diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2022-10-25 17:06:29 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-10-25 17:06:29 +0200 |
| commit | ca5ffc498873805c07a29c6d8af3e995963c055d (patch) | |
| tree | efbc859babc7668069c9576b54439ffe10cc9859 | |
| parent | 2ed2e5dc7e072d41065a7c04da5db598150c71fa (diff) | |
TLS: improve handling of ALPN(s) (#1784)
Tell "Advertised" ALPN list from "Negotiated" ALPN; the former is
extracted from the CH, the latter from the SH.
Add some entries to the known ALPN list.
Fix printing of "TLS Supported Versions" field.
99 files changed, 826 insertions, 822 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 2e206b578..96dd46881 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -767,7 +767,7 @@ void printCSVHeader() { fprintf(csv_fp, "server_info,"); fprintf(csv_fp, "tls_version,ja3c,tls_client_unsafe,"); fprintf(csv_fp, "ja3s,tls_server_unsafe,"); - fprintf(csv_fp, "tls_alpn,tls_supported_versions,"); + fprintf(csv_fp, "advertised_alpns,negotiated_alpn,tls_supported_versions,"); #if 0 fprintf(csv_fp, "tls_issuerDN,tls_subjectDN,"); #endif @@ -1341,8 +1341,9 @@ static void printFlow(u_int32_t id, struct ndpi_flow_info *flow, u_int16_t threa (flow->ssh_tls.ja3_server[0] != '\0') ? flow->ssh_tls.ja3_server : "", (flow->ssh_tls.ja3_server[0] != '\0') ? is_unsafe_cipher(flow->ssh_tls.server_unsafe_cipher) : "0"); - fprintf(csv_fp, "%s,%s,", - flow->ssh_tls.tls_alpn ? flow->ssh_tls.tls_alpn : "", + fprintf(csv_fp, "%s,%s,%s,", + flow->ssh_tls.advertised_alpns ? flow->ssh_tls.advertised_alpns : "", + flow->ssh_tls.negotiated_alpn ? flow->ssh_tls.negotiated_alpn : "", flow->ssh_tls.tls_supported_versions ? flow->ssh_tls.tls_supported_versions : "" ); @@ -1541,16 +1542,16 @@ static void printFlow(u_int32_t id, struct ndpi_flow_info *flow, u_int16_t threa } } break; + } - case INFO_TLS_QUIC_ALPN_VERSION: - fprintf(out, "[ALPN: %s][TLS Supported Versions: %s]", - flow->tls_quic.alpn, flow->tls_quic.tls_supported_versions); - break; + if(flow->ssh_tls.advertised_alpns) + fprintf(out, "[(Advertised) ALPNs: %s]", flow->ssh_tls.advertised_alpns); - case INFO_TLS_QUIC_ALPN_ONLY: - fprintf(out, "[ALPN: %s]", flow->tls_quic.alpn); - break; - } + if(flow->ssh_tls.negotiated_alpn) + fprintf(out, "[(Negotiated) ALPN: %s]", flow->ssh_tls.negotiated_alpn); + + if(flow->ssh_tls.tls_supported_versions) + fprintf(out, "[TLS Supported Versions: %s]", flow->ssh_tls.tls_supported_versions); if(flow->flow_extra_info[0] != '\0') fprintf(out, "[%s]", flow->flow_extra_info); @@ -3249,14 +3250,14 @@ static void printFlowsStats() { || (all_flows[i].flow->detected_protocol.app_protocol == NDPI_PROTOCOL_TLS) || (all_flows[i].flow->detected_protocol.app_protocol == NDPI_PROTOCOL_DOH_DOT) ) - && all_flows[i].flow->ssh_tls.tls_alpn /* ALPN */ + && all_flows[i].flow->ssh_tls.advertised_alpns /* ALPN */ ) { if(check_bin_doh_similarity(&bins[i], &s)) printf("[DoH (%f distance)]", s); else printf("[NO DoH (%f distance)]", s); } else { - if(all_flows[i].flow->ssh_tls.tls_alpn == NULL) + if(all_flows[i].flow->ssh_tls.advertised_alpns == NULL) printf("[NO DoH check: missing ALPN]"); } } diff --git a/example/ndpiSimpleIntegration.c b/example/ndpiSimpleIntegration.c index 604fef242..81ac179da 100644 --- a/example/ndpiSimpleIntegration.c +++ b/example/ndpiSimpleIntegration.c @@ -943,7 +943,7 @@ static void ndpi_process_packet(uint8_t * const args, { uint8_t unknown_tls_version = 0; char buf_ver[16]; - printf("[%8llu, %d, %4d][TLS-CLIENT-HELLO] version: %s | sni: %s | alpn: %s\n", + printf("[%8llu, %d, %4d][TLS-CLIENT-HELLO] version: %s | sni: %s | (advertised) ALPNs: %s\n", workflow->packets_captured, reader_thread->array_index, flow_to_process->flow_id, @@ -951,8 +951,8 @@ static void ndpi_process_packet(uint8_t * const args, flow_to_process->ndpi_flow->protos.tls_quic.ssl_version, &unknown_tls_version), flow_to_process->ndpi_flow->host_server_name, - (flow_to_process->ndpi_flow->protos.tls_quic.alpn != NULL ? - flow_to_process->ndpi_flow->protos.tls_quic.alpn : "-")); + (flow_to_process->ndpi_flow->protos.tls_quic.advertised_alpns != NULL ? + flow_to_process->ndpi_flow->protos.tls_quic.advertised_alpns : "-")); flow_to_process->tls_client_hello_seen = 1; } if (flow_to_process->tls_server_hello_seen == 0 && diff --git a/example/reader_util.c b/example/reader_util.c index 498c834f8..ba8031185 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -480,9 +480,14 @@ static void ndpi_free_flow_tls_data(struct ndpi_flow_info *flow) { flow->ssh_tls.server_names = NULL; } - if(flow->ssh_tls.tls_alpn) { - ndpi_free(flow->ssh_tls.tls_alpn); - flow->ssh_tls.tls_alpn = NULL; + if(flow->ssh_tls.advertised_alpns) { + ndpi_free(flow->ssh_tls.advertised_alpns); + flow->ssh_tls.advertised_alpns = NULL; + } + + if(flow->ssh_tls.negotiated_alpn) { + ndpi_free(flow->ssh_tls.negotiated_alpn); + flow->ssh_tls.negotiated_alpn = NULL; } if(flow->ssh_tls.tls_supported_versions) { @@ -1248,11 +1253,6 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl flow->ssh_tls.browser_heuristics = flow->ndpi_flow->protos.tls_quic.browser_heuristics; - if(flow->ndpi_flow->protos.tls_quic.alpn) { - if((flow->ssh_tls.tls_alpn = ndpi_strdup(flow->ndpi_flow->protos.tls_quic.alpn)) != NULL) - correct_csv_data_field(flow->ssh_tls.tls_alpn); - } - if(flow->ndpi_flow->protos.tls_quic.issuerDN) flow->ssh_tls.tls_issuerDN = strdup(flow->ndpi_flow->protos.tls_quic.issuerDN); @@ -1264,28 +1264,19 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl flow->ssh_tls.encrypted_sni.cipher_suite = flow->ndpi_flow->protos.tls_quic.encrypted_sni.cipher_suite; } - if(flow->ssh_tls.tls_supported_versions) { + if(flow->ndpi_flow->protos.tls_quic.tls_supported_versions) { if((flow->ssh_tls.tls_supported_versions = ndpi_strdup(flow->ndpi_flow->protos.tls_quic.tls_supported_versions)) != NULL) correct_csv_data_field(flow->ssh_tls.tls_supported_versions); } - if(flow->ndpi_flow->protos.tls_quic.alpn - && flow->ndpi_flow->protos.tls_quic.tls_supported_versions) { - correct_csv_data_field(flow->ndpi_flow->protos.tls_quic.alpn); - correct_csv_data_field(flow->ndpi_flow->protos.tls_quic.tls_supported_versions); - - flow->info_type = INFO_TLS_QUIC_ALPN_VERSION; - ndpi_snprintf(flow->tls_quic.alpn, sizeof(flow->tls_quic.alpn), "%s", - flow->ndpi_flow->protos.tls_quic.alpn); - ndpi_snprintf(flow->tls_quic.tls_supported_versions, - sizeof(flow->tls_quic.tls_supported_versions), - "%s", flow->ndpi_flow->protos.tls_quic.tls_supported_versions); - } else if(flow->ndpi_flow->protos.tls_quic.alpn) { - correct_csv_data_field(flow->ndpi_flow->protos.tls_quic.alpn); - - flow->info_type = INFO_TLS_QUIC_ALPN_ONLY; - ndpi_snprintf(flow->tls_quic.alpn, sizeof(flow->tls_quic.alpn), "%s", - flow->ndpi_flow->protos.tls_quic.alpn); + if(flow->ndpi_flow->protos.tls_quic.advertised_alpns) { + if((flow->ssh_tls.advertised_alpns = ndpi_strdup(flow->ndpi_flow->protos.tls_quic.advertised_alpns)) != NULL) + correct_csv_data_field(flow->ssh_tls.advertised_alpns); + } + + if(flow->ndpi_flow->protos.tls_quic.negotiated_alpn) { + if((flow->ssh_tls.negotiated_alpn = ndpi_strdup(flow->ndpi_flow->protos.tls_quic.negotiated_alpn)) != NULL) + correct_csv_data_field(flow->ssh_tls.negotiated_alpn); } if(enable_doh_dot_detection) { diff --git a/example/reader_util.h b/example/reader_util.h index 6a9c7cd40..d8c02c8b6 100644 --- a/example/reader_util.h +++ b/example/reader_util.h @@ -165,8 +165,6 @@ enum info_type { INFO_SOFTETHER, INFO_TIVOCONNECT, INFO_FTP_IMAP_POP_SMTP, - INFO_TLS_QUIC_ALPN_VERSION, - INFO_TLS_QUIC_ALPN_ONLY, INFO_NATPMP, }; @@ -217,10 +215,6 @@ typedef struct ndpi_flow_info { union { char info[256]; struct { - char alpn[128]; - char tls_supported_versions[128]; - } tls_quic; - struct { unsigned char auth_failed; char username[127]; char password[128]; @@ -263,7 +257,7 @@ typedef struct ndpi_flow_info { u_int16_t ssl_version; char server_info[64], client_hassh[33], server_hassh[33], *server_names, - *tls_alpn, *tls_supported_versions, + *advertised_alpns, *negotiated_alpn, *tls_supported_versions, *tls_issuerDN, *tls_subjectDN, ja3_client[33], ja3_server[33], sha1_cert_fingerprint[20]; diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 5b8a9c52b..33ccd93ec 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -1404,7 +1404,7 @@ struct ndpi_flow_struct { } softether; struct { - char *server_names, *alpn, *tls_supported_versions, *issuerDN, *subjectDN; + char *server_names, *advertised_alpns, *negotiated_alpn, *tls_supported_versions, *issuerDN, *subjectDN; u_int32_t notBefore, notAfter; char ja3_client[33], ja3_server[33]; u_int16_t server_cipher; @@ -1578,11 +1578,11 @@ struct ndpi_flow_struct { #if !defined(NDPI_CFFI_PREPROCESSING) && defined(__linux__) #if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L -_Static_assert(sizeof(((struct ndpi_flow_struct *)0)->protos) <= 200, - "Size of the struct member protocols increased to more than 200 bytes, " +_Static_assert(sizeof(((struct ndpi_flow_struct *)0)->protos) <= 208, + "Size of the struct member protocols increased to more than 208 bytes, " "please check if this change is necessary."); -_Static_assert(sizeof(struct ndpi_flow_struct) <= 920, - "Size of the flow struct increased to more than 920 bytes, " +_Static_assert(sizeof(struct ndpi_flow_struct) <= 928, + "Size of the flow struct increased to more than 928 bytes, " "please check if this change is necessary."); #endif #endif diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 2c4116745..285f43d2a 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -5070,8 +5070,11 @@ void ndpi_free_flow_data(struct ndpi_flow_struct* flow) { if(flow->protos.tls_quic.server_names) ndpi_free(flow->protos.tls_quic.server_names); - if(flow->protos.tls_quic.alpn) - ndpi_free(flow->protos.tls_quic.alpn); + if(flow->protos.tls_quic.advertised_alpns) + ndpi_free(flow->protos.tls_quic.advertised_alpns); + + if(flow->protos.tls_quic.negotiated_alpn) + ndpi_free(flow->protos.tls_quic.negotiated_alpn); if(flow->protos.tls_quic.tls_supported_versions) ndpi_free(flow->protos.tls_quic.tls_supported_versions); diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c index 255a1fa8e..b7c687033 100644 --- a/src/lib/ndpi_utils.c +++ b/src/lib/ndpi_utils.c @@ -1202,9 +1202,13 @@ static void ndpi_tls2json(ndpi_serializer *serializer, struct ndpi_flow_struct * { ndpi_serialize_string_string(serializer, "subjectDN", flow->protos.tls_quic.subjectDN); } - if(flow->protos.tls_quic.alpn) + if(flow->protos.tls_quic.advertised_alpns) { - ndpi_serialize_string_string(serializer, "alpn", flow->protos.tls_quic.alpn); + ndpi_serialize_string_string(serializer, "advertised_alpns", flow->protos.tls_quic.advertised_alpns); + } + if(flow->protos.tls_quic.negotiated_alpn) + { + ndpi_serialize_string_string(serializer, "negotiated_alpn", flow->protos.tls_quic.negotiated_alpn); } if(flow->protos.tls_quic.tls_supported_versions) { @@ -2559,8 +2563,8 @@ void load_common_alpns(struct ndpi_detection_module_struct *ndpi_str) { /* QUIC ALPNs */ "h3-T051", "h3-T050", - "h3-32", "h3-30", "h3-29", "h3-28", "h3-27", "h3-24", "h3-22", - "hq-30", "hq-29", "hq-28", "hq-27", + "h3-34", "h3-33", "h3-32", "h3-31", "h3-30", "h3-29", "h3-28", "h3-27", "h3-24", "h3-22", + "hq-34", "hq-33", "hq-32", "hq-31", "hq-30", "hq-29", "hq-28", "hq-27", "hq-interop", "h3-fb-05", "h1q-fb", "doq-i00", diff --git a/src/lib/protocols/quic.c b/src/lib/protocols/quic.c index cbfaa9fd1..433bc0261 100644 --- a/src/lib/protocols/quic.c +++ b/src/lib/protocols/quic.c @@ -1335,9 +1335,9 @@ static void process_tls(struct ndpi_detection_module_struct *ndpi_struct, flow->protos.tls_quic.ssl_version = 0x0304; /* DNS-over-QUIC: ALPN is "doq" or "doq-XXX" (for drafts versions) */ - if(flow->protos.tls_quic.alpn && - strncmp(flow->protos.tls_quic.alpn, "doq", 3) == 0) { - NDPI_LOG_DBG(ndpi_struct, "Found DOQ (ALPN: [%s])\n", flow->protos.tls_quic.alpn); + if(flow->protos.tls_quic.advertised_alpns && + strncmp(flow->protos.tls_quic.advertised_alpns, "doq", 3) == 0) { + NDPI_LOG_DBG(ndpi_struct, "Found DOQ (ALPN: [%s])\n", flow->protos.tls_quic.advertised_alpns); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DOH_DOT, NDPI_PROTOCOL_QUIC, NDPI_CONFIDENCE_DPI); } } diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index 869fe504b..fa40070f6 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -1261,11 +1261,11 @@ static void tls_subclassify_by_alpn(struct ndpi_detection_module_struct *ndpi_st struct ndpi_flow_struct *flow) { /* Right now we have only one rule so we can keep it trivial */ - if (!flow->protos.tls_quic.alpn) + if (!flow->protos.tls_quic.advertised_alpns) return; - if(strlen(flow->protos.tls_quic.alpn) > NDPI_STATICSTRING_LEN("anydesk/") && - strncmp(flow->protos.tls_quic.alpn, "anydesk/", NDPI_STATICSTRING_LEN("anydesk/")) == 0) { + if(strlen(flow->protos.tls_quic.advertised_alpns) > NDPI_STATICSTRING_LEN("anydesk/") && + strncmp(flow->protos.tls_quic.advertised_alpns, "anydesk/", NDPI_STATICSTRING_LEN("anydesk/")) == 0) { #ifdef DEBUG_TLS printf("Matching ANYDESK via alpn\n"); #endif @@ -1278,9 +1278,10 @@ static void tls_subclassify_by_alpn(struct ndpi_detection_module_struct *ndpi_st /* **************************************** */ static void tlsCheckUncommonALPN(struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_flow_struct *flow) { - char * alpn_start = flow->protos.tls_quic.alpn; + struct ndpi_flow_struct *flow, + char *alpn_start) { char * comma_or_nul = alpn_start; + do { size_t alpn_len; @@ -1555,7 +1556,7 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, u_int16_t s_offset = offset+4; u_int16_t tot_alpn_len = ntohs(*((u_int16_t*)&packet->payload[s_offset])); char alpn_str[256]; - u_int8_t alpn_str_len = 0, i; + u_int16_t alpn_str_len = 0, i; #ifdef DEBUG_TLS printf("Server TLS [ALPN: block_len=%u/len=%u]\n", extension_len, tot_alpn_len); @@ -1605,13 +1606,18 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, if(ndpi_normalize_printable_string(alpn_str, alpn_str_len) == 0) ndpi_set_risk(ndpi_struct, flow, NDPI_INVALID_CHARACTERS, alpn_str); - if(flow->protos.tls_quic.alpn == NULL) - flow->protos.tls_quic.alpn = ndpi_strdup(alpn_str); + if(flow->protos.tls_quic.negotiated_alpn == NULL) + flow->protos.tls_quic.negotiated_alpn = ndpi_strdup(alpn_str); - if(flow->protos.tls_quic.alpn != NULL) - tlsCheckUncommonALPN(ndpi_struct, flow); + /* Check ALPN only if not already checked (client-side) */ + if(flow->protos.tls_quic.negotiated_alpn != NULL && + flow->protos.tls_quic.advertised_alpns == NULL) + tlsCheckUncommonALPN(ndpi_struct, flow, flow->protos.tls_quic.negotiated_alpn); - ndpi_snprintf(ja3.server.alpn, sizeof(ja3.server.alpn), "%s", alpn_str); + alpn_str_len = ndpi_min(sizeof(ja3.server.alpn), (size_t)alpn_str_len); + memcpy(ja3.server.alpn, alpn_str, alpn_str_len); + if(alpn_str_len > 0) + ja3.server.alpn[alpn_str_len - 1] = '\0'; /* Replace , with - as in JA3 */ for(i=0; ja3.server.alpn[i] != '\0'; i++) @@ -2164,7 +2170,7 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, u_int16_t s_offset = offset+extension_offset; u_int16_t tot_alpn_len = ntohs(*((u_int16_t*)&packet->payload[s_offset])); char alpn_str[256]; - u_int8_t alpn_str_len = 0, i; + u_int16_t alpn_str_len = 0, i; #ifdef DEBUG_TLS printf("Client TLS [ALPN: block_len=%u/len=%u]\n", extension_len, tot_alpn_len); @@ -2202,8 +2208,10 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, #ifdef DEBUG_TLS printf("Client TLS [ALPN: %s][len: %u]\n", alpn_str, alpn_str_len); #endif - if(flow->protos.tls_quic.alpn == NULL) { - flow->protos.tls_quic.alpn = ndpi_strdup(alpn_str); + if(flow->protos.tls_quic.advertised_alpns == NULL) { + flow->protos.tls_quic.advertised_alpns = ndpi_strdup(alpn_str); + + tlsCheckUncommonALPN(ndpi_struct, flow, flow->protos.tls_quic.advertised_alpns); /* Without SNI matching we can try to sub-classify the flow via ALPN. Note that this happens only on very rare cases, not the common ones @@ -2212,7 +2220,10 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, tls_subclassify_by_alpn(ndpi_struct, flow); } - ndpi_snprintf(ja3.client.alpn, sizeof(ja3.client.alpn), "%s", alpn_str); + alpn_str_len = ndpi_min(sizeof(ja3.client.alpn), (size_t)alpn_str_len); + memcpy(ja3.client.alpn, alpn_str, alpn_str_len); + if(alpn_str_len > 0) + ja3.client.alpn[alpn_str_len - 1] = '\0'; /* Replace , with - as in JA3 */ for(i=0; ja3.client.alpn[i] != '\0'; i++) @@ -2473,7 +2484,7 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, /* Before returning to the caller we need to make a final check */ if((flow->protos.tls_quic.ssl_version >= 0x0303) /* >= TLSv1.2 */ - && (flow->protos.tls_quic.alpn == NULL) /* No ALPN */) { + && (flow->protos.tls_quic.advertised_alpns == NULL) /* No ALPN */) { ndpi_set_risk(ndpi_struct, flow, NDPI_TLS_NOT_CARRYING_HTTPS, "No ALPN"); } diff --git a/tests/result/443-curl.pcap.out b/tests/result/443-curl.pcap.out index 5db3c378b..c57133568 100644 --- a/tests/result/443-curl.pcap.out +++ b/tests/result/443-curl.pcap.out @@ -26,4 +26,4 @@ JA3 Host Stats: 1 192.168.1.13 1 - 1 TCP 192.168.1.13:55523 <-> 178.62.197.130:443 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][51 pkts/4260 bytes <-> 58 pkts/69722 bytes][Goodput ratio: 22/94][1.10 sec][Hostname/SNI: www.ntop.org][ALPN: h2;http/1.1][bytes ratio: -0.885 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/19 784/784 122/114][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 84/1202 583/1506 74/562][TLSv1.2][JA3C: 2a26b1a62e40d25d4de3babc9d532f30][ServerNames: www.ntop.org][JA3S: ae53107a2e47ea20c72ac44821a728bf][Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3][Subject: CN=www.ntop.org][Certificate SHA-1: DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F][Firefox][Validity: 2019-12-17 01:17:28 - 2020-03-16 01:17:28][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 3,13,1,1,1,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,1,0,73,0,0] + 1 TCP 192.168.1.13:55523 <-> 178.62.197.130:443 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][51 pkts/4260 bytes <-> 58 pkts/69722 bytes][Goodput ratio: 22/94][1.10 sec][Hostname/SNI: www.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.885 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/19 784/784 122/114][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 84/1202 583/1506 74/562][TLSv1.2][JA3C: 2a26b1a62e40d25d4de3babc9d532f30][ServerNames: www.ntop.org][JA3S: ae53107a2e47ea20c72ac44821a728bf][Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3][Subject: CN=www.ntop.org][Certificate SHA-1: DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F][Firefox][Validity: 2019-12-17 01:17:28 - 2020-03-16 01:17:28][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 3,13,1,1,1,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,1,0,73,0,0] diff --git a/tests/result/443-firefox.pcap.out b/tests/result/443-firefox.pcap.out index 3f041ddd5..b264137f8 100644 --- a/tests/result/443-firefox.pcap.out +++ b/tests/result/443-firefox.pcap.out @@ -26,4 +26,4 @@ JA3 Host Stats: 1 192.168.1.13 1 - 1 TCP 192.168.1.13:53096 <-> 178.62.197.130:443 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][316 pkts/28495 bytes <-> 351 pkts/429572 bytes][Goodput ratio: 27/95][8.44 sec][Hostname/SNI: www.ntop.org][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.876 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/20 4007/4045 285/250][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 90/1224 583/1506 58/472][TLSv1.2][JA3C: b20b44b18b853ef29ab773e921b03422][ServerNames: www.ntop.org][JA3S: 3653a20186a5b490426131a611e01992][Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3][Subject: CN=www.ntop.org][Certificate SHA-1: DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F][Firefox][Validity: 2019-12-17 01:17:28 - 2020-03-16 01:17:28][Cipher: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256][Plen Bins: 1,0,1,6,7,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,1,0,0,0,0,1,70,0,0] + 1 TCP 192.168.1.13:53096 <-> 178.62.197.130:443 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][316 pkts/28495 bytes <-> 351 pkts/429572 bytes][Goodput ratio: 27/95][8.44 sec][Hostname/SNI: www.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.876 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/20 4007/4045 285/250][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 90/1224 583/1506 58/472][TLSv1.2][JA3C: b20b44b18b853ef29ab773e921b03422][ServerNames: www.ntop.org][JA3S: 3653a20186a5b490426131a611e01992][Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3][Subject: CN=www.ntop.org][Certificate SHA-1: DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F][Firefox][Validity: 2019-12-17 01:17:28 - 2020-03-16 01:17:28][Cipher: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256][Plen Bins: 1,0,1,6,7,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,1,0,0,0,0,1,70,0,0] diff --git a/tests/result/443-git.pcap.out b/tests/result/443-git.pcap.out index d1b6a88c8..7c62ec957 100644 --- a/tests/result/443-git.pcap.out +++ b/tests/result/443-git.pcap.out @@ -26,4 +26,4 @@ JA3 Host Stats: 1 192.168.1.13 1 - 1 TCP 192.168.1.13:55744 <-> 140.82.114.4:443 [proto: 91.203/TLS.Github][IP: 203/Github][Encrypted][Confidence: DPI][cat: Collaborative/15][35 pkts/3167 bytes <-> 35 pkts/34022 bytes][Goodput ratio: 28/93][0.82 sec][Hostname/SNI: github.com][ALPN: http/1.1][bytes ratio: -0.830 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/15 143/143 48/43][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 90/972 583/1490 94/616][TLSv1.2][JA3C: 2a26b1a62e40d25d4de3babc9d532f30][ServerNames: github.com,www.github.com][JA3S: ae53107a2e47ea20c72ac44821a728bf][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA][Subject: C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=github.com][Certificate SHA-1: CA:06:F5:6B:25:8B:7A:0D:4F:2B:05:47:09:39:47:86:51:15:19:84][Firefox][Validity: 2018-05-08 00:00:00 - 2020-06-03 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 5,8,2,5,0,0,2,0,0,2,0,2,0,2,0,0,2,2,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,54,0,0,0] + 1 TCP 192.168.1.13:55744 <-> 140.82.114.4:443 [proto: 91.203/TLS.Github][IP: 203/Github][Encrypted][Confidence: DPI][cat: Collaborative/15][35 pkts/3167 bytes <-> 35 pkts/34022 bytes][Goodput ratio: 28/93][0.82 sec][Hostname/SNI: github.com][(Advertised) ALPNs: http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.830 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/15 143/143 48/43][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 90/972 583/1490 94/616][TLSv1.2][JA3C: 2a26b1a62e40d25d4de3babc9d532f30][ServerNames: github.com,www.github.com][JA3S: ae53107a2e47ea20c72ac44821a728bf][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA][Subject: C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=github.com][Certificate SHA-1: CA:06:F5:6B:25:8B:7A:0D:4F:2B:05:47:09:39:47:86:51:15:19:84][Firefox][Validity: 2018-05-08 00:00:00 - 2020-06-03 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 5,8,2,5,0,0,2,0,0,2,0,2,0,2,0,0,2,2,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,54,0,0,0] diff --git a/tests/result/443-safari.pcap.out b/tests/result/443-safari.pcap.out index 82756ba73..b90ec2446 100644 --- a/tests/result/443-safari.pcap.out +++ b/tests/result/443-safari.pcap.out @@ -26,4 +26,4 @@ JA3 Host Stats: 1 192.168.1.13 1 - 1 TCP 192.168.1.13:53031 <-> 178.62.197.130:443 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][21 pkts/2195 bytes <-> 20 pkts/17734 bytes][Goodput ratio: 36/93][1.10 sec][Hostname/SNI: www.ntop.org][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.780 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 51/47 695/695 167/168][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 105/887 394/1506 83/661][TLSv1.2][JA3C: a69708a64f853c3bcc214c2c5faf84f3][ServerNames: www.ntop.org][JA3S: f9fcb52580329fb6a9b61d7542087b90][Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3][Subject: CN=www.ntop.org][Certificate SHA-1: DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F][Safari][Validity: 2019-12-17 01:17:28 - 2020-03-16 01:17:28][Cipher: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256][Plen Bins: 8,21,4,4,0,0,0,4,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,4,0,0,0,0,40,0,0] + 1 TCP 192.168.1.13:53031 <-> 178.62.197.130:443 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][21 pkts/2195 bytes <-> 20 pkts/17734 bytes][Goodput ratio: 36/93][1.10 sec][Hostname/SNI: www.ntop.org][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.780 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 51/47 695/695 167/168][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 105/887 394/1506 83/661][TLSv1.2][JA3C: a69708a64f853c3bcc214c2c5faf84f3][ServerNames: www.ntop.org][JA3S: f9fcb52580329fb6a9b61d7542087b90][Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3][Subject: CN=www.ntop.org][Certificate SHA-1: DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F][Safari][Validity: 2019-12-17 01:17:28 - 2020-03-16 01:17:28][Cipher: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256][Plen Bins: 8,21,4,4,0,0,0,4,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,4,0,0,0,0,40,0,0] diff --git a/tests/result/4in6tunnel.pcap.out b/tests/result/4in6tunnel.pcap.out index 2df54e92b..09b2a9a70 100644 --- a/tests/result/4in6tunnel.pcap.out +++ b/tests/result/4in6tunnel.pcap.out @@ -14,7 +14,7 @@ Automa host: 1/1 (search/found) Automa domain: 1/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) -Automa common alpns: 0/0 (search/found) +Automa common alpns: 2/2 (search/found) Patricia risk mask: 2/0 (search/found) Patricia risk: 0/0 (search/found) Patricia protocols: 2/0 (search/found) @@ -26,4 +26,4 @@ JA3 Host Stats: 1 192.168.0.1 1 - 1 TCP 192.168.0.1:64455 <-> 10.10.10.1:443 [proto: 91.212/TLS.Microsoft][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/520 bytes <-> 2 pkts/1668 bytes][Goodput ratio: 43/82][< 1 sec][Hostname/SNI: www.bing.com][ALPN: h2;http/1.1][TLSv1.2][JA3C: 9e10692f1b7f78228b2d4e424db3a98c][Firefox][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0] + 1 TCP 192.168.0.1:64455 <-> 10.10.10.1:443 [proto: 91.212/TLS.Microsoft][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/520 bytes <-> 2 pkts/1668 bytes][Goodput ratio: 43/82][< 1 sec][Hostname/SNI: www.bing.com][(Advertised) ALPNs: h2;http/1.1][TLSv1.2][JA3C: 9e10692f1b7f78228b2d4e424db3a98c][Firefox][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0] diff --git a/tests/result/6in4tunnel.pcap.out b/tests/result/6in4tunnel.pcap.out index 326bc761f..e32b912bb 100644 --- a/tests/result/6in4tunnel.pcap.out +++ b/tests/result/6in4tunnel.pcap.out @@ -16,7 +16,7 @@ Automa host: 9/5 (search/found) Automa domain: 9/0 (search/found) Automa tls cert: 1/0 (search/found) Automa risk mask: 1/0 (search/found) -Automa common alpns: 0/0 (search/found) +Automa common alpns: 4/4 (search/found) Patricia risk mask: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia protocols: 0/0 (search/found) @@ -33,7 +33,7 @@ JA3 Host Stats: 1 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:60205 <-> [2604:a880:1:20::224:b001]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][14 pkts/2312 bytes <-> 14 pkts/13085 bytes][Goodput ratio: 35/89][0.60 sec][Hostname/SNI: mail.tomasu.net][bytes ratio: -0.700 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 53/36 142/142 57/55][Pkt Len c2s/s2c min/avg/max/stddev: 106/106 165/935 629/1847 139/680][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: 812d8bce0f85487ba7834d36568ed586][ServerNames: mail.tomasu.net,www.mail.tomasu.net][JA3S: 389ed42c02ebecc32e73aa31def07e14][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA][Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=mail.tomasu.net][Certificate SHA-1: 9C:00:A2:31:8F:66:C6:E2:D8:E8:1E:6F:52:49:AD:15:0A:8B:7C:68][Firefox][Validity: 2014-01-29 00:00:00 - 2019-01-28 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 7,7,0,7,0,7,0,0,7,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,7,0,0,0,35,0,0,7] - 2 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:53234 <-> [2a03:2880:1010:6f03:face:b00c::2]:443 [proto: 91.119/TLS.Facebook][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][18 pkts/6894 bytes <-> 15 pkts/7032 bytes][Goodput ratio: 72/77][0.53 sec][Hostname/SNI: www.facebook.com][ALPN: spdy/3.1;h2-14;h2;http/1.1][bytes ratio: -0.010 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/23 98/97 33/36][Pkt Len c2s/s2c min/avg/max/stddev: 106/106 383/469 1504/1911 467/576][TLSv1.2][JA3C: eb7cdd4e7dea7a11b3016c3c9acbd2a3][ServerNames: *.facebook.com,facebook.com,*.xz.fbcdn.net,messenger.com,fb.com,*.m.facebook.com,*.fbsbx.com,*.xy.fbcdn.net,*.messenger.com,*.fb.com,*.fbcdn.net,*.xx.fbcdn.net,*.facebook.net][JA3S: 6806b8fe92d7d465715d771eb102ff04][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3][Subject: C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com][Certificate SHA-1: 93:C6:FD:1A:84:90:BB:F1:B2:3B:49:A0:9B:1F:6F:0B:46:7A:31:41][Validity: 2014-08-28 00:00:00 - 2015-12-31 12:00:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 5,32,5,0,0,5,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,5,5,0,0,0,0,0,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,15,0,0,0,5] + 2 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:53234 <-> [2a03:2880:1010:6f03:face:b00c::2]:443 [proto: 91.119/TLS.Facebook][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][18 pkts/6894 bytes <-> 15 pkts/7032 bytes][Goodput ratio: 72/77][0.53 sec][Hostname/SNI: www.facebook.com][(Advertised) ALPNs: spdy/3.1;h2-14;h2;http/1.1][bytes ratio: -0.010 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/23 98/97 33/36][Pkt Len c2s/s2c min/avg/max/stddev: 106/106 383/469 1504/1911 467/576][TLSv1.2][JA3C: eb7cdd4e7dea7a11b3016c3c9acbd2a3][ServerNames: *.facebook.com,facebook.com,*.xz.fbcdn.net,messenger.com,fb.com,*.m.facebook.com,*.fbsbx.com,*.xy.fbcdn.net,*.messenger.com,*.fb.com,*.fbcdn.net,*.xx.fbcdn.net,*.facebook.net][JA3S: 6806b8fe92d7d465715d771eb102ff04][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3][Subject: C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com][Certificate SHA-1: 93:C6:FD:1A:84:90:BB:F1:B2:3B:49:A0:9B:1F:6F:0B:46:7A:31:41][Validity: 2014-08-28 00:00:00 - 2015-12-31 12:00:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 5,32,5,0,0,5,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,5,5,0,0,0,0,0,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,15,0,0,0,5] 3 ICMPV6 [2001:470:1f17:13f:3e97:eff:fe73:4dec]:0 <-> [2604:a880:1:20::224:b001]:0 [proto: 102/ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][23 pkts/3174 bytes <-> 23 pkts/3174 bytes][Goodput ratio: 41/41][22.14 sec][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1000/992 1001/1001 1001/1012 0/4][Pkt Len c2s/s2c min/avg/max/stddev: 138/138 138/138 138/138 0/0][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 4 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:41538 <-> [2604:a880:1:20::224:b001]:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][6 pkts/786 bytes <-> 4 pkts/1006 bytes][Goodput ratio: 18/57][0.82 sec][Hostname/SNI: mail.tomasu.net][bytes ratio: -0.123 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/2 164/56 495/110 171/54][Pkt Len c2s/s2c min/avg/max/stddev: 106/106 131/252 248/680 52/247][URL: mail.tomasu.net/][StatusCode: 301][Content-Type: text/html][User-Agent: Wget/1.16.3 (linux-gnu)][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 5 ICMPV6 [2a03:2880:1010:6f03:face:b00c::2]:0 -> [2001:470:1f17:13f:3e97:eff:fe73:4dec]:0 [proto: 102/ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/1314 bytes -> 0 pkts/0 bytes][Goodput ratio: 94/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][PLAIN TEXT (ds 0/u6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/alexa-app.pcapng.out b/tests/result/alexa-app.pcapng.out index cad599123..51c9de03d 100644 --- a/tests/result/alexa-app.pcapng.out +++ b/tests/result/alexa-app.pcapng.out @@ -17,7 +17,7 @@ Automa host: 166/166 (search/found) Automa domain: 166/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 82/0 (search/found) -Automa common alpns: 48/48 (search/found) +Automa common alpns: 150/150 (search/found) Patricia risk mask: 356/0 (search/found) Patricia risk: 2/0 (search/found) Patricia protocols: 238/122 (search/found) @@ -41,99 +41,99 @@ JA3 Host Stats: 1 172.16.42.216 8 - 1 TCP 172.16.42.216:41913 <-> 52.84.62.115:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][174 pkts/22371 bytes <-> 176 pkts/251141 bytes][Goodput ratio: 41/95][2.06 sec][Hostname/SNI: images-na.ssl-images-amazon.com][ALPN: h2;http/1.1][bytes ratio: -0.836 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/2 843/74 74/9][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 129/1427 1356/1514 247/317][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com][Certificate SHA-1: 39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52][Validity: 2016-09-23 00:00:00 - 2017-10-26 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,95,0,0] - 2 TCP 172.16.42.216:54411 <-> 52.85.209.216:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][40 pkts/9869 bytes <-> 38 pkts/36764 bytes][Goodput ratio: 73/93][4.46 sec][Hostname/SNI: www.amazon.com][ALPN: h2;http/1.1][bytes ratio: -0.577 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 89/33 1629/317 305/68][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 247/967 1514/1514 433/642][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com][Certificate SHA-1: EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E][Validity: 2016-10-31 00:00:00 - 2017-12-31 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,2,0,2,0,0,2,2,0,0,0,2,2,0,0,0,0,0,0,0,0,0,2,2,0,0,0,0,0,0,0,0,8,2,0,2,0,0,0,0,0,0,0,0,0,69,0,0] - 3 TCP 172.16.42.216:41828 <-> 52.85.209.143:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][31 pkts/13163 bytes <-> 34 pkts/25939 bytes][Goodput ratio: 84/91][3.25 sec][Hostname/SNI: www.amazon.com][ALPN: h2;http/1.1][bytes ratio: -0.327 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 111/38 1832/535 365/102][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 425/763 1514/1514 587/629][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com][Certificate SHA-1: EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E][Validity: 2016-10-31 00:00:00 - 2017-12-31 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 2,2,2,8,0,0,2,2,2,0,2,0,0,2,0,0,2,0,0,2,0,2,5,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,53,0,0] - 4 TCP 172.16.42.216:40856 <-> 54.239.29.253:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][47 pkts/4785 bytes <-> 51 pkts/31984 bytes][Goodput ratio: 47/91][2.59 sec][Hostname/SNI: skills-store.amazon.com][ALPN: h2;http/1.1][bytes ratio: -0.740 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 65/13 1811/246 293/44][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 102/627 1514/1514 218/316][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: skills-store.amazon.com][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=skills-store.amazon.com][Certificate SHA-1: 2A:40:0E:E9:9A:EC:7C:0D:40:AA:C9:C5:66:67:00:B8:3E:90:DC:B2][Validity: 2016-05-14 00:00:00 - 2017-05-15 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,3,0,0,0,0,1,1,0,0,1,0,0,1,0,0,0,80,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,7,0,0] + 1 TCP 172.16.42.216:41913 <-> 52.84.62.115:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][174 pkts/22371 bytes <-> 176 pkts/251141 bytes][Goodput ratio: 41/95][2.06 sec][Hostname/SNI: images-na.ssl-images-amazon.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.836 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/2 843/74 74/9][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 129/1427 1356/1514 247/317][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com][Certificate SHA-1: 39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52][Validity: 2016-09-23 00:00:00 - 2017-10-26 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,95,0,0] + 2 TCP 172.16.42.216:54411 <-> 52.85.209.216:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][40 pkts/9869 bytes <-> 38 pkts/36764 bytes][Goodput ratio: 73/93][4.46 sec][Hostname/SNI: www.amazon.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.577 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 89/33 1629/317 305/68][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 247/967 1514/1514 433/642][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com][Certificate SHA-1: EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E][Validity: 2016-10-31 00:00:00 - 2017-12-31 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,2,0,2,0,0,2,2,0,0,0,2,2,0,0,0,0,0,0,0,0,0,2,2,0,0,0,0,0,0,0,0,8,2,0,2,0,0,0,0,0,0,0,0,0,69,0,0] + 3 TCP 172.16.42.216:41828 <-> 52.85.209.143:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][31 pkts/13163 bytes <-> 34 pkts/25939 bytes][Goodput ratio: 84/91][3.25 sec][Hostname/SNI: www.amazon.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.327 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 111/38 1832/535 365/102][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 425/763 1514/1514 587/629][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com][Certificate SHA-1: EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E][Validity: 2016-10-31 00:00:00 - 2017-12-31 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 2,2,2,8,0,0,2,2,2,0,2,0,0,2,0,0,2,0,0,2,0,2,5,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,53,0,0] + 4 TCP 172.16.42.216:40856 <-> 54.239.29.253:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][47 pkts/4785 bytes <-> 51 pkts/31984 bytes][Goodput ratio: 47/91][2.59 sec][Hostname/SNI: skills-store.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.740 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 65/13 1811/246 293/44][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 102/627 1514/1514 218/316][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: skills-store.amazon.com][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=skills-store.amazon.com][Certificate SHA-1: 2A:40:0E:E9:9A:EC:7C:0D:40:AA:C9:C5:66:67:00:B8:3E:90:DC:B2][Validity: 2016-05-14 00:00:00 - 2017-05-15 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,3,0,0,0,0,1,1,0,0,1,0,0,1,0,0,0,80,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,7,0,0] 5 TCP 172.16.42.216:51986 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][IP: 265/AmazonAWS][ClearText][Confidence: DPI][cat: Web/5][31 pkts/3707 bytes <-> 28 pkts/31731 bytes][Goodput ratio: 44/94][1.26 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.791 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/21 364/286 86/68][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 120/1133 613/1514 162/585][URL: ecx.images-amazon.com/images/I/81diFQyVjHL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][PLAIN TEXT (GET /images/I/81diF)][Plen Bins: 3,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,3,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,3,68,0,0] 6 TCP 172.16.42.216:51995 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][IP: 265/AmazonAWS][ClearText][Confidence: DPI][cat: Web/5][22 pkts/2590 bytes <-> 25 pkts/31047 bytes][Goodput ratio: 42/95][1.13 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.846 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 54/42 536/536 126/120][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 118/1242 613/1514 157/474][URL: ecx.images-amazon.com/images/I/5100jxqrQhL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][PLAIN TEXT (GET /images/I/5100j)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,8,0,0,0,4,0,0,0,0,67,0,0] 7 TCP 172.16.42.216:51992 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][IP: 265/AmazonAWS][ClearText][Confidence: DPI][cat: Web/5][27 pkts/3443 bytes <-> 24 pkts/29237 bytes][Goodput ratio: 48/95][1.13 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.789 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 36/6 368/110 98/25][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 128/1218 613/1514 172/546][URL: ecx.images-amazon.com/images/I/71nqwmwmRlL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][PLAIN TEXT (GET /images/I/71nqwmwmRlL.)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,74,0,0] 8 TCP 172.16.42.216:41691 <-> 54.239.29.146:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][28 pkts/5292 bytes <-> 28 pkts/24601 bytes][Goodput ratio: 71/94][100.86 sec][Hostname/SNI: api.amazon.com][bytes ratio: -0.646 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 37/78 293/443 72/134][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 189/879 1514/1514 381/687][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: bdf21e38e1f69776df407235625e75e2][ServerNames: api.amazon.com,wsync.us-east-1.amazon.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=api.amazon.com][Certificate SHA-1: 1D:A3:CD:C3:06:9E:9B:A0:61:1E:1A:75:55:C1:A8:B0:DC:F8:75:2D][Firefox][Validity: 2016-09-05 00:00:00 - 2017-09-23 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,3,0,3,0,15,3,0,0,0,0,0,3,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,68,0,0] 9 TCP 172.16.42.216:38483 <-> 52.85.209.143:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][32 pkts/3796 bytes <-> 30 pkts/25146 bytes][Goodput ratio: 44/92][0.66 sec][bytes ratio: -0.738 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/19 227/241 45/48][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 119/838 732/1514 163/608][Risk: ** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 60][Risk Info: No ALPN][TLSv1.2][JA3C: 36e9ceaa96dd810482573844f78a063f][ServerNames: amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com][Certificate SHA-1: EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E][Firefox][Validity: 2016-10-31 00:00:00 - 2017-12-31 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,12,3,6,0,0,6,0,0,0,0,3,3,0,0,3,0,3,0,0,6,3,0,3,0,0,3,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0] - 10 TCP 172.16.42.216:34034 <-> 54.239.24.186:443 [proto: 91.265/TLS.AmazonAWS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Cloud/13][24 pkts/22786 bytes <-> 19 pkts/2185 bytes][Goodput ratio: 94/49][1.87 sec][Hostname/SNI: mobileanalytics.us-east-1.amazonaws.com][ALPN: h2;http/1.1][bytes ratio: 0.825 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 65/76 511/512 132/142][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 949/115 1514/564 678/140][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 4,4,0,0,4,0,0,0,4,0,0,0,4,0,0,4,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,65,0,0] - 11 TCP 172.16.42.216:45703 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][32 pkts/18086 bytes <-> 24 pkts/6391 bytes][Goodput ratio: 90/78][13.18 sec][Hostname/SNI: pitangui.amazon.com][ALPN: h2;http/1.1][bytes ratio: 0.478 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 478/297 3544/1485 870/399][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 565/266 1514/731 644/259][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,6,3,0,6,9,6,3,3,0,0,0,0,0,0,12,6,3,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0] - 12 TCP 172.16.42.216:45710 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][26 pkts/13063 bytes <-> 23 pkts/8561 bytes][Goodput ratio: 89/85][10.20 sec][Hostname/SNI: pitangui.amazon.com][ALPN: h2;http/1.1][bytes ratio: 0.208 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 464/535 3346/6303 892/1474][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 502/372 1514/1514 619/511][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 3,7,3,3,7,3,3,11,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,41,0,0] - 13 TCP 172.16.42.216:54434 <-> 52.85.209.216:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][18 pkts/9106 bytes <-> 15 pkts/10708 bytes][Goodput ratio: 86/91][3.73 sec][Hostname/SNI: www.amazon.com][ALPN: h2;http/1.1][bytes ratio: -0.081 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/241 96/1116 31/336][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 506/714 1514/1514 633/678][TLSv1.2][JA3C: 5ee142340adf02ded757447e2ff78986][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,6,6,0,6,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,6,57,0,0] - 14 TCP 172.16.42.216:41914 <-> 52.84.62.115:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][20 pkts/6834 bytes <-> 15 pkts/11310 bytes][Goodput ratio: 80/91][0.96 sec][Hostname/SNI: images-na.ssl-images-amazon.com][ALPN: h2;http/1.1][bytes ratio: -0.247 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 51/50 222/242 77/88][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 342/754 1351/1514 506/588][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com][Certificate SHA-1: 39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52][Validity: 2016-09-23 00:00:00 - 2017-10-26 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,10,0,5,0,0,5,0,10,0,0,0,0,0,10,0,0,0,0,0,0,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,5,15,0,0,0,0,27,0,0] + 10 TCP 172.16.42.216:34034 <-> 54.239.24.186:443 [proto: 91.265/TLS.AmazonAWS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Cloud/13][24 pkts/22786 bytes <-> 19 pkts/2185 bytes][Goodput ratio: 94/49][1.87 sec][Hostname/SNI: mobileanalytics.us-east-1.amazonaws.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: 0.825 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 65/76 511/512 132/142][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 949/115 1514/564 678/140][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 4,4,0,0,4,0,0,0,4,0,0,0,4,0,0,4,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,65,0,0] + 11 TCP 172.16.42.216:45703 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][32 pkts/18086 bytes <-> 24 pkts/6391 bytes][Goodput ratio: 90/78][13.18 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.478 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 478/297 3544/1485 870/399][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 565/266 1514/731 644/259][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,6,3,0,6,9,6,3,3,0,0,0,0,0,0,12,6,3,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0] + 12 TCP 172.16.42.216:45710 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][26 pkts/13063 bytes <-> 23 pkts/8561 bytes][Goodput ratio: 89/85][10.20 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.208 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 464/535 3346/6303 892/1474][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 502/372 1514/1514 619/511][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 3,7,3,3,7,3,3,11,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,41,0,0] + 13 TCP 172.16.42.216:54434 <-> 52.85.209.216:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][18 pkts/9106 bytes <-> 15 pkts/10708 bytes][Goodput ratio: 86/91][3.73 sec][Hostname/SNI: www.amazon.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.081 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/241 96/1116 31/336][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 506/714 1514/1514 633/678][TLSv1.2][JA3C: 5ee142340adf02ded757447e2ff78986][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,6,6,0,6,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,6,57,0,0] + 14 TCP 172.16.42.216:41914 <-> 52.84.62.115:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][20 pkts/6834 bytes <-> 15 pkts/11310 bytes][Goodput ratio: 80/91][0.96 sec][Hostname/SNI: images-na.ssl-images-amazon.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.247 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 51/50 222/242 77/88][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 342/754 1351/1514 506/588][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com][Certificate SHA-1: 39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52][Validity: 2016-09-23 00:00:00 - 2017-10-26 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,10,0,5,0,0,5,0,10,0,0,0,0,0,10,0,0,0,0,0,0,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,5,15,0,0,0,0,27,0,0] 15 TCP 172.16.42.216:51997 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][IP: 265/AmazonAWS][ClearText][Confidence: DPI][cat: Web/5][16 pkts/1611 bytes <-> 14 pkts/16206 bytes][Goodput ratio: 34/94][1.14 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.819 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 68/24 628/205 165/61][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 101/1158 613/1514 132/593][URL: ecx.images-amazon.com/images/I/61Tfp7ZVcoL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][PLAIN TEXT (GET /images/I/61Tfp)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,83,0,0] 16 TCP 172.16.42.216:51989 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][IP: 265/AmazonAWS][ClearText][Confidence: DPI][cat: Web/5][17 pkts/2771 bytes <-> 14 pkts/14992 bytes][Goodput ratio: 59/94][1.36 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.688 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 71/69 377/743 125/213][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 163/1071 613/1514 208/642][URL: ecx.images-amazon.com/images/I/71pwMKDRQIL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][PLAIN TEXT (zTGET /images/I/71pwMKDRQIL.)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,69,0,0] - 17 TCP 172.16.42.216:44912 <-> 54.239.23.94:443 [proto: 91.265/TLS.AmazonAWS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Cloud/13][19 pkts/11483 bytes <-> 14 pkts/5858 bytes][Goodput ratio: 91/86][10.46 sec][Hostname/SNI: mobileanalytics.us-east-1.amazonaws.com][ALPN: h2;http/1.1][bytes ratio: 0.324 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 552/875 3665/7470 1005/2334][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 604/418 1514/1514 650/593][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: mobileanalytics.us-east-1.amazonaws.com][JA3S: 159d46e54a2c066ef95e656fdf034e1d][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=mobileanalytics.us-east-1.amazonaws.com][Certificate SHA-1: 87:AD:E9:2D:E8:42:F0:5C:3A:09:13:00:12:93:59:04:84:C3:E2:2D][Validity: 2016-05-31 00:00:00 - 2017-06-26 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,6,0,6,0,0,0,6,0,0,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,41,0,27,0,0] + 17 TCP 172.16.42.216:44912 <-> 54.239.23.94:443 [proto: 91.265/TLS.AmazonAWS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Cloud/13][19 pkts/11483 bytes <-> 14 pkts/5858 bytes][Goodput ratio: 91/86][10.46 sec][Hostname/SNI: mobileanalytics.us-east-1.amazonaws.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: 0.324 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 552/875 3665/7470 1005/2334][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 604/418 1514/1514 650/593][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: mobileanalytics.us-east-1.amazonaws.com][JA3S: 159d46e54a2c066ef95e656fdf034e1d][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=mobileanalytics.us-east-1.amazonaws.com][Certificate SHA-1: 87:AD:E9:2D:E8:42:F0:5C:3A:09:13:00:12:93:59:04:84:C3:E2:2D][Validity: 2016-05-31 00:00:00 - 2017-06-26 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,6,0,6,0,0,0,6,0,0,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,41,0,27,0,0] 18 TCP 172.16.42.216:51990 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][IP: 265/AmazonAWS][ClearText][Confidence: DPI][cat: Web/5][15 pkts/1557 bytes <-> 13 pkts/15104 bytes][Goodput ratio: 35/94][1.25 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.813 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 88/21 682/138 190/45][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 104/1162 613/1514 136/600][URL: ecx.images-amazon.com/images/I/612xlaOI2NL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][PLAIN TEXT (tyGET /images/I/612)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,72,0,0] 19 TCP 172.16.42.216:51988 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][IP: 265/AmazonAWS][ClearText][Confidence: DPI][cat: Web/5][15 pkts/1557 bytes <-> 13 pkts/14454 bytes][Goodput ratio: 35/94][1.26 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.806 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 77/27 681/154 186/53][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 104/1112 613/1514 136/592][URL: ecx.images-amazon.com/images/I/61oBTb+jZvL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][PLAIN TEXT (GET /images/I/61oBTb)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,72,0,0] - 20 TCP 172.16.42.216:40871 <-> 54.239.29.253:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][20 pkts/7766 bytes <-> 21 pkts/8198 bytes][Goodput ratio: 86/86][3.82 sec][Hostname/SNI: skills-store.amazon.com][ALPN: h2;http/1.1][bytes ratio: -0.027 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 182/130 1403/1107 358/296][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 388/390 1514/1514 570/458][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,18,9,4,0,0,0,9,4,0,0,0,4,0,0,0,0,13,0,0,0,4,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0] - 21 TCP 172.16.42.216:41912 <-> 52.84.62.115:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][16 pkts/3960 bytes <-> 14 pkts/11986 bytes][Goodput ratio: 73/92][0.96 sec][Hostname/SNI: images-na.ssl-images-amazon.com][ALPN: h2;http/1.1][bytes ratio: -0.503 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 71/14 669/71 174/23][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 248/856 1340/1514 415/644][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com][Certificate SHA-1: 39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52][Validity: 2016-09-23 00:00:00 - 2017-10-26 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,6,0,18,0,0,6,0,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,12,0,0,0,0,0,38,0,0] + 20 TCP 172.16.42.216:40871 <-> 54.239.29.253:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][20 pkts/7766 bytes <-> 21 pkts/8198 bytes][Goodput ratio: 86/86][3.82 sec][Hostname/SNI: skills-store.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.027 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 182/130 1403/1107 358/296][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 388/390 1514/1514 570/458][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,18,9,4,0,0,0,9,4,0,0,0,4,0,0,0,0,13,0,0,0,4,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0] + 21 TCP 172.16.42.216:41912 <-> 52.84.62.115:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][16 pkts/3960 bytes <-> 14 pkts/11986 bytes][Goodput ratio: 73/92][0.96 sec][Hostname/SNI: images-na.ssl-images-amazon.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.503 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 71/14 669/71 174/23][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 248/856 1340/1514 415/644][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com][Certificate SHA-1: 39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52][Validity: 2016-09-23 00:00:00 - 2017-10-26 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,6,0,18,0,0,6,0,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,12,0,0,0,0,0,38,0,0] 22 TCP 172.16.42.216:51985 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][IP: 265/AmazonAWS][ClearText][Confidence: DPI][cat: Web/5][16 pkts/1623 bytes <-> 14 pkts/14282 bytes][Goodput ratio: 34/93][1.26 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.796 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 84/45 682/281 185/91][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 101/1020 613/1514 132/664][URL: ecx.images-amazon.com/images/I/51woiL9kgkL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][PLAIN TEXT (GET /images/I/51woiL9)][Plen Bins: 0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,75,0,0] 23 TCP 172.16.42.216:51996 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][IP: 265/AmazonAWS][ClearText][Confidence: DPI][cat: Web/5][15 pkts/1545 bytes <-> 13 pkts/14178 bytes][Goodput ratio: 35/94][1.13 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.803 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 75/22 764/207 210/62][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103/1091 613/1514 136/639][URL: ecx.images-amazon.com/images/I/81Ni5COup-L._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][PLAIN TEXT (GET /images/I/81Ni5)][Plen Bins: 0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,81,0,0] 24 TCP 172.16.42.216:53682 <-> 54.239.22.185:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][16 pkts/10167 bytes <-> 13 pkts/5328 bytes][Goodput ratio: 91/86][163.85 sec][Hostname/SNI: firs-ta-g7g.amazon.com][bytes ratio: 0.312 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 12603/417 159135/3907 42305/1164][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 635/410 1514/1514 644/520][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: bdf21e38e1f69776df407235625e75e2][ServerNames: firs-ta-g7g.amazon.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=firs-ta-g7g.amazon.com][Certificate SHA-1: A0:32:45:00:21:A0:00:56:62:BA:FE:E7:68:81:40:5F:68:7E:A6:86][Firefox][Validity: 2016-11-25 00:00:00 - 2017-12-31 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,6,0,6,0,0,0,6,0,0,0,0,6,0,0,0,0,0,13,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,47,0,0] - 25 TCP 172.16.42.216:45712 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][24 pkts/11240 bytes <-> 18 pkts/3909 bytes][Goodput ratio: 88/73][5.97 sec][Hostname/SNI: pitangui.amazon.com][ALPN: h2;http/1.1][bytes ratio: 0.484 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 271/206 1239/905 390/325][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 468/217 1514/715 608/241][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,10,5,5,0,10,10,5,0,0,0,0,0,0,5,5,5,0,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0] - 26 TCP 172.16.42.216:40854 <-> 54.239.29.253:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][21 pkts/6285 bytes <-> 16 pkts/8842 bytes][Goodput ratio: 82/90][2.68 sec][Hostname/SNI: skills-store.amazon.com][ALPN: h2;http/1.1][bytes ratio: -0.169 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 146/106 1158/932 299/253][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 299/553 1514/1514 504/512][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: skills-store.amazon.com][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=skills-store.amazon.com][Certificate SHA-1: 2A:40:0E:E9:9A:EC:7C:0D:40:AA:C9:C5:66:67:00:B8:3E:90:DC:B2][Validity: 2016-05-14 00:00:00 - 2017-05-15 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,11,0,0,0,0,11,0,0,0,5,0,0,0,0,0,0,30,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,5,0,0,0,0,0,5,24,0,0] + 25 TCP 172.16.42.216:45712 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][24 pkts/11240 bytes <-> 18 pkts/3909 bytes][Goodput ratio: 88/73][5.97 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.484 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 271/206 1239/905 390/325][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 468/217 1514/715 608/241][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,10,5,5,0,10,10,5,0,0,0,0,0,0,5,5,5,0,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0] + 26 TCP 172.16.42.216:40854 <-> 54.239.29.253:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][21 pkts/6285 bytes <-> 16 pkts/8842 bytes][Goodput ratio: 82/90][2.68 sec][Hostname/SNI: skills-store.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.169 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 146/106 1158/932 299/253][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 299/553 1514/1514 504/512][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: skills-store.amazon.com][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=skills-store.amazon.com][Certificate SHA-1: 2A:40:0E:E9:9A:EC:7C:0D:40:AA:C9:C5:66:67:00:B8:3E:90:DC:B2][Validity: 2016-05-14 00:00:00 - 2017-05-15 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,11,0,0,0,0,11,0,0,0,5,0,0,0,0,0,0,30,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,5,0,0,0,0,0,5,24,0,0] 27 TCP 172.16.42.216:55242 <-> 52.85.209.197:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][18 pkts/6706 bytes <-> 20 pkts/8204 bytes][Goodput ratio: 82/84][123.38 sec][Hostname/SNI: www.amazon.com][bytes ratio: -0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 87/100 290/445 108/155][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 373/410 1514/1514 532/546][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: bdf21e38e1f69776df407235625e75e2][ServerNames: amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com][JA3S: 389ed42c02ebecc32e73aa31def07e14][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com][Certificate SHA-1: EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E][Firefox][Validity: 2016-10-31 00:00:00 - 2017-12-31 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 15,15,0,5,0,0,5,10,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,5,0,0,10,0,0,21,0,0] - 28 TCP 172.16.42.216:50799 <-> 54.239.28.178:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][20 pkts/9329 bytes <-> 17 pkts/5540 bytes][Goodput ratio: 88/82][10.48 sec][Hostname/SNI: pitangui.amazon.com][ALPN: h2;http/1.1][bytes ratio: 0.255 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 636/760 7767/8001 1851/2099][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 466/326 1514/1514 612/473][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com][Certificate SHA-1: 13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24][Validity: 2017-01-12 00:00:00 - 2018-01-13 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,18,0,0,5,0,5,5,0,0,11,0,0,0,0,0,5,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,43,0,0] + 28 TCP 172.16.42.216:50799 <-> 54.239.28.178:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][20 pkts/9329 bytes <-> 17 pkts/5540 bytes][Goodput ratio: 88/82][10.48 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.255 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 636/760 7767/8001 1851/2099][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 466/326 1514/1514 612/473][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com][Certificate SHA-1: 13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24][Validity: 2017-01-12 00:00:00 - 2018-01-13 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,18,0,0,5,0,5,5,0,0,11,0,0,0,0,0,5,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,43,0,0] 29 TCP 172.16.42.216:51993 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][IP: 265/AmazonAWS][ClearText][Confidence: DPI][cat: Web/5][14 pkts/1479 bytes <-> 12 pkts/13075 bytes][Goodput ratio: 37/94][1.13 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.797 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 102/23 765/207 218/65][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 106/1090 613/1514 141/624][URL: ecx.images-amazon.com/images/I/61SZU-lPFNL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][PLAIN TEXT (GET /images/I/61S)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,80,0,0] 30 TCP 172.16.42.216:51987 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][IP: 265/AmazonAWS][ClearText][Confidence: DPI][cat: Web/5][14 pkts/1491 bytes <-> 12 pkts/12826 bytes][Goodput ratio: 37/94][1.26 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.792 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 96/22 682/154 199/50][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 106/1069 613/1514 141/605][URL: ecx.images-amazon.com/images/I/71GcCNTb6kL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][PLAIN TEXT (GET /images/I/71GcCNTb6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,70,0,0] - 31 TCP 172.16.42.216:34069 <-> 54.239.24.186:443 [proto: 91.265/TLS.AmazonAWS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Cloud/13][16 pkts/12799 bytes <-> 14 pkts/1381 bytes][Goodput ratio: 93/40][4.36 sec][Hostname/SNI: mobileanalytics.us-east-1.amazonaws.com][ALPN: h2;http/1.1][bytes ratio: 0.805 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 256/126 2464/986 644/293][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 800/99 1514/449 707/105][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,8,0,0,8,0,0,0,8,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,59,0,0] - 32 TCP 172.16.42.216:45711 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][22 pkts/11642 bytes <-> 11 pkts/2484 bytes][Goodput ratio: 89/74][21.11 sec][Hostname/SNI: pitangui.amazon.com][ALPN: h2;http/1.1][bytes ratio: 0.648 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/64 1023/2459 6019/9247 1749/3564][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 529/226 1514/955 611/323][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,12,6,0,0,6,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,6,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,31,0,0] - 33 TCP 172.16.42.216:42130 <-> 72.21.206.135:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][18 pkts/6237 bytes <-> 14 pkts/6594 bytes][Goodput ratio: 84/88][2.59 sec][Hostname/SNI: fls-na.amazon.com][ALPN: h2;http/1.1][bytes ratio: -0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 164/169 783/785 225/244][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 346/471 1514/1514 494/576][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx][JA3S: 159d46e54a2c066ef95e656fdf034e1d][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com][Certificate SHA-1: 2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A][Validity: 2017-01-07 00:00:00 - 2018-01-30 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,6,0,6,0,0,20,0,0,6,0,0,0,13,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,34,0,0] - 34 TCP 172.16.42.216:37551 <-> 54.239.24.180:443 [proto: 91.265/TLS.AmazonAWS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Cloud/13][17 pkts/10780 bytes <-> 14 pkts/1770 bytes][Goodput ratio: 91/53][5.05 sec][Hostname/SNI: mobileanalytics.us-east-1.amazonaws.com][ALPN: h2;http/1.1][bytes ratio: 0.718 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 330/332 1326/1927 449/591][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 634/126 1514/449 657/137][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,7,0,0,7,0,0,7,21,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,42,0,0] - 35 TCP 172.16.42.216:47605 <-> 72.21.206.121:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][14 pkts/6459 bytes <-> 10 pkts/5934 bytes][Goodput ratio: 88/90][1.23 sec][Hostname/SNI: fls-na.amazon.com][ALPN: h2;http/1.1][bytes ratio: 0.042 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 99/73 444/289 147/105][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 461/593 1514/1514 580/631][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx][JA3S: 159d46e54a2c066ef95e656fdf034e1d][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com][Certificate SHA-1: 2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A][Validity: 2017-01-07 00:00:00 - 2018-01-30 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,7,0,7,0,0,15,0,0,7,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,40,0,0] - 36 TCP 172.16.42.216:45661 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][18 pkts/5853 bytes <-> 14 pkts/6315 bytes][Goodput ratio: 83/87][2.50 sec][Hostname/SNI: pitangui.amazon.com][ALPN: h2;http/1.1][bytes ratio: -0.038 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 168/40 1015/176 274/60][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 325/451 1168/1514 442/528][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com][Certificate SHA-1: 13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24][Validity: 2017-01-12 00:00:00 - 2018-01-13 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,7,0,0,0,0,7,0,0,0,15,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,7,0,7,0,0,0,0,24,7,0,0,0,0,0,0,0,0,0,0,15,0,0] - 37 TCP 172.16.42.216:45715 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][18 pkts/10366 bytes <-> 11 pkts/1730 bytes][Goodput ratio: 90/63][22.60 sec][Hostname/SNI: pitangui.amazon.com][ALPN: h2;http/1.1][bytes ratio: 0.714 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1160/2749 10810/15911 2672/5468][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 576/157 1514/555 667/178][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,14,7,7,0,0,7,7,0,0,0,0,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,42,0,0] - 38 TCP 172.16.42.216:42129 <-> 72.21.206.135:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][16 pkts/5899 bytes <-> 13 pkts/6114 bytes][Goodput ratio: 85/88][2.59 sec][Hostname/SNI: fls-na.amazon.com][ALPN: h2;http/1.1][bytes ratio: -0.018 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 177/19 1347/104 365/37][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 369/470 1514/1514 557/597][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx][JA3S: 159d46e54a2c066ef95e656fdf034e1d][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com][Certificate SHA-1: 2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A][Validity: 2017-01-07 00:00:00 - 2018-01-30 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,8,0,8,0,0,8,0,0,16,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,51,0,0] - 39 TCP 172.16.42.216:45680 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][15 pkts/7129 bytes <-> 14 pkts/4292 bytes][Goodput ratio: 88/81][2.51 sec][Hostname/SNI: pitangui.amazon.com][ALPN: h2;http/1.1][bytes ratio: 0.248 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 202/95 1324/374 353/142][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 475/307 1248/891 523/370][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,14,7,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,21,7,7,0,0,0,0,0,0,0,0,0,0] - 40 TCP 172.16.42.216:50797 <-> 54.239.28.178:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][14 pkts/5989 bytes <-> 11 pkts/4920 bytes][Goodput ratio: 87/87][10.17 sec][Hostname/SNI: pitangui.amazon.com][ALPN: h2;http/1.1][bytes ratio: 0.098 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 92/114 346/441 105/161][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 428/447 1514/1514 576/536][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com][Certificate SHA-1: 13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24][Validity: 2017-01-12 00:00:00 - 2018-01-13 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,7,0,7,0,0,15,0,0,0,15,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,39,0,0] - 41 TCP 172.16.42.216:47606 <-> 72.21.206.121:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][14 pkts/4321 bytes <-> 14 pkts/6297 bytes][Goodput ratio: 82/87][0.75 sec][Hostname/SNI: fls-na.amazon.com][ALPN: h2;http/1.1][bytes ratio: -0.186 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/27 255/176 73/52][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 309/450 1514/1514 496/585][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx][JA3S: 159d46e54a2c066ef95e656fdf034e1d][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com][Certificate SHA-1: 2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A][Validity: 2017-01-07 00:00:00 - 2018-01-30 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,7,15,15,0,0,7,0,0,0,0,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,39,0,0] + 31 TCP 172.16.42.216:34069 <-> 54.239.24.186:443 [proto: 91.265/TLS.AmazonAWS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Cloud/13][16 pkts/12799 bytes <-> 14 pkts/1381 bytes][Goodput ratio: 93/40][4.36 sec][Hostname/SNI: mobileanalytics.us-east-1.amazonaws.