Filename: 7dd80c47-f43c-4fa3-8b62-65655e2d7e16.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etproenall-all
Runtime: 32.1707789898 seconds
Hash: ad3ba4a28a11f5c341c17843629824cc
Uploaded: 1565803014

Logfiles


suricata-4.0.0-etproenall-all-perf.txt-2019-08-14-T-17-17-26-08142019.1715-7dd80c47-f43c-4fa3-8b62-65655e2d7e16.pcap.txt - (155606 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 8/14/2019 -- 17:17:26. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2802583      1        2        29819834     1.96   28       0        29644766    1064994.07  0.00        1064994.07 
  2        2009294      1        1        30499408     2.01   777      0        21334948    39252.78    0.00        39252.78   
  3        2823882      1        2        21415066     1.41   88       0        20895618    243353.02   0.00        243353.02  
  4        2809500      1        1        9131728      0.60   132      0        8426492     69179.76    0.00        69179.76   
  5        2007635      1        4        6009424      0.40   95       0        5523748     63257.09    0.00        63257.09   
  6        2803400      1        1        5307722      0.35   132      0        1207010     40210.02    0.00        40210.02   
  7        2803396      1        1        5323818      0.35   132      0        1190232     40331.95    0.00        40331.95   
  8        2803398      1        1        5221950      0.34   132      0        1189498     39560.23    0.00        39560.23   
  9        2002543      1        5        6666042      0.44   580      0        1171964     11493.18    0.00        11493.18   
  10       2002658      1        4        9512918      0.63   777      0        449348      12243.14    0.00        12243.14   
  11       2001376      1        12       9763428      0.64   777      0        446992      12565.54    0.00        12565.54   
  12       2100527      1        9        24150446     1.59   1391     0        445254      17361.93    0.00        17361.93   
  13       2809498      1        1        1167390      0.08   132      0        444058      8843.86     0.00        8843.86    
  14       2001328      1        13       9999750      0.66   777      0        442282      12869.69    0.00        12869.69   
  15       2009205      1        5        1295202      0.09   95       7        437152      13633.71    31731.43    12194.11   
  16       2800627      1        2        1229112      0.08   132      0        435020      9311.45     0.00        9311.45    
  17       2001384      1        13       9724356      0.64   777      0        433528      12515.26    0.00        12515.26   
  18       2008120      1        4        1201100      0.08   132      0        421142      9099.24     0.00        9099.24    
  19       2800500      1        3        1106584      0.07   132      0        353892      8383.21     0.00        8383.21    
  20       2020732      1        2        3672706      0.24   597      0        352676      6151.94     0.00        6151.94    
  21       2000538      1        8        8983284      0.59   614      0        351438      14630.76    0.00        14630.76   
  22       2001375      1        12       9625212      0.63   777      0        342418      12387.66    0.00        12387.66   
  23       2800287      1        3        3449394      0.23   574      0        309628      6009.40     0.00        6009.40    
  24       2803397      1        1        2504680      0.16   132      0        291538      18974.85    0.00        18974.85   
  25       2024565      1        3        738154       0.05   4        0        287124      184538.50   0.00        184538.50  
  26       2814630      1        3        716230       0.05   5        0        281048      143246.00   0.00        143246.00  
  27       2823263      1        3        711872       0.05   4        0        271158      177968.00   0.00        177968.00  
  28       2803399      1        1        2452052      0.16   132      0        257978      18576.15    0.00        18576.15   
  29       2002531      1        5        7085282      0.47   580      0        255794      12216.00    0.00        12216.00   
  30       2803395      1        1        2795328      0.18   132      0        244702      21176.73    0.00        21176.73   
  31       2002555      1        5        7247392      0.48   580      0        241386      12495.50    0.00        12495.50   
  32       2000540      1        8        8504542      0.56   614      0        229606      13851.05    0.00        13851.05   
  33       2002525      1        5        6988010      0.46   580      0        222546      12048.29    0.00        12048.29   
  34       2829004      1        4        5220524      0.34   225      12       215978      23202.33    109252.33   18354.44   
  35       2002532      1        5        7278304      0.48   580      0        204282      12548.80    0.00        12548.80   
  36       2002569      1        5        5942162      0.39   580      0        191792      10245.11    0.00        10245.11   
  37       2816910      1        2        2259334      0.15   30       0        177070      75311.13    0.00        75311.13   
  38       2002704      1        5        7086350      0.47   580      0        173924      12217.84    0.00        12217.84   
  39       2017552      1        6        26562198     1.75   653      0        165988      40677.18    0.00        40677.18   
  40       2002526      1        5        7060904      0.46   580      0        164514      12173.97    0.00        12173.97   
  41       2102563      1        6        1684814      0.11   132      0        162520      12763.74    0.00        12763.74   
  42       2816940      1        2        2071494      0.14   30       0        160158      69049.80    0.00        69049.80   
  43       2002519      1        5        7145654      0.47   580      0        157938      12320.09    0.00        12320.09   
  44       2002508      1        5        7250476      0.48   580      0        156960      12500.82    0.00        12500.82   
  45       2816909      1        2        2180016      0.14   30       0        155582      72667.20    0.00        72667.20   
  46       2002513      1        4        7139700      0.47   580      0        154818      12309.83    0.00        12309.83   
  47       2002558      1        7        7083686      0.47   580      0        154702      12213.25    0.00        12213.25   
  48       2002515      1        5        6751998      0.44   580      0        154310      11641.38    0.00        11641.38   
  49       2001382      1        12       10670260     0.70   777      0        154192      13732.64    0.00        13732.64   
  50       2002521      1        6        7149490      0.47   580      0        154156      12326.71    0.00        12326.71   
  51       2002538      1        5        6959362      0.46   580      0        154048      11998.90    0.00        11998.90   
  52       2002534      1        5        6805572      0.45   580      0        153840      11733.74    0.00        11733.74   
  53       2017612      1        5        25893802     1.70   556      0        153490      46571.59    0.00        46571.59   
  54       2002510      1        4        6905710      0.45   580      0        152636      11906.40    0.00        11906.40   
  55       2002516      1        5        6892498      0.45   580      0        148482      11883.62    0.00        11883.62   
  56       2002517      1        4        7074900      0.47   580      0        146034      12198.10    0.00        12198.10   
  57       2002511      1        4        7051370      0.46   580      0        142936      12157.53    0.00        12157.53   
  58       2803305      1        7        1973744      0.13   37       0        142306      53344.43    0.00        53344.43   
  59       2018316      1        4        280778       0.02   4        0        142058      70194.50    0.00        70194.50   
  60       2810058      1        3        1732344      0.11   49       0        141140      35353.96    0.00        35353.96   
  61       2002509      1        5        7164792      0.47   580      0        138474      12353.09    0.00        12353.09   
  62       2002528      1        5        7181914      0.47   580      0        138324      12382.61    0.00        12382.61   
  63       2002535      1        5        7111764      0.47   580      0        138300      12261.66    0.00        12261.66   
  64       2002512      1        4        7027544      0.46   580      0        138018      12116.46    0.00        12116.46   
  65       2002539      1        5        7091134      0.47   580      0        137796      12226.09    0.00        12226.09   
  66       2821561      1        2        1207654      0.08   30       0        137632      40255.13    0.00        40255.13   
  67       2002541      1        5        7113014      0.47   580      0        137612      12263.82    0.00        12263.82   
  68       2002514      1        5        7052344      0.46   580      0        137058      12159.21    0.00        12159.21   
  69       2002556      1        5        7058270      0.46   580      0        136660      12169.43    0.00        12169.43   
  70       2002530      1        5        7056762      0.46   580      0        136536      12166.83    0.00        12166.83   
  71       2016537      1        2        28118166     1.85   679      6        135674      41411.14    112533.67   40777.06   
  72       2002557      1        5        6816246      0.45   580      0        135644      11752.15    0.00        11752.15   
  73       2001381      1        12       10155302     0.67   777      0        135240      13069.89    0.00        13069.89   
  74       2002559      1        5        7122802      0.47   580      0        134794      12280.69    0.00        12280.69   
  75       2014701      1        12       1370398      0.09   44       0        134594      31145.41    0.00        31145.41   
  76       2009293      1        1        9442748      0.62   777      0        134484      12152.83    0.00        12152.83   
  77       2805348      1        4        1427992      0.09   15       0        134338      95199.47    0.00        95199.47   
  78       2001383      1        12       10244288     0.67   777      0        134110      13184.41    0.00        13184.41   
  79       2801156      1        2        4653950      0.31   757      0        133876      6147.89     0.00        6147.89    
  80       2814631      1        3        653720       0.04   7        0        132880      93388.57    0.00        93388.57   
  81       2830124      1        1        643750       0.04   19       0        130226      33881.58    0.00        33881.58   
  82       2002495      1        5        5739040      0.38   580      0        130068      9894.90     0.00        9894.90    
  83       2002553      1        5        6454008      0.42   580      0        129466      11127.60    0.00        11127.60   
  84       2020399      1        5        1874430      0.12   66       0        128082      28400.45    0.00        28400.45   
  85       2815757      1        4        364008       0.02   5        0        127478      72801.60    0.00        72801.60   
  86       2002499      1        6        6127916      0.40   580      0        126452      10565.37    0.00        10565.37   
  87       2010337      1        19       8674434      0.57   609      0        126238      14243.73    0.00        14243.73   
  88       2002544      1        5        5352518      0.35   580      0        125604      9228.48     0.00        9228.48    
  89       2103154      1        3        1038504      0.07   44       0        125568      23602.36    0.00        23602.36   
  90       2816337      1        5        1498924      0.10   30       0        125312      49964.13    0.00        49964.13   
  91       2820851      1        5        1516556      0.10   30       0        124442      50551.87    0.00        50551.87   
  92       2001377      1        12       9384260      0.62   777      0        123772      12077.55    0.00        12077.55   
  93       2816328      1        5        1147406      0.08   30       0        123598      38246.87    0.00        38246.87   
  94       2001022      1        5        18015374     1.18   1251     0        122484      14400.78    0.00        14400.78   
  95       2002524      1        7        6445106      0.42   580      0        120030      11112.25    0.00        11112.25   
  96       2024771      1        1        1038298      0.07   18       0        119494      57683.22    0.00        57683.22   
  97       2816165      1        5        1408232      0.09   49       0        117302      28739.43    0.00        28739.43   
  98       2002492      1        13       1160078      0.08   57       0        116242      20352.25    0.00        20352.25   
  99       2803506      1        10       1138866      0.07   30       0        116024      37962.20    0.00        37962.20   
  100      2003394      1        8        1493768      0.10   18       0        116008      82987.11    0.00        82987.11   
  101      2814629      1        3        115878       0.01   1        0        115878      115878.00   0.00        115878.00  
  102      2801441      1        2        1203492      0.08   30       0        115006      40116.40    0.00        40116.40   
  103      2829846      1        2        678022       0.04   17       0        114894      39883.65    0.00        39883.65   
  104      2002567      1        5        6150448      0.40   580      0        114364      10604.22    0.00        10604.22   
  105      2100623      1        7        18390214     1.21   1251     0        113828      14700.41    0.00        14700.41   
  106      2803105      1        3        334430       0.02   4        0        113556      83607.50    0.00        83607.50   
  107      2018983      1        7        1386738      0.09   30       0        112720      46224.60    0.00        46224.60   
  108      2827905      1        2        255974       0.02   5        0        112310      51194.80    0.00        51194.80   
  109      2010697      1        8        1115962      0.07   18       0        111510      61997.89    0.00        61997.89   
  110      2002537      1        5        6300854      0.41   580      0        110858      10863.54    0.00        10863.54   
  111      2100523      1        6        14721926     0.97   1391     0        110470      10583.70    0.00        10583.70   
  112      2815804      1        8        488530       0.03   6        0        109236      81421.67    0.00        81421.67   
  113      2019848      1        3        7840182      0.52   1251     0        108898      6267.13     0.00        6267.13    
  114      2827294      1        2        232226       0.02   6        0        108748      38704.33    0.00        38704.33   
  115      2829000      1        5        661876       0.04   19       4        108726      34835.58    107655.50   15416.93   
  116      2002503      1        5        5919446      0.39   580      0        108548      10205.94    0.00        10205.94   
  117      2006411      1        9        391238       0.03   6        0        108454      65206.33    0.00        65206.33   
  118      2010906      1        5        6961044      0.46   609      0        108042      11430.29    0.00        11430.29   
  119      2001378      1        12       9075540      0.60   777      0        107822      11680.23    0.00        11680.23   
  120      2002572      1        5        5813018      0.38   580      0        107178      10022.44    0.00        10022.44   
  121      2810991      1        4        1164864      0.08   30       0        107016      38828.80    0.00        38828.80   
  122      2000544      1        7        18229268     1.20   614      0        106854      29689.36    0.00        29689.36   
  123      2025064      1        5        1361440      0.09   30       0        105776      45381.33    0.00        45381.33   
  124      2002549      1        5        5422632      0.36   580      0        105418      9349.37     0.00        9349.37    
  125      2800277      1        10       1

This file has been truncated. Go here to download in full.


