019 -- 09:20:01 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
18/11/2019 -- 09:20:01 - <Config> - preallocated 1000 defrag trackers of size 168
18/11/2019 -- 09:20:01 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
18/11/2019 -- 09:20:01 - <Config> - stream "prealloc-sessions": 2048 (per thread)
18/11/2019 -- 09:20:01 - <Config> - stream "memcap": 33554432
18/11/2019 -- 09:20:01 - <Config> - stream "midstream" session pickups: disabled
18/11/2019 -- 09:20:01 - <Config> - stream "async-oneside": disabled
18/11/2019 -- 09:20:01 - <Config> - stream "checksum-validation": disabled
18/11/2019 -- 09:20:01 - <Config> - stream."inline": disabled
18/11/2019 -- 09:20:01 - <Config> - stream "bypass": disabled
18/11/2019 -- 09:20:01 - <Config> - stream "max-synack-queued": 5
18/11/2019 -- 09:20:01 - <Config> - stream.reassembly "memcap": 134217728
18/11/2019 -- 09:20:01 - <Config> - stream.reassembly "depth": 0
18/11/2019 -- 09:20:01 - <Config> - stream.reassembly "toserver-chunk-size": 2533
18/11/2019 -- 09:20:01 - <Config> - stream.reassembly "toclient-chunk-size": 2547
18/11/2019 -- 09:20:01 - <Config> - stream.reassembly.raw: enabled
18/11/2019 -- 09:20:01 - <Config> - stream.reassembly "segment-prealloc": 2048
18/11/2019 -- 09:20:01 - <Config> - Delayed detect disabled
18/11/2019 -- 09:20:01 - <Config> - pattern matchers: MPM: ac, SPM: bm
18/11/2019 -- 09:20:01 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
18/11/2019 -- 09:20:01 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
18/11/2019 -- 09:20:01 - <Config> - prefilter engines: MPM
18/11/2019 -- 09:20:01 - <Config> - IP reputation disabled
18/11/2019 -- 09:20:01 - <Perf> - Registered 148 keyword profiling counters.
18/11/2019 -- 09:20:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
18/11/2019 -- 09:20:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
18/11/2019 -- 09:20:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
18/11/2019 -- 09:20:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
18/11/2019 -- 09:20:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
18/11/2019 -- 09:20:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
18/11/2019 -- 09:20:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
18/11/2019 -- 09:20:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
18/11/2019 -- 09:20:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
18/11/2019 -- 09:20:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
18/11/2019 -- 09:20:06 - <Config> - No rules loaded from ET-icmp.rules.
18/11/2019 -- 09:20:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
18/11/2019 -- 09:20:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
18/11/2019 -- 09:20:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
18/11/2019 -- 09:20:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
18/11/2019 -- 09:20:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
18/11/2019 -- 09:20:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
18/11/2019 -- 09:20:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
18/11/2019 -- 09:20:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
18/11/2019 -- 09:20:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
18/11/2019 -- 09:20:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
18/11/2019 -- 09:20:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
18/11/2019 -- 09:20:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
18/11/2019 -- 09:20:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
18/11/2019 -- 09:20:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
18/11/2019 -- 09:20:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
18/11/2019 -- 09:20:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
18/11/2019 -- 09:20:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
18/11/2019 -- 09:20:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
18/11/2019 -- 09:20:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
18/11/2019 -- 09:20:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
18/11/2019 -- 09:20:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
18/11/2019 -- 09:20:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
18/11/2019 -- 09:20:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
18/11/2019 -- 09:20:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
18/11/2019 -- 09:20:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
18/11/2019 -- 09:20:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
18/11/2019 -- 09:20:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
18/11/2019 -- 09:20:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
18/11/2019 -- 09:20:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
18/11/2019 -- 09:20:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
18/11/2019 -- 09:20:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
18/11/2019 -- 09:20:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
18/11/2019 -- 09:20:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
18/11/2019 -- 09:20:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
18/11/2019 -- 09:20:14 - <Config> - No rules loaded from local.rules.