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: 0.805 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 256/126 2464/986 644/293][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 800/99 1514/449 707/105][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,8,0,0,8,0,0,0,8,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,59,0,0] + 32 TCP 172.16.42.216:45711 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][22 pkts/11642 bytes <-> 11 pkts/2484 bytes][Goodput ratio: 89/74][21.11 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.648 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/64 1023/2459 6019/9247 1749/3564][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 529/226 1514/955 611/323][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,12,6,0,0,6,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,6,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,31,0,0] + 33 TCP 172.16.42.216:42130 <-> 72.21.206.135:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][18 pkts/6237 bytes <-> 14 pkts/6594 bytes][Goodput ratio: 84/88][2.59 sec][Hostname/SNI: fls-na.amazon.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 164/169 783/785 225/244][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 346/471 1514/1514 494/576][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx][JA3S: 159d46e54a2c066ef95e656fdf034e1d][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com][Certificate SHA-1: 2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A][Validity: 2017-01-07 00:00:00 - 2018-01-30 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,6,0,6,0,0,20,0,0,6,0,0,0,13,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,34,0,0] + 34 TCP 172.16.42.216:37551 <-> 54.239.24.180:443 [proto: 91.265/TLS.AmazonAWS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Cloud/13][17 pkts/10780 bytes <-> 14 pkts/1770 bytes][Goodput ratio: 91/53][5.05 sec][Hostname/SNI: mobileanalytics.us-east-1.amazonaws.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: 0.718 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 330/332 1326/1927 449/591][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 634/126 1514/449 657/137][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,7,0,0,7,0,0,7,21,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,42,0,0] + 35 TCP 172.16.42.216:47605 <-> 72.21.206.121:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][14 pkts/6459 bytes <-> 10 pkts/5934 bytes][Goodput ratio: 88/90][1.23 sec][Hostname/SNI: fls-na.amazon.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: 0.042 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 99/73 444/289 147/105][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 461/593 1514/1514 580/631][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx][JA3S: 159d46e54a2c066ef95e656fdf034e1d][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com][Certificate SHA-1: 2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A][Validity: 2017-01-07 00:00:00 - 2018-01-30 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,7,0,7,0,0,15,0,0,7,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,40,0,0] + 36 TCP 172.16.42.216:45661 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][18 pkts/5853 bytes <-> 14 pkts/6315 bytes][Goodput ratio: 83/87][2.50 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.038 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 168/40 1015/176 274/60][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 325/451 1168/1514 442/528][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com][Certificate SHA-1: 13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24][Validity: 2017-01-12 00:00:00 - 2018-01-13 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,7,0,0,0,0,7,0,0,0,15,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,7,0,7,0,0,0,0,24,7,0,0,0,0,0,0,0,0,0,0,15,0,0] + 37 TCP 172.16.42.216:45715 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][18 pkts/10366 bytes <-> 11 pkts/1730 bytes][Goodput ratio: 90/63][22.60 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.714 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1160/2749 10810/15911 2672/5468][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 576/157 1514/555 667/178][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,14,7,7,0,0,7,7,0,0,0,0,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,42,0,0] + 38 TCP 172.16.42.216:42129 <-> 72.21.206.135:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][16 pkts/5899 bytes <-> 13 pkts/6114 bytes][Goodput ratio: 85/88][2.59 sec][Hostname/SNI: fls-na.amazon.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.018 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 177/19 1347/104 365/37][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 369/470 1514/1514 557/597][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx][JA3S: 159d46e54a2c066ef95e656fdf034e1d][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com][Certificate SHA-1: 2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A][Validity: 2017-01-07 00:00:00 - 2018-01-30 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,8,0,8,0,0,8,0,0,16,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,51,0,0] + 39 TCP 172.16.42.216:45680 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][15 pkts/7129 bytes <-> 14 pkts/4292 bytes][Goodput ratio: 88/81][2.51 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.248 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 202/95 1324/374 353/142][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 475/307 1248/891 523/370][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,14,7,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,21,7,7,0,0,0,0,0,0,0,0,0,0] + 40 TCP 172.16.42.216:50797 <-> 54.239.28.178:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][14 pkts/5989 bytes <-> 11 pkts/4920 bytes][Goodput ratio: 87/87][10.17 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.098 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 92/114 346/441 105/161][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 428/447 1514/1514 576/536][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com][Certificate SHA-1: 13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24][Validity: 2017-01-12 00:00:00 - 2018-01-13 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,7,0,7,0,0,15,0,0,0,15,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,39,0,0] + 41 TCP 172.16.42.216:47606 <-> 72.21.206.121:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][14 pkts/4321 bytes <-> 14 pkts/6297 bytes][Goodput ratio: 82/87][0.75 sec][Hostname/SNI: fls-na.amazon.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.186 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/27 255/176 73/52][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 309/450 1514/1514 496/585][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx][JA3S: 159d46e54a2c066ef95e656fdf034e1d][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com][Certificate SHA-1: 2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A][Validity: 2017-01-07 00:00:00 - 2018-01-30 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,7,15,15,0,0,7,0,0,0,0,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,39,0,0] 42 TCP 172.16.42.216:38757 <-> 54.239.28.178:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][13 pkts/6382 bytes <-> 8 pkts/3973 bytes][Goodput ratio: 89/89][2.80 sec][bytes ratio: 0.233 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 254/411 1240/2328 378/858][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 491/497 1344/1514 576/598][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1][JA3C: f8f5b71e02603b283e55b50d17ede861][ServerNames: pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com][Certificate SHA-1: 13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24][Validity: 2017-01-12 00:00:00 - 2018-01-13 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,9,0,0,0,9,9,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,36,0,0,0,0,18,0,0] - 43 TCP 172.16.42.216:40864 <-> 54.239.29.253:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][15 pkts/2838 bytes <-> 16 pkts/7478 bytes][Goodput ratio: 71/88][4.06 sec][Hostname/SNI: skills-store.amazon.com][ALPN: h2;http/1.1][bytes ratio: -0.450 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 66/267 259/1771 98/509][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 189/467 1514/1514 363/499][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,20,6,0,0,0,6,13,0,0,0,0,0,0,0,0,0,26,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,20,0,0] - 44 TCP 172.16.42.216:45693 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][15 pkts/4412 bytes <-> 13 pkts/5784 bytes][Goodput ratio: 81/87][4.69 sec][Hostname/SNI: pitangui.amazon.com][ALPN: h2;http/1.1][bytes ratio: -0.135 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 390/24 4145/80 1133/32][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 294/445 1514/1514 485/599][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 7,15,7,0,7,0,7,7,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0] - 45 TCP 172.16.42.216:54427 <-> 52.85.209.216:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][13 pkts/8467 bytes <-> 8 pkts/1403 bytes][Goodput ratio: 90/62][1.35 sec][Hostname/SNI: www.amazon.com][ALPN: h2;http/1.1][bytes ratio: 0.716 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/12 109/125 514/453 157/165][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 651/175 1514/777 663/233][TLSv1.2][JA3C: 5ee142340adf02ded757447e2ff78986][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,11,0,0,11,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,22,0,0] + 43 TCP 172.16.42.216:40864 <-> 54.239.29.253:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][15 pkts/2838 bytes <-> 16 pkts/7478 bytes][Goodput ratio: 71/88][4.06 sec][Hostname/SNI: skills-store.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.450 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 66/267 259/1771 98/509][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 189/467 1514/1514 363/499][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,20,6,0,0,0,6,13,0,0,0,0,0,0,0,0,0,26,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,20,0,0] + 44 TCP 172.16.42.216:45693 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][15 pkts/4412 bytes <-> 13 pkts/5784 bytes][Goodput ratio: 81/87][4.69 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.135 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 390/24 4145/80 1133/32][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 294/445 1514/1514 485/599][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 7,15,7,0,7,0,7,7,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0] + 45 TCP 172.16.42.216:54427 <-> 52.85.209.216:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][13 pkts/8467 bytes <-> 8 pkts/1403 bytes][Goodput ratio: 90/62][1.35 sec][Hostname/SNI: www.amazon.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: 0.716 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/12 109/125 514/453 157/165][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 651/175 1514/777 663/233][TLSv1.2][JA3C: 5ee142340adf02ded757447e2ff78986][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,11,0,0,11,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,22,0,0] 46 TCP 172.16.42.216:51994 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][IP: 265/AmazonAWS][ClearText][Confidence: DPI][cat: Web/5][11 pkts/1293 bytes <-> 10 pkts/8334 bytes][Goodput ratio: 42/92][1.10 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.731 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 106/24 808/113 266/39][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 118/833 613/1514 157/652][URL: ecx.images-amazon.com/images/I/315y9IEXZSL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][PLAIN TEXT (GET /images/I/315)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,57,0,0] 47 TCP 172.16.42.216:44001 <-> 176.32.101.52:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][22 pkts/4394 bytes <-> 19 pkts/5213 bytes][Goodput ratio: 72/79][101.63 sec][Hostname/SNI: dp-gw-na-js.amazon.com][bytes ratio: -0.085 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 5968/5788 80048/79926 19049/20563][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 200/274 1514/1514 303/442][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: 731bcada65b0a6f850bada3bdcd716d1][ServerNames: dp-gw-na.amazon.com,dp-gw-na-js.amazon.com,dp-gw-na.amazon.co.uk,dp-gw-na.amazon.de,dp-gw-na.amazon.co.jp,dp-gw-na.amazon.in][JA3S: fbe78c619e7ea20046131294ad087f05][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=dp-gw-na.amazon.com][Certificate SHA-1: 27:E5:06:34:82:69:BC:97:5E:28:A3:C1:5A:23:81:C7:E3:28:95:8C][Validity: 2016-09-24 00:00:00 - 2017-09-13 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 9,14,4,4,4,0,29,9,0,4,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0] - 48 TCP 172.16.42.216:45714 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][17 pkts/7542 bytes <-> 10 pkts/1990 bytes][Goodput ratio: 88/71][18.45 sec][Hostname/SNI: pitangui.amazon.com][ALPN: h2;http/1.1][bytes ratio: 0.582 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1317/1449 6762/8309 2110/3069][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 444/199 1514/699 598/247][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,15,7,0,15,7,0,7,0,0,0,0,0,0,0,0,0,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,0,0] - 49 TCP 172.16.42.216:38404 <-> 34.199.52.240:443 [proto: 91.265/TLS.AmazonAWS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Cloud/13][15 pkts/3140 bytes <-> 12 pkts/6286 bytes][Goodput ratio: 69/87][1.00 sec][Hostname/SNI: cognito-identity.us-east-1.amazonaws.com][ALPN: h2;http/1.1][bytes ratio: -0.334 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 74/55 364/256 109/84][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 209/524 950/1514 299/598][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: cognito-identity.amazonaws.com,cognito-identity.us-east-1.amazonaws.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=cognito-identity.us-east-1.amazonaws.com][Certificate SHA-1: 56:17:8F:E9:45:10:32:78:FF:FD:E3:09:60:5A:B5:3B:8D:8C:F8:34][Validity: 2016-05-25 00:00:00 - 2017-06-22 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 8,16,0,8,0,0,0,0,8,0,0,0,0,0,0,8,8,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] - 50 TCP 172.16.42.216:34074 <-> 54.239.24.186:443 [proto: 91.265/TLS.AmazonAWS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Cloud/13][13 pkts/7594 bytes <-> 9 pkts/1081 bytes][Goodput ratio: 90/51][6.86 sec][Hostname/SNI: mobileanalytics.us-east-1.amazonaws.com][ALPN: h2;http/1.1][bytes ratio: 0.751 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 679/185 5262/894 1550/320][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 584/120 1514/449 627/125][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,11,0,0,11,0,0,0,11,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,0,0,22,0,11,0,0] - 51 TCP 172.16.42.216:34019 <-> 54.239.24.186:443 [proto: 91.265/TLS.AmazonAWS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Cloud/13][14 pkts/2122 bytes <-> 11 pkts/6182 bytes][Goodput ratio: 63/90][0.64 sec][Hostname/SNI: mobileanalytics.us-east-1.amazonaws.com][ALPN: h2;http/1.1][bytes ratio: -0.489 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 50/71 277/343 78/116][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 152/562 820/1514 202/618][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: mobileanalytics.us-east-1.amazonaws.com][JA3S: 159d46e54a2c066ef95e656fdf034e1d][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=mobileanalytics.us-east-1.amazonaws.com][Certificate SHA-1: 87:AD:E9:2D:E8:42:F0:5C:3A:09:13:00:12:93:59:04:84:C3:E2:2D][Validity: 2016-05-31 00:00:00 - 2017-06-26 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,10,0,10,0,0,0,20,0,0,0,0,0,0,0,10,0,0,0,10,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0] - 52 TCP 172.16.42.216:34033 <-> 54.239.24.186:443 [proto: 91.265/TLS.AmazonAWS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Cloud/13][14 pkts/6517 bytes <-> 11 pkts/1705 bytes][Goodput ratio: 88/62][1.91 sec][Hostname/SNI: mobileanalytics.us-east-1.amazonaws.com][ALPN: h2;http/1.1][bytes ratio: 0.585 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 144/57 1221/225 342/79][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 466/155 1514/564 535/173][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,10,0,0,10,0,0,0,10,0,0,0,10,0,0,10,0,0,0,0,0,0,0,10,0,10,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,10,0,10,0,0] - 53 TCP 172.16.42.216:40853 <-> 54.239.29.253:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][12 pkts/2895 bytes <-> 11 pkts/5277 bytes][Goodput ratio: 77/88][2.68 sec][Hostname/SNI: skills-store.amazon.com][ALPN: h2;http/1.1][bytes ratio: -0.291 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 54/37 137/137 61/49][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 241/480 1514/1514 399/596][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: skills-store.amazon.com][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=skills-store.amazon.com][Certificate SHA-1: 2A:40:0E:E9:9A:EC:7C:0D:40:AA:C9:C5:66:67:00:B8:3E:90:DC:B2][Validity: 2016-05-14 00:00:00 - 2017-05-15 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,18,0,9,0,0,9,9,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,27,0,0] - 54 TCP 172.16.42.216:45696 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][14 pkts/7016 bytes <-> 9 pkts/1115 bytes][Goodput ratio: 89/53][4.57 sec][Hostname/SNI: pitangui.amazon.com][ALPN: h2;http/1.1][bytes ratio: 0.726 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 124/196 591/1077 175/395][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 501/124 1514/507 644/138][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,20,10,10,0,0,0,10,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0] - 55 TCP 172.16.42.216:45673 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][14 pkts/4512 bytes <-> 12 pkts/3341 bytes][Goodput ratio: 83/79][2.23 sec][Hostname/SNI: pitangui.amazon.com][ALPN: h2;http/1.1][bytes ratio: 0.149 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 187/31 1612/164 452/54][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 322/278 1232/891 463/354][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,20,10,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0,0,0,0,0,0,0,20,10,0,0,0,0,0,0,0,0,0,0,0] + 48 TCP 172.16.42.216:45714 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][17 pkts/7542 bytes <-> 10 pkts/1990 bytes][Goodput ratio: 88/71][18.45 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.582 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1317/1449 6762/8309 2110/3069][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 444/199 1514/699 598/247][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,15,7,0,15,7,0,7,0,0,0,0,0,0,0,0,0,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,0,0] + 49 TCP 172.16.42.216:38404 <-> 34.199.52.240:443 [proto: 91.265/TLS.AmazonAWS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Cloud/13][15 pkts/3140 bytes <-> 12 pkts/6286 bytes][Goodput ratio: 69/87][1.00 sec][Hostname/SNI: cognito-identity.us-east-1.amazonaws.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.334 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 74/55 364/256 109/84][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 209/524 950/1514 299/598][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: cognito-identity.amazonaws.com,cognito-identity.us-east-1.amazonaws.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=cognito-identity.us-east-1.amazonaws.com][Certificate SHA-1: 56:17:8F:E9:45:10:32:78:FF:FD:E3:09:60:5A:B5:3B:8D:8C:F8:34][Validity: 2016-05-25 00:00:00 - 2017-06-22 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 8,16,0,8,0,0,0,0,8,0,0,0,0,0,0,8,8,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] + 50 TCP 172.16.42.216:34074 <-> 54.239.24.186:443 [proto: 91.265/TLS.AmazonAWS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Cloud/13][13 pkts/7594 bytes <-> 9 pkts/1081 bytes][Goodput ratio: 90/51][6.86 sec][Hostname/SNI: mobileanalytics.us-east-1.amazonaws.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: 0.751 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 679/185 5262/894 1550/320][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 584/120 1514/449 627/125][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,11,0,0,11,0,0,0,11,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,0,0,22,0,11,0,0] + 51 TCP 172.16.42.216:34019 <-> 54.239.24.186:443 [proto: 91.265/TLS.AmazonAWS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Cloud/13][14 pkts/2122 bytes <-> 11 pkts/6182 bytes][Goodput ratio: 63/90][0.64 sec][Hostname/SNI: mobileanalytics.us-east-1.amazonaws.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.489 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 50/71 277/343 78/116][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 152/562 820/1514 202/618][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: mobileanalytics.us-east-1.amazonaws.com][JA3S: 159d46e54a2c066ef95e656fdf034e1d][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=mobileanalytics.us-east-1.amazonaws.com][Certificate SHA-1: 87:AD:E9:2D:E8:42:F0:5C:3A:09:13:00:12:93:59:04:84:C3:E2:2D][Validity: 2016-05-31 00:00:00 - 2017-06-26 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,10,0,10,0,0,0,20,0,0,0,0,0,0,0,10,0,0,0,10,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0] + 52 TCP 172.16.42.216:34033 <-> 54.239.24.186:443 [proto: 91.265/TLS.AmazonAWS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Cloud/13][14 pkts/6517 bytes <-> 11 pkts/1705 bytes][Goodput ratio: 88/62][1.91 sec][Hostname/SNI: mobileanalytics.us-east-1.amazonaws.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: 0.585 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 144/57 1221/225 342/79][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 466/155 1514/564 535/173][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,10,0,0,10,0,0,0,10,0,0,0,10,0,0,10,0,0,0,0,0,0,0,10,0,10,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,10,0,10,0,0] + 53 TCP 172.16.42.216:40853 <-> 54.239.29.253:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][12 pkts/2895 bytes <-> 11 pkts/5277 bytes][Goodput ratio: 77/88][2.68 sec][Hostname/SNI: skills-store.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.291 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 54/37 137/137 61/49][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 241/480 1514/1514 399/596][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: skills-store.amazon.com][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=skills-store.amazon.com][Certificate SHA-1: 2A:40:0E:E9:9A:EC:7C:0D:40:AA:C9:C5:66:67:00:B8:3E:90:DC:B2][Validity: 2016-05-14 00:00:00 - 2017-05-15 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,18,0,9,0,0,9,9,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,27,0,0] + 54 TCP 172.16.42.216:45696 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][14 pkts/7016 bytes <-> 9 pkts/1115 bytes][Goodput ratio: 89/53][4.57 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.726 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 124/196 591/1077 175/395][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 501/124 1514/507 644/138][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,20,10,10,0,0,0,10,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0] + 55 TCP 172.16.42.216:45673 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][14 pkts/4512 bytes <-> 12 pkts/3341 bytes][Goodput ratio: 83/79][2.23 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.149 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 187/31 1612/164 452/54][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 322/278 1232/891 463/354][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,20,10,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0,0,0,0,0,0,0,20,10,0,0,0,0,0,0,0,0,0,0,0] 56 TCP 172.16.42.216:49067 <-> 216.58.194.78:443 [proto: 91.228/TLS.PlayStore][IP: 126/Google][Encrypted][Confidence: DPI][cat: SoftwareUpdate/19][10 pkts/2508 bytes <-> 9 pkts/5344 bytes][Goodput ratio: 73/89][0.36 sec][Hostname/SNI: android.clients.google.com][bytes ratio: -0.361 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 44/34 137/93 40/41][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 251/594 1434/1484 402/587][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: 5bf38a5cbf896cd31eeef4d6ad1503e1][ServerNames: *.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.gcp.gvt2.com,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,g.co,goo.gl,google-analytics.com,google.com,googlecommerce.com,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com][JA3S: 9b1466fd60cadccb848e09c86e284265][Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2][Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.google.com][Certificate SHA-1: 54:A0:1E:03:FF:CB:33:BC:9D:65:DC:D7:BF:6B:04:2B:F9:F3:D5:42][Safari][Validity: 2017-03-22 17:02:50 - 2017-06-14 16:17:00][Cipher: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256][Plen Bins: 0,10,10,0,0,10,10,0,0,10,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,10,0,20,0,0,0] - 57 TCP 172.16.42.216:45674 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][12 pkts/4436 bytes <-> 12 pkts/3341 bytes][Goodput ratio: 85/79][2.20 sec][Hostname/SNI: pitangui.amazon.com][ALPN: h2;http/1.1][bytes ratio: 0.141 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 226/36 1612/118 492/51][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 370/278 1248/891 490/354][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,20,10,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0,0,0,0,0,0,0,20,0,10,0,0,0,0,0,0,0,0,0,0] - 58 TCP 172.16.42.216:50796 <-> 54.239.28.178:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][10 pkts/2719 bytes <-> 8 pkts/4869 bytes][Goodput ratio: 79/91][0.73 sec][Hostname/SNI: pitangui.amazon.com][ALPN: h2;http/1.1][bytes ratio: -0.283 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 91/73 260/241 97/100][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 272/609 1514/1514 428/624][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com][Certificate SHA-1: 13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24][Validity: 2017-01-12 00:00:00 - 2018-01-13 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,11,0,0,0,11,11,0,0,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,33,0,0] - 59 TCP 172.16.42.216:38363 <-> 34.199.52.240:443 [proto: 91.265/TLS.AmazonAWS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Cloud/13][14 pkts/2676 bytes <-> 10 pkts/4624 bytes][Goodput ratio: 66/85][0.81 sec][Hostname/SNI: cognito-identity.us-east-1.amazonaws.com][ALPN: h2;http/1.1][bytes ratio: -0.267 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 68/88 265/375 77/136][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 191/462 773/1514 246/556][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: cognito-identity.amazonaws.com,cognito-identity.us-east-1.amazonaws.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=cognito-identity.us-east-1.amazonaws.com][Certificate SHA-1: 56:17:8F:E9:45:10:32:78:FF:FD:E3:09:60:5A:B5:3B:8D:8C:F8:34][Validity: 2016-05-25 00:00:00 - 2017-06-22 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 10,10,0,10,0,0,0,10,0,0,0,0,0,0,10,10,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0] + 57 TCP 172.16.42.216:45674 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][12 pkts/4436 bytes <-> 12 pkts/3341 bytes][Goodput ratio: 85/79][2.20 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.141 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 226/36 1612/118 492/51][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 370/278 1248/891 490/354][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,20,10,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0,0,0,0,0,0,0,20,0,10,0,0,0,0,0,0,0,0,0,0] + 58 TCP 172.16.42.216:50796 <-> 54.239.28.178:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][10 pkts/2719 bytes <-> 8 pkts/4869 bytes][Goodput ratio: 79/91][0.73 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.283 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 91/73 260/241 97/100][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 272/609 1514/1514 428/624][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com][Certificate SHA-1: 13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24][Validity: 2017-01-12 00:00:00 - 2018-01-13 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,11,0,0,0,11,11,0,0,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,33,0,0] + 59 TCP 172.16.42.216:38363 <-> 34.199.52.240:443 [proto: 91.265/TLS.AmazonAWS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Cloud/13][14 pkts/2676 bytes <-> 10 pkts/4624 bytes][Goodput ratio: 66/85][0.81 sec][Hostname/SNI: cognito-identity.us-east-1.amazonaws.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.267 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 68/88 265/375 77/136][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 191/462 773/1514 246/556][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: cognito-identity.amazonaws.com,cognito-identity.us-east-1.amazonaws.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=cognito-identity.us-east-1.amazonaws.com][Certificate SHA-1: 56:17:8F:E9:45:10:32:78:FF:FD:E3:09:60:5A:B5:3B:8D:8C:F8:34][Validity: 2016-05-25 00:00:00 - 2017-06-22 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 10,10,0,10,0,0,0,10,0,0,0,0,0,0,10,10,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0] 60 TCP 172.16.42.216:59698 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][13 pkts/2372 bytes <-> 10 pkts/4572 bytes][Goodput ratio: 70/88][105.04 sec][bytes ratio: -0.317 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10450/383 99710/1530 29779/579][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 182/457 1184/1514 305/547][Risk: ** Weak TLS Cipher **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 160][Risk Info: No ALPN / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: 36e9ceaa96dd810482573844f78a063f][ServerNames: pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com][Certificate SHA-1: 13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24][Firefox][Validity: 2017-01-12 00:00:00 - 2018-01-13 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,11,0,0,0,0,11,0,0,0,44,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,22,0,0] - 61 TCP 172.16.42.216:41825 <-> 54.231.72.88:443 [proto: 91.265/TLS.AmazonAWS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Cloud/13][15 pkts/1901 bytes <-> 14 pkts/5033 bytes][Goodput ratio: 56/84][6.82 sec][Hostname/SNI: s3-external-2.amazonaws.com][ALPN: h2;http/1.1][bytes ratio: -0.452 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 533/614 5996/5956 1648/1782][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 127/360 752/1486 180/458][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: s3-external-1.amazonaws.com,*.s3-external-1.amazonaws.com,s3-external-2.amazonaws.com,*.s3-external-2.amazonaws.com,*.s3.amazonaws.com][JA3S: ea615e28cb25adfb2f261151eab3314f][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Baltimore CA-2 G2][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com Inc., CN=*.s3-external-1.amazonaws.com][Certificate SHA-1: C0:51:D8:FA:6B:58:94:F2:3E:4E:7D:B2:36:5F:02:E4:F0:3F:54:FF][Validity: 2016-07-18 00:00:00 - 2017-10-26 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 24,7,7,7,0,0,0,7,0,0,7,0,0,7,0,0,0,0,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,7,0,0,0] - 62 TCP 172.16.42.216:42143 <-> 72.21.206.135:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][12 pkts/5873 bytes <-> 10 pkts/1049 bytes][Goodput ratio: 89/44][1.37 sec][Hostname/SNI: fls-na.amazon.com][ALPN: h2;http/1.1][bytes ratio: 0.697 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 144/88 483/524 177/179][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 489/105 1514/357 610/95][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,12,0,0,12,0,0,12,0,12,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,38,0,0] - 63 TCP 172.16.42.216:42148 <-> 72.21.206.135:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][13 pkts/5805 bytes <-> 8 pkts/1017 bytes][Goodput ratio: 88/54][0.57 sec][Hostname/SNI: fls-na.amazon.com][ALPN: h2;http/1.1][bytes ratio: 0.702 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 50/13 245/65 75/26][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 447/127 1514/445 591/130][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,11,0,0,22,0,0,11,11,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0] - 64 TCP 172.16.42.216:54412 <-> 52.85.209.216:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][10 pkts/996 bytes <-> 7 pkts/5823 bytes][Goodput ratio: 33/92][0.38 sec][Hostname/SNI: www.amazon.com][ALPN: h2;http/1.1][bytes ratio: -0.708 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 47/18 101/86 45/34][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 100/832 268/1514 67/636][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com][Certificate SHA-1: EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E][Validity: 2016-10-31 00:00:00 - 2017-12-31 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,14,0,0,14,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,42,0,0] - 65 TCP 172.16.42.216:41820 <-> 54.231.72.88:443 [proto: 91.265/TLS.AmazonAWS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Cloud/13][14 pkts/1817 bytes <-> 13 pkts/4948 bytes][Goodput ratio: 57/85][3.94 sec][Hostname/SNI: s3-external-2.amazonaws.com][ALPN: h2;http/1.1][bytes ratio: -0.463 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 314/42 2864/196 810/79][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 130/381 754/1486 184/469][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: s3-external-1.amazonaws.com,*.s3-external-1.amazonaws.com,s3-external-2.amazonaws.com,*.s3-external-2.amazonaws.com,*.s3.amazonaws.com][JA3S: ea615e28cb25adfb2f261151eab3314f][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Baltimore CA-2 G2][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com Inc., CN=*.s3-external-1.amazonaws.com][Certificate SHA-1: C0:51:D8:FA:6B:58:94:F2:3E:4E:7D:B2:36:5F:02:E4:F0:3F:54:FF][Validity: 2016-07-18 00:00:00 - 2017-10-26 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 16,8,8,8,0,0,8,0,0,0,8,0,0,8,0,0,0,0,0,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,8,0,0,0] - 66 TCP 172.16.42.216:45732 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][13 pkts/5614 bytes <-> 8 pkts/1103 bytes][Goodput ratio: 87/58][6.02 sec][Hostname/SNI: pitangui.amazon.com][ALPN: h2;http/1.1][bytes ratio: 0.672 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 591/663 2868/3089 977/1214][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 432/138 1514/555 598/160][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,22,11,0,0,0,11,11,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0] - 67 TCP 172.16.42.216:45694 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][11 pkts/1845 bytes <-> 9 pkts/4385 bytes][Goodput ratio: 67/88][4.64 sec][Hostname/SNI: pitangui.amazon.com][ALPN: h2;http/1.1][bytes ratio: -0.408 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 515/26 4284/78 1333/34][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 168/487 752/1514 212/577][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com][Certificate SHA-1: 13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24][Validity: 2017-01-12 00:00:00 - 2018-01-13 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,12,0,0,0,0,12,0,0,0,25,0,0,0,0,0,0,12,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] - 68 TCP 172.16.42.216:34053 <-> 54.239.24.186:443 [proto: 91.265/TLS.AmazonAWS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Cloud/13][11 pkts/4927 bytes <-> 9 pkts/1231 bytes][Goodput ratio: 88/57][2.15 sec][Hostname/SNI: mobileanalytics.us-east-1.amazonaws.com][ALPN: h2;http/1.1][bytes ratio: 0.600 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 236/131 950/512 322/198][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 448/137 1514/449 584/126][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,12,0,0,25,0,0,0,12,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,12,0,12,0,0] - 69 TCP 172.16.42.216:50800 <-> 54.239.28.178:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][9 pkts/1769 bytes <-> 8 pkts/4341 bytes][Goodput ratio: 71/90][0.63 sec][Hostname/SNI: pitangui.amazon.com][ALPN: h2;http/1.1][bytes ratio: -0.421 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 89/41 233/155 85/58][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 197/543 784/1514 236/591][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com][Certificate SHA-1: 13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24][Validity: 2017-01-12 00:00:00 - 2018-01-13 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,12,0,0,0,0,12,0,0,0,25,0,0,0,0,0,0,12,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] + 61 TCP 172.16.42.216:41825 <-> 54.231.72.88:443 [proto: 91.265/TLS.AmazonAWS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Cloud/13][15 pkts/1901 bytes <-> 14 pkts/5033 bytes][Goodput ratio: 56/84][6.82 sec][Hostname/SNI: s3-external-2.amazonaws.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.452 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 533/614 5996/5956 1648/1782][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 127/360 752/1486 180/458][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: s3-external-1.amazonaws.com,*.s3-external-1.amazonaws.com,s3-external-2.amazonaws.com,*.s3-external-2.amazonaws.com,*.s3.amazonaws.com][JA3S: ea615e28cb25adfb2f261151eab3314f][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Baltimore CA-2 G2][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com Inc., CN=*.s3-external-1.amazonaws.com][Certificate SHA-1: C0:51:D8:FA:6B:58:94:F2:3E:4E:7D:B2:36:5F:02:E4:F0:3F:54:FF][Validity: 2016-07-18 00:00:00 - 2017-10-26 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 24,7,7,7,0,0,0,7,0,0,7,0,0,7,0,0,0,0,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,7,0,0,0] + 62 TCP 172.16.42.216:42143 <-> 72.21.206.135:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][12 pkts/5873 bytes <-> 10 pkts/1049 bytes][Goodput ratio: 89/44][1.37 sec][Hostname/SNI: fls-na.amazon.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: 0.697 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 144/88 483/524 177/179][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 489/105 1514/357 610/95][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,12,0,0,12,0,0,12,0,12,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,38,0,0] + 63 TCP 172.16.42.216:42148 <-> 72.21.206.135:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][13 pkts/5805 bytes <-> 8 pkts/1017 bytes][Goodput ratio: 88/54][0.57 sec][Hostname/SNI: fls-na.amazon.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: 0.702 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 50/13 245/65 75/26][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 447/127 1514/445 591/130][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,11,0,0,22,0,0,11,11,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0] + 64 TCP 172.16.42.216:54412 <-> 52.85.209.216:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][10 pkts/996 bytes <-> 7 pkts/5823 bytes][Goodput ratio: 33/92][0.38 sec][Hostname/SNI: www.amazon.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.708 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 47/18 101/86 45/34][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 100/832 268/1514 67/636][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com][Certificate SHA-1: EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E][Validity: 2016-10-31 00:00:00 - 2017-12-31 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,14,0,0,14,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,42,0,0] + 65 TCP 172.16.42.216:41820 <-> 54.231.72.88:443 [proto: 91.265/TLS.AmazonAWS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Cloud/13][14 pkts/1817 bytes <-> 13 pkts/4948 bytes][Goodput ratio: 57/85][3.94 sec][Hostname/SNI: s3-external-2.amazonaws.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.463 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 314/42 2864/196 810/79][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 130/381 754/1486 184/469][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: s3-external-1.amazonaws.com,*.s3-external-1.amazonaws.com,s3-external-2.amazonaws.com,*.s3-external-2.amazonaws.com,*.s3.amazonaws.com][JA3S: ea615e28cb25adfb2f261151eab3314f][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Baltimore CA-2 G2][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com Inc., CN=*.s3-external-1.amazonaws.com][Certificate SHA-1: C0:51:D8:FA:6B:58:94:F2:3E:4E:7D:B2:36:5F:02:E4:F0:3F:54:FF][Validity: 2016-07-18 00:00:00 - 2017-10-26 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 16,8,8,8,0,0,8,0,0,0,8,0,0,8,0,0,0,0,0,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,8,0,0,0] + 66 TCP 172.16.42.216:45732 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][13 pkts/5614 bytes <-> 8 pkts/1103 bytes][Goodput ratio: 87/58][6.02 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.672 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 591/663 2868/3089 977/1214][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 432/138 1514/555 598/160][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,22,11,0,0,0,11,11,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0] + 67 TCP 172.16.42.216:45694 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][11 pkts/1845 bytes <-> 9 pkts/4385 bytes][Goodput ratio: 67/88][4.64 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.408 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 515/26 4284/78 1333/34][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 168/487 752/1514 212/577][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com][Certificate SHA-1: 13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24][Validity: 2017-01-12 00:00:00 - 2018-01-13 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,12,0,0,0,0,12,0,0,0,25,0,0,0,0,0,0,12,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] + 68 TCP 172.16.42.216:34053 <-> 54.239.24.186:443 [proto: 91.265/TLS.AmazonAWS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Cloud/13][11 pkts/4927 bytes <-> 9 pkts/1231 bytes][Goodput ratio: 88/57][2.15 sec][Hostname/SNI: mobileanalytics.us-east-1.amazonaws.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: 0.600 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 236/131 950/512 322/198][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 448/137 1514/449 584/126][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,12,0,0,25,0,0,0,12,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,12,0,12,0,0] + 69 TCP 172.16.42.216:50800 <-> 54.239.28.178:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][9 pkts/1769 bytes <-> 8 pkts/4341 bytes][Goodput ratio: 71/90][0.63 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.421 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 89/41 233/155 85/58][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 197/543 784/1514 236/591][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com][Certificate SHA-1: 13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24][Validity: 2017-01-12 00:00:00 - 2018-01-13 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,12,0,0,0,0,12,0,0,0,25,0,0,0,0,0,0,12,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] 70 TCP 172.16.42.216:33556 <-> 52.94.232.0:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][10 pkts/1505 bytes <-> 9 pkts/4591 bytes][Goodput ratio: 63/89][141.56 sec][Hostname/SNI: mads.amazon-adsystem.com][bytes ratio: -0.506 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 76/52 174/172 68/74][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 150/510 642/1514 180/582][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: bdf21e38e1f69776df407235625e75e2][ServerNames: mads.amazon-adsystem.com,mads.amazon.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=mads.amazon.com][Certificate SHA-1: E0:2E:BD:D6:46:9B:05:03:93:CC:A7:28:7A:F4:57:9C:EB:40:8F:AB][Firefox][Validity: 2016-09-23 00:00:00 - 2017-10-22 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,12,0,12,0,0,0,12,0,0,0,0,12,0,0,0,0,0,12,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] - 71 TCP 172.16.42.216:45695 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][13 pkts/4352 bytes <-> 10 pkts/1702 bytes][Goodput ratio: 83/66][4.61 sec][Hostname/SNI: pitangui.amazon.com][ALPN: h2;http/1.1][bytes ratio: 0.438 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 51/36 165/70 55/29][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 335/170 1514/555 510/190][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,20,10,0,0,0,20,10,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0] - 72 TCP 172.16.42.216:45688 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][12 pkts/4484 bytes <-> 8 pkts/1439 bytes][Goodput ratio: 85/68][0.83 sec][Hostname/SNI: pitangui.amazon.com][ALPN: h2;http/1.1][bytes ratio: 0.514 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 82/34 462/65 131/27][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 374/180 1514/891 537/270][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,25,12,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] - 73 TCP 172.16.42.216:42144 <-> 72.21.206.135:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][12 pkts/4652 bytes <-> 11 pkts/1197 bytes][Goodput ratio: 86/46][1.06 sec][Hostname/SNI: fls-na.amazon.com][ALPN: h2;http/1.1][bytes ratio: 0.591 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 40/17 110/64 38/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 388/109 1514/445 525/115][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,12,0,0,12,0,0,12,12,0,0,0,12,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] - 74 TCP 172.16.42.216:34041 <-> 54.239.24.186:443 [proto: 91.265/TLS.AmazonAWS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Cloud/13][11 pkts/4772 bytes <-> 8 pkts/1021 bytes][Goodput ratio: 87/54][0.71 sec][Hostname/SNI: mobileanalytics.us-east-1.amazonaws.com][ALPN: h2;http/1.1][bytes ratio: 0.648 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 78/15 402/57 120/22][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 434/128 1514/449 567/131][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,14,0,0,14,0,0,0,14,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,14,0,14,0,0] - 75 TCP 172.16.42.216:45730 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][12 pkts/4052 bytes <-> 8 pkts/1695 bytes][Goodput ratio: 83/73][2.11 sec][Hostname/SNI: pitangui.amazon.com][ALPN: h2;http/1.1][bytes ratio: 0.410 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 211/94 922/264 266/97][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 338/212 1514/1147 531/355][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,25,12,0,0,12,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,25,0,0] - 76 TCP 172.16.42.216:45676 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][12 pkts/3258 bytes <-> 10 pkts/2390 bytes][Goodput ratio: 79/76][1.93 sec][Hostname/SNI: pitangui.amazon.com][ALPN: h2;http/1.1][bytes ratio: 0.154 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 199/75 1078/275 321/99][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 272/239 1200/891 420/327][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,25,12,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0] - 77 TCP 172.16.42.216:45704 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][14 pkts/4417 bytes <-> 9 pkts/1227 bytes][Goodput ratio: 82/57][2.65 sec][Hostname/SNI: pitangui.amazon.com][ALPN: h2;http/1.1][bytes ratio: 0.565 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 100/113 506/431 150/168][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 316/136 1514/619 495/173][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,30,10,0,0,20,0,10,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0] - 78 TCP 172.16.42.216:45728 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][12 pkts/4052 bytes <-> 8 pkts/1119 bytes][Goodput ratio: 83/58][2.13 sec][Hostname/SNI: pitangui.amazon.com][ALPN: h2;http/1.1][bytes ratio: 0.567 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 213/90 941/264 271/100][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 338/140 1514/571 531/165][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,25,12,0,0,12,0,12,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] - 79 TCP 172.16.42.216:40878 <-> 54.239.29.253:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][13 pkts/2948 bytes <-> 10 pkts/1947 bytes][Goodput ratio: 75/70][6.35 sec][Hostname/SNI: skills-store.amazon.com][ALPN: h2;http/1.1][bytes ratio: 0.204 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 406/60 3799/294 1132/105][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 227/195 1514/1147 385/320][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,22,11,0,22,0,0,11,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,11,0,0] + 71 TCP 172.16.42.216:45695 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][13 pkts/4352 bytes <-> 10 pkts/1702 bytes][Goodput ratio: 83/66][4.61 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.438 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 51/36 165/70 55/29][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 335/170 1514/555 510/190][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,20,10,0,0,0,20,10,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0] + 72 TCP 172.16.42.216:45688 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][12 pkts/4484 bytes <-> 8 pkts/1439 bytes][Goodput ratio: 85/68][0.83 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.514 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 82/34 462/65 131/27][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 374/180 1514/891 537/270][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,25,12,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] + 73 TCP 172.16.42.216:42144 <-> 72.21.206.135:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][12 pkts/4652 bytes <-> 11 pkts/1197 bytes][Goodput ratio: 86/46][1.06 sec][Hostname/SNI: fls-na.amazon.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: 0.591 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 40/17 110/64 38/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 388/109 1514/445 525/115][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,12,0,0,12,0,0,12,12,0,0,0,12,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] + 74 TCP 172.16.42.216:34041 <-> 54.239.24.186:443 [proto: 91.265/TLS.AmazonAWS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Cloud/13][11 pkts/4772 bytes <-> 8 pkts/1021 bytes][Goodput ratio: 87/54][0.71 sec][Hostname/SNI: mobileanalytics.us-east-1.amazonaws.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: 0.648 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 78/15 402/57 120/22][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 434/128 1514/449 567/131][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,14,0,0,14,0,0,0,14,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,14,0,14,0,0] + 75 TCP 172.16.42.216:45730 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][12 pkts/4052 bytes <-> 8 pkts/1695 bytes][Goodput ratio: 83/73][2.11 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.410 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 211/94 922/264 266/97][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 338/212 1514/1147 531/355][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,25,12,0,0,12,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,25,0,0] + 76 TCP 172.16.42.216:45676 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][12 pkts/3258 bytes <-> 10 pkts/2390 bytes][Goodput ratio: 79/76][1.93 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.154 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 199/75 1078/275 321/99][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 272/239 1200/891 420/327][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,25,12,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0] + 77 TCP 172.16.42.216:45704 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][14 pkts/4417 bytes <-> 9 pkts/1227 bytes][Goodput ratio: 82/57][2.65 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.565 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 100/113 506/431 150/168][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 316/136 1514/619 495/173][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,30,10,0,0,20,0,10,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0] + 78 TCP 172.16.42.216:45728 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][12 pkts/4052 bytes <-> 8 pkts/1119 bytes][Goodput ratio: 83/58][2.13 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.567 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 213/90 941/264 271/100][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 338/140 1514/571 531/165][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,25,12,0,0,12,0,12,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] + 79 TCP 172.16.42.216:40878 <-> 54.239.29.253:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][13 pkts/2948 bytes <-> 10 pkts/1947 bytes][Goodput ratio: 75/70][6.35 sec][Hostname/SNI: skills-store.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.204 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 406/60 3799/294 1132/105][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 227/195 1514/1147 385/320][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,22,11,0,22,0,0,11,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,11,0,0] 80 TCP 172.16.42.216:37113 <-> 52.94.232.134:443 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][13 pkts/3881 bytes <-> 11 pkts/979 bytes][Goodput ratio: 81/34][101.19 sec][bytes ratio: 0.597 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 9975/51 99124/160 29716/50][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 299/89 1514/251 520/57][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1][JA3C: f8f5b71e02603b283e55b50d17ede861][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 12,25,12,0,0,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] - 81 TCP 172.16.42.216:45687 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][11 pkts/3204 bytes <-> 8 pkts/1439 bytes][Goodput ratio: 81/68][1.60 sec][Hostname/SNI: pitangui.amazon.com][ALPN: h2;http/1.1][bytes ratio: 0.380 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 175/92 839/363 256/141][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 291/180 1200/891 434/270][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,28,14,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0] - 82 TCP 172.16.42.216:38364 <-> 34.199.52.240:443 [proto: 91.265/TLS.AmazonAWS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Cloud/13][10 pkts/1839 bytes <-> 8 pkts/2676 bytes][Goodput ratio: 65/80][4.64 sec][Hostname/SNI: cognito-identity.us-east-1.amazonaws.com][ALPN: h2;http/1.1][bytes ratio: -0.185 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 568/909 4291/4349 1408/1720][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 184/334 950/1514 267/475][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 303951d4c50efb2e991652225a6f02b1][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 14,14,0,0,14,0,0,0,14,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0] + 81 TCP 172.16.42.216:45687 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][11 pkts/3204 bytes <-> 8 pkts/1439 bytes][Goodput ratio: 81/68][1.60 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.380 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 175/92 839/363 256/141][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 291/180 1200/891 434/270][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,28,14,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0] + 82 TCP 172.16.42.216:38364 <-> 34.199.52.240:443 [proto: 91.265/TLS.AmazonAWS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Cloud/13][10 pkts/1839 bytes <-> 8 pkts/2676 bytes][Goodput ratio: 65/80][4.64 sec][Hostname/SNI: cognito-identity.us-east-1.amazonaws.