Filename: ed8655ab9b11f537e3c94acced00019c.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etopen-all
Runtime: 9.25946307182 seconds
Hash: ed8655ab9b11f537e3c94acced00019c
Uploaded: 1558533508

Logfiles


unified2.alert.1558533516 - (2441 bytes) - download
1
2
3
4
5
4[Ð61ê Á	{1À¨ý?™C½Ï[Ð6[Ð61êq³#éuE“éá@ÿUN{1À¨ý?™C½=—¨g[8€2œo
¥Bª8›äÕ[ÿSMBu /KÅ^ÿ\\192.168.0.54\IPC$?????EPATH_REPLACE__?????4[Ð6"	†Ê Â	{1À¨ý?šs½Ð[Ð6"[Ð6"	†Êq´#éuE”ãØ@ÿ[V{1À¨ý?šs½pMí’øú€˜Rã
¥B¶Ê›ä	\ÿSMBuÀÿþ€@ÿ\1\\192.168.56.20\IPC$?????ÌX­=khšÚ"k<ñ<°4[Ð9¨	% Â	Þ1uìÀ¨ý?êÀ½Ð[Ð9¨[Ð9¨	%q´#éuE”cH@ÿÞ1uìÀ¨ý?êÀ½À—tä/;€˜~7
¥Pz›åih\ÿSMBuÀÿþp@ÿ\1\\58.248.56.125\IPC$?????4[Ð9¬ZæãÀ¨ý?Þ1uì½êÀ¥[Ð9¬[Ð9¬Zæq‰Ûÿ EiÆ@~×ÂÀ¨ý?Þ1uì½êÀä/úÀ˜l»€ù5<
›åk¥PŠ/1ÿSMB+˜À@ÿþpAJlJmIhClBsr4[Ð9­w„ãiÞ1uìÀ¨ý?êÀ½![Ð9­[Ð9­w„E£íÞ1uìÀ¨ý?êÀ½P¥5snkcNlhZczuWLt6dlJoPFM8KDFbw5ME/LWgXwTiRrBsGJ55J/dZ9zsKfnKPtGWUs9XqocPtk/ra2RIv4bT6Hpl+95Tuo/BogL+7IGN1Q/h€¨ÿÿÿÿñßÿ ðßÿñßÿÿÿÿÿ`€ïßÿÐÿÿÿÿÿÐÿÿÿÿÿ`ÿÏÿÿÿÿÿ€2»XiJfOWdPc2JURB0yKrt8C3mKvsQz+p6k+Jk/A3pzE+O87tC05rYfIO/j4O5KwEwebi0K4Ws0fH+4ioga8PKBpAnj09iUFw4BiT1r5PX8jIdNPu1PSDonZc7F2ommus+H5aBNJCMQizH6GhIK3C/rwo8TZGngZcmQLa3FteNEmsXgPwiHmwZ728KJIDBU7Y/iS8c+JsefyVdrE7AuOVT86PQWBK+XIPgJhryi4Wzn55IKwg9JB5Od4IS5J9vxtN5jcufiK5xyXFPlkmZZvsdpxL+EJl593Hm5AEIqVDLNrOblEygaMwH4kYudUf7rK097X9TSqI29VnTopH7G24tA5aZuyqtxz8VUhQa8x++Aaj8cEhxs+4hAz2p7NGoT6D6vEVXFI9mYRkxcTFebwToiqA8UYKeypOKGsFz17d23GSWVhoeqcPKBZq7dIZoa15AfGsCahFq1xQIcV8QSamaoGPXL73Tp0wrzJilDNW8M7pWPgAx8Wm/PgPulY7MgcOoojED98e4oAaZ0t46CITw3qMetL0TO7zn3qXd3f0lD2f3HXFCLEu3+E74D8q//cvZEJKpQ/qOmerx09kSoe79q3mvFcWfChNXr6BWHPgkKp2d/eeZuPzjdrUbp+cr33Bn6VpSxNW7otCTXJ6QPckISyOqy2pj4KxHCs9Gryb5fLns68sKlzcbDrB6gw0iFsNF90o075Qzp2/+4DSa0TpsC4mUNmxW2lNrv4XDhLJ+7XZ1dORtpX0o1/bfhkGZg7T/lpYW4W/r7HS3VKRO+2IH0mg3yT6qXdqGJat8Izg67zQHyXPulFK7kKfSrqo3gsY/e4DSW5ZFJ2RXDBtBOyLgOTaAmuQzotXVUeSkgTmQL+gCYJK8E1uRlpZP6ubXRs8ISXkNGsNEffPWkp06XVNhinvT48r5lNoTEe7ay8WrOBQmP/22NVthE74ziRh+/t2NQVqP==


packet_stats.log - (5660 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6           289            98163       74472151      41137410         11.9b  100.00
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6           289            64976        9811635        276753         80.0m   97.47
TMM_RECEIVEPCAPFILE         IPv4       6           243             2538          46342          5484          1.3m    1.62
TMM_DECODEPCAPFILE          IPv4       6           243             2669          30850          3072        746.7k    0.91

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6           243             2874         105171          4293          1.0m  1.54  
stream                  IPv4       6           289             2874         430506         12862          3.7m  5.49  
detect                  IPv4       6           289            43623        9771572        214557         62.0m  91.52 
tcp-prune               IPv4       6           289             2538          61147          3400        982.8k  1.45  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
smb                     IPv4       6            12             2634           5076          3193         38.3k  44.45 
smb2                    IPv4       6            18             2534           3198          2660         47.9k  55.55 
Proto detect            IPv4       6            20             2737          26462          4485         89.7k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6             5            40089         241238         93999        470.0k  5.82  
LOGGER_UNIFIED2             IPv4       6             5            19463         228779         72478        362.4k  4.48  
LOGGER_JSON_ALERT           IPv4       6             5            69370        6921128       1449629          7.2m  89.70 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6           133             2524          86871         16971         2.3m  42.92 
stream                            IPv4       6           133             2537         713146         22566         3.0m  57.08 
Total                             IPv4                   266                                         19768         5.3m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6            50             3422          59517         16601        830.1k  1.29  
PROF_DETECT_RULES           IPv4       6           289             2524        2279604         68492         19.8m  30.80 
PROF_DETECT_STATEFUL_CONT    IPv4       6           289             2507          31606          3661          1.1m  1.65  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6           131             2545           3630          2672        350.1k  0.54  
PROF_DETECT_PREFILTER       IPv4       6           289             7678        9701948         72118         20.8m  32.43 
PROF_DETECT_PF_PAYLOAD      IPv4       6           133            13439        9671402        120738         16.1m  24.99 
PROF_DETECT_PF_TX           IPv4       6           131             2641          17234          3221        422.0k  0.66  
PROF_DETECT_PF_SORT1        IPv4       6            85             2560          30763          3985        338.8k  0.53  
PROF_DETECT_PF_SORT2        IPv4       6           289             2511          39277          2851        824.2k  1.28  