packet_stats.log - (17609 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       1             1       2678258608     2678258608    2678258608          2.7b    0.14
 IPv4       6          1251          6360526     2675259322    1401582286       1753.4b   92.83
 IPv4      17           127         15019594     2730924346    1030974588        130.9b    6.93
 IPv6      17            12         20024468      265835122     152046421          1.8b    0.10
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       1             1          3712250        3712250       3712250          3.7m    0.13
TMM_FLOWWORKER              IPv4       6          1251           337792       32594482       2023000          2.5b   86.14
TMM_FLOWWORKER              IPv4      17           127          1218538       22590830       2473949        314.2m   10.69
TMM_RECEIVEPCAPFILE         IPv4       1             1             5270           5270          5270          5.3k    0.00
TMM_RECEIVEPCAPFILE         IPv4       6          1203             5048        5797684         10956         13.2m    0.45
TMM_RECEIVEPCAPFILE         IPv4      17           127             4458          14066          5104        648.2k    0.02
TMM_DECODEPCAPFILE          IPv4       1             1            25114          25114         25114         25.1k    0.00
TMM_DECODEPCAPFILE          IPv4       6          1203             5170       17076268         19984         24.0m    0.82
TMM_DECODEPCAPFILE          IPv4      17           127             4594          36390          5626        714.6k    0.02
TMM_FLOWWORKER              IPv6      17            12          1320872       22673448       4197584         50.4m    1.71
TMM_RECEIVEPCAPFILE         IPv6      17            12             4482           6622          4967         59.6k    0.00
TMM_DECODEPCAPFILE          IPv6      17            12             4622          58322          9734        116.8k    0.00

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       1             1             6690           6690          6690          6.7k  0.00  
flow                    IPv4       6          1203             4762          80274          6746          8.1m  0.29  
flow                    IPv4      17           127             5454          31880          7939          1.0m  0.04  
stream                  IPv4       6          1251             4818         612720         22807         28.5m  1.01  
app-layer               IPv4      17           127             4712          98686         14949          1.9m  0.07  
detect                  IPv4       1             1          3411176        3411176       3411176          3.4m  0.12  
detect                  IPv4       6          1251           299364       32459606       1942030          2.4b  85.99 
detect                  IPv4      17           127          1185868       22547606       2322841        295.0m  10.44 
tcp-prune               IPv4       6          1251             4448          41116          6186          7.7m  0.27  
flow                    IPv6      17            12             6100          10798          7601         91.2k  0.00  
app-layer               IPv6      17            12             5360          29348         12991        155.9k  0.01  
detect                  IPv6      17            12          1286094       22628384       4150854         49.8m  1.76  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6            50             5836          74922         12791        639.6k  58.31 
dns                     IPv4      17            45             6240          30790         10160        457.2k  41.69 
Proto detect            IPv4       6             4             6514           9614          7950         31.8k
Proto detect            IPv4      17            50             5586          45866         12669        633.5k
Proto detect            IPv6      17             5             8374          14812         11420         57.1k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       1             1            48470          48470         48470         48.5k  0.17  
LOGGER_ALERT_FAST           IPv4       6            30            32868         117860         69964          2.1m  7.19  
LOGGER_ALERT_FAST           IPv4      17             4            37084         190502         83374        333.5k  1.14  
LOGGER_UNIFIED2             IPv4       1             1            75340          75340         75340         75.3k  0.26  
LOGGER_UNIFIED2             IPv4       6            30            32370         150418         77878          2.3m  8.00  
LOGGER_UNIFIED2             IPv4      17             4            44574         133220         79333        317.3k  1.09  
LOGGER_JSON_ALERT           IPv4       1             1           115276         115276        115276        115.3k  0.39  
LOGGER_JSON_ALERT           IPv4       6            30            59058         187684        105166          3.2m  10.81 
LOGGER_JSON_ALERT           IPv4      17             4            66046        8345006       2158842          8.6m  29.58 
LOGGER_JSON_DNS             IPv4      17            31            48558         238040        103248          3.2m  10.96 
LOGGER_JSON_HTTP            IPv4       6            29            40936         290452        155757          4.5m  15.47 
LOGGER_JSON_FILE            IPv4       6            38            66446         216440        114782          4.4m  14.94 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       1             1            24588          24588         24588        24.6k  0.01  
payload                           IPv4       6           637             4554         382030        129569        82.5m  28.91 
payload                           IPv4      17           127             7894         487222         42187         5.4m  1.88  
stream                            IPv4       6           637             4446        2476044        140833        89.7m  31.42 
http_uri                          IPv4       6            84             4598         123586         15000         1.3m  0.44  
http_request_line                 IPv4       6            84             8978          78942         13778         1.2m  0.41  
http_client_body                  IPv4       6           603             4502       14321066        138281        83.4m  29.21 
http_header (request)             IPv4       6            24            32074         263642        154037         3.7m  1.29  
http_header (request trailer)     IPv4       6            22             4514           6334          5423       119.3k  0.04  
http_header_names (request)       IPv4       6            24            15356          60652         33856       812.6k  0.28  
http_accept (request)             IPv4       6            24             5822          11628          7670       184.1k  0.06  
http_referer (request)            IPv4       6            24             5074          33074         11386       273.3k  0.10  
http_content_len (request)        IPv4       6            24             5436          35846          9858       236.6k  0.08  
http_content_type (request)       IPv4       6            24             5766          39880         14473       347.4k  0.12  
http_protocol (request)           IPv4       6            84             4678          39852          7855       659.9k  0.23  
http_start (request)              IPv4       6            24            16660          83048         24786       594.9k  0.21  
http_raw_header (request)         IPv4       6           603             8532          99810         15254         9.2m  3.22  
http_method                       IPv4       6            84             4464         103676          8646       726.3k  0.25  
http_cookie (request)             IPv4       6            24             4996          21330          6885       165.2k  0.06  
http_raw_uri                      IPv4       6            84             4676          43710          7829       657.7k  0.23  
http_user_agent                   IPv4       6            24             4970         104074         43646         1.0m  0.37  
http_host                         IPv4       6            24             7942          44268         11971       287.3k  0.10  
dns_query                         IPv4      17            16             8946          19254         12509       200.1k  0.07  
http_response_line                IPv4       6            22             6172          12562          7796       171.5k  0.06  
http_header (response)            IPv4       6            22            12288          85624         30262       665.8k  0.23  
http_header (response trailer)    IPv4       6            22             4570           6154          5193       114.2k  0.04  
http_content_type (response)      IPv4       6            22             6712          30094         10743       236.4k  0.08  
http_raw_header (response)        IPv4       6            22            12712          33012         17580       386.8k  0.14  
http_cookie (response)            IPv4       6            22             5436          23908          7330       161.3k  0.06  
http_stat_msg                     IPv4       6            22             5748          30408          7404       162.9k  0.06  
http_stat_code                    IPv4       6            22             5800           9462          7155       157.4k  0.06  
Total                             IPv4                  3482                                         81761       284.7m
payload                           IPv6      17            12             9032         445198         66407       796.9k  0.28  
Total                             IPv6                    12                                         66407       796.9k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6            48            67398         201460        104486          5.0m  0.16  
PROF_DETECT_IPONLY          IPv4      17            39            60180         213698        100313          3.9m  0.12  
PROF_DETECT_RULES           IPv4       1             1          3233670        3233670       3233670          3.2m  0.10  
PROF_DETECT_RULES           IPv4       6          1251           223686       32155024       1515966          1.9b  59.77 
PROF_DETECT_RULES           IPv4      17           127          1009724       22421468       2078441        264.0m  8.32  
PROF_DETECT_STATEFUL_START    IPv4       6           675             4970        3481526        190383        128.5m  4.05  
PROF_DETECT_STATEFUL_CONT    IPv4       1             1             5340           5340          5340          5.3k  0.00  
PROF_DETECT_STATEFUL_CONT    IPv4       6          1251             4406        1348838         56594         70.8m  2.23  
PROF_DETECT_STATEFUL_CONT    IPv4      17           127             4640          90868          9633          1.2m  0.04  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6          1123             4470         313778          6452          7.2m  0.23  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17            44             5136          19976          6443        283.5k  0.01  
PROF_DETECT_PREFILTER       IPv4       1             1            98206          98206         98206         98.2k  0.00  
PROF_DETECT_PREFILTER       IPv4       6          1251            14088       15964282        283623        354.8m  11.18 
PROF_DETECT_PREFILTER       IPv4      17           127            48956         543914        108390         13.8m  0.43  
PROF_DETECT_PF_PAYLOAD      IPv4       1             1            34662          34662         34662         34.7k  0.00  
PROF_DETECT_PF_PAYLOAD      IPv4       6           637            23150        2497442        287195        182.9m  5.77  
PROF_DETECT_PF_PAYLOAD      IPv4      17           127            18266         497604         56715          7.2m  0.23  
PROF_DETECT_PF_TX           IPv4       6          1123             4660       14360664        113072        127.0m  4.00  
PROF_DETECT_PF_TX           IPv4      17            29             5148          34378         16304        472.8k  0.01  
PROF_DETECT_PF_SORT1        IPv4       1             1            26318          26318         26318         26.3k  0.00  
PROF_DETECT_PF_SORT1        IPv4       6           695             4546          85586         10780          7.5m  0.24  
PROF_DETECT_PF_SORT1        IPv4      17           127             6432          39654         12434          1.6m  0.05  
PROF_DETECT_PF_SORT2        IPv4       1             1            15894          15894         15894         15.9k  0.00  
PROF_DETECT_PF_SORT2        IPv4       6          1251             4488          83318          7008          8.8m  0.28  
PROF_DETECT_PF_SORT2        IPv4      17           127             5068          40946          8296          1.1m  0.03  
PROF_DETECT_NONMPMLIST      IPv4       1             1             6600           6600          6600          6.6k  0.00  
PROF_DETECT_NONMPMLIST      IPv4       6          1251             4618          73110          6704          8.4m  0.26  
PROF_DETECT_NONMPMLIST      IPv4      17           127             4680          34952          6279        797.5k  0.03  
PROF_DETECT_ALERT           IPv4       1             1             8458           8458          8458          8.5k  0.00  
PROF_DETECT_ALERT           IPv4       6          1251             4410          40946          6179          7.7m  0.24  
PROF_DETECT_ALERT           IPv4      17           127             4542         471554         17360          2.2m  0.07  
PROF_DETECT_CLEANUP         IPv4       1             1             6544           6544          6544          6.5k  0.00  
PROF_DETECT_CLEANUP         IPv4       6          1251             4500          68122          6357          8.0m  0.25  
PROF_DETECT_CLEANUP         IPv4      17           127             4500          30712          6416        814.9k  0.03  
PROF_DETECT_GETSGH          IPv4       1             1             5292           5292          5292          5.3k  0.00  
PROF_DETECT_GETSGH          IPv4       6          1251             4416          81942          6027          7.5m  0.24  
PROF_DETECT_GETSGH          IPv4      17           127             4642         147234          9835          1.2m  0.04  
PROF_DETECT_IPONLY          IPv6      17             5            72332         122142         90899        454.5k  0.01  
PROF_D

This file has been truncated. Go here to download in full.