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.185 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 568/909 4291/4349 1408/1720][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 184/334 950/1514 267/475][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 303951d4c50efb2e991652225a6f02b1][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 14,14,0,0,14,0,0,0,14,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0] 83 TCP 172.16.42.216:39750 <-> 52.94.232.134:443 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][11 pkts/3427 bytes <-> 8 pkts/990 bytes][Goodput ratio: 82/54][10.86 sec][bytes ratio: 0.552 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1171/307 7806/676 2441/248][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 312/124 1344/251 489/78][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1][JA3C: f8f5b71e02603b283e55b50d17ede861][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,25,12,0,0,12,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0] - 84 TCP 172.16.42.216:45750 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][11 pkts/2308 bytes <-> 9 pkts/1786 bytes][Goodput ratio: 73/71][14.18 sec][Hostname/SNI: pitangui.amazon.com][ALPN: h2;http/1.1][bytes ratio: 0.128 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1574/1261 6636/6789 2408/2485][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 210/198 752/619 264/226][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,25,12,0,0,0,0,12,0,0,0,0,0,0,0,0,0,25,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 85 TCP 172.16.42.216:45751 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][12 pkts/2858 bytes <-> 9 pkts/1147 bytes][Goodput ratio: 77/54][5.53 sec][Hostname/SNI: pitangui.amazon.com][ALPN: h2;http/1.1][bytes ratio: 0.427 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 576/51 3507/307 1076/114][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 238/127 1514/539 396/148][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,25,12,0,0,0,25,12,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0] - 86 TCP 172.16.42.216:45752 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][11 pkts/2554 bytes <-> 7 pkts/1347 bytes][Goodput ratio: 76/70][6.39 sec][Hostname/SNI: pitangui.amazon.com][ALPN: h2;http/1.1][bytes ratio: 0.309 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 710/47 5318/161 1636/67][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 232/192 1514/859 413/274][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,28,14,0,0,14,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0] - 87 TCP 172.16.42.216:45729 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][11 pkts/2634 bytes <-> 8 pkts/1167 bytes][Goodput ratio: 77/60][2.03 sec][Hostname/SNI: pitangui.amazon.com][ALPN: h2;http/1.1][bytes ratio: 0.386 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 225/87 1171/213 351/79][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 239/146 1514/619 414/181][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,28,14,0,0,0,0,14,14,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0] - 88 TCP 172.16.42.216:45731 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][11 pkts/2586 bytes <-> 8 pkts/1103 bytes][Goodput ratio: 76/58][2.10 sec][Hostname/SNI: pitangui.amazon.com][ALPN: h2;http/1.1][bytes ratio: 0.402 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 232/44 1171/139 350/57][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 235/138 1514/555 413/160][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,28,14,0,0,0,14,14,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0] - 89 TCP 172.16.42.216:45705 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][11 pkts/2522 bytes <-> 8 pkts/1151 bytes][Goodput ratio: 76/60][2.65 sec][Hostname/SNI: pitangui.amazon.com][ALPN: h2;http/1.1][bytes ratio: 0.373 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 294/123 899/429 317/169][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 229/144 1514/603 413/176][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,28,14,0,14,0,0,14,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0] - 90 TCP 172.16.42.216:45663 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][10 pkts/1988 bytes <-> 8 pkts/1439 bytes][Goodput ratio: 72/68][1.00 sec][Hostname/SNI: pitangui.amazon.com][ALPN: h2;http/1.1][bytes ratio: 0.160 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 120/18 711/52 226/22][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 199/180 1184/891 336/270][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,34,16,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0] - 91 TCP 172.16.42.216:45662 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][10 pkts/1956 bytes <-> 8 pkts/1439 bytes][Goodput ratio: 71/68][1.02 sec][Hostname/SNI: pitangui.amazon.com][ALPN: h2;http/1.1][bytes ratio: 0.152 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 125/16 711/63 224/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 196/180 1152/891 327/270][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,34,16,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0] - 92 TCP 172.16.42.216:45677 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][10 pkts/1988 bytes <-> 7 pkts/1379 bytes][Goodput ratio: 72/71][1.91 sec][Hostname/SNI: pitangui.amazon.com][ALPN: h2;http/1.1][bytes ratio: 0.181 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 202/62 1313/148 421/64][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 199/197 1184/891 336/285][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,34,16,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0] - 93 TCP 172.16.42.216:45709 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][11 pkts/1849 bytes <-> 9 pkts/1227 bytes][Goodput ratio: 67/57][6.32 sec][Hostname/SNI: pitangui.amazon.com][ALPN: h2;http/1.1][bytes ratio: 0.202 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/0 702/216 4375/1192 1340/437][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 168/136 752/619 205/173][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,28,14,0,0,0,0,28,0,0,0,0,0,0,0,0,0,14,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 84 TCP 172.16.42.216:45750 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][11 pkts/2308 bytes <-> 9 pkts/1786 bytes][Goodput ratio: 73/71][14.18 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.128 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1574/1261 6636/6789 2408/2485][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 210/198 752/619 264/226][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,25,12,0,0,0,0,12,0,0,0,0,0,0,0,0,0,25,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 85 TCP 172.16.42.216:45751 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][12 pkts/2858 bytes <-> 9 pkts/1147 bytes][Goodput ratio: 77/54][5.53 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.427 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 576/51 3507/307 1076/114][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 238/127 1514/539 396/148][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,25,12,0,0,0,25,12,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0] + 86 TCP 172.16.42.216:45752 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][11 pkts/2554 bytes <-> 7 pkts/1347 bytes][Goodput ratio: 76/70][6.39 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.309 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 710/47 5318/161 1636/67][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 232/192 1514/859 413/274][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,28,14,0,0,14,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0] + 87 TCP 172.16.42.216:45729 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][11 pkts/2634 bytes <-> 8 pkts/1167 bytes][Goodput ratio: 77/60][2.03 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.386 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 225/87 1171/213 351/79][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 239/146 1514/619 414/181][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,28,14,0,0,0,0,14,14,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0] + 88 TCP 172.16.42.216:45731 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][11 pkts/2586 bytes <-> 8 pkts/1103 bytes][Goodput ratio: 76/58][2.10 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.402 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 232/44 1171/139 350/57][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 235/138 1514/555 413/160][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,28,14,0,0,0,14,14,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0] + 89 TCP 172.16.42.216:45705 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][11 pkts/2522 bytes <-> 8 pkts/1151 bytes][Goodput ratio: 76/60][2.65 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.373 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 294/123 899/429 317/169][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 229/144 1514/603 413/176][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,28,14,0,14,0,0,14,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0] + 90 TCP 172.16.42.216:45663 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][10 pkts/1988 bytes <-> 8 pkts/1439 bytes][Goodput ratio: 72/68][1.00 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.160 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 120/18 711/52 226/22][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 199/180 1184/891 336/270][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,34,16,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0] + 91 TCP 172.16.42.216:45662 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][10 pkts/1956 bytes <-> 8 pkts/1439 bytes][Goodput ratio: 71/68][1.02 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.152 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 125/16 711/63 224/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 196/180 1152/891 327/270][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,34,16,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0] + 92 TCP 172.16.42.216:45677 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][10 pkts/1988 bytes <-> 7 pkts/1379 bytes][Goodput ratio: 72/71][1.91 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.181 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 202/62 1313/148 421/64][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 199/197 1184/891 336/285][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,34,16,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0] + 93 TCP 172.16.42.216:45709 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][11 pkts/1849 bytes <-> 9 pkts/1227 bytes][Goodput ratio: 67/57][6.32 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.202 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/0 702/216 4375/1192 1340/437][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 168/136 752/619 205/173][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,28,14,0,0,0,0,28,0,0,0,0,0,0,0,0,0,14,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 94 TCP 172.16.42.216:49589 <-> 52.94.232.134:80 [proto: 7.110/HTTP.AmazonAlexa][IP: 265/AmazonAWS][ClearText][Confidence: DPI][cat: VirtAssistant/32][7 pkts/2390 bytes <-> 4 pkts/419 bytes][Goodput ratio: 83/44][1.98 sec][Hostname/SNI: alexa.amazon.com][bytes ratio: 0.702 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 383/224 1350/449 498/224][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 341/105 1050/237 448/76][URL: alexa.amazon.com/lib/bootstrap/img/glyphicons-halflings.png][StatusCode: 404][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][Risk: ** Error Code **][Risk Score: 10][Risk Info: HTTP Error Code 404][PLAIN TEXT (GET /lib/bootstrap/im)][Plen Bins: 0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 95 TCP 172.16.42.216:49572 <-> 52.94.232.134:80 [proto: 7.110/HTTP.AmazonAlexa][IP: 265/AmazonAWS][ClearText][Confidence: DPI][cat: VirtAssistant/32][6 pkts/1152 bytes <-> 4 pkts/1582 bytes][Goodput ratio: 70/85][1.16 sec][Hostname/SNI: alexa.amazon.com][bytes ratio: -0.157 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/15 232/42 901/70 336/28][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 192/396 862/1400 300/580][URL: alexa.amazon.com/manifest/pitangui.appcache][StatusCode: 200][Content-Type: text/cache-manifest][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36][PLAIN TEXT (GET /manifest/pitangui.appcache)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0] 96 TCP 172.16.42.216:49606 <-> 52.94.232.134:80 [proto: 7.110/HTTP.AmazonAlexa][IP: 265/AmazonAWS][ClearText][Confidence: DPI][cat: VirtAssistant/32][6 pkts/1124 bytes <-> 4 pkts/1582 bytes][Goodput ratio: 69/85][4.72 sec][Hostname/SNI: alexa.amazon.com][bytes ratio: -0.169 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/17 943/66 4438/116 1748/50][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 187/396 834/1400 289/580][URL: alexa.amazon.com/manifest/pitangui.appcache][StatusCode: 200][Content-Type: text/cache-manifest][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36][PLAIN TEXT (GET /manifest/pitangui.appcache)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0] @@ -141,11 +141,11 @@ JA3 Host Stats: 98 TCP 172.16.42.216:42878 <-> 173.194.223.188:5228 [proto: 91.239/TLS.GoogleServices][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][8 pkts/1484 bytes <-> 9 pkts/1103 bytes][Goodput ratio: 63/45][0.44 sec][Hostname/SNI: mtalk.google.com][bytes ratio: 0.147 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 46/36 119/119 39/43][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 186/123 583/205 193/57][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **][Risk Score: 60][Risk Info: No ALPN][TLSv1.2][JA3C: a5a59633017c3d696d2c69350e5fc004][JA3S: 9b1466fd60cadccb848e09c86e284265][Safari][Cipher: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256][Plen Bins: 12,12,0,38,12,0,0,0,0,0,0,12,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 99 TCP 172.16.42.216:58048 <-> 54.239.28.178:443 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][10 pkts/1320 bytes <-> 9 pkts/1259 bytes][Goodput ratio: 58/58][0.27 sec][bytes ratio: 0.024 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/23 69/70 31/32][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 132/140 544/651 147/183][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1][JA3C: f8f5b71e02603b283e55b50d17ede861][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,42,14,0,0,14,0,0,0,0,0,0,0,0,0,14,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 100 TCP 172.16.42.216:49630 <-> 52.94.232.134:80 [proto: 7.110/HTTP.AmazonAlexa][IP: 265/AmazonAWS][ClearText][Confidence: DPI][cat: VirtAssistant/32][6 pkts/1340 bytes <-> 4 pkts/419 bytes][Goodput ratio: 74/44][5.51 sec][Hostname/SNI: alexa.amazon.com][bytes ratio: 0.524 (Upload)][IAT c2s/s2c min/avg/max/stddev: 23/0 1100/138 4406/275 1672/138][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 223/105 1050/237 370/76][URL: alexa.amazon.com/lib/bootstrap/img/glyphicons-halflings.png][StatusCode: 404][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][Risk: ** Error Code **][Risk Score: 10][Risk Info: HTTP Error Code 404][PLAIN TEXT (GET /lib/bootstrap/im)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 101 TCP 172.16.42.216:45697 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][9 pkts/1043 bytes <-> 5 pkts/428 bytes][Goodput ratio: 51/32][4.57 sec][Hostname/SNI: pitangui.amazon.com][ALPN: h2;http/1.1][bytes ratio: 0.418 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 68/182 298/364 98/182][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 116/86 293/139 96/32][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,40,20,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 102 TCP 172.16.42.216:45683 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][9 pkts/804 bytes <-> 6 pkts/620 bytes][Goodput ratio: 37/44][1.83 sec][Hostname/SNI: pitangui.amazon.com][ALPN: h2;http/1.1][bytes ratio: 0.129 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 261/21 1643/62 565/29][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 89/103 293/192 74/49][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,40,20,0,20,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 103 TCP 172.16.42.216:45698 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][9 pkts/804 bytes <-> 6 pkts/620 bytes][Goodput ratio: 37/44][4.37 sec][Hostname/SNI: pitangui.amazon.com][ALPN: h2;http/1.1][bytes ratio: 0.129 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 624/21 4189/59 1456/27][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 89/103 293/192 74/49][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,40,20,0,20,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 104 TCP 172.16.42.216:45678 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][8 pkts/750 bytes <-> 6 pkts/488 bytes][Goodput ratio: 40/28][1.91 sec][Hostname/SNI: pitangui.amazon.com][ALPN: h2;http/1.1][bytes ratio: 0.212 (Upload)][IAT c2s/s2c min/avg/max/stddev: 3/0 48/38 103/102 37/45][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 94/81 293/139 78/31][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,50,25,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 105 TCP 172.16.42.216:45679 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][8 pkts/750 bytes <-> 5 pkts/428 bytes][Goodput ratio: 40/32][1.90 sec][Hostname/SNI: pitangui.amazon.com][ALPN: h2;http/1.1][bytes ratio: 0.273 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 44/87 101/159 37/66][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 94/86 293/139 78/32][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,50,25,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 101 TCP 172.16.42.216:45697 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][9 pkts/1043 bytes <-> 5 pkts/428 bytes][Goodput ratio: 51/32][4.57 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.418 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 68/182 298/364 98/182][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 116/86 293/139 96/32][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,40,20,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 102 TCP 172.16.42.216:45683 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][9 pkts/804 bytes <-> 6 pkts/620 bytes][Goodput ratio: 37/44][1.83 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.129 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 261/21 1643/62 565/29][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 89/103 293/192 74/49][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,40,20,0,20,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 103 TCP 172.16.42.216:45698 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][9 pkts/804 bytes <-> 6 pkts/620 bytes][Goodput ratio: 37/44][4.37 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.129 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 624/21 4189/59 1456/27][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 89/103 293/192 74/49][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,40,20,0,20,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 104 TCP 172.16.42.216:45678 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][8 pkts/750 bytes <-> 6 pkts/488 bytes][Goodput ratio: 40/28][1.91 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.212 (Upload)][IAT c2s/s2c min/avg/max/stddev: 3/0 48/38 103/102 37/45][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 94/81 293/139 78/31][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,50,25,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 105 TCP 172.16.42.216:45679 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][8 pkts/750 bytes <-> 5 pkts/428 bytes][Goodput ratio: 40/32][1.90 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.273 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 44/87 101/159 37/66][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 94/86 293/139 78/32][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,50,25,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 106 TCP 172.16.42.216:35540 <-> 172.217.9.142:80 [proto: 7.126/HTTP.Google][IP: 126/Google][ClearText][Confidence: DPI][cat: ConnCheck/30][4 pkts/460 bytes <-> 3 pkts/289 bytes][Goodput ratio: 41/29][0.09 sec][Hostname/SNI: connectivitycheck.android.com][bytes ratio: 0.228 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/0 30/24 45/48 20/24][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 115/96 254/149 80/37][URL: connectivitycheck.android.com/generate_204][StatusCode: 204][User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1.1; LGLS751 Build/LMY47V)][PLAIN TEXT (GET /generate)][Plen Bins: 0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 107 TCP 172.16.42.216:60246 <-> 172.217.9.142:80 [proto: 7.126/HTTP.Google][IP: 126/Google][ClearText][Confidence: DPI][cat: ConnCheck/30][4 pkts/460 bytes <-> 3 pkts/289 bytes][Goodput ratio: 41/29][0.14 sec][Hostname/SNI: connectivitycheck.android.com][bytes ratio: 0.228 (Upload)][IAT c2s/s2c min/avg/max/stddev: 3/8 45/48 94/89 37/40][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 115/96 254/149 80/37][URL: connectivitycheck.android.com/generate_204][StatusCode: 204][User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1.1; LGLS751 Build/LMY47V)][PLAIN TEXT (GET /generate)][Plen Bins: 0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 108 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/714 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][< 1 sec][Hostname/SNI: android-1c1335ec95a27318][DHCP Fingerprint: 1,33,3,6,15,26,28,51,58,59][DHCP Class Ident: dhcpcd-5.5.6][PLAIN TEXT (android)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/android.pcap.out b/tests/result/android.pcap.out index b81cbbf2c..a1237921c 100644 --- a/tests/result/android.pcap.out +++ b/tests/result/android.pcap.out @@ -18,7 +18,7 @@ Automa host: 65/61 (search/found) Automa domain: 65/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 5/0 (search/found) -Automa common alpns: 4/4 (search/found) +Automa common alpns: 20/20 (search/found) Patricia risk mask: 104/0 (search/found) Patricia risk: 2/0 (search/found) Patricia protocols: 89/29 (search/found) @@ -46,31 +46,31 @@ JA3 Host Stats: 1 192.168.2.16 8 - 1 TCP 192.168.2.16:32996 <-> 216.239.38.120:443 [proto: 91.126/TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][17 pkts/1949 bytes <-> 15 pkts/11826 bytes][Goodput ratio: 42/92][0.75 sec][Hostname/SNI: www.google.com][ALPN: http/1.1][bytes ratio: -0.717 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 56/27 386/221 108/60][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 115/788 578/1484 125/627][TLSv1.2][JA3C: 6ec2896feff5746955f700c0023f5804][ServerNames: www.google.com][JA3S: eca9b8f0f3eae50309eaf901cb822d9b][Issuer: C=US, O=Google Trust Services, CN=GTS CA 1O1][Subject: C=US, ST=California, L=Mountain View, O=Google LLC, CN=www.google.com][Certificate SHA-1: 32:07:6C:9F:96:7D:CE:82:15:C6:C5:7B:49:90:53:A1:CF:80:4F:B0][Safari][Validity: 2020-02-12 11:47:41 - 2020-05-06 11:47:41][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,13,6,0,0,6,0,0,0,6,6,0,0,0,0,0,6,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,6,0,35,0,0,0] - 2 TCP 192.168.2.16:33002 <-> 216.239.38.120:443 [proto: 91.126/TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][15 pkts/2371 bytes <-> 15 pkts/6005 bytes][Goodput ratio: 58/83][0.35 sec][Hostname/SNI: accounts.google.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.434 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 24/10 184/48 49/16][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 158/400 670/1484 186/477][TLSv1.3][JA3C: 66918128f1b9b03303d77c6f2eefd128][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 11,18,18,0,0,0,11,0,5,0,0,0,0,0,0,0,5,0,11,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0] - 3 TCP 192.168.2.16:32990 <-> 216.239.38.120:443 [proto: 91.228/TLS.PlayStore][IP: 126/Google][Encrypted][Confidence: DPI][cat: SoftwareUpdate/19][11 pkts/2272 bytes <-> 10 pkts/5932 bytes][Goodput ratio: 68/89][0.35 sec][Hostname/SNI: android.clients.google.com][bytes ratio: -0.446 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 44/23 128/77 45/30][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 207/593 1023/1484 297/582][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.3][JA3C: 9c815150ea821166faecf80757d8826a][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Safari][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 11,0,11,0,0,0,0,0,0,0,0,0,0,11,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,11,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0] - 4 TCP 192.168.2.16:32986 <-> 216.239.38.120:443 [proto: 91.228/TLS.PlayStore][IP: 126/Google][Encrypted][Confidence: DPI][cat: SoftwareUpdate/19][11 pkts/2233 bytes <-> 10 pkts/5793 bytes][Goodput ratio: 67/88][0.49 sec][Hostname/SNI: android.clients.google.com][bytes ratio: -0.444 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 60/39 185/181 63/59][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 203/579 984/1484 287/585][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.3][JA3C: 9c815150ea821166faecf80757d8826a][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Safari][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 11,0,11,0,0,0,0,0,11,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,11,11,0,0,11,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0] - 5 TCP 192.168.2.16:51928 <-> 172.217.21.202:443 [proto: 91.46/TLS.DataSaver][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][14 pkts/2051 bytes <-> 13 pkts/5408 bytes][Goodput ratio: 55/84][0.35 sec][Hostname/SNI: datasaver.googleapis.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.450 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 24/14 132/77 37/24][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 146/416 583/1484 145/494][TLSv1.3][JA3C: 66918128f1b9b03303d77c6f2eefd128][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 13,13,21,0,0,0,0,6,0,6,6,0,0,0,0,6,6,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0] + 1 TCP 192.168.2.16:32996 <-> 216.239.38.120:443 [proto: 91.126/TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][17 pkts/1949 bytes <-> 15 pkts/11826 bytes][Goodput ratio: 42/92][0.75 sec][Hostname/SNI: www.google.com][(Advertised) ALPNs: http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.717 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 56/27 386/221 108/60][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 115/788 578/1484 125/627][TLSv1.2][JA3C: 6ec2896feff5746955f700c0023f5804][ServerNames: www.google.com][JA3S: eca9b8f0f3eae50309eaf901cb822d9b][Issuer: C=US, O=Google Trust Services, CN=GTS CA 1O1][Subject: C=US, ST=California, L=Mountain View, O=Google LLC, CN=www.google.com][Certificate SHA-1: 32:07:6C:9F:96:7D:CE:82:15:C6:C5:7B:49:90:53:A1:CF:80:4F:B0][Safari][Validity: 2020-02-12 11:47:41 - 2020-05-06 11:47:41][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,13,6,0,0,6,0,0,0,6,6,0,0,0,0,0,6,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,6,0,35,0,0,0] + 2 TCP 192.168.2.16:33002 <-> 216.239.38.120:443 [proto: 91.126/TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][15 pkts/2371 bytes <-> 15 pkts/6005 bytes][Goodput ratio: 58/83][0.35 sec][Hostname/SNI: accounts.google.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.434 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 24/10 184/48 49/16][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 158/400 670/1484 186/477][TLSv1.3][JA3C: 66918128f1b9b03303d77c6f2eefd128][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 11,18,18,0,0,0,11,0,5,0,0,0,0,0,0,0,5,0,11,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0] + 3 TCP 192.168.2.16:32990 <-> 216.239.38.120:443 [proto: 91.228/TLS.PlayStore][IP: 126/Google][Encrypted][Confidence: DPI][cat: SoftwareUpdate/19][11 pkts/2272 bytes <-> 10 pkts/5932 bytes][Goodput ratio: 68/89][0.35 sec][Hostname/SNI: android.clients.google.com][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.446 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 44/23 128/77 45/30][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 207/593 1023/1484 297/582][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.3][JA3C: 9c815150ea821166faecf80757d8826a][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Safari][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 11,0,11,0,0,0,0,0,0,0,0,0,0,11,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,11,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0] + 4 TCP 192.168.2.16:32986 <-> 216.239.38.120:443 [proto: 91.228/TLS.PlayStore][IP: 126/Google][Encrypted][Confidence: DPI][cat: SoftwareUpdate/19][11 pkts/2233 bytes <-> 10 pkts/5793 bytes][Goodput ratio: 67/88][0.49 sec][Hostname/SNI: android.clients.google.com][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.444 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 60/39 185/181 63/59][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 203/579 984/1484 287/585][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.3][JA3C: 9c815150ea821166faecf80757d8826a][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Safari][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 11,0,11,0,0,0,0,0,11,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,11,11,0,0,11,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0] + 5 TCP 192.168.2.16:51928 <-> 172.217.21.202:443 [proto: 91.46/TLS.DataSaver][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][14 pkts/2051 bytes <-> 13 pkts/5408 bytes][Goodput ratio: 55/84][0.35 sec][Hostname/SNI: datasaver.googleapis.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.450 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 24/14 132/77 37/24][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 146/416 583/1484 145/494][TLSv1.3][JA3C: 66918128f1b9b03303d77c6f2eefd128][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 13,13,21,0,0,0,0,6,0,6,6,0,0,0,0,6,6,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0] 6 TCP 192.168.2.16:32974 <-> 216.239.38.120:443 [proto: 91.126/TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][13 pkts/1439 bytes <-> 10 pkts/5592 bytes][Goodput ratio: 40/88][0.52 sec][Hostname/SNI: clients1.google.com][bytes ratio: -0.591 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 48/34 202/137 60/48][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 111/559 380/1484 92/576][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: c60d01d600aacc2c04844595ce224279][ServerNames: *.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.crowdsource.google.com,*.g.co,*.gcp.gvt2.com,*.gcpcdn.gvt1.com,*.ggpht.cn,*.gkecnapps.cn,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecnapps.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gstaticcnapps.cn,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.wear.gkecnapps.cn,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.youtubekids.com,*.yt.be,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,developers.android.google.cn,g.co,ggpht.cn,gkecnapps.cn,goo.gl,google-analytics.com,google.com,googlecnapps.cn,googlecommerce.com,source.android.google.cn,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com,youtubekids.com,yt.be][JA3S: b31c0b82752ea0e2c48b8ce46e9263e5][Issuer: C=US, O=Google Trust Services, CN=GTS CA 1O1][Subject: C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google.com][Certificate SHA-1: 80:50:28:F4:84:F5:C4:C6:41:DE:75:67:38:C4:A6:E2:59:FF:75:42][Safari][Validity: 2020-02-12 11:47:11 - 2020-05-06 11:47:11][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,11,11,0,0,11,11,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0] - 7 TCP 192.168.2.16:50384 <-> 172.217.168.206:443 [proto: 91.126/TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][11 pkts/1365 bytes <-> 9 pkts/5365 bytes][Goodput ratio: 45/89][2.49 sec][Hostname/SNI: app-measurement.com][ALPN: http/1.1][bytes ratio: -0.594 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 277/69 1716/301 516/102][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 124/596 407/1484 105/544][TLSv1.2][JA3C: 6ec2896feff5746955f700c0023f5804][ServerNames: *.google-analytics.com,*.fps.goog,app-measurement.com,fps.goog,google-analytics.com,googleoptimize.com,googletagmanager.com,service.urchin.com,ssl.google-analytics.com,urchin.com,www.google-analytics.com,www.googleoptimize.com,www.googletagmanager.com][JA3S: 9d9ce860f1b1cbef07b019450cb368d8][Issuer: C=US, O=Google Trust Services, CN=GTS CA 1O1][Subject: C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google-analytics.com][Certificate SHA-1: B0:D9:D3:57:C2:34:87:2C:FB:F5:E6:BD:7F:9F:54:65:08:61:AF:01][Safari][Validity: 2020-02-12 11:37:03 - 2020-05-06 11:37:03][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,11,0,0,11,0,0,0,11,11,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0] - 8 TCP 192.168.2.16:52486 <-> 172.217.20.74:443 [proto: 91.239/TLS.GoogleServices][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][12 pkts/1298 bytes <-> 10 pkts/5186 bytes][Goodput ratio: 38/87][1.75 sec][Hostname/SNI: play.googleapis.com][ALPN: http/1.1][bytes ratio: -0.600 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 194/37 1374/212 422/70][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 108/519 286/1484 76/570][TLSv1.2][JA3C: d8c87b9bfde38897979e41242626c2f3][ServerNames: *.storage.googleapis.com,*.appspot.com.storage.googleapis.com,*.commondatastorage.googleapis.com,*.content-storage-download.googleapis.com,*.content-storage-upload.googleapis.com,*.content-storage.googleapis.com,*.googleapis.com,*.storage-download.googleapis.com,*.storage-upload.googleapis.com,*.storage.select.googleapis.com,commondatastorage.googleapis.com,storage.googleapis.com,storage.select.googleapis.com,unfiltered.news][JA3S: eca9b8f0f3eae50309eaf901cb822d9b][Issuer: C=US, O=Google Trust Services, CN=GTS CA 1O1][Subject: C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.storage.googleapis.com][Certificate SHA-1: BA:BA:BA:55:69:9F:E0:BD:48:80:23:A4:B3:AD:C1:FF:EA:4E:17:C9][Safari][Validity: 2020-02-12 11:45:22 - 2020-05-06 11:45:22][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,10,10,0,20,10,10,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,20,0,0,0] - 9 TCP 192.168.2.16:32988 <-> 216.239.38.120:443 [proto: 91.228/TLS.PlayStore][IP: 126/Google][Encrypted][Confidence: DPI][cat: SoftwareUpdate/19][8 pkts/2089 bytes <-> 7 pkts/4242 bytes][Goodput ratio: 74/89][0.97 sec][Hostname/SNI: android.clients.google.com][bytes ratio: -0.340 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 158/80 530/246 186/98][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 261/606 1038/1484 338/639][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.3][JA3C: 9c815150ea821166faecf80757d8826a][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Safari][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0] - 10 TCP 192.168.2.16:36888 <-> 172.217.18.3:443 [proto: 91.126/TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][cat: ConnCheck/30][9 pkts/1175 bytes <-> 7 pkts/4762 bytes][Goodput ratio: 47/90][1.62 sec][Hostname/SNI: connectivitycheck.gstatic.com][ALPN: http/1.1][bytes ratio: -0.604 (Download)][IAT c2s/s2c min/avg/max/stddev: 27/28 203/104 522/277 176/93][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 131/680 327/1484 93/575][TLSv1.2][JA3C: d8c87b9bfde38897979e41242626c2f3][Safari][Plen Bins: 0,0,12,0,0,0,12,0,12,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0] - 11 TCP 192.168.2.16:36890 <-> 172.217.18.3:443 [proto: 91.126/TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][cat: ConnCheck/30][9 pkts/1151 bytes <-> 7 pkts/4762 bytes][Goodput ratio: 48/90][0.84 sec][Hostname/SNI: connectivitycheck.gstatic.com][ALPN: http/1.1][bytes ratio: -0.611 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 120/15 647/36 217/16][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 128/680 327/1484 95/575][TLSv1.2][JA3C: d8c87b9bfde38897979e41242626c2f3][ServerNames: *.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.crowdsource.google.com,*.g.co,*.gcp.gvt2.com,*.gcpcdn.gvt1.com,*.ggpht.cn,*.gkecnapps.cn,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecnapps.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gstaticcnapps.cn,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.wear.gkecnapps.cn,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.youtubekids.com,*.yt.be,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,developers.android.google.cn,g.co,ggpht.cn,gkecnapps.cn,goo.gl,google-analytics.com,google.com,googlecnapps.cn,googlecommerce.com,source.android.google.cn,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com,youtubekids.com,yt.be][JA3S: eca9b8f0f3eae50309eaf901cb822d9b][Issuer: C=US, O=Google Trust Services, CN=GTS CA 1O1][Subject: C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google.com][Certificate SHA-1: 80:50:28:F4:84:F5:C4:C6:41:DE:75:67:38:C4:A6:E2:59:FF:75:42][Safari][Validity: 2020-02-12 11:47:11 - 2020-05-06 11:47:11][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,12,0,0,0,12,0,12,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0] - 12 TCP 192.168.2.16:33014 <-> 216.239.38.120:443 [proto: 91.126/TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][11 pkts/1877 bytes <-> 7 pkts/3708 bytes][Goodput ratio: 61/87][0.20 sec][Hostname/SNI: www.google.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.328 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 21/11 96/40 29/16][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 171/530 583/1484 180/574][TLSv1.3][JA3C: 66918128f1b9b03303d77c6f2eefd128][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 22,0,22,0,0,0,0,0,0,0,0,0,0,11,0,0,11,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,11,0,0,0] - 13 TCP 192.168.2.16:51944 <-> 172.217.21.202:443 [proto: 91.46/TLS.DataSaver][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][12 pkts/2171 bytes <-> 12 pkts/2705 bytes][Goodput ratio: 63/70][0.20 sec][Hostname/SNI: datasaver.googleapis.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.110 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/11 39/64 15/19][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 181/225 660/646 208/202][TLSv1.3][JA3C: 554719594ba90b02ae410c297c6e50ad][JA3S: 2b0648ab686ee45e0e7c35fcfb0eea7e][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 15,15,15,0,0,0,15,0,0,0,7,0,0,0,0,7,0,7,15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 14 TCP 192.168.2.16:43646 <-> 172.217.20.76:443 [proto: 91.46/TLS.DataSaver][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][8 pkts/1053 bytes <-> 6 pkts/3460 bytes][Goodput ratio: 49/88][0.20 sec][Hostname/SNI: proxy.googlezip.net][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.533 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/16 51/61 18/26][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 132/577 583/1484 171/646][TLSv1.3][JA3C: 66918128f1b9b03303d77c6f2eefd128][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] - 15 TCP 192.168.2.16:43634 <-> 172.217.20.76:443 [proto: 91.46/TLS.DataSaver][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][8 pkts/1005 bytes <-> 6 pkts/3460 bytes][Goodput ratio: 51/88][0.11 sec][Hostname/SNI: proxy.googlezip.net][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.550 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/16 39/61 13/26][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 126/577 583/1484 173/646][TLSv1.3][JA3C: 66918128f1b9b03303d77c6f2eefd128][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] - 16 TCP 192.168.2.16:32998 <-> 216.239.38.120:443 [proto: 91.126/TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][8 pkts/1005 bytes <-> 6 pkts/3449 bytes][Goodput ratio: 51/88][0.05 sec][Hostname/SNI: accounts.google.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.549 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/9 20/17 8/8][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 126/575 583/1484 173/647][TLSv1.3][JA3C: 66918128f1b9b03303d77c6f2eefd128][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] + 7 TCP 192.168.2.16:50384 <-> 172.217.168.206:443 [proto: 91.126/TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][11 pkts/1365 bytes <-> 9 pkts/5365 bytes][Goodput ratio: 45/89][2.49 sec][Hostname/SNI: app-measurement.com][(Advertised) ALPNs: http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.594 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 277/69 1716/301 516/102][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 124/596 407/1484 105/544][TLSv1.2][JA3C: 6ec2896feff5746955f700c0023f5804][ServerNames: *.google-analytics.com,*.fps.goog,app-measurement.com,fps.goog,google-analytics.com,googleoptimize.com,googletagmanager.com,service.urchin.com,ssl.google-analytics.com,urchin.com,www.google-analytics.com,www.googleoptimize.com,www.googletagmanager.com][JA3S: 9d9ce860f1b1cbef07b019450cb368d8][Issuer: C=US, O=Google Trust Services, CN=GTS CA 1O1][Subject: C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google-analytics.com][Certificate SHA-1: B0:D9:D3:57:C2:34:87:2C:FB:F5:E6:BD:7F:9F:54:65:08:61:AF:01][Safari][Validity: 2020-02-12 11:37:03 - 2020-05-06 11:37:03][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,11,0,0,11,0,0,0,11,11,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0] + 8 TCP 192.168.2.16:52486 <-> 172.217.20.74:443 [proto: 91.239/TLS.GoogleServices][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][12 pkts/1298 bytes <-> 10 pkts/5186 bytes][Goodput ratio: 38/87][1.75 sec][Hostname/SNI: play.googleapis.com][(Advertised) ALPNs: http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.600 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 194/37 1374/212 422/70][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 108/519 286/1484 76/570][TLSv1.2][JA3C: d8c87b9bfde38897979e41242626c2f3][ServerNames: *.storage.googleapis.com,*.appspot.com.storage.googleapis.com,*.commondatastorage.googleapis.com,*.content-storage-download.googleapis.com,*.content-storage-upload.googleapis.com,*.content-storage.googleapis.com,*.googleapis.com,*.storage-download.googleapis.com,*.storage-upload.googleapis.com,*.storage.select.googleapis.com,commondatastorage.googleapis.com,storage.googleapis.com,storage.select.googleapis.com,unfiltered.news][JA3S: eca9b8f0f3eae50309eaf901cb822d9b][Issuer: C=US, O=Google Trust Services, CN=GTS CA 1O1][Subject: C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.storage.googleapis.com][Certificate SHA-1: BA:BA:BA:55:69:9F:E0:BD:48:80:23:A4:B3:AD:C1:FF:EA:4E:17:C9][Safari][Validity: 2020-02-12 11:45:22 - 2020-05-06 11:45:22][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,10,10,0,20,10,10,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,20,0,0,0] + 9 TCP 192.168.2.16:32988 <-> 216.239.38.120:443 [proto: 91.228/TLS.PlayStore][IP: 126/Google][Encrypted][Confidence: DPI][cat: SoftwareUpdate/19][8 pkts/2089 bytes <-> 7 pkts/4242 bytes][Goodput ratio: 74/89][0.97 sec][Hostname/SNI: android.clients.google.com][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.340 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 158/80 530/246 186/98][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 261/606 1038/1484 338/639][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.3][JA3C: 9c815150ea821166faecf80757d8826a][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Safari][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0] + 10 TCP 192.168.2.16:36888 <-> 172.217.18.3:443 [proto: 91.126/TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][cat: ConnCheck/30][9 pkts/1175 bytes <-> 7 pkts/4762 bytes][Goodput ratio: 47/90][1.62 sec][Hostname/SNI: connectivitycheck.gstatic.com][(Advertised) ALPNs: http/1.1][bytes ratio: -0.604 (Download)][IAT c2s/s2c min/avg/max/stddev: 27/28 203/104 522/277 176/93][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 131/680 327/1484 93/575][TLSv1.2][JA3C: d8c87b9bfde38897979e41242626c2f3][Safari][Plen Bins: 0,0,12,0,0,0,12,0,12,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0] + 11 TCP 192.168.2.16:36890 <-> 172.217.18.3:443 [proto: 91.126/TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][cat: ConnCheck/30][9 pkts/1151 bytes <-> 7 pkts/4762 bytes][Goodput ratio: 48/90][0.84 sec][Hostname/SNI: connectivitycheck.gstatic.com][(Advertised) ALPNs: http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.611 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 120/15 647/36 217/16][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 128/680 327/1484 95/575][TLSv1.2][JA3C: d8c87b9bfde38897979e41242626c2f3][ServerNames: *.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.crowdsource.google.com,*.g.co,*.gcp.gvt2.com,*.gcpcdn.gvt1.com,*.ggpht.cn,*.gkecnapps.cn,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecnapps.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gstaticcnapps.cn,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.wear.gkecnapps.cn,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.youtubekids.com,*.yt.be,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,developers.android.google.cn,g.co,ggpht.cn,gkecnapps.cn,goo.gl,google-analytics.com,google.com,googlecnapps.cn,googlecommerce.com,source.android.google.cn,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com,youtubekids.com,yt.be][JA3S: eca9b8f0f3eae50309eaf901cb822d9b][Issuer: C=US, O=Google Trust Services, CN=GTS CA 1O1][Subject: C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google.com][Certificate SHA-1: 80:50:28:F4:84:F5:C4:C6:41:DE:75:67:38:C4:A6:E2:59:FF:75:42][Safari][Validity: 2020-02-12 11:47:11 - 2020-05-06 11:47:11][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,12,0,0,0,12,0,12,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0] + 12 TCP 192.168.2.16:33014 <-> 216.239.38.120:443 [proto: 91.126/TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][11 pkts/1877 bytes <-> 7 pkts/3708 bytes][Goodput ratio: 61/87][0.20 sec][Hostname/SNI: www.google.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.328 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 21/11 96/40 29/16][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 171/530 583/1484 180/574][TLSv1.3][JA3C: 66918128f1b9b03303d77c6f2eefd128][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 22,0,22,0,0,0,0,0,0,0,0,0,0,11,0,0,11,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,11,0,0,0] + 13 TCP 192.168.2.16:51944 <-> 172.217.21.202:443 [proto: 91.46/TLS.DataSaver][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][12 pkts/2171 bytes <-> 12 pkts/2705 bytes][Goodput ratio: 63/70][0.20 sec][Hostname/SNI: datasaver.googleapis.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.110 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/11 39/64 15/19][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 181/225 660/646 208/202][TLSv1.3][JA3C: 554719594ba90b02ae410c297c6e50ad][JA3S: 2b0648ab686ee45e0e7c35fcfb0eea7e][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 15,15,15,0,0,0,15,0,0,0,7,0,0,0,0,7,0,7,15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 14 TCP 192.168.2.16:43646 <-> 172.217.20.76:443 [proto: 91.46/TLS.DataSaver][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][8 pkts/1053 bytes <-> 6 pkts/3460 bytes][Goodput ratio: 49/88][0.20 sec][Hostname/SNI: proxy.googlezip.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.533 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/16 51/61 18/26][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 132/577 583/1484 171/646][TLSv1.3][JA3C: 66918128f1b9b03303d77c6f2eefd128][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] + 15 TCP 192.168.2.16:43634 <-> 172.217.20.76:443 [proto: 91.46/TLS.DataSaver][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][8 pkts/1005 bytes <-> 6 pkts/3460 bytes][Goodput ratio: 51/88][0.11 sec][Hostname/SNI: proxy.googlezip.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.550 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/16 39/61 13/26][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 126/577 583/1484 173/646][TLSv1.3][JA3C: 66918128f1b9b03303d77c6f2eefd128][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] + 16 TCP 192.168.2.16:32998 <-> 216.239.38.120:443 [proto: 91.126/TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][8 pkts/1005 bytes <-> 6 pkts/3449 bytes][Goodput ratio: 51/88][0.05 sec][Hostname/SNI: accounts.google.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.549 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/9 20/17 8/8][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 126/575 583/1484 173/647][TLSv1.3][JA3C: 66918128f1b9b03303d77c6f2eefd128][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] 17 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][12 pkts/4088 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][82.22 sec][Hostname/SNI: lucas-imac][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 130/0 6001/0 8764/0 3124/0][Pkt Len c2s/s2c min/avg/max/stddev: 328/0 341/0 342/0 4/0][DHCP Fingerprint: 1,121,3,6,15,119,252,95,44,46][PLAIN TEXT (android)][Plen Bins: 0,0,0,0,0,0,0,0,8,91,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 18 TCP 192.168.2.16:36834 <-> 173.194.79.114:80 [proto: 7.46/HTTP.DataSaver][IP: 126/Google][ClearText][Confidence: DPI][cat: Web/5][8 pkts/1130 bytes <-> 5 pkts/1254 bytes][Goodput ratio: 53/73][0.30 sec][Hostname/SNI: check.googlezip.net][bytes ratio: -0.052 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/1 41/59 105/141 31/59][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 141/251 363/524 128/223][URL: check.googlezip.net/connect][StatusCode: 200][Content-Type: text/html][User-Agent: Mozilla/5.0 (Linux; Android 9; Nokia 2.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.93 Mobile Safari/537.36][PLAIN TEXT (GET /connect HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 19 TCP 192.168.2.16:44374 <-> 172.217.22.10:443 [proto: 91.239/TLS.GoogleServices][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][3 pkts/723 bytes <-> 3 pkts/1624 bytes][Goodput ratio: 71/87][0.10 sec][Hostname/SNI: android.googleapis.com][bytes ratio: -0.384 (Download)][IAT c2s/s2c min/avg/max/stddev: 26/9 33/38 40/66 7/28][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 241/541 583/1484 242/667][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.3][JA3C: 629b587f706aee60430ec3879c6edb66][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Safari][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] + 19 TCP 192.168.2.16:44374 <-> 172.217.22.10:443 [proto: 91.239/TLS.GoogleServices][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][3 pkts/723 bytes <-> 3 pkts/1624 bytes][Goodput ratio: 71/87][0.10 sec][Hostname/SNI: android.googleapis.com][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.384 (Download)][IAT c2s/s2c min/avg/max/stddev: 26/9 33/38 40/66 7/28][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 241/541 583/1484 242/667][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.3][JA3C: 629b587f706aee60430ec3879c6edb66][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Safari][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] 20 TCP 192.168.2.16:58338 <-> 17.253.53.201:80 [proto: 7.140/HTTP.Apple][IP: 140/Apple][ClearText][Confidence: DPI][cat: ConnCheck/30][6 pkts/607 bytes <-> 5 pkts/1053 bytes][Goodput ratio: 33/68][0.16 sec][Hostname/SNI: captive.apple.com][bytes ratio: -0.269 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/0 25/23 42/46 15/23][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 101/211 269/781 75/285][URL: captive.apple.com/][StatusCode: 200][Content-Type: text/html][User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.32 Safari/537.36][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 21 UDP 192.168.2.1:17500 -> 192.168.2.255:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Cloud/13][3 pkts/1656 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][60.10 sec][PLAIN TEXT (version)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 22 TCP 192.168.2.16:36848 <-> 173.194.79.114:80 [proto: 7.46/HTTP.DataSaver][IP: 126/Google][ClearText][Confidence: DPI][cat: Web/5][4 pkts/569 bytes <-> 3 pkts/664 bytes][Goodput ratio: 52/69][0.11 sec][Hostname/SNI: check.googlezip.net][bytes ratio: -0.077 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 31/1 37/36 41/72 4/36][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 142/221 363/524 127/214][URL: check.googlezip.net/connect][StatusCode: 200][Content-Type: text/html][User-Agent: Mozilla/5.0 (Linux; Android 9; Nokia 2.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.93 Mobile Safari/537.36][PLAIN TEXT (GET /connect HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 23 TCP 17.248.176.75:443 -> 192.168.2.17:50580 [proto: 91/TLS][IP: 140/Apple][Encrypted][Confidence: DPI][cat: Web/5][8 pkts/1067 bytes -> 0 pkts/0 bytes][Goodput ratio: 50/0][18.90 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 294/0 2700/0 9727/0 3229/0][Pkt Len c2s/s2c min/avg/max/stddev: 97/0 133/0 143/0 17/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 12,12,75,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 24 TCP 17.248.176.75:443 -> 192.168.2.17:50584 [proto: 91/TLS][IP: 140/Apple][Encrypted][Confidence: DPI][cat: Web/5][8 pkts/1067 bytes -> 0 pkts/0 bytes][Goodput ratio: 50/0][19.37 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 300/0 2767/0 9727/0 3262/0][Pkt Len c2s/s2c min/avg/max/stddev: 97/0 133/0 143/0 17/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 12,12,75,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 25 TCP 192.168.2.16:52514 <-> 172.217.20.74:443 [proto: 91.239/TLS.GoogleServices][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][3 pkts/723 bytes <-> 1 pkts/74 bytes][Goodput ratio: 71/0][0.27 sec][Hostname/SNI: semanticlocation-pa.googleapis.com][ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][TLSv1.2][JA3C: 33490b1d5377580b19f7f9b5849d7991][Safari][PLAIN TEXT (semanticlocation)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 25 TCP 192.168.2.16:52514 <-> 172.217.20.74:443 [proto: 91.239/TLS.GoogleServices][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][3 pkts/723 bytes <-> 1 pkts/74 bytes][Goodput ratio: 71/0][0.27 sec][Hostname/SNI: semanticlocation-pa.googleapis.com][(Advertised) ALPNs: h2][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][TLSv1.2][JA3C: 33490b1d5377580b19f7f9b5849d7991][Safari][PLAIN TEXT (semanticlocation)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 26 UDP 192.168.2.1:67 -> 192.168.2.16:68 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/684 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][0.13 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][PLAIN TEXT (iMac.local)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 27 TCP 17.248.185.10:443 -> 192.168.2.17:50702 [proto: 91/TLS][IP: 140/Apple][Encrypted][Confidence: DPI][cat: Web/5][7 pkts/648 bytes -> 0 pkts/0 bytes][Goodput ratio: 29/0][13.42 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 427/0 2236/0 6975/0 2385/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 93/0 97/0 11/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 28 UDP 192.168.2.16:52953 <-> 192.168.2.1:53 [proto: 5.140/DNS.Apple][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/77 bytes <-> 1 pkts/221 bytes][Goodput ratio: 45/81][0.04 sec][Hostname/SNI: captive.apple.com][17.253.53.201][PLAIN TEXT (captive)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/anyconnect-vpn.pcap.out b/tests/result/anyconnect-vpn.pcap.out index b0fb26dd5..af60ebef6 100644 --- a/tests/result/anyconnect-vpn.pcap.out +++ b/tests/result/anyconnect-vpn.pcap.out @@ -18,7 +18,7 @@ Automa host: 70/13 (search/found) Automa domain: 69/0 (search/found) Automa tls cert: 4/0 (search/found) Automa risk mask: 10/0 (search/found) -Automa common alpns: 2/2 (search/found) +Automa common alpns: 4/4 (search/found) Patricia risk mask: 116/0 (search/found) Patricia risk: 0/0 (search/found) Patricia protocols: 133/7 (search/found) @@ -48,10 +48,10 @@ JA3 Host Stats: 1 UDP 10.0.0.227:54107 <-> 8.37.102.91:443 [proto: 30/DTLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1413 pkts/395331 bytes <-> 1028 pkts/497166 bytes][Goodput ratio: 85/91][20.52 sec][bytes ratio: -0.114 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/13 669/953 35/48][Pkt Len c2s/s2c min/avg/max/stddev: 135/90 280/484 1511/1511 283/514][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLS (0100)][TLS (0100)][JA3C: ee2a8029d94a1e0f64493aac044a9a9e][JA3S: cee68a158056f16c2d1b274dde4e2ec3][Cipher: TLS_DHE_RSA_WITH_AES_256_CBC_SHA][PLAIN TEXT (m@GOC.)][Plen Bins: 0,0,10,45,17,5,7,1,1,2,0,1,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0] 2 TCP 10.0.0.227:56929 <-> 8.37.102.91:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][48 pkts/9073 bytes <-> 44 pkts/18703 bytes][Goodput ratio: 65/84][21.89 sec][bytes ratio: -0.347 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/11 97/138 21/26][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 189/425 1514/1514 246/579][Risk: ** Weak TLS Cipher **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 160][Risk Info: No ALPN / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TLSv1.2][JA3C: c9f0b47c9805f516e6d3900cb51f7841][ServerNames: *.pandion.viasat.com,pandion.viasat.com][JA3S: 82f0d8a75fa483d1cfe4b7085b784d7e (WEAK)][Issuer: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K][Subject: C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com][Certificate SHA-1: 92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA][Firefox][Validity: 2019-02-05 21:43:58 - 2021-02-05 22:13:57][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,4,2,21,31,0,2,6,4,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,2,0,0,0,0,0,0,0,0,0,0,21,0,0] - 3 TCP 10.0.0.227:56919 <-> 8.37.102.91:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][28 pkts/9088 bytes <-> 26 pkts/16944 bytes][Goodput ratio: 80/90][23.14 sec][ALPN: http/1.1][bytes ratio: -0.302 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1048/487 11570/9008 2987/2009][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 325/652 1514/1514 494/646][Risk: ** Weak TLS Cipher **** Missing SNI TLS Extn **][Risk Score: 150][Risk Info: Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TLSv1.2][JA3C: 9f1a41f932f274fe47a992310a26a23a][ServerNames: *.pandion.viasat.com,pandion.viasat.com][JA3S: 82f0d8a75fa483d1cfe4b7085b784d7e (WEAK)][Issuer: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K][Subject: C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com][Certificate SHA-1: 92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA][Firefox][Validity: 2019-02-05 21:43:58 - 2021-02-05 22:13:57][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,12,4,0,0,4,0,0,0,8,0,0,0,0,0,0,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,8,4,0,0,0,4,0,4,0,16,0,25,0,0] + 3 TCP 10.0.0.227:56919 <-> 8.37.102.91:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][28 pkts/9088 bytes <-> 26 pkts/16944 bytes][Goodput ratio: 80/90][23.14 sec][(Advertised) ALPNs: http/1.1][bytes ratio: -0.302 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1048/487 11570/9008 2987/2009][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 325/652 1514/1514 494/646][Risk: ** Weak TLS Cipher **** Missing SNI TLS Extn **][Risk Score: 150][Risk Info: Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TLSv1.2][JA3C: 9f1a41f932f274fe47a992310a26a23a][ServerNames: *.pandion.viasat.com,pandion.viasat.com][JA3S: 82f0d8a75fa483d1cfe4b7085b784d7e (WEAK)][Issuer: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K][Subject: C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com][Certificate SHA-1: 92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA][Firefox][Validity: 2019-02-05 21:43:58 - 2021-02-05 22:13:57][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,12,4,0,0,4,0,0,0,8,0,0,0,0,0,0,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,8,4,0,0,0,4,0,4,0,16,0,25,0,0] 4 TCP 10.0.0.227:56921 <-> 8.37.96.194:4287 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][29 pkts/5373 bytes <-> 28 pkts/7580 bytes][Goodput ratio: 64/75][2.30 sec][bytes ratio: -0.170 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 91/63 593/619 145/135][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 185/271 1261/1434 259/387][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **** TLS Cert About To Expire **][Risk Score: 160][Risk Info: No ALPN / 29/Aug/2019 00:12:40 - 08/Oct/2019 00:12:40][TLSv1.2][JA3C: e3adec914f3893f18136762f1c0d7d81][JA3S: e54965894d6b45ecb4323c7ea3d6c115][Issuer: CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US][Subject: CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US][Certificate SHA-1: 86:2A:47:EF:00:68:79:60:7F:94:E2:91:6F:E0:38:82:37:8A:8E:2E][Firefox][Validity: 2019-08-29 00:12:40 - 2019-10-08 00:12:40][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,44,3,3,3,3,3,0,3,3,3,0,3,7,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,3,0,3,0,0,0,0,0] - 5 TCP 10.0.0.227:56918 <-> 8.37.102.91:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][16 pkts/2739 bytes <-> 14 pkts/7315 bytes][Goodput ratio: 61/87][0.35 sec][ALPN: http/1.1][bytes ratio: -0.455 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 23/26 48/88 21/29][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 171/522 1175/1514 274/624][Risk: ** Weak TLS Cipher **** Missing SNI TLS Extn **][Risk Score: 150][Risk Info: Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TLSv1.2][JA3C: 9f1a41f932f274fe47a992310a26a23a][ServerNames: *.pandion.viasat.com,pandion.viasat.com][JA3S: 82f0d8a75fa483d1cfe4b7085b784d7e (WEAK)][Issuer: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K][Subject: C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com][Certificate SHA-1: 92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA][Firefox][Validity: 2019-02-05 21:43:58 - 2021-02-05 22:13:57][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,16,8,0,0,8,0,8,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,8,0,25,0,0] - 6 TCP 10.0.0.227:56920 <-> 99.86.34.156:443 [proto: 91.118/TLS.Slack][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Collaborative/15][16 pkts/2949 bytes <-> 11 pkts/1876 bytes][Goodput ratio: 64/61][11.47 sec][Hostname/SNI: slack.com][ALPN: h2;http/1.1][bytes ratio: 0.222 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 866/28 11074/80 2947/34][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 184/171 853/487 228/155][TLSv1.2][JA3C: d8dc5f8940df366b3a58b935569143e8][JA3S: 7bee5c1d424b7e5f943b06983bb11422][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,34,16,0,8,0,0,0,0,0,0,0,8,16,0,0,8,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 5 TCP 10.0.0.227:56918 <-> 8.37.102.91:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][16 pkts/2739 bytes <-> 14 pkts/7315 bytes][Goodput ratio: 61/87][0.35 sec][(Advertised) ALPNs: http/1.1][bytes ratio: -0.455 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 23/26 48/88 21/29][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 171/522 1175/1514 274/624][Risk: ** Weak TLS Cipher **** Missing SNI TLS Extn **][Risk Score: 150][Risk Info: Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TLSv1.2][JA3C: 9f1a41f932f274fe47a992310a26a23a][ServerNames: *.pandion.viasat.com,pandion.viasat.com][JA3S: 82f0d8a75fa483d1cfe4b7085b784d7e (WEAK)][Issuer: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K][Subject: C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com][Certificate SHA-1: 92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA][Firefox][Validity: 2019-02-05 21:43:58 - 2021-02-05 22:13:57][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,16,8,0,0,8,0,8,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,8,0,25,0,0] + 6 TCP 10.0.0.227:56920 <-> 99.86.34.156:443 [proto: 91.118/TLS.Slack][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Collaborative/15][16 pkts/2949 bytes <-> 11 pkts/1876 bytes][Goodput ratio: 64/61][11.47 sec][Hostname/SNI: slack.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: 0.222 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 866/28 11074/80 2947/34][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 184/171 853/487 228/155][TLSv1.2][JA3C: d8dc5f8940df366b3a58b935569143e8][JA3S: 7bee5c1d424b7e5f943b06983bb11422][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,34,16,0,8,0,0,0,0,0,0,0,8,16,0,0,8,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 7 TCP 10.0.0.227:56884 <-> 184.25.56.77:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: ConnCheck/30][12 pkts/2303 bytes <-> 7 pkts/2382 bytes][Goodput ratio: 67/81][18.51 sec][Hostname/SNI: detectportal.firefox.com][bytes ratio: -0.017 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 7/31 1824/3642 10081/10083 3593/4385][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 192/340 373/450 153/173][URL: detectportal.firefox.com/success.txt?ipv4][StatusCode: 200][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko/20100101 Firefox/69.0][PLAIN TEXT (GET /success.txt)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 8 TCP 10.0.0.227:56320 <-> 10.0.0.149:8009 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][20 pkts/2420 bytes <-> 10 pkts/1760 bytes][Goodput ratio: 45/62][45.04 sec][bytes ratio: 0.158 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2/5003 2648/5004 5001/5006 2495/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/176 121/176 176/176 55/0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 9 ICMPV6 [fe80::2e7e:81ff:feb0:4aa1]:0 -> [ff02::1]:0 [proto: 102/ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][16 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 64/0][45.47 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2867/0 3028/0 3072/0 84/0][Pkt Len c2s/s2c min/avg/max/stddev: 174/0 174/0 174/0 0/0][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/anydesk.pcapng.out b/tests/result/anydesk.pcapng.out index 59246fbcf..19dac0e78 100644 --- a/tests/result/anydesk.pcapng.out +++ b/tests/result/anydesk.pcapng.out @@ -15,7 +15,7 @@ Automa host: 4/4 (search/found) Automa domain: 4/0 (search/found) Automa tls cert: 3/3 (search/found) Automa risk mask: 0/0 (search/found) -Automa common alpns: 0/0 (search/found) +Automa common alpns: 1/0 (search/found) Patricia risk mask: 14/0 (search/found) Patricia risk: 0/0 (search/found) Patricia protocols: 12/2 (search/found) @@ -33,7 +33,7 @@ JA3 Host Stats: 1 TCP 192.168.149.129:43535 <-> 51.83.238.219:80 [proto: 91.252/TLS.AnyDesk][IP: 252/AnyDesk][Encrypted][Confidence: DPI][cat: RemoteAccess/12][2942 pkts/175103 bytes <-> 4001 pkts/2618640 bytes][Goodput ratio: 9/92][55.97 sec][bytes ratio: -0.875 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/14 7028/7028 153/126][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 60/654 1514/1514 50/618][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **** Desktop/File Sharing **][Risk Score: 120][Risk Info: No ALPN / Expected on port 443 / Found AnyDesk][TLSv1.2][JA3C: 201999283915cc31cee6b15472ef3332][JA3S: 107030a763c7224285717ff1569a17f3][Issuer: CN=AnyNet Root CA, O=philandro Software GmbH, C=DE][Subject: C=DE, O=philandro Software GmbH, CN=AnyNet Relay][Certificate SHA-1: 9E:08:D2:58:A9:02:CD:4F:E2:4A:26:B8:48:5C:43:0B:81:29:99:E3][Firefox][Validity: 2018-11-18 02:14:23 - 2028-11-15 02:14:23][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,7,17,2,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,3,0,0,33,0,0,0,0,29,0,0] 2 TCP 192.168.1.187:54164 <-> 192.168.1.178:7070 [proto: 91.252/TLS.AnyDesk][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: RemoteAccess/12][509 pkts/226247 bytes <-> 1555 pkts/115282 bytes][Goodput ratio: 88/22][22.84 sec][bytes ratio: 0.325 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 48/14 2966/3021 229/106][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 444/74 1511/1514 475/47][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **** Desktop/File Sharing **][Risk Score: 120][Risk Info: No ALPN / Found AnyDesk][TLSv1.2][JA3C: 3f2fba0262b1a22b739126dfb2fe7a7d][JA3S: ee644a8a34c434abca4b737ec1d9efad][Subject: CN=AnyDesk Client, CN=AnyDesk Client][Certificate SHA-1: F8:4E:27:4E:F9:33:35:2F:1A:69:71:D5:02:6B:B8:72:EF:B7:BA:B0][Firefox][Cipher: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,64,6,1,3,1,1,1,0,1,1,0,0,1,1,0,3,0,0,0,0,0,3,1,0,1,1,0,1,0,0,0,0,1,0,0,1,0,0,0,1,0,0,1,0,1,0,0] - 3 TCP 192.168.1.128:48260 <-> 195.181.174.176:443 [proto: 91.252/TLS.AnyDesk][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: RemoteAccess/12][27 pkts/7693 bytes <-> 27 pkts/4853 bytes][Goodput ratio: 77/63][58.81 sec][ALPN: anydesk/6.2.0/linux][bytes ratio: 0.226 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2284/1898 10210/10228 4074/3857][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 285/180 1514/1514 460/331][Risk: ** Missing SNI TLS Extn **** Desktop/File Sharing **][Risk Score: 60][Risk Info: Found AnyDesk][TLSv1.2][JA3C: 29b5a018fa5992fe23560c16af0dc9fc][JA3S: e58f0b3c1e9eefb8ee4f92aeceee5858][Issuer: CN=AnyNet Root CA, O=philandro Software GmbH, C=DE][Subject: C=DE, O=philandro Software GmbH, CN=AnyNet Relay][Certificate SHA-1: 9E:08:D2:58:A9:02:CD:4F:E2:4A:26:B8:48:5C:43:0B:81:29:99:E3][Firefox][Validity: 2018-11-18 02:14:23 - 2028-11-15 02:14:23][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,35,20,0,10,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,5,0,0,0,5,0,0,0,0,0,0,15,0,0] + 3 TCP 192.168.1.128:48260 <-> 195.181.174.176:443 [proto: 91.252/TLS.AnyDesk][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: RemoteAccess/12][27 pkts/7693 bytes <-> 27 pkts/4853 bytes][Goodput ratio: 77/63][58.81 sec][(Advertised) ALPNs: anydesk/6.2.0/linux][bytes ratio: 0.226 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2284/1898 10210/10228 4074/3857][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 285/180 1514/1514 460/331][Risk: ** Missing SNI TLS Extn **** Desktop/File Sharing **** Uncommon TLS ALPN **][Risk Score: 110][Risk Info: anydesk/6.2.0/linu / Found AnyDesk][TLSv1.2][JA3C: 29b5a018fa5992fe23560c16af0dc9fc][JA3S: e58f0b3c1e9eefb8ee4f92aeceee5858][Issuer: CN=AnyNet Root CA, O=philandro Software GmbH, C=DE][Subject: C=DE, O=philandro Software GmbH, CN=AnyNet Relay][Certificate SHA-1: 9E:08:D2:58:A9:02:CD:4F:E2:4A:26:B8:48:5C:43:0B:81:29:99:E3][Firefox][Validity: 2018-11-18 02:14:23 - 2028-11-15 02:14:23][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,35,20,0,10,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,5,0,0,0,5,0,0,0,0,0,0,15,0,0] 4 TCP 192.168.1.178:52039 <-> 192.168.1.187:7070 [proto: 91.252/TLS.AnyDesk][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: RemoteAccess/12][8 pkts/2035 bytes <-> 7 pkts/2157 bytes][Goodput ratio: 76/82][0.56 sec][bytes ratio: -0.029 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 92/40 406/85 150/33][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 254/308 1340/968 419/387][Risk: ** Known Proto on Non Std Port **** Weak TLS Cipher **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **** Desktop/File Sharing **][Risk Score: 220][Risk Info: No ALPN / Cipher TLS_RSA_WITH_AES_256_GCM_SHA384 / Found AnyDesk][TLSv1.2][JA3C: 201999283915cc31cee6b15472ef3332][JA3S: 4b505adfb4a921c5a3a39d293b0811e1 (WEAK)][Subject: CN=AnyDesk Client, CN=AnyDesk Client][Certificate SHA-1: 86:4F:2A:9F:24:71:FD:0D:6A:35:56:AC:D8:7B:3A:19:E8:03:CA:2E][Firefox][Cipher: TLS_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,20,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0] 5 TCP 192.168.149.129:36351 <-> 51.83.239.144:80 [proto: 91/TLS][IP: 252/AnyDesk][Encrypted][Confidence: DPI][cat: Web/5][10 pkts/792 bytes <-> 10 pkts/925 bytes][Goodput ratio: 32/38][45.83 sec][bytes ratio: -0.077 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 32/31 5700/5700 15000/15001 7162/7162][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 79/92 105/213 25/45][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][Plen Bins: 0,90,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 6 UDP 192.168.1.187:55376 <-> 192.168.1.1:53 [proto: 5.252/DNS.AnyDesk][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/90 bytes <-> 1 pkts/106 bytes][Goodput ratio: 53/60][0.01 sec][Hostname/SNI: relay-9b6827f2.net.anydesk.com][138.199.36.115][PLAIN TEXT (anydesk)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/cachefly.pcapng.out b/tests/result/cachefly.pcapng.out index 3f467bb15..6783fdc16 100644 --- a/tests/result/cachefly.pcapng.out +++ b/tests/result/cachefly.pcapng.out @@ -26,4 +26,4 @@ JA3 Host Stats: 1 10.10.10.1 1 - 1 TCP 10.10.10.1:443 <-> 192.168.0.1:43766 [proto: 91.289/TLS.Cachefly][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Cloud/13][5 pkts/5580 bytes <-> 1 pkts/583 bytes][Goodput ratio: 94/89][0.35 sec][Hostname/SNI: apptv.cachefly.net][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.811 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 88/0 351/0 152/0][Pkt Len c2s/s2c min/avg/max/stddev: 74/583 1116/583 1414/583 524/0][TLSv1.2][JA3C: cd08e31494f9531f560d64c695473da9][ServerNames: *.cachefly.net,get.taxcycle.com,books24x7.com,siteclosed.overdrive.com,c.adventurerv.net,download.acoustica.com,cdn.arstechnica.net,ocp.cscglobal.com,cdn-w.gettraffic.com,cf.cdn.poundstopocket.co.uk,cf.cdn.cashnetusa.com,cf.cdn.quickquid.co.uk,downloads.oncenter.com,cache.green1020.com,software.onthehub.com,code.murdoog.com,img.tradepub.com,images.overdrive.com,static.readyflowers.com,cdn.richrelevance.com,qastatic.richrelevance.net,cache.agilebits.com,cachefly.alfredapp.com,download.fosshub.com,cdncontent.skillsoftcompliance.com,cdnlibrary.qual.skillport.com,cdnlibrary.skillport.com,cdnlibrary.skillport.eu,cdnlibrary-otls.skillport.com,st-cdn01.net-perform.com,assets.yandycdn.com,cdn.nexternal.com,www.workcred.org,img.sedoparking.com,www.standardsboostbusiness.org,cdn.sparklingsociety.net,smartupdate1.centralpointnow.com,cdn.edgeuno.com,downloads.pdf-xchange.com,cachefly.kinematics.com,cachefly.discoverinspire.com,static.volotea.com,*.cachefly.com,*.pluralsight.com,*.cdn.overdrive.com,*.contentreserve.com,*.listen.overdrivechina.cn,*.od-cdn.com,*.overdrivechina.cn,*.read.overdrivechina.cn,*.rbxcdn.com,*.books24x7.com,*.ansi.org,*.livee.com,cachefly.net][JA3S: 8d2a028aa94425f76ced7826b1f39039][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018][Subject: C=US, ST=Illinois, L=Chicago, O=Cachenetworks, LLC, CN=*.cachefly.net][Certificate SHA-1: 14:84:4F:1F:E8:A1:78:8A:12:27:36:B8:42:AB:42:52:FC:3B:C4:BA][Chrome][Validity: 2021-10-18 20:21:03 - 2022-11-19 20:21:03][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,60,0,0,0,0,0] + 1 TCP 10.10.10.1:443 <-> 192.168.0.1:43766 [proto: 91.289/TLS.Cachefly][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Cloud/13][5 pkts/5580 bytes <-> 1 pkts/583 bytes][Goodput ratio: 94/89][0.35 sec][Hostname/SNI: apptv.cachefly.net][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.811 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 88/0 351/0 152/0][Pkt Len c2s/s2c min/avg/max/stddev: 74/583 1116/583 1414/583 524/0][TLSv1.2][JA3C: cd08e31494f9531f560d64c695473da9][ServerNames: *.cachefly.net,get.taxcycle.com,books24x7.com,siteclosed.overdrive.com,c.adventurerv.net,download.acoustica.com,cdn.arstechnica.net,ocp.cscglobal.com,cdn-w.gettraffic.com,cf.cdn.poundstopocket.co.uk,cf.cdn.cashnetusa.com,cf.cdn.quickquid.co.uk,downloads.oncenter.com,cache.green1020.com,software.onthehub.com,code.murdoog.com,img.tradepub.com,images.overdrive.com,static.readyflowers.com,cdn.richrelevance.com,qastatic.richrelevance.net,cache.agilebits.com,cachefly.alfredapp.com,download.fosshub.com,cdncontent.skillsoftcompliance.com,cdnlibrary.qual.skillport.com,cdnlibrary.skillport.com,cdnlibrary.skillport.eu,cdnlibrary-otls.skillport.com,st-cdn01.net-perform.com,assets.yandycdn.com,cdn.nexternal.com,www.workcred.org,img.sedoparking.com,www.standardsboostbusiness.org,cdn.sparklingsociety.net,smartupdate1.centralpointnow.com,cdn.edgeuno.com,downloads.pdf-xchange.com,cachefly.kinematics.com,cachefly.discoverinspire.com,static.volotea.com,*.cachefly.com,*.pluralsight.com,*.cdn.overdrive.com,*.contentreserve.com,*.listen.overdrivechina.cn,*.od-cdn.com,*.overdrivechina.cn,*.read.overdrivechina.cn,*.rbxcdn.com,*.books24x7.com,*.ansi.org,*.livee.com,cachefly.net][JA3S: 8d2a028aa94425f76ced7826b1f39039][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018][Subject: C=US, ST=Illinois, L=Chicago, O=Cachenetworks, LLC, CN=*.cachefly.net][Certificate SHA-1: 14:84:4F:1F:E8:A1:78:8A:12:27:36:B8:42:AB:42:52:FC:3B:C4:BA][Chrome][Validity: 2021-10-18 20:21:03 - 2022-11-19 20:21:03][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,60,0,0,0,0,0] diff --git a/tests/result/chrome.pcap.out b/tests/result/chrome.pcap.out index e8b52e7fb..2d3c31e4f 100644 --- a/tests/result/chrome.pcap.out +++ b/tests/result/chrome.pcap.out @@ -14,7 +14,7 @@ Automa host: 6/0 (search/found) Automa domain: 6/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) -Automa common alpns: 0/0 (search/found) +Automa common alpns: 12/12 (search/found) Patricia risk mask: 12/0 (search/found) Patricia risk: 0/0 (search/found) Patricia protocols: 12/0 (search/found) @@ -26,9 +26,9 @@ JA3 Host Stats: 1 192.168.1.178 2 - 1 TCP 192.168.1.178:64411 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][472 pkts/36714 bytes <-> 727 pkts/1052310 bytes][Goodput ratio: 15/95][5.77 sec][Hostname/SNI: www.iit.cnr.it][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.933 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/9 4993/4997 266/203][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 78/1447 820/1506 89/249][TLSv1.3][JA3C: aa50c12a5dfa717d9d6ab34e97de79d5][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,97,0,0] - 2 TCP 192.168.1.178:64394 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][472 pkts/37585 bytes <-> 662 pkts/967394 bytes][Goodput ratio: 17/95][6.30 sec][Hostname/SNI: www.iit.cnr.it][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.925 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/1 441/54 24/5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 80/1461 792/1506 96/216][TLSv1.3][JA3C: 1b73862eae8f1711440a446b1ef357fd][JA3S: 2253c82f03b621c5144709b393fde2c9][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,3,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,92,0,0] - 3 TCP 192.168.1.178:64410 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][456 pkts/34246 bytes <-> 650 pkts/953061 bytes][Goodput ratio: 12/95][5.77 sec][Hostname/SNI: www.iit.cnr.it][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.931 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/1 4982/65 268/6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 