diff options
| author | Luca Deri <deri@ntop.org> | 2020-12-16 14:45:29 +0100 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2020-12-16 14:45:29 +0100 |
| commit | 2768da06377ab64fccbb1bf97460e892e0548a60 (patch) | |
| tree | 63cbd5d13092262fd1709d83c5589517523e74a8 | |
| parent | a89642ad044928c221e69412bd2666924ac5a7ee (diff) | |
Improved HTTP dissection
| -rw-r--r-- | src/lib/protocols/http.c | 7 | ||||
| -rw-r--r-- | tests/result/WebattackRCE.pcap.out | 43 | ||||
| -rw-r--r-- | tests/result/netflix.pcap.out | 28 |
3 files changed, 37 insertions, 41 deletions
diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index 1a6b2f613..266b441ac 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -359,10 +359,6 @@ int http_process_user_agent(struct ndpi_detection_module_struct *ndpi_struct, setHttpUserAgent(ndpi_struct, flow, token); } } - } else if((ua_ptr_len > 14) && (memcmp(ua, "netflix-ios-app", 15) == 0)) { - NDPI_LOG_INFO(ndpi_struct, "found netflix\n"); - ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING); - return -1; } } @@ -849,7 +845,8 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct NDPI_EXCLUDE_PROTO(ndpi_struct, flow); http_bitmask_exclude_other(flow); return; - } + } else + ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_HTTP, NDPI_PROTOCOL_CATEGORY_WEB); NDPI_LOG_DBG2(ndpi_struct, "Filename HTTP found: %d, we look for line info..\n", filename_start); diff --git a/tests/result/WebattackRCE.pcap.out b/tests/result/WebattackRCE.pcap.out index f50951e3c..06641e6ff 100644 --- a/tests/result/WebattackRCE.pcap.out +++ b/tests/result/WebattackRCE.pcap.out @@ -1,5 +1,4 @@ -HTTP 777 186849 777 -HTTP_Proxy 20 4154 20 +HTTP 797 191003 797 1 TCP 127.0.0.1:51184 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/651 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/vbulletin/ajax/api/hook/decodeArguments?arguments=O%3A12%3A%22vB_dB_Result%22%3A2%3A%7Bs%3A5%3A%22%00%2A%00db%22%3BO%3A17%3A%22vB_Database_MySQL%22%3A1%3A%7Bs%3A9%3A%22functions%22%3Ba%3A1%3A%7Bs%3A11%3A%22free_result%22%3Bs%3A6%3A%22assert%22%3][StatusCode: 0][Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007058)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **][PLAIN TEXT (GET /vbulletin/ajax/api/hook/de)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 127.0.0.1:51182 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/644 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/vb/ajax/api/hook/decodeArguments?arguments=O%3A12%3A%22vB_dB_Result%22%3A2%3A%7Bs%3A5%3A%22%00%2A%00db%22%3BO%3A17%3A%22vB_Database_MySQL%22%3A1%3A%7Bs%3A9%3A%22functions%22%3Ba%3A1%3A%7Bs%3A11%3A%22free_result%22%3Bs%3A6%3A%22assert%22%3B%7D%7D][StatusCode: 0][Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007058)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **][PLAIN TEXT (GET /vb/ajax/api/hook/decodeArg)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -217,8 +216,8 @@ HTTP_Proxy 20 4154 20 214 TCP 127.0.0.1:51068 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/239 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/ans/ans.pl?p=../../../../../usr/bin/id|&blah][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003371)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **** HTTP Suspicious URL **][PLAIN TEXT (GET /ans/ans.pl)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 215 TCP 127.0.0.1:49550 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/238 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/0hXC6ZUE.rdf+destype=cache+desformat=PDF][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **][PLAIN TEXT (GET /0h)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 216 TCP 127.0.0.1:50680 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/237 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/level/16/level/16/exec//show/configuration][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001258)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **][PLAIN TEXT (lGET /level/16/level/16/exec//s)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 217 TCP 127.0.0.1:49690 -> 127.0.0.1:8080 [proto: 131/HTTP_Proxy][cat: Web/5][1 pkts/235 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][PLAIN TEXT (OGET /Microsoft)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 218 TCP 127.0.0.1:49702 -> 127.0.0.1:8080 [proto: 131/HTTP_Proxy][cat: Web/5][1 pkts/235 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][PLAIN TEXT (GET /Microsoft)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 217 TCP 127.0.0.1:49690 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/235 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][Risk: ** Known protocol on non standard port **][PLAIN TEXT (OGET /Microsoft)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 218 TCP 127.0.0.1:49702 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/235 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][Risk: ** Known protocol on non standard port **][PLAIN TEXT (GET /Microsoft)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 219 TCP 127.0.0.1:50626 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/235 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/athenareg.php?pass=%20;cat%20/etc/passwd][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000667)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **][PLAIN TEXT (@GET /athenareg.php)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 220 TCP 127.0.0.1:51066 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/235 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/ans.pl?p=../../../../../usr/bin/id|&blah][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003370)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **** HTTP Suspicious URL **][PLAIN TEXT (GET /ans.pl)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 221 TCP 127.0.0.1:50608 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/234 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/cgi-local/cgiemail-1.6/cgicso?query=AAA][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000344)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **][PLAIN TEXT (GET /cgi)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -242,13 +241,13 @@ HTTP_Proxy 20 4154 20 239 TCP 127.0.0.1:50678 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/227 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/level/16/exec//show/access-lists][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001257)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **][PLAIN TEXT (GET /level/16/exec//show/access)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 240 TCP 127.0.0.1:51040 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/227 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/admin/system.php3?cmd=dir%20c:\\][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003217)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **][PLAIN TEXT (GET /admin/system.php)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 241 TCP 127.0.0.1:51090 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/226 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/pma/server_sync.php?c=phpinfo()][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:006608)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **][PLAIN TEXT (GET /pma/server)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 242 TCP 127.0.0.1:49684 -> 127.0.0.1:8080 [proto: 131/HTTP_Proxy][cat: Web/5][1 pkts/225 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][PLAIN TEXT (KGET /Autodiscover/Autodiscover)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 242 TCP 127.0.0.1:49684 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/225 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Risk: ** Known protocol on non standard port **][PLAIN TEXT (KGET /Autodiscover/Autodiscover)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 243 TCP 127.0.0.1:50646 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/225 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/dostuff.php?action=modify_user][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001091)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **][PLAIN TEXT (SGET /dostuff.php)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 244 TCP 127.0.0.1:51044 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/225 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/admin/exec.php3?cmd=dir%20c:\\][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003219)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **][PLAIN TEXT (GET /admin/exec.php)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 245 TCP 127.0.0.1:49674 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/224 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/junk988.aspx][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **][PLAIN TEXT (BGET /junk988.asp)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 246 TCP 127.0.0.1:50598 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/224 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/html/cgi-bin/cgicso?query=AAA][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000072)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **][PLAIN TEXT (GET /html/c)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 247 TCP 127.0.0.1:49670 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/223 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/junk999.asp][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **][PLAIN TEXT (@GET /junk999.asp HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 248 TCP 127.0.0.1:49688 -> 127.0.0.1:8080 [proto: 131/HTTP_Proxy][cat: Web/5][1 pkts/223 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][PLAIN TEXT (NGET /Microsoft)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 248 TCP 127.0.0.1:49688 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/223 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Risk: ** Known protocol on non standard port **][PLAIN TEXT (NGET /Microsoft)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 249 TCP 127.0.0.1:49672 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/index.aspx][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **][PLAIN TEXT (AGET /index.asp)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 250 TCP 127.0.0.1:49678 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/login.aspx][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **][PLAIN TEXT (EGET /login.asp)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 251 TCP 127.0.0.1:50592 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/scripts/samples/details.idc][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000023)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **][PLAIN TEXT (GET /scripts/samples/details.id)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -389,8 +388,8 @@ HTTP_Proxy 20 4154 20 386 TCP 127.0.0.1:50856 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/level/99/exec//show][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001346)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **][PLAIN TEXT (GET /level/99/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 387 TCP 127.0.0.1:49556 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/213 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/0hXC6ZUE.pl|dir][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **][PLAIN TEXT (GET /0h)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 388 TCP 127.0.0.1:49566 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/213 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/0hXC6ZUE.10:100][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **][PLAIN TEXT (GET /0h)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 389 TCP 127.0.0.1:49696 -> 127.0.0.1:8080 [proto: 131/HTTP_Proxy][cat: Web/5][1 pkts/213 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][PLAIN TEXT (TGET /EWS/Exchange.asmx HTTP/1.)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 390 TCP 127.0.0.1:49706 -> 127.0.0.1:8080 [proto: 131/HTTP_Proxy][cat: Web/5][1 pkts/213 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][PLAIN TEXT (GET /EWS/Services.wsdl HTTP/1.0)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 389 TCP 127.0.0.1:49696 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/213 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Risk: ** Known protocol on non standard port **][PLAIN TEXT (TGET /EWS/Exchange.asmx HTTP/1.)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 390 TCP 127.0.0.1:49706 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/213 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Risk: ** Known protocol on non standard port **][PLAIN TEXT (GET /EWS/Services.wsdl HTTP/1.0)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 391 TCP 127.0.0.1:49724 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/213 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/index.php3][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:multiple_index)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **][PLAIN TEXT (lGET /index.php)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 392 TCP 127.0.0.1:49726 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/213 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/index.php4][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:multiple_index)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **][PLAIN TEXT (nGET /index.php)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 393 TCP 127.0.0.1:49728 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/213 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/index.php5][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:multiple_index)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **][PLAIN TEXT (oGET /index.php)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -523,8 +522,8 @@ HTTP_Proxy 20 4154 20 520 TCP 127.0.0.1:49578 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/0hXC6ZUE.pl][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **][PLAIN TEXT (GET /0h)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 521 TCP 127.0.0.1:49598 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/webcgi/][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:cgi dir check)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **][PLAIN TEXT (GET /webc)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 522 TCP 127.0.0.1:49620 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/cgibin/][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:cgi dir check)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **][PLAIN TEXT (GET /cgibin/ HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 523 TCP 127.0.0.1:49686 -> 127.0.0.1:8080 [proto: 