PROF_DETECT_NONMPMLIST      IPv4       6           289             2527          33527          2979        861.0k  1.34  
PROF_DETECT_ALERT           IPv4       6           289             2512          46991          2980        861.4k  1.34  
PROF_DETECT_CLEANUP         IPv4       6           289             2545          30811          3216        929.5k  1.45  
PROF_DETECT_GETSGH          IPv4       6           289             2530          66065          3777          1.1m  1.70  


suricata-4.0.0-etopen-all-alert-2019-05-22-T-13-58-38-05222019.1358-ed8655ab9b11f537e3c94acced00019c.pcap.txt - (1049 bytes) - download
1
2
3
4
5
10/24/2018-09:06:39.405994  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 123.27.3.49:39235 -> 192.168.253.63:445
10/24/2018-09:06:42.624330  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 123.27.3.49:39539 -> 192.168.253.63:445
10/24/2018-09:21:44.626469  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 222.49.117.236:60096 -> 192.168.253.63:445
10/24/2018-09:21:48.744166  [**] [1:2024218:2] ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.253.63:445 -> 222.49.117.236:60096
10/24/2018-09:21:49.030596  [**] [1:2024297:2] ET EXPLOIT ETERNALBLUE Exploit M2 MS17-010 [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 222.49.117.236:60096 -> 192.168.253.63:445


stats.log - (2688 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
------------------------------------------------------------------------------------
Date: 5/22/2019 -- 13:58:38 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 243
decoder.bytes                              | Total                     | 94525
decoder.ipv4                               | Total                     | 243
decoder.sll                                | Total                     | 243
decoder.tcp                                | Total                     | 243
decoder.avg_pkt_size                       | Total                     | 388
decoder.max_pkt_size                       | Total                     | 1532
flow.tcp                                   | Total                     | 25
tcp.sessions                               | Total                     | 25
tcp.syn                                    | Total                     | 25
tcp.synack                                 | Total                     | 25
tcp.rst                                    | Total                     | 6
detect.alert                               | Total                     | 5
detect.mpm_list                            | Total                     | 3
detect.nonmpm_list                         | Total                     | 2
detect.match_list                          | Total                     | 3
app_layer.flow.smb                         | Total                     | 5
flow_mgr.closed_pruned                     | Total                     | 4
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 22
flow_mgr.flows_notimeout                   | Total                     | 20
flow_mgr.flows_timeout                     | Total                     | 2
flow_mgr.flows_removed                     | Total                     | 2
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65512
flow_mgr.rows_empty                        | Total                     | 2
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7080928


eve.json - (2051 bytes) - download
1
2
3
4
5
{"timestamp":"2018-10-24T09:06:39.405994+0000","flow_id":1582582540004212,"pcap_cnt":14,"event_type":"alert","src_ip":"123.27.3.49","src_port":39235,"dest_ip":"192.168.253.63","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2018-10-24T09:06:42.624330+0000","flow_id":1526198209496996,"pcap_cnt":28,"event_type":"alert","src_ip":"123.27.3.49","src_port":39539,"dest_ip":"192.168.253.63","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102466,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ unicode share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2018-10-24T09:21:44.626469+0000","flow_id":1130505079096493,"pcap_cnt":48,"event_type":"alert","src_ip":"222.49.117.236","src_port":60096,"dest_ip":"192.168.253.63","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102466,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ unicode share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2018-10-24T09:21:48.744166+0000","flow_id":1130505079096493,"pcap_cnt":236,"event_type":"alert","src_ip":"192.168.253.63","src_port":445,"dest_ip":"222.49.117.236","dest_port":60096,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024218,"rev":2,"signature":"ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}
{"timestamp":"2018-10-24T09:21:49.030596+0000","flow_id":1130505079096493,"event_type":"alert","src_ip":"222.49.117.236","src_port":60096,"dest_ip":"192.168.253.63","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024297,"rev":2,"signature":"ET EXPLOIT ETERNALBLUE Exploit M2 MS17-010","category":"Attempted Administrator Privilege Gain","severity":1},"app_proto":"smb"}


keyword_perf.log - (4325 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 5/22/2019 -- 13:58:38