75/1466 777/1506 78/210][TLSv1.3][JA3C: aa50c12a5dfa717d9d6ab34e97de79d5][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,95,0,0] - 4 TCP 192.168.1.178:64409 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][409 pkts/32019 bytes <-> 547 pkts/804381 bytes][Goodput ratio: 16/96][5.75 sec][Hostname/SNI: www.iit.cnr.it][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.923 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/12 5000/5000 282/235][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 78/1471 804/1506 92/209][TLSv1.3][JA3C: 1b73862eae8f1711440a446b1ef357fd][JA3S: 2253c82f03b621c5144709b393fde2c9][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,98,0,0] - 5 TCP 192.168.1.178:64393 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][374 pkts/31581 bytes <-> 488 pkts/713304 bytes][Goodput ratio: 22/95][6.76 sec][Hostname/SNI: www.iit.cnr.it][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.915 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/15 4594/4748 271/239][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 84/1462 816/1506 110/230][TLSv1.3][JA3C: aa50c12a5dfa717d9d6ab34e97de79d5][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,91,0,0] - 6 TCP 192.168.1.178:64408 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][161 pkts/16303 bytes <-> 215 pkts/306259 bytes][Goodput ratio: 35/95][5.78 sec][Hostname/SNI: www.iit.cnr.it][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.899 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 45/2 4995/60 448/10][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 101/1424 777/1506 152/300][TLSv1.3][JA3C: 1b73862eae8f1711440a446b1ef357fd][JA3S: 2253c82f03b621c5144709b393fde2c9][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,95,0,0] + 1 TCP 192.168.1.178:64411 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][472 pkts/36714 bytes <-> 727 pkts/1052310 bytes][Goodput ratio: 15/95][5.77 sec][Hostname/SNI: www.iit.cnr.it][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.933 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/9 4993/4997 266/203][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 78/1447 820/1506 89/249][TLSv1.3][JA3C: aa50c12a5dfa717d9d6ab34e97de79d5][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,97,0,0] + 2 TCP 192.168.1.178:64394 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][472 pkts/37585 bytes <-> 662 pkts/967394 bytes][Goodput ratio: 17/95][6.30 sec][Hostname/SNI: www.iit.cnr.it][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.925 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/1 441/54 24/5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 80/1461 792/1506 96/216][TLSv1.3][JA3C: 1b73862eae8f1711440a446b1ef357fd][JA3S: 2253c82f03b621c5144709b393fde2c9][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,3,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,92,0,0] + 3 TCP 192.168.1.178:64410 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][456 pkts/34246 bytes <-> 650 pkts/953061 bytes][Goodput ratio: 12/95][5.77 sec][Hostname/SNI: www.iit.cnr.it][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.931 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/1 4982/65 268/6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 75/1466 777/1506 78/210][TLSv1.3][JA3C: aa50c12a5dfa717d9d6ab34e97de79d5][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,95,0,0] + 4 TCP 192.168.1.178:64409 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][409 pkts/32019 bytes <-> 547 pkts/804381 bytes][Goodput ratio: 16/96][5.75 sec][Hostname/SNI: www.iit.cnr.it][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.923 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/12 5000/5000 282/235][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 78/1471 804/1506 92/209][TLSv1.3][JA3C: 1b73862eae8f1711440a446b1ef357fd][JA3S: 2253c82f03b621c5144709b393fde2c9][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,98,0,0] + 5 TCP 192.168.1.178:64393 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][374 pkts/31581 bytes <-> 488 pkts/713304 bytes][Goodput ratio: 22/95][6.76 sec][Hostname/SNI: www.iit.cnr.it][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.915 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/15 4594/4748 271/239][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 84/1462 816/1506 110/230][TLSv1.3][JA3C: aa50c12a5dfa717d9d6ab34e97de79d5][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,91,0,0] + 6 TCP 192.168.1.178:64408 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][161 pkts/16303 bytes <-> 215 pkts/306259 bytes][Goodput ratio: 35/95][5.78 sec][Hostname/SNI: www.iit.cnr.it][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.899 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 45/2 4995/60 448/10][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 101/1424 777/1506 152/300][TLSv1.3][JA3C: 1b73862eae8f1711440a446b1ef357fd][JA3S: 2253c82f03b621c5144709b393fde2c9][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,95,0,0] diff --git a/tests/result/cloudflare-warp.pcap.out b/tests/result/cloudflare-warp.pcap.out index e4720a4e8..3f6f39916 100644 --- a/tests/result/cloudflare-warp.pcap.out +++ b/tests/result/cloudflare-warp.pcap.out @@ -16,7 +16,7 @@ Automa host: 4/4 (search/found) Automa domain: 4/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 1/0 (search/found) -Automa common alpns: 2/2 (search/found) +Automa common alpns: 3/3 (search/found) Patricia risk mask: 16/0 (search/found) Patricia risk: 0/0 (search/found) Patricia protocols: 11/7 (search/found) @@ -33,11 +33,11 @@ JA3 Host Stats: 1 10.8.0.1 3 - 1 TCP 10.8.0.1:45606 <-> 104.18.47.234:443 [proto: 91.300/TLS.CloudflareWarp][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: VPN/2][6 pkts/924 bytes <-> 5 pkts/3107 bytes][Goodput ratio: 63/91][0.16 sec][Hostname/SNI: api.cloudflareclient.com][ALPN: http/1.1][bytes ratio: -0.542 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/2 31/50 75/75 36/34][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 154/621 355/2891 111/1135][TLSv1.2][JA3C: 6f5e62edfa5933b1332ddf8b9fb3ef9d][ServerNames: cloudflareclient.com,*.cloudflareclient.com][JA3S: 9ebc57def2efb523f25c77af13aa6d48][Issuer: C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3][Subject: C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=cloudflareclient.com][Certificate SHA-1: E6:54:3B:82:07:1E:29:C4:57:8C:B4:9E:64:38:11:38:9B:FC:66:98][Safari][Validity: 2022-05-19 00:00:00 - 2023-05-19 23:59:59][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,25,0,0,25,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25] - 2 TCP 10.8.0.1:45610 <-> 104.18.47.234:443 [proto: 91.300/TLS.CloudflareWarp][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: VPN/2][6 pkts/623 bytes <-> 5 pkts/3108 bytes][Goodput ratio: 45/91][0.15 sec][Hostname/SNI: api.cloudflareclient.com][ALPN: http/1.1][bytes ratio: -0.666 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/50 29/48 143/93 57/38][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 104/622 240/2854 69/1116][TLSv1.2][JA3C: 6f5e62edfa5933b1332ddf8b9fb3ef9d][ServerNames: cloudflareclient.com,*.cloudflareclient.com][JA3S: 9ebc57def2efb523f25c77af13aa6d48][Issuer: C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3][Subject: C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=cloudflareclient.com][Certificate SHA-1: E6:54:3B:82:07:1E:29:C4:57:8C:B4:9E:64:38:11:38:9B:FC:66:98][Safari][Validity: 2022-05-19 00:00:00 - 2023-05-19 23:59:59][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,25,25,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25] - 3 TCP 10.8.0.1:40214 <-> 157.240.16.32:443 [proto: 91.157/TLS.Messenger][IP: 119/Facebook][Encrypted][Confidence: DPI][cat: Chat/9][9 pkts/1498 bytes <-> 8 pkts/871 bytes][Goodput ratio: 66/50][0.90 sec][Hostname/SNI: mqtt-mini.facebook.com][bytes ratio: 0.265 (Upload)][IAT c2s/s2c min/avg/max/stddev: 3/6 113/132 238/257 88/85][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 166/109 576/290 191/89][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.3][JA3C: 159db30fc8fac7fb58bcaeee8785a687][JA3S: fcb2d4d0991292272fcb1e464eedfd43][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 28,14,0,0,0,14,0,14,0,0,0,0,14,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 TCP 10.8.0.1:45606 <-> 104.18.47.234:443 [proto: 91.300/TLS.CloudflareWarp][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: VPN/2][6 pkts/924 bytes <-> 5 pkts/3107 bytes][Goodput ratio: 63/91][0.16 sec][Hostname/SNI: api.cloudflareclient.com][(Advertised) ALPNs: http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.542 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/2 31/50 75/75 36/34][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 154/621 355/2891 111/1135][TLSv1.2][JA3C: 6f5e62edfa5933b1332ddf8b9fb3ef9d][ServerNames: cloudflareclient.com,*.cloudflareclient.com][JA3S: 9ebc57def2efb523f25c77af13aa6d48][Issuer: C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3][Subject: C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=cloudflareclient.com][Certificate SHA-1: E6:54:3B:82:07:1E:29:C4:57:8C:B4:9E:64:38:11:38:9B:FC:66:98][Safari][Validity: 2022-05-19 00:00:00 - 2023-05-19 23:59:59][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,25,0,0,25,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25] + 2 TCP 10.8.0.1:45610 <-> 104.18.47.234:443 [proto: 91.300/TLS.CloudflareWarp][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: VPN/2][6 pkts/623 bytes <-> 5 pkts/3108 bytes][Goodput ratio: 45/91][0.15 sec][Hostname/SNI: api.cloudflareclient.com][(Advertised) ALPNs: http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.666 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/50 29/48 143/93 57/38][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 104/622 240/2854 69/1116][TLSv1.2][JA3C: 6f5e62edfa5933b1332ddf8b9fb3ef9d][ServerNames: cloudflareclient.com,*.cloudflareclient.com][JA3S: 9ebc57def2efb523f25c77af13aa6d48][Issuer: C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3][Subject: C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=cloudflareclient.com][Certificate SHA-1: E6:54:3B:82:07:1E:29:C4:57:8C:B4:9E:64:38:11:38:9B:FC:66:98][Safari][Validity: 2022-05-19 00:00:00 - 2023-05-19 23:59:59][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,25,25,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25] + 3 TCP 10.8.0.1:40214 <-> 157.240.16.32:443 [proto: 91.157/TLS.Messenger][IP: 119/Facebook][Encrypted][Confidence: DPI][cat: Chat/9][9 pkts/1498 bytes <-> 8 pkts/871 bytes][Goodput ratio: 66/50][0.90 sec][Hostname/SNI: mqtt-mini.facebook.com][TLS Supported Versions: TLSv1.3;TLSv1.3 (Fizz)][bytes ratio: 0.265 (Upload)][IAT c2s/s2c min/avg/max/stddev: 3/6 113/132 238/257 88/85][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 166/109 576/290 191/89][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.3][JA3C: 159db30fc8fac7fb58bcaeee8785a687][JA3S: fcb2d4d0991292272fcb1e464eedfd43][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 28,14,0,0,0,14,0,14,0,0,0,0,14,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 4 TCP 10.8.0.1:42344 <-> 159.138.85.48:5223 [proto: 67/Jabber][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][6 pkts/567 bytes <-> 5 pkts/323 bytes][Goodput ratio: 39/16][0.37 sec][bytes ratio: 0.274 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/50 56/79 122/101 56/20][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 94/65 208/91 56/15][Plen Bins: 25,25,25,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 5 TCP 10.8.0.1:51296 <-> 142.250.183.163:443 [proto: 91.239/TLS.GoogleServices][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][3 pkts/384 bytes <-> 2 pkts/108 bytes][Goodput ratio: 52/0][0.00 sec][Hostname/SNI: crashlyticsreports-pa.googleapis.com][ALPN: http/1.1][TLSv1.2][JA3C: d8c87b9bfde38897979e41242626c2f3][Safari][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 5 TCP 10.8.0.1:51296 <-> 142.250.183.163:443 [proto: 91.239/TLS.GoogleServices][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][3 pkts/384 bytes <-> 2 pkts/108 bytes][Goodput ratio: 52/0][0.00 sec][Hostname/SNI: crashlyticsreports-pa.googleapis.com][(Advertised) ALPNs: http/1.1][TLSv1.2][JA3C: d8c87b9bfde38897979e41242626c2f3][Safari][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 6 TCP 10.158.134.93:40454 <-> 216.58.196.68:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: Match by port][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 7 TCP 10.158.134.93:55512 -> 142.251.42.106:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: Match by port][cat: Web/5][1 pkts/66 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/dazn.pcapng.out b/tests/result/dazn.pcapng.out index 8a93c0780..b97ca332a 100644 --- a/tests/result/dazn.pcapng.out +++ b/tests/result/dazn.pcapng.out @@ -14,7 +14,7 @@ Automa host: 3/3 (search/found) Automa domain: 3/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) -Automa common alpns: 0/0 (search/found) +Automa common alpns: 6/6 (search/found) Patricia risk mask: 6/0 (search/found) Patricia risk: 0/0 (search/found) Patricia protocols: 3/3 (search/found) @@ -26,6 +26,6 @@ JA3 Host Stats: 1 192.168.1.128 1 - 1 TCP 192.168.1.128:40882 <-> 13.226.244.30:443 [proto: 91.292/TLS.Dazn][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Streaming/17][2 pkts/657 bytes <-> 2 pkts/1568 bytes][Goodput ratio: 79/91][0.04 sec][Hostname/SNI: subscriptions-service.dazn-api.com][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] - 2 TCP 192.168.1.128:46036 <-> 13.226.244.27:443 [proto: 91.292/TLS.Dazn][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Streaming/17][2 pkts/657 bytes <-> 2 pkts/1568 bytes][Goodput ratio: 79/91][0.04 sec][Hostname/SNI: user-profile.ar.indazn.com][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] - 3 TCP 192.168.1.128:54020 <-> 52.84.223.58:443 [proto: 91.292/TLS.Dazn][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Streaming/17][2 pkts/657 bytes <-> 2 pkts/1568 bytes][Goodput ratio: 79/91][0.04 sec][Hostname/SNI: www.dazn.com][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] + 1 TCP 192.168.1.128:40882 <-> 13.226.244.30:443 [proto: 91.292/TLS.Dazn][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Streaming/17][2 pkts/657 bytes <-> 2 pkts/1568 bytes][Goodput ratio: 79/91][0.04 sec][Hostname/SNI: subscriptions-service.dazn-api.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] + 2 TCP 192.168.1.128:46036 <-> 13.226.244.27:443 [proto: 91.292/TLS.Dazn][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Streaming/17][2 pkts/657 bytes <-> 2 pkts/1568 bytes][Goodput ratio: 79/91][0.04 sec][Hostname/SNI: user-profile.ar.indazn.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] + 3 TCP 192.168.1.128:54020 <-> 52.84.223.58:443 [proto: 91.292/TLS.Dazn][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Streaming/17][2 pkts/657 bytes <-> 2 pkts/1568 bytes][Goodput ratio: 79/91][0.04 sec][Hostname/SNI: www.dazn.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] diff --git a/tests/result/discord.pcap.out b/tests/result/discord.pcap.out index 4ba2bd0cc..5c818f605 100644 --- a/tests/result/discord.pcap.out +++ b/tests/result/discord.pcap.out @@ -35,7 +35,7 @@ JA3 Host Stats: 6 UDP 192.168.2.100:55432 <-> 66.22.196.173:50004 [proto: 58/Discord][IP: 58/Discord][Encrypted][Confidence: DPI][cat: Collaborative/15][13 pkts/3740 bytes <-> 2 pkts/176 bytes][Goodput ratio: 85/46][0.24 sec][Client IP: 84.59.132.100][bytes ratio: 0.910 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/0 28/0 7/0][Pkt Len c2s/s2c min/avg/max/stddev: 50/60 288/88 344/116 89/28][PLAIN TEXT (84.59.132.100)][Plen Bins: 13,0,13,0,0,0,0,0,53,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 7 UDP 192.168.2.100:50199 <-> 66.22.196.173:50004 [proto: 58/Discord][IP: 58/Discord][Encrypted][Confidence: DPI][cat: Collaborative/15][8 pkts/2097 bytes <-> 7 pkts/1791 bytes][Goodput ratio: 84/83][0.15 sec][Client IP: 84.59.132.100][bytes ratio: 0.079 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 18/3 23/21 42/42 9/13][Pkt Len c2s/s2c min/avg/max/stddev: 50/60 262/256 333/323 105/107][PLAIN TEXT (84.59.132.100)][Plen Bins: 13,0,13,0,0,0,0,0,60,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 8 UDP 192.168.2.100:63362 <-> 66.22.196.173:50004 [proto: 58/Discord][IP: 58/Discord][Encrypted][Confidence: DPI][cat: Collaborative/15][12 pkts/3349 bytes <-> 3 pkts/499 bytes][Goodput ratio: 85/73][0.23 sec][Client IP: 84.59.132.100][bytes ratio: 0.741 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/31 21/31 53/31 12/0][Pkt Len c2s/s2c min/avg/max/stddev: 50/60 279/166 340/323 90/113][PLAIN TEXT (84.59.132.100)][Plen Bins: 13,0,13,0,0,0,0,6,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 9 TCP 10.0.2.15:42834 <-> 162.159.128.233:443 [proto: 91.58/TLS.Discord][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: Collaborative/15][3 pkts/451 bytes <-> 4 pkts/3257 bytes][Goodput ratio: 60/93][0.05 sec][Hostname/SNI: discord.com][ALPN: h2;http/1.1][bytes ratio: -0.757 (Download)][IAT c2s/s2c min/avg/max/stddev: 16/0 20/13 23/22 4/9][Pkt Len c2s/s2c min/avg/max/stddev: 74/58 150/814 230/1506 64/609][Risk: ** TLS Cert Expired **][Risk Score: 100][Risk Info: 19/Jan/2021 00:00:00 - 18/Jan/2022 23:59:59][TLSv1.2][JA3C: 6f5e62edfa5933b1332ddf8b9fb3ef9d][ServerNames: discord.com,sni.cloudflaressl.com,*.discord.com][JA3S: 9ebc57def2efb523f25c77af13aa6d48][Issuer: C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3][Subject: C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com][Certificate SHA-1: 31:3B:70:94:D5:DF:90:78:9C:A0:74:26:20:24:E4:3D:92:A7:57:9D][Safari][Validity: 2021-01-19 00:00:00 - 2022-01-18 23:59:59][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,20,0,0,20,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,20,0,0] + 9 TCP 10.0.2.15:42834 <-> 162.159.128.233:443 [proto: 91.58/TLS.Discord][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: Collaborative/15][3 pkts/451 bytes <-> 4 pkts/3257 bytes][Goodput ratio: 60/93][0.05 sec][Hostname/SNI: discord.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.757 (Download)][IAT c2s/s2c min/avg/max/stddev: 16/0 20/13 23/22 4/9][Pkt Len c2s/s2c min/avg/max/stddev: 74/58 150/814 230/1506 64/609][Risk: ** TLS Cert Expired **][Risk Score: 100][Risk Info: 19/Jan/2021 00:00:00 - 18/Jan/2022 23:59:59][TLSv1.2][JA3C: 6f5e62edfa5933b1332ddf8b9fb3ef9d][ServerNames: discord.com,sni.cloudflaressl.com,*.discord.com][JA3S: 9ebc57def2efb523f25c77af13aa6d48][Issuer: C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3][Subject: C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com][Certificate SHA-1: 31:3B:70:94:D5:DF:90:78:9C:A0:74:26:20:24:E4:3D:92:A7:57:9D][Safari][Validity: 2021-01-19 00:00:00 - 2022-01-18 23:59:59][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,20,0,0,20,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,20,0,0] 10 UDP 192.168.2.100:65053 <-> 66.22.196.173:50004 [proto: 58/Discord][IP: 58/Discord][Encrypted][Confidence: DPI][cat: Collaborative/15][3 pkts/236 bytes <-> 12 pkts/3448 bytes][Goodput ratio: 46/85][0.61 sec][Client IP: 84.59.132.100][bytes ratio: -0.872 (Download)][IAT c2s/s2c min/avg/max/stddev: 151/14 196/56 242/241 46/75][Pkt Len c2s/s2c min/avg/max/stddev: 50/60 79/287 116/448 28/97][PLAIN TEXT (84.59.132.100)][Plen Bins: 20,0,13,0,0,0,0,0,60,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 11 UDP 192.168.2.100:52323 <-> 66.22.196.173:50004 [proto: 58/Discord][IP: 58/Discord][Encrypted][Confidence: DPI][cat: Collaborative/15][3 pkts/260 bytes <-> 12 pkts/3416 bytes][Goodput ratio: 51/85][0.90 sec][Client IP: 84.59.132.100][bytes ratio: -0.859 (Download)][IAT c2s/s2c min/avg/max/stddev: 229/11 341/84 453/463 112/140][Pkt Len c2s/s2c min/avg/max/stddev: 50/60 87/285 116/343 27/89][PLAIN TEXT (84.59.132.100)][Plen Bins: 13,6,13,0,0,0,0,0,61,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 12 UDP 192.168.2.100:53459 <-> 66.22.196.173:50004 [proto: 58/Discord][IP: 58/Discord][Encrypted][Confidence: DPI][cat: Collaborative/15][3 pkts/268 bytes <-> 12 pkts/3406 bytes][Goodput ratio: 53/85][1.83 sec][Client IP: 84.59.132.100][bytes ratio: -0.854 (Download)][IAT c2s/s2c min/avg/max/stddev: 125/13 806/177 1486/1498 680/441][Pkt Len c2s/s2c min/avg/max/stddev: 50/60 89/284 116/323 28/88][PLAIN TEXT (84.59.132.100)][Plen Bins: 13,6,13,0,0,0,0,0,67,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/dlt_ppp.pcap.out b/tests/result/dlt_ppp.pcap.out index 1c045ed05..9162571eb 100644 --- a/tests/result/dlt_ppp.pcap.out +++ b/tests/result/dlt_ppp.pcap.out @@ -14,7 +14,7 @@ Automa host: 1/0 (search/found) Automa domain: 1/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) -Automa common alpns: 0/0 (search/found) +Automa common alpns: 1/1 (search/found) Patricia risk mask: 2/0 (search/found) Patricia risk: 2/0 (search/found) Patricia protocols: 2/0 (search/found) @@ -26,4 +26,4 @@ JA3 Host Stats: 1 193.167.0.252 1 - 1 UDP 193.167.0.252:44083 -> 193.167.100.100:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1230 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: server4][ALPN: hq-29][TLS Supported Versions: TLSv1.3;TLSv1.3 (draft);TLSv1.3 (draft);TLSv1.3 (draft)][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: fe94e313a5d76fb687c85443cdfa8170][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0] + 1 UDP 193.167.0.252:44083 -> 193.167.100.100:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1230 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: server4][(Advertised) ALPNs: hq-29][TLS Supported Versions: TLSv1.3;TLSv1.3 (draft);TLSv1.3 (draft);TLSv1.3 (draft)][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: fe94e313a5d76fb687c85443cdfa8170][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/dns_doh.pcap.out b/tests/result/dns_doh.pcap.out index 11c3d97a5..678addbb8 100644 --- a/tests/result/dns_doh.pcap.out +++ b/tests/result/dns_doh.pcap.out @@ -14,7 +14,7 @@ Automa host: 1/1 (search/found) Automa domain: 1/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) -Automa common alpns: 0/0 (search/found) +Automa common alpns: 2/2 (search/found) Patricia risk mask: 2/0 (search/found) Patricia risk: 0/0 (search/found) Patricia protocols: 1/1 (search/found) @@ -26,4 +26,4 @@ JA3 Host Stats: 1 172.20.10.4 1 - 1 TCP 172.20.10.4:49877 <-> 104.16.248.249:443 [proto: 91.196/TLS.DoH_DoT][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: Network/14][86 pkts/8460 bytes <-> 56 pkts/11902 bytes][Goodput ratio: 45/74][3.24 sec][Hostname/SNI: mozilla.cloudflare-dns.com][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.169 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 26/31 535/580 86/115][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 98/213 571/1354 69/257][TLSv1.3][JA3C: b20b44b18b853ef29ab773e921b03422][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 23,21,20,2,1,1,13,3,0,0,7,0,0,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0] + 1 TCP 172.20.10.4:49877 <-> 104.16.248.249:443 [proto: 91.196/TLS.DoH_DoT][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: Network/14][86 pkts/8460 bytes <-> 56 pkts/11902 bytes][Goodput ratio: 45/74][3.24 sec][Hostname/SNI: mozilla.cloudflare-dns.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.169 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 26/31 535/580 86/115][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 98/213 571/1354 69/257][TLSv1.3][JA3C: b20b44b18b853ef29ab773e921b03422][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 23,21,20,2,1,1,13,3,0,0,7,0,0,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0] diff --git a/tests/result/dnscrypt-v2-doh.pcap.out b/tests/result/dnscrypt-v2-doh.pcap.out index 2f47303ca..5e3c9f055 100644 --- a/tests/result/dnscrypt-v2-doh.pcap.out +++ b/tests/result/dnscrypt-v2-doh.pcap.out @@ -14,7 +14,7 @@ Automa host: 34/34 (search/found) Automa domain: 34/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 6/0 (search/found) -Automa common alpns: 6/6 (search/found) +Automa common alpns: 68/68 (search/found) Patricia risk mask: 66/0 (search/found) Patricia risk: 0/0 (search/found) Patricia protocols: 68/0 (search/found) @@ -26,37 +26,37 @@ JA3 Host Stats: 1 10.0.0.1 1 - 1 TCP 10.0.0.1:50614 <-> 185.95.218.42:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][14 pkts/2180 bytes <-> 16 pkts/7623 bytes][Goodput ratio: 65/89][23.45 sec][Hostname/SNI: dns.digitale-gesellschaft.ch][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.555 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2124/13 16347/44 4911/18][Pkt Len c2s/s2c min/avg/max/stddev: 78/85 156/476 352/2958 67/708][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 20,13,23,16,0,3,0,0,0,3,0,0,0,0,0,6,0,0,0,0,0,0,0,0,6,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3] - 2 TCP 10.0.0.1:43888 <-> 95.216.229.153:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][10 pkts/1559 bytes <-> 8 pkts/6285 bytes][Goodput ratio: 65/93][30.16 sec][Hostname/SNI: fi.doh.dns.snopyta.org][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.602 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3770/16 30052/46 9934/20][Pkt Len c2s/s2c min/avg/max/stddev: 78/89 156/786 346/2958 77/922][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 11,16,28,11,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,5] - 3 TCP 10.0.0.1:59026 <-> 85.5.93.230:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][11 pkts/1966 bytes <-> 12 pkts/5810 bytes][Goodput ratio: 70/89][30.26 sec][Hostname/SNI: ibksturm.synology.me][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.494 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27/15 115/89 36/29][Pkt Len c2s/s2c min/avg/max/stddev: 60/85 179/484 445/1506 113/487][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 21,4,17,13,0,4,0,0,0,13,0,4,4,0,4,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0] - 4 TCP 10.0.0.1:52028 <-> 45.76.113.31:8443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][9 pkts/1438 bytes <-> 11 pkts/6319 bytes][Goodput ratio: 66/91][30.97 sec][Hostname/SNI: doh.seby.io][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.629 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4379/3404 30317/30002 10590/9405][Pkt Len c2s/s2c min/avg/max/stddev: 78/93 160/574 335/1464 75/564][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][PLAIN TEXT (ffffffDDDDDD)][Plen Bins: 10,15,30,10,0,5,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,10,0,0,0] - 5 TCP 10.0.0.1:57058 <-> 46.227.200.54:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][9 pkts/1445 bytes <-> 8 pkts/5948 bytes][Goodput ratio: 66/93][30.13 sec][Hostname/SNI: rdns.faelix.net][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.609 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4304/5014 30049/30000 10511/11174][Pkt Len c2s/s2c min/avg/max/stddev: 78/89 161/744 339/2958 74/935][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 12,12,25,12,0,5,5,0,5,0,5,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,5] - 6 TCP 10.0.0.1:55322 <-> 185.134.196.55:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][10 pkts/1532 bytes <-> 7 pkts/5815 bytes][Goodput ratio: 65/93][16.35 sec][Hostname/SNI: rdns.faelix.net][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.583 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2039/3262 16237/16242 5366/6490][Pkt Len c2s/s2c min/avg/max/stddev: 78/78 153/831 339/2958 74/969][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 18,5,25,12,0,5,5,0,5,0,5,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,5] - 7 TCP 10.0.0.1:38186 <-> 185.43.135.1:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][11 pkts/1728 bytes <-> 13 pkts/5220 bytes][Goodput ratio: 66/87][10.17 sec][Hostname/SNI: odvr.nic.cz][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.503 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1263/1013 10000/10000 3302/2996][Pkt Len c2s/s2c min/avg/max/stddev: 85/92 157/402 335/3057 70/784][Risk: ** TLS Cert Expired **][Risk Score: 100][Risk Info: 03/Aug/2020 06:53:50 - 01/Nov/2020 06:53:50][TLSv1.2][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][ServerNames: odvr.nic.cz][JA3S: 1089ea6f0461a29006cc96dfe7a11d80][Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3][Subject: CN=odvr.nic.cz][Certificate SHA-1: 15:57:4E:06:5B:3D:23:22:EF:BC:2E:5B:A3:3E:A5:76:BD:14:01:4B][Firefox][Validity: 2020-08-03 06:53:50 - 2020-11-01 06:53:50][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 4,51,12,12,0,4,0,0,4,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4] - 8 TCP 10.0.0.1:55962 <-> 51.158.147.50:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][10 pkts/1540 bytes <-> 7 pkts/5403 bytes][Goodput ratio: 65/93][23.03 sec][Hostname/SNI: resolver-eu.lelux.fi][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.556 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2879/17 22962/28 7591/14][Pkt Len c2s/s2c min/avg/max/stddev: 78/102 154/772 344/3185 77/1040][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 11,11,37,11,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5] - 9 TCP 10.0.0.1:60026 <-> 195.30.94.28:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][9 pkts/1455 bytes <-> 6 pkts/5347 bytes][Goodput ratio: 67/94][10.04 sec][Hostname/SNI: doh.ffmuc.net][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.572 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 1434/37 9925/63 3467/26][Pkt Len c2s/s2c min/avg/max/stddev: 78/89 162/891 337/2958 74/961][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 13,6,20,13,0,6,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6] - 10 TCP 10.0.0.1:40938 <-> 172.104.93.80:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][10 pkts/1523 bytes <-> 6 pkts/5217 bytes][Goodput ratio: 65/94][22.42 sec][Hostname/SNI: jp.tiar.app][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.548 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2778/5507 21637/21834 7129/9427][Pkt Len c2s/s2c min/avg/max/stddev: 78/78 152/870 335/2248 74/759][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: 475c9302dc42b2751db9edcac3b74891][Firefox][Cipher: TLS_CHACHA20_POLY1305_SHA256][PLAIN TEXT (ffffffDDDDDD)][Plen Bins: 18,6,18,12,0,6,0,0,12,0,0,0,0,6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,6] - 11 TCP 10.0.0.1:46658 <-> 185.233.106.232:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][8 pkts/1437 bytes <-> 7 pkts/5154 bytes][Goodput ratio: 70/93][27.98 sec][Hostname/SNI: dns.dnshome.de][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.564 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4659/5583 27865/27889 10378/11153][Pkt Len c2s/s2c min/avg/max/stddev: 78/78 180/736 389/2958 111/936][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 21,6,13,13,0,0,6,0,6,0,13,0,0,0,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6] - 12 TCP 10.0.0.1:35714 <-> 209.250.241.25:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][9 pkts/1516 bytes <-> 9 pkts/5023 bytes][Goodput ratio: 68/90][6.97 sec][Hostname/SNI: jarjar.meganerd.nl][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.536 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 992/7 6894/26 2409/11][Pkt Len c2s/s2c min/avg/max/stddev: 85/92 168/558 342/2102 74/700][Risk: ** TLS Cert Expired **][Risk Score: 100][Risk Info: 14/Jul/2020 23:47:21 - 12/Oct/2020 23:47:21][TLSv1.2][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][ServerNames: jarjar.meganerd.nl][JA3S: 2464432ec440b95b36263230c3148d11][Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3][Subject: CN=jarjar.meganerd.nl][Certificate SHA-1: 17:C9:8C:F5:DD:1F:0E:0F:DC:C5:42:4F:ED:C4:CD:57:5A:5D:7A:4F][Firefox][Validity: 2020-07-14 23:47:21 - 2020-10-12 23:47:21][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 5,28,23,11,0,5,0,0,0,5,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,5] - 13 TCP 10.0.0.1:52386 <-> 51.15.124.208:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][10 pkts/1536 bytes <-> 8 pkts/4974 bytes][Goodput ratio: 65/91][16.18 sec][Hostname/SNI: dnsnl.alekberg.net][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.528 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2022/11 16115/27 5327/12][Pkt Len c2s/s2c min/avg/max/stddev: 78/85 154/622 342/2958 76/923][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 16,23,16,11,5,5,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5] - 14 TCP 10.0.0.1:37530 <-> 167.114.220.125:453 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][10 pkts/1537 bytes <-> 10 pkts/4945 bytes][Goodput ratio: 65/89][17.40 sec][Hostname/SNI: dns1.dnscrypt.ca][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.526 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2161/2161 17071/17045 5636/5626][Pkt Len c2s/s2c min/avg/max/stddev: 78/78 154/494 340/3154 76/905][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][PLAIN TEXT (ffffffDDDDDD)][Plen Bins: 15,30,20,10,0,5,0,0,5,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5] - 15 TCP 10.0.0.1:59404 <-> 185.253.154.66:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][10 pkts/1536 bytes <-> 7 pkts/4898 bytes][Goodput ratio: 65/92][22.86 sec][Hostname/SNI: dnses.alekberg.net][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.523 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2857/18 22768/44 7526/21][Pkt Len c2s/s2c min/avg/max/stddev: 78/89 154/700 342/2958 76/962][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 11,25,18,11,5,5,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5] - 16 TCP 10.0.0.1:43106 <-> 116.202.176.26:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][10 pkts/1546 bytes <-> 7 pkts/4884 bytes][Goodput ratio: 65/92][30.19 sec][Hostname/SNI: doh.libredns.gr][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.519 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3774/34 30000/124 9913/46][Pkt Len c2s/s2c min/avg/max/stddev: 78/89 155/698 339/3179 74/1019][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 11,11,24,11,0,5,0,0,18,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5] - 17 TCP 10.0.0.1:36012 <-> 149.56.228.45:453 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][9 pkts/1447 bytes <-> 10 pkts/4943 bytes][Goodput ratio: 66/89][16.62 sec][Hostname/SNI: dns2.dnscrypt.ca][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.547 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2358/2063 16281/16268 5684/5369][Pkt Len c2s/s2c min/avg/max/stddev: 78/78 161/494 340/3152 76/904][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 15,26,21,10,0,5,0,0,5,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5] - 18 TCP 10.0.0.1:41720 <-> 116.203.179.248:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][10 pkts/1528 bytes <-> 12 pkts/4776 bytes][Goodput ratio: 65/86][15.70 sec][Hostname/SNI: rumpelsepp.org][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.515 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/6 25/23 9/9][Pkt Len c2s/s2c min/avg/max/stddev: 78/78 153/398 338/1506 75/506][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][PLAIN TEXT (ffffffDDDDDD)][Plen Bins: 13,28,13,13,0,4,0,4,4,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0] - 19 TCP 10.0.0.1:38018 <-> 45.153.187.96:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][9 pkts/1448 bytes <-> 6 pkts/4822 bytes][Goodput ratio: 66/93][15.95 sec][Hostname/SNI: dnsse.alekberg.net][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.538 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 2279/20 15848/48 5540/19][Pkt Len c2s/s2c min/avg/max/stddev: 78/89 161/804 342/2958 77/1002][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 13,6,27,13,6,6,0,0,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6] - 20 TCP 10.0.0.1:54164 <-> 193.70.85.11:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][9 pkts/1449 bytes <-> 8 pkts/4814 bytes][Goodput ratio: 66/91][30.10 sec][Hostname/SNI: doh.bortzmeyer.fr][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.537 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4295/5006 30033/30001 10508/11178][Pkt Len c2s/s2c min/avg/max/stddev: 78/89 161/602 341/2958 75/905][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 11,11,25,11,0,5,11,0,5,0,0,0,5,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5] - 21 TCP 10.0.0.1:34036 <-> 217.169.20.23:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][10 pkts/1545 bytes <-> 6 pkts/4643 bytes][Goodput ratio: 65/93][30.15 sec][Hostname/SNI: dns.aa.net.uk][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.501 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3763/7517 30000/30032 9917/12999][Pkt Len c2s/s2c min/avg/max/stddev: 78/119 154/774 337/3165 74/1081][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][PLAIN TEXT (ffffffDDDDDD)][Plen Bins: 12,6,31,12,0,6,6,0,6,0,0,6,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6] - 22 TCP 10.0.0.1:53802 <-> 1.0.0.1:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][10 pkts/1536 bytes <-> 7 pkts/4626 bytes][Goodput ratio: 65/92][30.11 sec][Hostname/SNI: dns.cloudflare.com][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.501 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3762/15 30000/51 9917/19][Pkt Len c2s/s2c min/avg/max/stddev: 78/85 154/661 342/2892 76/947][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 31,11,18,11,0,5,0,0,0,5,0,0,0,0,0,0,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5] - 23 TCP 10.0.0.1:52176 <-> 136.144.215.158:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][10 pkts/1536 bytes <-> 6 pkts/4602 bytes][Goodput ratio: 65/93][30.10 sec][Hostname/SNI: doh.powerdns.org][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.500 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3762/7507 30033/30000 9930/12986][Pkt Len c2s/s2c min/avg/max/stddev: 78/105 154/767 340/3170 74/1087][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 12,12,25,12,0,12,0,0,6,0,0,6,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6] - 24 TCP 10.0.0.1:44640 <-> 185.235.81.1:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][9 pkts/1457 bytes <-> 7 pkts/4670 bytes][Goodput ratio: 67/92][10.77 sec][Hostname/SNI: doh.dnslify.com][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.524 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1536/2150 10712/10710 3746/4280][Pkt Len c2s/s2c min/avg/max/stddev: 78/78 162/667 339/3168 75/1035][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][PLAIN TEXT (ffffffDDDDDD)][Plen Bins: 18,12,18,12,0,12,0,0,6,0,0,6,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6] - 25 TCP 10.0.0.1:33724 <-> 104.28.28.34:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][9 pkts/1457 bytes <-> 9 pkts/4591 bytes][Goodput ratio: 67/89][32.10 sec][Hostname/SNI: jp.tiarap.org][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.518 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4584/295 31051/1050 10810/455][Pkt Len c2s/s2c min/avg/max/stddev: 78/85 162/510 337/2557 75/751][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 35,5,17,5,5,5,0,0,5,0,0,0,0,5,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5] - 26 TCP 10.0.0.1:51770 <-> 9.9.9.10:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][9 pkts/1457 bytes <-> 8 pkts/4589 bytes][Goodput ratio: 67/91][16.57 sec][Hostname/SNI: dns10.quad9.net][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.518 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2360/2758 16461/16467 5757/6131][Pkt Len c2s/s2c min/avg/max/stddev: 78/78 162/574 339/1616 75/592][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 18,11,18,11,0,11,0,0,5,0,5,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,5] - 27 TCP 10.0.0.1:43718 <-> 146.255.56.98:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][10 pkts/1553 bytes <-> 6 pkts/4353 bytes][Goodput ratio: 65/92][30.17 sec][Hostname/SNI: doh.appliedprivacy.net][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.474 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3770/28 30000/76 9914/31][Pkt Len c2s/s2c min/avg/max/stddev: 78/60 155/726 346/2958 76/1013][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 18,6,25,12,0,6,6,0,0,6,6,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6] - 28 TCP 10.0.0.1:33338 <-> 45.90.28.0:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][9 pkts/1448 bytes <-> 12 pkts/4333 bytes][Goodput ratio: 66/85][30.15 sec][Hostname/SNI: dns.nextdns.io][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.499 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4302/3342 30042/30000 10508/9425][Pkt Len c2s/s2c min/avg/max/stddev: 78/78 161/361 338/1506 76/508][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 14,29,14,14,0,9,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,4,0,0] - 29 TCP 10.0.0.1:39214 <-> 104.28.0.106:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][10 pkts/1548 bytes <-> 8 pkts/4123 bytes][Goodput ratio: 65/90][30.16 sec][Hostname/SNI: doh.crypto.sx][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.454 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3768/16 30000/41 9915/17][Pkt Len c2s/s2c min/avg/max/stddev: 78/85 155/515 337/1506 75/486][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 23,5,23,5,5,5,0,0,5,5,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0] - 30 TCP 10.0.0.1:35742 <-> 209.250.241.25:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][7 pkts/1246 bytes <-> 7 pkts/4395 bytes][Goodput ratio: 70/91][8.59 sec][Hostname/SNI: jarjar.meganerd.nl][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.558 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1692/30 8406/95 3357/35][Pkt Len c2s/s2c min/avg/max/stddev: 85/92 178/628 342/2102 82/772][Risk: ** TLS Cert Expired **][Risk Score: 100][Risk Info: 14/Jul/2020 23:47:21 - 12/Oct/2020 23:47:21][TLSv1.2][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][ServerNames: jarjar.meganerd.nl][JA3S: 2464432ec440b95b36263230c3148d11][Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3][Subject: CN=jarjar.meganerd.nl][Certificate SHA-1: 17:C9:8C:F5:DD:1F:0E:0F:DC:C5:42:4F:ED:C4:CD:57:5A:5D:7A:4F][Firefox][Validity: 2020-07-14 23:47:21 - 2020-10-12 23:47:21][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 7,28,21,0,7,7,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,7] - 31 TCP 10.0.0.1:44704 <-> 185.235.81.1:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][8 pkts/1243 bytes <-> 5 pkts/4229 bytes][Goodput ratio: 65/94][30.09 sec][Hostname/SNI: doh.dnslify.com][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.546 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5008/14 30000/22 11177/10][Pkt Len c2s/s2c min/avg/max/stddev: 78/78 155/846 339/3168 83/1174][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 24,7,24,7,0,7,0,7,7,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7] - 32 TCP 10.0.0.1:51846 <-> 9.9.9.10:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][7 pkts/1155 bytes <-> 5 pkts/4098 bytes][Goodput ratio: 67/93][30.09 sec][Hostname/SNI: dns10.quad9.net][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.560 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/19 47/46 18/19][Pkt Len c2s/s2c min/avg/max/stddev: 78/119 165/820 339/3068 84/1136][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][PLAIN TEXT (ffffffDDDDDD)][Plen Bins: 16,0,34,8,8,8,0,0,8,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8] - 33 TCP 10.0.0.1:53674 <-> 139.99.222.72:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][2 pkts/421 bytes <-> 2 pkts/2872 bytes][Goodput ratio: 74/96][0.26 sec][Hostname/SNI: doh-2.seby.io][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 25,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,25,0,0,0] - 34 TCP 10.0.0.1:53676 <-> 139.99.222.72:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][2 pkts/421 bytes <-> 2 pkts/2870 bytes][Goodput ratio: 74/96][0.27 sec][Hostname/SNI: doh-2.seby.io][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 25,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,25,0,0,0] + 1 TCP 10.0.0.1:50614 <-> 185.95.218.42:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][14 pkts/2180 bytes <-> 16 pkts/7623 bytes][Goodput ratio: 65/89][23.45 sec][Hostname/SNI: dns.digitale-gesellschaft.ch][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.555 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2124/13 16347/44 4911/18][Pkt Len c2s/s2c min/avg/max/stddev: 78/85 156/476 352/2958 67/708][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 20,13,23,16,0,3,0,0,0,3,0,0,0,0,0,6,0,0,0,0,0,0,0,0,6,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3] + 2 TCP 10.0.0.1:43888 <-> 95.216.229.153:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][10 pkts/1559 bytes <-> 8 pkts/6285 bytes][Goodput ratio: 65/93][30.16 sec][Hostname/SNI: fi.doh.dns.snopyta.org][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.602 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3770/16 30052/46 9934/20][Pkt Len c2s/s2c min/avg/max/stddev: 78/89 156/786 346/2958 77/922][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 11,16,28,11,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,5] + 3 TCP 10.0.0.1:59026 <-> 85.5.93.230:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][11 pkts/1966 bytes <-> 12 pkts/5810 bytes][Goodput ratio: 70/89][30.26 sec][Hostname/SNI: ibksturm.synology.me][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.494 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27/15 115/89 36/29][Pkt Len c2s/s2c min/avg/max/stddev: 60/85 179/484 445/1506 113/487][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 21,4,17,13,0,4,0,0,0,13,0,4,4,0,4,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0] + 4 TCP 10.0.0.1:52028 <-> 45.76.113.31:8443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][9 pkts/1438 bytes <-> 11 pkts/6319 bytes][Goodput ratio: 66/91][30.97 sec][Hostname/SNI: doh.seby.io][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.629 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4379/3404 30317/30002 10590/9405][Pkt Len c2s/s2c min/avg/max/stddev: 78/93 160/574 335/1464 75/564][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][PLAIN TEXT (ffffffDDDDDD)][Plen Bins: 10,15,30,10,0,5,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,10,0,0,0] + 5 TCP 10.0.0.1:57058 <-> 46.227.200.54:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][9 pkts/1445 bytes <-> 8 pkts/5948 bytes][Goodput ratio: 66/93][30.13 sec][Hostname/SNI: rdns.faelix.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.609 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4304/5014 30049/30000 10511/11174][Pkt Len c2s/s2c min/avg/max/stddev: 78/89 161/744 339/2958 74/935][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 12,12,25,12,0,5,5,0,5,0,5,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,5] + 6 TCP 10.0.0.1:55322 <-> 185.134.196.55:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][10 pkts/1532 bytes <-> 7 pkts/5815 bytes][Goodput ratio: 65/93][16.35 sec][Hostname/SNI: rdns.faelix.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.583 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2039/3262 16237/16242 5366/6490][Pkt Len c2s/s2c min/avg/max/stddev: 78/78 153/831 339/2958 74/969][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 18,5,25,12,0,5,5,0,5,0,5,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,5] + 7 TCP 10.0.0.1:38186 <-> 185.43.135.1:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][11 pkts/1728 bytes <-> 13 pkts/5220 bytes][Goodput ratio: 66/87][10.17 sec][Hostname/SNI: odvr.nic.cz][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.503 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1263/1013 10000/10000 3302/2996][Pkt Len c2s/s2c min/avg/max/stddev: 85/92 157/402 335/3057 70/784][Risk: ** TLS Cert Expired **][Risk Score: 100][Risk Info: 03/Aug/2020 06:53:50 - 01/Nov/2020 06:53:50][TLSv1.2][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][ServerNames: odvr.nic.cz][JA3S: 1089ea6f0461a29006cc96dfe7a11d80][Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3][Subject: CN=odvr.nic.cz][Certificate SHA-1: 15:57:4E:06:5B:3D:23:22:EF:BC:2E:5B:A3:3E:A5:76:BD:14:01:4B][Firefox][Validity: 2020-08-03 06:53:50 - 2020-11-01 06:53:50][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 4,51,12,12,0,4,0,0,4,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4] + 8 TCP 10.0.0.1:55962 <-> 51.158.147.50:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][10 pkts/1540 bytes <-> 7 pkts/5403 bytes][Goodput ratio: 65/93][23.03 sec][Hostname/SNI: resolver-eu.lelux.fi][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.556 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2879/17 22962/28 7591/14][Pkt Len c2s/s2c min/avg/max/stddev: 78/102 154/772 344/3185 77/1040][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 11,11,37,11,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5] + 9 TCP 10.0.0.1:60026 <-> 195.30.94.28:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][9 pkts/1455 bytes <-> 6 pkts/5347 bytes][Goodput ratio: 67/94][10.04 sec][Hostname/SNI: doh.ffmuc.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.572 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 1434/37 9925/63 3467/26][Pkt Len c2s/s2c min/avg/max/stddev: 78/89 162/891 337/2958 74/961][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 13,6,20,13,0,6,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6] + 10 TCP 10.0.0.1:40938 <-> 172.104.93.80:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][10 pkts/1523 bytes <-> 6 pkts/5217 bytes][Goodput ratio: 65/94][22.42 sec][Hostname/SNI: jp.tiar.app][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.548 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2778/5507 21637/21834 7129/9427][Pkt Len c2s/s2c min/avg/max/stddev: 78/78 152/870 335/2248 74/759][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: 475c9302dc42b2751db9edcac3b74891][Firefox][Cipher: TLS_CHACHA20_POLY1305_SHA256][PLAIN TEXT (ffffffDDDDDD)][Plen Bins: 18,6,18,12,0,6,0,0,12,0,0,0,0,6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,6] + 11 TCP 10.0.0.1:46658 <-> 185.233.106.232:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][8 pkts/1437 bytes <-> 7 pkts/5154 bytes][Goodput ratio: 70/93][27.98 sec][Hostname/SNI: dns.dnshome.de][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.564 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4659/5583 27865/27889 10378/11153][Pkt Len c2s/s2c min/avg/max/stddev: 78/78 180/736 389/2958 111/936][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 21,6,13,13,0,0,6,0,6,0,13,0,0,0,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6] + 12 TCP 10.0.0.1:35714 <-> 209.250.241.25:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][9 pkts/1516 bytes <-> 9 pkts/5023 bytes][Goodput ratio: 68/90][6.97 sec][Hostname/SNI: jarjar.meganerd.nl][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.536 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 992/7 6894/26 2409/11][Pkt Len c2s/s2c min/avg/max/stddev: 85/92 168/558 342/2102 74/700][Risk: ** TLS Cert Expired **][Risk Score: 100][Risk Info: 14/Jul/2020 23:47:21 - 12/Oct/2020 23:47:21][TLSv1.2][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][ServerNames: jarjar.meganerd.nl][JA3S: 2464432ec440b95b36263230c3148d11][Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3][Subject: CN=jarjar.meganerd.nl][Certificate SHA-1: 17:C9:8C:F5:DD:1F:0E:0F:DC:C5:42:4F:ED:C4:CD:57:5A:5D:7A:4F][Firefox][Validity: 2020-07-14 23:47:21 - 2020-10-12 23:47:21][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 5,28,23,11,0,5,0,0,0,5,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,5] + 13 TCP 10.0.0.1:52386 <-> 51.15.124.208:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][10 pkts/1536 bytes <-> 8 pkts/4974 bytes][Goodput ratio: 65/91][16.18 sec][Hostname/SNI: dnsnl.alekberg.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.528 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2022/11 16115/27 5327/12][Pkt Len c2s/s2c min/avg/max/stddev: 78/85 154/622 342/2958 76/923][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 16,23,16,11,5,5,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5] + 14 TCP 10.0.0.1:37530 <-> 167.114.220.125:453 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][10 pkts/1537 bytes <-> 10 pkts/4945 bytes][Goodput ratio: 65/89][17.40 sec][Hostname/SNI: dns1.dnscrypt.ca][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.526 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2161/2161 17071/17045 5636/5626][Pkt Len c2s/s2c min/avg/max/stddev: 78/78 154/494 340/3154 76/905][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][PLAIN TEXT (ffffffDDDDDD)][Plen Bins: 15,30,20,10,0,5,0,0,5,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5] + 15 TCP 10.0.0.1:59404 <-> 185.253.154.66:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][10 pkts/1536 bytes <-> 7 pkts/4898 bytes][Goodput ratio: 65/92][22.86 sec][Hostname/SNI: dnses.alekberg.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.523 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2857/18 22768/44 7526/21][Pkt Len c2s/s2c min/avg/max/stddev: 78/89 154/700 342/2958 76/962][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 11,25,18,11,5,5,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5] + 16 TCP 10.0.0.1:43106 <-> 116.202.176.26:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][10 pkts/1546 bytes <-> 7 pkts/4884 bytes][Goodput ratio: 65/92][30.19 sec][Hostname/SNI: doh.libredns.gr][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.519 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3774/34 30000/124 9913/46][Pkt Len c2s/s2c min/avg/max/stddev: 78/89 155/698 339/3179 74/1019][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 11,11,24,11,0,5,0,0,18,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5] + 17 TCP 10.0.0.1:36012 <-> 149.56.228.45:453 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][9 pkts/1447 bytes <-> 10 pkts/4943 bytes][Goodput ratio: 66/89][16.62 sec][Hostname/SNI: dns2.dnscrypt.ca][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.547 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2358/2063 16281/16268 5684/5369][Pkt Len c2s/s2c min/avg/max/stddev: 78/78 161/494 340/3152 76/904][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 15,26,21,10,0,5,0,0,5,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5] + 18 TCP 10.0.0.1:41720 <-> 116.203.179.248:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][10 pkts/1528 bytes <-> 12 pkts/4776 bytes][Goodput ratio: 65/86][15.70 sec][Hostname/SNI: rumpelsepp.org][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.515 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/6 25/23 9/9][Pkt Len c2s/s2c min/avg/max/stddev: 78/78 153/398 338/1506 75/506][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][PLAIN TEXT (ffffffDDDDDD)][Plen Bins: 13,28,13,13,0,4,0,4,4,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0] + 19 TCP 10.0.0.1:38018 <-> 45.153.187.96:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][9 pkts/1448 bytes <-> 6 pkts/4822 bytes][Goodput ratio: 66/93][15.95 sec][Hostname/SNI: dnsse.alekberg.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.538 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 2279/20 15848/48 5540/19][Pkt Len c2s/s2c min/avg/max/stddev: 78/89 161/804 342/2958 77/1002][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 13,6,27,13,6,6,0,0,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6] + 20 TCP 10.0.0.1:54164 <-> 193.70.85.11:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][9 pkts/1449 bytes <-> 8 pkts/4814 bytes][Goodput ratio: 66/91][30.10 sec][Hostname/SNI: doh.bortzmeyer.fr][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.537 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4295/5006 30033/30001 10508/11178][Pkt Len c2s/s2c min/avg/max/stddev: 78/89 161/602 341/2958 75/905][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 11,11,25,11,0,5,11,0,5,0,0,0,5,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5] + 21 TCP 10.0.0.1:34036 <-> 217.169.20.23:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][10 pkts/1545 bytes <-> 6 pkts/4643 bytes][Goodput ratio: 65/93][30.15 sec][Hostname/SNI: dns.aa.net.uk][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.501 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3763/7517 30000/30032 9917/12999][Pkt Len c2s/s2c min/avg/max/stddev: 78/119 154/774 337/3165 74/1081][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][PLAIN TEXT (ffffffDDDDDD)][Plen Bins: 12,6,31,12,0,6,6,0,6,0,0,6,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6] + 22 TCP 10.0.0.1:53802 <-> 1.0.0.1:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][10 pkts/1536 bytes <-> 7 pkts/4626 bytes][Goodput ratio: 65/92][30.11 sec][Hostname/SNI: dns.cloudflare.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.501 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3762/15 30000/51 9917/19][Pkt Len c2s/s2c min/avg/max/stddev: 78/85 154/661 342/2892 76/947][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 31,11,18,11,0,5,0,0,0,5,0,0,0,0,0,0,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5] + 23 TCP 10.0.0.1:52176 <-> 136.144.215.158:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][10 pkts/1536 bytes <-> 6 pkts/4602 bytes][Goodput ratio: 65/93][30.10 sec][Hostname/SNI: doh.powerdns.org][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.500 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3762/7507 30033/30000 9930/12986][Pkt Len c2s/s2c min/avg/max/stddev: 78/105 154/767 340/3170 74/1087][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 12,12,25,12,0,12,0,0,6,0,0,6,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6] + 24 TCP 10.0.0.1:44640 <-> 185.235.81.1:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][9 pkts/1457 bytes <-> 7 pkts/4670 bytes][Goodput ratio: 67/92][10.77 sec][Hostname/SNI: doh.dnslify.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.524 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1536/2150 10712/10710 3746/4280][Pkt Len c2s/s2c min/avg/max/stddev: 78/78 162/667 339/3168 75/1035][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][PLAIN TEXT (ffffffDDDDDD)][Plen Bins: 18,12,18,12,0,12,0,0,6,0,0,6,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6] + 25 TCP 10.0.0.1:33724 <-> 104.28.28.34:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][9 pkts/1457 bytes <-> 9 pkts/4591 bytes][Goodput ratio: 67/89][32.10 sec][Hostname/SNI: jp.tiarap.org][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.518 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4584/295 31051/1050 10810/455][Pkt Len c2s/s2c min/avg/max/stddev: 78/85 162/510 337/2557 75/751][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 35,5,17,5,5,5,0,0,5,0,0,0,0,5,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5] + 26 TCP 10.0.0.1:51770 <-> 9.9.9.10:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][9 pkts/1457 bytes <-> 8 pkts/4589 bytes][Goodput ratio: 67/91][16.57 sec][Hostname/SNI: dns10.quad9.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.518 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2360/2758 16461/16467 5757/6131][Pkt Len c2s/s2c min/avg/max/stddev: 78/78 162/574 339/1616 75/592][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 18,11,18,11,0,11,0,0,5,0,5,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,5] + 27 TCP 10.0.0.1:43718 <-> 146.255.56.98:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][10 pkts/1553 bytes <-> 6 pkts/4353 bytes][Goodput ratio: 65/92][30.17 sec][Hostname/SNI: doh.appliedprivacy.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.474 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3770/28 30000/76 9914/31][Pkt Len c2s/s2c min/avg/max/stddev: 78/60 155/726 346/2958 76/1013][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 18,6,25,12,0,6,6,0,0,6,6,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6] + 28 TCP 10.0.0.1:33338 <-> 45.90.28.0:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][9 pkts/1448 bytes <-> 12 pkts/4333 bytes][Goodput ratio: 66/85][30.15 sec][Hostname/SNI: dns.nextdns.io][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.499 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4302/3342 30042/30000 10508/9425][Pkt Len c2s/s2c min/avg/max/stddev: 78/78 161/361 338/1506 76/508][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 14,29,14,14,0,9,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,4,0,0] + 29 TCP 10.0.0.1:39214 <-> 104.28.0.106:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][10 pkts/1548 bytes <-> 8 pkts/4123 bytes][Goodput ratio: 65/90][30.16 sec][Hostname/SNI: doh.crypto.sx][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.454 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3768/16 30000/41 9915/17][Pkt Len c2s/s2c min/avg/max/stddev: 78/85 155/515 337/1506 75/486][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 23,5,23,5,5,5,0,0,5,5,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0] + 30 TCP 10.0.0.1:35742 <-> 209.250.241.25:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][7 pkts/1246 bytes <-> 7 pkts/4395 bytes][Goodput ratio: 70/91][8.59 sec][Hostname/SNI: jarjar.meganerd.nl][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.558 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1692/30 8406/95 3357/35][Pkt Len c2s/s2c min/avg/max/stddev: 85/92 178/628 342/2102 82/772][Risk: ** TLS Cert Expired **][Risk Score: 100][Risk Info: 14/Jul/2020 23:47:21 - 12/Oct/2020 23:47:21][TLSv1.2][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][ServerNames: jarjar.meganerd.nl][JA3S: 2464432ec440b95b36263230c3148d11][Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3][Subject: CN=jarjar.meganerd.nl][Certificate SHA-1: 17:C9:8C:F5:DD:1F:0E:0F:DC:C5:42:4F:ED:C4:CD:57:5A:5D:7A:4F][Firefox][Validity: 2020-07-14 23:47:21 - 2020-10-12 23:47:21][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 7,28,21,0,7,7,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,7] + 31 TCP 10.0.0.1:44704 <-> 185.235.81.1:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][8 pkts/1243 bytes <-> 5 pkts/4229 bytes][Goodput ratio: 65/94][30.09 sec][Hostname/SNI: doh.dnslify.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.546 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5008/14 30000/22 11177/10][Pkt Len c2s/s2c min/avg/max/stddev: 78/78 155/846 339/3168 83/1174][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 24,7,24,7,0,7,0,7,7,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7] + 32 TCP 10.0.0.1:51846 <-> 9.9.9.10:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][7 pkts/1155 bytes <-> 5 pkts/4098 bytes][Goodput ratio: 67/93][30.09 sec][Hostname/SNI: dns10.quad9.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.560 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/19 47/46 18/19][Pkt Len c2s/s2c min/avg/max/stddev: 78/119 165/820 339/3068 84/1136][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][PLAIN TEXT (ffffffDDDDDD)][Plen Bins: 16,0,34,8,8,8,0,0,8,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8] + 33 TCP 10.0.0.1:53674 <-> 139.99.222.72:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][2 pkts/421 bytes <-> 2 pkts/2872 bytes][Goodput ratio: 74/96][0.26 sec][Hostname/SNI: doh-2.seby.io][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 25,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,25,0,0,0] + 34 TCP 10.0.0.1:53676 <-> 139.99.222.72:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][2 pkts/421 bytes <-> 2 pkts/2870 bytes][Goodput ratio: 74/96][0.27 sec][Hostname/SNI: doh-2.seby.io][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 25,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,25,0,0,0] diff --git a/tests/result/doq.pcapng.out b/tests/result/doq.pcapng.out index 80a622d42..cfd6c890f 100644 --- a/tests/result/doq.pcapng.out +++ b/tests/result/doq.pcapng.out @@ -15,7 +15,7 @@ Automa host: 0/0 (search/found) Automa domain: 0/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) -Automa common alpns: 0/0 (search/found) +Automa common alpns: 1/1 (search/found) Patricia risk mask: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia protocols: 0/0 (search/found) @@ -28,5 +28,5 @@ JA3 Host Stats: 1 ::1 1 - 1 UDP [::1]:47826 <-> [::1]:784 [proto: 188.196/QUIC.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][3 pkts/1690 bytes <-> 11 pkts/3098 bytes][Goodput ratio: 89/78][3.16 sec][ALPN: doq-i00][TLS Supported Versions: TLSv1.3;TLSv1.3 (draft);TLSv1.3 (draft);TLSv1.3 (draft)][bytes ratio: -0.294 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/7 1/329 2/1601 1/517][Pkt Len c2s/s2c min/avg/max/stddev: 117/117 563/282 1294/1294 521/340][Risk: ** Missing SNI TLS Extn **][Risk Score: 50][Risk Info: No server to client traffic][TLSv1.3][JA3C: c0ce40fbb78cbf86a14e6a38b26d6ede][Plen Bins: 0,21,50,0,0,0,7,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0] + 1 UDP [::1]:47826 <-> [::1]:784 [proto: 188.196/QUIC.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][3 pkts/1690 bytes <-> 11 pkts/3098 bytes][Goodput ratio: 89/78][3.16 sec][(Advertised) ALPNs: doq-i00][TLS Supported Versions: TLSv1.3;TLSv1.3 (draft);TLSv1.3 (draft);TLSv1.3 (draft)][bytes ratio: -0.294 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/7 1/329 2/1601 1/517][Pkt Len c2s/s2c min/avg/max/stddev: 117/117 563/282 1294/1294 521/340][Risk: ** Missing SNI TLS Extn **][Risk Score: 50][Risk Info: No server to client traffic][TLSv1.3][JA3C: c0ce40fbb78cbf86a14e6a38b26d6ede][Plen Bins: 0,21,50,0,0,0,7,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0] 2 ICMPV6 [::1]:0 -> [::1]:0 [proto: 102/ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][6 pkts/1170 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][3.10 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 100/0 620/0 1601/0 546/0][Pkt Len c2s/s2c min/avg/max/stddev: 195/0 195/0 195/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/doq_adguard.pcapng.out b/tests/result/doq_adguard.pcapng.out index 9fef67046..cf2eb7709 100644 --- a/tests/result/doq_adguard.pcapng.out +++ b/tests/result/doq_adguard.pcapng.out @@ -14,7 +14,7 @@ Automa host: 1/1 (search/found) Automa domain: 1/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) -Automa common alpns: 0/0 (search/found) +Automa common alpns: 1/1 (search/found) Patricia risk mask: 2/0 (search/found) Patricia risk: 0/0 (search/found) Patricia protocols: 2/0 (search/found) @@ -26,4 +26,4 @@ JA3 Host Stats: 1 192.168.12.169 1 - 1 UDP 192.168.12.169:41070 <-> 94.140.14.14:784 [proto: 188.196/QUIC.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][164 pkts/17196 bytes <-> 132 pkts/27249 bytes][Goodput ratio: 60/80][38.08 sec][Hostname/SNI: dns.adguard.com][ALPN: doq-i00][TLS Supported Versions: TLSv1.3][bytes ratio: -0.226 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 232/242 2999/3045 449/458][Pkt Len c2s/s2c min/avg/max/stddev: 72/81 105/206 1274/1294 132/268][TLSv1.3][JA3C: 1e022f87823477abd6a79c31d70062d7][PLAIN TEXT (AKToSb)][Plen Bins: 15,47,16,9,4,0,2,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0] + 1 UDP 192.168.12.169:41070 <-> 94.140.14.14:784 [proto: 188.196/QUIC.