suricata-report-2019-08-14-T-17-17-26-08142019.1715-7dd80c47-f43c-4fa3-8b62-65655e2d7e16.pcap.txt - (18628 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etproenall/suricata400-etproenall-all.yaml -l /var/www/html/ad3ba4a28a11f5c341c17843629824cc51cf25896b6b2454fe89507ba3b24642 -r /var/pcap/08142019.1715-7dd80c47-f43c-4fa3-8b62-65655e2d7e16.pcap -vvv -k none
elapsedtime:31.145724
stderr:
stdout:
14/8/2019 -- 17:16:55 - <Info> - Configuration node 'rule-files' redefined.
14/8/2019 -- 17:16:55 - <Notice> - This is Suricata version 4.0.0 RELEASE
14/8/2019 -- 17:16:55 - <Info> - CPUs/cores online: 1
14/8/2019 -- 17:16:55 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 31211 and 'request-body-inspect-window' set to 16969 after randomization.
14/8/2019 -- 17:16:55 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 33603 and 'response-body-inspect-window' set to 16064 after randomization.
14/8/2019 -- 17:16:55 - <Config> - DNS request flood protection level: 500
14/8/2019 -- 17:16:55 - <Config> - DNS per flow memcap (state-memcap): 524288
14/8/2019 -- 17:16:55 - <Config> - DNS global memcap: 16777216
14/8/2019 -- 17:16:55 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
14/8/2019 -- 17:16:55 - <Config> - preallocated 1000 hosts of size 136
14/8/2019 -- 17:16:55 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
14/8/2019 -- 17:16:55 - <Config> - using magic-file /usr/share/file/magic
14/8/2019 -- 17:16:55 - <Config> - Core dump size is unlimited.
14/8/2019 -- 17:16:55 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
14/8/2019 -- 17:16:55 - <Config> - preallocated 1000 defrag trackers of size 168
14/8/2019 -- 17:16:55 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
14/8/2019 -- 17:16:55 - <Config> - stream "prealloc-sessions": 2048 (per thread)
14/8/2019 -- 17:16:55 - <Config> - stream "memcap": 33554432
14/8/2019 -- 17:16:55 - <Config> - stream "midstream" session pickups: disabled
14/8/2019 -- 17:16:55 - <Config> - stream "async-oneside": disabled
14/8/2019 -- 17:16:55 - <Config> - stream "checksum-validation": disabled
14/8/2019 -- 17:16:55 - <Config> - stream."inline": disabled
14/8/2019 -- 17:16:55 - <Config> - stream "bypass": disabled
14/8/2019 -- 17:16:55 - <Config> - stream "max-synack-queued": 5
14/8/2019 -- 17:16:55 - <Config> - stream.reassembly "memcap": 134217728
14/8/2019 -- 17:16:55 - <Config> - stream.reassembly "depth": 0
14/8/2019 -- 17:16:55 - <Config> - stream.reassembly "toserver-chunk-size": 2521
14/8/2019 -- 17:16:55 - <Config> - stream.reassembly "toclient-chunk-size": 2482
14/8/2019 -- 17:16:55 - <Config> - stream.reassembly.raw: enabled
14/8/2019 -- 17:16:55 - <Config> - stream.reassembly "segment-prealloc": 2048
14/8/2019 -- 17:16:55 - <Config> - Delayed detect disabled
14/8/2019 -- 17:16:55 - <Config> - pattern matchers: MPM: ac, SPM: bm
14/8/2019 -- 17:16:55 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
14/8/2019 -- 17:16:55 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
14/8/2019 -- 17:16:55 - <Config> - prefilter engines: MPM
14/8/2019 -- 17:16:55 - <Config> - IP reputation disabled
14/8/2019 -- 17:16:55 - <Perf> - Registered 148 keyword profiling counters.
14/8/2019 -- 17:16:55 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-ftp.rules
14/8/2019 -- 17:16:55 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-policy.rules
14/8/2019 -- 17:16:55 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-trojan.rules
14/8/2019 -- 17:17:01 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-games.rules
14/8/2019 -- 17:17:01 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-pop3.rules
14/8/2019 -- 17:17:01 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-user_agents.rules
14/8/2019 -- 17:17:01 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-activex.rules
14/8/2019 -- 17:17:01 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-rpc.rules
14/8/2019 -- 17:17:01 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-attack_response.rules
14/8/2019 -- 17:17:01 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-icmp.rules
14/8/2019 -- 17:17:01 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-scan.rules
14/8/2019 -- 17:17:01 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-voip.rules
14/8/2019 -- 17:17:01 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-chat.rules
14/8/2019 -- 17:17:01 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-icmp_info.rules
14/8/2019 -- 17:17:01 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-info.rules
14/8/2019 -- 17:17:01 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-shellcode.rules
14/8/2019 -- 17:17:01 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-web_client.rules
14/8/2019 -- 17:17:02 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-imap.rules
14/8/2019 -- 17:17:02 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-web_server.rules
14/8/2019 -- 17:17:02 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-current_events.rules
14/8/2019 -- 17:17:05 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-inappropriate.rules
14/8/2019 -- 17:17:05 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-smtp.rules
14/8/2019 -- 17:17:05 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-web_specific_apps.rules
14/8/2019 -- 17:17:08 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-deleted.rules
14/8/2019 -- 17:17:09 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-malware.rules
14/8/2019 -- 17:17:09 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-snmp.rules
14/8/2019 -- 17:17:09 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-worm.rules
14/8/2019 -- 17:17:09 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-dns.rules
14/8/2019 -- 17:17:09 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-misc.rules
14/8/2019 -- 17:17:09 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-sql.rules
14/8/2019 -- 17:17:09 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-dos.rules
14/8/2019 -- 17:17:09 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-netbios.rules
14/8/2019 -- 17:17:09 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-telnet.rules
14/8/2019 -- 17:17:09 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-exploit.rules
14/8/2019 -- 17:17:10 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-p2p.rules
14/8/2019 -- 17:17:10 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-tftp.rules
14/8/2019 -- 17:17:10 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-mobile_malware.rules
14/8/2019 -- 17:17:11 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-botcc.rules
14/8/2019 -- 17:17:11 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-compromised.rules
14/8/2019 -- 17:17:11 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-drop.rules
14/8/2019 -- 17:17:11 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-dshield.rules
14/8/2019 -- 17:17:11 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-tor.rules
14/8/2019 -- 17:17:11 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-ciarmy.rules
14/8/2019 -- 17:17:11 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/local.rules
14/8/2019 -- 17:17:11 - <Config> - No rules loaded from local.rules.
14/8/2019 -- 17:17:11 - <Info> - 44 rule files processed. 50693 rules successfully loaded, 0 rules failed
14/8/2019 -- 17:17:11 - <Info> - Threshold config parsed: 0 rule(s) found
14/8/2019 -- 17:17:12 - <Perf> - using shared mpm ctx' for tcp-packet
14/8/2019 -- 17:17:12 - <Perf> - using shared mpm ctx' for tcp-stream
14/8/2019 -- 17:17:12 - <Perf> - using shared mpm ctx' for udp-packet
14/8/2019 -- 17:17:12 - <Perf> - using shared mpm ctx' for other-ip
14/8/2019 -- 17:17:12 - <Perf> - using shared mpm ctx' for http_uri
14/8/2019 -- 17:17:12 - <Perf> - using shared mpm ctx' for http_request_line
14/8/2019 -- 17:17:12 - <Perf> - using shared mpm ctx' for http_client_body
14/8/2019 -- 17:17:12 - <Perf> - using shared mpm ctx' for http_response_line
14/8/2019 -- 17:17:12 - <Perf> - using shared mpm ctx' for http_header
14/8/2019 -- 17:17:12 - <Perf> - using shared mpm ctx' for http_header
14/8/2019 -- 17:17:12 - <Perf> - using shared mpm ctx' for http_header_names
14/8/2019 -- 17:17:12 - <Perf> - using shared mpm ctx' for http_header_names
14/8/2019 -- 17:17:12 - <Perf> - using shared mpm ctx' for http_accept
14/8/2019 -- 17:17:12 - <Perf> - using shared mpm ctx' for http_accept_enc
14/8/2019 -- 17:17:12 - <Perf> - using shared mpm ctx' for http_accept_lang
14/8/2019 -- 17:17:12 - <Perf> - using shared mpm ctx' for http_referer
14/8/2019 -- 17:17:12 - <Perf> - using shared mpm ctx' for http_connection
14/8/2019 -- 17:17:12 - <Perf> - using shared mpm ctx' for http_content_len
14/8/2019 -- 17:17:12 - <Perf> - using shared mpm ctx' for http_content_len
14/8/2019 -- 17:17:12 - <Perf> - using shared mpm ctx' for http_content_type
14/8/2019 -- 17:17:12 - <Perf> - using shared mpm ctx' for http_content_type
14/8/2019 -- 17:17:12 - <Perf> - using shared mpm ctx' for http_protocol
14/8/2019 -- 17:17:12 - <Perf> - using shared mpm ctx' for http_protocol
14/8/2019 -- 17:17:12 - <Perf> - using shared mpm ctx' for http_start
14/8/2019 -- 17:17:12 - <Perf> - using shared mpm ctx' for http_start
14/8/2019 -- 17:17:12 - <Perf> - using shared mpm ctx' for http_raw_header
14/8/2019 -- 17:17:12 - <Perf> - using shared mpm ctx' for http_raw_header
14/8/2019 -- 17:17:12 - <Perf> - using shared mpm ctx' for http_method
14/8/2019 -- 17:17:12 - <Perf> - using shared mpm ctx' for http_cookie
14/8/2019 -- 17:17:12 - <Perf> - using shared mpm ctx' for http_cookie
14/8/2019 -- 17:17:12 - <Perf> - using shared mpm ctx' for http_raw_uri
14/8/2019 -- 17:17:12 - <Perf> - using shared mpm ctx' for http_user_agent
14/8/2019 -- 17:17:12 - <Perf> - using shared mpm ctx' for http_host
14/8/2019 -- 17:17:12 - <Perf> - using shared mpm ctx' for http_raw_host
14/8/2019 -- 17:17:12 - <Perf> - using shared mpm ctx' for http_stat_msg
14/8/2019 -- 17:17:12 - <Perf> - using shared mpm ctx' for http_stat_code
14/8/2019 -- 17:17:12 - <Perf> - using shared mpm ctx' for dns_query
14/8/2019 -- 17:17:12 - <Perf> - using shared mpm ctx' for tls_sni
14/8/2019 -- 17:17:12 - <Perf> - using shared mpm ctx' for tls_cert_issuer
14/8/2019 -- 17:17:12 - <Perf> - using shared mpm ctx' for tls_cert_subject
14/8/2019 -- 17:17:12 - <Perf> - using shared mpm ctx' for tls_cert_serial
14/8/2019 -- 17:17:12 - <Perf> - using shared mpm ctx' for dce_stub_data
14/8/2019 -- 17:17:12 - <Perf> - using shared mpm ctx' for dce_stub_data
14/8/2019 -- 17:17:12 - <Perf> - using shared mpm ctx' for ssh_protocol
14/8/2019 -- 17:17:12 - <Perf> - using shared mpm ctx' for ssh_protocol
14/8/2019 -- 17:17:12 - <Perf> - using shared mpm ctx' for ssh_software
14/8/2019 -- 17:17:12 - <Perf> - using shared mpm ctx' for ssh_software
14/8/2019 -- 17:17:12 - <Perf> - using shared mpm ctx' for file_data
14/8/2019 -- 17:17:12 - <Perf> - using shared mpm ctx' for file_data
14/8/2019 -- 17:17:12 - <Perf> - using shared mpm ctx' for http_request_line
14/8/2019 -- 17:17:12 - <Perf> - using shared mpm ctx' for http_response_line
14/8/2019 -- 17:17:12 - <Info> - 50718 signatures processed. 1220 are IP-only rules, 21106 are inspecting packet payload, 34612 inspect application layer, 0 are decoder event only
14/8/2019 -- 17:17:12 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
14/8/2019 -- 17:17:13 - <Perf> - TCP toserver: 41 port groups, 35 unique SGH's, 6 copies
14/8/2019 -- 17:17:13 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
14/8/2019 -- 17:17:13 - <Perf> - UDP toserver: 41 port groups, 34 unique SGH's, 7 copies
14/8/2019 -- 17:17:13 - <Perf> - UDP toclient: 21 port groups, 18 unique SGH's, 3 copies
14/8/2019 -- 17:17:13 - <Perf> - OTHER toserver: 254 proto groups, 7 unique SGH's, 247 copies
14/8/2019 -- 17:17:13 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
14/8/2019 -- 17:17:21 - <Perf> - Unique rule groups: 114
14/8/2019 -- 17:17:21 - <Perf> - Builtin MPM "toserver TCP packet": 33
14/8/2019 -- 17:17:21 - <Perf> - Builtin MPM "toclient TCP packet": 18
14/8/2019 -- 17:17:21 - <Perf> - Builtin MPM "toserver TCP stream": 29
14/8/2019 -- 17:17:21 - <Perf> - Builtin MPM "toclient TCP stream": 20
14/8/2019 -- 17:17:21 - <Perf> - Builtin MPM "toserver UDP packet": 33
14/8/2019 -- 17:17:21 - <Perf> - Builtin MPM "toclient UDP packet": 18
14/8/2019 -- 17:17:21 - <Perf> - Builtin MPM "other IP packet": 4
14/8/2019 -- 17:17:21 - <Perf> - AppLayer MPM "toserver http_uri": 14
14/8/2019 -- 17:17:21 - <Perf> - AppLayer MPM "toserver http_request_line": 1
14/8/2019 -- 17:17:21 - <Perf> - AppLayer MPM "toserver http_client_body": 6
14/8/2019 -- 17:17:21 - <Perf> - AppLayer MPM "toclient http_response_line": 1
14/8/2019 -- 17:17:21 - <Perf> - AppLayer MPM "toserver http_header": 10
14/8/2019 -- 17:17:21 - <Perf> - AppLayer MPM "toclient http_header": 6
14/8/2019 -- 17:17:21 - <Perf> - AppLayer MPM "toserver http_header_names": 2
14/8/2019 -- 17:17:21 - <Perf> - AppLayer MPM "toserver http_accept": 1
14/8/2019 -- 17:17:21 - <Perf> - AppLayer MPM "toserver http_referer": 1
14/8/2019 -- 17:17:21 - <Perf> - AppLayer MPM "toserver http_content_len": 1
14/8/2019 -- 17:17:21 - <Perf> - AppLayer MPM "toserver http_content_type": 1
14/8/2019 -- 17:17:21 - <Perf> - AppLayer MPM "toclient http_content_type": 1
14/8/2019 -- 17:17:21 - <Perf> - AppLayer MPM "toserver http_protocol": 1
14/8/2019 -- 17:17:21 - <Perf> - AppLayer MPM "toserver http_start": 1
14/8/2019 -- 17:17:21 - <Perf> - AppLayer MPM "toserver http_raw_header": 2
14/8/2019 -- 17:17:21 - <Perf> - AppLayer MPM "toclient http_raw_header": 2
14/8/2019 -- 17:17:21 - <Perf> - AppLayer MPM "toserver http_method": 5
14/8/2019 -- 17:17:21 - <Perf> - AppLayer MPM "toserver http_cookie": 1
14/8/2019 -- 17:17:21 - <Perf> - AppLayer MPM "toclient http_cookie": 2
14/8/2019 -- 17:17:21 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
14/8/2019 -- 17:17:21 - <Perf> - AppLayer MPM "toserver http_user_agent": 7
14/8/2019 -- 17:17:21 - <Perf> - AppLayer MPM "toserver http_host": 2
14/8/2019 -- 17:17:21 - <Perf> - AppLayer MPM "toclient http_stat_msg": 2
14/8/2019 -- 17:17:21 - <Perf> - AppLayer MPM "toclient http_stat_code": 3
14/8/2019 -- 17:17:21 - <Perf> - AppLayer MPM "toserver dns_query": 4
14/8/2019 -- 17:17:21 - <Perf> - AppLayer MPM "toserver tls_sni": 2
14/8/2019 -- 17:17:21 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
14/8/2019 -- 17:17:21 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
14/8/2019 -- 17:17:21 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
14/8/2019 -- 17:17:21 - <Perf> - AppLayer MPM "toserver dce_stub_data": 1
14/8/2019 -- 17:17:21 - <Perf> - AppLayer MPM "toclient dce_stub_data": 1
14/8/2019 -- 17:17:21 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
14/8/2019 -- 17:17:21 - <Perf> - AppLayer MPM "toserver file_data": 1
14/8/2019 -- 17:17:21 - <Perf> - AppLayer MPM "toclient file_data": 5
14/8/2019 -- 17:17:24 - <Perf> - Registered 50718 rule profiling counters.
14/8/2019 -- 17:17:24 - <Info> - fast output device (regular) initialized: alert
14/8/2019 -- 17:17:24 - <Info> - eve-log output device (regular) initialized: eve.json
14/8/2019 -- 1