18/11/2019 -- 09:20:14 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
18/11/2019 -- 09:20:14 - <Info> - Threshold config parsed: 0 rule(s) found
18/11/2019 -- 09:20:14 - <Perf> - using shared mpm ctx' for tcp-packet
18/11/2019 -- 09:20:14 - <Perf> - using shared mpm ctx' for tcp-stream
18/11/2019 -- 09:20:14 - <Perf> - using shared mpm ctx' for udp-packet
18/11/2019 -- 09:20:14 - <Perf> - using shared mpm ctx' for other-ip
18/11/2019 -- 09:20:14 - <Perf> - using shared mpm ctx' for http_uri
18/11/2019 -- 09:20:14 - <Perf> - using shared mpm ctx' for http_request_line
18/11/2019 -- 09:20:14 - <Perf> - using shared mpm ctx' for http_client_body
18/11/2019 -- 09:20:14 - <Perf> - using shared mpm ctx' for http_response_line
18/11/2019 -- 09:20:14 - <Perf> - using shared mpm ctx' for http_header
18/11/2019 -- 09:20:14 - <Perf> - using shared mpm ctx' for http_header
18/11/2019 -- 09:20:14 - <Perf> - using shared mpm ctx' for http_header_names
18/11/2019 -- 09:20:14 - <Perf> - using shared mpm ctx' for http_header_names
18/11/2019 -- 09:20:14 - <Perf> - using shared mpm ctx' for http_accept
18/11/2019 -- 09:20:14 - <Perf> - using shared mpm ctx' for http_accept_enc
18/11/2019 -- 09:20:14 - <Perf> - using shared mpm ctx' for http_accept_lang
18/11/2019 -- 09:20:14 - <Perf> - using shared mpm ctx' for http_referer
18/11/2019 -- 09:20:14 - <Perf> - using shared mpm ctx' for http_connection
18/11/2019 -- 09:20:14 - <Perf> - using shared mpm ctx' for http_content_len
18/11/2019 -- 09:20:14 - <Perf> - using shared mpm ctx' for http_content_len
18/11/2019 -- 09:20:14 - <Perf> - using shared mpm ctx' for http_content_type
18/11/2019 -- 09:20:14 - <Perf> - using shared mpm ctx' for http_content_type
18/11/2019 -- 09:20:14 - <Perf> - using shared mpm ctx' for http_protocol
18/11/2019 -- 09:20:14 - <Perf> - using shared mpm ctx' for http_protocol
18/11/2019 -- 09:20:14 - <Perf> - using shared mpm ctx' for http_start
18/11/2019 -- 09:20:14 - <Perf> - using shared mpm ctx' for http_start
18/11/2019 -- 09:20:14 - <Perf> - using shared mpm ctx' for http_raw_header
18/11/2019 -- 09:20:14 - <Perf> - using shared mpm ctx' for http_raw_header
18/11/2019 -- 09:20:14 - <Perf> - using shared mpm ctx' for http_method
18/11/2019 -- 09:20:14 - <Perf> - using shared mpm ctx' for http_cookie
18/11/2019 -- 09:20:14 - <Perf> - using shared mpm ctx' for http_cookie
18/11/2019 -- 09:20:14 - <Perf> - using shared mpm ctx' for http_raw_uri
18/11/2019 -- 09:20:14 - <Perf> - using shared mpm ctx' for http_user_agent
18/11/2019 -- 09:20:14 - <Perf> - using shared mpm ctx' for http_host
18/11/2019 -- 09:20:14 - <Perf> - using shared mpm ctx' for http_raw_host
18/11/2019 -- 09:20:14 - <Perf> - using shared mpm ctx' for http_stat_msg
18/11/2019 -- 09:20:14 - <Perf> - using shared mpm ctx' for http_stat_code
18/11/2019 -- 09:20:14 - <Perf> - using shared mpm ctx' for dns_query
18/11/2019 -- 09:20:14 - <Perf> - using shared mpm ctx' for tls_sni
18/11/2019 -- 09:20:14 - <Perf> - using shared mpm ctx' for tls_cert_issuer
18/11/2019 -- 09:20:14 - <Perf> - using shared mpm ctx' for tls_cert_subject
18/11/2019 -- 09:20:14 - <Perf> - using shared mpm ctx' for tls_cert_serial
18/11/2019 -- 09:20:14 - <Perf> - using shared mpm ctx' for dce_stub_data
18/11/2019 -- 09:20:14 - <Perf> - using shared mpm ctx' for dce_stub_data
18/11/2019 -- 09:20:14 - <Perf> - using shared mpm ctx' for ssh_protocol
18/11/2019 -- 09:20:14 - <Perf> - using shared mpm ctx' for ssh_protocol
18/11/2019 -- 09:20:14 - <Perf> - using shared mpm ctx' for ssh_software
18/11/2019 -- 09:20:14 - <Perf> - using shared mpm ctx' for ssh_software
18/11/2019 -- 09:20:14 - <Perf> - using shared mpm ctx' for file_data
18/11/2019 -- 09:20:14 - <Perf> - using shared mpm ctx' for file_data