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][164 pkts/17196 bytes <-> 132 pkts/27249 bytes][Goodput ratio: 60/80][38.08 sec][Hostname/SNI: dns.adguard.com][(Advertised) ALPNs: doq-i00][TLS Supported Versions: TLSv1.3][bytes ratio: -0.226 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 232/242 2999/3045 449/458][Pkt Len c2s/s2c min/avg/max/stddev: 72/81 105/206 1274/1294 132/268][TLSv1.3][JA3C: 1e022f87823477abd6a79c31d70062d7][PLAIN TEXT (AKToSb)][Plen Bins: 15,47,16,9,4,0,2,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/encrypted_sni.pcap.out b/tests/result/encrypted_sni.pcap.out index 5bb6eaa50..7d5c5c4fb 100644 --- a/tests/result/encrypted_sni.pcap.out +++ b/tests/result/encrypted_sni.pcap.out @@ -14,7 +14,7 @@ Automa host: 0/0 (search/found) Automa domain: 0/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) -Automa common alpns: 0/0 (search/found) +Automa common alpns: 6/6 (search/found) Patricia risk mask: 6/0 (search/found) Patricia risk: 0/0 (search/found) Patricia protocols: 3/3 (search/found) @@ -26,6 +26,6 @@ JA3 Host Stats: 1 192.168.1.12 1 - 1 TCP 192.168.1.12:49886 -> 104.27.129.77:443 [proto: 91/TLS][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/770 bytes -> 0 pkts/0 bytes][Goodput ratio: 93/0][< 1 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.2][JA3C: 957015a0b1e2500d8777219893a09495][ESNI: 9624CB3C4E230827F78CF5BF640D22DEA33FCC598EA6A32D939905586FBE997B9E68661F8956D4893072E19DE24CD1FB88A9F71FC4CC01BAB5C914FDF96A647D671B5E89859BAEEAB122218688496DF4DF0C328C3D5F940B109CEB2A2743D5CBE3594288A229B8C7E2F88303E3FE1A26A89E5001F2BD936890FEF78F06E05ECC063A68BDB8C18DFAC114CF1FECDB8BE1FC2FEECB2315D27998D682B129FD1E3EB5D7985DCBDC452A1082CCC038E0BF69570FEFAC6BC6FB951F89B6792CADA76403C02CEB5DCE1CE6EDDD16D5F7FB6B85D2B92485448DE0088E421E83F1E28B267FBE3B59AE0496FB845213C271D4C5AC5E9E7E5F6A3072445307FCCEB7306710459991C40CC4DC1FC325154C7974DD780371397805456A19AE23EE88475C1DF07697B666][ESNI Cipher: TLS_AES_128_GCM_SHA256][Firefox][PLAIN TEXT (http/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 2 TCP 192.168.1.12:49887 -> 104.16.125.175:443 [proto: 91/TLS][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/770 bytes -> 0 pkts/0 bytes][Goodput ratio: 93/0][< 1 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.2][JA3C: 957015a0b1e2500d8777219893a09495][ESNI: B900004E39E84B98F5AE87B0A020EC49FED86F2B488B6AB28BDE9F957621F2774366DE90E65C4CA808668911624685EC4C6DC6C161A97CBE82281BC08427697AA3BE6A40E5F00ACF8B63E329317B0E4E85642D50AB8790E6197DA62D9F5B3239DCC59437797FE768A520C9D471FEABA1375DF61E4A39B09363CB109E7B24A793844896DDD16B6EE7DBE576D767161D782D7BF6FEC453A05A923D8D8E9BEFFC97E8E56C4F1AAB70FE99BC97819E1D908A5F3B3094F4BF25EB7A24A94FDBC3E107A423B8BB341F22900F7BBD87780E30B6ECF393FEB8FBFFEB54C79FA0673FE1AAD17B221D4BFF6450AA0CD4AF513066B66080B602147F3ACB7145A436C5689DA20BACB8BF9BABD851012556EC8F7BB9D74BFAAF25DCF4362A5775607C3CE5C2C29F183969][ESNI Cipher: TLS_AES_128_GCM_SHA256][Firefox][PLAIN TEXT (http/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 3 TCP 192.168.1.12:49897 -> 104.22.71.197:443 [proto: 91/TLS][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/770 bytes -> 0 pkts/0 bytes][Goodput ratio: 93/0][< 1 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.2][JA3C: 957015a0b1e2500d8777219893a09495][ESNI: CD69AC727FFAA0EA70A12AA46E71537EB99234B996818C913C72A0AC1184BFA5DD3B617E013E4CA092B2E9CFB78BCD8D33CBAF12A974DFB78E49B8BF9A57997418EF14C87830961E3C8480D2A4BF27D61D911CEF4300924A9F36105748BAED845FF585E40406545BB35C6DAAD7896433EC4DFD6B6F49728DA85D707DB7AC784F55A6658DC6ADE3087B1E46BBBEDFA44F3E8754B31A6BCF8519D291D3629805FA826E43799EA6E33021CF0A83CA05717B00F37D69841934F5B5BF254C6467888A592C38A3007DB3B7D5CBB8DB742B657F8F973C050BAA817AA571393CD8A4BC0B2312460A77DD0510F4BBCE43D53BCF334E4E8C7570255BBD17714403F4B6925434CD67F96FA9E05D700776810EEB5786B1C8188A4D73F8208B614B93284A8093929594BE][ESNI Cipher: TLS_AES_128_GCM_SHA256][Firefox][PLAIN TEXT (http/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 TCP 192.168.1.12:49886 -> 104.27.129.77:443 [proto: 91/TLS][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/770 bytes -> 0 pkts/0 bytes][Goodput ratio: 93/0][< 1 sec][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.2][JA3C: 957015a0b1e2500d8777219893a09495][ESNI: 9624CB3C4E230827F78CF5BF640D22DEA33FCC598EA6A32D939905586FBE997B9E68661F8956D4893072E19DE24CD1FB88A9F71FC4CC01BAB5C914FDF96A647D671B5E89859BAEEAB122218688496DF4DF0C328C3D5F940B109CEB2A2743D5CBE3594288A229B8C7E2F88303E3FE1A26A89E5001F2BD936890FEF78F06E05ECC063A68BDB8C18DFAC114CF1FECDB8BE1FC2FEECB2315D27998D682B129FD1E3EB5D7985DCBDC452A1082CCC038E0BF69570FEFAC6BC6FB951F89B6792CADA76403C02CEB5DCE1CE6EDDD16D5F7FB6B85D2B92485448DE0088E421E83F1E28B267FBE3B59AE0496FB845213C271D4C5AC5E9E7E5F6A3072445307FCCEB7306710459991C40CC4DC1FC325154C7974DD780371397805456A19AE23EE88475C1DF07697B666][ESNI Cipher: TLS_AES_128_GCM_SHA256][Firefox][PLAIN TEXT (http/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 TCP 192.168.1.12:49887 -> 104.16.125.175:443 [proto: 91/TLS][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/770 bytes -> 0 pkts/0 bytes][Goodput ratio: 93/0][< 1 sec][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.2][JA3C: 957015a0b1e2500d8777219893a09495][ESNI: B900004E39E84B98F5AE87B0A020EC49FED86F2B488B6AB28BDE9F957621F2774366DE90E65C4CA808668911624685EC4C6DC6C161A97CBE82281BC08427697AA3BE6A40E5F00ACF8B63E329317B0E4E85642D50AB8790E6197DA62D9F5B3239DCC59437797FE768A520C9D471FEABA1375DF61E4A39B09363CB109E7B24A793844896DDD16B6EE7DBE576D767161D782D7BF6FEC453A05A923D8D8E9BEFFC97E8E56C4F1AAB70FE99BC97819E1D908A5F3B3094F4BF25EB7A24A94FDBC3E107A423B8BB341F22900F7BBD87780E30B6ECF393FEB8FBFFEB54C79FA0673FE1AAD17B221D4BFF6450AA0CD4AF513066B66080B602147F3ACB7145A436C5689DA20BACB8BF9BABD851012556EC8F7BB9D74BFAAF25DCF4362A5775607C3CE5C2C29F183969][ESNI Cipher: TLS_AES_128_GCM_SHA256][Firefox][PLAIN TEXT (http/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 TCP 192.168.1.12:49897 -> 104.22.71.197:443 [proto: 91/TLS][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/770 bytes -> 0 pkts/0 bytes][Goodput ratio: 93/0][< 1 sec][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.2][JA3C: 957015a0b1e2500d8777219893a09495][ESNI: CD69AC727FFAA0EA70A12AA46E71537EB99234B996818C913C72A0AC1184BFA5DD3B617E013E4CA092B2E9CFB78BCD8D33CBAF12A974DFB78E49B8BF9A57997418EF14C87830961E3C8480D2A4BF27D61D911CEF4300924A9F36105748BAED845FF585E40406545BB35C6DAAD7896433EC4DFD6B6F49728DA85D707DB7AC784F55A6658DC6ADE3087B1E46BBBEDFA44F3E8754B31A6BCF8519D291D3629805FA826E43799EA6E33021CF0A83CA05717B00F37D69841934F5B5BF254C6467888A592C38A3007DB3B7D5CBB8DB742B657F8F973C050BAA817AA571393CD8A4BC0B2312460A77DD0510F4BBCE43D53BCF334E4E8C7570255BBD17714403F4B6925434CD67F96FA9E05D700776810EEB5786B1C8188A4D73F8208B614B93284A8093929594BE][ESNI Cipher: TLS_AES_128_GCM_SHA256][Firefox][PLAIN TEXT (http/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/facebook.pcap.out b/tests/result/facebook.pcap.out index 43a8f7b20..437a1e3b0 100644 --- a/tests/result/facebook.pcap.out +++ b/tests/result/facebook.pcap.out @@ -26,5 +26,5 @@ JA3 Host Stats: 1 192.168.43.18 2 - 1 TCP 192.168.43.18:44614 <-> 31.13.86.36:443 [proto: 91.119/TLS.Facebook][IP: 119/Facebook][Encrypted][Confidence: DPI][cat: SocialNetwork/6][19 pkts/2664 bytes <-> 22 pkts/22102 bytes][Goodput ratio: 53/93][0.68 sec][Hostname/SNI: www.facebook.com][ALPN: h2;spdy/3.1;http/1.1][bytes ratio: -0.785 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 35/31 154/154 52/52][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 140/1005 583/1454 137/604][TLSv1.2][JA3C: 5c60e71f1b8cd40e4d40ed5b6d666e3f][JA3S: 96681175a9547081bf3d417f1a572091][Firefox][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,14,10,3,7,0,0,0,0,0,0,3,3,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,51,0,0,0,0] - 2 TCP 192.168.43.18:52066 <-> 66.220.156.68:443 [proto: 91.119/TLS.Facebook][IP: 119/Facebook][Encrypted][Confidence: DPI][cat: SocialNetwork/6][9 pkts/1345 bytes <-> 10 pkts/4400 bytes][Goodput ratio: 55/85][1.30 sec][Hostname/SNI: facebook.com][ALPN: h2;spdy/3.1;http/1.1][bytes ratio: -0.532 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 148/73 414/313 172/127][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 149/440 449/1454 125/522][TLSv1.2][JA3C: bfcc1a3891601edb4f137ab7ab25b840][ServerNames: *.facebook.com,*.facebook.net,*.fb.com,*.fbcdn.net,*.fbsbx.com,*.m.facebook.com,*.messenger.com,*.xx.fbcdn.net,*.xy.fbcdn.net,*.xz.fbcdn.net,facebook.com,fb.com,messenger.com][JA3S: 2d1eb5817ece335c24904f516ad5da12][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA][Subject: C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com][Certificate SHA-1: A0:4E:AF:B3:48:C2:6B:15:A8:C1:AA:87:A3:33:CA:A3:CD:EE:C9:C9][Firefox][Validity: 2014-08-28 00:00:00 - 2016-12-30 12:00:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,18,9,9,0,9,9,0,9,0,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,0] + 1 TCP 192.168.43.18:44614 <-> 31.13.86.36:443 [proto: 91.119/TLS.Facebook][IP: 119/Facebook][Encrypted][Confidence: DPI][cat: SocialNetwork/6][19 pkts/2664 bytes <-> 22 pkts/22102 bytes][Goodput ratio: 53/93][0.68 sec][Hostname/SNI: www.facebook.com][(Advertised) ALPNs: h2;spdy/3.1;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.785 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 35/31 154/154 52/52][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 140/1005 583/1454 137/604][TLSv1.2][JA3C: 5c60e71f1b8cd40e4d40ed5b6d666e3f][JA3S: 96681175a9547081bf3d417f1a572091][Firefox][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,14,10,3,7,0,0,0,0,0,0,3,3,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,51,0,0,0,0] + 2 TCP 192.168.43.18:52066 <-> 66.220.156.68:443 [proto: 91.119/TLS.Facebook][IP: 119/Facebook][Encrypted][Confidence: DPI][cat: SocialNetwork/6][9 pkts/1345 bytes <-> 10 pkts/4400 bytes][Goodput ratio: 55/85][1.30 sec][Hostname/SNI: facebook.com][(Advertised) ALPNs: h2;spdy/3.1;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.532 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 148/73 414/313 172/127][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 149/440 449/1454 125/522][TLSv1.2][JA3C: bfcc1a3891601edb4f137ab7ab25b840][ServerNames: *.facebook.com,*.facebook.net,*.fb.com,*.fbcdn.net,*.fbsbx.com,*.m.facebook.com,*.messenger.com,*.xx.fbcdn.net,*.xy.fbcdn.net,*.xz.fbcdn.net,facebook.com,fb.com,messenger.com][JA3S: 2d1eb5817ece335c24904f516ad5da12][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA][Subject: C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com][Certificate SHA-1: A0:4E:AF:B3:48:C2:6B:15:A8:C1:AA:87:A3:33:CA:A3:CD:EE:C9:C9][Firefox][Validity: 2014-08-28 00:00:00 - 2016-12-30 12:00:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,18,9,9,0,9,9,0,9,0,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,0] diff --git a/tests/result/firefox.pcap.out b/tests/result/firefox.pcap.out index 9f6338d8a..4181ff8be 100644 --- a/tests/result/firefox.pcap.out +++ b/tests/result/firefox.pcap.out @@ -14,7 +14,7 @@ Automa host: 6/0 (search/found) Automa domain: 6/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) -Automa common alpns: 0/0 (search/found) +Automa common alpns: 12/12 (search/found) Patricia risk mask: 12/0 (search/found) Patricia risk: 0/0 (search/found) Patricia protocols: 12/0 (search/found) @@ -26,9 +26,9 @@ JA3 Host Stats: 1 192.168.1.178 2 - 1 TCP 192.168.1.178:51588 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][544 pkts/39296 bytes <-> 843 pkts/1241907 bytes][Goodput ratio: 9/96][1.11 sec][Hostname/SNI: www.iit.cnr.it][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.939 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/1 195/42 11/4][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 72/1473 746/1506 51/178][TLSv1.3][JA3C: df208241e7f3897d4ca38cfe68eabb21][JA3S: 2253c82f03b621c5144709b393fde2c9][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,94,0,0] - 2 TCP 192.168.1.178:51577 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][436 pkts/33554 bytes <-> 629 pkts/927958 bytes][Goodput ratio: 14/96][2.10 sec][Hostname/SNI: www.iit.cnr.it][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.930 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/2 270/575 19/27][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 77/1475 583/1506 64/189][TLSv1.3][JA3C: aa7744226c695c0b2e440419848cf700][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,1,0,0,0,0,0,0,1,0,4,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,91,0,0] - 3 TCP 192.168.1.178:51583 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][408 pkts/30627 bytes <-> 623 pkts/906942 bytes][Goodput ratio: 12/95][1.17 sec][Hostname/SNI: www.iit.cnr.it][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.935 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/1 203/231 16/11][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 75/1456 746/1506 61/223][TLSv1.3][JA3C: df208241e7f3897d4ca38cfe68eabb21][JA3S: 2253c82f03b621c5144709b393fde2c9][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,96,0,0] - 4 TCP 192.168.1.178:51601 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][350 pkts/24993 bytes <-> 528 pkts/777348 bytes][Goodput ratio: 8/96][0.79 sec][Hostname/SNI: www.iit.cnr.it][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.938 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/1 58/58 7/6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 71/1472 746/1506 50/192][TLSv1.3][JA3C: df208241e7f3897d4ca38cfe68eabb21][JA3S: 2253c82f03b621c5144709b393fde2c9][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,98,0,0] - 5 TCP 192.168.1.178:51600 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][255 pkts/20235 bytes <-> 391 pkts/567512 bytes][Goodput ratio: 17/95][0.77 sec][Hostname/SNI: www.iit.cnr.it][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.931 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/1 77/79 9/8][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 79/1451 746/1506 74/238][TLSv1.3][JA3C: df208241e7f3897d4ca38cfe68eabb21][JA3S: 2253c82f03b621c5144709b393fde2c9][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,95,0,0] - 6 TCP 192.168.1.178:51599 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][180 pkts/14936 bytes <-> 254 pkts/367424 bytes][Goodput ratio: 20/95][0.72 sec][Hostname/SNI: www.iit.cnr.it][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.922 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/2 104/88 14/11][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 83/1447 746/1506 85/253][TLSv1.3][JA3C: df208241e7f3897d4ca38cfe68eabb21][JA3S: 2253c82f03b621c5144709b393fde2c9][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,98,0,0] + 1 TCP 192.168.1.178:51588 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][544 pkts/39296 bytes <-> 843 pkts/1241907 bytes][Goodput ratio: 9/96][1.11 sec][Hostname/SNI: www.iit.cnr.it][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.939 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/1 195/42 11/4][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 72/1473 746/1506 51/178][TLSv1.3][JA3C: df208241e7f3897d4ca38cfe68eabb21][JA3S: 2253c82f03b621c5144709b393fde2c9][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,94,0,0] + 2 TCP 192.168.1.178:51577 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][436 pkts/33554 bytes <-> 629 pkts/927958 bytes][Goodput ratio: 14/96][2.10 sec][Hostname/SNI: www.iit.cnr.it][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.930 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/2 270/575 19/27][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 77/1475 583/1506 64/189][TLSv1.3][JA3C: aa7744226c695c0b2e440419848cf700][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,1,0,0,0,0,0,0,1,0,4,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,91,0,0] + 3 TCP 192.168.1.178:51583 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][408 pkts/30627 bytes <-> 623 pkts/906942 bytes][Goodput ratio: 12/95][1.17 sec][Hostname/SNI: www.iit.cnr.it][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.935 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/1 203/231 16/11][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 75/1456 746/1506 61/223][TLSv1.3][JA3C: df208241e7f3897d4ca38cfe68eabb21][JA3S: 2253c82f03b621c5144709b393fde2c9][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,96,0,0] + 4 TCP 192.168.1.178:51601 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][350 pkts/24993 bytes <-> 528 pkts/777348 bytes][Goodput ratio: 8/96][0.79 sec][Hostname/SNI: www.iit.cnr.it][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.938 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/1 58/58 7/6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 71/1472 746/1506 50/192][TLSv1.3][JA3C: df208241e7f3897d4ca38cfe68eabb21][JA3S: 2253c82f03b621c5144709b393fde2c9][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,98,0,0] + 5 TCP 192.168.1.178:51600 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][255 pkts/20235 bytes <-> 391 pkts/567512 bytes][Goodput ratio: 17/95][0.77 sec][Hostname/SNI: www.iit.cnr.it][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.931 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/1 77/79 9/8][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 79/1451 746/1506 74/238][TLSv1.3][JA3C: df208241e7f3897d4ca38cfe68eabb21][JA3S: 2253c82f03b621c5144709b393fde2c9][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,95,0,0] + 6 TCP 192.168.1.178:51599 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][180 pkts/14936 bytes <-> 254 pkts/367424 bytes][Goodput ratio: 20/95][0.72 sec][Hostname/SNI: www.iit.cnr.it][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.922 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/2 104/88 14/11][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 83/1447 746/1506 85/253][TLSv1.3][JA3C: df208241e7f3897d4ca38cfe68eabb21][JA3S: 2253c82f03b621c5144709b393fde2c9][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,98,0,0] diff --git a/tests/result/forticlient.pcap.out b/tests/result/forticlient.pcap.out index 92360ea5b..d149f7ce8 100644 --- a/tests/result/forticlient.pcap.out +++ b/tests/result/forticlient.pcap.out @@ -27,7 +27,7 @@ JA3 Host Stats: 1 192.168.1.178 2 - 1 TCP 192.168.1.178:61820 <-> 82.81.46.13:10443 [proto: 91.259/TLS.FortiClient][IP: 0/Unknown][Encrypted][Confidence: DPI (cache)][cat: VPN/2][1150 pkts/146555 bytes <-> 751 pkts/256436 bytes][Goodput ratio: 48/81][13.06 sec][Hostname/SNI: 82.81.46.13][bytes ratio: -0.273 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 12/19 5218/5218 173/225][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 127/341 1477/1506 88/427][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **** Malicious JA3 Fingerp. **][Risk Score: 110][Risk Info: 40adfd923eb82b89d8836ba37a19bca1 / No ALPN][TLSv1.2][JA3C: 40adfd923eb82b89d8836ba37a19bca1][JA3S: e35df3e00ca4ef31d42b34bebaa2f86e][Issuer: C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support][Subject: C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050][Certificate SHA-1: AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45][Firefox][Validity: 2016-09-12 10:06:20 - 2038-01-19 03:14:07][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,19,33,15,17,6,0,3,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 TCP 192.168.1.178:61820 <-> 82.81.46.13:10443 [proto: 91.259/TLS.FortiClient][IP: 0/Unknown][Encrypted][Confidence: DPI (cache)][cat: VPN/2][1150 pkts/146555 bytes <-> 751 pkts/256436 bytes][Goodput ratio: 48/81][13.06 sec][Hostname/SNI: 82.81.46.13][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.273 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 12/19 5218/5218 173/225][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 127/341 1477/1506 88/427][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **** Malicious JA3 Fingerp. **][Risk Score: 110][Risk Info: 40adfd923eb82b89d8836ba37a19bca1 / No ALPN][TLSv1.2][JA3C: 40adfd923eb82b89d8836ba37a19bca1][JA3S: e35df3e00ca4ef31d42b34bebaa2f86e][Issuer: C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support][Subject: C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050][Certificate SHA-1: AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45][Firefox][Validity: 2016-09-12 10:06:20 - 2038-01-19 03:14:07][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,19,33,15,17,6,0,3,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 192.168.1.178:61812 <-> 82.81.46.13:10443 [proto: 91.259/TLS.FortiClient][IP: 0/Unknown][Encrypted][Confidence: DPI (cache)][cat: VPN/2][15 pkts/1753 bytes <-> 14 pkts/7481 bytes][Goodput ratio: 43/87][1.09 sec][Hostname/SNI: 82.81.46.13][bytes ratio: -0.620 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 79/81 336/340 94/113][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 117/534 450/1506 104/626][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **][Risk Score: 60][Risk Info: No ALPN][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA3S: 0debd3853f330c574b05e0b6d882dc27][Issuer: C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support][Subject: C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050][Certificate SHA-1: AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45][Firefox][Validity: 2016-09-12 10:06:20 - 2038-01-19 03:14:07][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 16,16,0,8,0,0,8,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,8,0,0,0,0,0,0,0,0,0,25,0,0] 3 TCP 192.168.1.178:61806 <-> 82.81.46.13:10443 [proto: 91.259/TLS.FortiClient][IP: 0/Unknown][Encrypted][Confidence: DPI (cache)][cat: VPN/2][14 pkts/1462 bytes <-> 11 pkts/6959 bytes][Goodput ratio: 36/89][1.09 sec][Hostname/SNI: 82.81.46.13][bytes ratio: -0.653 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 93/89 336/401 92/145][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 104/633 269/1506 66/634][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **][Risk Score: 60][Risk Info: No ALPN][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA3S: 0debd3853f330c574b05e0b6d882dc27][Issuer: C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support][Subject: C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050][Certificate SHA-1: AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45][Firefox][Validity: 2016-09-12 10:06:20 - 2038-01-19 03:14:07][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 9,18,0,9,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,27,0,0] 4 TCP 192.168.1.178:61811 <-> 82.81.46.13:10443 [proto: 91.259/TLS.FortiClient][IP: 0/Unknown][Encrypted][Confidence: DPI (cache)][cat: VPN/2][13 pkts/1582 bytes <-> 11 pkts/3875 bytes][Goodput ratio: 45/81][1.09 sec][Hostname/SNI: 82.81.46.13][bytes ratio: -0.420 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 102/102 203/231 56/98][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 122/352 269/1506 77/487][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **][Risk Score: 60][Risk Info: No ALPN][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA3S: 0debd3853f330c574b05e0b6d882dc27][Issuer: C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support][Subject: C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050][Certificate SHA-1: AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45][Firefox][Validity: 2016-09-12 10:06:20 - 2038-01-19 03:14:07][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 10,20,0,10,10,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0] diff --git a/tests/result/http_connect.pcap.out b/tests/result/http_connect.pcap.out index 198b40d2e..653f2d565 100644 --- a/tests/result/http_connect.pcap.out +++ b/tests/result/http_connect.pcap.out @@ -15,7 +15,7 @@ Automa host: 4/0 (search/found) Automa domain: 4/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) -Automa common alpns: 0/0 (search/found) +Automa common alpns: 2/2 (search/found) Patricia risk mask: 6/0 (search/found) Patricia risk: 0/0 (search/found) Patricia protocols: 6/0 (search/found) @@ -29,6 +29,6 @@ JA3 Host Stats: 1 192.168.1.146 1 - 1 TCP 192.168.1.146:35968 <-> 151.101.2.132:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][28 pkts/3557 bytes <-> 30 pkts/32939 bytes][Goodput ratio: 48/94][0.11 sec][Hostname/SNI: apache.org][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.805 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/4 53/54 11/11][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 127/1098 583/1450 129/576][TLSv1.3][JA3C: c834494f5948ae026d160656c93c8871][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 2,2,8,8,2,0,0,0,0,0,0,0,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0] + 1 TCP 192.168.1.146:35968 <-> 151.101.2.132:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][28 pkts/3557 bytes <-> 30 pkts/32939 bytes][Goodput ratio: 48/94][0.11 sec][Hostname/SNI: apache.org][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.805 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/4 53/54 11/11][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 127/1098 583/1450 129/576][TLSv1.3][JA3C: c834494f5948ae026d160656c93c8871][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 2,2,8,8,2,0,0,0,0,0,0,0,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0] 2 TCP 192.168.1.103:1714 <-> 192.168.1.146:8080 [proto: 130/HTTP_Connect][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][18 pkts/2918 bytes <-> 22 pkts/23923 bytes][Goodput ratio: 65/95][0.11 sec][Hostname/SNI: apache.org][bytes ratio: -0.783 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/5 50/53 13/12][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 162/1087 571/5590 128/1857][URL: apache.org:443][StatusCode: 200][User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0][PLAIN TEXT (CONNECT apache.org)][Plen Bins: 4,4,20,15,4,4,4,0,0,4,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,20] 3 UDP 192.168.1.146:47767 <-> 192.168.1.2:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/97 bytes][Goodput ratio: 48/56][< 1 sec][Hostname/SNI: apache.org][151.101.2.132][PLAIN TEXT (apache)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/http_ipv6.pcap.out b/tests/result/http_ipv6.pcap.out index fee3269bd..bfccb26a0 100644 --- a/tests/result/http_ipv6.pcap.out +++ b/tests/result/http_ipv6.pcap.out @@ -17,7 +17,7 @@ Automa host: 7/7 (search/found) Automa domain: 7/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 4/0 (search/found) -Automa common alpns: 8/8 (search/found) +Automa common alpns: 24/24 (search/found) Patricia risk mask: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia protocols: 0/0 (search/found) @@ -34,12 +34,12 @@ JA3 Host Stats: 1 UDP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:45931 <-> [2a00:1450:4001:803::1017]:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][33 pkts/7741 bytes <-> 29 pkts/8236 bytes][Goodput ratio: 74/78][11.12 sec][Hostname/SNI: www.google.it][bytes ratio: -0.031 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 11/2 412/168 6008/1778 1177/366][Pkt Len c2s/s2c min/avg/max/stddev: 99/91 235/284 1412/1412 286/301][User-Agent: Chrome/46.0.2490.80 Linux x86_64][PLAIN TEXT (www.google.it)][Plen Bins: 8,54,0,0,0,1,18,4,0,0,0,0,0,0,0,1,6,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,3,0,0,0,0,0] - 2 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37506 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][14 pkts/3969 bytes <-> 12 pkts/11648 bytes][Goodput ratio: 69/91][0.43 sec][Hostname/SNI: www.ntop.org][ALPN: http/1.1;spdy/3.1;h2-14;h2][bytes ratio: -0.492 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 37/44 229/290 62/88][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 284/971 919/1514 324/539][Risk: ** TLS Cert Mismatch **][Risk Score: 100][Risk Info: www.ntop.org vs shop.ntop.org,www.shop.ntop.org][TLSv1.2][JA3C: d3e627f423a33ea41841c19b8af79293][ServerNames: shop.ntop.org,www.shop.ntop.org][JA3S: 389ed42c02ebecc32e73aa31def07e14][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA][Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org][Certificate SHA-1: FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34][Firefox][Validity: 2015-11-15 00:00:00 - 2018-11-14 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,6,0,0,6,0,6,0,0,0,0,0,0,0,0,6,0,0,6,0,0,0,6,6,6,0,0,0,0,6,0,0,0,0,6,0,6,0,0,0,0,0,28,0,0,0] - 3 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37486 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][11 pkts/1292 bytes <-> 8 pkts/5722 bytes][Goodput ratio: 26/88][0.17 sec][Hostname/SNI: www.ntop.org][ALPN: http/1.1;spdy/3.1;h2-14;h2][bytes ratio: -0.632 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/11 64/27 19/12][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 117/715 298/1514 67/608][Risk: ** TLS Cert Mismatch **][Risk Score: 100][Risk Info: www.ntop.org vs shop.ntop.org,www.shop.ntop.org][TLSv1.2][JA3C: d3e627f423a33ea41841c19b8af79293][ServerNames: shop.ntop.org,www.shop.ntop.org][JA3S: 389ed42c02ebecc32e73aa31def07e14][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA][Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org][Certificate SHA-1: FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34][Firefox][Validity: 2015-11-15 00:00:00 - 2018-11-14 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,14,0,0,14,0,14,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,28,0,0,0] - 4 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37494 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][10 pkts/1206 bytes <-> 8 pkts/5722 bytes][Goodput ratio: 28/88][0.12 sec][Hostname/SNI: www.ntop.org][ALPN: http/1.1;spdy/3.1;h2-14;h2][bytes ratio: -0.652 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/9 50/23 16/10][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 121/715 298/1514 70/608][Risk: ** TLS Cert Mismatch **][Risk Score: 100][Risk Info: www.ntop.org vs shop.ntop.org,www.shop.ntop.org][TLSv1.2][JA3C: d3e627f423a33ea41841c19b8af79293][ServerNames: shop.ntop.org,www.shop.ntop.org][JA3S: 389ed42c02ebecc32e73aa31def07e14][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA][Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org][Certificate SHA-1: FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34][Firefox][Validity: 2015-11-15 00:00:00 - 2018-11-14 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,14,0,0,14,0,14,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,28,0,0,0] - 5 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37488 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][10 pkts/1206 bytes <-> 7 pkts/5636 bytes][Goodput ratio: 28/89][0.17 sec][Hostname/SNI: www.ntop.org][ALPN: http/1.1;spdy/3.1;h2-14;h2][bytes ratio: -0.647 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/9 63/25 20/10][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 121/805 298/2754 70/929][Risk: ** TLS Cert Mismatch **][Risk Score: 100][Risk Info: www.ntop.org vs shop.ntop.org,www.shop.ntop.org][TLSv1.2][JA3C: d3e627f423a33ea41841c19b8af79293][ServerNames: shop.ntop.org,www.shop.ntop.org][JA3S: 389ed42c02ebecc32e73aa31def07e14][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA][Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org][Certificate SHA-1: FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34][Firefox][Validity: 2015-11-15 00:00:00 - 2018-11-14 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,16,0,0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,16] - 6 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53132 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/TLS.Facebook][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][7 pkts/960 bytes <-> 5 pkts/4227 bytes][Goodput ratio: 36/90][0.06 sec][Hostname/SNI: s-static.ak.facebook.com][ALPN: http/1.1;spdy/3.1;h2-14;h2][bytes ratio: -0.630 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/3 8/7 3/3][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 137/845 310/2942 83/1078][TLSv1.2][JA3C: d3e627f423a33ea41841c19b8af79293][ServerNames: *.ak.fbcdn.net,s-static.ak.fbcdn.net,igsonar.com,*.igsonar.com,ak.facebook.com,*.ak.facebook.com,*.s-static.ak.facebook.com,connect.facebook.net,s-static.ak.facebook.com][JA3S: b898351eb5e266aefd3723d466935494][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3][Subject: C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.ak.fbcdn.net][Certificate SHA-1: E7:62:76:74:8D:09:F7:E9:69:05:B8:1A:37:A1:30:2D:FF:3B:BC:0A][Firefox][Validity: 2015-08-12 00:00:00 - 2015-12-31 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,20,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20] - 7 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53134 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/TLS.Facebook][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][6 pkts/874 bytes <-> 4 pkts/4141 bytes][Goodput ratio: 40/91][0.06 sec][Hostname/SNI: s-static.ak.facebook.com][ALPN: http/1.1;spdy/3.1;h2-14;h2][bytes ratio: -0.651 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 12/5 43/8 16/3][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 146/1035 310/3633 86/1503][TLSv1.2][JA3C: d3e627f423a33ea41841c19b8af79293][ServerNames: *.ak.fbcdn.net,s-static.ak.fbcdn.net,igsonar.com,*.igsonar.com,ak.facebook.com,*.ak.facebook.com,*.s-static.ak.facebook.com,connect.facebook.net,s-static.ak.facebook.com][JA3S: b898351eb5e266aefd3723d466935494][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3][Subject: C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.ak.fbcdn.net][Certificate SHA-1: E7:62:76:74:8D:09:F7:E9:69:05:B8:1A:37:A1:30:2D:FF:3B:BC:0A][Firefox][Validity: 2015-08-12 00:00:00 - 2015-12-31 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,25,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25] + 2 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37506 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][14 pkts/3969 bytes <-> 12 pkts/11648 bytes][Goodput ratio: 69/91][0.43 sec][Hostname/SNI: www.ntop.org][(Advertised) ALPNs: http/1.1;spdy/3.1;h2-14;h2][bytes ratio: -0.492 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 37/44 229/290 62/88][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 284/971 919/1514 324/539][Risk: ** TLS Cert Mismatch **][Risk Score: 100][Risk Info: www.ntop.org vs shop.ntop.org,www.shop.ntop.org][TLSv1.2][JA3C: d3e627f423a33ea41841c19b8af79293][ServerNames: shop.ntop.org,www.shop.ntop.org][JA3S: 389ed42c02ebecc32e73aa31def07e14][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA][Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org][Certificate SHA-1: FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34][Firefox][Validity: 2015-11-15 00:00:00 - 2018-11-14 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,6,0,0,6,0,6,0,0,0,0,0,0,0,0,6,0,0,6,0,0,0,6,6,6,0,0,0,0,6,0,0,0,0,6,0,6,0,0,0,0,0,28,0,0,0] + 3 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37486 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][11 pkts/1292 bytes <-> 8 pkts/5722 bytes][Goodput ratio: 26/88][0.17 sec][Hostname/SNI: www.ntop.org][(Advertised) ALPNs: http/1.1;spdy/3.1;h2-14;h2][bytes ratio: -0.632 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/11 64/27 19/12][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 117/715 298/1514 67/608][Risk: ** TLS Cert Mismatch **][Risk Score: 100][Risk Info: www.ntop.org vs shop.ntop.org,www.shop.ntop.org][TLSv1.2][JA3C: d3e627f423a33ea41841c19b8af79293][ServerNames: shop.ntop.org,www.shop.ntop.org][JA3S: 389ed42c02ebecc32e73aa31def07e14][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA][Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org][Certificate SHA-1: FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34][Firefox][Validity: 2015-11-15 00:00:00 - 2018-11-14 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,14,0,0,14,0,14,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,28,0,0,0] + 4 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37494 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][10 pkts/1206 bytes <-> 8 pkts/5722 bytes][Goodput ratio: 28/88][0.12 sec][Hostname/SNI: www.ntop.org][(Advertised) ALPNs: http/1.1;spdy/3.1;h2-14;h2][bytes ratio: -0.652 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/9 50/23 16/10][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 121/715 298/1514 70/608][Risk: ** TLS Cert Mismatch **][Risk Score: 100][Risk Info: www.ntop.org vs shop.ntop.org,www.shop.ntop.org][TLSv1.2][JA3C: d3e627f423a33ea41841c19b8af79293][ServerNames: shop.ntop.org,www.shop.ntop.org][JA3S: 389ed42c02ebecc32e73aa31def07e14][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA][Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org][Certificate SHA-1: FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34][Firefox][Validity: 2015-11-15 00:00:00 - 2018-11-14 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,14,0,0,14,0,14,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,28,0,0,0] + 5 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37488 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][10 pkts/1206 bytes <-> 7 pkts/5636 bytes][Goodput ratio: 28/89][0.17 sec][Hostname/SNI: www.ntop.org][(Advertised) ALPNs: http/1.1;spdy/3.1;h2-14;h2][bytes ratio: -0.647 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/9 63/25 20/10][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 121/805 298/2754 70/929][Risk: ** TLS Cert Mismatch **][Risk Score: 100][Risk Info: www.ntop.org vs shop.ntop.org,www.shop.ntop.org][TLSv1.2][JA3C: d3e627f423a33ea41841c19b8af79293][ServerNames: shop.ntop.org,www.shop.ntop.org][JA3S: 389ed42c02ebecc32e73aa31def07e14][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA][Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org][Certificate SHA-1: FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34][Firefox][Validity: 2015-11-15 00:00:00 - 2018-11-14 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,16,0,0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,16] + 6 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53132 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/TLS.Facebook][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][7 pkts/960 bytes <-> 5 pkts/4227 bytes][Goodput ratio: 36/90][0.06 sec][Hostname/SNI: s-static.ak.facebook.com][(Advertised) ALPNs: http/1.1;spdy/3.1;h2-14;h2][(Negotiated) ALPN: http/1.1][bytes ratio: -0.630 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/3 8/7 3/3][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 137/845 310/2942 83/1078][TLSv1.2][JA3C: d3e627f423a33ea41841c19b8af79293][ServerNames: *.ak.fbcdn.net,s-static.ak.fbcdn.net,igsonar.com,*.igsonar.com,ak.facebook.com,*.ak.facebook.com,*.s-static.ak.facebook.com,connect.facebook.net,s-static.ak.facebook.com][JA3S: b898351eb5e266aefd3723d466935494][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3][Subject: C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.ak.fbcdn.net][Certificate SHA-1: E7:62:76:74:8D:09:F7:E9:69:05:B8:1A:37:A1:30:2D:FF:3B:BC:0A][Firefox][Validity: 2015-08-12 00:00:00 - 2015-12-31 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,20,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20] + 7 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53134 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/TLS.Facebook][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][6 pkts/874 bytes <-> 4 pkts/4141 bytes][Goodput ratio: 40/91][0.06 sec][Hostname/SNI: s-static.ak.facebook.com][(Advertised) ALPNs: http/1.1;spdy/3.1;h2-14;h2][(Negotiated) ALPN: http/1.1][bytes ratio: -0.651 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 12/5 43/8 16/3][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 146/1035 310/3633 86/1503][TLSv1.2][JA3C: d3e627f423a33ea41841c19b8af79293][ServerNames: *.ak.fbcdn.net,s-static.ak.fbcdn.net,igsonar.com,*.igsonar.com,ak.facebook.com,*.ak.facebook.com,*.s-static.ak.facebook.com,connect.facebook.net,s-static.ak.facebook.com][JA3S: b898351eb5e266aefd3723d466935494][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3][Subject: C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.ak.fbcdn.net][Certificate SHA-1: E7:62:76:74:8D:09:F7:E9:69:05:B8:1A:37:A1:30:2D:FF:3B:BC:0A][Firefox][Validity: 2015-08-12 00:00:00 - 2015-12-31 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,25,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25] 8 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:41776 <-> [2a00:1450:4001:803::1017]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][7 pkts/860 bytes <-> 7 pkts/1353 bytes][Goodput ratio: 30/55][0.12 sec][bytes ratio: -0.223 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/6 30/30 13/12][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 123/193 268/592 62/172][Plen Bins: 0,57,0,0,0,28,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 9 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:33062 <-> [2a00:1450:400b:c02::9a]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.04 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 10 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:40308 <-> [2a03:2880:1010:3f20:face:b00c::25de]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.13 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/imaps.pcap.out b/tests/result/imaps.pcap.out index f0ec62d5c..cdd206ebe 100644 --- a/tests/result/imaps.pcap.out +++ b/tests/result/imaps.pcap.out @@ -29,4 +29,4 @@ JA3 Host Stats: 1 TCP 192.168.1.8:50506 <-> 167.99.215.164:993 [proto: 51.26/IMAPS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Email/3][10 pkts/1220 bytes <-> 10 pkts/3976 bytes][Goodput ratio: 45/83][0.33 sec][Hostname/SNI: mail.ntop.org][bytes ratio: -0.530 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 33/22 77/43 26/19][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 122/398 293/1506 78/557][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: 4923a265be4d81c68ecda45bb89cdf6a][ServerNames: mail.ntop.org][JA3S: b653c251b0ee54c3088fe7bb997cf59d][Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3][Subject: CN=mail.ntop.org][Certificate SHA-1: F1:9A:35:30:96:57:5E:56:81:28:2C:D9:45:A5:83:21:9E:E8:C5:DF][Firefox][Validity: 2020-04-18 00:15:22 - 2020-07-17 00:15:22][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][PLAIN TEXT (mail.ntop.org)][Plen Bins: 0,20,10,10,20,10,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0] - 2 TCP 192.168.0.1:51529 <-> 10.10.10.1:993 [proto: 51/IMAPS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Email/3][4 pkts/1322 bytes <-> 4 pkts/3056 bytes][Goodput ratio: 78/91][0.22 sec][Hostname/SNI: imap.asia.secureserver.net][bytes ratio: -0.396 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 46/68 136/135 64/68][Pkt Len c2s/s2c min/avg/max/stddev: 78/74 330/764 583/1454 252/690][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: 66b2d7acea2c20aeeebd69c8d44089d7][JA3S: a9e3ed16ee3208291487c8d2aa2ad924][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][PLAIN TEXT (imap.asia.secureserver.net)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0] + 2 TCP 192.168.0.1:51529 <-> 10.10.10.1:993 [proto: 51/IMAPS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Email/3][4 pkts/1322 bytes <-> 4 pkts/3056 bytes][Goodput ratio: 78/91][0.22 sec][Hostname/SNI: imap.asia.secureserver.net][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.396 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 46/68 136/135 64/68][Pkt Len c2s/s2c min/avg/max/stddev: 78/74 330/764 583/1454 252/690][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: 66b2d7acea2c20aeeebd69c8d44089d7][JA3S: a9e3ed16ee3208291487c8d2aa2ad924][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][PLAIN TEXT (imap.asia.secureserver.net)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0] diff --git a/tests/result/instagram.pcap.out b/tests/result/instagram.pcap.out index bea8c7ba8..d1bfae15c 100644 --- a/tests/result/instagram.pcap.out +++ b/tests/result/instagram.pcap.out @@ -18,7 +18,7 @@ Automa host: 25/25 (search/found) Automa domain: 25/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 1/0 (search/found) -Automa common alpns: 0/0 (search/found) +Automa common alpns: 6/6 (search/found) Patricia risk mask: 70/0 (search/found) Patricia risk: 0/0 (search/found) Patricia protocols: 68/17 (search/found) @@ -36,13 +36,13 @@ JA3 Host Stats: 2 192.168.2.17 2 - 1 TCP 192.168.2.17:49355 <-> 31.13.86.52:443 [proto: 91.211/TLS.Instagram][IP: 119/Facebook][Encrypted][Confidence: DPI][cat: SocialNetwork/6][456 pkts/33086 bytes <-> 910 pkts/1277296 bytes][Goodput ratio: 9/95][14.29 sec][Hostname/SNI: scontent-mxp1-1.cdninstagram.com][ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.3 (Fizz)][bytes ratio: -0.950 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 38/1 10107/274 547/12][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 73/1404 657/1454 57/231][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: 7a29c223fb122ec64d10f0a159e07996][TLSv1.3 (Fizz)][JA3C: 7a29c223fb122ec64d10f0a159e07996][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,98,0,0,0,0] - 2 TCP 192.168.2.17:49358 <-> 31.13.86.52:443 [proto: 91.211/TLS.Instagram][IP: 119/Facebook][Encrypted][Confidence: DPI][cat: SocialNetwork/6][165 pkts/14193 bytes <-> 223 pkts/295045 bytes][Goodput ratio: 23/95][13.54 sec][Hostname/SNI: scontent-mxp1-1.cdninstagram.com][ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.3 (Fizz)][bytes ratio: -0.908 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 97/3 10201/155 909/18][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 86/1323 654/1454 101/381][TLSv1.3 (Fizz)][JA3C: 44dab16d680ef93487bc16ad23b3ffb1][JA3S: fcb2d4d0991292272fcb1e464eedfd43][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,93,0,0,0,0] - 3 TCP 192.168.2.17:49360 <-> 31.13.86.52:443 [proto: 91.211/TLS.Instagram][IP: 119/Facebook][Encrypted][Confidence: DPI][cat: SocialNetwork/6][153 pkts/11644 bytes <-> 206 pkts/284089 bytes][Goodput ratio: 13/95][2.91 sec][Hostname/SNI: scontent-mxp1-1.cdninstagram.com][ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.3 (Fizz)][bytes ratio: -0.921 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 23/0 2756/16 247/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 76/1379 592/1454 68/296][TLSv1.3 (Fizz)][JA3C: 44dab16d680ef93487bc16ad23b3ffb1][JA3S: fcb2d4d0991292272fcb1e464eedfd43][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0] - 4 TCP 192.168.2.17:49359 <-> 31.13.86.52:443 [proto: 91.211/TLS.Instagram][IP: 119/Facebook][Encrypted][Confidence: DPI][cat: SocialNetwork/6][102 pkts/9950 bytes <-> 128 pkts/160484 bytes][Goodput ratio: 32/95][13.53 sec][Hostname/SNI: scontent-mxp1-1.cdninstagram.com][ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.3 (Fizz)][bytes ratio: -0.883 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 168/2 10403/51 1193/6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 98/1254 637/1454 123/450][TLSv1.3 (Fizz)][JA3C: 44dab16d680ef93487bc16ad23b3ffb1][JA3S: fcb2d4d0991292272fcb1e464eedfd43][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,91,0,0,0,0] - 5 TCP 192.168.2.17:49361 <-> 31.13.86.52:443 [proto: 91.211/TLS.Instagram][IP: 119/Facebook][Encrypted][Confidence: DPI][cat: SocialNetwork/6][92 pkts/7098 bytes <-> 120 pkts/162114 bytes][Goodput ratio: 14/95][2.91 sec][Hostname/SNI: scontent-mxp1-1.cdninstagram.com][ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.3 (Fizz)][bytes ratio: -0.916 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 36/1 2657/131 305/13][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 77/1351 592/1454 69/348][TLSv1.3 (Fizz)][JA3C: 44dab16d680ef93487bc16ad23b3ffb1][JA3S: fcb2d4d0991292272fcb1e464eedfd43][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0] + 1 TCP 192.168.2.17:49355 <-> 31.13.86.52:443 [proto: 91.211/TLS.Instagram][IP: 119/Facebook][Encrypted][Confidence: DPI][cat: SocialNetwork/6][456 pkts/33086 bytes <-> 910 pkts/1277296 bytes][Goodput ratio: 9/95][14.29 sec][Hostname/SNI: scontent-mxp1-1.cdninstagram.com][(Advertised) ALPNs: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.3 (Fizz)][bytes ratio: -0.950 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 38/1 10107/274 547/12][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 73/1404 657/1454 57/231][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: 7a29c223fb122ec64d10f0a159e07996][TLSv1.3 (Fizz)][JA3C: 7a29c223fb122ec64d10f0a159e07996][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,98,0,0,0,0] + 2 TCP 192.168.2.17:49358 <-> 31.13.86.52:443 [proto: 91.211/TLS.Instagram][IP: 119/Facebook][Encrypted][Confidence: DPI][cat: SocialNetwork/6][165 pkts/14193 bytes <-> 223 pkts/295045 bytes][Goodput ratio: 23/95][13.54 sec][Hostname/SNI: scontent-mxp1-1.cdninstagram.com][(Advertised) ALPNs: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.3 (Fizz)][bytes ratio: -0.908 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 97/3 10201/155 909/18][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 86/1323 654/1454 101/381][TLSv1.3 (Fizz)][JA3C: 44dab16d680ef93487bc16ad23b3ffb1][JA3S: fcb2d4d0991292272fcb1e464eedfd43][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,93,0,0,0,0] + 3 TCP 192.168.2.17:49360 <-> 31.13.86.52:443 [proto: 91.211/TLS.Instagram][IP: 119/Facebook][Encrypted][Confidence: DPI][cat: SocialNetwork/6][153 pkts/11644 bytes <-> 206 pkts/284089 bytes][Goodput ratio: 13/95][2.91 sec][Hostname/SNI: scontent-mxp1-1.cdninstagram.com][(Advertised) ALPNs: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.3 (Fizz)][bytes ratio: -0.921 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 23/0 2756/16 247/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 76/1379 592/1454 68/296][TLSv1.3 (Fizz)][JA3C: 44dab16d680ef93487bc16ad23b3ffb1][JA3S: fcb2d4d0991292272fcb1e464eedfd43][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0] + 4 TCP 192.168.2.17:49359 <-> 31.13.86.52:443 [proto: 91.211/TLS.Instagram][IP: 119/Facebook][Encrypted][Confidence: DPI][cat: SocialNetwork/6][102 pkts/9950 bytes <-> 128 pkts/160484 bytes][Goodput ratio: 32/95][13.53 sec][Hostname/SNI: scontent-mxp1-1.cdninstagram.com][(Advertised) ALPNs: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.3 (Fizz)][bytes ratio: -0.883 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 168/2 10403/51 1193/6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 98/1254 637/1454 123/450][TLSv1.3 (Fizz)][JA3C: 44dab16d680ef93487bc16ad23b3ffb1][JA3S: fcb2d4d0991292272fcb1e464eedfd43][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,91,0,0,0,0] + 5 TCP 192.168.2.17:49361 <-> 31.13.86.52:443 [proto: 91.211/TLS.Instagram][IP: 119/Facebook][Encrypted][Confidence: DPI][cat: SocialNetwork/6][92 pkts/7098 bytes <-> 120 pkts/162114 bytes][Goodput ratio: 14/95][2.91 sec][Hostname/SNI: scontent-mxp1-1.cdninstagram.com][(Advertised) ALPNs: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.3 (Fizz)][bytes ratio: -0.916 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 36/1 2657/131 305/13][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 77/1351 592/1454 69/348][TLSv1.3 (Fizz)][JA3C: 44dab16d680ef93487bc16ad23b3ffb1][JA3S: fcb2d4d0991292272fcb1e464eedfd43][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0] 6 TCP 31.13.86.52:80 <-> 192.168.0.103:58216 [proto: 7/HTTP][IP: 119/Facebook][ClearText][Confidence: Match by port][cat: Web/5][103 pkts/150456 bytes <-> 47 pkts/3102 bytes][Goodput ratio: 95/0][1.71 sec][bytes ratio: 0.960 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/41 1246/1247 137/217][Pkt Len c2s/s2c min/avg/max/stddev: 1128/66 1461/66 1464/66 33/0][PLAIN TEXT (dnlN/L)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0] - 7 TCP 192.168.2.17:49357 <-> 31.13.86.52:443 [proto: 91.211/TLS.Instagram][IP: 119/Facebook][Encrypted][Confidence: DPI][cat: SocialNetwork/6][63 pkts/6340 bytes <-> 81 pkts/100966 bytes][Goodput ratio: 34/95][13.54 sec][Hostname/SNI: scontent-mxp1-1.cdninstagram.com][ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.3 (Fizz)][bytes ratio: -0.882 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 263/164 10413/10469 1493/1278][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 101/1246 663/1454 128/466][TLSv1.3 (Fizz)][JA3C: 44dab16d680ef93487bc16ad23b3ffb1][JA3S: fcb2d4d0991292272fcb1e464eedfd43][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 1,1,1,1,0,1,1,0,0,0,0,0,0,1,0,0,2,0,2,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,85,0,0,0,0] + 7 TCP 192.168.2.17:49357 <-> 31.13.86.52:443 [proto: 91.211/TLS.Instagram][IP: 119/Facebook][Encrypted][Confidence: DPI][cat: SocialNetwork/6][63 pkts/6340 bytes <-> 81 pkts/100966 bytes][Goodput ratio: 34/95][13.54 sec][Hostname/SNI: scontent-mxp1-1.cdninstagram.com][(Advertised) ALPNs: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.3 (Fizz)][bytes ratio: -0.882 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 263/164 10413/10469 1493/1278][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 101/1246 663/1454 128/466][TLSv1.3 (Fizz)][JA3C: 44dab16d680ef93487bc16ad23b3ffb1][JA3S: fcb2d4d0991292272fcb1e464eedfd43][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 1,1,1,1,0,1,1,0,0,0,0,0,0,1,0,0,2,0,2,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,85,0,0,0,0] 8 TCP 192.168.0.103:38816 <-> 46.33.70.160:80 [proto: 7.211/HTTP.Instagram][IP: 0/Unknown][ClearText][Confidence: DPI][cat: SocialNetwork/6][13 pkts/1118 bytes <-> 39 pkts/57876 bytes][Goodput ratio: 23/96][0.07 sec][Hostname/SNI: photos-h.ak.instagram.com][bytes ratio: -0.962 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/0 33/2 11/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/1484 86/1484 326/1484 69/0][URL: photos-h.ak.instagram.com/hphotos-ak-xap1/t51.2885-15/e35/10859994_1009433792434447_1627646062_n.jpg?se=7][StatusCode: 200][User-Agent: Instagram 7.1.1 Android (19/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)][PLAIN TEXT (GET /hphotos)][Plen Bins: 0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,97,0,0,0] 9 TCP 192.168.0.103:58052 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][IP: 0/Unknown][ClearText][Confidence: DPI][cat: SocialNetwork/6][37 pkts/2702 bytes <-> 38 pkts/54537 bytes][Goodput ratio: 10/95][0.09 sec][Hostname/SNI: photos-g.ak.instagram.com][bytes ratio: -0.906 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/0 62/2 11/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/396 73/1435 326/1484 42/210][URL: photos-g.ak.instagram.com/hphotos-ak-xaf1/t51.2885-15/e35/11417349_1610424452559638_1559096152_n.jpg?se=7][StatusCode: 200][User-Agent: Instagram 7.1.1 Android (19/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)][PLAIN TEXT (GET /hphotos)][Plen Bins: 0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,93,0,0,0] 10 TCP 192.168.0.103:44379 <-> 82.85.26.186:80 [proto: 7.211/HTTP.Instagram][IP: 0/Unknown][ClearText][Confidence: DPI][cat: SocialNetwork/6][41 pkts/3392 bytes <-> 40 pkts/50024 bytes][Goodput ratio: 15/95][7.88 sec][Hostname/SNI: photos-e.ak.instagram.com][bytes ratio: -0.873 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 244/12 7254/372 1261/66][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 83/1251 325/1484 56/507][URL: photos-e.ak.instagram.com/hphotos-ak-xaf1/t51.2885-15/e35/11379148_1449120228745316_607477962_n.jpg?se=7][StatusCode: 0][User-Agent: Instagram 7.1.1 Android (19/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)][PLAIN TEXT (GET /hphotos)][Plen Bins: 2,0,9,0,0,0,2,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,82,0,0,0] diff --git a/tests/result/iphone.pcap.out b/tests/result/iphone.pcap.out index 9be46b503..e7ca193ba 100644 --- a/tests/result/iphone.pcap.out +++ b/tests/result/iphone.pcap.out @@ -17,7 +17,7 @@ Automa host: 62/53 (search/found) Automa domain: 62/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 3/3 (search/found) -Automa common alpns: 13/13 (search/found) +Automa common alpns: 27/27 (search/found) Patricia risk mask: 76/0 (search/found) Patricia risk: 2/0 (search/found) Patricia protocols: 82/10 (search/found) @@ -40,20 +40,20 @@ JA3 Host Stats: 1 192.168.2.17 2 - 1 TCP 192.168.2.17:50581 <-> 17.248.185.87:443 [proto: 91.143/TLS.AppleiCloud][IP: 140/Apple][Encrypted][Confidence: DPI][cat: Web/5][56 pkts/68759 bytes <-> 21 pkts/9571 bytes][Goodput ratio: 95/85][2.03 sec][Hostname/SNI: p26-keyvalueservice.icloud.com][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.756 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 34/111 655/803 103/219][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1228/456 1506/1506 541/618][TLSv1.2][JA3C: 6fa3244afc6bb6f9fad207b6b52af26b][ServerNames: p62-keyvalueservice.icloud.com,p41-keyvalueservice.icloud.com,p97-keyvalueservice.icloud.com,p28-keyvalueservice.icloud.com,p32-keyvalueservice.icloud.com,p56-keyvalueservice.icloud.com,p33-keyvalueservice.icloud.com,p37-keyvalueservice.icloud.com,p67-keyvalueservice.icloud.com,p70-keyvalueservice.icloud.com,p63-keyvalueservice.icloud.com,p07-keyvalueservice.icloud.com,p52-keyvalueservice.icloud.com,p18-keyvalueservice.icloud.com,p21-keyvalueservice.icloud.com,p17-keyvalueservice.icloud.com,p36-keyvalueservice.icloud.com,p19-keyvalueservice.icloud.com,p26-keyvalueservice.icloud.com,p55-keyvalueservice.icloud.com,p06-keyvalueservice.icloud.com,p23-keyvalueservice.icloud.com,p65-keyvalueservice.icloud.com,p58-keyvalueservice.icloud.com,p35-keyvalueservice.icloud.com,p42-keyvalueservice.icloud.com,p12-keyvalueservice.icloud.com,p15-keyvalueservice.icloud.com,p16-keyvalueservice.icloud.com,p29-keyvalueservice.icloud.com,p39-keyvalueservice.icloud.com,p71-keyvalueservice.icloud.com,p22-keyvalueservice.icloud.com,p40-keyvalueservice.icloud.com,p11-keyvalueservice.icloud.com,p66-keyvalueservice.icloud.com,p68-keyvalueservice.icloud.com,p201-keyvalueservice.icloud.com,p10-keyvalueservice.icloud.com,p61-keyvalueservice.icloud.com,p30-keyvalueservice.icloud.com,p01-keyvalueservice.icloud.com,p14-keyvalueservice.icloud.com,p50-keyvalueservice.icloud.com,p31-keyvalueservice.icloud.com,p47-keyvalueservice.icloud.com,p48-keyvalueservice.icloud.com,p20-keyvalueservice.icloud.com,p51-keyvalueservice.icloud.com,p27-keyvalueservice.icloud.com,p49-keyvalueservice.icloud.com,p03-keyvalueservice.icloud.com,p24-keyvalueservice.icloud.com,p25-keyvalueservice.icloud.com,p08-keyvalueservice.icloud.com,p13-keyvalueservice.icloud.com,p04-keyvalueservice.icloud.com,p05-keyvalueservice.icloud.com,p02-keyvalueservice.icloud.com,p09-keyvalueservice.icloud.com,p57-keyvalueservice.icloud.com,p59-keyvalueservice.icloud.com,p64-keyvalueservice.icloud.com,p38-keyvalueservice.icloud.com,p54-keyvalueservice.icloud.com,p72-keyvalueservice.icloud.com,keyvalueservice.icloud.com,p69-keyvalueservice.icloud.com,p43-keyvalueservice.icloud.com,p45-keyvalueservice.icloud.com,p202-keyvalueservice.icloud.com,p98-keyvalueservice.icloud.com,p34-keyvalueservice.icloud.com,p44-keyvalueservice.icloud.com,p46-keyvalueservice.icloud.com,p53-keyvalueservice.icloud.com,p60-keyvalueservice.icloud.com][JA3S: 1e60202b4001a190621caa963fb76697][Issuer: CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=keyvalueservice.icloud.com, O=Apple Inc., ST=California, C=US][Certificate SHA-1: D8:84:3B:15:06:49:1C:72:C4:05:C0:F0:82:3B:43:4A:D1:8F:D5:9F][Safari][Validity: 2019-12-09 19:35:05 - 2021-01-07 19:45:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,1,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,3,0,0,0,0,0,0,0,0,0,1,90,0,0] - 2 TCP 192.168.2.17:50575 <-> 17.248.185.140:443 [proto: 91.143/TLS.AppleiCloud][IP: 140/Apple][Encrypted][Confidence: DPI][cat: Web/5][13 pkts/3193 bytes <-> 12 pkts/11035 bytes][Goodput ratio: 73/93][0.81 sec][Hostname/SNI: p26-fmfmobile.icloud.com][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.551 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 49/63 154/164 68/71][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 246/920 1224/1506 340/643][TLSv1.2][JA3C: 6fa3244afc6bb6f9fad207b6b52af26b][ServerNames: p67-fmfmobile.icloud.com,p48-fmfmobile.icloud.com,p53-fmfmobile.icloud.com,p34-fmfmobile.icloud.com,p72-fmfmobile.icloud.com,fmfmobile.icloud.com,p08-fmfmobile.icloud.com,p12-fmfmobile.icloud.com,p02-fmfmobile.icloud.com,p29-fmfmobile.icloud.com,p52-fmfmobile.icloud.com,p26-fmfmobile.icloud.com,p06-fmfmobile.icloud.com,p97-fmfmobile.icloud.com,p41-fmfmobile.icloud.com,p40-fmfmobile.icloud.com,p18-fmfmobile.icloud.com,p55-fmfmobile.icloud.com,p70-fmfmobile.icloud.com,p32-fmfmobile.icloud.com,p69-fmfmobile.icloud.com,p17-fmfmobile.icloud.com,p13-fmfmobile.icloud.com,p38-fmfmobile.icloud.com,p11-fmfmobile.icloud.com,p21-fmfmobile.icloud.com,p27-fmfmobile.icloud.com,p42-fmfmobile.icloud.com,p37-fmfmobile.icloud.com,p56-fmfmobile.icloud.com,p50-fmfmobile.icloud.com,p58-fmfmobile.icloud.com,p39-fmfmobile.icloud.com,p45-fmfmobile.icloud.com,p49-fmfmobile.icloud.com,p68-fmfmobile.icloud.com,p10-fmfmobile.icloud.com,p22-fmfmobile.icloud.com,p07-fmfmobile.icloud.com,p25-fmfmobile.icloud.com,p20-fmfmobile.icloud.com,p71-fmfmobile.icloud.com,p05-fmfmobile.icloud.com,p98-fmfmobile.icloud.com,p66-fmfmobile.icloud.com,p15-fmfmobile.icloud.com,p16-fmfmobile.icloud.com,p44-fmfmobile.icloud.com,p04-fmfmobile.icloud.com,p09-fmfmobile.icloud.com,p23-fmfmobile.icloud.com,p61-fmfmobile.icloud.com,p30-fmfmobile.icloud.com,p46-fmfmobile.icloud.com,p60-fmfmobile.icloud.com,p43-fmfmobile.icloud.com,p57-fmfmobile.icloud.com,p14-fmfmobile.icloud.com,p03-fmfmobile.icloud.com,p36-fmfmobile.icloud.com,p64-fmfmobile.icloud.com,p28-fmfmobile.icloud.com,p24-fmfmobile.icloud.com,p202-fmfmobile.icloud.com,p01-fmfmobile.icloud.com,p62-fmfmobile.icloud.com,p47-fmfmobile.icloud.com,p35-fmfmobile.icloud.com,p65-fmfmobile.icloud.com,p31-fmfmobile.icloud.com,p63-fmfmobile.icloud.com,p19-fmfmobile.icloud.com,p33-fmfmobile.icloud.com,p51-fmfmobile.icloud.com,p54-fmfmobile.icloud.com,p59-fmfmobile.icloud.com,p201-fmfmobile.icloud.com][JA3S: 1e60202b4001a190621caa963fb76697][Issuer: CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=fmfmobile.icloud.com, O=Apple Inc., ST=California, C=US][Certificate SHA-1: FF:C3:9F:1A:A1:3C:D2:3C:06:96:EC:49:B4:97:A9:D3:DA:05:A3:E2][Safari][Validity: 2019-12-09 19:44:02 - 2021-01-07 19:54:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,7,7,7,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,48,0,0] - 3 TCP 192.168.2.17:50580 <-> 17.248.176.75:443 [proto: 91.143/TLS.AppleiCloud][IP: 140/Apple][Encrypted][Confidence: DPI][cat: Web/5][25 pkts/5755 bytes <-> 20 pkts/8110 bytes][Goodput ratio: 71/84][2.03 sec][Hostname/SNI: gateway.icloud.com][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.170 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 86/55 651/521 172/132][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 230/406 1128/1506 292/508][TLSv1.2][JA3C: 6fa3244afc6bb6f9fad207b6b52af26b][ServerNames: gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com][JA3S: 1e60202b4001a190621caa963fb76697][Issuer: CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US][Certificate SHA-1: D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE][Safari][Validity: 2019-10-08 18:46:14 - 2020-11-06 18:56:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,32,8,0,8,4,0,0,0,0,0,8,0,0,0,0,8,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,12,0,0] - 4 TCP 192.168.2.17:50587 <-> 92.123.77.26:443 [proto: 91.145/TLS.AppleiTunes][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Streaming/17][19 pkts/4724 bytes <-> 15 pkts/7108 bytes][Goodput ratio: 73/86][0.49 sec][Hostname/SNI: play.itunes.apple.com][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.201 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/17 146/147 52/42][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 249/474 1506/1506 367/538][TLSv1.3][JA3C: 6fa3244afc6bb6f9fad207b6b52af26b][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 5,23,11,0,0,0,0,0,11,0,0,0,5,0,0,5,5,0,0,0,0,0,0,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,16,0,0] - 5 TCP 192.168.2.17:50588 <-> 95.101.24.53:443 [proto: 91.145/TLS.AppleiTunes][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Streaming/17][16 pkts/3753 bytes <-> 12 pkts/7714 bytes][Goodput ratio: 72/90][0.17 sec][Hostname/SNI: sync.itunes.apple.com][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.345 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/10 37/56 15/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 235/643 1506/1506 366/607][TLSv1.3][JA3C: 6fa3244afc6bb6f9fad207b6b52af26b][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 6,18,12,0,0,0,0,0,12,0,0,0,0,0,0,6,6,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,25,0,0] - 6 TCP 192.168.2.17:50576 <-> 95.101.25.53:443 [proto: 91.140/TLS.Apple][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][15 pkts/2056 bytes <-> 12 pkts/8828 bytes][Goodput ratio: 49/91][0.38 sec][Hostname/SNI: gspe35-ssl.ls.apple.com][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.622 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/22 36/80 13/32][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 137/736 583/1506 158/574][TLSv1.3][JA3C: 55271a105172d5f225e4704755b9b250][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,7,0,0,0,7,0,31,0,0,0,0,7,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,15,0,0,0,0,15,0,0] - 7 TCP 192.168.2.17:50584 <-> 17.248.176.75:443 [proto: 91.143/TLS.AppleiCloud][IP: 140/Apple][Encrypted][Confidence: DPI][cat: Web/5][18 pkts/3421 bytes <-> 14 pkts/6608 bytes][Goodput ratio: 65/86][1.06 sec][Hostname/SNI: gateway.icloud.com][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.318 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 37/19 167/155 58/46][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 190/472 1084/1506 257/577][TLSv1.2][JA3C: 6fa3244afc6bb6f9fad207b6b52af26b][ServerNames: gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com][JA3S: 1e60202b4001a190621caa963fb76697][Issuer: CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US][Certificate SHA-1: D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE][Safari][Validity: 2019-10-08 18:46:14 - 2020-11-06 18:56:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,43,11,0,0,0,0,0,0,0,0,0,5,0,0,0,11,0,0,0,0,5,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0] - 8 TCP 192.168.2.17:50586 <-> 17.248.176.75:443 [proto: 91.143/TLS.AppleiCloud][IP: 140/Apple][Encrypted][Confidence: DPI][cat: Web/5][17 pkts/3443 bytes <-> 13 pkts/6470 bytes][Goodput ratio: 67/87][0.54 sec][Hostname/SNI: gateway.icloud.com][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.305 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 38/20 162/160 58/48][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 203/498 1084/1506 268/585][TLSv1.2][JA3C: 6fa3244afc6bb6f9fad207b6b52af26b][ServerNames: gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com][JA3S: 1e60202b4001a190621caa963fb76697][Issuer: CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US][Certificate SHA-1: D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE][Safari][Validity: 2019-10-08 18:46:14 - 2020-11-06 18:56:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,43,11,0,0,0,0,0,0,0,0,0,0,0,5,0,11,0,0,5,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0] - 9 TCP 192.168.2.17:50583 <-> 104.73.61.30:443 [proto: 91.140/TLS.Apple][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][7 pkts/1003 bytes <-> 7 pkts/6968 bytes][Goodput ratio: 51/93][0.19 sec][Hostname/SNI: cl4.apple.com][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.748 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 38/9 123/46 46/18][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 143/995 583/1506 180/593][TLSv1.3][JA3C: 6fa3244afc6bb6f9fad207b6b52af26b][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,16,0,0,0,0,0,0,33,0,0] - 10 TCP 192.168.2.17:50579 <-> 17.253.105.202:443 [proto: 91.140/TLS.Apple][IP: 140/Apple][Encrypted][Confidence: DPI][cat: Web/5][12 pkts/1803 bytes <-> 8 pkts/5395 bytes][Goodput ratio: 55/90][2.30 sec][Hostname/SNI: mesu.apple.com][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.499 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 217/22 1961/130 583/48][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 150/674 583/1506 169/571][TLSv1.3][JA3C: 6fa3244afc6bb6f9fad207b6b52af26b][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Safari][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 10,0,10,0,0,0,0,0,20,0,10,0,10,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,20,0,0] - 11 TCP 192.168.2.17:50578 <-> 17.253.105.202:443 [proto: 91.140/TLS.Apple][IP: 140/Apple][Encrypted][Confidence: DPI][cat: Web/5][12 pkts/1781 bytes <-> 8 pkts/5395 bytes][Goodput ratio: 55/90][2.30 sec][Hostname/SNI: mesu.apple.com][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.504 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 227/22 1825/131 537/49][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 148/674 583/1506 166/571][TLSv1.3][JA3C: 6fa3244afc6bb6f9fad207b6b52af26b][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Safari][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 10,0,10,0,0,0,0,0,20,0,10,10,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,20,0,0] - 12 TCP 192.168.2.17:50582 <-> 92.122.252.82:443 [proto: 91.140/TLS.Apple][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][6 pkts/925 bytes <-> 6 pkts/5702 bytes][Goodput ratio: 56/93][0.17 sec][Hostname/SNI: iphone-ld.apple.com][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.721 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 42/25 122/123 49/49][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 154/950 583/1506 192/630][TLSv1.3][JA3C: 6fa3244afc6bb6f9fad207b6b52af26b][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,20,0,0,0,0,0,0,40,0,0] - 13 TCP 192.168.2.17:50577 <-> 17.130.2.46:443 [proto: 91.140/TLS.Apple][IP: 140/Apple][Encrypted][Confidence: DPI][cat: Web/5][10 pkts/1721 bytes <-> 8 pkts/4801 bytes][Goodput ratio: 61/89][0.67 sec][Hostname/SNI: gsp85-ssl.ls.apple.com][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.472 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 81/52 171/161 80/73][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 172/600 583/1506 165/572][TLSv1.2][JA3C: 55271a105172d5f225e4704755b9b250][ServerNames: *.ls.apple.com][JA3S: 4ef1b297bb817d8212165a86308bac5f][Issuer: CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=*.ls.apple.com, OU=management:idms.group.576486, O=Apple Inc., ST=California, C=US][Certificate SHA-1: E4:85:25:4C:99:F8:FB:66:49:4B:80:64:5E:63:2A:75:9B:8F:C3:51][Safari][Validity: 2019-03-15 23:17:29 - 2021-04-13 23:17:29][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,11,0,11,0,0,0,11,11,0,0,11,0,0,0,11,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0] - 14 TCP 192.168.2.17:50585 <-> 17.137.166.35:443 [proto: 91.140/TLS.Apple][IP: 140/Apple][Encrypted][Confidence: DPI][cat: Web/5][6 pkts/1051 bytes <-> 6 pkts/4246 bytes][Goodput ratio: 61/90][1.05 sec][Hostname/SNI: gsa.apple.com][ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.603 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 132/52 322/206 138/89][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 175/708 583/1506 188/647][TLSv1.2][JA3C: 6fa3244afc6bb6f9fad207b6b52af26b][ServerNames: gsas.apple.com,gsa.apple.com][JA3S: c4b2785a87896e19d37eee932070cb22][Issuer: CN=Apple Server Authentication CA, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=gsa.apple.com, O=Apple Inc., ST=California, C=US][Certificate SHA-1: D4:EF:5E:AD:7F:D5:13:5B:9F:B2:B9:84:19:75:BB:ED:53:FB:18:D6][Safari][Validity: 2019-03-07 00:55:40 - 2020-04-05 00:55:40][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0] + 1 TCP 192.168.2.17:50581 <-> 17.248.185.87:443 [proto: 91.143/TLS.AppleiCloud][IP: 140/Apple][Encrypted][Confidence: DPI][cat: Web/5][56 pkts/68759 bytes <-> 21 pkts/9571 bytes][Goodput ratio: 95/85][2.03 sec][Hostname/SNI: p26-keyvalueservice.icloud.