This file has been truncated. Go here to download in full.


stats.log - (3386 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
------------------------------------------------------------------------------------
Date: 8/14/2019 -- 17:17:26 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 1783
decoder.bytes                              | Total                     | 758834
decoder.ipv4                               | Total                     | 1331
decoder.ipv6                               | Total                     | 12
decoder.ethernet                           | Total                     | 1783
decoder.tcp                                | Total                     | 1203
decoder.udp                                | Total                     | 139
decoder.icmpv4                             | Total                     | 1
decoder.avg_pkt_size                       | Total                     | 425
decoder.max_pkt_size                       | Total                     | 1260
flow.tcp                                   | Total                     | 24
flow.udp                                   | Total                     | 29
tcp.sessions                               | Total                     | 24
tcp.syn                                    | Total                     | 25
tcp.synack                                 | Total                     | 24
tcp.rst                                    | Total                     | 35
tcp.overlap                                | Total                     | 70
detect.alert                               | Total                     | 39
detect.mpm_list                            | Total                     | 25
detect.nonmpm_list                         | Total                     | 98
detect.fnonmpm_list                        | Total                     | 64
detect.match_list                          | Total                     | 88
app_layer.flow.http                        | Total                     | 22
app_layer.tx.http                          | Total                     | 46
app_layer.flow.dns_udp                     | Total                     | 16
app_layer.tx.dns_udp                       | Total                     | 16
app_layer.flow.failed_udp                  | Total                     | 13
flow_mgr.new_pruned                        | Total                     | 11
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 18
flow_mgr.flows_notimeout                   | Total                     | 7
flow_mgr.flows_timeout                     | Total                     | 11
flow_mgr.flows_removed                     | Total                     | 11
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65518
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7079488


eve.json - (69060 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
{"timestamp":"2019-08-14T17:03:34.444083+0000","flow_id":648869682005683,"pcap_cnt":1,"event_type":"alert","src_ip":"192.168.100.174","src_port":137,"dest_ip":"192.168.100.255","dest_port":137,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2002752,"rev":4,"signature":"ET POLICY Reserved Internal IP Traffic","category":"Potentially Bad Traffic","severity":2},"app_proto":"failed"}
{"timestamp":"2019-08-14T17:04:40.948677+0000","flow_id":223300704303557,"pcap_cnt":172,"event_type":"dns","src_ip":"192.168.100.174","src_port":56000,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":48250,"rrname":"www.shop1457417204564.net","rrtype":"A","tx_id":0}}
{"timestamp":"2019-08-14T17:04:40.973347+0000","flow_id":223300704303557,"pcap_cnt":173,"event_type":"alert","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.174","dest_port":56000,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2002752,"rev":4,"signature":"ET POLICY Reserved Internal IP Traffic","category":"Potentially Bad Traffic","severity":2},"app_proto":"dns"}
{"timestamp":"2019-08-14T17:04:40.973347+0000","flow_id":223300704303557,"pcap_cnt":173,"event_type":"alert","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.174","dest_port":56000,"proto":"UDP","app_proto":"dns","alert":{"action":"allowed","gid":1,"signature_id":2001117,"rev":6,"signature":"ET DNS Standard query response, Name Error","category":"Not Suspicious Traffic","severity":3}}
{"timestamp":"2019-08-14T17:04:40.973347+0000","flow_id":223300704303557,"pcap_cnt":173,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.174","dest_port":56000,"proto":"UDP","dns":{"type":"answer","id":48250,"rcode":"NXDOMAIN","rrname":"www.shop1457417204564.net"}}
{"timestamp":"2019-08-14T17:04:40.973347+0000","flow_id":223300704303557,"pcap_cnt":173,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.174","dest_port":56000,"proto":"UDP","dns":{"type":"answer","id":48250,"rcode":"NXDOMAIN","rrname":"net","rrtype":"SOA","ttl":899}}
{"timestamp":"2019-08-14T17:05:01.006910+0000","flow_id":2101691767659262,"pcap_cnt":192,"event_type":"dns","src_ip":"192.168.100.174","src_port":58001,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":45779,"rrname":"www.48s123w.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-08-14T17:05:01.040303+0000","flow_id":2101691767659262,"pcap_cnt":193,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.174","dest_port":58001,"proto":"UDP","dns":{"type":"answer","id":45779,"rcode":"NOERROR","rrname":"www.48s123w.com","rrtype":"CNAME","ttl":1199,"rdata":"48s123w.com"}}
{"timestamp":"2019-08-14T17:05:01.040303+0000","flow_id":2101691767659262,"pcap_cnt":193,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.174","dest_port":58001,"proto":"UDP","dns":{"type":"answer","id":45779,"rcode":"NOERROR","rrname":"48s123w.com","rrtype":"A","ttl":1199,"rdata":"199.188.200.146"}}
{"timestamp":"2019-08-14T17:05:01.450971+0000","flow_id":1992567386126069,"pcap_cnt":201,"event_type":"http","src_ip":"192.168.100.174","src_port":50646,"dest_ip":"199.188.200.146","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.48s123w.com","url":"\/wi2\/?s0H=rgy0hQQ8PXUjQsouwPqsxe3CMbvlVgTnN62lXwNFCPVcnwP5Lc4yD89203\/\/4zs0\/w8s0Q==&CZ=7notQhC&sql=1","http_content_type":"text\/html"}}
{"timestamp":"2019-08-14T17:05:01.484158+0000","flow_id":1992567386126069,"pcap_cnt":203,"event_type":"http","src_ip":"192.168.100.174","src_port":50646,"dest_ip":"199.188.200.146","dest_port":80,"proto":"TCP","tx_id":1,"http":{}}
{"timestamp":"2019-08-14T17:05:01.484158+0000","flow_id":1992567386126069,"pcap_cnt":203,"event_type":"fileinfo","src_ip":"199.188.200.146","src_port":80,"dest_ip":"192.168.100.174","dest_port":50646,"proto":"TCP","http":{"hostname":"www.48s123w.com","url":"\/wi2\/?s0H=rgy0hQQ8PXUjQsouwPqsxe3CMbvlVgTnN62lXwNFCPVcnwP5Lc4yD89203\/\/4zs0\/w8s0Q==&CZ=7notQhC&sql=1","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":404,"length":321},"app_proto":"http","fileinfo":{"filename":"\/wi2\/","gaps":false,"state":"CLOSED","stored":false,"size":321,"tx_id":0}}
{"timestamp":"2019-08-14T17:05:03.531249+0000","flow_id":1446997017966481,"pcap_cnt":222,"event_type":"alert","src_ip":"192.168.100.174","src_port":50687,"dest_ip":"199.188.200.146","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2010228,"rev":7,"signature":"ET DELETED Suspicious Microsoft Windows NT 6.1 User-Agent Detected","category":"Potential Corporate Privacy Violation","severity":1},"app_proto":"http"}
{"timestamp":"2019-08-14T17:05:03.531276+0000","flow_id":1446997017966481,"pcap_cnt":223,"event_type":"alert","src_ip":"192.168.100.174","src_port":50687,"dest_ip":"199.188.200.146","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2829004,"rev":4,"signature":"ETPRO TROJAN FormBook CnC Checkin (POST)","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2019-08-14T17:05:03.531276+0000","flow_id":1446997017966481,"pcap_cnt":223,"event_type":"fileinfo","src_ip":"192.168.100.174","src_port":50687,"dest_ip":"199.188.200.146","dest_port":80,"proto":"TCP","http":{"hostname":"www.48s123w.com","url":"\/wi2\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_refer":"http:\/\/www.48s123w.com\/wi2\/","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/wi2\/","gaps":false,"state":"CLOSED","stored":false,"size":3769,"tx_id":0}}
{"timestamp":"2019-08-14T17:05:03.647087+0000","flow_id":1308250246984045,"pcap_cnt":287,"event_type":"alert","src_ip":"192.168.100.174","src_port":50688,"dest_ip":"199.188.200.146","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2829004,"rev":4,"signature":"ETPRO TROJAN FormBook CnC Checkin (POST)","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2019-08-14T17:05:03.855387+0000","flow_id":1671400469284804,"pcap_cnt":314,"event_type":"http","src_ip":"192.168.100.174","src_port":50685,"dest_ip":"199.188.200.146","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.48s123w.com","url":"\/wi2\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"}}
{"timestamp":"2019-08-14T17:05:03.855387+0000","flow_id":1671400469284804,"pcap_cnt":314,"event_type":"http","src_ip":"192.168.100.174","src_port":50685,"dest_ip":"199.188.200.146","dest_port":80,"proto":"TCP","tx_id":1,"http":{}}
{"timestamp":"2019-08-14T17:05:03.855387+0000","flow_id":1671400469284804,"pcap_cnt":314,"event_type":"fileinfo","src_ip":"192.168.100.174","src_port":50685,"dest_ip":"199.188.200.146","dest_port":80,"proto":"TCP","http":{"hostname":"www.48s123w.com","url":"\/wi2\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_refer":"http:\/\/www.48s123w.com\/wi2\/","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/wi2\/","gaps":false,"state":"CLOSED","stored":false,"size":313,"tx_id":0}}
{"timestamp":"2019-08-14T17:05:03.882974+0000","flow_id":1446997017966481,"pcap_cnt":318,"event_type":"http","src_ip":"192.168.100.174","src_port":50687,"dest_ip":"199.188.200.146","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.48s123w.com","url":"\/wi2\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"}}
{"timestamp":"2019-08-14T17:05:03.882974+0000","flow_id":1446997017966481,"pcap_cnt":318,"event_type":"http","src_ip":"192.168.100.174","src_port":50687,"dest_ip":"199.188.200.146","dest_port":80,"proto":"TCP","tx_id":1,"http":{}}
{"timestamp":"2019-08-14T17:05:04.236024+0000","flow_id":1308250246984045,"pcap_cnt":447,"event_type":"fileinfo","src_ip":"192.168.100.174","src_port":50688,"dest_ip":"199.188.200.146","dest_port":80,"proto":"TCP","http":{"hostname":"www.48s123w.com","url":"\/wi2\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_refer":"http:\/\/www.48s123w.com\/wi2\/","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/wi2\/","gaps":false,"state":"CLOSED","stored":false,"size":112921,"tx_id":0}}
{"timestamp":"2019-08-14T17:05:04.451457+0000","flow_id":1308250246984045,"pcap_cnt":453,"event_type":"http","src_ip":"192.168.100.174","src_port":50688,"dest_ip":"199.188.200.146","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.48s123w.com","url":"\/wi2\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"}}
{"timestamp":"2019-08-14T17:05:04.451457+0000","flow_id":1308250246984045,"pcap_cnt":453,"event_type":"http","src_ip":"192.168.100.174","src_port":50688,"dest_ip":"199.188.200.146","dest_port":80,"proto":"TCP","tx_id":1,"http":{}}
{"timestamp":"2019-08-14T17:05:21.522932+0000","flow_id":1610540783893172,"pcap_cnt":489,"event_type":"dns","src_ip":"192.168.100.174","src_port":49917,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":16111,"rrname":"www.fshwxe.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-08-14T17:05:21.552350+0000","flow_id":1610540783893172,"pcap_cnt":490,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.174","dest_port":49917,"proto":"UDP","dns":{"type":"answer","id":16111,"rcode":"NOERROR","rrname":"fshwxe.com","rrtype":"SOA","ttl":599}}
{"timestamp":"2019-08-14T17:05:40.538429+0000","flow_id":1089383010940733,"pcap_cnt":544,"event_type":"dns","src_ip":"192.168.100.174","src_port":58850,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":41660,"rrname":"www.astonishingingreen.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-08-14T17:05:40.568049+0000","flow_id":1089383010940733,"pcap_cnt":545,"event_type":"alert","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.174","dest_port":58850,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2001117,"rev":6,"signature":"ET DNS Standard query response, Name Error","category":"Not Suspicious Traffic","severity":3},"app_proto":"dns"}
{"timestamp":"2019-08-14T17:05:40.568049+0000","flow_id":1089383010940733,"pcap_cnt":545,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.174","dest_port":58850,"proto":"UDP","dns":{"type":"answer","id":41660,"rcode":"NXDOMAIN","rrname":"www.astonishingingreen.com"}}
{"timestamp":"2019-08-14T17:05:40.568049+0000","flow_id":1089383010940733,"pcap_cnt":545,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.174","dest_port":58850,"proto":"UDP","dns":{"type":"answer","id":41660,"rcode":"NXDOMAIN","rrname":"com","rrtype":"SOA","ttl":899}}
{"timestamp":"2019-08-14T17:06:00.555030+0000","flow_id":525148863625238,"pcap_cnt":583,"event_type":"dns","src_ip":"192.168.100.174","src_port":65121,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":50267,"rrname":"www.baradseirtaban.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-08-14T17:06:00.591693+0000","flow_id":525148863625238,"pcap_cnt":584,"event_type":"alert","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.174","dest_port":65121,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2001117,"rev":6,"signature":"ET DNS Standard query response, Name Error","category":"Not Suspicious Traffic","severity":3},"app_proto":"dns"}
{"timestamp":"2019-08-14T17:06:00.591693+0000","flow_id":525148863625238,"pcap_cnt":584,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.174","dest_port":65121,"proto":"UDP","dns":{"type":"answer","id":50267,"rcode":"NXDOMAIN","rrname":"www.baradseirtaban.com"}}
{"timestamp":"2019-08-14T17:06:00.591693+0000","flow_id":525148863625238,"pcap_cnt":584,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.174","dest_port":65121,"proto":"UDP","dns":{"type":"answer","id":50267,"rcode":"NXDOMAIN","rrname":"baradseirtaban.com","rrtype":"SOA","ttl":1799}}
{"timestamp":"2019-08-14T17:06:20.585598+0000","flow_id":963879774252926,"pcap_cnt":614,"event_type":"dns","src_ip":"192.168.100.174","src_port":60553,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":12208,"rrname":"www.fagree.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-08-14T17:06:21.060924+0000","flow_id":963879774252926,"pcap_cnt":615,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.174","dest_port":60553,"proto":"UDP","dns":{"type":"answer","id":12208,"rcode":"NOERROR","rrname":"www.fagree.com","rrtype":"A","ttl":3599,"rdata":"58.76.184.4"}}
{"timestamp":"2019-08-14T17:06:22.115158+0000","flow_id":1414625854615528,"pcap_cnt":626,"event_type":"http","src_ip":"192.168.100.174","src_port":51879,"dest_ip":"58.76.184.4","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.fagree.com","url":"\/wi2\/?s0H=r\/hZrAErTa\/T0kKj9kXeKJuUFsghRealUCp+B00cDWgG\/4MRuhdLhwDa3un29qIG2GgWXA==&CZ=7notQhC&sql=1"}}
{"timestamp":"2019-08-14T17:06:22.115158+0000","flow_id":1414625854615528,"pcap_cnt":626,"event_type":"http","src_ip":"192.168.100.174","src_port":51879,"dest_ip":"58.76.184.4","dest_port":80,"proto":"TCP","tx_id":1,"http":{}}
{"timestamp":"2019-08-14T17:06:24.182976+0000","flow_id":1361235116356656,"pcap_cnt":645,"event_type":"alert","src_ip":"192.168.100.174","src_port":51928,"dest_ip":"58.76.184.4","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2010228,"rev":7,"signature":"ET DELETED Suspicious Microsoft Windows NT 6.1 User-Agent Detected","category":"Potential Corporate Privacy Violation","severity":1},"app_proto":"http"}
{"timestamp":"2019-08-14T17:06:24.183035+0000","flow_id":1361235116356656,"pcap_cnt":646,"event_type":"alert","src_ip":"192.168.100.174","src_port":51928,"dest_ip":"58.76.184.4","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2829004,"rev":4,"signature":"ETPRO TROJAN FormBook CnC Checkin (POST)","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2019-08-14T17:06:24.183035+0000","flow_id":1361235116356656,"pcap_cnt":646,"event_type":"fileinfo","src_ip":"192.168.100.174","src_port":51928,"dest_ip":"58.76.184.4","dest_port":80,"proto":"TCP","http":{"hostname":"www.fagree.com","url":"\/wi2\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_refer":"http:\/\/www.fagree.com\/wi2\/","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/wi2\/","gaps":false,"state":"CLOSED","stored":false,"size":3769,"tx_id":0}}
{"timestamp":"2019-08-14T17:06:24.304590+0000","flow_id":2190445124806415,"pcap_cnt":711,"event_type":"alert","src_ip":"192.168.100.174","src_port":51929,"dest_ip":"58.76.184.4","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2829004,"rev":4,"signature":"ETPRO TROJAN FormBook CnC Checkin (POST)","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2019-08-14T17:06:24.989779+0000","flow_id":2071541102709323,"pcap_cnt":871,"event_type":"http","src_ip":"192.168.100.174","src_port":51926,"dest_ip":"58.76.184.4","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.fagree.com","u