131/HTTP_Proxy][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][PLAIN TEXT (LGET /Autodiscover/ HTTP/1.0)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 524 TCP 127.0.0.1:49712 -> 127.0.0.1:8080 [proto: 131/HTTP_Proxy][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][PLAIN TEXT (aGET /aspnet)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 523 TCP 127.0.0.1:49686 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Risk: ** Known protocol on non standard port **][PLAIN TEXT (LGET /Autodiscover/ HTTP/1.0)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 524 TCP 127.0.0.1:49712 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Risk: ** Known protocol on non standard port **][PLAIN TEXT (aGET /aspnet)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 525 TCP 127.0.0.1:49834 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/127.tar.bz2][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **][PLAIN TEXT (GET /127.tar.bz)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 526 TCP 127.0.0.1:49836 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/127.tar.bz2][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **][PLAIN TEXT (GET /127.tar.bz)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 527 TCP 127.0.0.1:49842 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/site.tar.gz][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **][PLAIN TEXT (GET /site.tar.gz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -660,7 +659,7 @@ HTTP_Proxy 20 4154 20 657 TCP 127.0.0.1:49554 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/0hXC6ZUE][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **][PLAIN TEXT (GET /0h)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 658 TCP 127.0.0.1:49604 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/bin/][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:cgi dir check)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **][PLAIN TEXT (GET /bin/ HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 659 TCP 127.0.0.1:49606 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/cgi/][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:cgi dir check)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **][PLAIN TEXT (GET /cgi/ HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 660 TCP 127.0.0.1:49714 -> 127.0.0.1:8080 [proto: 131/HTTP_Proxy][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][PLAIN TEXT (bGET /PowerShell HTTP/1.0)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 660 TCP 127.0.0.1:49714 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Risk: ** Known protocol on non standard port **][PLAIN TEXT (bGET /PowerShell HTTP/1.0)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 661 TCP 127.0.0.1:49786 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/1270.cer][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **][PLAIN TEXT (GET /1270.cer HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 662 TCP 127.0.0.1:49788 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/1270.cer][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **][PLAIN TEXT (GET /1270.cer HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 663 TCP 127.0.0.1:49802 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/site.tar][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **][PLAIN TEXT (GET /site.tar HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -731,7 +730,7 @@ HTTP_Proxy 20 4154 20 728 TCP 127.0.0.1:50398 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/205 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/127.war][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **][PLAIN TEXT (GET /127.war HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 729 TCP 127.0.0.1:50400 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/205 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/127.war][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **][PLAIN TEXT (GET /127.war HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 730 TCP 127.0.0.1:50650 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/205 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/manual.php][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001158)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **][PLAIN TEXT (GET /manual.php HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 731 TCP 127.0.0.1:49698 -> 127.0.0.1:8080 [proto: 131/HTTP_Proxy][cat: Web/5][1 pkts/204 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][PLAIN TEXT (UGET /Exchange HTTP/1.0)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 731 TCP 127.0.0.1:49698 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/204 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Risk: ** Known protocol on non standard port **][PLAIN TEXT (UGET /Exchange HTTP/1.0)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 732 TCP 127.0.0.1:49790 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/1.cer][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **][PLAIN TEXT (GET /1.cer HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 733 TCP 127.0.0.1:49792 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/1.cer][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **][PLAIN TEXT (GET /1.cer HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 734 TCP 127.0.0.1:49826 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/0.zip][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **][PLAIN TEXT (GET /0.zip HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -775,26 +774,26 @@ HTTP_Proxy 20 4154 20 772 TCP 127.0.0.1:50606 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/w-agora/][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000183)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **][PLAIN TEXT (GET /w)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 773 TCP 127.0.0.1:50674 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/level/16][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001255)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **][PLAIN TEXT (gGET /level/16 HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 774 TCP 127.0.0.1:51072 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/open.txt][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:006448)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **][PLAIN TEXT (GET /open.t)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 775 TCP 127.0.0.1:49682 -> 127.0.0.1:8080 [proto: 131/HTTP_Proxy][cat: Web/5][1 pkts/202 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][PLAIN TEXT (GET /images HTTP/1.0)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 775 TCP 127.0.0.1:49682 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/202 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Risk: ** Known protocol on non standard port **][PLAIN TEXT (GET /images HTTP/1.0)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 776 TCP 127.0.0.1:50578 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/202 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/kboard/][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000016)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **][PLAIN TEXT (GET /kboard/ HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 777 TCP 127.0.0.1:50584 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/202 