18/11/2019 -- 09:20:14 - <Perf> - using shared mpm ctx' for http_request_line
18/11/2019 -- 09:20:14 - <Perf> - using shared mpm ctx' for http_response_line
18/11/2019 -- 09:20:14 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
18/11/2019 -- 09:20:14 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
18/11/2019 -- 09:20:15 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
18/11/2019 -- 09:20:15 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
18/11/2019 -- 09:20:15 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
18/11/2019 -- 09:20:15 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
18/11/2019 -- 09:20:15 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
18/11/2019 -- 09:20:15 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
18/11/2019 -- 09:20:20 - <Perf> - Unique rule groups: 104
18/11/2019 -- 09:20:20 - <Perf> - Builtin MPM "toserver TCP packet": 35
18/11/2019 -- 09:20:20 - <Perf> - Builtin MPM "toclient TCP packet": 17
18/11/2019 -- 09:20:20 - <Perf> - Builtin MPM "toserver TCP stream": 33
18/11/2019 -- 09:20:20 - <Perf> - Builtin MPM "toclient TCP stream": 19
18/11/2019 -- 09:20:20 - <Perf> - Builtin MPM "toserver UDP packet": 27
18/11/2019 -- 09:20:20 - <Perf> - Builtin MPM "toclient UDP packet": 17
18/11/2019 -- 09:20:20 - <Perf> - Builtin MPM "other IP packet": 3
18/11/2019 -- 09:20:20 - <Perf> - AppLayer MPM "toserver http_uri": 14
18/11/2019 -- 09:20:20 - <Perf> - AppLayer MPM "toserver http_request_line": 1
18/11/2019 -- 09:20:20 - <Perf> - AppLayer MPM "toserver http_client_body": 6
18/11/2019 -- 09:20:20 - <Perf> - AppLayer MPM "toclient http_response_line": 1
18/11/2019 -- 09:20:20 - <Perf> - AppLayer MPM "toserver http_header": 10
18/11/2019 -- 09:20:20 - <Perf> - AppLayer MPM "toclient http_header": 6
18/11/2019 -- 09:20:20 - <Perf> - AppLayer MPM "toserver http_header_names": 2
18/11/2019 -- 09:20:20 - <Perf> - AppLayer MPM "toserver http_accept": 1
18/11/2019 -- 09:20:20 - <Perf> - AppLayer MPM "toserver http_referer": 1
18/11/2019 -- 09:20:20 - <Perf> - AppLayer MPM "toserver http_content_len": 1
18/11/2019 -- 09:20:20 - <Perf> - AppLayer MPM "toserver http_content_type": 1
18/11/2019 -- 09:20:20 - <Perf> - AppLayer MPM "toclient http_content_type": 1
18/11/2019 -- 09:20:20 - <Perf> - AppLayer MPM "toserver http_protocol": 1
18/11/2019 -- 09:20:20 - <Perf> - AppLayer MPM "toserver http_start": 1
18/11/2019 -- 09:20:20 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
18/11/2019 -- 09:20:20 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
18/11/2019 -- 09:20:20 - <Perf> - AppLayer MPM "toserver http_method": 5
18/11/2019 -- 09:20:20 - <Perf> - AppLayer MPM "toserver http_cookie": 1
18/11/2019 -- 09:20:20 - <Perf> - AppLayer MPM "toclient http_cookie": 2
18/11/2019 -- 09:20:20 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
18/11/2019 -- 09:20:20 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
18/11/2019 -- 09:20:20 - <Perf> - AppLayer MPM "toserver http_host": 2
18/11/2019 -- 09:20:20 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
18/11/2019 -- 09:20:20 - <Perf> - AppLayer MPM "toserver dns_query": 4
18/11/2019 -- 09:20:20 - <Perf> - AppLayer MPM "toserver tls_sni": 2
18/11/2019 -- 09:20:20 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
18/11/2019 -- 09:20:20 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
18/11/2019 -- 09:20:20 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
18/11/2019 -- 09:20:20 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
18/11/2019 -- 09:20:20 - <Perf> - AppLayer MPM "toserver file_data": 1
18/11/2019 -- 09:20:20 - <Perf> - AppLayer MPM "toclient file_data": 7
18/11/2019 -- 09:20:22 - <Perf> - Registered 39590 rule profiling counters.