This file has been truncated. Go here to download in full.


keyword_perf.log - (17400 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 8/14/2019 -- 17:17:26
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  ack              5582400         988             0               53416           5650.00         0.00            5650.00        
  ipopts           3581350         609             0               71096           5880.00         0.00            5880.00        
  flags            3599488         606             0               35284           5939.00         0.00            5939.00        
  fragbits         18137712        3193            954             48080           5680.00         5539.00         5740.00        
  fragoffset       2575256         470             0               25672           5479.00         0.00            5479.00        
  ttl              3737258         607             0               73474           6156.00         0.00            6156.00        
  itype            200350          31              1               21352           6462.00         5290.00         6502.00        
  icode            471572          78              24              35442           6045.00         5968.00         6080.00        
  icmp_id          19392           2               0               14140           9696.00         0.00            9696.00        
  dsize            2877200         505             505             50772           5697.00         5697.00         0.00           
  flow             35761828        5675            5627            116576          6301.00         6300.00         6452.00        
  threshold        920816          88              12              63140           10463.00        12058.00        10212.00       
  content          70244142        9065            3622            206416          7748.00         7917.00         7637.00        
  pcre             229150948       14634           584             436364          15658.00        9405.00         15918.00       
  byte_test        12246144        1958            715             144090          6254.00         6074.00         6357.00        
  byte_jump        99962           15              15              16888           6664.00         6664.00         0.00           
  sameip           8081228         1391            0               58854           5809.00         0.00            5809.00        
  isdataat         551330          91              43              25086           6058.00         6226.00         5908.00        
  flowbits         1811776         286             55              40994           6334.00         7102.00         6152.00        
  urilen           3896820         652             78              59702           5976.00         6004.00         5973.00        
  byte_extract     2939192         457             424             71374           6431.00         6533.00         5119.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  ack              5582400         988             0               53416           5650.00         0.00            5650.00        
  ipopts           3581350         609             0               71096           5880.00         0.00            5880.00        
  flags            3599488         606             0               35284           5939.00         0.00            5939.00        
  fragbits         18137712        3193            954             48080           5680.00         5539.00         5740.00        
  fragoffset       2575256         470             0               25672           5479.00         0.00            5479.00        
  ttl              3737258         607             0               73474           6156.00         0.00            6156.00        
  itype            200350          31              1               21352           6462.00         5290.00         6502.00        
  icode            471572          78              24              35442           6045.00         5968.00         6080.00        
  icmp_id          19392           2               0               14140           9696.00         0.00            9696.00        
  dsize            2877200         505             505             50772           5697.00         5697.00         0.00           
  flow             35761828        5675            5627            116576          6301.00         6300.00         6452.00        
  sameip           8081228         1391            0               58854           5809.00         0.00            5809.00        
  flowbits         1575640         256             25              40994           6154.00         6179.00         6152.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          23003770        3274            1614            61492           7026.00         7735.00         6336.00        
  pcre             222573194       14044           432             436364          15848.00        7386.00         16116.00       
  byte_test        11991220        1940            703             144090          6181.00         5909.00         6335.00        
  byte_jump        99962           15              15              16888           6664.00         6664.00         0.00           
  isdataat         519202          85              37              25086           6108.00         6367.00         5908.00        
  byte_extract     2939192         457             424             71374           6431.00         6533.00         5119.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         236136          30              30              13814           7871.00         7871.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: threshold
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  threshold        920816          88              12              63140           10463.00        12058.00        10212.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          6899128         1081            235             43344           6382.00         7145.00         6170.00        
  pcre             2380744         249             32              81542           9561.00         7645.00         9843.00        
  isdataat         32128           6               6               6788            5354.00         5354.00         0.00           
  urilen           3896820         652             78              59702           5976.00         6004.00         5973.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_client_body
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          17069842        1602            33              206416          10655.00        40332.00        10031.00       
  pcre             1152280         25              12              190574          46091.00        83663.00        11409.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          188856          32              0               8002            5901.00         0.00            5901.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          17479944        2286            1184            56340           7646.00         7681.00         7608.00        
  pcre             2535282         262             54              34186           9676.00         10067.00        9575.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          693206          100             82              31236           6932.00         6813.00         7474.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_accept_enc
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          151656          18              18              42354           8425.00         8425.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_connection
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          128176          22              22              7908            5826.00         5826.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_len
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  byte_test        254924          18              12              65656           14162.00        15733.00        11021.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          429780          62              62              24232           6931.00         6931.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          665192          94              70              49862           7076.00         7392.00         6155.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- ------------

This file has been truncated. Go here to download in full.


unified2.alert.1565803044 - (88939 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
4]T>æƳ@À¨d®À¨dÿ‰‰Š]T>æ]T>æƳnÿÿÿÿÿÿRTJ¯E`£€ÔëÀ¨d®À¨dÿ‰‰L˼“( FFFDEFFCCNFAEDCACACACACACACACACA À “àÀ¨d®4]T?(Ú#@À¨dÀ¨d®5ÚÀº]T?(]T?(Ú#žRTJ¯RT6>ÿEÅ
@@+QÀ¨dÀ¨d®5ÚÀ|Â;¼zƒwwwshop1457417204564netÀ"ƒ=agtld-serversÀ"nstldverisign-grscom]T?„	:€Q€4]T?(Ú#ˆÝÀ¨dÀ¨d®5ÚÀº]T?(]T?(Ú#žRTJ¯RT6>ÿEÅ
@@+QÀ¨dÀ¨d®5ÚÀ|Â;¼zƒwwwshop1457417204564netÀ"ƒ=agtld-serversÀ"nstldverisign-grscom]T?„	:€Q€4]T??1¬t!À¨d®Ç¼È’ÅÿP]T??]T??1ìEÞuÀ¨d®Ç¼È’ÅÿPPÄPOST /wi2/ HTTP/1.1
Host: www.48s123w.com
Connection: close
Content-Length: 3769
Cache-Control: no-cache
Origin: http://www.48s123w.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.48s123w.com/wi2/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