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/ssdefs/][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000019)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **][PLAIN TEXT (GET /ssdefs/ HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 778 TCP 127.0.0.1:50586 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/202 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/sshome/][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000020)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **][PLAIN TEXT (GET /sshome/ HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 779 TCP 127.0.0.1:51092 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/202 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/c99.php][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:006739)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **][PLAIN TEXT (GET /c99.php HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 780 TCP 127.0.0.1:49716 -> 127.0.0.1:8080 [proto: 131/HTTP_Proxy][cat: Web/5][1 pkts/201 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][PLAIN TEXT (dGET . HTTP/1.0)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 780 TCP 127.0.0.1:49716 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/201 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Risk: ** Known protocol on non standard port **][PLAIN TEXT (dGET . HTTP/1.0)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 781 TCP 127.0.0.1:51096 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/201 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/script][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:006999)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **][PLAIN TEXT (GET /script HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 782 TCP 127.0.0.1:50570 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/200 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/v2/_catalog][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **][PLAIN TEXT (GET /v2/)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 783 TCP 127.0.0.1:50588 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/200 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/tiki/][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000021)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **][PLAIN TEXT (GET /tiki/ HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 784 TCP 127.0.0.1:49544 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/199 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:Port Check)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 785 TCP 127.0.0.1:49692 -> 127.0.0.1:8080 [proto: 131/HTTP_Proxy][cat: Web/5][1 pkts/199 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][PLAIN TEXT (GET /EC)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 786 TCP 127.0.0.1:49694 -> 127.0.0.1:8080 [proto: 131/HTTP_Proxy][cat: Web/5][1 pkts/199 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][PLAIN TEXT (SGET /EWS HTTP/1.0)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 787 TCP 127.0.0.1:49700 -> 127.0.0.1:8080 [proto: 131/HTTP_Proxy][cat: Web/5][1 pkts/199 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][PLAIN TEXT (GET /OWA HTTP/1.0)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 788 TCP 127.0.0.1:49704 -> 127.0.0.1:8080 [proto: 131/HTTP_Proxy][cat: Web/5][1 pkts/199 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][PLAIN TEXT (GET /Rpc HTTP/1.0)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 789 TCP 127.0.0.1:49708 -> 127.0.0.1:8080 [proto: 131/HTTP_Proxy][cat: Web/5][1 pkts/199 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][PLAIN TEXT (GET /ec)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 790 TCP 127.0.0.1:49710 -> 127.0.0.1:8080 [proto: 131/HTTP_Proxy][cat: Web/5][1 pkts/199 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][PLAIN TEXT (GET /OAB HTTP/1.0)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 785 TCP 127.0.0.1:49692 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/199 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Risk: ** Known protocol on non standard port **][PLAIN TEXT (GET /EC)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 786 TCP 127.0.0.1:49694 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/199 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Risk: ** Known protocol on non standard port **][PLAIN TEXT (SGET /EWS HTTP/1.0)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 787 TCP 127.0.0.1:49700 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/199 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Risk: ** Known protocol on non standard port **][PLAIN TEXT (GET /OWA HTTP/1.0)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 788 TCP 127.0.0.1:49704 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/199 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Risk: ** Known protocol on non standard port **][PLAIN TEXT (GET /Rpc HTTP/1.0)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 789 TCP 127.0.0.1:49708 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/199 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Risk: ** Known protocol on non standard port **][PLAIN TEXT (GET /ec)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 790 TCP 127.0.0.1:49710 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/199 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Risk: ** Known protocol on non standard port **][PLAIN TEXT (GET /OAB HTTP/1.0)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 791 TCP 127.0.0.1:49548 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/198 bytes -> 0 pkts/0 bytes][Goodput ratio: 66/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 792 TCP 127.0.0.1:51078 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/198 bytes -> 0 pkts/0 bytes][Goodput ratio: 66/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/?-s][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:006523)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **][PLAIN TEXT (s HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 793 TCP 127.0.0.1:49546 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/196 bytes -> 0 pkts/0 bytes][Goodput ratio: 66/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:getinfo)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 794 TCP 127.0.0.1:49680 -> 127.0.0.1:8080 [proto: 131/HTTP_Proxy][cat: Web/5][1 pkts/196 bytes -> 0 pkts/0 bytes][Goodput ratio: 66/0][< 1 sec][PLAIN TEXT (HGET / HTTP/1.0)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 794 TCP 127.0.0.1:49680 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/196 bytes -> 0 pkts/0 bytes][Goodput ratio: 66/0][< 1 sec][Risk: ** Known protocol on non standard port **][PLAIN TEXT (HGET / HTTP/1.0)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 795 TCP 127.0.0.1:50418 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/196 bytes -> 0 pkts/0 bytes][Goodput ratio: 66/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:favicon)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 796 TCP 127.0.0.1:49642 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/194 bytes -> 0 pkts/0 bytes][Goodput ratio: 66/0][< 1 sec][Host: 127.0.0.1][URL: 127.0.0.1/][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:paths)][Risk: ** Known protocol on non standard port **** HTTP Numeric IP Address **][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 