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             46404           11              11              8333            4218.00         4218.00         0.00           
  content          5160757         600             410             411143          8601.00         8956.00         7833.00        
  pcre             637968          156             1               24190           4089.00         8909.00         4058.00        
  byte_test        193773          62              35              5982            3125.00         2991.00         3298.00        
  byte_jump        20815           7               7               4068            2973.00         2973.00         0.00           
  flowbits         420267          8               7               389703          52533.00        4366.00         389703.00      
  asn1             87360           2               0               49304           43680.00        0.00            43680.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             46404           11              11              8333            4218.00         4218.00         0.00           
  flowbits         392668          2               1               389703          196334.00       2965.00         389703.00      
  asn1             87360           2               0               49304           43680.00        0.00            43680.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          5160757         600             410             411143          8601.00         8956.00         7833.00        
  pcre             637968          156             1               24190           4089.00         8909.00         4058.00        
  byte_test        193773          62              35              5982            3125.00         2991.00         3298.00        
  byte_jump        20815           7               7               4068            2973.00         2973.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         27599           6               6               6835            4599.00         4599.00         0.00           


suricata-report-2019-05-22-T-13-58-38-05222019.1358-ed8655ab9b11f537e3c94acced00019c.pcap.txt - (18008 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/ed8655ab9b11f537e3c94acced00019cd2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/05222019.1358-ed8655ab9b11f537e3c94acced00019c.pcap -vvv -k none
elapsedtime:8.338725
stderr:
stdout:
22/5/2019 -- 13:58:29 - <Info> - Configuration node 'rule-files' redefined.
22/5/2019 -- 13:58:29 - <Notice> - This is Suricata version 4.0.0 RELEASE
22/5/2019 -- 13:58:29 - <Info> - CPUs/cores online: 1
22/5/2019 -- 13:58:29 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 31378 and 'request-body-inspect-window' set to 16529 after randomization.
22/5/2019 -- 13:58:29 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 32292 and 'response-body-inspect-window' set to 16307 after randomization.
22/5/2019 -- 13:58:29 - <Config> - DNS request flood protection level: 500
22/5/2019 -- 13:58:29 - <Config> - DNS per flow memcap (state-memcap): 524288
22/5/2019 -- 13:58:29 - <Config> - DNS global memcap: 16777216
22/5/2019 -- 13:58:29 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
22/5/2019 -- 13:58:29 - <Config> - preallocated 1000 hosts of size 136
22/5/2019 -- 13:58:29 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
22/5/2019 -- 13:58:29 - <Config> - using magic-file /usr/share/file/magic
22/5/2019 -- 13:58:29 - <Config> - Core dump size is unlimited.
22/5/2019 -- 13:58:29 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
22/5/2019 -- 13:58:29 - <Config> - preallocated 1000 defrag trackers of size 168
22/5/2019 -- 13:58:29 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
22/5/2019 -- 13:58:29 - <Config> - stream "prealloc-sessions": 2048 (per thread)
22/5/2019 -- 13:58:29 - <Config> - stream "memcap": 33554432
22/5/2019 -- 13:58:29 - <Config> - stream "midstream" session pickups: disabled
22/5/2019 -- 13:58:29 - <Config> - stream "async-oneside": disabled
22/5/2019 -- 13:58:29 - <Config> - stream "checksum-validation": disabled
22/5/2019 -- 13:58:29 - <Config> - stream."inline": disabled
22/5/2019 -- 13:58:29 - <Config> - stream "bypass": disabled
22/5/2019 -- 13:58:29 - <Config> - stream "max-synack-queued": 5
22/5/2019 -- 13:58:29 - <Config> - stream.reassembly "memcap": 134217728
22/5/2019 -- 13:58:29 - <Config> - stream.reassembly "depth": 0
22/5/2019 -- 13:58:29 - <Config> - stream.reassembly "toserver-chunk-size": 2518
22/5/2019 -- 13:58:29 - <Config> - stream.reassembly "toclient-chunk-size": 2655
22/5/2019 -- 13:58:29 - <Config> - stream.reassembly.raw: enabled
22/5/2019 -- 13:58:29 - <Config> - stream.reassembly "segment-prealloc": 2048
22/5/2019 -- 13:58:29 - <Config> - Delayed detect disabled
22/5/2019 -- 13:58:29 - <Config> - pattern matchers: MPM: ac, SPM: bm
22/5/2019 -- 13:58:29 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
22/5/2019 -- 13:58:29 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
22/5/2019 -- 13:58:29 - <Config> - prefilter engines: MPM
22/5/2019 -- 13:58:29 - <Config> - IP reputation disabled
22/5/2019 -- 13:58:29 - <Perf> - Registered 148 keyword profiling counters.