s0H=jC~O(wsoOTVsGrwgl_nIirPfAY(vWh3gP9b8WRRkNsRgvgvDJ-UsXvM5hjTlgSskqRpXu7OsxOcemfJxpNirBbUWIo0ePvSG0BkbDFFDLw65EMHbaMv_MwA_EmOpK_TfvI9zQBCgoBeaaKXVtMKk(H(fU4EEMcVl7JxwIYAgijZarj8UfxPMP3zZLqZM0AGAOz7MUSP3ROpmSMLZ(tco6Q~fnoKoCLwpXeSqPZuLMMq45GBJPkfWocjq6z9djCRnv1(tluoZFQuhfBAl8Yt0Yr7Ld_G0usiKuIdP~3A2OZiUzIbLBH3vdL9htIqs76HIUH3xTsIpQeQUZ9x9VH6C3Nok3YOtFTvYMXcf8Gcp4FEj~safLm(u9EnfeMHB1oZohEarJrnWzMFiONpHw59jDUEarPCfzdL_89qJHcew4wV-r9dfJ1izGVo6q-GjUA6o0GevKYIN(HIU518SKE2lB2~DJ3BCWRbMX703a1DSeiatgOBqgmzjwHini92OoHsNYYORptwa76kHuRv4ORaxUCEEmcP0F3HJzqepb2w3yy6ljU9L(CMDL2sYSQ8_BomTV3LydCORbVXB66hP~muC45ODtS5_fvOC0w(FevMI1jGf6LuwPgwf0NE6ri(PSCefbzZ2S4lbotFz77u4wo(UnQrKE-g3OMCUTIJ2YbVsXNSZ8ghw2ERexVVO9xanvNaDDvkbeCROnraAB]T??]T??1ìEÞuÀ¨d®Ç¼È’ÅÿPPSY7DX3zEIfezHjFgUW5ME0UIQT1Jrl0kBKHIqxufFphoMasvCYUacpsJwpgpTasKoxX9KQxk3meB3oREmJRMWh5xAHTXZ6IxIh1uctCUTii7zV2cWcgZn7O8TRCHTt-2hXNMEdrrtFYDYsUvhfNxWkePf2lgTLAdqg8F1blmeX1dWPavY44AF0YIA4I0ZfONbQsvzEnrFA3YfX-3tZjELtgGqEklxmri2okw8EZJrcHVyhmno8chf9dGLeOKYScxymTM9(H1vHxjvOAT1JmSq0U8uHR0YrMUW8BgNxfegc19M~E9I2m9oRpxqnNB8epQmosPTxn6f9BA0mKF1nRilEEaJeHGDldrP5mqNDlpkgvZQat(wjY11qPeRMGbUEknA5m(7ggNQS3I6zyXHnMg5Gjd_QrS9sz8CI802F3(WIHmX0AH_rf1HkuvihMYGjGyEg_RsFqSFn6Q5HeexJhHMuBMG~lYo3MGdL36mHEGlymvok6MwtV(E16FMqJIVh4aj53vdfiZE6PkQxZQh042LDlUMQx8dh00h~vr7OvUUYcks0Y6CRmeVhEr6nj6QojbJspggy0LIWg79dGB2IKt63eR0lLIXG5HQdytDcJDVSKVQjifjt7GuaQBDyFYPHCMVZZ7KqyJF(ucFgu3g23r19Uqzuqr1GiaOOtF7TqlyoKy7QcSRg9paSCKWR-v2odVuKNQXqmBjJegBG_tEC9uj45f_74TMnPOYP89GK7792T5mI9QMA5X8N-5DfQwza3h2WYyMIVXr0okylf8N4ozFzEKH63dE6pWu4T5deHeKZkVfYtjOXPxxxKAPcagQB9nPJ0iR0VNHHO6vpE1j~ew8oKzpMdpkfP~7FCckImPYpQM2yfTF~4IKhLKoLmbsV07wsByvdRVm9hZa(T~8AVH_VS~HADyI3g5A~MvogOe1S0YtQiGk9ko56Kx5s733BYsG1jlX136dWGcSpjafsGQxazTlzQIGTdU-xDTn0p~D~CLN2crfY5s5ltcrcM6rGIxB~e7pdFLbnL8vzAzB2ABnE3x0EneBNhXDQvkUFuqNB7V5JtpE99YpglXcxofHZV45iuoTPt54C5s6Ym2V6FDK4Ej0uTx1qYdCRuylju6hO9CNkYrrJ5~Uc5BYxlGsub2r65wL0iqmYRTfzb1ooEwolsFOaBz0SOIXDkGi8n~HD2rKYLm9qlPT6z94]T??L+*ÌÀ¨d®Ç¼È’ÅÿP]T??]T??LìEÞuÀ¨d®Ç¼È’ÅÿPPÄPOST /wi2/ HTTP/1.1
Host: www.48s123w.com
Connection: close
Content-Length: 3769
Cache-Control: no-cache
Origin: http://www.48s123w.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.48s123w.com/wi2/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