797 TCP 127.0.0.1:49720 -> 127.0.0.1:8080 [proto: 131/HTTP_Proxy][cat: Web/5][1 pkts/189 bytes -> 0 pkts/0 bytes][Goodput ratio: 65/0][< 1 sec][PLAIN TEXT (iGET / HTTP/1.0)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 797 TCP 127.0.0.1:49720 -> 127.0.0.1:8080 [proto: 131.7/HTTP_Proxy.HTTP][cat: Web/5][1 pkts/189 bytes -> 0 pkts/0 bytes][Goodput ratio: 65/0][< 1 sec][Risk: ** Known protocol on non standard port **][PLAIN TEXT (iGET / HTTP/1.0)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/netflix.pcap.out b/tests/result/netflix.pcap.out index 58d7af48b..ef4a63dd8 100644 --- a/tests/result/netflix.pcap.out +++ b/tests/result/netflix.pcap.out @@ -18,28 +18,28 @@ JA3 Host Stats: 7 TCP 192.168.1.7:53149 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][40 pkts/3413 bytes <-> 86 pkts/125190 bytes][Goodput ratio: 7/95][34.92 sec][Host: art-2.nflximg.net][bytes ratio: -0.947 (Download)][IAT c2s/s2c min/avg/max/stddev: 6/12 1101/41 30978/402 5647/66][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 85/1456 311/1514 38/274][URL: art-2.nflximg.net/5758c/bb636e44b87ef854c331ed7b7b6e157e4945758c.jpg][StatusCode: 200][Content-Type: image/jpeg][User-Agent: Argo/9.1.0 (iPhone; iOS 10.2; Scale/2.00)][PLAIN TEXT (GET /5758)][Plen Bins: 0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,97,0,0] 8 TCP 192.168.1.7:53116 <-> 52.32.196.36:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][75 pkts/31024 bytes <-> 73 pkts/42930 bytes][Goodput ratio: 84/89][47.10 sec][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.161 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 744/738 30450/30505 3962/4075][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 414/588 1514/1514 553/594][TLSv1.2][Client: api-global.netflix.com][JA3C: c07cb55f88702033a8f52c046d23e0b2][ServerNames: api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com][Certificate SHA-1: FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 2,18,2,1,1,2,3,1,1,1,0,1,0,0,1,1,3,0,1,1,1,3,0,1,0,2,1,1,0,0,2,2,1,1,0,0,1,0,0,0,0,0,0,3,0,35,0,0] 9 TCP 192.168.1.7:53193 <-> 54.191.17.51:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][46 pkts/50218 bytes <-> 25 pkts/7943 bytes][Goodput ratio: 94/78][53.21 sec][bytes ratio: 0.727 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1378/2893 51181/51242 8188/11726][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1092/318 1514/1514 615/491][Risk: ** TLS (probably) not carrying HTTPS **][TLSv1.2][Client: ios.nccp.netflix.com][JA3C: dc67ac8aaf8d7f69ecd6598135448f24][ServerNames: *.nccp.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos][Subject: CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos][Certificate SHA-1: 97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33][Validity: 2001-01-17 20:32:09 - 2018-03-24 20:32:09][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,10,0,2,0,0,0,0,4,0,0,0,0,0,0,2,2,0,2,0,0,0,0,0,0,0,0,0,0,0,2,2,0,2,0,0,0,0,0,0,0,0,0,0,0,71,0,0] - 10 TCP 192.168.1.7:53164 <-> 23.246.10.139:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][24 pkts/2040 bytes <-> 34 pkts/45136 bytes][Goodput ratio: 17/95][1.88 sec][bytes ratio: -0.914 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 77/62 638/579 155/122][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 85/1328 422/1514 71/457][URL: 23.246.10.139/range/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-djGXIcbFBNzyfugqEWcrgtCpyY&random=34073607][StatusCode: 200][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,90,0,0] - 11 TCP 192.168.1.7:53171 <-> 23.246.3.140:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][21 pkts/1868 bytes <-> 34 pkts/45139 bytes][Goodput ratio: 19/95][2.09 sec][bytes ratio: -0.921 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/2 70/47 708/633 171/121][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 89/1328 420/1514 75/457][URL: 23.246.3.140/range/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-8u4vlcPuFqcOLnLyb9DDtK-bB4&random=357509657][StatusCode: 200][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,90,0,0] + 10 TCP 192.168.1.7:53164 <-> 23.246.10.139:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][24 pkts/2040 bytes <-> 34 pkts/45136 bytes][Goodput ratio: 17/95][1.88 sec][Host: 23.246.10.139][bytes ratio: -0.914 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 77/62 638/579 155/122][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 85/1328 422/1514 71/457][URL: 23.246.10.139/range/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-djGXIcbFBNzyfugqEWcrgtCpyY&random=34073607][StatusCode: 200][User-Agent: netflix-ios-app][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,90,0,0] + 11 TCP 192.168.1.7:53171 <-> 23.246.3.140:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][21 pkts/1868 bytes <-> 34 pkts/45139 bytes][Goodput ratio: 19/95][2.09 sec][Host: 23.246.3.140][bytes ratio: -0.921 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/2 70/47 708/633 171/121][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 89/1328 420/1514 75/457][URL: 23.246.3.140/range/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-8u4vlcPuFqcOLnLyb9DDtK-bB4&random=357509657][StatusCode: 200][User-Agent: netflix-ios-app][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,90,0,0] 12 TCP 192.168.1.7:53148 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][31 pkts/2893 bytes <-> 32 pkts/44112 bytes][Goodput ratio: 17/95][42.46 sec][Host: art-2.nflximg.net][bytes ratio: -0.877 (Download)][IAT c2s/s2c min/avg/max/stddev: 11/0 425/43 3643/161 850/35][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 93/1378 312/1514 59/421][URL: art-2.nflximg.net/af7a5/362643424e775d0393ddb46e145c2375367af7a5.webp][StatusCode: 200][Content-Type: image/webp][User-Agent: Argo/9.1.0 (iPhone; iOS 10.2; Scale/2.00)][PLAIN TEXT (GET /af)][Plen Bins: 0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,93,0,0] - 13 TCP 192.168.1.7:53163 <-> 23.246.11.145:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][21 pkts/1826 bytes <-> 32 pkts/43179 bytes][Goodput ratio: 19/95][1.58 sec][bytes ratio: -0.919 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/4 53/52 354/582 87/111][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 87/1349 422/1514 75/443][URL: 23.246.11.145/range/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=5xfYVtna3GdYXL71uNs6DZ-X84Y&random=39307082][StatusCode: 200][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,93,0,0] + 13 TCP 192.168.1.7:53163 <-> 23.246.11.145:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][21 pkts/1826 bytes <-> 32 pkts/43179 bytes][Goodput ratio: 19/95][1.58 sec][Host: 23.246.11.145][bytes ratio: -0.919 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/4 53/52 354/582 87/111][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 87/1349 422/1514 75/443][URL: 23.246.11.145/range/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=5xfYVtna3GdYXL71uNs6DZ-X84Y&random=39307082][StatusCode: 200][User-Agent: netflix-ios-app][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,93,0,0] 14 TCP 192.168.1.7:53133 <-> 52.89.39.139:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][30 pkts/6328 bytes <-> 39 pkts/37610 bytes][Goodput ratio: 69/93][38.50 sec][bytes ratio: -0.712 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1640/1232 30390/30443 