22/5/2019 -- 13:58:29 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-ftp.rules
22/5/2019 -- 13:58:29 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-policy.rules
22/5/2019 -- 13:58:29 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-trojan.rules
22/5/2019 -- 13:58:31 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-games.rules
22/5/2019 -- 13:58:31 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-pop3.rules
22/5/2019 -- 13:58:31 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-user_agents.rules
22/5/2019 -- 13:58:31 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-activex.rules
22/5/2019 -- 13:58:31 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-rpc.rules
22/5/2019 -- 13:58:31 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-attack_response.rules
22/5/2019 -- 13:58:31 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp.rules
22/5/2019 -- 13:58:31 - <Config> - No rules loaded from ET-emerging-icmp.rules.
22/5/2019 -- 13:58:31 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-scan.rules
22/5/2019 -- 13:58:31 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-voip.rules
22/5/2019 -- 13:58:31 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-chat.rules
22/5/2019 -- 13:58:31 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp_info.rules
22/5/2019 -- 13:58:31 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-info.rules
22/5/2019 -- 13:58:31 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-shellcode.rules
22/5/2019 -- 13:58:31 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_client.rules
22/5/2019 -- 13:58:31 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-imap.rules
22/5/2019 -- 13:58:31 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_server.rules
22/5/2019 -- 13:58:31 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-current_events.rules
22/5/2019 -- 13:58:32 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-inappropriate.rules
22/5/2019 -- 13:58:32 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-smtp.rules
22/5/2019 -- 13:58:32 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_specific_apps.rules
22/5/2019 -- 13:58:33 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-deleted.rules
22/5/2019 -- 13:58:33 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-malware.rules
22/5/2019 -- 13:58:34 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-snmp.rules
22/5/2019 -- 13:58:34 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-worm.rules
22/5/2019 -- 13:58:34 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dns.rules
22/5/2019 -- 13:58:34 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-misc.rules
22/5/2019 -- 13:58:34 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-sql.rules
22/5/2019 -- 13:58:34 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dos.rules
22/5/2019 -- 13:58:34 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-netbios.rules
22/5/2019 -- 13:58:34 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-telnet.rules
22/5/2019 -- 13:58:34 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-exploit.rules
22/5/2019 -- 13:58:34 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-p2p.rules
22/5/2019 -- 13:58:34 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-tftp.rules
22/5/2019 -- 13:58:34 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-mobile_malware.rules
22/5/2019 -- 13:58:34 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-botcc.rules
22/5/2019 -- 13:58:34 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-compromised.rules
22/5/2019 -- 13:58:34 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-drop.rules
22/5/2019 -- 13:58:34 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-dshield.rules
22/5/2019 -- 13:58:34 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-tor.rules
22/5/2019 -- 13:58:34 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-ciarmy.rules
22/5/2019 -- 13:58:34 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/local.rules
22/5/2019 -- 13:58:34 - <Config> - No rules loaded from local.rules.
22/5/2019 -- 13:58:34 - <Info> - 44 rule files processed. 18236 rules successfully loaded, 0 rules failed
22/5/2019 -- 13:58:34 - <Info> - Threshold config parsed: 0 rule(s) found
22/5/2019 -- 13:58:34 - <Perf> - using shared mpm ctx' for tcp-packet
22/5/2019 -- 13:58:34 - <Perf> - using shared mpm ctx' for tcp-stream
22/5/2019 -- 13:58:34 - <Perf> - using shared mpm ctx' for udp-packet
22/5/2019 -- 13:58:34 - <Perf> - using shared mpm ctx' for other-ip
22/5/2019 -- 13:58:34 - <Perf> - using shared mpm ctx' for http_uri
22/5/2019 -- 13:58:34 - <Perf> - using shared mpm ctx' for http_request_line
22/5/2019 -- 13:58:34 - <Perf> - using shared mpm ctx' for http_client_body
22/5/2019 -- 13:58:34 - <Perf> - using shared mpm ctx' for http_response_line
22/5/2019 -- 13:58:34 - <Perf> - using shared mpm ctx' for http_header
22/5/2019 -- 13:58:34 - <Perf> - using shared mpm ctx' for http_header
22/5/2019 -- 13:58:34 - <Perf> - using shared mpm ctx' for http_header_names
22/5/2019 -- 13:58:34 - <Perf> - using shared mpm ctx' for http_header_names
22/5/2019 -- 13:58:34 - <Perf> - using shared mpm ctx' for http_accept
22/5/2019 -- 13:58:34 - <Perf> - using shared mpm ctx' for http_accept_enc
22/5/2019 -- 13:58:34 - <Perf> - using shared mpm ctx' for http_accept_lang
22/5/2019 -- 13:58:34 - <Perf> - using shared mpm ctx' for http_referer
22/5/2019 -- 13:58:34 - <Perf> - using shared mpm ctx' for http_connection
22/5/2019 -- 13:58:34 - <Perf> - using shared mpm ctx' for http_content_len
22/5/2019 -- 13:58:34 - <Perf> - using shared mpm ctx' for http_content_len
22/5/2019 -- 13:58:34 - <Perf> - using shared mpm ctx' for http_content_type
22/5/2019 -- 13:58:34 - <Perf> - using shared mpm ctx' for http_content_type
22/5/2019 -- 13:58:34 - <Perf> - using shared mpm ctx' for http_protocol