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.756 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 34/111 655/803 103/219][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1228/456 1506/1506 541/618][TLSv1.2][JA3C: 6fa3244afc6bb6f9fad207b6b52af26b][ServerNames: p62-keyvalueservice.icloud.com,p41-keyvalueservice.icloud.com,p97-keyvalueservice.icloud.com,p28-keyvalueservice.icloud.com,p32-keyvalueservice.icloud.com,p56-keyvalueservice.icloud.com,p33-keyvalueservice.icloud.com,p37-keyvalueservice.icloud.com,p67-keyvalueservice.icloud.com,p70-keyvalueservice.icloud.com,p63-keyvalueservice.icloud.com,p07-keyvalueservice.icloud.com,p52-keyvalueservice.icloud.com,p18-keyvalueservice.icloud.com,p21-keyvalueservice.icloud.com,p17-keyvalueservice.icloud.com,p36-keyvalueservice.icloud.com,p19-keyvalueservice.icloud.com,p26-keyvalueservice.icloud.com,p55-keyvalueservice.icloud.com,p06-keyvalueservice.icloud.com,p23-keyvalueservice.icloud.com,p65-keyvalueservice.icloud.com,p58-keyvalueservice.icloud.com,p35-keyvalueservice.icloud.com,p42-keyvalueservice.icloud.com,p12-keyvalueservice.icloud.com,p15-keyvalueservice.icloud.com,p16-keyvalueservice.icloud.com,p29-keyvalueservice.icloud.com,p39-keyvalueservice.icloud.com,p71-keyvalueservice.icloud.com,p22-keyvalueservice.icloud.com,p40-keyvalueservice.icloud.com,p11-keyvalueservice.icloud.com,p66-keyvalueservice.icloud.com,p68-keyvalueservice.icloud.com,p201-keyvalueservice.icloud.com,p10-keyvalueservice.icloud.com,p61-keyvalueservice.icloud.com,p30-keyvalueservice.icloud.com,p01-keyvalueservice.icloud.com,p14-keyvalueservice.icloud.com,p50-keyvalueservice.icloud.com,p31-keyvalueservice.icloud.com,p47-keyvalueservice.icloud.com,p48-keyvalueservice.icloud.com,p20-keyvalueservice.icloud.com,p51-keyvalueservice.icloud.com,p27-keyvalueservice.icloud.com,p49-keyvalueservice.icloud.com,p03-keyvalueservice.icloud.com,p24-keyvalueservice.icloud.com,p25-keyvalueservice.icloud.com,p08-keyvalueservice.icloud.com,p13-keyvalueservice.icloud.com,p04-keyvalueservice.icloud.com,p05-keyvalueservice.icloud.com,p02-keyvalueservice.icloud.com,p09-keyvalueservice.icloud.com,p57-keyvalueservice.icloud.com,p59-keyvalueservice.icloud.com,p64-keyvalueservice.icloud.com,p38-keyvalueservice.icloud.com,p54-keyvalueservice.icloud.com,p72-keyvalueservice.icloud.com,keyvalueservice.icloud.com,p69-keyvalueservice.icloud.com,p43-keyvalueservice.icloud.com,p45-keyvalueservice.icloud.com,p202-keyvalueservice.icloud.com,p98-keyvalueservice.icloud.com,p34-keyvalueservice.icloud.com,p44-keyvalueservice.icloud.com,p46-keyvalueservice.icloud.com,p53-keyvalueservice.icloud.com,p60-keyvalueservice.icloud.com][JA3S: 1e60202b4001a190621caa963fb76697][Issuer: CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=keyvalueservice.icloud.com, O=Apple Inc., ST=California, C=US][Certificate SHA-1: D8:84:3B:15:06:49:1C:72:C4:05:C0:F0:82:3B:43:4A:D1:8F:D5:9F][Safari][Validity: 2019-12-09 19:35:05 - 2021-01-07 19:45:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,1,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,3,0,0,0,0,0,0,0,0,0,1,90,0,0] + 2 TCP 192.168.2.17:50575 <-> 17.248.185.140:443 [proto: 91.143/TLS.AppleiCloud][IP: 140/Apple][Encrypted][Confidence: DPI][cat: Web/5][13 pkts/3193 bytes <-> 12 pkts/11035 bytes][Goodput ratio: 73/93][0.81 sec][Hostname/SNI: p26-fmfmobile.icloud.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.551 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 49/63 154/164 68/71][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 246/920 1224/1506 340/643][TLSv1.2][JA3C: 6fa3244afc6bb6f9fad207b6b52af26b][ServerNames: p67-fmfmobile.icloud.com,p48-fmfmobile.icloud.com,p53-fmfmobile.icloud.com,p34-fmfmobile.icloud.com,p72-fmfmobile.icloud.com,fmfmobile.icloud.com,p08-fmfmobile.icloud.com,p12-fmfmobile.icloud.com,p02-fmfmobile.icloud.com,p29-fmfmobile.icloud.com,p52-fmfmobile.icloud.com,p26-fmfmobile.icloud.com,p06-fmfmobile.icloud.com,p97-fmfmobile.icloud.com,p41-fmfmobile.icloud.com,p40-fmfmobile.icloud.com,p18-fmfmobile.icloud.com,p55-fmfmobile.icloud.com,p70-fmfmobile.icloud.com,p32-fmfmobile.icloud.com,p69-fmfmobile.icloud.com,p17-fmfmobile.icloud.com,p13-fmfmobile.icloud.com,p38-fmfmobile.icloud.com,p11-fmfmobile.icloud.com,p21-fmfmobile.icloud.com,p27-fmfmobile.icloud.com,p42-fmfmobile.icloud.com,p37-fmfmobile.icloud.com,p56-fmfmobile.icloud.com,p50-fmfmobile.icloud.com,p58-fmfmobile.icloud.com,p39-fmfmobile.icloud.com,p45-fmfmobile.icloud.com,p49-fmfmobile.icloud.com,p68-fmfmobile.icloud.com,p10-fmfmobile.icloud.com,p22-fmfmobile.icloud.com,p07-fmfmobile.icloud.com,p25-fmfmobile.icloud.com,p20-fmfmobile.icloud.com,p71-fmfmobile.icloud.com,p05-fmfmobile.icloud.com,p98-fmfmobile.icloud.com,p66-fmfmobile.icloud.com,p15-fmfmobile.icloud.com,p16-fmfmobile.icloud.com,p44-fmfmobile.icloud.com,p04-fmfmobile.icloud.com,p09-fmfmobile.icloud.com,p23-fmfmobile.icloud.com,p61-fmfmobile.icloud.com,p30-fmfmobile.icloud.com,p46-fmfmobile.icloud.com,p60-fmfmobile.icloud.com,p43-fmfmobile.icloud.com,p57-fmfmobile.icloud.com,p14-fmfmobile.icloud.com,p03-fmfmobile.icloud.com,p36-fmfmobile.icloud.com,p64-fmfmobile.icloud.com,p28-fmfmobile.icloud.com,p24-fmfmobile.icloud.com,p202-fmfmobile.icloud.com,p01-fmfmobile.icloud.com,p62-fmfmobile.icloud.com,p47-fmfmobile.icloud.com,p35-fmfmobile.icloud.com,p65-fmfmobile.icloud.com,p31-fmfmobile.icloud.com,p63-fmfmobile.icloud.com,p19-fmfmobile.icloud.com,p33-fmfmobile.icloud.com,p51-fmfmobile.icloud.com,p54-fmfmobile.icloud.com,p59-fmfmobile.icloud.com,p201-fmfmobile.icloud.com][JA3S: 1e60202b4001a190621caa963fb76697][Issuer: CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=fmfmobile.icloud.com, O=Apple Inc., ST=California, C=US][Certificate SHA-1: FF:C3:9F:1A:A1:3C:D2:3C:06:96:EC:49:B4:97:A9:D3:DA:05:A3:E2][Safari][Validity: 2019-12-09 19:44:02 - 2021-01-07 19:54:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,7,7,7,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,48,0,0] + 3 TCP 192.168.2.17:50580 <-> 17.248.176.75:443 [proto: 91.143/TLS.AppleiCloud][IP: 140/Apple][Encrypted][Confidence: DPI][cat: Web/5][25 pkts/5755 bytes <-> 20 pkts/8110 bytes][Goodput ratio: 71/84][2.03 sec][Hostname/SNI: gateway.icloud.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.170 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 86/55 651/521 172/132][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 230/406 1128/1506 292/508][TLSv1.2][JA3C: 6fa3244afc6bb6f9fad207b6b52af26b][ServerNames: gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com][JA3S: 1e60202b4001a190621caa963fb76697][Issuer: CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US][Certificate SHA-1: D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE][Safari][Validity: 2019-10-08 18:46:14 - 2020-11-06 18:56:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,32,8,0,8,4,0,0,0,0,0,8,0,0,0,0,8,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,12,0,0] + 4 TCP 192.168.2.17:50587 <-> 92.123.77.26:443 [proto: 91.145/TLS.AppleiTunes][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Streaming/17][19 pkts/4724 bytes <-> 15 pkts/7108 bytes][Goodput ratio: 73/86][0.49 sec][Hostname/SNI: play.itunes.apple.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.201 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/17 146/147 52/42][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 249/474 1506/1506 367/538][TLSv1.3][JA3C: 6fa3244afc6bb6f9fad207b6b52af26b][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 5,23,11,0,0,0,0,0,11,0,0,0,5,0,0,5,5,0,0,0,0,0,0,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,16,0,0] + 5 TCP 192.168.2.17:50588 <-> 95.101.24.53:443 [proto: 91.145/TLS.AppleiTunes][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Streaming/17][16 pkts/3753 bytes <-> 12 pkts/7714 bytes][Goodput ratio: 72/90][0.17 sec][Hostname/SNI: sync.itunes.apple.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.345 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/10 37/56 15/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 235/643 1506/1506 366/607][TLSv1.3][JA3C: 6fa3244afc6bb6f9fad207b6b52af26b][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 6,18,12,0,0,0,0,0,12,0,0,0,0,0,0,6,6,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,25,0,0] + 6 TCP 192.168.2.17:50576 <-> 95.101.25.53:443 [proto: 91.140/TLS.Apple][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][15 pkts/2056 bytes <-> 12 pkts/8828 bytes][Goodput ratio: 49/91][0.38 sec][Hostname/SNI: gspe35-ssl.ls.apple.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.622 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/22 36/80 13/32][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 137/736 583/1506 158/574][TLSv1.3][JA3C: 55271a105172d5f225e4704755b9b250][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,7,0,0,0,7,0,31,0,0,0,0,7,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,15,0,0,0,0,15,0,0] + 7 TCP 192.168.2.17:50584 <-> 17.248.176.75:443 [proto: 91.143/TLS.AppleiCloud][IP: 140/Apple][Encrypted][Confidence: DPI][cat: Web/5][18 pkts/3421 bytes <-> 14 pkts/6608 bytes][Goodput ratio: 65/86][1.06 sec][Hostname/SNI: gateway.icloud.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.318 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 37/19 167/155 58/46][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 190/472 1084/1506 257/577][TLSv1.2][JA3C: 6fa3244afc6bb6f9fad207b6b52af26b][ServerNames: gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com][JA3S: 1e60202b4001a190621caa963fb76697][Issuer: CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US][Certificate SHA-1: D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE][Safari][Validity: 2019-10-08 18:46:14 - 2020-11-06 18:56:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,43,11,0,0,0,0,0,0,0,0,0,5,0,0,0,11,0,0,0,0,5,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0] + 8 TCP 192.168.2.17:50586 <-> 17.248.176.75:443 [proto: 91.143/TLS.AppleiCloud][IP: 140/Apple][Encrypted][Confidence: DPI][cat: Web/5][17 pkts/3443 bytes <-> 13 pkts/6470 bytes][Goodput ratio: 67/87][0.54 sec][Hostname/SNI: gateway.icloud.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.305 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 38/20 162/160 58/48][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 203/498 1084/1506 268/585][TLSv1.2][JA3C: 6fa3244afc6bb6f9fad207b6b52af26b][ServerNames: gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com][JA3S: 1e60202b4001a190621caa963fb76697][Issuer: CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US][Certificate SHA-1: D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE][Safari][Validity: 2019-10-08 18:46:14 - 2020-11-06 18:56:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,43,11,0,0,0,0,0,0,0,0,0,0,0,5,0,11,0,0,5,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0] + 9 TCP 192.168.2.17:50583 <-> 104.73.61.30:443 [proto: 91.140/TLS.Apple][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][7 pkts/1003 bytes <-> 7 pkts/6968 bytes][Goodput ratio: 51/93][0.19 sec][Hostname/SNI: cl4.apple.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.748 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 38/9 123/46 46/18][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 143/995 583/1506 180/593][TLSv1.3][JA3C: 6fa3244afc6bb6f9fad207b6b52af26b][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,16,0,0,0,0,0,0,33,0,0] + 10 TCP 192.168.2.17:50579 <-> 17.253.105.202:443 [proto: 91.140/TLS.Apple][IP: 140/Apple][Encrypted][Confidence: DPI][cat: Web/5][12 pkts/1803 bytes <-> 8 pkts/5395 bytes][Goodput ratio: 55/90][2.30 sec][Hostname/SNI: mesu.apple.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.499 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 217/22 1961/130 583/48][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 150/674 583/1506 169/571][TLSv1.3][JA3C: 6fa3244afc6bb6f9fad207b6b52af26b][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Safari][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 10,0,10,0,0,0,0,0,20,0,10,0,10,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,20,0,0] + 11 TCP 192.168.2.17:50578 <-> 17.253.105.202:443 [proto: 91.140/TLS.Apple][IP: 140/Apple][Encrypted][Confidence: DPI][cat: Web/5][12 pkts/1781 bytes <-> 8 pkts/5395 bytes][Goodput ratio: 55/90][2.30 sec][Hostname/SNI: mesu.apple.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.504 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 227/22 1825/131 537/49][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 148/674 583/1506 166/571][TLSv1.3][JA3C: 6fa3244afc6bb6f9fad207b6b52af26b][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Safari][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 10,0,10,0,0,0,0,0,20,0,10,10,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,20,0,0] + 12 TCP 192.168.2.17:50582 <-> 92.122.252.82:443 [proto: 91.140/TLS.Apple][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][6 pkts/925 bytes <-> 6 pkts/5702 bytes][Goodput ratio: 56/93][0.17 sec][Hostname/SNI: iphone-ld.apple.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.721 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 42/25 122/123 49/49][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 154/950 583/1506 192/630][TLSv1.3][JA3C: 6fa3244afc6bb6f9fad207b6b52af26b][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,20,0,0,0,0,0,0,40,0,0] + 13 TCP 192.168.2.17:50577 <-> 17.130.2.46:443 [proto: 91.140/TLS.Apple][IP: 140/Apple][Encrypted][Confidence: DPI][cat: Web/5][10 pkts/1721 bytes <-> 8 pkts/4801 bytes][Goodput ratio: 61/89][0.67 sec][Hostname/SNI: gsp85-ssl.ls.apple.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.472 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 81/52 171/161 80/73][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 172/600 583/1506 165/572][TLSv1.2][JA3C: 55271a105172d5f225e4704755b9b250][ServerNames: *.ls.apple.com][JA3S: 4ef1b297bb817d8212165a86308bac5f][Issuer: CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=*.ls.apple.com, OU=management:idms.group.576486, O=Apple Inc., ST=California, C=US][Certificate SHA-1: E4:85:25:4C:99:F8:FB:66:49:4B:80:64:5E:63:2A:75:9B:8F:C3:51][Safari][Validity: 2019-03-15 23:17:29 - 2021-04-13 23:17:29][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,11,0,11,0,0,0,11,11,0,0,11,0,0,0,11,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0] + 14 TCP 192.168.2.17:50585 <-> 17.137.166.35:443 [proto: 91.140/TLS.Apple][IP: 140/Apple][Encrypted][Confidence: DPI][cat: Web/5][6 pkts/1051 bytes <-> 6 pkts/4246 bytes][Goodput ratio: 61/90][1.05 sec][Hostname/SNI: gsa.apple.com][(Advertised) ALPNs: http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.603 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 132/52 322/206 138/89][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 175/708 583/1506 188/647][TLSv1.2][JA3C: 6fa3244afc6bb6f9fad207b6b52af26b][ServerNames: gsas.apple.com,gsa.apple.com][JA3S: c4b2785a87896e19d37eee932070cb22][Issuer: CN=Apple Server Authentication CA, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=gsa.apple.com, O=Apple Inc., ST=California, C=US][Certificate SHA-1: D4:EF:5E:AD:7F:D5:13:5B:9F:B2:B9:84:19:75:BB:ED:53:FB:18:D6][Safari][Validity: 2019-03-07 00:55:40 - 2020-04-05 00:55:40][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0] 15 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][7 pkts/2394 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][43.15 sec][Hostname/SNI: lucas-imac][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1022/0 7191/0 8962/0 2834/0][Pkt Len c2s/s2c min/avg/max/stddev: 342/0 342/0 342/0 0/0][DHCP Fingerprint: 1,121,3,6,15,119,252,95,44,46][PLAIN TEXT (iPhone)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 16 UDP 169.254.225.216:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][4 pkts/2123 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][33.08 sec][Hostname/SNI: luca???s_imac._odisk._tcp.local][luca???s_imac._odisk._tcp.local][Risk: ** Text With Non-Printable Chars **][Risk Score: 100][PLAIN TEXT (s iMac)][Plen Bins: 0,25,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0] 17 UDP 192.168.2.1:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][4 pkts/2094 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][33.08 sec][Hostname/SNI: luca???s_imac._odisk._tcp.local][luca???s_imac._odisk._tcp.local][Risk: ** Text With Non-Printable Chars **][Risk Score: 100][PLAIN TEXT (s iMac)][Plen Bins: 0,25,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/line.pcap.out b/tests/result/line.pcap.out index ea900cb40..b562d580e 100644 --- a/tests/result/line.pcap.out +++ b/tests/result/line.pcap.out @@ -30,7 +30,7 @@ JA3 Host Stats: 1 UDP 10.200.3.125:51161 <-> 147.92.169.90:29070 [proto: 316/LineCall][IP: 315/Line][Encrypted][Confidence: DPI][cat: VoIP/10][11410 pkts/9936925 bytes <-> 12995 pkts/10340033 bytes][Goodput ratio: 95/95][70.07 sec][bytes ratio: -0.020 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/4 225/7269 8/71][Pkt Len c2s/s2c min/avg/max/stddev: 62/62 871/796 1098/1096 304/374][Plen Bins: 1,17,15,23,1,1,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,5,21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 2 TCP 10.200.3.125:58160 <-> 147.92.242.232:443 [proto: 91.315/TLS.Line][IP: 315/Line][Encrypted][Confidence: DPI][cat: Chat/9][16 pkts/4057 bytes <-> 21 pkts/5423 bytes][Goodput ratio: 78/78][70.05 sec][Hostname/SNI: uts-front.line-apps.com][bytes ratio: -0.144 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 5755/2607 29999/29999 11001/7538][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 254/258 627/1514 230/419][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: ca75ea4a95a9164cc96e372d7d075183][ServerNames: *.line-apps.com,line-apps.com][JA3S: 567bb420d39046dbfd1f68b558d86382][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018][Subject: C=JP, ST=Tokyo-to, L=Shinjuku-ku, O=LINE Corporation, CN=*.line-apps.com][Certificate SHA-1: 3C:37:D7:AB:BE:E6:5A:A5:BE:14:62:C8:21:8C:BC:E3:3E:A8:3E:96][Firefox][Validity: 2020-08-17 06:21:02 - 2022-11-13 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 5,15,5,0,0,15,0,0,5,15,5,0,0,0,0,0,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0] + 2 TCP 10.200.3.125:58160 <-> 147.92.242.232:443 [proto: 91.315/TLS.Line][IP: 315/Line][Encrypted][Confidence: DPI][cat: Chat/9][16 pkts/4057 bytes <-> 21 pkts/5423 bytes][Goodput ratio: 78/78][70.05 sec][Hostname/SNI: uts-front.line-apps.com][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1][bytes ratio: -0.144 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 5755/2607 29999/29999 11001/7538][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 254/258 627/1514 230/419][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: ca75ea4a95a9164cc96e372d7d075183][ServerNames: *.line-apps.com,line-apps.com][JA3S: 567bb420d39046dbfd1f68b558d86382][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018][Subject: C=JP, ST=Tokyo-to, L=Shinjuku-ku, O=LINE Corporation, CN=*.line-apps.com][Certificate SHA-1: 3C:37:D7:AB:BE:E6:5A:A5:BE:14:62:C8:21:8C:BC:E3:3E:A8:3E:96][Firefox][Validity: 2020-08-17 06:21:02 - 2022-11-13 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 5,15,5,0,0,15,0,0,5,15,5,0,0,0,0,0,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0] 3 UDP 10.0.2.15:50835 <-> 125.209.252.210:20610 [proto: 316/LineCall][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: VoIP/10][28 pkts/5296 bytes <-> 22 pkts/3942 bytes][Goodput ratio: 78/77][1.93 sec][bytes ratio: 0.147 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 64/59 602/533 152/133][Pkt Len c2s/s2c min/avg/max/stddev: 72/78 189/179 914/782 220/158][Plen Bins: 2,58,4,0,4,8,2,6,6,2,0,2,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 4 TCP 10.200.3.125:57841 <-> 147.92.165.194:443 [proto: 91/TLS][IP: 315/Line][Encrypted][Confidence: DPI][cat: Web/5][30 pkts/3436 bytes <-> 41 pkts/4871 bytes][Goodput ratio: 53/51][85.95 sec][bytes ratio: -0.173 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 34/0 1072/694 14545/14632 3030/2503][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 115/119 350/388 54/101][Plen Bins: 0,52,10,15,0,5,2,0,5,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 5 UDP 10.200.3.125:51170 <-> 147.92.169.90:29070 [proto: 316/LineCall][IP: 315/Line][Encrypted][Confidence: DPI][cat: VoIP/10][5 pkts/898 bytes <-> 5 pkts/1046 bytes][Goodput ratio: 77/80][8.07 sec][bytes ratio: -0.076 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1999/1999 2009/2009 2038/2037 17/16][Pkt Len c2s/s2c min/avg/max/stddev: 174/198 180/209 202/254 11/22][Plen Bins: 0,0,0,0,80,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/long_tls_certificate.pcap.out b/tests/result/long_tls_certificate.pcap.out index 706453904..65f32e564 100644 --- a/tests/result/long_tls_certificate.pcap.out +++ b/tests/result/long_tls_certificate.pcap.out @@ -26,4 +26,4 @@ JA3 Host Stats: 1 192.168.1.60 1 - 1 TCP 192.168.1.60:55333 <-> 106.15.100.123:443 [proto: 91.274/TLS.Alibaba][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][24 pkts/2429 bytes <-> 23 pkts/12383 bytes][Goodput ratio: 44/89][1.86 sec][Hostname/SNI: beacon-api.aliyuncs.com][ALPN: h2;http/1.1][bytes ratio: -0.672 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 74/62 370/360 133/111][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 101/538 571/1506 104/641][TLSv1.2][JA3C: 2a26b1a62e40d25d4de3babc9d532f30][ServerNames: *.aliyun.com,manager.channel.aliyun.com,*.ace.aliyun.com,*.acs-internal.aliyuncs.com,*.acs.aliyun.com,*.aicrowd.aliyun.com,*.alibabacloud.co.in,*.alibabacloud.com,*.alibabacloud.com.au,*.alibabacloud.com.hk,*.alibabacloud.com.my,*.alibabacloud.com.sg,*.alibabacloud.com.tw,*.alicdn.com,*.alicloud.com,*.aligroup.aliyun.com,*.alimei.com,*.alink.aliyun.com,*.alios.aliyuncs.com,*.aliplus.com,*.alitranx.aliyun.com,*.aliyun-iot-share.com,*.aliyuncs.com,*.alyms.cn,*.ap-northeast-1.aliyuncs.com,*.ap-south-1.aliyuncs.com,*.ap-southeast-1.aliyuncs.com,*.ap-southeast-2.aliyuncs.com,*.ap-southeast-3.aliyuncs.com,*.ap-southeast-5.aliyuncs.com,*.api.aliyun.com,*.apm.aliyun.com,*.app.aliyun.com,*.asmlink.cn,*.banma.aliyuncs.com,*.base.shuju.aliyun.com,*.bi.aliyun.com,*.biz.aliyun.com,*.bridge.aliyun.com,*.ccc.aliyuncs.com,*.center.aliyun.com,*.citybrain.aliyun.com,*.cloudapp.aliyun.com,*.cloudeagle.cn,*.cloudgame.aliyun.com,*.cn-beijing.aliyuncs.com,*.cn-chengdu.aliyuncs.com,*.cn-guizhou.aliyuncs.com,*.cn-haidian.aliyuncs.com,*.cn-hangzhou-finance.aliyuncs.com,*.cn-hangzhou.aliyuncs.com,*.cn-hongkong.aliyuncs.com,*.cn-huhehaote.aliyuncs.com,*.cn-ningxia.aliyuncs.com,*.cn-north-2-gov-1.aliyuncs.com,*.cn-qingdao-nebula.aliyuncs.com,*.cn-qingdao.aliyuncs.com,*.cn-shanghai-finance-1.aliyuncs.com,*.cn-shanghai.aliyun.com,*.cn-shanghai.aliyuncs.com,*.cn-shenzhen-cloudstone.aliyuncs.com,*.cn-shenzhen-finance-1.aliyuncs.com,*.cn-shenzhen.aliyuncs.com,*.cn-sichuan.aliyuncs.com,*.cn-zhangjiakou.aliyuncs.com,*.connect.aliyun.com,*.console.alibabacloud.com,*.console.alicloud.com,*.console.aliyun.com,*.cs.aliyun.com,*.cschat-ccs.aliyun.com,*.data.aliyun.com,*.dataapi.aliyun.com,*.dataq.aliyuncs.com,*.datav.aliyun.com,*.datav.aliyuncs.com,*.devlops.aliyun.com,*.devops.aliyun.com,*.ditu.aliyun.com,*.domain.aliyun.com,*.dyiot.aliyun.com,*.ebs.aliyun.com,*.emas.aliyun.com,*.emr.aliyun.com,*.enterprise.aliyun.com,*.env.aliyun.com,*.et-industry.aliyun.com,*.eu-central-1.aliyuncs.com,*.eu-west-1.aliyuncs.com,*.fc.aliyun.com,*.feedback.console.aliyun.com,*.gts-x.aliyun.com,*.gts.aliyun.com,*.help-ccs.aliyun.com,*.ialicdn.com,*.in-mumbai.aliyuncs.com,*.iot.aliyun.com,*.jp-fudao.aliyuncs.com,*.linkedmall.aliyun.com,*.linkwan.aliyun.com,*.living.aliyun.com,*.luban.aliyun.com,*.m.aliyun.com,*.market.aliyun.com,*.maxcompute.aliyun.com,*.me-east-1.aliyuncs.com,*.media.aliyun.com,*.microdingtalk.aliyun.com,*.mit.aliyun.com,*.mobile.aliyun.com,*.msea.aliyun.com,*.mts.aliyun.com,*.mvp.aliyun.com,*.nebula.aliyun.com,*.nls.aliyuncs.com,*.odps.aliyun.com,*.ons.aliyun.com,*.ose.aliyun.com,*.pai.data.aliyun.com,*.pcs-gw-cn-beijing.aliyun.com,*.pcs-gw-cn-shanghai.aliyun.com,*.phpwind.com,*.phpwind.net,*.pre-sg-purchase.aliyun.com,*.prepub.aliyun.com,*.product.center.aliyun.com,*.pts.aliyun.com,*.r-app-cn-beijing-data.aliyun.com,*.r-app-cn-hangzhou-data.aliyun.com,*.r-app-cn-shenzhen-data.aliyun.com,*.r-app-data.aliyun.com,*.rdc.aliyun.com,*.rds.aliyun.com,*.reid.aliyun.com,*.sc-cmdb.aliyuncs.com,*.scsp.aliyun.com,*.sg.aliyuncs.com,*.shuju.aliyun.com,*.smart.aliyun.com,*.soc.aliyun.com,*.soc.aliyuncs.com,*.sparenode.com,*.supet.com,*.tburl.in,*.teambition.com,*.teambition.net,*.teambitionapis.com,*.tianchi.aliyun.com,*.toolkit.aliyun.com,*.tv.aliyun.com,*.tw-gaoxiong.aliyuncs.com,*.us-east-1.aliyuncs.com,*.us-west-1.aliyuncs.com,*.webide.aliyun.com,*.yuntu.aliyun.com,account.www.net.cn,alibabacloud.co.in,alibabacloud.com,alibabacloud.com.au,alibabacloud.com.hk,alibabacloud.com.my,alibabacloud.com.sg,alibabacloud.com.tw,alicdn.com,alicloud.com,alimei.com,aliyun-iot-share.com,aliyuncs.com,dc.www.net.cn,dmp.www.net.cn,dns.www.net.cn,panda.www.net.cn,pandavip.www.net.cn,phpwind.com,phpwind.net,scdnphi6.com,sparenode.com,supet.com,tburl.in,teambition.com,teambition.net,teambitionapis.com,tianchi-global.com,whois.www.net.cn,aliyun.com][JA3S: eee3d2bf5f17d17548ac36ba1872951f][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2][Subject: C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.aliyun.com][Certificate SHA-1: 2B:C6:82:22:E9:94:09:24:34:E1:5C:F1:24:76:98:75:45:78:53:DA][Firefox][Validity: 2020-11-25 10:12:07 - 2021-12-27 10:06:06][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 4,31,13,9,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,27,0,0] + 1 TCP 192.168.1.60:55333 <-> 106.15.100.123:443 [proto: 91.274/TLS.Alibaba][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][24 pkts/2429 bytes <-> 23 pkts/12383 bytes][Goodput ratio: 44/89][1.86 sec][Hostname/SNI: beacon-api.aliyuncs.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.672 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 74/62 370/360 133/111][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 101/538 571/1506 104/641][TLSv1.2][JA3C: 2a26b1a62e40d25d4de3babc9d532f30][ServerNames: *.aliyun.com,manager.channel.aliyun.com,*.ace.aliyun.com,*.acs-internal.aliyuncs.com,*.acs.aliyun.com,*.aicrowd.aliyun.com,*.alibabacloud.co.in,*.alibabacloud.com,*.alibabacloud.com.au,*.alibabacloud.com.hk,*.alibabacloud.com.my,*.alibabacloud.com.sg,*.alibabacloud.com.tw,*.alicdn.com,*.alicloud.com,*.aligroup.aliyun.com,*.alimei.com,*.alink.aliyun.com,*.alios.aliyuncs.com,*.aliplus.com,*.alitranx.aliyun.com,*.aliyun-iot-share.com,*.aliyuncs.com,*.alyms.cn,*.ap-northeast-1.aliyuncs.com,*.ap-south-1.aliyuncs.com,*.ap-southeast-1.aliyuncs.com,*.ap-southeast-2.aliyuncs.com,*.ap-southeast-3.aliyuncs.com,*.ap-southeast-5.aliyuncs.com,*.api.aliyun.com,*.apm.aliyun.com,*.app.aliyun.com,*.asmlink.cn,*.banma.aliyuncs.com,*.base.shuju.aliyun.com,*.bi.aliyun.com,*.biz.aliyun.com,*.bridge.aliyun.com,*.ccc.aliyuncs.com,*.center.aliyun.com,*.citybrain.aliyun.com,*.cloudapp.aliyun.com,*.cloudeagle.cn,*.cloudgame.aliyun.com,*.cn-beijing.aliyuncs.com,*.cn-chengdu.aliyuncs.com,*.cn-guizhou.aliyuncs.com,*.cn-haidian.aliyuncs.com,*.cn-hangzhou-finance.aliyuncs.com,*.cn-hangzhou.aliyuncs.com,*.cn-hongkong.aliyuncs.com,*.cn-huhehaote.aliyuncs.com,*.cn-ningxia.aliyuncs.com,*.cn-north-2-gov-1.aliyuncs.com,*.cn-qingdao-nebula.aliyuncs.com,*.cn-qingdao.aliyuncs.com,*.cn-shanghai-finance-1.aliyuncs.com,*.cn-shanghai.aliyun.com,*.cn-shanghai.aliyuncs.com,*.cn-shenzhen-cloudstone.aliyuncs.com,*.cn-shenzhen-finance-1.aliyuncs.com,*.cn-shenzhen.aliyuncs.com,*.cn-sichuan.aliyuncs.com,*.cn-zhangjiakou.aliyuncs.com,*.connect.aliyun.com,*.console.alibabacloud.com,*.console.alicloud.com,*.console.aliyun.com,*.cs.aliyun.com,*.cschat-ccs.aliyun.com,*.data.aliyun.com,*.dataapi.aliyun.com,*.dataq.aliyuncs.com,*.datav.aliyun.com,*.datav.aliyuncs.com,*.devlops.aliyun.com,*.devops.aliyun.com,*.ditu.aliyun.com,*.domain.aliyun.com,*.dyiot.aliyun.com,*.ebs.aliyun.com,*.emas.aliyun.com,*.emr.aliyun.com,*.enterprise.aliyun.com,*.env.aliyun.com,*.et-industry.aliyun.com,*.eu-central-1.aliyuncs.com,*.eu-west-1.aliyuncs.com,*.fc.aliyun.com,*.feedback.console.aliyun.com,*.gts-x.aliyun.com,*.gts.aliyun.com,*.help-ccs.aliyun.com,*.ialicdn.com,*.in-mumbai.aliyuncs.com,*.iot.aliyun.com,*.jp-fudao.aliyuncs.com,*.linkedmall.aliyun.com,*.linkwan.aliyun.com,*.living.aliyun.com,*.luban.aliyun.com,*.m.aliyun.com,*.market.aliyun.com,*.maxcompute.aliyun.com,*.me-east-1.aliyuncs.com,*.media.aliyun.com,*.microdingtalk.aliyun.com,*.mit.aliyun.com,*.mobile.aliyun.com,*.msea.aliyun.com,*.mts.aliyun.com,*.mvp.aliyun.com,*.nebula.aliyun.com,*.nls.aliyuncs.com,*.odps.aliyun.com,*.ons.aliyun.com,*.ose.aliyun.com,*.pai.data.aliyun.com,*.pcs-gw-cn-beijing.aliyun.com,*.pcs-gw-cn-shanghai.aliyun.com,*.phpwind.com,*.phpwind.net,*.pre-sg-purchase.aliyun.com,*.prepub.aliyun.com,*.product.center.aliyun.com,*.pts.aliyun.com,*.r-app-cn-beijing-data.aliyun.com,*.r-app-cn-hangzhou-data.aliyun.com,*.r-app-cn-shenzhen-data.aliyun.com,*.r-app-data.aliyun.com,*.rdc.aliyun.com,*.rds.aliyun.com,*.reid.aliyun.com,*.sc-cmdb.aliyuncs.com,*.scsp.aliyun.com,*.sg.aliyuncs.com,*.shuju.aliyun.com,*.smart.aliyun.com,*.soc.aliyun.com,*.soc.aliyuncs.com,*.sparenode.com,*.supet.com,*.tburl.in,*.teambition.com,*.teambition.net,*.teambitionapis.com,*.tianchi.aliyun.com,*.toolkit.aliyun.com,*.tv.aliyun.com,*.tw-gaoxiong.aliyuncs.com,*.us-east-1.aliyuncs.com,*.us-west-1.aliyuncs.com,*.webide.aliyun.com,*.yuntu.aliyun.com,account.www.net.cn,alibabacloud.co.in,alibabacloud.com,alibabacloud.com.au,alibabacloud.com.hk,alibabacloud.com.my,alibabacloud.com.sg,alibabacloud.com.tw,alicdn.com,alicloud.com,alimei.com,aliyun-iot-share.com,aliyuncs.com,dc.www.net.cn,dmp.www.net.cn,dns.www.net.cn,panda.www.net.cn,pandavip.www.net.cn,phpwind.com,phpwind.net,scdnphi6.com,sparenode.com,supet.com,tburl.in,teambition.com,teambition.net,teambitionapis.com,tianchi-global.com,whois.www.net.cn,aliyun.com][JA3S: eee3d2bf5f17d17548ac36ba1872951f][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2][Subject: C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.aliyun.com][Certificate SHA-1: 2B:C6:82:22:E9:94:09:24:34:E1:5C:F1:24:76:98:75:45:78:53:DA][Firefox][Validity: 2020-11-25 10:12:07 - 2021-12-27 10:06:06][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 4,31,13,9,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,27,0,0] diff --git a/tests/result/malware.pcap.out b/tests/result/malware.pcap.out index 2326de91b..ce868900b 100644 --- a/tests/result/malware.pcap.out +++ b/tests/result/malware.pcap.out @@ -17,7 +17,7 @@ Automa host: 4/0 (search/found) Automa domain: 4/0 (search/found) Automa tls cert: 1/0 (search/found) Automa risk mask: 1/0 (search/found) -Automa common alpns: 0/0 (search/found) +Automa common alpns: 2/2 (search/found) Patricia risk mask: 10/0 (search/found) Patricia risk: 0/0 (search/found) Patricia protocols: 8/2 (search/found) @@ -32,7 +32,7 @@ JA3 Host Stats: 1 192.168.7.7 1 - 1 TCP 192.168.7.7:35236 <-> 67.215.92.210:443 [proto: 91/TLS][IP: 225/OpenDNS][Encrypted][Confidence: DPI][cat: Malware/100][11 pkts/1280 bytes <-> 9 pkts/5860 bytes][Goodput ratio: 53/91][0.64 sec][Hostname/SNI: www.internetbadguys.com][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.641 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 71/75 240/249 99/103][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 116/651 571/1514 148/644][Risk: ** TLS Cert Mismatch **][Risk Score: 100][Risk Info: www.internetbadguys.com vs api.opendns.com,branded-login.opendns.com,cachecheck.opendns.com,community.opendns.com,dashboard2.o][TLSv1.2][JA3C: b20b44b18b853ef29ab773e921b03422][ServerNames: api.opendns.com,branded-login.opendns.com,cachecheck.opendns.com,community.opendns.com,dashboard2.opendns.com,dashboard.opendns.com,dashboard-ipv4.opendns.com,msp-login.opendns.com,api-ipv4.opendns.com,api-ipv6.opendns.com,authz.api.opendns.com,domain.opendns.com,help.vpn.opendns.com,ideabank.opendns.com,login.opendns.com,netgear.opendns.com,reseller-login.opendns.com,images.opendns.com,images-using.opendns.com,store.opendns.com,signup.opendns.com,twilio.opendns.com,updates.opendns.com,shared.opendns.com,tools.opendns.com,cache.opendns.com,api.umbrella.com,branded-login.umbrella.com,cachecheck.umbrella.com,community.umbrella.com,dashboard2.umbrella.com,dashboard.umbrella.com,dashboard-ipv4.umbrella.com,msp-login.umbrella.com,api-ipv4.umbrella.com,api-ipv6.umbrella.com,authz.api.umbrella.com,domain.umbrella.com,help.vpn.umbrella.com,ideabank.umbrella.com,login.umbrella.com,netgear.umbrella.com,reseller-login.umbrella.com,images.umbrella.com,images-using.umbrella.com,store.umbrella.com,signup.umbrella.com,twilio.umbrella.com,updates.umbrella.com,shared.umbrella.com,tools.umbrella.com,cache.umbrella.com][JA3S: 0c0aff9ccea5e7e1de5c3a0069d103f3][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=OpenDNS, Inc., CN=api.opendns.com][Certificate SHA-1: 21:B4:CF:84:13:3A:21:A4:B0:02:63:76:39:84:EA:ED:27:EE:51:7C][Firefox][Validity: 2018-04-26 00:00:00 - 2020-07-29 00:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,0,0,12,0,0,0,0,12,0,0,0,0,0,0,0,12,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,38,0,0] + 1 TCP 192.168.7.7:35236 <-> 67.215.92.210:443 [proto: 91/TLS][IP: 225/OpenDNS][Encrypted][Confidence: DPI][cat: Malware/100][11 pkts/1280 bytes <-> 9 pkts/5860 bytes][Goodput ratio: 53/91][0.64 sec][Hostname/SNI: www.internetbadguys.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.641 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 71/75 240/249 99/103][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 116/651 571/1514 148/644][Risk: ** TLS Cert Mismatch **][Risk Score: 100][Risk Info: www.internetbadguys.com vs api.opendns.com,branded-login.opendns.com,cachecheck.opendns.com,community.opendns.com,dashboard2.o][TLSv1.2][JA3C: b20b44b18b853ef29ab773e921b03422][ServerNames: api.opendns.com,branded-login.opendns.com,cachecheck.opendns.com,community.opendns.com,dashboard2.opendns.com,dashboard.opendns.com,dashboard-ipv4.opendns.com,msp-login.opendns.com,api-ipv4.opendns.com,api-ipv6.opendns.com,authz.api.opendns.com,domain.opendns.com,help.vpn.opendns.com,ideabank.opendns.com,login.opendns.com,netgear.opendns.com,reseller-login.opendns.com,images.opendns.com,images-using.opendns.com,store.opendns.com,signup.opendns.com,twilio.opendns.com,updates.opendns.com,shared.opendns.com,tools.opendns.com,cache.opendns.com,api.umbrella.com,branded-login.umbrella.com,cachecheck.umbrella.com,community.umbrella.com,dashboard2.umbrella.com,dashboard.umbrella.com,dashboard-ipv4.umbrella.com,msp-login.umbrella.com,api-ipv4.umbrella.com,api-ipv6.umbrella.com,authz.api.umbrella.com,domain.umbrella.com,help.vpn.umbrella.com,ideabank.umbrella.com,login.umbrella.com,netgear.umbrella.com,reseller-login.umbrella.com,images.umbrella.com,images-using.umbrella.com,store.umbrella.com,signup.umbrella.com,twilio.umbrella.com,updates.umbrella.com,shared.umbrella.com,tools.umbrella.com,cache.umbrella.com][JA3S: 0c0aff9ccea5e7e1de5c3a0069d103f3][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=OpenDNS, Inc., CN=api.opendns.com][Certificate SHA-1: 21:B4:CF:84:13:3A:21:A4:B0:02:63:76:39:84:EA:ED:27:EE:51:7C][Firefox][Validity: 2018-04-26 00:00:00 - 2020-07-29 00:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,0,0,12,0,0,0,0,12,0,0,0,0,0,0,0,12,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,38,0,0] 2 TCP 192.168.7.7:48394 <-> 67.215.92.210:80 [proto: 7/HTTP][IP: 225/OpenDNS][ClearText][Confidence: DPI][cat: Malware/100][1 pkts/383 bytes <-> 1 pkts/98 bytes][Goodput ratio: 86/44][0.21 sec][Hostname/SNI: www.internetbadguys.com][URL: www.internetbadguys.com/][StatusCode: 0][User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.7.7:42370 <-> 1.1.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/106 bytes <-> 1 pkts/110 bytes][Goodput ratio: 60/61][0.02 sec][Hostname/SNI: www.internetbadguys.com][67.215.92.210][PLAIN TEXT (internetbadguys)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 4 ICMP 192.168.7.7:0 -> 144.139.247.220:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Malware/100][1 pkts/98 bytes -> 0 pkts/0 bytes][Goodput ratio: 57/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/netflix.pcap.out b/tests/result/netflix.pcap.out index 464f6dca2..bd3e038d2 100644 --- a/tests/result/netflix.pcap.out +++ b/tests/result/netflix.pcap.out @@ -17,7 +17,7 @@ Automa host: 72/50 (search/found) Automa domain: 72/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 13/0 (search/found) -Automa common alpns: 7/7 (search/found) +Automa common alpns: 52/52 (search/found) Patricia risk mask: 118/0 (search/found) Patricia risk: 0/0 (search/found) Patricia protocols: 82/40 (search/found) @@ -38,10 +38,10 @@ JA3 Host Stats: 2 TCP 192.168.1.7:53183 <-> 23.246.3.140:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][cat: Web/5][502 pkts/40335 bytes <-> 805 pkts/1202445 bytes][Goodput ratio: 17/96][53.10 sec][Hostname/SNI: 23.246.3.140][bytes ratio: -0.935 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 117/55 5026/5044 455/248][Pkt Len c2s/s2c min/avg/max/stddev: 60/74 80/1494 581/1514 81/140][URL: 23.246.3.140/?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-8u4vlcPuFqcOLnLyb9DDtK-bB4][StatusCode: 206][User-Agent: AppleCoreMedia/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)][Risk: ** HTTP Numeric IP Address **][Risk Score: 10][Risk Info: Found host 23.246.3.140][PLAIN TEXT (oMrLRiWL)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,97,0,0] 3 TCP 192.168.1.7:53210 <-> 23.246.11.133:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][cat: Web/5][293 pkts/23170 bytes <-> 495 pkts/736113 bytes][Goodput ratio: 16/96][46.97 sec][Hostname/SNI: 23.246.11.133][bytes ratio: -0.939 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 194/107 26359/26393 1829/1321][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 79/1487 582/1514 79/167][URL: 23.246.11.133/?o=AQEfKq2oMrLRiWL1ouVaJpeQLBWjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JfEef80K02ynIjLLoi-HZB1uQ10][StatusCode: 206][User-Agent: AppleCoreMedia/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)][Risk: ** HTTP Numeric IP Address **][Risk Score: 10][Risk Info: Found host 23.246.11.133][PLAIN TEXT (oMrLRiWL1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,96,0,0] 4 TCP 192.168.1.7:53153 <-> 184.25.204.24:80 [proto: 7.133/HTTP.NetFlix][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Video/26][147 pkts/11558 bytes <-> 490 pkts/734346 bytes][Goodput ratio: 2/96][59.61 sec][Hostname/SNI: tp.akam.nflximg.com][bytes ratio: -0.969 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 418/45 30607/2159 2956/164][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 79/1499 282/1514 21/140][URL: tp.akam.nflximg.com/tpa3/616/2041779616.bif][StatusCode: 200][Content-Type: text/plain][User-Agent: Argo/900 CFNetwork/808.2.16 Darwin/16.3.0][Risk: ** HTTP Suspicious Content **][Risk Score: 100][Risk Info: Susp content 89424946][PLAIN TEXT (GET /tpa3/616/2041779616.bif HT)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0] - 5 TCP 192.168.1.7:53141 <-> 104.86.97.179:443 [proto: 91.133/TLS.NetFlix][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Video/26][83 pkts/7225 bytes <-> 147 pkts/202723 bytes][Goodput ratio: 20/95][73.78 sec][Hostname/SNI: art-s.nflximg.net][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.931 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1184/604 69170/69192 8780/6263][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 87/1379 293/1514 39/401][TLSv1.2][JA3C: c07cb55f88702033a8f52c046d23e0b2][ServerNames: secure.cdn.nflximg.net,*.nflxext.com,*.nflxvideo.net,*.nflxsearch.net,*.nrd.nflximg.net,*.nflximg.net][JA3S: ef6b224ce027c8e21e5a25d8a58255a3][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=California, L=Los Gatos, O=Netflix, Inc., OU=Content Delivery Operations, CN=secure.cdn.nflximg.net][Certificate SHA-1: 0D:EF:D1:E6:29:11:1A:A5:88:B3:2F:04:65:D6:D7:AD:84:A2:52:26][Firefox][Validity: 2016-04-06 00:00:00 - 2017-04-05 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 1,4,6,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,87,0,0] + 5 TCP 192.168.1.7:53141 <-> 104.86.97.179:443 [proto: 91.133/TLS.NetFlix][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Video/26][83 pkts/7225 bytes <-> 147 pkts/202723 bytes][Goodput ratio: 20/95][73.78 sec][Hostname/SNI: art-s.nflximg.net][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.931 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1184/604 69170/69192 8780/6263][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 87/1379 293/1514 39/401][TLSv1.2][JA3C: c07cb55f88702033a8f52c046d23e0b2][ServerNames: secure.cdn.nflximg.net,*.nflxext.com,*.nflxvideo.net,*.nflxsearch.net,*.nrd.nflximg.net,*.nflximg.net][JA3S: ef6b224ce027c8e21e5a25d8a58255a3][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=California, L=Los Gatos, O=Netflix, Inc., OU=Content Delivery Operations, CN=secure.cdn.nflximg.net][Certificate SHA-1: 0D:EF:D1:E6:29:11:1A:A5:88:B3:2F:04:65:D6:D7:AD:84:A2:52:26][Firefox][Validity: 2016-04-06 00:00:00 - 2017-04-05 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 1,4,6,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,87,0,0] 6 TCP 192.168.1.7:53184 <-> 23.246.11.141:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][cat: Web/5][75 pkts/6610 bytes <-> 103 pkts/150772 bytes][Goodput ratio: 23/95][6.10 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.916 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/5 90/58 504/714 130/109][Pkt Len c2s/s2c min/avg/max/stddev: 60/74 88/1464 582/1514 100/228][URL: 23.246.11.141/?o=AQEfKq2oMrLRiWL2puNQJJqTIRqhGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_vlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=TnP59JB1wb5UTOCr0m-KQU2kGPo][StatusCode: 206][User-Agent: AppleCoreMedia/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)][Risk: ** HTTP Numeric IP Address **][Risk Score: 10][Risk Info: Found host 23.246.11.141][PLAIN TEXT (oMrLRiWL2)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,98,0,0] 7 TCP 192.168.1.7:53149 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Video/26][40 pkts/3413 bytes <-> 86 pkts/125190 bytes][Goodput ratio: 7/95][34.92 sec][Hostname/SNI: art-2.nflximg.net][bytes ratio: -0.947 (Download)][IAT c2s/s2c min/avg/max/stddev: 6/12 1101/41 30978/402 5647/66][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 85/1456 311/1514 38/274][URL: art-2.nflximg.net/5758c/bb636e44b87ef854c331ed7b7b6e157e4945758c.jpg][StatusCode: 200][Content-Type: image/jpeg][User-Agent: Argo/9.1.0 (iPhone; iOS 10.2; Scale/2.00)][PLAIN TEXT (GET /5758)][Plen Bins: 0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,97,0,0] - 8 TCP 192.168.1.7:53116 <-> 52.32.196.36:443 [proto: 91.133/TLS.NetFlix][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Video/26][75 pkts/31024 bytes <-> 73 pkts/42930 bytes][Goodput ratio: 84/89][47.10 sec][Hostname/SNI: api-global.netflix.com][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.161 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 744/738 30450/30505 3962/4075][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 414/588 1514/1514 553/594][TLSv1.2][JA3C: c07cb55f88702033a8f52c046d23e0b2][ServerNames: api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com][Certificate SHA-1: FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C][Firefox][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 2,18,2,1,1,2,3,1,1,1,0,1,0,0,1,1,3,0,1,1,1,3,0,1,0,2,1,1,0,0,2,2,1,1,0,0,1,0,0,0,0,0,0,3,0,35,0,0] + 8 TCP 192.168.1.7:53116 <-> 52.32.196.36:443 [proto: 91.133/TLS.NetFlix][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Video/26][75 pkts/31024 bytes <-> 73 pkts/42930 bytes][Goodput ratio: 84/89][47.10 sec][Hostname/SNI: api-global.netflix.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.161 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 744/738 30450/30505 3962/4075][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 414/588 1514/1514 553/594][TLSv1.2][JA3C: c07cb55f88702033a8f52c046d23e0b2][ServerNames: api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com][Certificate SHA-1: FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C][Firefox][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 2,18,2,1,1,2,3,1,1,1,0,1,0,0,1,1,3,0,1,1,1,3,0,1,0,2,1,1,0,0,2,2,1,1,0,0,1,0,0,0,0,0,0,3,0,35,0,0] 9 TCP 192.168.1.7:53193 <-> 54.191.17.51:443 [proto: 91.133/TLS.NetFlix][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Video/26][46 pkts/50218 bytes <-> 25 pkts/7943 bytes][Goodput ratio: 94/78][53.21 sec][Hostname/SNI: ios.nccp.netflix.com][bytes ratio: 0.727 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1378/2893 51181/51242 8188/11726][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1092/318 1514/1514 615/491][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: dc67ac8aaf8d7f69ecd6598135448f24][ServerNames: *.nccp.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos][Subject: CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos][Certificate SHA-1: 97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33][Firefox][Validity: 2001-01-17 20:32:09 - 2018-03-24 20:32:09][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,10,0,2,0,0,0,0,4,0,0,0,0,0,0,2,2,0,2,0,0,0,0,0,0,0,0,0,0,0,2,2,0,2,0,0,0,0,0,0,0,0,0,0,0,71,0,0] 10 TCP 192.168.1.7:53164 <-> 23.246.10.139:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][cat: Web/5][24 pkts/2040 bytes <-> 34 pkts/45136 bytes][Goodput ratio: 17/95][1.88 sec][Hostname/SNI: 23.246.10.139][bytes ratio: -0.914 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 77/62 638/579 155/122][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 85/1328 422/1514 71/457][URL: 23.246.10.139/range/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-djGXIcbFBNzyfugqEWcrgtCpyY&random=34073607][StatusCode: 200][User-Agent: netflix-ios-app][Risk: ** HTTP Numeric IP Address **][Risk Score: 10][Risk Info: Found host 23.246.10.139][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,90,0,0] 11 TCP 192.168.1.7:53171 <-> 23.246.3.140:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][cat: Web/5][21 pkts/1868 bytes <-> 34 pkts/45139 bytes][Goodput ratio: 19/95][2.09 sec][Hostname/SNI: 23.246.3.140][bytes ratio: -0.921 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/2 70/47 708/633 171/121][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 89/1328 420/1514 75/457][URL: 23.246.3.140/range/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-8u4vlcPuFqcOLnLyb9DDtK-bB4&random=357509657][StatusCode: 200][User-Agent: netflix-ios-app][Risk: ** HTTP Numeric IP Address **][Risk Score: 10][Risk Info: Found host 23.246.3.140][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,90,0,0] @@ -55,12 +55,12 @@ JA3 Host Stats: 19 TCP 192.168.1.7:53182 <-> 23.246.11.141:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][cat: Web/5][33 pkts/2732 bytes <-> 25 pkts/30064 bytes][Goodput ratio: 13/94][7.16 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.833 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 254/199 1162/1131 295/282][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 83/1203 424/1514 61/564][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJZ2VKhqgGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzTho_flHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=LQ7LyXSnZaXKEHAHaRRHk-S7dKE&random=420981][StatusCode: 200][User-Agent: netflix-ios-app][Risk: ** HTTP Numeric IP Address **][Risk Score: 10][Risk Info: Found host 23.246.11.141][PLAIN TEXT (GET /range/0)][Plen Bins: 4,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,83,0,0] 20 TCP 192.168.1.7:53173 <-> 23.246.11.133:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][cat: Web/5][24 pkts/2041 bytes <-> 25 pkts/30064 bytes][Goodput ratio: 17/94][5.93 sec][Hostname/SNI: 23.246.11.133][bytes ratio: -0.873 (Download)][IAT c2s/s2c min/avg/max/stddev: 4/4 245/165 985/775 248/180][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 85/1203 423/1514 71/564][URL: 23.246.11.133/range/0-65535?o=AQEfKq2oMrLRiWL1ouVaJZ2bLBChGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_ngHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=SixKQmLLJNvShj-pfML-2h4QaqQ&random=727666][StatusCode: 200][User-Agent: netflix-ios-app][Risk: ** HTTP Numeric IP Address **][Risk Score: 10][Risk Info: Found host 23.246.11.133][PLAIN TEXT (GET /range/0)][Plen Bins: 4,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,83,0,0] 21 TCP 192.168.1.7:53175 <-> 23.246.11.141:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][cat: Web/5][31 pkts/2571 bytes <-> 22 pkts/28042 bytes][Goodput ratio: 14/95][7.15 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.832 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/4 265/326 1355/1382 337/387][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 83/1275 423/1514 62/517][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJJ2TLhuiGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpP7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=Dh278u2UpApOCGUj5RxV8azNWX8&random=323765][StatusCode: 200][User-Agent: netflix-ios-app][Risk: ** HTTP Numeric IP Address **][Risk Score: 10][Risk Info: Found host 23.246.11.141][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,90,0,0] - 22 TCP 192.168.1.7:53239 <-> 52.41.30.5:443 [proto: 91.133/TLS.NetFlix][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Video/26][22 pkts/6384 bytes <-> 26 pkts/23277 bytes][Goodput ratio: 77/93][1.73 sec][Hostname/SNI: api-global.netflix.com][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.570 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 48/42 437/291 101/61][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 290/895 1514/1514 442/626][TLSv1.2][JA3C: d8bfad189bd26664e04570c104ee8418][ServerNames: api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com][Certificate SHA-1: FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C][Firefox][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 3,10,3,0,0,0,3,0,0,0,0,0,3,6,0,0,3,0,0,3,0,3,0,3,0,0,0,0,0,0,3,0,3,0,0,0,0,0,0,0,0,0,0,3,0,47,0,0] + 22 TCP 192.168.1.7:53239 <-> 52.41.30.5:443 [proto: 91.133/TLS.NetFlix][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Video/26][22 pkts/6384 bytes <-> 26 pkts/23277 bytes][Goodput ratio: 77/93][1.73 sec][Hostname/SNI: api-global.netflix.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.570 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 48/42 437/291 101/61][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 290/895 1514/1514 442/626][TLSv1.2][JA3C: d8bfad189bd26664e04570c104ee8418][ServerNames: api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com][Certificate SHA-1: FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C][Firefox][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 3,10,3,0,0,0,3,0,0,0,0,0,3,6,0,0,3,0,0,3,0,3,0,3,0,0,0,0,0,0,3,0,3,0,0,0,0,0,0,0,0,0,0,3,0,47,0,0] 23 TCP 192.168.1.7:53177 <-> 23.246.11.141:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][cat: Web/5][32 pkts/2572 bytes <-> 23 pkts/26661 bytes][Goodput ratio: 14/94][7.05 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.824 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 248/271 635/1046 213/317][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 80/1159 426/1514 62/603][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQIpyTIBGjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_biCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=8Z78vL2i9OzihCA3M1LinMYcMY4&random=2386][StatusCode: 200][User-Agent: netflix-ios-app][Risk: ** HTTP Numeric IP Address **][Risk Score: 10][Risk Info: Found host 23.246.11.141][PLAIN TEXT (fGET /range/0)][Plen Bins: 0,5,0,0,0,0,0,0,0,0,0,5,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,80,0,0] 24 TCP 192.168.1.7:53176 <-> 23.246.11.141:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][cat: Web/5][36 pkts/3030 bytes <-> 21 pkts/25455 bytes][Goodput ratio: 12/95][8.05 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.787 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/4 258/237 1250/1203 331/381][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 84/1212 424/1514 58/551][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJJqTIRqhGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_vlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=TnP59JB1wb5UTOCr0m-KQU2kGPo&random=413473][StatusCode: 200][User-Agent: netflix-ios-app][Risk: ** HTTP Numeric IP Address **][Risk Score: 10][Risk Info: Found host 23.246.11.141][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,84,0,0] 25 TCP 192.168.1.7:53180 <-> 23.246.11.141:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][cat: Web/5][34 pkts/2864 bytes <-> 21 pkts/25456 bytes][Goodput ratio: 13/95][5.76 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.798 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 168/223 1162/1317 246/337][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 84/1212 426/1514 60/551][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJ5yTLBCkGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_3mCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=r5jtnnEcR8hDCkPImfEiWqWAjKk&random=1846][StatusCode: 200][User-Agent: netflix-ios-app][Risk: ** HTTP Numeric IP Address **][Risk Score: 10][Risk Info: Found host 23.246.11.141][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,84,0,0] 26 TCP 192.168.1.7:53178 <-> 23.246.11.141:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][cat: Web/5][30 pkts/2553 bytes <-> 22 pkts/25510 bytes][Goodput ratio: 14/94][7.56 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.818 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/4 298/146 1317/530 354/131][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 85/1160 423/1514 63/590][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJJmULRajGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpfblHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=zezrDJDQvgO2TiYC1dT3imH4QC8&random=169467][StatusCode: 200][User-Agent: netflix-ios-app][Risk: ** HTTP Numeric IP Address **][Risk Score: 10][Risk Info: Found host 23.246.11.141][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,84,0,0] - 27 TCP 192.168.1.7:53203 <-> 52.37.36.252:443 [proto: 91.133/TLS.NetFlix][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Video/26][28 pkts/22704 bytes <-> 17 pkts/5248 bytes][Goodput ratio: 92/78][32.21 sec][Hostname/SNI: ichnaea.netflix.com][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: 0.624 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 48/84 332/331 94/95][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 811/309 1514/1514 700/493][TLSv1.2][JA3C: c07cb55f88702033a8f52c046d23e0b2][ServerNames: ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com][Certificate SHA-1: 50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F][Firefox][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 8,8,4,0,0,4,0,4,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,60,0,0] + 27 TCP 192.168.1.7:53203 <-> 52.37.36.252:443 [proto: 91.133/TLS.NetFlix][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Video/26][28 pkts/22704 bytes <-> 17 pkts/5248 bytes][Goodput ratio: 92/78][32.21 sec][Hostname/SNI: ichnaea.netflix.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: 0.624 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 48/84 332/331 94/95][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 811/309 1514/1514 700/493][TLSv1.2][JA3C: c07cb55f88702033a8f52c046d23e0b2][ServerNames: ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com][Certificate SHA-1: 50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F][Firefox][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 8,8,4,0,0,4,0,4,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,60,0,0] 28 TCP 192.168.1.7:53249 <-> 52.41.30.5:443 [proto: 91.133/TLS.NetFlix][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Video/26][25 pkts/5934 bytes <-> 27 pkts/19952 bytes][Goodput ratio: 72/91][0.86 sec][Hostname/SNI: api-global.netflix.com][bytes ratio: -0.542 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 31/33 266/316 64/70][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 237/739 1514/1514 407/542][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: 7e72698146290dd68239f788a452e7d8][JA3S: 303951d4c50efb2e991652225a6f02b1][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 3,3,0,0,3,3,3,0,0,0,0,3,0,3,3,7,0,0,7,7,3,3,0,3,0,0,0,0,0,3,0,0,0,0,0,0,0,0,3,0,0,3,0,0,0,30,0,0] 29 TCP 192.168.1.7:53174 <-> 23.246.11.141:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][cat: Web/5][35 pkts/2920 bytes <-> 19 pkts/22428 bytes][Goodput ratio: 12/94][7.38 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.770 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/0 222/250 636/1132 227/337][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 83/1180 424/1514 59/570][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJpmQIRekGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThrvnlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=mQfOf90-RY2Gd2ii20KJpCcYQVk&random=134564][StatusCode: 200][User-Agent: netflix-ios-app][Risk: ** HTTP Numeric IP Address **][Risk Score: 10][Risk Info: Found host 23.246.11.141][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,83,0,0] 30 TCP 192.168.1.7:53181 <-> 23.246.11.141:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][cat: Web/5][34 pkts/2879 bytes <-> 20 pkts/22373 bytes][Goodput ratio: 12/94][8.26 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.772 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 238/289 1152/1208 301/406][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 85/1119 425/1514 60/614][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQLJ2TIBepGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpPbiCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=tTXu3c6FnJtfi6z0IJp3hw8eDv8&random=1294][StatusCode: 200][User-Agent: netflix-ios-app][Risk: ** HTTP Numeric IP Address **][Risk Score: 10][Risk Info: Found host 23.246.11.141][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,5,0,0,5,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,84,0,0] @@ -70,14 +70,14 @@ JA3 Host Stats: 34 TCP 192.168.1.7:53162 <-> 54.191.17.51:443 [proto: 91.133/TLS.NetFlix][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Video/26][18 pkts/5661 bytes <-> 13 pkts/9059 bytes][Goodput ratio: 79/90][1.01 sec][Hostname/SNI: ios.nccp.netflix.com][bytes ratio: -0.231 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 65/96 322/423 89/121][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 314/697 1514/1514 477/667][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: dc67ac8aaf8d7f69ecd6598135448f24][ServerNames: *.nccp.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos][Subject: CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos][Certificate SHA-1: 97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33][Firefox][Validity: 2001-01-17 20:32:09 - 2018-03-24 20:32:09][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 13,13,0,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,6,0,0,0,6,0,0,0,0,6,0,0,34,0,0] 35 TCP 192.168.1.7:53132 <-> 52.89.39.139:443 [proto: 91.133/TLS.NetFlix][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Video/26][22 pkts/6028 bytes <-> 18 pkts/7459 bytes][Goodput ratio: 76/84][38.49 sec][Hostname/SNI: api-global.netflix.com][bytes ratio: -0.106 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2129/2946 30585/30636 7105/8237][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 274/414 1514/1514 437/546][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: 7e72698146290dd68239f788a452e7d8][ServerNames: api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com][Certificate SHA-1: FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C][Firefox][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 10,21,5,0,5,0,10,0,0,0,0,0,0,5,0,0,0,0,0,5,0,0,0,5,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,26,0,0] 36 TCP 192.168.1.7:53150 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Video/26][10 pkts/941 bytes <-> 11 pkts/12318 bytes][Goodput ratio: 26/94][32.06 sec][Hostname/SNI: art-2.nflximg.net][bytes ratio: -0.858 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 4565/34 30963/63 10780/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 94/1120 311/1514 72/644][URL: art-2.nflximg.net/87b33/bed1223a0040fdc97bac4e906332e462c6e87b33.jpg][StatusCode: 200][Content-Type: image/jpeg][User-Agent: Argo/9.1.0 (iPhone; iOS 10.2; Scale/2.00)][PLAIN TEXT (GET /87)][Plen Bins: 0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,88,0,0] - 37 TCP 192.168.1.7:53119 <-> 54.69.204.241:443 [proto: 91.133/TLS.NetFlix][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Video/26][20 pkts/7639 bytes <-> 16 pkts/5235 bytes][Goodput ratio: 83/80][30.85 sec][Hostname/SNI: ichnaea.netflix.com][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: 0.187 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1923/16 30431/72 7361/24][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 382/327 1514/1514 559/501][TLSv1.2][JA3C: c07cb55f88702033a8f52c046d23e0b2][ServerNames: ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com][Certificate SHA-1: 50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F][Firefox][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 11,24,5,0,0,5,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,31,0,0] - 38 TCP 192.168.1.7:53118 <-> 54.69.204.241:443 [proto: 91.133/TLS.NetFlix][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Video/26][19 pkts/7588 bytes <-> 15 pkts/5140 bytes][Goodput ratio: 83/81][30.38 sec][Hostname/SNI: ichnaea.netflix.com][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: 0.192 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2017/14 30033/55 7488/20][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 399/343 1514/1514 569/514][TLSv1.2][JA3C: c07cb55f88702033a8f52c046d23e0b2][ServerNames: ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com][Certificate SHA-1: 50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F][Firefox][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,18,6,0,0,6,0,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,31,0,0] + 37 TCP 192.168.1.7:53119 <-> 54.69.204.241:443 [proto: 91.133/TLS.NetFlix][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Video/26][20 pkts/7639 bytes <-> 16 pkts/5235 bytes][Goodput ratio: 83/80][30.85 sec][Hostname/SNI: ichnaea.netflix.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: 0.187 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1923/16 30431/72 7361/24][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 382/327 1514/1514 559/501][TLSv1.2][JA3C: c07cb55f88702033a8f52c046d23e0b2][ServerNames: ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com][Certificate SHA-1: 50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F][Firefox][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 11,24,5,0,0,5,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,31,0,0] + 38 TCP 192.168.1.7:53118 <-> 54.69.204.241:443 [proto: 91.133/TLS.NetFlix][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Video/26][19 pkts/7588 bytes <-> 15 pkts/5140 bytes][Goodput ratio: 83/81][30.38 sec][Hostname/SNI: ichnaea.netflix.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: 0.192 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2017/14 30033/55 7488/20][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 399/343 1514/1514 569/514][TLSv1.2][JA3C: c07cb55f88702033a8f52c046d23e0b2][ServerNames: ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com][Certificate SHA-1: 50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F][Firefox][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,18,6,0,0,6,0,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,31,0,0] 39 TCP 192.168.1.7:53238 <-> 52.32.22.214:443 [proto: 91.133/TLS.NetFlix][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Video/26][17 pkts/5528 bytes <-> 14 pkts/5406 bytes][Goodput ratio: 80/83][3.15 sec][Hostname/SNI: ios.nccp.netflix.com][bytes ratio: 0.011 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 218/303 2449/2522 645/743][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 325/386 1514/1514 478/534][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: dc67ac8aaf8d7f69ecd6598135448f24][ServerNames: *.nccp.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos][Subject: CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos][Certificate SHA-1: 97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33][Firefox][Validity: 2001-01-17 20:32:09 - 2018-03-24 20:32:09][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 13,21,6,6,0,0,0,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,6,0,0,0,0,0,0,6,0,0,0,0,21,0,0] 40 TCP 192.168.1.7:53248 <-> 52.32.22.214:443 [proto: 91.133/TLS.NetFlix][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Video/26][12 pkts/5165 bytes <-> 10 pkts/5074 bytes][Goodput ratio: 84/87][0.34 sec][Hostname/SNI: ios.nccp.netflix.com][bytes ratio: 0.009 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 31/31 85/65 31/27][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 430/507 1514/1514 533/591][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: dc67ac8aaf8d7f69ecd6598135448f24][ServerNames: *.nccp.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos][Subject: CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos][Certificate SHA-1: 97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33][Firefox][Validity: 2001-01-17 20:32:09 - 2018-03-24 20:32:09][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,25,0,8,0,0,0,0,8,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8,0,0,0,0,0,8,0,0,0,0,0,25,0,0] - 41 TCP 192.168.1.7:53105 <-> 54.69.204.241:443 [proto: 91.133/TLS.NetFlix][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Video/26][21 pkts/3051 bytes <-> 16 pkts/6234 bytes][Goodput ratio: 55/83][31.02 sec][Hostname/SNI: ichnaea.netflix.com][ALPN: spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.343 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1820/45 30348/363 7132/103][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 145/390 422/1514 132/520][TLSv1.2][JA3C: c07cb55f88702033a8f52c046d23e0b2][ServerNames: ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com][Certificate SHA-1: 50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F][Firefox][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 11,27,5,0,0,5,5,0,0,11,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0] + 41 TCP 192.168.1.7:53105 <-> 54.69.204.241:443 [proto: 91.133/TLS.NetFlix][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Video/26][21 pkts/3051 bytes <-> 16 pkts/6234 bytes][Goodput ratio: 55/83][31.02 sec][Hostname/SNI: ichnaea.netflix.com][(Advertised) ALPNs: spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.343 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1820/45 30348/363 7132/103][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 145/390 422/1514 132/520][TLSv1.2][JA3C: c07cb55f88702033a8f52c046d23e0b2][ServerNames: ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com][Certificate SHA-1: 50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F][Firefox][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 11,27,5,0,0,5,5,0,0,11,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0] 42 TCP 192.168.1.7:53114 <-> 54.191.17.51:443 [proto: 91.133/TLS.NetFlix][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Video/26][14 pkts/3109 bytes <-> 11 pkts/5119 bytes][Goodput ratio: 70/86][0.32 sec][Hostname/SNI: ios.nccp.netflix.com][bytes ratio: -0.244 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 24/22 72/63 26/25][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 222/465 1514/1514 382/579][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: dc67ac8aaf8d7f69ecd6598135448f24][ServerNames: *.nccp.