6288/5475][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 211/964 1514/1514 376/637][Risk: ** TLS (probably) not carrying HTTPS **][TLSv1.2][Client: api-global.netflix.com][JA3C: 7e72698146290dd68239f788a452e7d8][ServerNames: api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com][Certificate SHA-1: FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 5,5,5,0,2,2,5,0,0,0,0,0,0,0,2,2,0,0,0,2,0,2,0,0,0,0,0,0,0,2,5,0,0,0,0,0,0,0,0,0,0,0,2,0,0,57,0,0] 15 TCP 192.168.1.7:53252 <-> 184.25.204.10:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][12 pkts/1221 bytes <-> 29 pkts/41018 bytes][Goodput ratio: 20/95][1.39 sec][Host: art-1.nflximg.net][bytes ratio: -0.942 (Download)][IAT c2s/s2c min/avg/max/stddev: 11/0 28/35 45/81 10/18][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 102/1414 311/1514 64/366][URL: art-1.nflximg.net/8b1fa/eaa1b78cd72ca4dbdcab527691d2fcab37c8b1fa.jpg][StatusCode: 200][Content-Type: image/jpeg][User-Agent: Argo/9.1.0 (iPhone; iOS 10.2; Scale/2.00)][PLAIN TEXT (GET /8b)][Plen Bins: 0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,96,0,0] - 16 TCP 192.168.1.7:53179 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][31 pkts/2596 bytes <-> 29 pkts/37544 bytes][Goodput ratio: 14/95][7.33 sec][bytes ratio: -0.871 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 267/77 1392/465 372/115][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 84/1295 424/1514 63/489][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJJiXLBugGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpPflHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JqTg0NiANIn4-aRwn3uKtWdoQ7M&random=114897][StatusCode: 200][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (czGET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,89,0,0] + 16 TCP 192.168.1.7:53179 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][31 pkts/2596 bytes <-> 29 pkts/37544 bytes][Goodput ratio: 14/95][7.33 sec][Host: 23.246.11.141][bytes ratio: -0.871 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 267/77 1392/465 372/115][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 84/1295 424/1514 63/489][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJJiXLBugGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpPflHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JqTg0NiANIn4-aRwn3uKtWdoQ7M&random=114897][StatusCode: 200][User-Agent: netflix-ios-app][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (czGET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,89,0,0] 17 TCP 192.168.1.7:53251 <-> 184.25.204.10:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][16 pkts/1558 bytes <-> 25 pkts/33413 bytes][Goodput ratio: 31/95][2.07 sec][Host: art-1.nflximg.net][bytes ratio: -0.911 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 166/94 1389/1416 394/300][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 97/1337 311/1514 81/428][URL: art-1.nflximg.net/4e36d/6289889020d6cc6dfb3038c35564a41e1ca4e36d.jpg][StatusCode: 200][Content-Type: image/jpeg][User-Agent: Argo/9.1.0 (iPhone; iOS 10.2; Scale/2.00)][PLAIN TEXT (GET /4e)][Plen Bins: 0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,84,0,0] 18 TCP 192.168.1.7:53151 <-> 54.201.191.132:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][15 pkts/3626 bytes <-> 26 pkts/29544 bytes][Goodput ratio: 72/94][31.31 sec][Host: appboot.netflix.com][bytes ratio: -0.781 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3092/21 30728/135 9212/28][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 242/1136 1514/1514 405/584][URL: appboot.netflix.com/appboot/NFAPPL-02-][StatusCode: 0][User-Agent: Argo/900 CFNetwork/808.2.16 Darwin/16.3.0][PLAIN TEXT (POST /appboot/NFAPPL)][Plen Bins: 0,0,0,0,0,0,0,0,0,4,4,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,4,0,0,0,4,0,0,0,0,0,0,0,4,0,0,0,0,0,0,75,0,0] - 19 TCP 192.168.1.7:53182 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][33 pkts/2732 bytes <-> 25 pkts/30064 bytes][Goodput ratio: 13/94][7.16 sec][bytes ratio: -0.833 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 254/199 1162/1131 295/282][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 83/1203 424/1514 61/564][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJZ2VKhqgGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzTho_flHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=LQ7LyXSnZaXKEHAHaRRHk-S7dKE&random=420981][StatusCode: 200][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (GET /range/0)][Plen Bins: 4,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,83,0,0] - 20 TCP 192.168.1.7:53173 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][24 pkts/2041 bytes <-> 25 pkts/30064 bytes][Goodput ratio: 17/94][5.93 sec][bytes ratio: -0.873 (Download)][IAT c2s/s2c min/avg/max/stddev: 4/4 245/165 985/775 248/180][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 85/1203 423/1514 71/564][URL: 23.246.11.133/range/0-65535?o=AQEfKq2oMrLRiWL1ouVaJZ2bLBChGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_ngHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=SixKQmLLJNvShj-pfML-2h4QaqQ&random=727666][StatusCode: 200][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (GET /range/0)][Plen Bins: 4,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,83,0,0] - 21 TCP 192.168.1.7:53175 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][31 pkts/2571 bytes <-> 22 pkts/28042 bytes][Goodput ratio: 14/95][7.15 sec][bytes ratio: -0.832 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/4 265/326 1355/1382 337/387][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 83/1275 423/1514 62/517][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJJ2TLhuiGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpP7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=Dh278u2UpApOCGUj5RxV8azNWX8&random=323765][StatusCode: 200][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,90,0,0] + 19 TCP 192.168.1.7:53182 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][33 pkts/2732 bytes <-> 25 pkts/30064 bytes][Goodput ratio: 13/94][7.16 sec][Host: 23.246.11.141][bytes ratio: -0.833 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 254/199 1162/1131 295/282][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 83/1203 424/1514 61/564][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJZ2VKhqgGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzTho_flHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=LQ7LyXSnZaXKEHAHaRRHk-S7dKE&random=420981][StatusCode: 200][User-Agent: netflix-ios-app][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (GET /range/0)][Plen Bins: 4,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,83,0,0] + 20 TCP 192.168.1.7:53173 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][24 pkts/2041 bytes <-> 25 pkts/30064 bytes][Goodput ratio: 17/94][5.93 sec][Host: 23.246.11.133][bytes ratio: -0.873 (Download)][IAT c2s/s2c min/avg/max/stddev: 4/4 245/165 985/775 248/180][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 85/1203 423/1514 71/564][URL: 23.246.11.133/range/0-65535?o=AQEfKq2oMrLRiWL1ouVaJZ2bLBChGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_ngHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=SixKQmLLJNvShj-pfML-2h4QaqQ&random=727666][StatusCode: 200][User-Agent: netflix-ios-app][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (GET /range/0)][Plen Bins: 4,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,83,0,0] + 