22/5/2019 -- 13:58:34 - <Perf> - using shared mpm ctx' for http_protocol
22/5/2019 -- 13:58:34 - <Perf> - using shared mpm ctx' for http_start
22/5/2019 -- 13:58:34 - <Perf> - using shared mpm ctx' for http_start
22/5/2019 -- 13:58:34 - <Perf> - using shared mpm ctx' for http_raw_header
22/5/2019 -- 13:58:34 - <Perf> - using shared mpm ctx' for http_raw_header
22/5/2019 -- 13:58:34 - <Perf> - using shared mpm ctx' for http_method
22/5/2019 -- 13:58:34 - <Perf> - using shared mpm ctx' for http_cookie
22/5/2019 -- 13:58:34 - <Perf> - using shared mpm ctx' for http_cookie
22/5/2019 -- 13:58:34 - <Perf> - using shared mpm ctx' for http_raw_uri
22/5/2019 -- 13:58:34 - <Perf> - using shared mpm ctx' for http_user_agent
22/5/2019 -- 13:58:34 - <Perf> - using shared mpm ctx' for http_host
22/5/2019 -- 13:58:34 - <Perf> - using shared mpm ctx' for http_raw_host
22/5/2019 -- 13:58:34 - <Perf> - using shared mpm ctx' for http_stat_msg
22/5/2019 -- 13:58:34 - <Perf> - using shared mpm ctx' for http_stat_code
22/5/2019 -- 13:58:34 - <Perf> - using shared mpm ctx' for dns_query
22/5/2019 -- 13:58:34 - <Perf> - using shared mpm ctx' for tls_sni
22/5/2019 -- 13:58:34 - <Perf> - using shared mpm ctx' for tls_cert_issuer
22/5/2019 -- 13:58:34 - <Perf> - using shared mpm ctx' for tls_cert_subject
22/5/2019 -- 13:58:34 - <Perf> - using shared mpm ctx' for tls_cert_serial
22/5/2019 -- 13:58:34 - <Perf> - using shared mpm ctx' for dce_stub_data
22/5/2019 -- 13:58:34 - <Perf> - using shared mpm ctx' for dce_stub_data
22/5/2019 -- 13:58:34 - <Perf> - using shared mpm ctx' for ssh_protocol
22/5/2019 -- 13:58:34 - <Perf> - using shared mpm ctx' for ssh_protocol
22/5/2019 -- 13:58:34 - <Perf> - using shared mpm ctx' for ssh_software
22/5/2019 -- 13:58:34 - <Perf> - using shared mpm ctx' for ssh_software
22/5/2019 -- 13:58:34 - <Perf> - using shared mpm ctx' for file_data
22/5/2019 -- 13:58:34 - <Perf> - using shared mpm ctx' for file_data
22/5/2019 -- 13:58:34 - <Perf> - using shared mpm ctx' for http_request_line
22/5/2019 -- 13:58:34 - <Perf> - using shared mpm ctx' for http_response_line
22/5/2019 -- 13:58:34 - <Info> - 18241 signatures processed. 1175 are IP-only rules, 6125 are inspecting packet payload, 13172 inspect application layer, 0 are decoder event only
22/5/2019 -- 13:58:34 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
22/5/2019 -- 13:58:34 - <Perf> - TCP toserver: 41 port groups, 40 unique SGH's, 1 copies
22/5/2019 -- 13:58:34 - <Perf> - TCP toclient: 21 port groups, 21 unique SGH's, 0 copies
22/5/2019 -- 13:58:34 - <Perf> - UDP toserver: 41 port groups, 33 unique SGH's, 8 copies
22/5/2019 -- 13:58:34 - <Perf> - UDP toclient: 21 port groups, 15 unique SGH's, 6 copies
22/5/2019 -- 13:58:34 - <Perf> - OTHER toserver: 254 proto groups, 2 unique SGH's, 252 copies
22/5/2019 -- 13:58:34 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
22/5/2019 -- 13:58:35 - <Perf> - Unique rule groups: 111
22/5/2019 -- 13:58:35 - <Perf> - Builtin MPM "toserver TCP packet": 31
22/5/2019 -- 13:58:35 - <Perf> - Builtin MPM "toclient TCP packet": 20
22/5/2019 -- 13:58:35 - <Perf> - Builtin MPM "toserver TCP stream": 31
22/5/2019 -- 13:58:35 - <Perf> - Builtin MPM "toclient TCP stream": 21
22/5/2019 -- 13:58:35 - <Perf> - Builtin MPM "toserver UDP packet": 33
22/5/2019 -- 13:58:35 - <Perf> - Builtin MPM "toclient UDP packet": 15
22/5/2019 -- 13:58:35 - <Perf> - Builtin MPM "other IP packet": 2
22/5/2019 -- 13:58:35 - <Perf> - AppLayer MPM "toserver http_uri": 8
22/5/2019 -- 13:58:35 - <Perf> - AppLayer MPM "toserver http_request_line": 1
22/5/2019 -- 13:58:35 - <Perf> - AppLayer MPM "toserver http_client_body": 6
22/5/2019 -- 13:58:35 - <Perf> - AppLayer MPM "toclient http_response_line": 1
22/5/2019 -- 13:58:35 - <Perf> - AppLayer MPM "toserver http_header": 6
22/5/2019 -- 13:58:35 - <Perf> - AppLayer MPM "toclient http_header": 3
22/5/2019 -- 13:58:35 - <Perf> - AppLayer MPM "toserver http_header_names": 1
22/5/2019 -- 13:58:35 - <Perf> - AppLayer MPM "toserver http_accept": 1
22/5/2019 -- 13:58:35 - <Perf> - AppLayer MPM "toserver http_referer": 1
22/5/2019 -- 13:58:35 - <Perf> - AppLayer MPM "toserver http_content_len": 1
22/5/2019 -- 13:58:35 - <Perf> - AppLayer MPM "toserver http_content_type": 1
22/5/2019 -- 13:58:35 - <Perf> - AppLayer MPM "toclient http_content_type": 1
22/5/2019 -- 13:58:35 - <Perf> - AppLayer MPM "toserver http_start": 1
22/5/2019 -- 13:58:35 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
22/5/2019 -- 13:58:35 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
22/5/2019 -- 13:58:35 - <Perf> - AppLayer MPM "toserver http_method": 3
22/5/2019 -- 13:58:35 - <Perf> - AppLayer MPM "toserver http_cookie": 1
22/5/2019 -- 13:58:35 - <Perf> - AppLayer MPM "toclient http_cookie": 2
22/5/2019 -- 13:58:35 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
22/5/2019 -- 13:58:35 - <Perf> - AppLayer MPM "toserver http_user_agent": 4
22/5/2019 -- 13:58:35 - <Perf> - AppLayer MPM "toserver http_host": 2
22/5/2019 -- 13:58:35 - <Perf> - AppLayer MPM "toclient http_stat_code": 1
22/5/2019 -- 13:58:35 - <Perf> - AppLayer MPM "toserver dns_query": 4
22/5/2019 -- 13:58:35 - <Perf> - AppLayer MPM "toserver tls_sni": 1
22/5/2019 -- 13:58:35 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
22/5/2019 -- 13:58:35 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
22/5/2019 -- 13:58:35 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
22/5/2019 -- 13:58:35 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
22/5/2019 -- 13:58:35 - <Perf> - AppLayer MPM "toserver file_data": 1
22/5/2019 -- 13:58:35 - <Perf> - AppLayer MPM "toclient file_data": 5
22/5/2019 -- 13:58:36 - <Perf> - Registered 18241 rule profiling counters.
22/5/2019 -- 13:58:36 - <Info> - fast output device (regular) initialized: alert
22/5/2019 -- 13:58:36 - <Info> - eve-log output device (regular) initialized: eve.json