18/11/2019 -- 09:20:22 - <Info> - fast output device (regular) initialized: alert
18/11/2019 -- 09:20:22 - <Info> - eve-log output device (regular) initialized: eve.json
18/11/2019 -- 09:20:22 - <Config> - enabling 'eve-log' module 'alert'
18/11/2019 -- 09:20:22 - <Config> - enabling 'eve-log' module 'http'
18/11/2019 -- 09:20:22 - <Config> - enabling 'eve-log' module 'dns'
18/11/2019 -- 09:20:22 - <Config> - enabling 'eve-log' module 'tls'
18/11/2019 -- 09:20:22 - <Config> - enabling 'eve-log' module 'files'
18/11/2019 -- 09:20:22 - <Config> - enabling 'eve-log' module 'ssh'
18/11/2019 -- 09:20:22 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
18/11/2019 -- 09:20:22 - <Info> - stats output device (regular) initialized: stats.log
18/

  --------------------------------------------------------------------------------------------------------------------------------
  Date: 11/18/2019 -- 09:20:24
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             6143932         1049            1049            423636          5856.00         5856.00         0.00           
  content          16439634        1964            868             2653470         8370.00         6997.00         9458.00        
  pcre             2575392         176             67              436502          14632.00        16051.00        13760.00       
  byte_test        2128556         415             212             21306           5129.00         5357.00         4890.00        
  byte_jump        22188           1               1               22188           22188.00        22188.00        0.00           
  isdataat         368664          71              4               24442           5192.00         4541.00         5231.00        
  flowbits         346634          50              10              85204           6932.00         13752.00        5227.00        
  urilen           721452          128             16              26314           5636.00         5449.00         5662.00        
  byte_extract     28272           4               4               14398           7068.00         7068.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             6143932         1049            1049            423636          5856.00         5856.00         0.00           
  flowbits         234614          45              5               21796           5213.00         5100.00         5227.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          7882838         734             379             2653470         10739.00        7334.00         14374.00       
  pcre             623998          72              26              82572           8666.00         9368.00         8269.00        
  byte_test        2074640         409             206             21306           5072.00         5251.00         4890.00        
  isdataat         350498          67              0               24442           5231.00         0.00            5231.00        
  byte_extract     28272           4               4               14398           7068.00         7068.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         112020          5               5               85204           22404.00        22404.00        0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1329410         224             48              26198           5934.00         6821.00         5692.00        
  pcre             349798          31              4               66960           11283.00        11536.00        11246.00       
  isdataat         18166           4               4               4562            4541.00         4541.00         0.00           
  urilen           721452          128             16              26314           5636.00         5449.00         5662.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_client_body
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1958620         188             6               238254          10418.00        5599.00         10577.00       
  pcre             426198          6               6               189094          71033.00        71033.00        0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          70236           11              0               19440           6385.00         0.00            6385.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          417840          35              6               80958           11938.00        39998.00        6132.00        
  pcre             53836           5               0               18714           10767.00        0.00            10767.00       
  byte_jump        22188           1               1               22188           22188.00        22188.00        0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3571536         561             301             25364           6366.00         6483.00         6230.00        
  pcre             1017686         50              19              436502          20353.00        13455.00        24581.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          595188          103             55              21418           5778.00         5674.00         5897.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_accept_enc
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          33960           6               6               6188            5660.00         5660.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_connection
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          51112           10              10              5638            5111.00         5111.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_len