21 TCP 192.168.1.7:53175 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][31 pkts/2571 bytes <-> 22 pkts/28042 bytes][Goodput ratio: 14/95][7.15 sec][Host: 23.246.11.141][bytes ratio: -0.832 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/4 265/326 1355/1382 337/387][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 83/1275 423/1514 62/517][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJJ2TLhuiGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpP7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=Dh278u2UpApOCGUj5RxV8azNWX8&random=323765][StatusCode: 200][User-Agent: netflix-ios-app][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,90,0,0] 22 TCP 192.168.1.7:53239 <-> 52.41.30.5:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][22 pkts/6384 bytes <-> 26 pkts/23277 bytes][Goodput ratio: 77/93][1.73 sec][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.570 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 48/42 437/291 101/61][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 290/895 1514/1514 442/626][TLSv1.2][Client: api-global.netflix.com][JA3C: d8bfad189bd26664e04570c104ee8418][ServerNames: api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com][Certificate SHA-1: FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 3,10,3,0,0,0,3,0,0,0,0,0,3,6,0,0,3,0,0,3,0,3,0,3,0,0,0,0,0,0,3,0,3,0,0,0,0,0,0,0,0,0,0,3,0,47,0,0] - 23 TCP 192.168.1.7:53177 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][32 pkts/2572 bytes <-> 23 pkts/26661 bytes][Goodput ratio: 14/94][7.05 sec][bytes ratio: -0.824 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 248/271 635/1046 213/317][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 80/1159 426/1514 62/603][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQIpyTIBGjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_biCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=8Z78vL2i9OzihCA3M1LinMYcMY4&random=2386][StatusCode: 200][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (fGET /range/0)][Plen Bins: 0,5,0,0,0,0,0,0,0,0,0,5,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,80,0,0] - 24 TCP 192.168.1.7:53176 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][36 pkts/3030 bytes <-> 21 pkts/25455 bytes][Goodput ratio: 12/95][8.05 sec][bytes ratio: -0.787 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/4 258/237 1250/1203 331/381][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 84/1212 424/1514 58/551][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJJqTIRqhGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_vlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=TnP59JB1wb5UTOCr0m-KQU2kGPo&random=413473][StatusCode: 200][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,84,0,0] - 25 TCP 192.168.1.7:53180 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][34 pkts/2864 bytes <-> 21 pkts/25456 bytes][Goodput ratio: 13/95][5.76 sec][bytes ratio: -0.798 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 168/223 1162/1317 246/337][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 84/1212 426/1514 60/551][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJ5yTLBCkGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_3mCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=r5jtnnEcR8hDCkPImfEiWqWAjKk&random=1846][StatusCode: 200][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,84,0,0] - 26 TCP 192.168.1.7:53178 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][30 pkts/2553 bytes <-> 22 pkts/25510 bytes][Goodput ratio: 14/94][7.56 sec][bytes ratio: -0.818 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/4 298/146 1317/530 354/131][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 85/1160 423/1514 63/590][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJJmULRajGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpfblHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=zezrDJDQvgO2TiYC1dT3imH4QC8&random=169467][StatusCode: 200][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,84,0,0] + 23 TCP 192.168.1.7:53177 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][32 pkts/2572 bytes <-> 23 pkts/26661 bytes][Goodput ratio: 14/94][7.05 sec][Host: 23.246.11.141][bytes ratio: -0.824 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 248/271 635/1046 213/317][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 80/1159 426/1514 62/603][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQIpyTIBGjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_biCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=8Z78vL2i9OzihCA3M1LinMYcMY4&random=2386][StatusCode: 200][User-Agent: netflix-ios-app][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (fGET /range/0)][Plen Bins: 0,5,0,0,0,0,0,0,0,0,0,5,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,80,0,0] + 24 TCP 192.168.1.7:53176 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][36 pkts/3030 bytes <-> 21 pkts/25455 bytes][Goodput ratio: 12/95][8.05 sec][Host: 23.246.11.141][bytes ratio: -0.787 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/4 258/237 1250/1203 331/381][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 84/1212 424/1514 58/551][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJJqTIRqhGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_vlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=TnP59JB1wb5UTOCr0m-KQU2kGPo&random=413473][StatusCode: 200][User-Agent: netflix-ios-app][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,84,0,0] + 25 TCP 192.168.1.7:53180 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][34 pkts/2864 bytes <-> 21 pkts/25456 bytes][Goodput ratio: 13/95][5.76 sec][Host: 23.246.11.141][bytes ratio: -0.798 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 168/223 1162/1317 246/337][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 84/1212 426/1514 60/551][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJ5yTLBCkGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_3mCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=r5jtnnEcR8hDCkPImfEiWqWAjKk&random=1846][StatusCode: 200][User-Agent: netflix-ios-app][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,84,0,0] + 26 TCP 192.168.1.7:53178 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][30 pkts/2553 bytes <-> 22 pkts/25510 bytes][Goodput ratio: 14/94][7.56 sec][Host: 23.246.11.141][bytes ratio: -0.818 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/4 298/146 1317/530 354/131][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 85/1160 423/1514 63/590][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJJmULRajGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpfblHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=zezrDJDQvgO2TiYC1dT3imH4QC8&random=169467][StatusCode: 200][User-Agent: netflix-ios-app][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,84,0,0] 27 TCP 192.168.1.7:53203 <-> 52.37.36.252:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][28 pkts/22704 bytes <-> 17 pkts/5248 bytes][Goodput ratio: 92/78][32.21 sec][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: 0.624 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 48/84 332/331 94/95][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 811/309 1514/1514 700/493][TLSv1.2][Client: ichnaea.netflix.com][JA3C: c07cb55f88702033a8f52c046d23e0b2][ServerNames: ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com][Certificate SHA-1: 50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 8,8,4,0,0,4,0,4,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,60,0,0] 28 TCP 192.168.1.7:53249 <-> 52.41.30.5:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][25 pkts/5934 bytes <-> 27 pkts/19952 bytes][Goodput ratio: 72/91][0.86 sec][bytes ratio: -0.542 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 31/33 266/316 64/70][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 237/739 1514/1514 407/542][Risk: ** TLS (probably) not carrying HTTPS **][TLSv1.2][Client: api-global.netflix.com][JA3C: 7e72698146290dd68239f788a452e7d8][JA3S: 303951d4c50efb2e991652225a6f02b1][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 3,3,0,0,3,3,3,0,0,0,0,3,0,3,3,7,0,0,7,7,3,3,0,3,0,0,0,0,0,3,0,0,0,0,0,0,0,0,3,0,0,3,0,0,0,30,0,0] - 29 TCP 192.168.1.7:53174 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][35 pkts/2920 bytes <-> 19 pkts/22428 bytes][Goodput ratio: 12/94][7.38 sec][bytes ratio: -0.770 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/0 222/250 636/1132 227/337][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 83/1180 424/1514 59/570][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJpmQIRekGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThrvnlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=mQfOf90-RY2Gd2ii20KJpCcYQVk&random=134564][StatusCode: 200][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,83,0,0] - 30 TCP 192.168.1.7:53181 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][34 pkts/2879 bytes <-> 20 pkts/22373 bytes][Goodput ratio: 12/94][8.26 sec][bytes ratio: -0.772 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 238/289 1152/1208 301/406][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 85/1119 425/1514 60/614][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQLJ2TIBepGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpPbiCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=tTXu3c6FnJtfi6z0IJp3hw8eDv8&random=1294][StatusCode: 200][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,5,0,0,5,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,84,0,0] - 31 TCP 192.168.1.7:53172 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][30 pkts/2610 bytes <-> 20 pkts/22422 bytes][Goodput ratio: 14/94][7.09 sec][bytes ratio: -0.791 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 255/290 811/1178 267/325][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 87/1121 424/1514 63/611][URL: 23.246.11.133/range/0-65535?o=AQEfKq2oMrLRiWL1ouVaJpeQLBWjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JfEef80K02ynIjLLoi-HZB1uQ10&random=247333][StatusCode: 200][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,5,0,5,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,84,0,0] + 29 TCP 192.168.1.7:53174 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][35 pkts/2920 bytes <-> 19 pkts/22428 bytes][Goodput ratio: 12/94][7.38 sec][Host: 23.246.11.141][bytes ratio: -0.770 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/0 222/250 636/1132 227/337][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 83/1180 424/1514 59/570][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJpmQIRekGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThrvnlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=mQfOf90-RY2Gd2ii20KJpCcYQVk&random=134564][StatusCode: 200][User-Agent: netflix-ios-app][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,83,0,0] + 30 TCP 192.168.1.7:53181 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][34 pkts/2879 bytes <-> 20 pkts/22373 bytes][Goodput ratio: 12/94][8.26 sec][Host: 23.246.11.141][bytes ratio: -0.772 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 238/289 1152/1208 301/406][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 85/1119 425/1514 60/614][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQLJ2TIBepGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpPbiCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=tTXu3c6FnJtfi6z0IJp3hw8eDv8&random=1294][StatusCode: 200][User-Agent: netflix-ios-app][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,5,0,0,5,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,84,0,0] + 31 TCP 192.168.1.7:53172 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][30 pkts/2610 bytes <-> 20 pkts/22422 bytes][Goodput ratio: 14/94][7.09 sec][Host: 23.246.11.133][bytes ratio: -0.791 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 255/290 811/1178 267/325][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 87/1121 424/1514 63/611][URL: 23.246.11.133/range/0-65535?o=AQEfKq2oMrLRiWL1ouVaJpeQLBWjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JfEef80K02ynIjLLoi-HZB1uQ10&random=247333][StatusCode: 200][User-Agent: netflix-ios-app][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,5,0,5,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,84,0,0] 32 TCP 192.168.1.7:53202 <-> 54.191.17.51:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][22 pkts/10686 bytes <-> 16 pkts/7850 bytes][Goodput ratio: 86/86][0.92 sec][bytes ratio: 0.153 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 46/54 282/127 72/35][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 486/491 1514/1514 603/610][Risk: ** TLS (probably) not carrying HTTPS **][TLSv1.2][Client: ios.nccp.netflix.com][JA3C: dc67ac8aaf8d7f69ecd6598135448f24][ServerNames: *.nccp.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos][Subject: CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos][Certificate SHA-1: 97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33][Validity: 2001-01-17 20:32:09 - 2018-03-24 20:32:09][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 10,15,0,5,0,0,0,0,0,0,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,5,0,0,0,5,0,0,0,0,0,0,5,37,0,0] 33 TCP 192.168.1.7:53152 <-> 52.89.39.139:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][14 pkts/10001 bytes <-> 13 pkts/6504 bytes][Goodput ratio: 91/87][31.72 sec][Host: api-global.netflix.com][bytes ratio: 0.212 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/5 2877/42 31088/123 8921/33][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 714/500 1514/1514 676/651][URL: api-global.netflix.com/msl/nrdjs/2.1.2][StatusCode: 0][User-Agent: Argo/900 CFNetwork/808.2.16 Darwin/16.3.0][PLAIN TEXT (POST /msl/nrdjs/2.1.2 HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,9,0,0,0,0,72,0,0] 34 TCP 192.168.1.7:53162 <-> 54.191.17.51:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][18 pkts/5661 bytes <-> 13 pkts/9059 bytes][Goodput ratio: 79/90][1.01 sec][bytes ratio: -0.231 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 65/96 322/423 89/121][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 314/697 1514/1514 477/667][Risk: ** TLS (probably) not carrying HTTPS **][TLSv1.2][Client: ios.nccp.netflix.com][JA3C: dc67ac8aaf8d7f69ecd6598135448f24][ServerNames: *.nccp.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos][Subject: CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos][Certificate SHA-1: 97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33][Validity: 2001-01-17 20:32:09 - 2018-03-24 20:32:09][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 13,13,0,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,6,0,0,0,6,0,0,0,0,6,0,0,34,0,0] |