22/5/2019 -- 13:58:36 - <Config> - enabling 'eve-log' module 'alert'
22/5/2019 -- 13:58:36 - <Config> - enabling 'eve-log' module 'http'
22/5/2019 -- 13:58:36 - <Config> - enabling 'eve-log' module 'dns'
22/5/2019 -- 13:58:36 - <Config> - enabling 'eve-log' module 'tls'
22/5/2019 -- 13:58:36 - <Config> - enabling 'eve-log' module 'files'
22/5/2019 -- 13:58:36 - <Config> - enabling 'eve-log' module 'ssh'
22/5/2019 -- 13:58:36 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
22/5/2019 -- 1

This file has been truncated. Go here to download in full.


IDSDeathBlossom.py.log - (1175 bytes) - download
1
2
3
4
5
6
7
8
2019-05-22 13:58:29,077 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-05-22 13:58:29,795 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-05-22 13:58:29,796 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etopen-all
2019-05-22 13:58:29,796 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-05-22 13:58:29,796 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-05-22 13:58:29,796 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/ed8655ab9b11f537e3c94acced00019cd2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/05222019.1358-ed8655ab9b11f537e3c94acced00019c.pcap -vvv -k none
2019-05-22 13:58:38,137 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-05-22 13:58:38,138 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 9.07437300682


suricata-4.0.0-etopen-all-perf.txt-2019-05-22-T-13-58-38-05222019.1358-ed8655ab9b11f537e3c94acced00019c.pcap.txt - (21718 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 5/22/2019 -- 13:58:38. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2018062      1        2        998390       6.69   10       0        488261      99839.00    0.00        99839.00   
  2        2018068      1        2        865886       5.80   8        0        486810      108235.75   0.00        108235.75  
  3        2018065      1        2        875287       5.86   7        0        483930      125041.00   0.00        125041.00  
  4        2018066      1        2        942183       6.31   9        0        427121      104687.00   0.00        104687.00  
  5        2024218      1        2        460585       3.08   3        1        416891      153528.33   27668.00    216458.50  
  6        2102402      1        6        582513       3.90   10       0        399649      58251.30    0.00        58251.30   
  7        2018291      1        1        486331       3.26   18       0        390745      27018.39    0.00        27018.39   
  8        2018067      1        3        499311       3.34   7        0        152872      71330.14    0.00        71330.14   
  9        2018063      1        3        565797       3.79   9        0        105739      62866.33    0.00        62866.33   
  10       2018059      1        2        764629       5.12   16       0        102719      47789.31    0.00        47789.31   
  11       2018064      1        2        517752       3.47   7        0        102017      73964.57    0.00        73964.57   
  12       2103003      1        7        282828       1.89   10       0        93062       28282.80    0.00        28282.80   
  13       2018061      1        2        509802       3.41   9        0        89744       56644.67    0.00        56644.67   
  14       2102383      1        21       273046       1.83   10       0        83817       27304.60    0.00        27304.60   
  15       2018060      1        2        572353       3.83   10       0        82846       57235.30    0.00        57235.30   
  16       2102465      1        9        80025        0.54   2        1        57633       40012.50    57633.00    22392.00   
  17       2102466      1        9        126487       0.85   4        2        46450       31621.75    43266.00    19977.50   
  18       2102954      1        4        72898        0.49   2        0        42947       36449.00    0.00        36449.00   
  19       2012094      1        2        95604        0.64   4        0        41064       23901.00    0.00        23901.00   
  20       2102471      1        12       148996       1.00   6        0        39904       24832.67    0.00        24832.67   
  21       2103024      1        3        59162        0.40   2        0        39861       29581.00    0.00        29581.00   
  22       2025090      1        1        111329       0.75   4        2        38840       27832.25    34959.50    20705.00   
  23       2103029      1        6        172615       1.16   46       0        38835       3752.50     0.00        3752.50    
  24       2103002      1        5        164980       1.10   46       0        38680       3586.52     0.00        3586.52    
  25       2102472      1        11       113234       0.76   4        0        38647       28308.50    0.00        28308.50   
  26       2024220      1        2        68378        0.46   3        1        34850       22792.67    34850.00    16764.00   
  27       2102938      1        6        58128        0.39   2        0        34412       29064.00    0.00        29064.00   
  28       2103046      1        5        58344        0.39   4        0        33412       14586.00    0.00        14586.00   
  29       2102468      1        9        129694       0.87   6        0        32409       21615.67    0.00        21615.67   
  30       2102955      1        4        99591        0.67   4        0        31215       24897.75    0.00        24897.75   
  31       2103122      1        4        48774        0.33   2        0        30012       24387.00    0.00        24387.00   
  32       2103054      1        5        57336        0.38   4        0        29981       14334.00    0.00        14334.00   
  33       2103123      1        4        48135        0.32   2        0        29280       24067.50    0.00        24067.50   