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos][Subject: CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos][Certificate SHA-1: 97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33][Firefox][Validity: 2001-01-17 20:32:09 - 2018-03-24 20:32:09][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 16,25,0,8,0,0,0,0,8,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,25,0,0] 43 TCP 192.168.1.7:53134 <-> 52.89.39.139:443 [proto: 91.133/TLS.NetFlix][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Video/26][14 pkts/3548 bytes <-> 11 pkts/4653 bytes][Goodput ratio: 74/84][30.77 sec][Hostname/SNI: api-global.netflix.com][bytes ratio: -0.135 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 29/22 143/79 43/29][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 253/423 1514/1514 422/512][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: 7e72698146290dd68239f788a452e7d8][JA3S: 303951d4c50efb2e991652225a6f02b1][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 18,9,0,0,9,0,9,0,0,0,0,0,9,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,18,0,0] - 44 TCP 192.168.1.7:53115 <-> 52.32.196.36:443 [proto: 91.133/TLS.NetFlix][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Video/26][16 pkts/1657 bytes <-> 12 pkts/5005 bytes][Goodput ratio: 36/84][30.93 sec][Hostname/SNI: api-global.netflix.com][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.503 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2373/20 30602/58 8149/26][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 104/417 309/1514 78/548][TLSv1.2][JA3C: c07cb55f88702033a8f52c046d23e0b2][ServerNames: api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com][Certificate SHA-1: FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C][Firefox][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 15,23,15,0,0,0,7,15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0] + 44 TCP 192.168.1.7:53115 <-> 52.32.196.36:443 [proto: 91.133/TLS.NetFlix][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Video/26][16 pkts/1657 bytes <-> 12 pkts/5005 bytes][Goodput ratio: 36/84][30.93 sec][Hostname/SNI: api-global.netflix.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.503 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2373/20 30602/58 8149/26][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 104/417 309/1514 78/548][TLSv1.2][JA3C: c07cb55f88702033a8f52c046d23e0b2][ServerNames: api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com][Certificate SHA-1: FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C][Firefox][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 15,23,15,0,0,0,7,15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0] 45 TCP 192.168.1.7:53250 <-> 52.41.30.5:443 [proto: 91.133/TLS.NetFlix][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Video/26][10 pkts/2830 bytes <-> 7 pkts/2484 bytes][Goodput ratio: 76/81][0.21 sec][Hostname/SNI: api-global.netflix.com][bytes ratio: 0.065 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 26/20 92/54 34/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 283/355 1450/1066 419/413][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: 7e72698146290dd68239f788a452e7d8][JA3S: 303951d4c50efb2e991652225a6f02b1][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,12,0,0,12,0,12,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,12,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0] 46 TCP 192.168.1.7:53117 <-> 52.32.196.36:443 [proto: 91.133/TLS.NetFlix][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Video/26][12 pkts/1294 bytes <-> 8 pkts/1723 bytes][Goodput ratio: 39/69][30.71 sec][Hostname/SNI: api-global.netflix.com][bytes ratio: -0.142 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 3064/6120 30486/30536 9141/12208][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 108/215 309/989 83/296][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: 7e72698146290dd68239f788a452e7d8][JA3S: 303951d4c50efb2e991652225a6f02b1][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 25,12,12,0,12,0,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 47 UDP 192.168.1.7:53776 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: System/18][16 pkts/2648 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][79.13 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 105/0 4588/0 14907/0 6547/0][Pkt Len c2s/s2c min/avg/max/stddev: 164/0 166/0 167/0 2/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/no_sni.pcap.out b/tests/result/no_sni.pcap.out index d8723ca55..55f77f05e 100644 --- a/tests/result/no_sni.pcap.out +++ b/tests/result/no_sni.pcap.out @@ -14,7 +14,7 @@ Automa host: 3/1 (search/found) Automa domain: 3/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) -Automa common alpns: 0/0 (search/found) +Automa common alpns: 14/14 (search/found) Patricia risk mask: 16/0 (search/found) Patricia risk: 0/0 (search/found) Patricia protocols: 8/8 (search/found) @@ -27,11 +27,11 @@ JA3 Host Stats: 1 192.168.1.119 4 - 1 TCP 192.168.1.119:51612 <-> 104.16.124.96:443 [proto: 91/TLS][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: Web/5][393 pkts/33775 bytes <-> 392 pkts/495548 bytes][Goodput ratio: 19/96][3.69 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.872 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/7 256/389 33/36][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 86/1264 1001/1514 72/503][TLSv1.3][JA3C: 76ec527d45e3a2a9093484446d7d3264][JA3S: 2b0648ab686ee45e0e7c35fcfb0eea7e][ESNI: 154F773223D0CF0FEF0A7775B0D958B67741380EE78600E440917D6766C09DF766B1C11F9A9FA708ECDE5D1E5DD45A2941D5D6233C0FC26FE91DA3FAED9C82F6BAFBAED593BCE2682784BE9A6867B21A06EBBCD3DB037837FA99CD0D3E117AB0E37E87BAFEA8E988492DFC2C5E824F330947430FBC6ED197B78052CF341C3E34CA15564EBD6B82760F41CDE5DC21FE0F0E65BF622F16105980BA244469375960B46EFCC4B55CBD5EE08279D532CE6E2301849DF8948C5E611F9E79DAB46BDDA36AC9B8B49F54447B5DA34DCD026899D2023B2CA2538610817B11ACF470248DC52231356612F9588CF5DFA616A946E009E8C4E4B79007616F4A375F381F1E6A8E5D3FD08A0DAD1439DFE3C5499520CC1DF322CE89EE48226D6DE2F68298A0D64153994A52][ESNI Cipher: TLS_AES_128_GCM_SHA256][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 4,0,14,5,0,1,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,2,0,6,0,59,0,0] - 2 TCP 192.168.1.119:51606 <-> 104.16.249.249:443 [proto: 91.196/TLS.DoH_DoT][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: Network/14][154 pkts/15322 bytes <-> 114 pkts/16560 bytes][Goodput ratio: 45/61][4.04 sec][Hostname/SNI: mozilla.cloudflare-dns.com][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.039 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/9 918/180 109/25][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 99/145 670/736 65/115][TLSv1.3][JA3C: f14ec85ee5580a29f6523e24e5d3d527][JA3S: 2b0648ab686ee45e0e7c35fcfb0eea7e][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 26,25,10,8,6,6,2,9,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 3 TCP 192.168.1.119:51637 <-> 104.22.72.170:443 [proto: 91/TLS][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: Web/5][19 pkts/2515 bytes <-> 16 pkts/6813 bytes][Goodput ratio: 58/87][0.58 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.461 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/29 126/129 39/42][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 132/426 766/1514 169/513][TLSv1.3][JA3C: 62a4a00de930bd0a5bee0309cc8362ed][JA3S: eb1d94daa7e0344597e756a1fb6e7054][ESNI: BADE19F2B027949FC140E94EEB7DD59A2241568D071E94D82B0A30FD4AE0338795D6A38CC2278CB2B352A8CD65E9BC2D8033A555A10F0B41919F868242D5355CFD97E057107040600744D061FAFE56A4C7F69C7F851BD029BCAD13D2F7E153F64D47A71B517C885D217B2C1BE5948935196B1C2C08C68D50D5C1578129ADF9BC6A15DAF6C64DCA09970610B5F826C1C5D71B718A9908F61536792AA76BF455FFA3998ECFB4C43A1B90BEDD1FE0B8C7C212FBA65B53D75C7691752A754B4AC040C029F881D9A3CAA39C264166C83F4CCC947B2A8C77D5ABBFD5C72754F6202564C11C87FDE8A2679857A5BC46B74EAB76E69512BB91177C9AA424CE04E4C3E9865361B97B6EB5241AB4455F92D8300A526D7A0456F372F86B07B3178A2071FE9FDACEF78F][ESNI Cipher: TLS_AES_128_GCM_SHA256][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 28,0,16,0,0,5,0,0,0,11,5,0,0,0,0,0,11,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,5,0,0] - 4 TCP 192.168.1.119:51635 <-> 104.17.198.37:443 [proto: 91/TLS][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: Web/5][12 pkts/1785 bytes <-> 11 pkts/4213 bytes][Goodput ratio: 62/85][0.56 sec][Hostname/SNI: 951c558a-5e07-47ca-a0c0-225da1b33163.is-cf.help.every1dns.net][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.405 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 38/14 107/98 41/32][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 149/383 571/1514 159/503][TLSv1.3][JA3C: aa7744226c695c0b2e440419848cf700][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 27,0,9,0,0,9,0,0,0,0,18,0,0,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,9,0,0] - 5 TCP 192.168.1.119:51636 <-> 104.17.198.37:443 [proto: 91/TLS][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: Web/5][12 pkts/1786 bytes <-> 11 pkts/4212 bytes][Goodput ratio: 62/85][0.56 sec][Hostname/SNI: 951c558a-5e07-47ca-a0c0-225da1b33163.is-doh.help.every1dns.net][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.404 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 38/44 117/211 47/72][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 149/383 571/1514 159/503][TLSv1.3][JA3C: aa7744226c695c0b2e440419848cf700][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 27,0,9,0,0,9,0,0,0,0,18,0,0,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,9,0,0] - 6 TCP 192.168.1.119:51638 <-> 104.22.72.170:443 [proto: 91/TLS][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: Web/5][12 pkts/1659 bytes <-> 10 pkts/3915 bytes][Goodput ratio: 59/85][0.56 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.405 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 43/30 129/142 42/52][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 138/392 766/1514 196/550][TLSv1.3][JA3C: 62a4a00de930bd0a5bee0309cc8362ed][JA3S: eb1d94daa7e0344597e756a1fb6e7054][ESNI: 4BC224582D83D9B999D5A6A5C8CA5F7044ECCCB75B644BE507AF762431A6292DA0EFBEED632A2BC868756FF720C5BD83C345E60B3529B7BF7DA4DB25E657E0B126FFCD62BB1544D84A8D81FF78CE3E14BB03DC429F25D34982D42B00F7DCFCD6C0A6D91EAFA2B6A3338187DEB367AA29ED731C52FD0561923C1FF20AE22DA56551A91FEF05347C46D01C51DEEFD63A35801F1D9A11BB271EB163912E7E3C65E877D9637FA0ECBF83787F8D2AF237AAA43E3BC82BD98140C9A227A7EE1D8EB5DB3EC55D9C635A8A525D8ADC7E7C2261A235120A5BB10EC883C9D1956D1C4CB7D3B22B606E085082EE035C09B154074E031EA961651127B1E4F41A36851D026A40C6CDD36712E84A3AACDEDC40319883A9C1C13870A8CC10E79E6A84352D0681134CC97941][ESNI Cipher: TLS_AES_128_GCM_SHA256][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 25,0,12,0,0,12,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,12,0,0] - 7 TCP 192.168.1.119:51639 <-> 104.22.72.170:443 [proto: 91/TLS][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: Web/5][12 pkts/1659 bytes <-> 10 pkts/3915 bytes][Goodput ratio: 59/85][0.55 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.405 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 44/27 126/129 43/47][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 138/392 766/1514 196/550][TLSv1.3][JA3C: 62a4a00de930bd0a5bee0309cc8362ed][JA3S: eb1d94daa7e0344597e756a1fb6e7054][ESNI: 1A5D1DCC8C47DD46E21570FFB62F999CD85F69983DF08FC0E944E15E9520556C5462F5110EE1FC34F93862ADD6B2DE6FD479263028F82157273B3A728443CE0A259E50F657019E02DD9BB408C7297C541B756A55769B88C04FBF268F677EEBC074CEB1D905770D67E6663B392CF09E80086661BD59F640035FEF65DEF6B93654AD359D9514C4236BBF9F565D299224475DEA5D1813F7AF1CF9A4402AB0ADB1DD2D3075ECE78A216DE6E88A82E89F72BDB3EC3B26604D6433FF5EF71C15FC7E3E624ECC15C1644AC4CF839119636965184DAF8FC115C6C09260306FCE2024D360636EFB39AACB9DCE54226E847B6356F1A2FCA88222266CC21D575EFFBF9FE0F553D99B1AE564AA7A001DA3C775FFE19DCFF96A1814AAF8554B871926B6582467FDA05224][ESNI Cipher: TLS_AES_128_GCM_SHA256][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 25,0,12,0,0,12,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,12,0,0] + 1 TCP 192.168.1.119:51612 <-> 104.16.124.96:443 [proto: 91/TLS][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: Web/5][393 pkts/33775 bytes <-> 392 pkts/495548 bytes][Goodput ratio: 19/96][3.69 sec][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.872 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/7 256/389 33/36][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 86/1264 1001/1514 72/503][TLSv1.3][JA3C: 76ec527d45e3a2a9093484446d7d3264][JA3S: 2b0648ab686ee45e0e7c35fcfb0eea7e][ESNI: 154F773223D0CF0FEF0A7775B0D958B67741380EE78600E440917D6766C09DF766B1C11F9A9FA708ECDE5D1E5DD45A2941D5D6233C0FC26FE91DA3FAED9C82F6BAFBAED593BCE2682784BE9A6867B21A06EBBCD3DB037837FA99CD0D3E117AB0E37E87BAFEA8E988492DFC2C5E824F330947430FBC6ED197B78052CF341C3E34CA15564EBD6B82760F41CDE5DC21FE0F0E65BF622F16105980BA244469375960B46EFCC4B55CBD5EE08279D532CE6E2301849DF8948C5E611F9E79DAB46BDDA36AC9B8B49F54447B5DA34DCD026899D2023B2CA2538610817B11ACF470248DC52231356612F9588CF5DFA616A946E009E8C4E4B79007616F4A375F381F1E6A8E5D3FD08A0DAD1439DFE3C5499520CC1DF322CE89EE48226D6DE2F68298A0D64153994A52][ESNI Cipher: TLS_AES_128_GCM_SHA256][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 4,0,14,5,0,1,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,2,0,6,0,59,0,0] + 2 TCP 192.168.1.119:51606 <-> 104.16.249.249:443 [proto: 91.196/TLS.DoH_DoT][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: Network/14][154 pkts/15322 bytes <-> 114 pkts/16560 bytes][Goodput ratio: 45/61][4.04 sec][Hostname/SNI: mozilla.cloudflare-dns.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.039 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/9 918/180 109/25][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 99/145 670/736 65/115][TLSv1.3][JA3C: f14ec85ee5580a29f6523e24e5d3d527][JA3S: 2b0648ab686ee45e0e7c35fcfb0eea7e][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 26,25,10,8,6,6,2,9,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 TCP 192.168.1.119:51637 <-> 104.22.72.170:443 [proto: 91/TLS][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: Web/5][19 pkts/2515 bytes <-> 16 pkts/6813 bytes][Goodput ratio: 58/87][0.58 sec][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.461 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/29 126/129 39/42][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 132/426 766/1514 169/513][TLSv1.3][JA3C: 62a4a00de930bd0a5bee0309cc8362ed][JA3S: eb1d94daa7e0344597e756a1fb6e7054][ESNI: BADE19F2B027949FC140E94EEB7DD59A2241568D071E94D82B0A30FD4AE0338795D6A38CC2278CB2B352A8CD65E9BC2D8033A555A10F0B41919F868242D5355CFD97E057107040600744D061FAFE56A4C7F69C7F851BD029BCAD13D2F7E153F64D47A71B517C885D217B2C1BE5948935196B1C2C08C68D50D5C1578129ADF9BC6A15DAF6C64DCA09970610B5F826C1C5D71B718A9908F61536792AA76BF455FFA3998ECFB4C43A1B90BEDD1FE0B8C7C212FBA65B53D75C7691752A754B4AC040C029F881D9A3CAA39C264166C83F4CCC947B2A8C77D5ABBFD5C72754F6202564C11C87FDE8A2679857A5BC46B74EAB76E69512BB91177C9AA424CE04E4C3E9865361B97B6EB5241AB4455F92D8300A526D7A0456F372F86B07B3178A2071FE9FDACEF78F][ESNI Cipher: TLS_AES_128_GCM_SHA256][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 28,0,16,0,0,5,0,0,0,11,5,0,0,0,0,0,11,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,5,0,0] + 4 TCP 192.168.1.119:51635 <-> 104.17.198.37:443 [proto: 91/TLS][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: Web/5][12 pkts/1785 bytes <-> 11 pkts/4213 bytes][Goodput ratio: 62/85][0.56 sec][Hostname/SNI: 951c558a-5e07-47ca-a0c0-225da1b33163.is-cf.help.every1dns.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.405 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 38/14 107/98 41/32][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 149/383 571/1514 159/503][TLSv1.3][JA3C: aa7744226c695c0b2e440419848cf700][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 27,0,9,0,0,9,0,0,0,0,18,0,0,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,9,0,0] + 5 TCP 192.168.1.119:51636 <-> 104.17.198.37:443 [proto: 91/TLS][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: Web/5][12 pkts/1786 bytes <-> 11 pkts/4212 bytes][Goodput ratio: 62/85][0.56 sec][Hostname/SNI: 951c558a-5e07-47ca-a0c0-225da1b33163.is-doh.help.every1dns.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.404 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 38/44 117/211 47/72][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 149/383 571/1514 159/503][TLSv1.3][JA3C: aa7744226c695c0b2e440419848cf700][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 27,0,9,0,0,9,0,0,0,0,18,0,0,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,9,0,0] + 6 TCP 192.168.1.119:51638 <-> 104.22.72.170:443 [proto: 91/TLS][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: Web/5][12 pkts/1659 bytes <-> 10 pkts/3915 bytes][Goodput ratio: 59/85][0.56 sec][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.405 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 43/30 129/142 42/52][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 138/392 766/1514 196/550][TLSv1.3][JA3C: 62a4a00de930bd0a5bee0309cc8362ed][JA3S: eb1d94daa7e0344597e756a1fb6e7054][ESNI: 4BC224582D83D9B999D5A6A5C8CA5F7044ECCCB75B644BE507AF762431A6292DA0EFBEED632A2BC868756FF720C5BD83C345E60B3529B7BF7DA4DB25E657E0B126FFCD62BB1544D84A8D81FF78CE3E14BB03DC429F25D34982D42B00F7DCFCD6C0A6D91EAFA2B6A3338187DEB367AA29ED731C52FD0561923C1FF20AE22DA56551A91FEF05347C46D01C51DEEFD63A35801F1D9A11BB271EB163912E7E3C65E877D9637FA0ECBF83787F8D2AF237AAA43E3BC82BD98140C9A227A7EE1D8EB5DB3EC55D9C635A8A525D8ADC7E7C2261A235120A5BB10EC883C9D1956D1C4CB7D3B22B606E085082EE035C09B154074E031EA961651127B1E4F41A36851D026A40C6CDD36712E84A3AACDEDC40319883A9C1C13870A8CC10E79E6A84352D0681134CC97941][ESNI Cipher: TLS_AES_128_GCM_SHA256][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 25,0,12,0,0,12,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,12,0,0] + 7 TCP 192.168.1.119:51639 <-> 104.22.72.170:443 [proto: 91/TLS][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: Web/5][12 pkts/1659 bytes <-> 10 pkts/3915 bytes][Goodput ratio: 59/85][0.55 sec][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.405 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 44/27 126/129 43/47][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 138/392 766/1514 196/550][TLSv1.3][JA3C: 62a4a00de930bd0a5bee0309cc8362ed][JA3S: eb1d94daa7e0344597e756a1fb6e7054][ESNI: 1A5D1DCC8C47DD46E21570FFB62F999CD85F69983DF08FC0E944E15E9520556C5462F5110EE1FC34F93862ADD6B2DE6FD479263028F82157273B3A728443CE0A259E50F657019E02DD9BB408C7297C541B756A55769B88C04FBF268F677EEBC074CEB1D905770D67E6663B392CF09E80086661BD59F640035FEF65DEF6B93654AD359D9514C4236BBF9F565D299224475DEA5D1813F7AF1CF9A4402AB0ADB1DD2D3075ECE78A216DE6E88A82E89F72BDB3EC3B26604D6433FF5EF71C15FC7E3E624ECC15C1644AC4CF839119636965184DAF8FC115C6C09260306FCE2024D360636EFB39AACB9DCE54226E847B6356F1A2FCA88222266CC21D575EFFBF9FE0F553D99B1AE564AA7A001DA3C775FFE19DCFF96A1814AAF8554B871926B6582467FDA05224][ESNI Cipher: TLS_AES_128_GCM_SHA256][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 25,0,12,0,0,12,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,12,0,0] 8 TCP 192.168.1.119:51331 <-> 104.16.249.249:443 [proto: 91/TLS][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: Web/5][4 pkts/279 bytes <-> 3 pkts/180 bytes][Goodput ratio: 22/0][0.12 sec][bytes ratio: 0.216 (Upload)][IAT c2s/s2c min/avg/max/stddev: 119/0 40/0 119/0 56/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 70/60 93/60 17/0][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/os_detected.pcapng.out b/tests/result/os_detected.pcapng.out index 3fd828138..271b7357e 100644 --- a/tests/result/os_detected.pcapng.out +++ b/tests/result/os_detected.pcapng.out @@ -14,7 +14,7 @@ Automa host: 0/0 (search/found) Automa domain: 0/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) -Automa common alpns: 0/0 (search/found) +Automa common alpns: 1/1 (search/found) Patricia risk mask: 2/0 (search/found) Patricia risk: 0/0 (search/found) Patricia protocols: 1/1 (search/found) @@ -26,4 +26,4 @@ JA3 Host Stats: 1 192.168.1.128 1 - 1 UDP 192.168.1.128:39821 -> 8.8.8.8:443 [proto: 188/QUIC][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: Mozilla/5.0 (Windows NT 5.2; U; CPU OS 3_2 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko)][Risk: ** Missing SNI TLS Extn **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][TLSv1.3][JA3C: 9addef84847d700f759746b237c405c8][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] + 1 UDP 192.168.1.128:39821 -> 8.8.8.8:443 [proto: 188/QUIC][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: Mozilla/5.0 (Windows NT 5.2; U; CPU OS 3_2 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko)][Risk: ** Missing SNI TLS Extn **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][TLSv1.3][JA3C: 9addef84847d700f759746b237c405c8][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] diff --git a/tests/result/pinterest.pcap.out b/tests/result/pinterest.pcap.out index 53a6c7c6a..34a4ef480 100644 --- a/tests/result/pinterest.pcap.out +++ b/tests/result/pinterest.pcap.out @@ -15,7 +15,7 @@ Automa host: 22/17 (search/found) Automa domain: 22/0 (search/found) Automa tls cert: 2/0 (search/found) Automa risk mask: 0/0 (search/found) -Automa common alpns: 22/22 (search/found) +Automa common alpns: 40/40 (search/found) Patricia risk mask: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia protocols: 0/0 (search/found) @@ -31,27 +31,27 @@ JA3 Host Stats: 1 2a01:cb01:2049:8b07:991d:ec85:28df:f629 1 - 1 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:38512 <-> [2a04:4e42:1d::84]:443 [proto: 91.183/TLS.Pinterest][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][2091 pkts/199209 bytes <-> 10687 pkts/21038106 bytes][Goodput ratio: 10/96][3.16 sec][Hostname/SNI: s.pinimg.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.981 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1/0 415/450 15/6][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 95/1969 1474/65322 60/2735][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: *.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA][Subject: C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com][Certificate SHA-1: 1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E][Chrome][Validity: 2020-07-16 00:00:00 - 2021-08-04 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,1,0,0,0,0,0,2,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,43,0,0,0,50] - 2 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:33262 <-> [64:ff9b::9765:7854]:443 [proto: 91.183/TLS.Pinterest][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][914 pkts/144518 bytes <-> 1890 pkts/3768357 bytes][Goodput ratio: 46/96][21.20 sec][Hostname/SNI: www.pinterest.fr][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.926 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 28/6 5627/5836 310/150][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 158/1994 1474/13710 286/1748][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: *.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA][Subject: C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com][Certificate SHA-1: 1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E][Chrome][Validity: 2020-07-16 00:00:00 - 2021-08-04 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,3,2,4,0,0,0,1,1,0,0,1,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,56,0,0,0,0,0,0,0,0,0,0,26,0,0,0,0] - 3 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:57050 <-> [2a04:4e42:1d::720]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Media/1][372 pkts/33115 bytes <-> 436 pkts/1818025 bytes][Goodput ratio: 3/98][0.52 sec][Hostname/SNI: images.unsplash.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.964 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1/1 54/53 6/5][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 89/4170 603/16742 34/2692][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: imgix2.map.fastly.net,*.camp-fire.jp,*.carwow.co.uk,*.carwow.de,*.carwow.es,*.catchandrelease.com,*.dorothee-schumacher.com,*.footway.com,*.img-ikyu.com,*.imgix.drizly.com,*.instamotor.com,*.microdinc.com,*.msastaging.com,*.peddle.com,*.remax.ca,*.ustudio.com,*.vaping360.com,*.weber.com,article-image-ix.nikkei.com,assets.eberhardt-travel.de,assets.verishop.com,assets.verishop.xyz,cdn.airstream.com,cdn.elementthree.com,cdn.hashnode.com,cdn.naturalhealthyconcepts.com,cdn.parent.eu,cdn.phonehouse.es,cdn.shiplus.co.il,i.drop-cdn.com,i.upworthy.com,image.volunteerworld.com,imageproxy.themaven.net,images-dev.takeshape.io,images.101cookbooks.com,images.beano.com,images.businessoffashion.com,images.congstar.de,images.diesdas.digital,images.fandor.com,images.greetingsisland.com,images.malaecuia.com.br,images.omaze.com,images.roulottesgagnon.com,images.takeshape.io,images.thewanderful.co,images.unsplash.com,images.victoriaplum.com,images.vraiandoro.com,img-1.homely.com.au,img-stack.imagereflow.com,img.badshop.se,img.bernieandphyls.com,img.bioopticsworld.com,img.broadbandtechreport.com,img.broadwaybox.com,img.bygghemma.se,img.bygghjemme.no,img.byggshop.se,img.cablinginstall.com,img.dentaleconomics.com,img.dentistryiq.com,img.evaluationengineering.com,img.golvshop.se,img.grudado.com.br,img.industrial-lasers.com,img.induux.de,img.intelligent-aerospace.com,img.inturn.co,img.laserfocusworld.com,img.ledsmagazine.com,img.lightwaveonline.com,img.militaryaerospace.com,img.mychannels.video,img.officer.com,img.offshore-mag.com,img.ogj.com,img.perioimplantadvisory.com,img.plasticsmachinerymagazine.com,img.prevu.com,img.rdhmag.com,img.speedcurve.com,img.strategies-u.com,img.utilityproducts.com,img.vision-systems.com,img.waterworld.com,img.workbook.com,img.xlhemma.se,img1.nowpurchase.com,iw.induux.de,m.22slides.com,media.sailrace.com,media.useyourlocal.com,pictures.hideaways.dk,raven.contrado.com,resources.intuitive.com,static.doorsuperstore.co.uk][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3][Subject: C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=imgix2.map.fastly.net][Certificate SHA-1: 1F:BC:A1:79:48:96:70:32:B8:08:C1:38:D4:20:12:BE:D9:6F:14:B6][Chrome][Validity: 2020-11-12 16:39:14 - 2021-07-07 17:15:51][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,2,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,60] - 4 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:51582 <-> [2a00:1450:4007:816::2003]:443 [proto: 91.126/TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][78 pkts/8258 bytes <-> 146 pkts/317107 bytes][Goodput ratio: 19/96][0.99 sec][Hostname/SNI: www.gstatic.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.949 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 12/5 147/122 32/18][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 106/2172 603/31494 73/3182][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 1,2,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,2,0,0,0,57,0,0,0,0,0,0,0,0,0,30] - 5 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:60340 <-> [2a03:2880:f11f:83:face:b00c::25de]:443 [proto: 91.119/TLS.Facebook][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][73 pkts/9751 bytes <-> 98 pkts/155098 bytes][Goodput ratio: 36/95][8.87 sec][Hostname/SNI: www.facebook.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.882 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 156/28 6193/1522 838/170][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 134/1583 685/12506 138/1762][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 3,8,3,1,0,1,2,0,0,0,1,1,2,1,0,0,2,1,1,0,0,0,0,0,2,0,0,0,2,0,0,0,0,0,0,0,0,0,16,0,1,0,1,31,0,0,0,17] - 6 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:54416 <-> [2a00:1450:4007:806::200e]:443 [proto: 91.126/TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][40 pkts/4645 bytes <-> 76 pkts/138349 bytes][Goodput ratio: 26/95][0.52 sec][Hostname/SNI: apis.google.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.935 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/4 79/78 22/12][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 116/1820 603/16998 92/2650][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 2,2,2,1,2,0,1,1,1,0,0,0,1,0,1,0,1,0,1,0,0,0,0,1,0,0,0,1,1,0,0,0,0,2,0,0,0,61,0,0,0,0,0,0,0,0,0,15] - 7 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:51292 <-> [2a03:2880:f030:13:face:b00c::3]:443 [proto: 91.119/TLS.Facebook][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][28 pkts/3763 bytes <-> 43 pkts/69376 bytes][Goodput ratio: 36/95][0.34 sec][Hostname/SNI: connect.facebook.net][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.897 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/4 78/64 23/13][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 134/1613 603/12506 114/2280][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 2,7,9,2,0,2,0,0,7,0,0,0,2,0,0,0,2,0,2,2,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,37,2,0,0,17] - 8 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:40894 <-> [2a00:1450:4007:816::200d]:443 [proto: 91.126/TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][52 pkts/6440 bytes <-> 74 pkts/54135 bytes][Goodput ratio: 30/88][13.52 sec][Hostname/SNI: accounts.google.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.787 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 337/4 6419/37 1406/9][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 124/732 603/2536 87/652][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 2,15,5,0,6,5,1,4,2,0,1,0,0,4,4,0,1,0,1,1,1,0,1,0,0,1,0,1,1,0,0,1,0,0,0,0,0,31,0,0,0,0,0,0,0,0,0,5] - 9 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:40694 <-> [2a00:1450:4007:816::2004]:443 [proto: 91.126/TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][43 pkts/11445 bytes <-> 64 pkts/36753 bytes][Goodput ratio: 68/85][1.89 sec][Hostname/SNI: www.google.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.525 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 53/28 960/963 172/136][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 266/574 1474/1294 372/530][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 3,17,4,4,0,3,4,1,3,1,4,0,1,1,0,0,1,0,1,0,1,3,0,1,0,1,0,0,0,0,0,0,0,0,1,0,0,35,0,0,0,0,0,4,0,0,0,0] + 1 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:38512 <-> [2a04:4e42:1d::84]:443 [proto: 91.183/TLS.Pinterest][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][2091 pkts/199209 bytes <-> 10687 pkts/21038106 bytes][Goodput ratio: 10/96][3.16 sec][Hostname/SNI: s.pinimg.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.981 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1/0 415/450 15/6][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 95/1969 1474/65322 60/2735][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: *.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA][Subject: C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com][Certificate SHA-1: 1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E][Chrome][Validity: 2020-07-16 00:00:00 - 2021-08-04 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,1,0,0,0,0,0,2,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,43,0,0,0,50] + 2 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:33262 <-> [64:ff9b::9765:7854]:443 [proto: 91.183/TLS.Pinterest][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][914 pkts/144518 bytes <-> 1890 pkts/3768357 bytes][Goodput ratio: 46/96][21.20 sec][Hostname/SNI: www.pinterest.fr][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.926 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 28/6 5627/5836 310/150][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 158/1994 1474/13710 286/1748][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: *.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA][Subject: C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com][Certificate SHA-1: 1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E][Chrome][Validity: 2020-07-16 00:00:00 - 2021-08-04 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,3,2,4,0,0,0,1,1,0,0,1,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,56,0,0,0,0,0,0,0,0,0,0,26,0,0,0,0] + 3 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:57050 <-> [2a04:4e42:1d::720]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Media/1][372 pkts/33115 bytes <-> 436 pkts/1818025 bytes][Goodput ratio: 3/98][0.52 sec][Hostname/SNI: images.unsplash.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.964 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1/1 54/53 6/5][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 89/4170 603/16742 34/2692][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: imgix2.map.fastly.net,*.camp-fire.jp,*.carwow.co.uk,*.carwow.de,*.carwow.es,*.catchandrelease.com,*.dorothee-schumacher.com,*.footway.com,*.img-ikyu.com,*.imgix.drizly.com,*.instamotor.com,*.microdinc.com,*.msastaging.com,*.peddle.com,*.remax.ca,*.ustudio.com,*.vaping360.com,*.weber.com,article-image-ix.nikkei.com,assets.eberhardt-travel.de,assets.verishop.com,assets.verishop.xyz,cdn.airstream.com,cdn.elementthree.com,cdn.hashnode.com,cdn.naturalhealthyconcepts.com,cdn.parent.eu,cdn.phonehouse.es,cdn.shiplus.co.il,i.drop-cdn.com,i.upworthy.com,image.volunteerworld.com,imageproxy.themaven.net,images-dev.takeshape.io,images.101cookbooks.com,images.beano.com,images.businessoffashion.com,images.congstar.de,images.diesdas.digital,images.fandor.com,images.greetingsisland.com,images.malaecuia.com.br,images.omaze.com,images.roulottesgagnon.com,images.takeshape.io,images.thewanderful.co,images.unsplash.com,images.victoriaplum.com,images.vraiandoro.com,img-1.homely.com.au,img-stack.imagereflow.com,img.badshop.se,img.bernieandphyls.com,img.bioopticsworld.com,img.broadbandtechreport.com,img.broadwaybox.com,img.bygghemma.se,img.bygghjemme.no,img.byggshop.se,img.cablinginstall.com,img.dentaleconomics.com,img.dentistryiq.com,img.evaluationengineering.com,img.golvshop.se,img.grudado.com.br,img.industrial-lasers.com,img.induux.de,img.intelligent-aerospace.com,img.inturn.co,img.laserfocusworld.com,img.ledsmagazine.com,img.lightwaveonline.com,img.militaryaerospace.com,img.mychannels.video,img.officer.com,img.offshore-mag.com,img.ogj.com,img.perioimplantadvisory.com,img.plasticsmachinerymagazine.com,img.prevu.com,img.rdhmag.com,img.speedcurve.com,img.strategies-u.com,img.utilityproducts.com,img.vision-systems.com,img.waterworld.com,img.workbook.com,img.xlhemma.se,img1.nowpurchase.com,iw.induux.de,m.22slides.com,media.sailrace.com,media.useyourlocal.com,pictures.hideaways.dk,raven.contrado.com,resources.intuitive.com,static.doorsuperstore.co.uk][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3][Subject: C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=imgix2.map.fastly.net][Certificate SHA-1: 1F:BC:A1:79:48:96:70:32:B8:08:C1:38:D4:20:12:BE:D9:6F:14:B6][Chrome][Validity: 2020-11-12 16:39:14 - 2021-07-07 17:15:51][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,2,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,60] + 4 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:51582 <-> [2a00:1450:4007:816::2003]:443 [proto: 91.126/TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][78 pkts/8258 bytes <-> 146 pkts/317107 bytes][Goodput ratio: 19/96][0.99 sec][Hostname/SNI: www.gstatic.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.949 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 12/5 147/122 32/18][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 106/2172 603/31494 73/3182][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 1,2,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,2,0,0,0,57,0,0,0,0,0,0,0,0,0,30] + 5 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:60340 <-> [2a03:2880:f11f:83:face:b00c::25de]:443 [proto: 91.119/TLS.Facebook][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][73 pkts/9751 bytes <-> 98 pkts/155098 bytes][Goodput ratio: 36/95][8.87 sec][Hostname/SNI: www.facebook.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.882 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 156/28 6193/1522 838/170][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 134/1583 685/12506 138/1762][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 3,8,3,1,0,1,2,0,0,0,1,1,2,1,0,0,2,1,1,0,0,0,0,0,2,0,0,0,2,0,0,0,0,0,0,0,0,0,16,0,1,0,1,31,0,0,0,17] + 6 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:54416 <-> [2a00:1450:4007:806::200e]:443 [proto: 91.126/TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][40 pkts/4645 bytes <-> 76 pkts/138349 bytes][Goodput ratio: 26/95][0.52 sec][Hostname/SNI: apis.google.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.935 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/4 79/78 22/12][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 116/1820 603/16998 92/2650][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 2,2,2,1,2,0,1,1,1,0,0,0,1,0,1,0,1,0,1,0,0,0,0,1,0,0,0,1,1,0,0,0,0,2,0,0,0,61,0,0,0,0,0,0,0,0,0,15] + 7 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:51292 <-> [2a03:2880:f030:13:face:b00c::3]:443 [proto: 91.119/TLS.Facebook][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][28 pkts/3763 bytes <-> 43 pkts/69376 bytes][Goodput ratio: 36/95][0.34 sec][Hostname/SNI: connect.facebook.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.897 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/4 78/64 23/13][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 134/1613 603/12506 114/2280][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 2,7,9,2,0,2,0,0,7,0,0,0,2,0,0,0,2,0,2,2,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,37,2,0,0,17] + 8 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:40894 <-> [2a00:1450:4007:816::200d]:443 [proto: 91.126/TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][52 pkts/6440 bytes <-> 74 pkts/54135 bytes][Goodput ratio: 30/88][13.52 sec][Hostname/SNI: accounts.google.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.787 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 337/4 6419/37 1406/9][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 124/732 603/2536 87/652][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 2,15,5,0,6,5,1,4,2,0,1,0,0,4,4,0,1,0,1,1,1,0,1,0,0,1,0,1,1,0,0,1,0,0,0,0,0,31,0,0,0,0,0,0,0,0,0,5] + 9 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:40694 <-> [2a00:1450:4007:816::2004]:443 [proto: 91.126/TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][43 pkts/11445 bytes <-> 64 pkts/36753 bytes][Goodput ratio: 68/85][1.89 sec][Hostname/SNI: www.google.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.525 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 53/28 960/963 172/136][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 266/574 1474/1294 372/530][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 3,17,4,4,0,3,4,1,3,1,4,0,1,1,0,0,1,0,1,0,1,3,0,1,0,1,0,0,0,0,0,0,0,0,1,0,0,35,0,0,0,0,0,4,0,0,0,0] 10 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:43562 <-> [2a00:1450:4007:805::2003]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][17 pkts/1782 bytes <-> 33 pkts/34703 bytes][Goodput ratio: 18/92][0.20 sec][bytes ratio: -0.902 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/6 28/173 8/32][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 105/1052 244/1294 46/464][Plen Bins: 0,6,0,6,3,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,75,0,0,0,0,0,0,0,0,0,0] - 11 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:38546 <-> [2a04:4e42:1d::84]:443 [proto: 91.183/TLS.Pinterest][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][23 pkts/3137 bytes <-> 29 pkts/28329 bytes][Goodput ratio: 37/91][0.38 sec][Hostname/SNI: assets.pinterest.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.801 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/14 111/135 29/35][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 136/977 603/1474 118/629][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: *.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA][Subject: C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com][Certificate SHA-1: 1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E][Chrome][Validity: 2020-07-16 00:00:00 - 2021-08-04 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,3,7,3,3,0,0,3,7,0,0,0,0,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,63,0,0,0,0] - 12 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:45126 <-> [2a00:1450:4007:80a::200e]:443 [proto: 91.126/TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Advertisement/101][26 pkts/3664 bytes <-> 35 pkts/26447 bytes][Goodput ratio: 39/89][0.43 sec][Hostname/SNI: www.google-analytics.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.757 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/6 157/112 39/22][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 141/756 603/1294 126/544][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 2,9,12,0,0,0,2,0,2,0,0,5,2,0,2,0,2,0,2,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,2,2,0,50,0,0,0,0,0,0,0,0,0,0] - 13 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:40114 <-> [64:ff9b::9765:7a6e]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Media/1][22 pkts/2917 bytes <-> 26 pkts/20158 bytes][Goodput ratio: 35/89][0.13 sec][Hostname/SNI: js-agent.newrelic.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.747 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/3 45/37 12/9][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 133/775 603/1134 119/476][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: f4.shared.global.fastly.net,*.500px.com,*.500px.net,*.500px.org,*.acceptance.habitat.sh,*.api.swiftype.com,*.art19.com,*.brave.com,*.chef.co,*.chef.io,*.cookpad.com,*.evbstatic.com,*.eventbrite.com,*.experiencepoint.com,*.fs.pastbook.com,*.fs.quploads.com,*.ftcdn.net,*.fubo.tv,*.getchef.com,*.githash.fubo.tv,*.habitat.sh,*.inspec.io,*.issuu.com,*.isu.pub,*.jimdo-dev-staging.com,*.jimdo-stable-staging.com,*.lulus.com,*.mansion-market.com,*.marfeel.com,*.massrel.io,*.meetu.ps,*.meetup.com,*.meetupstatic.com,*.newrelic.com,*.opscode.com,*.perimeterx.net,*.production.cdn.art19.com,*.staging.art19.com,*.staging.cdn.art19.com,*.swiftype.com,*.tissuu.com,*.video.franklyinc.com,*.wikihow.com,*.worldnow.com,500px.com,500px.net,500px.org,a1.awin1.com,acceptance.habitat.sh,api.swiftype.com,app.birchbox.com,app.staging.birchbox.com,app.staging.birchbox.es,art19.com,brave.com,cdn-f.adsmoloco.com,cdn.evbuc.com,cdn.polyfills.io,chef.co,chef.io,content.gamefuel.info,evbuc.com,experiencepoint.com,fast.appcues.com,fast.wistia.com,fast.wistia.net,fast.wistia.st,fubo.tv,getchef.com,githash.fubo.tv,habitat.sh,hbbtv.6play.fr,houstontexans.com,insight.atpi.com,inspec.io,jimdo-dev-staging.com,jimdo-stable-staging.com,link.sg.booking.com,mansion-market.com,media.bunited.com,meetu.ps,meetup.com,meetupstatic.com,onairhls.malimarcdn.net,opscode.com,perimeterx.net,polyfill.webservices.ft.com,qa.polyfills.io,raiders.com,s.sg.booking.com,s.swiftypecdn.com,static.birchbox.com,swiftype.com,viverepiusani.it,wikihow.com,wistia.com,www.dwin2.com,www.houstontexans.com,www.raiders.com,www.wada-ama.org][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3][Subject: C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=f4.shared.global.fastly.net][Certificate SHA-1: BE:28:82:77:5B:06:41:1F:70:84:BD:A4:B9:FB:F0:BC:B1:B5:E3:A0][Chrome][Validity: 2020-10-23 11:03:25 - 2021-05-07 20:27:49][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,8,8,4,0,0,0,0,8,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,64,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 14 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:47032 <-> [2600:1901::7a0b::]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][20 pkts/3545 bytes <-> 21 pkts/7861 bytes][Goodput ratio: 51/77][0.52 sec][Hostname/SNI: sessions.bugsnag.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.378 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 26/24 224/174 60/46][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 177/374 603/1294 164/464][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 10,15,15,10,5,0,0,0,5,0,0,5,0,0,0,5,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0] - 15 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:47790 <-> [2a00:1450:4007:816::200a]:443 [proto: 91.239/TLS.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][25 pkts/3823 bytes <-> 30 pkts/7281 bytes][Goodput ratio: 44/64][17.42 sec][Hostname/SNI: content-autofill.googleapis.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.311 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 825/437 8675/8670 2387/1742][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 153/243 603/1294 123/316][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 6,32,21,3,10,3,0,0,0,0,0,3,3,0,0,3,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0] - 16 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:33280 <-> [64:ff9b::9765:7854]:443 [proto: 91.183/TLS.Pinterest][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][17 pkts/2513 bytes <-> 16 pkts/7648 bytes][Goodput ratio: 41/82][0.22 sec][Hostname/SNI: accounts.pinterest.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.505 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/11 41/49 14/18][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 148/478 603/1134 135/457][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: *.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA][Subject: C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com][Certificate SHA-1: 1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E][Chrome][Validity: 2020-07-16 00:00:00 - 2021-08-04 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,6,21,6,0,6,0,0,6,6,0,0,0,6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 17 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:38516 <-> [2a04:4e42:1d::84]:443 [proto: 91.183/TLS.Pinterest][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][10 pkts/1313 bytes <-> 8 pkts/6018 bytes][Goodput ratio: 39/88][0.12 sec][Hostname/SNI: s.pinimg.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.642 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/15 38/30 15/13][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 131/752 603/1474 157/668][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: *.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA][Subject: C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com][Certificate SHA-1: 1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E][Chrome][Validity: 2020-07-16 00:00:00 - 2021-08-04 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,60,0,0,0,0] - 18 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:38514 <-> [2a04:4e42:1d::84]:443 [proto: 91.183/TLS.Pinterest][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][9 pkts/1239 bytes <-> 8 pkts/6018 bytes][Goodput ratio: 42/88][0.12 sec][Hostname/SNI: s.pinimg.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.659 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/15 38/48 15/20][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 138/752 603/1474 165/668][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: *.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA][Subject: C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com][Certificate SHA-1: 1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E][Chrome][Validity: 2020-07-16 00:00:00 - 2021-08-04 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,60,0,0,0,0] - 19 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:38518 <-> [2a04:4e42:1d::84]:443 [proto: 91.183/TLS.Pinterest][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][7 pkts/1091 bytes <-> 8 pkts/6018 bytes][Goodput ratio: 47/88][0.12 sec][Hostname/SNI: s.pinimg.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.693 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/10 37/31 16/13][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 156/752 603/1474 183/668][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: *.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA][Subject: C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com][Certificate SHA-1: 1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E][Chrome][Validity: 2020-07-16 00:00:00 - 2021-08-04 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,60,0,0,0,0] - 20 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:38520 <-> [2a04:4e42:1d::84]:443 [proto: 91.183/TLS.Pinterest][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][7 pkts/1091 bytes <-> 8 pkts/6018 bytes][Goodput ratio: 47/88][0.12 sec][Hostname/SNI: s.pinimg.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.693 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/10 38/48 16/19][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 156/752 603/1474 183/668][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: *.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA][Subject: C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com][Certificate SHA-1: 1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E][Chrome][Validity: 2020-07-16 00:00:00 - 2021-08-04 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,60,0,0,0,0] - 21 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:38522 <-> [2a04:4e42:1d::84]:443 [proto: 91.183/TLS.Pinterest][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][7 pkts/1091 bytes <-> 8 pkts/6018 bytes][Goodput ratio: 47/88][0.12 sec][Hostname/SNI: s.pinimg.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.693 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/10 38/48 16/19][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 156/752 603/1474 183/668][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: *.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA][Subject: C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com][Certificate SHA-1: 1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E][Chrome][Validity: 2020-07-16 00:00:00 - 2021-08-04 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,60,0,0,0,0] + 11 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:38546 <-> [2a04:4e42:1d::84]:443 [proto: 91.183/TLS.Pinterest][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][23 pkts/3137 bytes <-> 29 pkts/28329 bytes][Goodput ratio: 37/91][0.38 sec][Hostname/SNI: assets.pinterest.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.801 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/14 111/135 29/35][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 136/977 603/1474 118/629][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: *.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA][Subject: C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com][Certificate SHA-1: 1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E][Chrome][Validity: 2020-07-16 00:00:00 - 2021-08-04 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,3,7,3,3,0,0,3,7,0,0,0,0,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,63,0,0,0,0] + 12 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:45126 <-> [2a00:1450:4007:80a::200e]:443 [proto: 91.126/TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Advertisement/101][26 pkts/3664 bytes <-> 35 pkts/26447 bytes][Goodput ratio: 39/89][0.43 sec][Hostname/SNI: www.google-analytics.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.757 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/6 157/112 39/22][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 141/756 603/1294 126/544][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 2,9,12,0,0,0,2,0,2,0,0,5,2,0,2,0,2,0,2,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,2,2,0,50,0,0,0,0,0,0,0,0,0,0] + 13 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:40114 <-> [64:ff9b::9765:7a6e]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Media/1][22 pkts/2917 bytes <-> 26 pkts/20158 bytes][Goodput ratio: 35/89][0.13 sec][Hostname/SNI: js-agent.newrelic.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.747 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/3 45/37 12/9][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 133/775 603/1134 119/476][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: f4.shared.global.fastly.net,*.500px.com,*.500px.net,*.500px.org,*.acceptance.habitat.sh,*.api.swiftype.com,*.art19.com,*.brave.com,*.chef.co,*.chef.io,*.cookpad.com,*.evbstatic.com,*.eventbrite.com,*.experiencepoint.com,*.fs.pastbook.com,*.fs.quploads.com,*.ftcdn.net,*.fubo.tv,*.getchef.com,*.githash.fubo.tv,*.habitat.sh,*.inspec.io,*.issuu.com,*.isu.pub,*.jimdo-dev-staging.com,*.jimdo-stable-staging.com,*.lulus.com,*.mansion-market.com,*.marfeel.com,*.massrel.io,*.meetu.ps,*.meetup.com,*.meetupstatic.com,*.newrelic.com,*.opscode.com,*.perimeterx.net,*.production.cdn.art19.com,*.staging.art19.com,*.staging.cdn.art19.com,*.swiftype.com,*.tissuu.com,*.video.franklyinc.com,*.wikihow.com,*.worldnow.com,500px.com,500px.net,500px.org,a1.awin1.com,acceptance.habitat.sh,api.swiftype.com,app.birchbox.com,app.staging.birchbox.com,app.staging.birchbox.es,art19.com,brave.com,cdn-f.adsmoloco.com,cdn.evbuc.com,cdn.polyfills.io,chef.co,chef.io,content.gamefuel.info,evbuc.com,experiencepoint.com,fast.appcues.com,fast.wistia.com,fast.wistia.net,fast.wistia.st,fubo.tv,getchef.com,githash.fubo.tv,habitat.sh,hbbtv.6play.fr,houstontexans.com,insight.atpi.com,inspec.io,jimdo-dev-staging.com,jimdo-stable-staging.com,link.sg.booking.com,mansion-market.com,media.bunited.com,meetu.ps,meetup.com,meetupstatic.com,onairhls.malimarcdn.net,opscode.com,perimeterx.net,polyfill.webservices.ft.com,qa.polyfills.io,raiders.com,s.sg.booking.com,s.swiftypecdn.com,static.birchbox.com,swiftype.com,viverepiusani.it,wikihow.com,wistia.com,www.dwin2.com,www.houstontexans.com,www.raiders.com,www.wada-ama.org][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3][Subject: C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=f4.shared.global.fastly.net][Certificate SHA-1: BE:28:82:77:5B:06:41:1F:70:84:BD:A4:B9:FB:F0:BC:B1:B5:E3:A0][Chrome][Validity: 2020-10-23 11:03:25 - 2021-05-07 20:27:49][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,8,8,4,0,0,0,0,8,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,64,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 14 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:47032 <-> [2600:1901::7a0b::]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][20 pkts/3545 bytes <-> 21 pkts/7861 bytes][Goodput ratio: 51/77][0.52 sec][Hostname/SNI: sessions.bugsnag.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.378 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 26/24 224/174 60/46][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 177/374 603/1294 164/464][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 10,15,15,10,5,0,0,0,5,0,0,5,0,0,0,5,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0] + 15 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:47790 <-> [2a00:1450:4007:816::200a]:443 [proto: 91.239/TLS.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][25 pkts/3823 bytes <-> 30 pkts/7281 bytes][Goodput ratio: 44/64][17.42 sec][Hostname/SNI: content-autofill.googleapis.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.311 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 825/437 8675/8670 2387/1742][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 153/243 603/1294 123/316][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 6,32,21,3,10,3,0,0,0,0,0,3,3,0,0,3,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0] + 16 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:33280 <-> [64:ff9b::9765:7854]:443 [proto: 91.183/TLS.Pinterest][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][17 pkts/2513 bytes <-> 16 pkts/7648 bytes][Goodput ratio: 41/82][0.22 sec][Hostname/SNI: accounts.pinterest.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.505 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/11 41/49 14/18][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 148/478 603/1134 135/457][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: *.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA][Subject: C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com][Certificate SHA-1: 1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E][Chrome][Validity: 2020-07-16 00:00:00 - 2021-08-04 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,6,21,6,0,6,0,0,6,6,0,0,0,6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 17 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:38516 <-> [2a04:4e42:1d::84]:443 [proto: 91.183/TLS.Pinterest][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][10 pkts/1313 bytes <-> 8 pkts/6018 bytes][Goodput ratio: 39/88][0.12 sec][Hostname/SNI: s.pinimg.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.642 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/15 38/30 15/13][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 131/752 603/1474 157/668][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: *.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA][Subject: C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com][Certificate SHA-1: 1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E][Chrome][Validity: 2020-07-16 00:00:00 - 2021-08-04 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,60,0,0,0,0] + 18 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:38514 <-> [2a04:4e42:1d::84]:443 [proto: 91.183/TLS.Pinterest][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][9 pkts/1239 bytes <-> 8 pkts/6018 bytes][Goodput ratio: 42/88][0.12 sec][Hostname/SNI: s.pinimg.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.659 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/15 38/48 15/20][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 138/752 603/1474 165/668][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: *.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA][Subject: C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com][Certificate SHA-1: 1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E][Chrome][Validity: 2020-07-16 00:00:00 - 2021-08-04 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,60,0,0,0,0] + 19 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:38518 <-> [2a04:4e42:1d::84]:443 [proto: 91.183/TLS.Pinterest][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][7 pkts/1091 bytes <-> 8 pkts/6018 bytes][Goodput ratio: 47/88][0.12 sec][Hostname/SNI: s.pinimg.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.693 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/10 37/31 16/13][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 156/752 603/1474 183/668][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: *.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA][Subject: C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com][Certificate SHA-1: 1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E][Chrome][Validity: 2020-07-16 00:00:00 - 2021-08-04 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,60,0,0,0,0] + 20 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:38520 <-> [2a04:4e42:1d::84]:443 [proto: 91.183/TLS.Pinterest][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][7 pkts/1091 bytes <-> 8 pkts/6018 bytes][Goodput ratio: 47/88][0.12 sec][Hostname/SNI: s.pinimg.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.693 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/10 38/48 16/19][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 156/752 603/1474 183/668][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: *.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA][Subject: C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com][Certificate SHA-1: 1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E][Chrome][Validity: 2020-07-16 00:00:00 - 2021-08-04 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,60,0,0,0,0] + 21 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:38522 <-> [2a04:4e42:1d::84]:443 [proto: 91.183/TLS.Pinterest][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][7 pkts/1091 bytes <-> 8 pkts/6018 bytes][Goodput ratio: 47/88][0.12 sec][Hostname/SNI: s.pinimg.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.693 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/10 38/48 16/19][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 156/752 603/1474 183/668][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: *.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA][Subject: C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com][Certificate SHA-1: 1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E][Chrome][Validity: 2020-07-16 00:00:00 - 2021-08-04 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,60,0,0,0,0] 22 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:33156 <-> [64:ff9b::9765:7854]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.03 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 23 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:33164 <-> [64:ff9b::9765:7854]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.26 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 24 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:34626 <-> [64:ff9b::acd9:13e2]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.04 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/pluralsight.pcap.out b/tests/result/pluralsight.pcap.out index 3a2b2b09f..d13a7bf25 100644 --- a/tests/result/pluralsight.pcap.out +++ b/tests/result/pluralsight.pcap.out @@ -14,7 +14,7 @@ Automa host: 6/6 (search/found) Automa domain: 6/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) -Automa common alpns: 8/8 (search/found) +Automa common alpns: 12/12 (search/found) Patricia risk mask: 12/0 (search/found) Patricia risk: 0/0 (search/found) Patricia protocols: 8/4 (search/found) @@ -26,9 +26,9 @@ JA3 Host Stats: 1 192.168.1.128 1 - 1 TCP 192.168.1.128:42642 <-> 54.69.188.18:443 [proto: 91.61/TLS.Pluralsight][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Streaming/17][3 pkts/849 bytes <-> 6 pkts/6252 bytes][Goodput ratio: 76/94][0.57 sec][Hostname/SNI: pluralsight.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.761 (Download)][IAT c2s/s2c min/avg/max/stddev: 188/0 191/76 194/194 3/93][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 283/1042 583/1514 218/605][TLSv1.2][JA3C: cd08e31494f9531f560d64c695473da9][ServerNames: *.pluralsight.com,pluralsight.com][JA3S: 8d2a028aa94425f76ced7826b1f39039][Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2][Subject: OU=Domain Control Validated, CN=*.pluralsight.com][Certificate SHA-1: 31:0B:3D:03:7A:6A:F8:86:8F:CE:62:30:E9:A2:F1:47:E5:6C:3D:F7][Chrome][Validity: 2020-05-02 16:02:08 - 2022-07-01 23:42:28][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,14,0,0,0,0,14,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,42,0,0] - 2 TCP 192.168.1.128:42782 <-> 146.75.62.208:443 [proto: 91.61/TLS.Pluralsight][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Streaming/17][3 pkts/816 bytes <-> 6 pkts/5407 bytes][Goodput ratio: 75/93][0.05 sec][Hostname/SNI: pluralsight2.imgix.net][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.738 (Download)][IAT c2s/s2c min/avg/max/stddev: 15/0 17/7 19/19 2/9][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 272/901 583/1406 223/547][TLSv1.2][JA3C: cd08e31494f9531f560d64c695473da9][ServerNames: *.imgix.com,*.imgix.net,imgix.com,imgix.net][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2020][Subject: CN=*.imgix.com][Certificate SHA-1: C6:A8:D1:F3:16:08:C6:7F:9F:58:B9:3B:87:A6:A1:75:BC:67:F8:8D][Chrome][Validity: 2021-05-10 23:09:57 - 2022-06-11 23:09:56][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,14,0,0,0,0,0,14,0,0,0,0,0,0,0,14,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,42,0,0,0,0,0,0] - 3 TCP 192.168.1.128:42790 <-> 146.75.62.208:443 [proto: 91.61/TLS.Pluralsight][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Streaming/17][3 pkts/816 bytes <-> 6 pkts/5407 bytes][Goodput ratio: 75/93][0.06 sec][Hostname/SNI: pluralsight.imgix.net][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.738 (Download)][IAT c2s/s2c min/avg/max/stddev: 18/0 23/8 28/22 5/10][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 272/901 583/1406 223/547][TLSv1.2][JA3C: cd08e31494f9531f560d64c695473da9][ServerNames: *.imgix.com,*.imgix.net,imgix.com,imgix.net][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2020][Subject: CN=*.imgix.com][Certificate SHA-1: C6:A8:D1:F3:16:08:C6:7F:9F:58:B9:3B:87:A6:A1:75:BC:67:F8:8D][Chrome][Validity: 2021-05-10 23:09:57 - 2022-06-11 23:09:56][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,14,0,0,0,0,0,14,0,0,0,0,0,0,0,14,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,42,0,0,0,0,0,0] - 4 TCP 192.168.1.128:42618 <-> 18.203.201.56:443 [proto: 91.61/TLS.Pluralsight][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Streaming/17][3 pkts/849 bytes <-> 6 pkts/4806 bytes][Goodput ratio: 76/92][0.13 sec][Hostname/SNI: stt.pluralsight.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.700 (Download)][IAT c2s/s2c min/avg/max/stddev: 41/0 44/17 46/45 2/20][Pkt Len c2s/s2c min/avg/max/stddev: 74/73 283/801 583/1514 218/713][TLSv1.2][JA3C: cd08e31494f9531f560d64c695473da9][ServerNames: stt.pluralsight.com][JA3S: c4b2785a87896e19d37eee932070cb22][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=US, ST=California, L=San Jose, O=Adobe Systems Incorporated, CN=stt.pluralsight.com][Certificate SHA-1: C5:A3:DE:6D:71:B1:15:77:EC:86:38:E6:30:1C:F5:AC:18:9D:BE:82][Chrome][Validity: 2021-10-01 00:00:00 - 2022-10-01 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 14,14,0,14,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,42,0,0] - 5 TCP 192.168.1.128:44770 <-> 104.17.209.240:443 [proto: 91.61/TLS.Pluralsight][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: Streaming/17][2 pkts/645 bytes <-> 2 pkts/1580 bytes][Goodput ratio: 80/92][0.04 sec][Hostname/SNI: zn6qzq6caaucudesr-pluralsight.siteintercept.qualtrics.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][TLSv1.3][JA3C: cd08e31494f9531f560d64c695473da9][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] - 6 TCP 192.168.1.128:48948 <-> 104.19.162.127:443 [proto: 91.61/TLS.Pluralsight][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: Streaming/17][2 pkts/645 bytes <-> 2 pkts/1580 bytes][Goodput ratio: 80/92][0.05 sec][Hostname/SNI: www.pluralsight.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][TLSv1.3][JA3C: cd08e31494f9531f560d64c695473da9][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] + 1 TCP 192.168.1.128:42642 <-> 54.69.188.18:443 [proto: 91.61/TLS.Pluralsight][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Streaming/17][3 pkts/849 bytes <-> 6 pkts/6252 bytes][Goodput ratio: 76/94][0.57 sec][Hostname/SNI: pluralsight.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.761 (Download)][IAT c2s/s2c min/avg/max/stddev: 188/0 191/76 194/194 3/93][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 283/1042 583/1514 218/605][TLSv1.2][JA3C: cd08e31494f9531f560d64c695473da9][ServerNames: *.pluralsight.com,pluralsight.com][JA3S: 8d2a028aa94425f76ced7826b1f39039][Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2][Subject: OU=Domain Control Validated, CN=*.pluralsight.com][Certificate SHA-1: 31:0B:3D:03:7A:6A:F8:86:8F:CE:62:30:E9:A2:F1:47:E5:6C:3D:F7][Chrome][Validity: 2020-05-02 16:02:08 - 2022-07-01 23:42:28][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,14,0,0,0,0,14,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,42,0,0] + 2 TCP 192.168.1.128:42782 <-> 146.75.62.208:443 [proto: 91.61/TLS.Pluralsight][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Streaming/17][3 pkts/816 bytes <-> 6 pkts/5407 bytes][Goodput ratio: 75/93][0.05 sec][Hostname/SNI: pluralsight2.imgix.net][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.738 (Download)][IAT c2s/s2c min/avg/max/stddev: 15/0 17/7 19/19 2/9][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 272/901 583/1406 223/547][TLSv1.2][JA3C: cd08e31494f9531f560d64c695473da9][ServerNames: *.imgix.com,*.imgix.net,imgix.com,imgix.net][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2020][Subject: CN=*.imgix.com][Certificate SHA-1: C6:A8:D1:F3:16:08:C6:7F:9F:58:B9:3B:87:A6:A1:75:BC:67:F8:8D][Chrome][Validity: 2021-05-10 23:09:57 - 2022-06-11 23:09:56][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,14,0,0,0,0,0,14,0,0,0,0,0,0,0,14,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,42,0,0,0,0,0,0] + 3 TCP 192.168.1.128:42790 <-> 146.75.62.208:443 [proto: 91.61/TLS.Pluralsight][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Streaming/17][3 pkts/816 bytes <-> 6 pkts/5407 bytes][Goodput ratio: 75/93][0.06 sec][Hostname/SNI: pluralsight.imgix.net][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.738 (Download)][IAT c2s/s2c min/avg/max/stddev: 18/0 23/8 28/22 5/10][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 272/901 583/1406 223/547][TLSv1.2][JA3C: cd08e31494f9531f560d64c695473da9][ServerNames: *.imgix.com,*.imgix.net,imgix.com,imgix.net][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2020][Subject: CN=*.imgix.com][Certificate SHA-1: C6:A8:D1:F3:16:08:C6:7F:9F:58:B9:3B:87:A6:A1:75:BC:67:F8:8D][Chrome][Validity: 2021-05-10 23:09:57 - 2022-06-11 23:09:56][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,14,0,0,0,0,0,14,0,0,0,0,0,0,0,14,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,42,0,0,0,0,0,0] + 4 TCP 192.168.1.128:42618 <-> 18.203.201.56:443 [proto: 91.61/TLS.Pluralsight][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Streaming/17][3 pkts/849 bytes <-> 6 pkts/4806 bytes][Goodput ratio: 76/92][0.13 sec][Hostname/SNI: stt.pluralsight.