s0H=jC~O(wsoOTVsGrwgl_nIirPfAY(vWh3gP9b8WRRkNsRgvgvDJ-UsXvM5hjTlgSskqRpXu7OsxOcemfJxpNirBbUWIo0ePvSG0BkbDFFDLw65EMHbaMv_MwA_EmOpK_TfvI9zQBCgoBeaaKXVtMKk(H(fU4EEMcVl7JxwIYAgijZarj8UfxPMP3zZLqZM0AGAOz7MUSP3ROpmSMLZ(tco6Q~fnoKoCLwpXeSqPZuLMMq45GBJPkfWocjq6z9djCRnv1(tluoZFQuhfBAl8Yt0Yr7Ld_G0usiKuIdP~3A2OZiUzIbLBH3vdL9htIqs76HIUH3xTsIpQeQUZ9x9VH6C3Nok3YOtFTvYMXcf8Gcp4FEj~safLm(u9EnfeMHB1oZohEarJrnWzMFiONpHw59jDUEarPCfzdL_89qJHcew4wV-r9dfJ1izGVo6q-GjUA6o0GevKYIN(HIU518SKE2lB2~DJ3BCWRbMX703a1DSeiatgOBqgmzjwHini92OoHsNYYORptwa76kHuRv4ORaxUCEEmcP0F3HJzqepb2w3yy6ljU9L(CMDL2sYSQ8_BomTV3LydCORbVXB66hP~muC45ODtS5_fvOC0w(FevMI1jGf6LuwPgwf0NE6ri(PSCefbzZ2S4lbotFz77u4wo(UnQrKE-g3OMCUTIJ2YbVsXNSZ8ghw2ERexVVO9xanvNaDDvkbeCROnraAB]T??]T??LìEÞuÀ¨d®Ç¼È’ÅÿPPSY7DX3zEIfezHjFgUW5ME0UIQT1Jrl0kBKHIqxufFphoMasvCYUacpsJwpgpTasKoxX9KQxk3meB3oREmJRMWh5xAHTXZ6IxIh1uctCUTii7zV2cWcgZn7O8TRCHTt-2hXNMEdrrtFYDYsUvhfNxWkePf2lgTLAdqg8F1blmeX1dWPavY44AF0YIA4I0ZfONbQsvzEnrFA3YfX-3tZjELtgGqEklxmri2okw8EZJrcHVyhmno8chf9dGLeOKYScxymTM9(H1vHxjvOAT1JmSq0U8uHR0YrMUW8BgNxfegc19M~E9I2m9oRpxqnNB8epQmosPTxn6f9BA0mKF1nRilEEaJeHGDldrP5mqNDlpkgvZQat(wjY11qPeRMGbUEknA5m(7ggNQS3I6zyXHnMg5Gjd_QrS9sz8CI802F3(WIHmX0AH_rf1HkuvihMYGjGyEg_RsFqSFn6Q5HeexJhHMuBMG~lYo3MGdL36mHEGlymvok6MwtV(E16FMqJIVh4aj53vdfiZE6PkQxZQh042LDlUMQx8dh00h~vr7OvUUYcks0Y6CRmeVhEr6nj6QojbJspggy0LIWg79dGB2IKt63eR0lLIXG5HQdytDcJDVSKVQjifjt7GuaQBDyFYPHCMVZZ7KqyJF(ucFgu3g23r19Uqzuqr1GiaOOtF7TqlyoKy7QcSRg9paSCKWR-v2odVuKNQXqmBjJegBG_tEC9uj45f_74TMnPOYP89GK7792T5mI9QMA5X8N-5DfQwza3h2WYyMIVXr0okylf8N4ozFzEKH63dE6pWu4T5deHeKZkVfYtjOXPxxxKAPcagQB9nPJ0iR0VNHHO6vpE1j~ew8oKzpMdpkfP~7FCckImPYpQM2yfTF~4IKhLKoLmbsV07wsByvdRVm9hZa(T~8AVH_VS~HADyI3g5A~MvogOe1S0YtQiGk9ko56Kx5s733BYsG1jlX136dWGcSpjafsGQxazTlzQIGTdU-xDTn0p~D~CLN2crfY5s5ltcrcM6rGIxB~e7pdFLbnL8vzAzB2ABnE3x0EneBNhXDQvkUFuqNB7V5JtpE99YpglXcxofHZV45iuoTPt54C5s6Ym2V6FDK4Ej0uTx1qYdCRuylju6hO9CNkYrrJ5~Uc5BYxlGsub2r65wL0iqmYRTfzb1ooEwolsFOaBz0SOIXDkGi8n~HD2rKYLm9qlPT6z94]T??	߯+*ÌÀ¨d®Ç¼È’ÆP]T??]T??	߯ìEÞuÀ¨d®Ç¼È’ÆPP՛1jDzie8kfUIWrk6DdYnDmRUnqt364xdD2nFFe2KsHfEOlBdQfEY8GeHfNWqZLzGQS74(UXkuVY8d6LgX-greU0pxCiQbBQeU-t553kWOT(3euAu7CynSawin9cLb-PmGskeHUXUnUnmPgP3hXawjolKXpcGrryDVJF5IRn4oFlLzImOErs459vK5piK0RjqFu9BaGiXVpoIg_xvnwJuvjjQgcHHyDPqKuhdRiYnPLIr7-8Fhojx5dagKI5NiZzg5zSvf3dga7Jmys6mrkKg6xsgE_2802B1IPmOqFQCGBwzfuk3k91t6bF3iQayZvm9Bq3cWXhcgC(hTVSSswbSaECJMCJSIlr_UFv5DxbyI83K(pgwvPPsfpizcGv9NZOe1Y9g89wGdPHZlTBrfw4jnDKZat(MhNPnUgzeGOsezH(ROz~xkL(YUjOV8YniRmsz21gDrnr3MYjsJsSoQLSe0M19mkw2AONr7gd0oT4LWmwFfJOmvqdNXnMCHKubnlV2eo(kbwq5goQ_l5UJCrL366p5Yi~f7qs2(nlzinCoypv67AOzM0IrCpxrT7CATfeg732A9G4UG14gIN7mOz1wWFEvDWZZ4fdEz4AYJSGvZBkOgHjKtJZjH2U-sEoIJMlwmWMIwi72gFcGaLLchBVCDMAb4w8enYjVABqIAo8Vs3aZgo3BDm3EEazQhjVxaiENrP~u(ZYjjFo1vKMQX_XuzZU-yOVeYYlfYmUl8HtRpwhbpRJ41fyiDtnjriU1z6Z-0wUbOMnIxRzUR8SwGK4xW2sdXhMGOeYZquHcEU9bHni3ocZzANPQFA02HEiNK2N1kTkClhq7rX7upU89ki8fK-1agC030kWdhdSK7MsgLodqHmw5jJY3xr6kh6AjYB5mRDaA8eJiAZzgkGGvPUM6pGi2eOEEpvxGneo70qnVJCLMwmqSBkTIQZ46JNEfvNcTpm3oBLzrxp4lSVXYN18nbIvLml4mDTJkXn7Y8cCdGRDa4eKj5SwZKdf0K3tbVeOXGtIqM0Hlm41E4t7qx-eJX7n2aw~aU3fYoeEeDDzYr_llkZoeAxc1Hloj65h6S8I9n3riaUHKeWMSJ1cjRkc87yjRns(ysJCsJYvSW6BWvflYQsVybAGmnRofEAxmFQBhsY6dLuyHEJq70GKkqSw-EIrz4cLWanLAGME4ooX0krW0s6xE3uH0z4C]T??]T??	߯ìEÞuÀ¨d®Ç¼È’ÆPP–ÉfboxLQ-WINvnNJ-AKu8hSFKLEMyyfChPFsQqh69g7O-fgmImrLKhSPSZy2zQkH47Tyc3xUa9mxl9tJcHFZbDwsb(iU4MHPwNT7rsNXMW-YrOFMHvtGTuNCd79q5rkAlTeglSW7i8snr2VS3RGs2bj0HrF6Qfw2Ky0zJcCr7sRthJiCkwts3(sGAt8KhzNhYPbiYefHg3NwqZ6SkSndo3vnOrVPniz1Z8YlhnyiNZjBPEiTeICXfd4ruHnFTZ_dV9zGFMv35qYL9LHy621nfOrEpJ_bLDAW-ZD(nL8RaomrcPUex1Zi3uzn8YadW1Da_wSw6KIaGsxhhdN6EGy~z2I3sTv06oPNp9sDD9qFiLZ7skl~dd52e9RIxRUpIi8ewNbYMVQoQRcDyh1dYx6FiLH500v8T0hoZxdWDM2LiU3JAU9n5fEamUnN3htH-fcML3b(KuGC0lcJFjqjLAjQ1D_QXlAR8hRIb3eUsXVkHII~xxzpMxYcU29liDNfHvkr7l0ewavN0DTeBD63MMTcsWes2Y1VrgQMF1zgy4YyeEdfFc2ujHJ(upRLrqKZuqpoRlBQtNmXJ0FwkmD5ekC3HH_tq5EHT9Bwrz8XwshT9ENC7TNon2eFwdesQXBRXSFjQxFnOSBaWRfc2RxuqHJBRU2BPKSS387fqJCACNQYU0b6QSh0kLkKWxIC0izUp9qgQNDA0ng5VaANFdnIgc0s2SDU0XCbIoCkbg4lbcFYmLnWnHT7WGniTF1VHvNl4rV3JDjxUOijSzzKWDaDdmey67-AafPLC~Tp86p6OUWZh~xbxwSLulRL9owfaa4XIYN~uWPneTEMqf_UQudS-9MwLmsjBV6o48jgvwo2bHOoTHAQlhokr6Uq29cORevg2DLV-p9aoF6opYQpzviuEn40mmnxIVBnVIYUdlCVhpf1n03fVNVw223lm4UhWsykCbPMuUdxVJnBNN1ZNkXFkEH(1x801V7q2ll3mctvdpZN3w_j3VSx3~BDLMpxkiO9up15vlLUL8FfALHau2ksmqVifUSlqAmptjsbjcmVQ(EPxPZnwZLM8iVsNo1Vgbq8uagVRc7Eea9YbZAI6JdeZCWpLgxOyesDhDSOsB5IrbF0Ic_3ER0TmaDRNteuVB2sj~HDuf7iWsWpgWfeZAJRwJamWH9pvjRreLn00916wT4lkMTN96kngO0gpHr6]T??]T??	߯ìEÞuÀ¨d®Ç¼È’ÆPPÝ-Bm_dAwkbts2oHWmmKoTm9TNSBYsHBpMm4jQNSJGOQZSvzB4PCaHEiEuPjYth1vyRo9ox7b22qPhXKFm56(28zAvBdV3PgfzZtLKl8G1P443lz3e5sb70gkmuNf7QPturHPV(8KiXtj-r8VLlb8OltBB6kprfMM4APWw(0MAKGm1DledrDvjbHD0ViPWOa3EdDfVVdPakvcBJWYbMGkAxaRS3gB3iMYue85fvX0gG55Hu6Y2rkZedfVFQYEjm2StkJet7KyDHcRU41eS0sgfkJaQ3HhZwDI8SePhppiZK6qgB5vSvxywG3rsA9(mOwM5Y53AdS0HsHzq1eYHZqMULapLNCkLebMc6eX4wJW0HyGFqtTv3mkVoKcetgIhWMOh8HwNkwAx1y6I2WKaiLlHi7oDzvRxzMVE(b5aWlRUtfFpKu2SU5kKBWt_phuIV1F0SZ4HmdbJlsy2hqqHWDtdZ64JlZ4RD2ZbYTZOCDJy20HgvvByrNKgqrDfoLEn~GDnayf8kTD0kb6p2KmH9nCrELBhRiw9hJWl1xXF7EXDAI2oEIMjfpWX4Jn6VfbFM3lTgEe-ostWyjPLRLJ7VLAiKJidSbJnXqTyxTiTtoFfjKSeHazfunFKoeLR8ghc(L~uEtsTGbav52V0JQsCyjL09j~n6ZaiIL68QgQ0IU(GwQroyXidxDtWws8ZggXz(03KnmPBdFF60qw9AN4gq-2stjmBlXT14f5ICaI4U6CH(aqikHkseP3j6O5MlZvgC2ugy9VVJPMabBwjl-OcgGdKXmuFDjVtxtNkVN6Z6VLcB5a-DyhrrLhxqS8YscXDSkYJyiCsPndgkc6yeS554zpm8SJCX8cp5fYQfA5Jtr5aMa4hJN(7qzRvs2ljX0ox(IEUEYxnaMUL1RPc4LjAG7FVHNyzJ09RHBzF9cOyislql_~GlQSrd-1LTqTXJZ8VyAYnOloHi2(PSC0zK6H6G0dLmLh2G5rveITJlkTB2s(YesgA(7ps0GCDU-3axyRVqJh2tbFGd7Hbqwbv~KbOsiguODF1ZqGfQlO64L34l1y6W3gZ4NtDf-ISjWsLIQNsLb2cPocPs_C3kukXqbTH9WXjU_(j2_gnynAnBfkutS4JReStUmwEpEEivI~Nh5xV09mcx-QNvtXun_Hbvx5ZcaVrfvfxQrrCa7ZjSirjKMp2J62mTq1PVHJvWM3]T??]T??	߯ìEÞuÀ¨d®Ç¼È’ÆPPÁXtb6a4eyEgtNbLO~j7kbDZGfECnnurZnZCsxr1oCCi5xy5jB69QI0d76BSU9DNRbDlTeUMijaGPhsg8K2K6yovisua0TSZfFyZrFBFc~C4BDkDf5UrQUOkjanq7s0WGoD(tXOE0G6NESm7kXpoygD2GM_gFO7k_6WJJK98z1KCmNKDKqJwkI3~v1uinU74gxkB4bGmjAC4aKpDmQEC_Wg99nlSWiZLQ2hA_UjhT2xy9(f~eMq2elI9yyrWl60wpYrf5UMaYcKpcXiR7GN01XtrzuVOvRCef8OpwH4yRh4bKOBh9w-6s74O2zxk4j4b3Sxorv9jOxO0dGuotTBvo65KrDGzuZ7HHyD9w1azmCa3zSMp4dDDrnKVK4D6dwqkqCsjSonRADEVS4mzWRmi2IxbI6N5EucHdNhG5jhUk5U40NgT7T9gldx4AVMnFfXXG72F2kZvtd2gYoUTMbn6JdZX_Zva6RIIg(gt7RA7alBF0co4zqbaBib2dJGrMoFlReIcMptBf1t6JENDvM4YkcFwejwk5Rv(3DSqbGelzJccIwTrhATRy4pfgNN2QIvTMN52og6N72wOCkycYuWPFt6meMfVaEw~Nyb(sr1y5IS06LkjX5seF~dLcTdHqCH1NCJsoel2wXDMAZ9SWrVDBi_fw(eyD2wS6Z5URdFr1J0rS7yJ5NllzSfzRLqLEBSJJvWYvOaNK9gS7iEchAYJHXOSEutdLNW94~SIPYHxg11T1w0RYsVPhowqTzCLNVYKZ5aNalA57ez4LV6MmosfMVgpNfduFtK5c9ZucdrPAwI(jzViWfEgJfdH32uK2RbMWIfizjQ69rtSknHnhiyIQ~5MXs57-rpZAMAj6iER1cOl3kUziO4rt7wWlJRsLUB5HTcIvc6Y2Pt(gt1(t~xpW0nO6bceoe48ET4b0(CHpu_T7puOqWvt7IaSKx8(Ztxw3zJ~kHPsqVZ8wROpm0tC_2EPkO7Z_9KcFNDPUtIq6Dsk-9aqFH9QMgzu8QZpUTpt-adlEUjZfECi8vCygiNJXOsfNb2kubk89Eph8zai0PHPWH4Ec71(7oZDjeiLuP2KXUrLNSS0BTrgJfRv-MDhRY6q6y1HOdMfThsqa0gHQFeZavfaJW44wq5vdEnnIxOA5TpqGjw8FGzzcwR9t3YcQ5zjl1V(7UngJCqX4kzjeg1vLuaIudk3wVdk]T??]T??	߯ìEÞuÀ¨d®Ç¼È’ÆPP¸Òp9phiXExSbkHscJDGfYBqqhlIUMMnlwZPeB9zouFqDO0gsq77dyblG50l~6XfNShfDjMs0l0_mzWUnefrwaRLwI~cKJjTTPYymnb9zuKBjP1R28OV9ly8jVIi7NCdObBDTnFm(w9AbzdEHFFOBqbwhIewkyEowD(oFXt-ER8R6XsSkecSMKZ8uFYwpDKvuUlWj4AoUwSkLxezZTQyIxf9wisRz3IaG9V6~KqPzPvfLuclklANdjvcITynf4cH1qZyNwzLG02XMeesVSv1MrQiC6(g6F68LwSIuZoedSsfuRDcx_aQh9PkYGCYH9e3HEaAeUoD2oGyx1zlt8FJneVETDLmDw~y8XSFO5AzAxiHJNZoOIpeUCJe8VsGFdtLIlM8GY4LAWefZePuluy0~eq2RG0ntFRF0QLlHiRvBQVTmDN9LRDoF9TUCqMkZwcyzqnlCFTNUtkr4f1DQKHaBpsWfDJ7OGI4hOWdhT8VbueHhJfh~Kf450YNUC98(sleFbYW2epwd1o6Uvbf9-NexV2JrhZy5AbzSoFopf1NpyPLaCdlPQR3InFFJ7n0SeDaEoEPUSXZf-QGY9RwapXbEBS4jiadmIUDOVd7AN8sYa2OTSQyYjO0TaGzS0KuS92H6xJpShyBklhuP8I1yWijtpvv9KjSMOR893LxYb18XicWHRTkpwd-dx6Tcl8DoYBRbYxRqO3x7Rk3rgCRRFrwB70pPMiJAb5uMfgoT4l3Co0q6wAYAhT390TsB0yT6V(6Ey4ozyflcTfumncZDxCrQSZGDZNHvv~Prrb6C27mS_zmnSOfUNhhJ2x4ZyQiUUDMaejLuXxCerPEI5Pm7C9Iuj~8OHvx4Cg9ZFm1ZhrElrLgRlJrO7srD7kHb7zi6bsLfI7yuyuUgACFBCoMNkV_yvl1QlZND1EAq8Npc7fyy5dw3hs0tzDMjw~poIqwe4dEuZSEhspcUfnekTN3HKj0hHpitYrck_xGA4VU8rU7LEspetXXF9WZZH5iGOefWRAxHqBc4f7VXaSzuq(W7E4cz2wn6mDbTERo27MrQdH7VxVv6ASFRYKzM7Y2zo(g0z7tTzzbeT~ogOCX32xI65Ao1JqYC6Cre7LfsZqIiVkxCcJEoOP2peI3Ma0RXEE03pnfgRu5wnVdqyvaDROk9nswra6lmKPDEzur5V8_JjUdCYvTfdU901yrQbQRH]T??]T??	߯ìEÞuÀ¨d®Ç¼È’ÆPPý_J4gzKKI7KtKm1PBdFz8nfNA5CxCZHMotRxmHQvBxwzEMsvmr3vTfNwevt06RQYwwB-rFUrl38r~cMoi0TMwVs6ycu20IZBQ-ZQYSE_QQ(RWlHK7_Ui~8vv0yySz5lrnM34fp47cjZCZoTjBCgaYKATjqGVyofUxWoiFWZzs5qZj76lVk8TYteRXRVdUSDjOBdAtIHV2CFvV_peATUlem(oV5yfChitPL0piNhB2f7sIcjZYu9o6fibOnaZCk~gM8(3CyQu7quS4R9NzWSpXS8LGF5PIaFQZYIJDo5zhok7kutcgqK8jzxPtGHK(bjdpo(TtfPrGi10sd2ZtkFZUYBDVpU9pDNS64q9r_kW(8yKEHxpIttFXWXKBH1R2ng1TZOGU8AkHDLgo5kkPBcnY208BHIVsN7kK0vC8-ltq6prV2k8HOV0WVPgsbrjg8lEl8WPhI(tBK1avi8Tf_o1Zfak8hb2LxYPW-EEYugkudUQ~cnDkRG-8lRKePxtFFdkbF3al3WmBJYzLyzRo2I-KUBQzm97QaW-WH9pT4S49RtOd5vuJETYcrEzh22bFG4cyMOW2Qu0I8llvNSwSypnjh8n83NKytFd4JYT1_nyTPQmx11t8DJmOapC152xnpxqb7Fl6jWRfV5_fofEWCy2lQAMhg4x32Yg~Qffyup6KpRJjObjOUSyzGLlmLd8Ldt8Ej(pDT7n88qc8m29NamJGeejpznt7ad-4e3BXN43N471qCRWMz(GxyzvyB4LaIQcjUX3NyventGuFVRGasv22Nw3~ON7lRU7lb(Uu59OsaGUiT77IWnjgXvsVu6AFE~QwOoe6HvFYLwdexaFTFZeLmShPCW-DoMyJ3KAjYBSCWHghxtCXMRxw4VX7DgWzASuqYRqW3Yi0pQ4Mt33V4IUyeujhf32RZdPFvEiR1jI0zwc8Si-FHhfayp8e7yrTDpW5ASfF1rjO0LXCuGrAFcBBqSgx1R7zkEWGiWXP27PWSIPb1Q8jKJEeKpmGQVCwe4sDhRNh5RdllJx4rbTvGx3bTLIyVaCohfM2uE9EYuzLArUiXhe1PX0OSN_dCexNofWgpQp9nzYqnyZnXmvnMN-uK5tHeGZbWEuG8y9NhVDVA6JV7~OWupja934G14jzXgbf51_qZyt~s7cwrbguQlY0NKlGLfGAKjDp_d72k~jN0Gp72~S4Lp58AQ]T??]T??	߯ìEÞuÀ¨d®Ç¼È’ÆPP'©pftMQCgtlBFe0HP5mjm6c2fWxiOPlrXnioWPoIEha8e8a32KUgyD7adWF1N~LJzHjhweun9iiDGtnH7WPzWlkdiedqMDXOsJXf3CeA58ZCcP212UVey08BEyquLk0h_d-I3Jdrc3FgKszT4aEmrZHuQ22b-2cx5YtT5ku0BU2CS4eSbrGi8zR5IkvuTNuF3IpEio5p_lzXbHNZgMl0i4GDzypZd0xQKSHeuLrWmImzdS1AUhE96ieHCFKE9IqpxZIhTc-U6L8nmFUrTyDPDq6FZcGcDNWyuseIKArzG~MUtCCC3YRUAXI3EFE0rD3hTP1AtCRVDf0qSwtvsfD9OzLkBqok4Ka5B~yFsHBthoBLs14wnx5PpMDQ2PqY2b5AKJTm8mExY7GhcLPBhvjSd3dJHmtvCgkN-AmXJfAT85vxPaliVd0LqO9RgqpA-DbTAEXfSO3WhxTnBCBIuweqJgmfIaceeLq83CI5ktlT7Ke9p8WMuEE5U1AZBX23ChO(G~GviVoksgaArrW1AgcBa5HgwmK5c5N(35yRm~y6qThTEUVpqmnban69c6AZV0RkJnZXbj9GFkBgHJ_HGz5qzEer0SKw8jt7zKpuCYepITI3h(KXfcXsDtgWgOHOgGQNvQEq2QU2hLD1UcCu5sJUCrbcxL28aOYPCIsHEkSR1bzpampvaz1X-hW91VWUIGlHBFFt5YKINX0QnMDa6TxLRfcY0im64w32oHa4S9ij_U-KjV-kzMWTUNWLrCa6tJGpzComxEy~VNe7pm2nvlPB5IWEOuS2ApTe0qGJUl6ZqpXlx48Yoq-d-aZQHiOgpjg9g96~7Sh8qusvuyfnCytPoNZSobP03WZJpC25dFughEkxy9l59CNWApBd771YJfOf3QkUdiYhMjqYtpncIh4SaTGI3Cpcp2So06MeKsjen3gts91uQ1gedr1OS~1L16_rB~Ip7P_M25mBDP3DHXhUSTO3nYVyYvH~jrjyWDrg1jDiwVQa1MywSzsIYWtrfztf8khKlP22RC1BtfcfU9h6Ii0e1bsE6kV06lc0j0pXnVgkTrxntMPQvrggT3MSdHkPgYFq8BhELDNzegNuRpVKd~ZL8IIRJlgmaFRAkC5ZIxhUlhxjesRytwX4KKnYHDESRusR6Y-c_5MFfHhIaGQ6kMHickjjf0IaoDnRMduWc9Dw114BJtvxS(tn]T??]T??	߯ìEÞuÀ¨d®Ç¼È’ÆPP79eGxmM8fvCLws5R33I7LWJFNgg(0urOMIw~69NZ4a_U4CE~PBOoVo6x8sgwkr8fhmqy0hoA0AoCxmxTZPmjv7kv5yRzlO4SiNN1OFFOkpYBlOob1TY1tMluz2Sm07_bolgeftFmCP9buQSz4~1vVGsUpi4cnRsLhtZADdraLCjFwSd2u6oVhPSjQ3EErmuR7jKXXpejhdtORCY3i1dkf52pNZI5rlxneV8bjH_Ym37XzShTfNEogG4FsGlLtgkfkiPmDbBqvU64_s6Dou7S6GqHtDQT7kqBrhaQjCFKECh9tVHM6VMVesXID~acTD-tmKfHW7553M2jH4aeqA4f7oIDrO22mwTgejAPaLEdAoZBBA4Iq6lXsSTtDK6gG2RXSENZwQ_MUr70GcRSx1RO2(OGE4fw_mlV6D4GxdH33Ag6Bd7Z8RBZwEjpfITMBpMDwcL3FMWfmLba_uricBJPxdZruBDkNwgwTPExJpFlFOTAB4wXV2zfM7stLUsMLExig2ePdNguRkFkdKaoF34nH9pPXGvHNOPZE4B(VQGY2Ci8_dkYT8uVt6SiPKigM~_CUmJiBXihTze~JEoen3KAPDR6qeeJVepdDCEx_VPMgZXD8STWWuIzRTQ2E~cjDRCjwhMp595rEwc95ZOb8PfDFB-AF56ZXDlovlj2f3BLu(zwYpcl9tdYFvEkjglVYZGUQfqsV3xLZlMlfY80BeXN5pU~UEl5mdNS-WYpEkh2pmpYiIQNteyoK2K~3HVUHsunwPXdOsaS0SiwTT2QnQ9LmAw211LlycoFQaq3C0SHKYmLZOcZ-e2ra6xOrgsxHCHcy74TQbXGq9b7V7p34785itUmNzMKLk3JHiTbkv02tOtsetmz9T5oosh~DaAiWCLtZy2tuCTNCeXx-VuJGo8Yys0qxqS4qOSzzrjZ2AGCSywkXKcC1imitm9XtJwW8G7HhDmcauBIco0WCuziMY0wGg70RiIJbRuOEdKy_YpmQxK7DxC6-cX7q290TUY4mejpP(XOPXC~JKJFbVY7QwA273YlIGKcK~8n1jrBA7sxli0U78N2pBp6QCPq7bB6AAkyJJhmJcGJxwk9PqmuhfOiuQH9wIlXIPQcvzuAb4yBlNHg0GJAphIqlAmuoC