  34       2103433      1        4        47465        0.32   2        0        28588       23732.50    0.00        23732.50   
  35       2103226      1        4        48553        0.33   2        0        28258       24276.50    0.00        24276.50   
  36       2102948      1        7        48477        0.32   2        0        27988       24238.50    0.00        24238.50   
  37       2103227      1        4        46493        0.31   2        0        27645       23246.50    0.00        23246.50   
  38       2103264      1        5        46579        0.31   2        0        27558       23289.50    0.00        23289.50   
  39       2103417      1        4        46535        0.31   2        0        27543       23267.50    0.00        23267.50   
  40       2103418      1        4        46448        0.31   2        0        27500       23224.00    0.00        23224.00   
  41       2103265      1        5        46421        0.31   2        0        27234       23210.50    0.00        23210.50   
  42       2103434      1        4        45854        0.31   2        0        27214       22927.00    0.00        22927.00   
  43       2102979      1        4        90483        0.61   4        0        27079       22620.75    0.00        22620.75   
  44       2103048      1        5        52093        0.35   4        0        26916       13023.25    0.00        13023.25   
  45       2103056      1        5        52717        0.35   4        0        26884       13179.25    0.00        13179.25   
  46       2102483      1        9        45364        0.30   2        0        26584       22682.00    0.00        22682.00   
  47       2103185      1        4        44837        0.30   2        0        26571       22418.50    0.00        22418.50   
  48       2102482      1        10       45588        0.31   2        0        26538       22794.00    0.00        22794.00   
  49       2103184      1        4        45300        0.30   2        0        26507       22650.00    0.00        22650.00   
  50       2103040      1        5        44945        0.30   2        0        25944       22472.50    0.00        22472.50   
  51       2103032      1        5        44973        0.30   2        0        25825       22486.50    0.00        22486.50   
  52       2103437      1        4        46791        0.31   2        0        25438       23395.50    0.00        23395.50   
  53       2103022      1        4        44652        0.30   2        0        25406       22326.00    0.00        22326.00   
  54       2103189      1        4        47094        0.32   2        0        25348       23547.00    0.00        23547.00   
  55       2102968      1        5        49818        0.33   2        0        24945       24909.00    0.00        24909.00   
  56       2102997      1        6        48866        0.33   2        0        24938       24433.00    0.00        24433.00   
  57       2102996      1        6        48111        0.32   2        0        24919       24055.50    0.00        24055.50   
  58       2024297      1        2        24909        0.17   1        1        24909       24909.00    24909.00    0.00       
  59       2103188      1        4        47532        0.32   2        0        24822       23766.00    0.00        23766.00   
  60       2103422      1        4        47002        0.31   2        0        24696       23501.00    0.00        23501.00   
  61       2103127      1        4        46325        0.31   2        0        24657       23162.50    0.00        23162.50   
  62       2103421      1        4        46779        0.31   2        0        24547       23389.50    0.00        23389.50   
  63       2103230      1        4        48349        0.32   2        0        24530       24174.50    0.00        24174.50   
  64       2103268      1        5        46598        0.31   2        0        24460       23299.00    0.00        23299.00   
  65       2103438      1        4        47558        0.32   2        0        24442       23779.00    0.00        23779.00   
  66       2103126      1        4        48067        0.32   2        0        24317       24033.50    0.00        24033.50   
  67       2103269      1        5        46154        0.31   2        0        24232       23077.00    0.00        23077.00   
  68       2103231      1        4        47600        0.32   2        0        24184       23800.00    0.00        23800.00   
  69       2102969      1        5        46864        0.31   2        0        24022       23432.00    0.00        23432.00   
  70       2103030      1        5        42108        0.28   2        0        21973       21054.00    0.00        21054.00   
  71       2103038      1        5        39606        0.27   2        0        20736       19803.00    0.00        19803.00   
  72       2003089      1        4        79750        0.53   20       0        17401       3987.50     0.00        3987.50    
  73       2103019      1        5        135706       0.91   46       0        14106       2950.13     0.00        2950.13    
  74       2012084      1        2        34871        0.23   10       0        4695        3487.10     0.00        3487.10    
  75       2102523      1        8        72434        0.49   25       0        4547        2897.36     0.00        2897.36    
  76       2102511      1        10       135669       0.91   46       0        4527        2949.33     0.00        2949.33    
  77       2024777      1        2        22926        0.15   7        0        4446        3275.14     0.00        3275.14    
  78       2001569      1        15       74332        0.50   25       0        4417        2973.28     0.00        2973.28    
  79       2018283      1        5        18097        0.12   5        0        4401        3619.40     0.00        3619.40    