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  byte_test        53916           6               6               11128           8986.00         8986.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          101956          18              18              6200            5664.00         5664.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          113426          18              14              22068           6301.00         6639.00         5118.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          217728          38              18              7890            5729.00         6219.00         5289.00        
  pcre             103876          12              12              16364           8656.00         8656.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_host
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          17310           3               0               5884            5770.00         0.00            5770.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          68488           13              7               5882            5268.00         5318.00         5209.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: tls_cert_subject
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          9986            2               0               5016            4993.00         0.00            4993.00        

  --------------------------------------------------------------------------
  Date: 11/18/2019 -- 09:20:24. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2816165      1        5        6136390      6.98   30       0        5347144     204546.33   0.00        204546.33  
  2        2010143      1        3        3102656      3.53   51       0        2666250     60836.39    0.00        60836.39   
  3        2816909      1        2        1039526      1.18   8        0        533526      129940.75   0.00        129940.75  
  4        2815817      1        5        768472       0.87   8        0        480762      96059.00    0.00        96059.00   
  5        2023083      1        2        919876       1.05   10       0        468824      91987.60    0.00        91987.60   
  6        2816929      1        4        701406       0.80   8        0        467590      87675.75    0.00        87675.75   
  7        2821561      1        2        710040       0.81   8        0        466912      88755.00    0.00        88755.00   
  8        2014701      1        12       1808252      2.06   66       0        437678      27397.76    0.00        27397.76   
  9        2815780      1        4        267148       0.30   1        0        267148      267148.00   0.00        267148.00  
  10       2021749      1        6        505258       0.58   2        0        255178      252629.00   0.00        252629.00  
  11       2024555      1        7        253326       0.29   1        0        253326      253326.00   0.00        253326.00  
  12       2021529      1        3        352754       0.40   2        0        238956      176377.00   0.00        176377.00  
  13       2814979      1        2        403624       0.46   7        0        238722      57660.57    0.00        57660.57   
  14       2024554      1        7        228418       0.26   1        0        228418      228418.00   0.00        228418.00  
  15       2815778      1        6        225902       0.26   1        0        225902      225902.00   0.00        225902.00  
  16       2822213      1        2        404270       0.46   7        0        221002      57752.86    0.00        57752.86   
  17       2814978      1        2        409386       0.47   7        0        220550      58483.71    0.00        58483.71   
  18       2829004      1        4        1610150      1.83   69       6        210810      23335.51    175996.00   8796.41    
  19       2016537      1        2        4315180      4.91   137      4        179272      31497.66    122830.50   28750.81   
  20       2018005      1        6        286898       0.33   7        0        149328      40985.43    0.00        40985.43   
  21       2815314      1        3        528072       0.60   4        0        145768      132018.00   0.00        132018.00  
  22       2804911      1        3        141850       0.16   1        0        141850      141850.00   0.00        141850.00  
  23       2816910      1        2        665372       0.76   8        0        140456      83171.50    0.00        83171.50   
  24       2803027      1        6        126374       0.14   1        0        126374      126374.00   0.00        126374.00  
  25       2809850      1        2        1034172      1.18   26       0        121684      39775.85    0.00        39775.85   
  26       2816895      1        2        384240       0.44   5        0        119682      76848.00    0.00        76848.00   
  27       2803657      1        5        115468       0.13   1        0        115468      115468.00   0.00        115468.00  
  28       2829000      1        5        481896       0.55   14       4        110402      34421.14    100248.50   8090.20    
  29       2025064      1        5        463702       0.53   8        0        106968      57962.75    0.00        57962.75   
  30       2816940      1        2        578666       0.66   8        0        104852      72333.25    0.00        72333.25   
  31       2815254      1        7        376662       0.43   5        0        104134      75332.40    0.00        75332.40   
  32       2821014      1        13       97416        0.11   1        0        97416       97416.00    0.00        97416.00   
  33       2826256      1        2        928826       1.06   30       0        92816       30960.87    0.00        30960.87   
  34       2830124      1        1        372470       0.42   14       0        91334       26605.00    0.00        26605.00   
  35       2023818      1        2        89238        0.10   1        1        89238       89238.00    89238.00    0.00       
  36       2802880      1        3        202964       0.23   4        0        88038       50741.00    0.00        50741.00   
  37       2827946      1        2        122950       0.14   2        0        87070       61475.00    0.00        61475.00   