This file has been truncated. Go here to download in full.


suricata-4.0.0-etproenall-all-alert-2019-08-14-T-17-17-26-08142019.1715-7dd80c47-f43c-4fa3-8b62-65655e2d7e16.pcap.txt - (8223 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
08/14/2019-17:03:34.444083  [**] [1:2002752:4] ET POLICY Reserved Internal IP Traffic [**] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} 192.168.100.174:137 -> 192.168.100.255:137
08/14/2019-17:04:40.973347  [**] [1:2002752:4] ET POLICY Reserved Internal IP Traffic [**] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} 192.168.100.2:53 -> 192.168.100.174:56000
08/14/2019-17:04:40.973347  [**] [1:2001117:6] ET DNS Standard query response, Name Error [**] [Classification: Not Suspicious Traffic] [Priority: 3] {UDP} 192.168.100.2:53 -> 192.168.100.174:56000
08/14/2019-17:05:03.531249  [**] [1:2010228:7] ET DELETED Suspicious Microsoft Windows NT 6.1 User-Agent Detected [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 192.168.100.174:50687 -> 199.188.200.146:80
08/14/2019-17:05:03.531276  [**] [1:2829004:4] ETPRO TROJAN FormBook CnC Checkin (POST) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.100.174:50687 -> 199.188.200.146:80
08/14/2019-17:05:03.647087  [**] [1:2829004:4] ETPRO TROJAN FormBook CnC Checkin (POST) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.100.174:50688 -> 199.188.200.146:80
08/14/2019-17:05:40.568049  [**] [1:2001117:6] ET DNS Standard query response, Name Error [**] [Classification: Not Suspicious Traffic] [Priority: 3] {UDP} 192.168.100.2:53 -> 192.168.100.174:58850
08/14/2019-17:06:00.591693  [**] [1:2001117:6] ET DNS Standard query response, Name Error [**] [Classification: Not Suspicious Traffic] [Priority: 3] {UDP} 192.168.100.2:53 -> 192.168.100.174:65121
08/14/2019-17:06:24.182976  [**] [1:2010228:7] ET DELETED Suspicious Microsoft Windows NT 6.1 User-Agent Detected [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 192.168.100.174:51928 -> 58.76.184.4:80
08/14/2019-17:06:24.183035  [**] [1:2829004:4] ETPRO TROJAN FormBook CnC Checkin (POST) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.100.174:51928 -> 58.76.184.4:80
08/14/2019-17:06:24.304590  [**] [1:2829004:4] ETPRO TROJAN FormBook CnC Checkin (POST) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.100.174:51929 -> 58.76.184.4:80
08/14/2019-17:06:42.741082  [**] [1:2829000:5] ETPRO TROJAN FormBook CnC Checkin (GET) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.100.174:52193 -> 162.213.255.220:80
08/14/2019-17:06:45.690451  [**] [1:2829004:4] ETPRO TROJAN FormBook CnC Checkin (POST) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.100.174:52230 -> 162.213.255.220:80
08/14/2019-17:06:45.925896  [**] [1:2829004:4] ETPRO TROJAN FormBook CnC Checkin (POST) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.100.174:52235 -> 162.213.255.220:80
08/14/2019-17:07:03.491859  [**] [1:2829000:5] ETPRO TROJAN FormBook CnC Checkin (GET) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.100.174:52485 -> 162.209.194.234:80
08/14/2019-17:07:03.694620  [**] [1:2010518:4] ET WEB_CLIENT Possible HTTP 404 XSS Attempt (External Source) [**] [Classification: Web Application Attack] [Priority: 1] {TCP} 162.209.194.234:80 -> 192.168.100.174:52485
08/14/2019-17:07:08.585869  [**] [1:2829004:4] ETPRO TROJAN FormBook CnC Checkin (POST) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.100.174:52583 -> 162.209.194.234:80
08/14/2019-17:07:09.896971  [**] [1:2010518:4] ET WEB_CLIENT Possible HTTP 404 XSS Attempt (External Source) [**] [Classification: Web Application Attack] [Priority: 1] {TCP} 162.209.194.234:80 -> 192.168.100.174:52585
08/14/2019-17:07:16.853346  [**] [1:2010518:4] ET WEB_CLIENT Possible HTTP 404 XSS Attempt (External Source) [**] [Classification: Web Application Attack] [Priority: 1] {TCP} 162.209.194.234:80 -> 192.168.100.174:52583
08/14/2019-17:07:24.787863  [**] [1:2829000:5] ETPRO TROJAN FormBook CnC Checkin (GET) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.100.174:52829 -> 170.178.168.203:80
08/14/2019-17:07:26.865849  [**] [1:2010228:7] ET DELETED Suspicious Microsoft Windows NT 6.1 User-Agent Detected [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 192.168.100.174:52877 -> 170.178.168.203:80
08/14/2019-17:07:26.865870  [**] [1:2829004:4] ETPRO TROJAN FormBook CnC Checkin (POST) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.100.174:52877 -> 170.178.168.203:80
08/14/2019-17:07:27.330749  [**] [1:2829004:4] ETPRO TROJAN FormBook CnC Checkin (POST) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.100.174:52878 -> 170.178.168.203:80
08/14/2019-17:07:43.203146  [**] [1:2002750:27] ET DELETED Reserved IP Space Traffic - Bogon Nets 2 [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 104.148.23.214:80 -> 192.168.100.174:53135
08/14/2019-17:07:43.577224  [**] [1:2829000:5] ETPRO TROJAN FormBook CnC Checkin (GET) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.100.174:53135 -> 104.148.23.214:80
08/14/2019-17:07:43.605494  [**] [1:2008054:7] ET DELETED Nginx Server in use - Often Hostile Traffic [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 104.148.23.214:80 -> 192.168.100.174:53135
08/14/2019-17:07:43.605494  [**] [1:2008064:6] ET DELETED Nginx Server with no version string - Often Hostile Traffic [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 104.148.23.214:80 -> 192.168.100.174:53135
08/14/2019-17:07:45.656630  [**] [1:2829004:4] ETPRO TROJAN FormBook CnC Checkin (POST) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.100.174:53174 -> 104.148.23.214:80
08/14/2019-17:07:45.762254  [**] [1:2829004:4] ETPRO TROJAN FormBook CnC Checkin (POST) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.100.174:53176 -> 104.148.23.214:80
08/14/2019-17:07:46.001036  [**] [1:2008054:7] ET DELETED Nginx Server in use - Often Hostile Traffic [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 104.148.23.214:80 -> 192.168.100.174:53174
08/14/2019-17:07:46.001036  [**] [1:2008064:6] ET DELETED Nginx Server with no version string - Often Hostile Traffic [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 104.148.23.214:80 -> 192.168.100.174:53174
08/14/2019-17:07:46.048089  [**] [1:2008054:7] ET DELETED Nginx Server in use - Often Hostile Traffic [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 104.148.23.214:80 -> 192.168.100.174:53176
08/14/2019-17:07:46.048089  [**] [1:2008064:6] ET DELETED Nginx Server with no version string - Often Hostile Traffic [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 104.148.23.214:80 -> 192.168.100.174:53176
08/14/2019-17:08:08.821202  [**] [1:2010518:4] ET WEB_CLIENT Possible HTTP 404 XSS Attempt (External Source) [**] [Classification: Web Application Attack] [Priority: 1] {TCP} 162.209.194.234:80 -> 192.168.100.174:52533
08/14/2019-17:08:14.654264  [**] [1:2100402:8] GPL ICMP_INFO Destination Unreachable Port Unreachable [**] [Classification: Misc activity] [Priority: 3] {ICMP} 192.168.100.174:3 -> 192.168.100.2:3
08/14/2019-17:08:35.643802  [**] [1:2829004:4] ETPRO TROJAN FormBook CnC Checkin (POST) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.100.174:52585 -> 162.209.194.234:80
08/14/2019-17:08:35.643802  [**] [1:2010518:4] ET WEB_CLIENT Possible HTTP 404 XSS Attempt (External Source) [**] [Classification: Web Application Attack] [Priority: 1] {TCP} 162.209.194.234:80 -> 192.168.100.174:52585
08/14/2019-17:08:35.643802  [**] [1:2010518:4] ET WEB_CLIENT Possible HTTP 404 XSS Attempt (External Source) [**] [Classification: Web Application Attack] [Priority: 1] {TCP} 162.209.194.234:80 -> 192.168.100.174:52583
08/14/2019-17:08:35.643802  [**] [1:2010518:4] ET WEB_CLIENT Possible HTTP 404 XSS Attempt (External Source) [**] [Classification: Web Application Attack] [Priority: 1] {TCP} 162.209.194.234:80 -> 192.168.100.174:52485


IDSDeathBlossom.py.log - (1191 bytes) - download
1
2
3
4
5
6
7
8
2019-08-14 17:16:54,439 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-08-14 17:16:55,251 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-08-14 17:16:55,251 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etproenall-all
2019-08-14 17:16:55,251 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-08-14 17:16:55,251 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-08-14 17:16:55,252 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etproenall/suricata400-etproenall-all.yaml -l /var/www/html/ad3ba4a28a11f5c341c17843629824cc51cf25896b6b2454fe89507ba3b24642 -r /var/pcap/08142019.1715-7dd80c47-f43c-4fa3-8b62-65655e2d7e16.pcap -vvv -k none
2019-08-14 17:17:26,400 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-08-14 17:17:26,401 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 31.9735200405