  80       2022547      1        1        42733        0.29   14       0        4200        3052.36     0.00        3052.36    
  81       2008306      1        3        38027        0.25   13       0        4177        2925.15     0.00        2925.15    
  82       2103158      1        6        56896        0.38   19       0        4120        2994.53     0.00        2994.53    
  83       2014958      1        1        31184        0.21   10       0        4076        3118.40     0.00        3118.40    
  84       2021977      1        6        15280        0.10   5        0        4050        3056.00     0.00        3056.00    
  85       2101672      1        12       12625        0.08   4        0        4008        3156.25     0.00        3156.25    
  86       2103035      1        9        126529       0.85   46       0        3892        2750.63     0.00        2750.63    
  87       2100538      1        17       12106        0.08   4        0        3807        3026.50     0.00        3026.50    
  88       2014956      1        1        31510        0.21   10       0        3805        3151.00     0.00        3151.00    
  89       2009387      1        4        19353        0.13   6        0        3798        3225.50     0.00        3225.50    
  90       2103052      1        5        12109        0.08   4        0        3781        3027.25     0.00        3027.25    
  91       2103223      1        4        6816         0.05   2        0        3774        3408.00     0.00        3408.00    
  92       2008297      1        5        16071        0.11   5        0        3755        3214.20     0.00        3214.20    
  93       2001330      1        8        60481        0.41   20       0        3689        3024.05     0.00        3024.05    
  94       2102992      1        5        6870         0.05   2        0        3676        3435.00     0.00        3435.00    
  95       2103114      1        5        6689         0.04   2        0        3652        3344.50     0.00        3344.50    
  96       2017935      1        3        155713       1.04   56       0        3647        2780.59     0.00        2780.59    
  97       2103027      1        6        123688       0.83   46       0        3601        2688.87     0.00        2688.87    
  98       2022546      1        1        26790        0.18   9        0        3562        2976.67     0.00        2976.67    
  99       2103410      1        4        6488         0.04   2        0        3547        3244.00     0.00        3244.00    
  100      2008307      1        3        9517         0.06   3        0        3544        3172.33     0.00        3172.33    
  101      2103409      1        4        6310         0.04   2        0        3539        3155.00     0.00        3155.00    
  102      2103425      1        4        6122         0.04   2        0        3505        3061.00     0.00        3061.00    
  103      2103001      1        5        122981       0.82   46       0        3505        2673.50     0.00        2673.50    
  104      2100536      1        13       17994        0.12   6        0        3484        2999.00     0.00        2999.00    
  105      2103176      1        4        6121         0.04   2        0        3474        3060.50     0.00        3060.50    
  106      2015986      1        5        24736        0.17   8        0        3470        3092.00     0.00        3092.00    
  107      2103219      1        4        6716         0.04   2        0        3452        3358.00     0.00        3358.00    
  108      2103159      1        4        18561        0.12   6        0        3441        3093.50     0.00        3093.50    
  109      2018281      1        4        22541        0.15   8        0        3435        2817.62     0.00        2817.62    
  110      2103222      1        4        6403         0.04   2        0        3421        3201.50     0.00        3201.50    
  111      2101976      1        10       9926         0.07   3        0        3413        3308.67     0.00        3308.67    
  112      2101229      1        8        12180        0.08   4        0        3335        3045.00     0.00        3045.00    
  113      2100537      1        17       6598         0.04   2        0        3329        3299.00     0.00        3299.00    
  114      2018558      1        5        79893        0.54   30       0        3293        2663.10     0.00        2663.10    
  115      2103257      1        5        6016         0.04   2        0        3281        3008.00     0.00        3008.00    
  116      2102964      1        5        6074         0.04   2        0        3278        3037.00     0.00        3037.00    
  117      2102936      1        6        6513         0.04   2        0        3273        3256.50     0.00        3256.50    
  118      2103414      1        4        5904         0.04   2        0        3272        2952.00     0.00        2952.00    
  119      2025018      1        2        6520         0.04   2        0        3271        3260.00     0.00        3260.00    
  120      2101919      1        24       11800        0.08   4        0        3270        2950.00     0.00        2950.00    
  121      2103256      1        5        6145         0.04   2        0        3264        3072.50     0.00        3072.50    
  122      2008303      1        3        8569         0.06   3        0        3253        2856.33     0.00        2856.33    
  123      2102965      1        5        5800         0.04   2        0        3251        2900.00     0.00        2900.00    
  124      2102103      1        10       11876        0.08   4        0        3251        2969.00     0.00        2969.00    
  125      2024778      1        1        1

This file has been truncated. Go here to download in full.