  38       2816328      1        5        350964       0.40   8        0        86194       43870.50    0.00        43870.50   
  39       2018457      1        1        161690       0.18   4        0        84450       40422.50    0.00        40422.50   
  40       2820851      1        5        418686       0.48   8        0        82016       52335.75    0.00        52335.75   
  41       2019230      1        2        1118676      1.27   66       0        80170       16949.64    0.00        16949.64   
  42       2800827      1        3        78448        0.09   1        0        78448       78448.00    0.00        78448.00   
  43       2017552      1        6        4467428      5.08   138      0        78244       32372.67    0.00        32372.67   
  44       2816924      1        4        310778       0.35   8        0        76406       38847.25    0.00        38847.25   
  45       2018789      1        3        300394       0.34   7        0        76116       42913.43    0.00        42913.43   
  46       2800829      1        4        75876        0.09   1        0        75876       75876.00    0.00        75876.00   
  47       2816327      1        4        389606       0.44   8        0        75836       48700.75    0.00        48700.75   
  48       2018316      1        4        185200       0.21   3        0        75622       61733.33    0.00        61733.33   
  49       2020741      1        1        176826       0.20   3        0        74200       58942.00    0.00        58942.00   
  50       2811577      1        2        1063116      1.21   66       0        73402       16107.82    0.00        16107.82   
  51       2802876      1        3        173398       0.20   6        0        72692       28899.67    0.00        28899.67   
  52       2811274      1        7        72334        0.08   1        0        72334       72334.00    0.00        72334.00   
  53       2012511      1        2        115838       0.13   2        0        72058       57919.00    0.00        57919.00   
  54       2811544      1        1        1081738      1.23   66       0        72034       16389.97    0.00        16389.97   
  55       2828883      1        3        71498        0.08   1        0        71498       71498.00    0.00        71498.00   
  56       2815748      1        2        70986        0.08   1        0        70986       70986.00    0.00        70986.00   
  57       2019343      1        3        365732       0.42   8        0        70370       45716.50    0.00        45716.50   
  58       2816526      1        13       334526       0.38   8        0        68854       41815.75    0.00        41815.75   
  59       2829848      1        2        317814       0.36   6        0        68784       52969.00    0.00        52969.00   
  60       2017567      1        3        219458       0.25   4        0        68742       54864.50    0.00        54864.50   
  61       2816525      1        10       376334       0.43   8        0        68628       47041.75    0.00        47041.75   
  62       2017259      1        12       371468       0.42   8        0        68138       46433.50    0.00        46433.50   
  63       2827906      1        2        100802       0.11   2        0        67090       50401.00    0.00        50401.00   
  64       2816356      1        2        684756       0.78   16       0        67024       42797.25    0.00        42797.25   
  65       2828986      1        2        348230       0.40   6        0        66740       58038.33    0.00        58038.33   
  66       2815475      1        6        65716        0.07   1        0        65716       65716.00    0.00        65716.00   
  67       2823855      1        7        225354       0.26   4        0        65658       56338.50    0.00        56338.50   
  68       2016726      1        6        216100       0.25   4        0        65426       54025.00    0.00        54025.00   
  69       2020496      1        2        402838       0.46   8        0        65316       50354.75    0.00        50354.75   
  70       2811447      1        2        120646       0.14   12       0        64900       10053.83    0.00        10053.83   
  71       2024771      1        1        848160       0.97   46       0        64640       18438.26    0.00        18438.26   
  72       2020742      1        1        171018       0.19   3        0        64134       57006.00    0.00        57006.00   
  73       2810991      1        4        324910       0.37   8        0        64074       40613.75    0.00        40613.75   
  74       2828060      1        4        350214       0.40   7        0        63674       50030.57    0.00        50030.57   
  75       2816930      1        4        295900       0.34   8        0        63468       36987.50    0.00        36987.50   
  76       2800828      1        4        63398        0.07   1        0        63398       63398.00    0.00        63398.00   
  77       2809267      1        8        251944       0.29   14       0        62792       17996.00    0.00        17996.00   
  78       2018360      1        10       62670        0.07   1        0        62670       62670.00    0.00        62670.00   
  79       2018666      1        4        168176       0.19   3        0        62536       56058.67    0.00        56058.67   
  80       2829607      1        1        279264       0.32   14       0        62500       19947.43    0.00        19947.43   
  81       2806132      1        3        320124       0.36   8        0        62300       40015.50    0.00        40015.50   
  82       2800826      1        3        61924        0.07   1        0        61924       61924.00    0.00        61924.00   
  83       2828876      1        1        777116       0.88   141      0        61668       5511.46     0.00        5511.46    
  84       2805315      1        2        61288        0.07   1        0        61288       61288.00    0.00        61288.00   
  85       2815664      1        3        61182        0.07   1        0        61182       61182.00    0.00        61182.00   
  86       2816922      1        5        337180       0.38   8        0        61170       42147.50    0.00        42147.50   
  87       2811542      1        1        330456       0.38   11       0        61086       30041.45    0.00        30041.45   
  88       2816927      1        3        303422       0.35   8        0        61018       37927.75    0.00        37927.75   
  89       2816831      1        2        167674       0.19   4        0        60146       41918.50    0.00        41918.50   
  90       2014380      1        4        385988       0.44   12       0        59642       32165.67    0.00        32165.67   
  91       2816925      1        3        291982       0.33   8        0        59110       36497.75    0.00        36497.75   
  92       2020295      1        6        245754       0.28   5        0        58644       49150.80    0.00        49150.80   
  93       2015781      1        2        226948       0.26   4        0        57962       56737.00    0.00        56737.00   
  94       2816931      1        3        293992       0.33   8        0        57782       36749.00    0.00        36749.00   
  95       2830035      1        2        299820       0.34   14       0        57384       21415.71    0.00        21415.71   
  96       2014702      1        9        1029234      1.17   66       0        56918       15594.45    0.00        15594.45   
  97       2816883      1        3        127724       0.15   3        0        56666       42574.67    0.00        42574.67   
  98       2825027      1        3        191394       0.22   4        0        56010       47848.50    0.00        47848.50   
  99       2827279      1        5        549352       0.63   16       0        55234       34334.50    0.00        34334.50   
  100      2823663      1        3        165524       0.19   4        0        55146       41381.00    0.00        41381.00   
  101      2806802      1        2        248342       0.28   7        0        54578       35477.43    0.00        35477.43   
  102      2816928      1        3        285200       0.32   8        0        54370       35650.00    0.00        35650.00   
  103      2816055      1        2        245444       0.28   8        0        54090       30680.50    0.00        30680.50   
  104      2013535      1        5        136082       0.15   5        0        53562       27216.40    0.00        27216.40   
  105      2828823      1        2        90656        0.10   2        0        53520       45328.00    0.00        45328.00   
  106      2829520      1        2        53466        0.06   1        0        53466       53466.00    0.00        53466.00   
  107      2816669      1        4        242496       0.28   8        0        53176       30312.00    0.00        30312.00   
  108      2829581      1        2        53172        0.06   1        0        53172       53172.00    0.00        53172.00   
  109      2022531      1        1        459534       0.52   17       0        52972       27031.41    0.00        27031.41   
  110      2021248      1        7        191674       0.22   9        0        52636       21297.11    0.00        21297.11   
  111      2825947      1        2        52502        0.06   1        0        52502       52502.00    0.00        52502.00   
  112      2816857      1        2        251966       0.29   8        0        52194       31495.75    0.00        31495.75   
  113      2803348      1        4        52064        0.06   1        0        52064       52064.00    0.00        52064.00   
  114      2012707      1        5        438100       0.50   11       0        51922       39827.27    0.00        39827.27   
  115      2829577      1        2        51888        0.06   1        0        51888       51888.00    0.00        51888.00   
  116      2802987      1        5        101598       0.12   4        0        51766       25399.50    0.00        25399.50   
  117      2021267      1        2        186184       0.21   9        0        51738       20687.11    0.00        20687.11   
  118      2829944      1        2        51730        0.06   1        0        51730       51730.00    0.00        51730.00   
  119      2825755      1        2        96928        0.11   4        0        51676       24232.00    0.00        24232.00   
  120      2830036      1        1        296688       0.34   8        0        51648       37086.00    0.00        37086.00   
  121      2829600      1        2        51322        0.06   1        0        51322       51322.00    0.00        51322.00   
  122      2826650      1        2        87368        0.10   2        0        51316       43684.00    0.00        43684.00   
  123      2826774      1        2        86922        0.10   2        0        51252       43461.00    0.00        43461.00   
  124      2825909      1        2        51060        0.06   1        0        51060       51060.00    0.00        51060.00   
  125      2826596      1        2        

2019-11-18 09:20:00,390 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-11-18 09:20:01,123 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-11-18 09:20:01,123 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-11-18 09:20:01,124 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-11-18 09:20:01,124 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-11-18 09:20:01,124 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/a8ccc519523240ffbfd49ae52fee39d356b33745cb75ec8c950e11a498e082d2 -r /var/pcap/11182019.0920-35104496d4ae5538f6340fd2b2dc9c4e9bda391363ef7d2fac42732df78eb18c_network.pcap -vvv -k none
2019-11-18 09:20:24,317 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-11-18 09:20:24,318 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 23.9364430904