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.700 (Download)][IAT c2s/s2c min/avg/max/stddev: 41/0 44/17 46/45 2/20][Pkt Len c2s/s2c min/avg/max/stddev: 74/73 283/801 583/1514 218/713][TLSv1.2][JA3C: cd08e31494f9531f560d64c695473da9][ServerNames: stt.pluralsight.com][JA3S: c4b2785a87896e19d37eee932070cb22][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=US, ST=California, L=San Jose, O=Adobe Systems Incorporated, CN=stt.pluralsight.com][Certificate SHA-1: C5:A3:DE:6D:71:B1:15:77:EC:86:38:E6:30:1C:F5:AC:18:9D:BE:82][Chrome][Validity: 2021-10-01 00:00:00 - 2022-10-01 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 14,14,0,14,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,42,0,0] + 5 TCP 192.168.1.128:44770 <-> 104.17.209.240:443 [proto: 91.61/TLS.Pluralsight][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: Streaming/17][2 pkts/645 bytes <-> 2 pkts/1580 bytes][Goodput ratio: 80/92][0.04 sec][Hostname/SNI: zn6qzq6caaucudesr-pluralsight.siteintercept.qualtrics.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][TLSv1.3][JA3C: cd08e31494f9531f560d64c695473da9][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] + 6 TCP 192.168.1.128:48948 <-> 104.19.162.127:443 [proto: 91.61/TLS.Pluralsight][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: Streaming/17][2 pkts/645 bytes <-> 2 pkts/1580 bytes][Goodput ratio: 80/92][0.05 sec][Hostname/SNI: www.pluralsight.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][TLSv1.3][JA3C: cd08e31494f9531f560d64c695473da9][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] diff --git a/tests/result/psiphon3.pcap.out b/tests/result/psiphon3.pcap.out index b0e81942b..996f0d6b6 100644 --- a/tests/result/psiphon3.pcap.out +++ b/tests/result/psiphon3.pcap.out @@ -26,4 +26,4 @@ JA3 Host Stats: 1 192.168.0.103 1 - 1 TCP 192.168.0.103:40557 <-> 104.18.151.190:443 [proto: 91.303/TLS.Psiphon][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: VPN/2][32 pkts/5020 bytes <-> 30 pkts/6798 bytes][Goodput ratio: 74/82][0.72 sec][ALPN: h2;http/1.1][bytes ratio: -0.150 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 24/4 501/41 98/9][Pkt Len c2s/s2c min/avg/max/stddev: 40/40 157/227 1048/1500 249/417][Risk: ** Missing SNI TLS Extn **][Risk Score: 50][TLSv1.2][JA3C: 2d703033628575a99d44820c43b84876][ServerNames: sni.cloudflaressl.com,psiphon3.net,*.psiphon3.net][JA3S: eca9b8f0f3eae50309eaf901cb822d9b][Issuer: C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3][Subject: C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com][Certificate SHA-1: 49:30:DE:8F:B7:AF:C3:76:40:09:44:15:B4:6B:D9:8F:BE:0C:6B:0C][Firefox][Validity: 2020-08-09 00:00:00 - 2021-08-09 12:00:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 7,24,24,0,0,7,0,0,7,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0] + 1 TCP 192.168.0.103:40557 <-> 104.18.151.190:443 [proto: 91.303/TLS.Psiphon][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: VPN/2][32 pkts/5020 bytes <-> 30 pkts/6798 bytes][Goodput ratio: 74/82][0.72 sec][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.150 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 24/4 501/41 98/9][Pkt Len c2s/s2c min/avg/max/stddev: 40/40 157/227 1048/1500 249/417][Risk: ** Missing SNI TLS Extn **][Risk Score: 50][TLSv1.2][JA3C: 2d703033628575a99d44820c43b84876][ServerNames: sni.cloudflaressl.com,psiphon3.net,*.psiphon3.net][JA3S: eca9b8f0f3eae50309eaf901cb822d9b][Issuer: C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3][Subject: C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com][Certificate SHA-1: 49:30:DE:8F:B7:AF:C3:76:40:09:44:15:B4:6B:D9:8F:BE:0C:6B:0C][Firefox][Validity: 2020-08-09 00:00:00 - 2021-08-09 12:00:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 7,24,24,0,0,7,0,0,7,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0] diff --git a/tests/result/quic-23.pcap.out b/tests/result/quic-23.pcap.out index 19b47ee1b..138a8afea 100644 --- a/tests/result/quic-23.pcap.out +++ b/tests/result/quic-23.pcap.out @@ -14,7 +14,7 @@ Automa host: 1/0 (search/found) Automa domain: 1/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) -Automa common alpns: 0/0 (search/found) +Automa common alpns: 1/1 (search/found) Patricia risk mask: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia protocols: 0/0 (search/found) @@ -26,4 +26,4 @@ JA3 Host Stats: 1 2e4a:774d:26fd:7f9b:785b:2d1b:4f8a:63c7 1 - 1 UDP [2e4a:774d:26fd:7f9b:785b:2d1b:4f8a:63c7]:50339 <-> [3bcc:9991:faba:bae1:cd2a:e2fd:b3be:c5ab]:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][10 pkts/2613 bytes <-> 10 pkts/4578 bytes][Goodput ratio: 76/86][0.11 sec][Hostname/SNI: quic.aiortc.org][ALPN: h3-22][TLS Supported Versions: TLSv1.3][bytes ratio: -0.273 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/8 38/34 12/15][Pkt Len c2s/s2c min/avg/max/stddev: 92/94 261/458 1342/1342 373/458][TLSv1.3][JA3C: d9e7bdb15af8e499820ca74a68affd78][Plen Bins: 5,35,15,10,5,0,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,5,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0] + 1 UDP [2e4a:774d:26fd:7f9b:785b:2d1b:4f8a:63c7]:50339 <-> [3bcc:9991:faba:bae1:cd2a:e2fd:b3be:c5ab]:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][10 pkts/2613 bytes <-> 10 pkts/4578 bytes][Goodput ratio: 76/86][0.11 sec][Hostname/SNI: quic.aiortc.org][(Advertised) ALPNs: h3-22][TLS Supported Versions: TLSv1.3][bytes ratio: -0.273 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/8 38/34 12/15][Pkt Len c2s/s2c min/avg/max/stddev: 92/94 261/458 1342/1342 373/458][TLSv1.3][JA3C: d9e7bdb15af8e499820ca74a68affd78][Plen Bins: 5,35,15,10,5,0,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,5,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0] diff --git a/tests/result/quic-24.pcap.out b/tests/result/quic-24.pcap.out index 62b0d0e76..ad1487597 100644 --- a/tests/result/quic-24.pcap.out +++ b/tests/result/quic-24.pcap.out @@ -14,7 +14,7 @@ Automa host: 1/0 (search/found) Automa domain: 1/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) -Automa common alpns: 0/0 (search/found) +Automa common alpns: 1/1 (search/found) Patricia risk mask: 2/0 (search/found) Patricia risk: 0/0 (search/found) Patricia protocols: 2/0 (search/found) @@ -26,4 +26,4 @@ JA3 Host Stats: 1 10.9.0.1 1 - 1 UDP 10.9.0.1:41436 <-> 10.9.0.2:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][7 pkts/4672 bytes <-> 8 pkts/3328 bytes][Goodput ratio: 94/90][30.04 sec][Hostname/SNI: localhost][ALPN: h3-24][TLS Supported Versions: TLSv1.3][bytes ratio: 0.168 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 6006/4 30007/12 12000/4][Pkt Len c2s/s2c min/avg/max/stddev: 82/81 667/416 1294/1294 562/406][TLSv1.3][JA3C: b3e43d74f4b790abca2f5fe7dd06e7cf][Firefox][PLAIN TEXT (Udwn.wf)][Plen Bins: 0,34,0,6,6,0,0,0,6,0,6,0,0,0,0,6,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,27,0,0,0,0,0,0,0,0] + 1 UDP 10.9.0.1:41436 <-> 10.9.0.2:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][7 pkts/4672 bytes <-> 8 pkts/3328 bytes][Goodput ratio: 94/90][30.04 sec][Hostname/SNI: localhost][(Advertised) ALPNs: h3-24][TLS Supported Versions: TLSv1.3][bytes ratio: 0.168 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 6006/4 30007/12 12000/4][Pkt Len c2s/s2c min/avg/max/stddev: 82/81 667/416 1294/1294 562/406][TLSv1.3][JA3C: b3e43d74f4b790abca2f5fe7dd06e7cf][Firefox][PLAIN TEXT (Udwn.wf)][Plen Bins: 0,34,0,6,6,0,0,0,6,0,6,0,0,0,0,6,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,27,0,0,0,0,0,0,0,0] diff --git a/tests/result/quic-27.pcap.out b/tests/result/quic-27.pcap.out index 3ec6bf8c3..0329554f0 100644 --- a/tests/result/quic-27.pcap.out +++ b/tests/result/quic-27.pcap.out @@ -14,7 +14,7 @@ Automa host: 1/1 (search/found) Automa domain: 1/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) -Automa common alpns: 0/0 (search/found) +Automa common alpns: 1/1 (search/found) Patricia risk mask: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia protocols: 0/0 (search/found) @@ -26,4 +26,4 @@ JA3 Host Stats: 1 3ef4:2194:f4a6:3503:40cd:714:57:c4e4 1 - 1 UDP [3ef4:2194:f4a6:3503:40cd:714:57:c4e4]:64229 <-> [2f3d:64d1:9d59:549b::200e]:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][9 pkts/6081 bytes <-> 11 pkts/6806 bytes][Goodput ratio: 91/90][8.46 sec][Hostname/SNI: play.google.com][ALPN: h3-27][TLS Supported Versions: TLSv1.3][bytes ratio: -0.056 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 10/0 1198/938 8168/8161 2846/2554][Pkt Len c2s/s2c min/avg/max/stddev: 95/87 676/619 1392/1392 622/598][User-Agent: beta Chrome/84.0.4147.45 Windows NT 10.0; Win64; x64][TLSv1.3][JA3C: 1e022f87823477abd6a79c31d70062d7][Plen Bins: 20,30,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,5,0,30,0,0,0,0,0,0] + 1 UDP [3ef4:2194:f4a6:3503:40cd:714:57:c4e4]:64229 <-> [2f3d:64d1:9d59:549b::200e]:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][9 pkts/6081 bytes <-> 11 pkts/6806 bytes][Goodput ratio: 91/90][8.46 sec][Hostname/SNI: play.google.com][(Advertised) ALPNs: h3-27][TLS Supported Versions: TLSv1.3][bytes ratio: -0.056 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 10/0 1198/938 8168/8161 2846/2554][Pkt Len c2s/s2c min/avg/max/stddev: 95/87 676/619 1392/1392 622/598][User-Agent: beta Chrome/84.0.4147.45 Windows NT 10.0; Win64; x64][TLSv1.3][JA3C: 1e022f87823477abd6a79c31d70062d7][Plen Bins: 20,30,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,5,0,30,0,0,0,0,0,0] diff --git a/tests/result/quic-28.pcap.out b/tests/result/quic-28.pcap.out index a33468182..30ff903c7 100644 --- a/tests/result/quic-28.pcap.out +++ b/tests/result/quic-28.pcap.out @@ -14,7 +14,7 @@ Automa host: 1/0 (search/found) Automa domain: 1/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) -Automa common alpns: 0/0 (search/found) +Automa common alpns: 2/2 (search/found) Patricia risk mask: 2/0 (search/found) Patricia risk: 0/0 (search/found) Patricia protocols: 1/1 (search/found) @@ -26,4 +26,4 @@ JA3 Host Stats: 1 10.9.0.2 1 - 1 UDP 10.9.0.2:60106 <-> 104.26.11.240:443 [proto: 188/QUIC][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: Web/5][34 pkts/6856 bytes <-> 219 pkts/239937 bytes][Goodput ratio: 79/96][2.76 sec][Hostname/SNI: www.wireshark.org][ALPN: h3-28;h3-27][TLS Supported Versions: TLSv1.3][bytes ratio: -0.944 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 77/14 1007/1023 229/91][Pkt Len c2s/s2c min/avg/max/stddev: 85/84 202/1096 1242/1242 325/364][TLSv1.3][JA3C: 1e022f87823477abd6a79c31d70062d7][PLAIN TEXT (tGLddu)][Plen Bins: 0,16,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,80,0,0,0,0,0,0,0,0,0,0] + 1 UDP 10.9.0.2:60106 <-> 104.26.11.240:443 [proto: 188/QUIC][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: Web/5][34 pkts/6856 bytes <-> 219 pkts/239937 bytes][Goodput ratio: 79/96][2.76 sec][Hostname/SNI: www.wireshark.org][(Advertised) ALPNs: h3-28;h3-27][TLS Supported Versions: TLSv1.3][bytes ratio: -0.944 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 77/14 1007/1023 229/91][Pkt Len c2s/s2c min/avg/max/stddev: 85/84 202/1096 1242/1242 325/364][TLSv1.3][JA3C: 1e022f87823477abd6a79c31d70062d7][PLAIN TEXT (tGLddu)][Plen Bins: 0,16,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,80,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/quic-29.pcap.out b/tests/result/quic-29.pcap.out index a568b49b8..6bde31ab5 100644 --- a/tests/result/quic-29.pcap.out +++ b/tests/result/quic-29.pcap.out @@ -14,7 +14,7 @@ Automa host: 1/0 (search/found) Automa domain: 1/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) -Automa common alpns: 0/0 (search/found) +Automa common alpns: 1/1 (search/found) Patricia risk mask: 2/0 (search/found) Patricia risk: 0/0 (search/found) Patricia protocols: 2/0 (search/found) @@ -26,4 +26,4 @@ JA3 Host Stats: 1 10.9.0.1 1 - 1 UDP 10.9.0.1:36588 <-> 10.9.0.2:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][6 pkts/4555 bytes <-> 9 pkts/4831 bytes][Goodput ratio: 94/92][0.04 sec][Hostname/SNI: localhost][ALPN: h3-29][TLS Supported Versions: TLSv1.3][bytes ratio: -0.029 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 6/3 18/8 7/3][Pkt Len c2s/s2c min/avg/max/stddev: 84/81 759/537 1294/1294 552/493][TLSv1.3][JA3C: b3e43d74f4b790abca2f5fe7dd06e7cf][Firefox][PLAIN TEXT (SYmlKmO)][Plen Bins: 0,27,0,13,0,0,0,0,6,0,6,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,34,0,0,0,0,0,0,0,0] + 1 UDP 10.9.0.1:36588 <-> 10.9.0.2:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][6 pkts/4555 bytes <-> 9 pkts/4831 bytes][Goodput ratio: 94/92][0.04 sec][Hostname/SNI: localhost][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][bytes ratio: -0.029 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 6/3 18/8 7/3][Pkt Len c2s/s2c min/avg/max/stddev: 84/81 759/537 1294/1294 552/493][TLSv1.3][JA3C: b3e43d74f4b790abca2f5fe7dd06e7cf][Firefox][PLAIN TEXT (SYmlKmO)][Plen Bins: 0,27,0,13,0,0,0,0,6,0,6,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,34,0,0,0,0,0,0,0,0] diff --git a/tests/result/quic-33.pcapng.out b/tests/result/quic-33.pcapng.out index 35fa63fc8..3a9303fbc 100644 --- a/tests/result/quic-33.pcapng.out +++ b/tests/result/quic-33.pcapng.out @@ -14,7 +14,7 @@ Automa host: 0/0 (search/found) Automa domain: 0/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) -Automa common alpns: 0/0 (search/found) +Automa common alpns: 8/8 (search/found) Patricia risk mask: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia protocols: 0/0 (search/found) @@ -26,4 +26,4 @@ JA3 Host Stats: 1 ::1 1 - 1 UDP [::1]:51430 <-> [::1]:4443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][99 pkts/14736 bytes <-> 893 pkts/1325986 bytes][Goodput ratio: 58/96][0.01 sec][ALPN: h3-33;hq-33;h3-32;hq-32;h3-31;hq-31;h3-29;hq-29][TLS Supported Versions: TLSv1.3;TLSv1.3 (draft);TLSv1.3 (draft);TLSv1.3 (draft)][bytes ratio: -0.978 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 3/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 106/93 149/1485 1502/1502 183/146][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **][Risk Score: 100][Risk Info: No server to client traffic][TLSv1.3][JA3C: 0299b052ace53a14c3a04aceb5efd247][PLAIN TEXT (NLZzZw)][Plen Bins: 0,26,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,72,0,0] + 1 UDP [::1]:51430 <-> [::1]:4443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][99 pkts/14736 bytes <-> 893 pkts/1325986 bytes][Goodput ratio: 58/96][0.01 sec][(Advertised) ALPNs: h3-33;hq-33;h3-32;hq-32;h3-31;hq-31;h3-29;hq-29][TLS Supported Versions: TLSv1.3;TLSv1.3 (draft);TLSv1.3 (draft);TLSv1.3 (draft)][bytes ratio: -0.978 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 3/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 106/93 149/1485 1502/1502 183/146][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **][Risk Score: 100][Risk Info: No server to client traffic][TLSv1.3][JA3C: 0299b052ace53a14c3a04aceb5efd247][PLAIN TEXT (NLZzZw)][Plen Bins: 0,26,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,72,0,0] diff --git a/tests/result/quic-34.pcap.out b/tests/result/quic-34.pcap.out index effbb90d1..dc75ad96d 100644 --- a/tests/result/quic-34.pcap.out +++ b/tests/result/quic-34.pcap.out @@ -14,7 +14,7 @@ Automa host: 0/0 (search/found) Automa domain: 0/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) -Automa common alpns: 0/0 (search/found) +Automa common alpns: 18/18 (search/found) Patricia risk mask: 2/0 (search/found) Patricia risk: 0/0 (search/found) Patricia protocols: 2/0 (search/found) @@ -26,4 +26,4 @@ JA3 Host Stats: 1 192.168.56.1 1 - 1 UDP 192.168.56.1:55880 <-> 192.168.56.198:4443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes <-> 3 pkts/3542 bytes][Goodput ratio: 97/96][0.00 sec][ALPN: h3-34;hq-34;h3-33;hq-33;h3-32;hq-32;h3-31;hq-31;h3-29;hq-29;h3-30;hq-30;h3-28;hq-28;h3-27;hq-27;h3;hq-interop][TLS Supported Versions: TLSv1.3;TLSv1.3 (draft);TLSv1.3 (draft);TLSv1.3 (draft)][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **][Risk Score: 100][Risk Info: No server to client traffic][TLSv1.3][JA3C: 0299b052ace53a14c3a04aceb5efd247][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,25,0,0] + 1 UDP 192.168.56.1:55880 <-> 192.168.56.198:4443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes <-> 3 pkts/3542 bytes][Goodput ratio: 97/96][0.00 sec][(Advertised) ALPNs: h3-34;hq-34;h3-33;hq-33;h3-32;hq-32;h3-31;hq-31;h3-29;hq-29;h3-30;hq-30;h3-28;hq-28;h3-27;hq-27;h3;hq-interop][TLS Supported Versions: TLSv1.3;TLSv1.3 (draft);TLSv1.3 (draft);TLSv1.3 (draft)][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **][Risk Score: 100][Risk Info: No server to client traffic][TLSv1.3][JA3C: 0299b052ace53a14c3a04aceb5efd247][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,25,0,0] diff --git a/tests/result/quic-mvfst-22.pcap.out b/tests/result/quic-mvfst-22.pcap.out index 4244bec3a..391b58bc6 100644 --- a/tests/result/quic-mvfst-22.pcap.out +++ b/tests/result/quic-mvfst-22.pcap.out @@ -14,7 +14,7 @@ Automa host: 1/1 (search/found) Automa domain: 1/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) -Automa common alpns: 0/0 (search/found) +Automa common alpns: 2/2 (search/found) Patricia risk mask: 2/0 (search/found) Patricia risk: 0/0 (search/found) Patricia protocols: 1/1 (search/found) @@ -26,4 +26,4 @@ JA3 Host Stats: 1 10.0.2.15 1 - 1 UDP 10.0.2.15:35601 <-> 31.13.86.8:443 [proto: 188.119/QUIC.Facebook][IP: 119/Facebook][Encrypted][Confidence: DPI][cat: SocialNetwork/6][188 pkts/80544 bytes <-> 302 pkts/207759 bytes][Goodput ratio: 90/94][115.21 sec][Hostname/SNI: graph.facebook.com][ALPN: h3-fb-05;h1q-fb][TLS Supported Versions: TLSv1.3;TLSv1.3 (draft)][bytes ratio: -0.441 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 276/385 10173/64999 1046/4119][Pkt Len c2s/s2c min/avg/max/stddev: 73/66 428/688 1274/1294 478/546][TLSv1.3][JA3C: a3795d067fbf6f44c8657f9e9cbae493][PLAIN TEXT (rPnDAD)][Plen Bins: 21,26,1,0,0,0,0,0,0,2,0,2,3,1,3,1,0,1,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,32,0,0,0,0,0,0,0,0] + 1 UDP 10.0.2.15:35601 <-> 31.13.86.8:443 [proto: 188.119/QUIC.Facebook][IP: 119/Facebook][Encrypted][Confidence: DPI][cat: SocialNetwork/6][188 pkts/80544 bytes <-> 302 pkts/207759 bytes][Goodput ratio: 90/94][115.21 sec][Hostname/SNI: graph.facebook.com][(Advertised) ALPNs: h3-fb-05;h1q-fb][TLS Supported Versions: TLSv1.3;TLSv1.3 (draft)][bytes ratio: -0.441 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 276/385 10173/64999 1046/4119][Pkt Len c2s/s2c min/avg/max/stddev: 73/66 428/688 1274/1294 478/546][TLSv1.3][JA3C: a3795d067fbf6f44c8657f9e9cbae493][PLAIN TEXT (rPnDAD)][Plen Bins: 21,26,1,0,0,0,0,0,0,2,0,2,3,1,3,1,0,1,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,32,0,0,0,0,0,0,0,0] diff --git a/tests/result/quic-mvfst-27.pcapng.out b/tests/result/quic-mvfst-27.pcapng.out index ac5d20238..1a7eed97f 100644 --- a/tests/result/quic-mvfst-27.pcapng.out +++ b/tests/result/quic-mvfst-27.pcapng.out @@ -14,7 +14,7 @@ Automa host: 1/1 (search/found) Automa domain: 1/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) -Automa common alpns: 0/0 (search/found) +Automa common alpns: 1/1 (search/found) Patricia risk mask: 2/0 (search/found) Patricia risk: 0/0 (search/found) Patricia protocols: 1/1 (search/found) @@ -26,4 +26,4 @@ JA3 Host Stats: 1 10.0.2.15 1 - 1 UDP 10.0.2.15:35957 <-> 69.171.250.15:443 [proto: 188.119/QUIC.Facebook][IP: 119/Facebook][Encrypted][Confidence: DPI][cat: SocialNetwork/6][7 pkts/3196 bytes <-> 13 pkts/8203 bytes][Goodput ratio: 79/85][8.96 sec][Hostname/SNI: graph.facebook.com][ALPN: h3-fb-05][TLS Supported Versions: TLSv1.3;TLSv1.3 (draft)][bytes ratio: -0.439 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1782/811 8808/8827 3513/2535][Pkt Len c2s/s2c min/avg/max/stddev: 128/115 457/631 1326/1346 492/540][TLSv1.3][JA3C: 61d8a93ff379660087082a82411f19a2][PLAIN TEXT (Xic gcl)][Plen Bins: 20,25,10,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,5,0,0,0,0,5,0,0,0,0,0,5,20,0,0,0,0,0,0,0,0] + 1 UDP 10.0.2.15:35957 <-> 69.171.250.15:443 [proto: 188.119/QUIC.Facebook][IP: 119/Facebook][Encrypted][Confidence: DPI][cat: SocialNetwork/6][7 pkts/3196 bytes <-> 13 pkts/8203 bytes][Goodput ratio: 79/85][8.96 sec][Hostname/SNI: graph.facebook.com][(Advertised) ALPNs: h3-fb-05][TLS Supported Versions: TLSv1.3;TLSv1.3 (draft)][bytes ratio: -0.439 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1782/811 8808/8827 3513/2535][Pkt Len c2s/s2c min/avg/max/stddev: 128/115 457/631 1326/1346 492/540][TLSv1.3][JA3C: 61d8a93ff379660087082a82411f19a2][PLAIN TEXT (Xic gcl)][Plen Bins: 20,25,10,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,5,0,0,0,0,5,0,0,0,0,0,5,20,0,0,0,0,0,0,0,0] diff --git a/tests/result/quic-mvfst-exp.pcap.out b/tests/result/quic-mvfst-exp.pcap.out index 8726756da..bdf3b6686 100644 --- a/tests/result/quic-mvfst-exp.pcap.out +++ b/tests/result/quic-mvfst-exp.pcap.out @@ -14,7 +14,7 @@ Automa host: 1/1 (search/found) Automa domain: 1/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) -Automa common alpns: 0/0 (search/found) +Automa common alpns: 1/1 (search/found) Patricia risk mask: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia protocols: 0/0 (search/found) @@ -26,4 +26,4 @@ JA3 Host Stats: 1 2aac:cdf7:d506:7807:9092:75f:a963:f4ab 1 - 1 UDP [2aac:cdf7:d506:7807:9092:75f:a963:f4ab]:57587 <-> [3f65:ece9:fe71:6e2a:face:b00c::358e]:443 [proto: 188.119/QUIC.Facebook][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][9 pkts/4054 bytes <-> 21 pkts/22255 bytes][Goodput ratio: 86/94][0.16 sec][Hostname/SNI: video.fmct2-3.fna.fbcdn.net][ALPN: h3-fb-05][TLS Supported Versions: TLSv1.3;TLSv1.3 (draft)][bytes ratio: -0.692 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/4 55/56 19/13][Pkt Len c2s/s2c min/avg/max/stddev: 93/105 450/1060 1294/1294 505/429][TLSv1.3][JA3C: 61d8a93ff379660087082a82411f19a2][PLAIN TEXT (wEPCri)][Plen Bins: 3,20,3,0,0,0,0,0,3,0,3,0,0,0,0,0,0,3,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,61,0,0,0,0,0,0,0,0,0] + 1 UDP [2aac:cdf7:d506:7807:9092:75f:a963:f4ab]:57587 <-> [3f65:ece9:fe71:6e2a:face:b00c::358e]:443 [proto: 188.119/QUIC.Facebook][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][9 pkts/4054 bytes <-> 21 pkts/22255 bytes][Goodput ratio: 86/94][0.16 sec][Hostname/SNI: video.fmct2-3.fna.fbcdn.net][(Advertised) ALPNs: h3-fb-05][TLS Supported Versions: TLSv1.3;TLSv1.3 (draft)][bytes ratio: -0.692 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/4 55/56 19/13][Pkt Len c2s/s2c min/avg/max/stddev: 93/105 450/1060 1294/1294 505/429][TLSv1.3][JA3C: 61d8a93ff379660087082a82411f19a2][PLAIN TEXT (wEPCri)][Plen Bins: 3,20,3,0,0,0,0,0,3,0,3,0,0,0,0,0,0,3,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,61,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/quic-v2-01.pcapng.out b/tests/result/quic-v2-01.pcapng.out index fbd9c13ae..9505b5a42 100644 --- a/tests/result/quic-v2-01.pcapng.out +++ b/tests/result/quic-v2-01.pcapng.out @@ -14,7 +14,7 @@ Automa host: 0/0 (search/found) Automa domain: 0/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) -Automa common alpns: 0/0 (search/found) +Automa common alpns: 18/18 (search/found) Patricia risk mask: 2/0 (search/found) Patricia risk: 0/0 (search/found) Patricia protocols: 2/0 (search/found) @@ -26,4 +26,4 @@ JA3 Host Stats: 1 192.168.56.1 1 - 1 UDP 192.168.56.1:34229 <-> 192.168.56.198:4443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][34 pkts/6729 bytes <-> 889 pkts/1305257 bytes][Goodput ratio: 79/97][0.02 sec][ALPN: h3-34;hq-34;h3-33;hq-33;h3-32;hq-32;h3-31;hq-31;h3-29;hq-29;h3-30;hq-30;h3-28;hq-28;h3-27;hq-27;h3;hq-interop][TLS Supported Versions: TLSv1.3;TLSv1.3 (draft);TLSv1.3 (draft);TLSv1.3 (draft)][bytes ratio: -0.990 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 2/0 1/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/73 198/1468 1482/1482 306/131][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **][Risk Score: 100][Risk Info: No server to client traffic][TLSv1.3][JA3C: c0ce40fbb78cbf86a14e6a38b26d6ede][PLAIN TEXT (V/vUIx)][Plen Bins: 0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,94,0,0] + 1 UDP 192.168.56.1:34229 <-> 192.168.56.198:4443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][34 pkts/6729 bytes <-> 889 pkts/1305257 bytes][Goodput ratio: 79/97][0.02 sec][(Advertised) ALPNs: h3-34;hq-34;h3-33;hq-33;h3-32;hq-32;h3-31;hq-31;h3-29;hq-29;h3-30;hq-30;h3-28;hq-28;h3-27;hq-27;h3;hq-interop][TLS Supported Versions: TLSv1.3;TLSv1.3 (draft);TLSv1.3 (draft);TLSv1.3 (draft)][bytes ratio: -0.990 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 2/0 1/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/73 198/1468 1482/1482 306/131][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **][Risk Score: 100][Risk Info: No server to client traffic][TLSv1.3][JA3C: c0ce40fbb78cbf86a14e6a38b26d6ede][PLAIN TEXT (V/vUIx)][Plen Bins: 0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,94,0,0] diff --git a/tests/result/quic_0RTT.pcap.out b/tests/result/quic_0RTT.pcap.out index b7b11cc3d..27e0c7327 100644 --- a/tests/result/quic_0RTT.pcap.out +++ b/tests/result/quic_0RTT.pcap.out @@ -14,7 +14,7 @@ Automa host: 2/1 (search/found) Automa domain: 2/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 1/0 (search/found) -Automa common alpns: 0/0 (search/found) +Automa common alpns: 2/2 (search/found) Patricia risk mask: 2/0 (search/found) Patricia risk: 0/0 (search/found) Patricia protocols: 3/2 (search/found) @@ -28,5 +28,5 @@ JA3 Host Stats: 2 ::1 1 - 1 UDP 192.168.2.100:51972 <-> 142.250.181.227:443 [proto: 188.126/QUIC.Google][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][7 pkts/2168 bytes <-> 8 pkts/3010 bytes][Goodput ratio: 86/89][0.23 sec][Hostname/SNI: ssl.gstatic.com][ALPN: h3][TLS Supported Versions: TLSv1.3][bytes ratio: -0.163 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 36/10 121/30 45/14][Pkt Len c2s/s2c min/avg/max/stddev: 75/67 310/376 1292/1292 416/426][TLSv1.3][JA3C: 06b6b2a2cba0b7deeaaa6a3d8374d627][Plen Bins: 26,20,20,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0] - 2 UDP [::1]:60459 <-> [::1]:4443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/1294 bytes][Goodput ratio: 95/95][0.00 sec][Hostname/SNI: abcd][ALPN: h3-32][TLS Supported Versions: TLSv1.3;TLSv1.3 (draft);TLSv1.3 (draft);TLSv1.3 (draft)][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][TLSv1.3][JA3C: a7b629a5bd67bfc25e2c78b3daa4c12f][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] + 1 UDP 192.168.2.100:51972 <-> 142.250.181.227:443 [proto: 188.126/QUIC.Google][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][7 pkts/2168 bytes <-> 8 pkts/3010 bytes][Goodput ratio: 86/89][0.23 sec][Hostname/SNI: ssl.gstatic.com][(Advertised) ALPNs: h3][TLS Supported Versions: TLSv1.3][bytes ratio: -0.163 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 36/10 121/30 45/14][Pkt Len c2s/s2c min/avg/max/stddev: 75/67 310/376 1292/1292 416/426][TLSv1.3][JA3C: 06b6b2a2cba0b7deeaaa6a3d8374d627][Plen Bins: 26,20,20,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0] + 2 UDP [::1]:60459 <-> [::1]:4443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/1294 bytes][Goodput ratio: 95/95][0.00 sec][Hostname/SNI: abcd][(Advertised) ALPNs: h3-32][TLS Supported Versions: TLSv1.3;TLSv1.3 (draft);TLSv1.3 (draft);TLSv1.3 (draft)][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][TLSv1.3][JA3C: a7b629a5bd67bfc25e2c78b3daa4c12f][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/quic_crypto_aes_auth_size.pcap.out b/tests/result/quic_crypto_aes_auth_size.pcap.out index 54756059c..937476cd5 100644 --- a/tests/result/quic_crypto_aes_auth_size.pcap.out +++ b/tests/result/quic_crypto_aes_auth_size.pcap.out @@ -14,7 +14,7 @@ Automa host: 2/2 (search/found) Automa domain: 2/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) -Automa common alpns: 0/0 (search/found) +Automa common alpns: 2/2 (search/found) Patricia risk mask: 4/0 (search/found) Patricia risk: 4/0 (search/found) Patricia protocols: 4/0 (search/found) @@ -27,5 +27,5 @@ JA3 Host Stats: 2 245.161.134.177 1 - 1 UDP 134.53.36.43:34917 -> 142.104.38.30:443 [proto: 188.199/QUIC.Snapchat][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: app-analytics-v2.snapchat.com][ALPN: h3][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 1b4b6c50fef204e06798d3fc7cb272fe][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 2 UDP 245.161.134.177:27636 -> 77.242.114.14:443 [proto: 188.199/QUIC.Snapchat][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: gcp.api.snapchat.com][ALPN: h3][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: c570fdf41c8bf336ac9442888680bf3a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 1 UDP 134.53.36.43:34917 -> 142.104.38.30:443 [proto: 188.199/QUIC.Snapchat][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: app-analytics-v2.snapchat.com][(Advertised) ALPNs: h3][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 1b4b6c50fef204e06798d3fc7cb272fe][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 2 UDP 245.161.134.177:27636 -> 77.242.114.14:443 [proto: 188.199/QUIC.Snapchat][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: gcp.api.snapchat.com][(Advertised) ALPNs: h3][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: c570fdf41c8bf336ac9442888680bf3a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] diff --git a/tests/result/quic_frags_ch_in_multiple_packets.pcapng.out b/tests/result/quic_frags_ch_in_multiple_packets.pcapng.out index f77d89295..a8f92ce2c 100644 --- a/tests/result/quic_frags_ch_in_multiple_packets.pcapng.out +++ b/tests/result/quic_frags_ch_in_multiple_packets.pcapng.out @@ -14,7 +14,7 @@ Automa host: 0/0 (search/found) Automa domain: 0/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) -Automa common alpns: 0/0 (search/found) +Automa common alpns: 18/18 (search/found) Patricia risk mask: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia protocols: 0/0 (search/found) @@ -26,4 +26,4 @@ JA3 Host Stats: 1 ::1 1 - 1 UDP [::1]:58822 <-> [::1]:4443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/1410 bytes][Goodput ratio: 95/91][0.01 sec][ALPN: h3-34;hq-34;h3-33;hq-33;h3-32;hq-32;h3-31;hq-31;h3-29;hq-29;h3-30;hq-30;h3-28;hq-28;h3-27;hq-27;h3;hq-interop][TLS Supported Versions: TLSv1.3;TLSv1.3 (draft);TLSv1.3 (draft);TLSv1.3 (draft)][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **][Risk Score: 100][Risk Info: No server to client traffic][TLSv1.3][JA3C: 0299b052ace53a14c3a04aceb5efd247][Plen Bins: 0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,75,0,0,0,0,0,0,0,0,0] + 1 UDP [::1]:58822 <-> [::1]:4443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/1410 bytes][Goodput ratio: 95/91][0.01 sec][(Advertised) ALPNs: h3-34;hq-34;h3-33;hq-33;h3-32;hq-32;h3-31;hq-31;h3-29;hq-29;h3-30;hq-30;h3-28;hq-28;h3-27;hq-27;h3;hq-interop][TLS Supported Versions: TLSv1.3;TLSv1.3 (draft);TLSv1.3 (draft);TLSv1.3 (draft)][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **][Risk Score: 100][Risk Info: No server to client traffic][TLSv1.3][JA3C: 0299b052ace53a14c3a04aceb5efd247][Plen Bins: 0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,75,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out b/tests/result/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out index d8cd032e0..5bed1184b 100644 --- a/tests/result/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out +++ b/tests/result/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out @@ -14,7 +14,7 @@ Automa host: 113/111 (search/found) Automa domain: 113/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) -Automa common alpns: 0/0 (search/found) +Automa common alpns: 113/113 (search/found) Patricia risk mask: 218/0 (search/found) Patricia risk: 206/0 (search/found) Patricia protocols: 221/16 (search/found) @@ -39,116 +39,116 @@ JA3 Host Stats: 7 133.205.75.230 1 - 1 UDP 52.187.20.175:49880 -> 208.229.157.81:443 [proto: 188.239/QUIC.GoogleServices][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.12 sec][Hostname/SNI: update.googleapis.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.5 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 2 UDP 52.187.20.175:50588 -> 208.229.157.81:443 [proto: 188.239/QUIC.GoogleServices][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.09 sec][Hostname/SNI: update.googleapis.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.5 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 3 UDP 52.187.20.175:51619 -> 208.229.157.81:443 [proto: 188.239/QUIC.GoogleServices][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.11 sec][Hostname/SNI: clientservices.googleapis.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.5 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 4 UDP 52.187.20.175:52512 -> 196.245.61.64:443 [proto: 188.239/QUIC.GoogleServices][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.10 sec][Hostname/SNI: safebrowsing.googleapis.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.5 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][PLAIN TEXT (2 x@/q)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 5 UDP 52.187.20.175:53260 -> 102.194.207.179:443 [proto: 188.239/QUIC.GoogleServices][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.12 sec][Hostname/SNI: clientservices.googleapis.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.5 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 6 UDP 52.187.20.175:57066 -> 108.171.138.182:443 [proto: 188.239/QUIC.GoogleServices][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.11 sec][Hostname/SNI: clientservices.googleapis.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.5 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 7 UDP 52.187.20.175:61089 -> 99.42.133.245:443 [proto: 188.239/QUIC.GoogleServices][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.13 sec][Hostname/SNI: clientservices.googleapis.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.5 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 8 UDP 52.187.20.175:61286 -> 198.74.29.79:443 [proto: 188.239/QUIC.GoogleServices][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.12 sec][Hostname/SNI: safebrowsing.googleapis.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.5 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 9 UDP 52.187.20.175:61484 -> 202.152.155.121:443 [proto: 188.126/QUIC.Google][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.10 sec][Hostname/SNI: ogs.google.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.5 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][PLAIN TEXT (BWtJ6@)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 10 UDP 52.187.20.175:62114 -> 198.74.29.79:443 [proto: 188.239/QUIC.GoogleServices][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.12 sec][Hostname/SNI: safebrowsing.googleapis.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.5 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][PLAIN TEXT (yiCNDi1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 11 UDP 133.205.75.230:56528 -> 208.229.157.81:443 [proto: 188.239/QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.11 sec][Hostname/SNI: update.googleapis.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.5 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 12 UDP 147.196.90.42:61647 -> 177.86.46.206:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][1.93 sec][Hostname/SNI: sb-ssl.google.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.5 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 13 UDP 159.117.176.124:49521 -> 128.248.24.1:443 [proto: 188.239/QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.10 sec][Hostname/SNI: clientservices.googleapis.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.5 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 14 UDP 159.117.176.124:49867 -> 198.74.29.79:443 [proto: 188.239/QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.10 sec][Hostname/SNI: content-autofill.googleapis.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.5 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][PLAIN TEXT (apK ctL)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 15 UDP 159.117.176.124:58337 -> 208.229.157.81:443 [proto: 188.239/QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.11 sec][Hostname/SNI: clientservices.googleapis.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.5 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 16 UDP 159.117.176.124:61202 -> 198.74.29.79:443 [proto: 188.239/QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.10 sec][Hostname/SNI: safebrowsing.googleapis.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.5 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][PLAIN TEXT (AQ07rt)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 17 UDP 159.117.176.124:64134 -> 207.121.63.92:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.10 sec][Hostname/SNI: www.google.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.5 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][PLAIN TEXT (lKQALj)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 18 UDP 168.144.64.5:50224 -> 126.3.93.89:443 [proto: 188.239/QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.34 sec][Hostname/SNI: www.googleapis.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 6.1; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 169051af8572ac08ea1ddeee0db208bc][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 19 UDP 52.187.20.175:63507 -> 121.209.126.161:443 [proto: 188.126/QUIC.Google][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Web/5][3 pkts/4176 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][1.53 sec][Hostname/SNI: clients2.googleusercontent.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.5 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 20 UDP 168.144.64.5:58351 -> 193.68.169.100:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][3 pkts/4176 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.23 sec][Hostname/SNI: www.gstatic.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 6.1; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 169051af8572ac08ea1ddeee0db208bc][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 21 UDP 52.187.20.175:58123 -> 118.89.218.46:443 [proto: 188.126/QUIC.Google][IP: 285/Tencent][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][1.11 sec][Hostname/SNI: accounts.google.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.5 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 22 UDP 168.144.64.5:51053 -> 241.138.147.133:443 [proto: 188.239/QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.30 sec][Hostname/SNI: content-autofill.googleapis.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 6.1; Win64; x64][TLSv1.3][JA3C: 169051af8572ac08ea1ddeee0db208bc][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 23 UDP 168.144.64.5:53431 -> 128.248.24.1:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.07 sec][Hostname/SNI: fonts.gstatic.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 24 UDP 168.144.64.5:55376 -> 212.22.246.243:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.33 sec][Hostname/SNI: www.google.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 6.1; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 169051af8572ac08ea1ddeee0db208bc][PLAIN TEXT (aUOvTUU)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 25 UDP 168.144.64.5:59827 -> 37.47.218.224:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Advertisement/101][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.30 sec][Hostname/SNI: www.googleadservices.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 6.1; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 169051af8572ac08ea1ddeee0db208bc][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 26 UDP 168.144.64.5:62719 -> 31.219.210.96:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.30 sec][Hostname/SNI: lh4.googleusercontent.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 6.1; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 169051af8572ac08ea1ddeee0db208bc][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 27 UDP 168.144.64.5:64964 -> 133.202.76.105:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.30 sec][Hostname/SNI: accounts.google.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 6.1; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 169051af8572ac08ea1ddeee0db208bc][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 28 UDP 192.168.254.11:35124 -> 168.78.153.39:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.29 sec][Hostname/SNI: s-img.adskeeper.co.uk][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.0 Android 10; SM-A125F][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 29 UDP 10.117.78.100:44252 -> 251.236.18.198:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: accounts.google.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.0 Android 10; STK-L21][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 30 UDP 10.117.78.100:55273 -> 202.152.155.121:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: clients4.google.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.0 Android 10; STK-L21][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 31 UDP 159.117.176.124:51856 -> 16.205.123.234:443 [proto: 188.242/QUIC.WhatsAppFiles][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Download/7][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: media.fmct2-1.fna.whatsapp.net][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.5 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 32 UDP 168.144.64.5:49153 -> 153.98.28.78:443 [proto: 188.196/QUIC.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: dns.google][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 33 UDP 168.144.64.5:49217 -> 185.186.183.185:443 [proto: 188.239/QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: safebrowsing.googleapis.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 34 UDP 168.144.64.5:49324 -> 35.194.157.47:443 [proto: 188.126/QUIC.Google][IP: 284/GoogleCloud][Encrypted][Confidence: DPI][cat: Advertisement/101][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: pagead2.googlesyndication.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 35 UDP 168.144.64.5:49860 -> 113.250.137.243:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Cloud/13][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: b1.nel.goog][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 36 UDP 168.144.64.5:49926 -> 103.179.40.184:443 [proto: 188.124/QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Media/1][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: r5---sn-vh5ouxa-hju6.googlevideo.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 37 UDP 168.144.64.5:50023 -> 76.231.104.92:443 [proto: 188.124/QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Media/1][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: www.youtube.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][PLAIN TEXT (TJdZNR)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 38 UDP 168.144.64.5:50073 -> 152.128.87.238:443 [proto: 188.124/QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Media/1][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: r3---sn-vh5ouxa-hjud.googlevideo.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 39 UDP 168.144.64.5:50423 -> 144.237.113.58:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: www.google.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 6.1; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 37b57e2a60f871d6f459268f91669a78][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 40 UDP 168.144.64.5:50482 -> 121.209.126.161:443 [proto: 188.124/QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Media/1][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: yt3.ggpht.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 41 UDP 168.144.64.5:50540 -> 99.45.60.254:443 [proto: 188.124/QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Media/1][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: i.ytimg.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 42 UDP 168.144.64.5:50552 -> 108.171.138.182:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: beacons.gvt2.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 43 UDP 168.144.64.5:51248 -> 99.42.133.245:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: beacons.gcp.gvt2.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 44 UDP 168.144.64.5:51296 -> 128.248.24.1:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: beacons.gcp.gvt2.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 45 UDP 168.144.64.5:51456 -> 102.194.207.179:443 [proto: 188.239/QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: clientservices.googleapis.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 46 UDP 168.144.64.5:52273 -> 244.214.160.219:443 [proto: 188.124/QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Media/1][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: r3---sn-vh5ouxa-hju6.googlevideo.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 47 UDP 168.144.64.5:52387 -> 143.52.137.18:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Advertisement/101][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: pagead2.googlesyndication.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 48 UDP 168.144.64.5:52396 -> 153.98.28.78:443 [proto: 188.196/QUIC.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: dns.google][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 49 UDP 168.144.64.5:52942 -> 93.100.151.221:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: clients2.google.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 50 UDP 168.144.64.5:53127 -> 113.250.137.243:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Cloud/13][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: b1.nel.goog][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][PLAIN TEXT (R/maht)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 51 UDP 168.144.64.5:53404 -> 113.250.137.243:443 [proto: 188.239/QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: update.googleapis.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 52 UDP 168.144.64.5:54016 -> 153.98.28.78:443 [proto: 188.196/QUIC.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: dns.google][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 53 UDP 168.144.64.5:54120 -> 153.98.28.78:443 [proto: 188.196/QUIC.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: dns.google][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 54 UDP 168.144.64.5:54449 -> 102.194.207.179:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: beacons3.gvt2.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 55 UDP 168.144.64.5:55066 -> 128.248.24.1:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: fonts.gstatic.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 56 UDP 168.144.64.5:55479 -> 113.250.137.243:443 [proto: 188.239/QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: clientservices.googleapis.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 57 UDP 168.144.64.5:55561 -> 35.194.157.47:443 [proto: 188.126/QUIC.Google][IP: 284/GoogleCloud][Encrypted][Confidence: DPI][cat: Advertisement/101][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: googleads.g.doubleclick.net][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 58 UDP 168.144.64.5:55572 -> 117.148.117.30:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Advertisement/101][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: googleads.g.doubleclick.net][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 59 UDP 168.144.64.5:55637 -> 169.81.163.225:443 [proto: 188.124/QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Media/1][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: r3---sn-hju7enel.googlevideo.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 60 UDP 168.144.64.5:55844 -> 112.1.105.138:443 [proto: 188.228/QUIC.PlayStore][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SoftwareUpdate/19][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: android.clients.google.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 6.1; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 169051af8572ac08ea1ddeee0db208bc][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 61 UDP 168.144.64.5:56384 -> 117.148.117.30:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Advertisement/101][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: pagead2.googlesyndication.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 62 UDP 168.144.64.5:56425 -> 125.136.204.4:443 [proto: 188.124/QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Media/1][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: r1---sn-vh5ouxa-hjuk.googlevideo.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 63 UDP 168.144.64.5:56488 -> 177.86.46.206:443 [proto: 188.124/QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Media/1][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: www.youtube.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 64 UDP 168.144.64.5:56683 -> 113.250.137.243:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Cloud/13][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: b1.nel.goog][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 65 UDP 168.144.64.5:56844 -> 113.250.137.243:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Cloud/13][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: b1.nel.goog][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 66 UDP 168.144.64.5:57319 -> 7.71.118.27:443 [proto: 188.228/QUIC.PlayStore][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SoftwareUpdate/19][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: android.clients.google.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 6.1; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 169051af8572ac08ea1ddeee0db208bc][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 67 UDP 168.144.64.5:57398 -> 137.238.249.2:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Advertisement/101][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: www.googleadservices.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 68 UDP 168.144.64.5:57565 -> 217.254.108.174:443 [proto: 188.124/QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Media/1][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: r2---sn-vh5ouxa-hjuk.googlevideo.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 69 UDP 168.144.64.5:57735 -> 137.238.249.2:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Advertisement/101][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: ade.googlesyndication.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 70 UDP 168.144.64.5:57767 -> 76.83.40.87:443 [proto: 188.124/QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Media/1][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: r11---sn-vh5ouxa-hjuk.googlevideo.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 71 UDP 168.144.64.5:58414 -> 153.98.28.78:443 [proto: 188.196/QUIC.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: dns.google][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][PLAIN TEXT (rAnq62)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 72 UDP 168.144.64.5:58429 -> 38.57.8.121:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Advertisement/101][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: static.doubleclick.net][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 73 UDP 168.144.64.5:58703 -> 93.100.151.221:443 [proto: 188.228/QUIC.PlayStore][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SoftwareUpdate/19][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: android.clients.google.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 74 UDP 168.144.64.5:58832 -> 117.148.117.30:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Advertisement/101][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: googleads.g.doubleclick.net][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 75 UDP 168.144.64.5:58956 -> 128.248.24.1:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: beacons.gcp.gvt2.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 76 UDP 168.144.64.5:59206 -> 76.231.104.92:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: ogs.google.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.5 Windows NT 6.1][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 169051af8572ac08ea1ddeee0db208bc][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 77 UDP 168.144.64.5:59327 -> 153.98.28.78:443 [proto: 188.196/QUIC.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: dns.google][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 78 UDP 168.144.64.5:59622 -> 153.98.28.78:443 [proto: 188.196/QUIC.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: dns.google][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 79 UDP 168.144.64.5:59680 -> 117.148.117.30:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Advertisement/101][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: googleads.g.doubleclick.net][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][PLAIN TEXT (xqgfA/)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 80 UDP 168.144.64.5:59785 -> 128.248.24.1:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: beacons.gcp.gvt2.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 81 UDP 168.144.64.5:59965 -> 22.12.150.194:443 [proto: 188.124/QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Media/1][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: r1---sn-vh5ouxa-hju6.googlevideo.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 82 UDP 168.144.64.5:60342 -> 93.100.151.221:443 [proto: 188.124/QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Media/1][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: suggestqueries-clients6.youtube.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 83 UDP 168.144.64.5:60551 -> 128.248.24.1:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: beacons.gvt2.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 84 UDP 168.144.64.5:60809 -> 9.65.169.252:443 [proto: 188.124/QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Media/1][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: suggestqueries-clients6.youtube.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][PLAIN TEXT (XDlJUg)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 85 UDP 168.144.64.5:60896 -> 45.228.175.189:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: www.google.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 86 UDP 168.144.64.5:60919 -> 53.101.228.200:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: adservice.google.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 6.1; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 169051af8572ac08ea1ddeee0db208bc][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 87 UDP 168.144.64.5:60934 -> 128.248.24.1:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: beacons.gcp.gvt2.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 88 UDP 168.144.64.5:60936 -> 9.65.169.252:443 [proto: 188.124/QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Media/1][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: suggestqueries-clients6.youtube.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 89 UDP 168.144.64.5:60949 -> 185.186.183.185:443 [proto: 188.239/QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: content-autofill.googleapis.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 90 UDP 168.144.64.5:61209 -> 35.194.157.47:443 [proto: 188.126/QUIC.Google][IP: 284/GoogleCloud][Encrypted][Confidence: DPI][cat: Advertisement/101][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: www.googleadservices.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 91 UDP 168.144.64.5:61341 -> 16.232.218.117:443 [proto: 188.124/QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Media/1][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: r9---sn-vh5ouxa-hjuk.googlevideo.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 92 UDP 168.144.64.5:61886 -> 65.33.51.74:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: adservice.google.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 93 UDP 168.144.64.5:62047 -> 136.125.67.96:443 [proto: 188.126/QUIC.Google][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: beacons4.gvt2.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 94 UDP 168.144.64.5:62652 -> 158.146.215.30:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Advertisement/101][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: static.doubleclick.net][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 95 UDP 168.144.64.5:62818 -> 113.250.137.243:443 [proto: 188.239/QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: clientservices.googleapis.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 96 UDP 168.144.64.5:63136 -> 9.65.169.252:443 [proto: 188.124/QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Media/1][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: suggestqueries-clients6.youtube.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 97 UDP 168.144.64.5:63163 -> 113.250.137.243:443 [proto: 188.239/QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: update.googleapis.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 98 UDP 168.144.64.5:63736 -> 213.188.47.247:443 [proto: 188.124/QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Media/1][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: r4---sn-vh5ouxa-hjud.googlevideo.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 99 UDP 168.144.64.5:63925 -> 39.227.72.32:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: beacons2.gvt2.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 100 UDP 168.144.64.5:64497 -> 102.194.207.179:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: beacons.gvt2.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 101 UDP 168.144.64.5:64693 -> 113.250.137.243:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Cloud/13][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: b1.nel.goog][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 102 UDP 168.144.64.5:64700 -> 16.232.218.117:443 [proto: 188.124/QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Media/1][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: r9---sn-vh5ouxa-hjuk.googlevideo.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][PLAIN TEXT (gjom@g)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 103 UDP 168.144.64.5:64976 -> 220.80.126.73:443 [proto: 188.124/QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Media/1][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: r1---sn-hju7enel.googlevideo.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 104 UDP 168.144.64.5:65186 -> 9.65.169.252:443 [proto: 188.124/QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Media/1][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: www.youtube.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 105 UDP 168.144.64.5:65360 -> 65.33.51.74:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Advertisement/101][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: googleads.g.doubleclick.net][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 106 UDP 168.144.64.5:65391 -> 128.248.24.1:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: fonts.gstatic.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 107 UDP 192.168.254.11:38331 -> 93.100.151.221:443 [proto: 188.46/QUIC.DataSaver][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: litepages.googlezip.net][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.0 Android 10; SM-A125F][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 108 UDP 192.168.254.11:43427 -> 98.251.203.81:443 [proto: 188.239/QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: optimizationguide-pa.googleapis.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.0 Android 10; SM-A125F][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 109 UDP 192.168.254.11:45652 -> 170.196.90.126:443 [proto: 188.239/QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: content-autofill.googleapis.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.0 Android 10; SM-A125F][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 110 UDP 192.168.254.11:49689 -> 87.179.155.149:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: www.google.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.0 Android 10; SM-A125F][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 111 UDP 192.168.254.11:51075 -> 117.148.117.30:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Advertisement/101][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: pagead2.googlesyndication.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.0 Android 10; SM-A125F][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 112 UDP 192.168.254.11:54692 -> 171.182.169.23:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: www.freearabianporn.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.0 Android 10; SM-A125F][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 113 UDP 192.168.254.11:59048 -> 251.236.18.198:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: accounts.google.com][ALPN: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.0 Android 10; SM-A125F][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 1 UDP 52.187.20.175:49880 -> 208.229.157.81:443 [proto: 188.239/QUIC.GoogleServices][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.12 sec][Hostname/SNI: update.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.5 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 2 UDP 52.187.20.175:50588 -> 208.229.157.81:443 [proto: 188.239/QUIC.GoogleServices][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.09 sec][Hostname/SNI: update.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.5 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 3 UDP 52.187.20.175:51619 -> 208.229.157.81:443 [proto: 188.239/QUIC.GoogleServices][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.11 sec][Hostname/SNI: clientservices.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.5 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 4 UDP 52.187.20.175:52512 -> 196.245.61.64:443 [proto: 188.239/QUIC.GoogleServices][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.10 sec][Hostname/SNI: safebrowsing.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.5 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][PLAIN TEXT (2 x@/q)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 5 UDP 52.187.20.175:53260 -> 102.194.207.179:443 [proto: 188.239/QUIC.GoogleServices][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.12 sec][Hostname/SNI: clientservices.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.5 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 6 UDP 52.187.20.175:57066 -> 108.171.138.182:443 [proto: 188.239/QUIC.GoogleServices][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.11 sec][Hostname/SNI: clientservices.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.5 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 7 UDP 52.187.20.175:61089 -> 99.42.133.245:443 [proto: 188.239/QUIC.GoogleServices][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.13 sec][Hostname/SNI: clientservices.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.5 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 8 UDP 52.187.20.175:61286 -> 198.74.29.79:443 [proto: 188.239/QUIC.GoogleServices][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.12 sec][Hostname/SNI: safebrowsing.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.5 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 9 UDP 52.187.20.175:61484 -> 202.152.155.121:443 [proto: 188.126/QUIC.Google][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.10 sec][Hostname/SNI: ogs.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.5 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][PLAIN TEXT (BWtJ6@)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 10 UDP 52.187.20.175:62114 -> 198.74.29.79:443 [proto: 188.239/QUIC.GoogleServices][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.12 sec][Hostname/SNI: safebrowsing.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.5 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][PLAIN TEXT (yiCNDi1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 11 UDP 133.205.75.230:56528 -> 208.229.157.81:443 [proto: 188.239/QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.11 sec][Hostname/SNI: update.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.5 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 12 UDP 147.196.90.42:61647 -> 177.86.46.206:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][1.93 sec][Hostname/SNI: sb-ssl.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.5 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 13 UDP 159.117.176.124:49521 -> 128.248.24.1:443 [proto: 188.239/QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.10 sec][Hostname/SNI: clientservices.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.5 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 14 UDP 159.117.176.124:49867 -> 198.74.29.79:443 [proto: 188.239/QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.10 sec][Hostname/SNI: content-autofill.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.5 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][PLAIN TEXT (apK ctL)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 15 UDP 159.117.176.124:58337 -> 208.229.157.81:443 [proto: 188.239/QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.11 sec][Hostname/SNI: clientservices.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.5 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 16 UDP 159.117.176.124:61202 -> 198.74.29.79:443 [proto: 188.239/QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.10 sec][Hostname/SNI: safebrowsing.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.5 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][PLAIN TEXT (AQ07rt)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 17 UDP 159.117.176.124:64134 -> 207.121.63.92:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.10 sec][Hostname/SNI: www.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.5 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][PLAIN TEXT (lKQALj)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 18 UDP 168.144.64.5:50224 -> 126.3.93.89:443 [proto: 188.239/QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.34 sec][Hostname/SNI: www.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 6.1; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 169051af8572ac08ea1ddeee0db208bc][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 19 UDP 52.187.20.175:63507 -> 121.209.126.161:443 [proto: 188.126/QUIC.Google][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Web/5][3 pkts/4176 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][1.53 sec][Hostname/SNI: clients2.googleusercontent.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.5 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 20 UDP 168.144.64.5:58351 -> 193.68.169.100:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][3 pkts/4176 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.23 sec][Hostname/SNI: www.gstatic.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 6.1; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 169051af8572ac08ea1ddeee0db208bc][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 21 UDP 52.187.20.175:58123 -> 118.89.218.46:443 [proto: 188.126/QUIC.Google][IP: 285/Tencent][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][1.11 sec][Hostname/SNI: accounts.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.5 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 22 UDP 168.144.64.5:51053 -> 241.138.147.133:443 [proto: 188.239/QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.30 sec][Hostname/SNI: content-autofill.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 6.1; Win64; x64][TLSv1.3][JA3C: 169051af8572ac08ea1ddeee0db208bc][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 23 UDP 168.144.64.5:53431 -> 128.248.24.1:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.07 sec][Hostname/SNI: fonts.gstatic.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 24 UDP 168.144.64.5:55376 -> 212.22.246.243:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.33 sec][Hostname/SNI: www.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 6.1; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 169051af8572ac08ea1ddeee0db208bc][PLAIN TEXT (aUOvTUU)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 25 UDP 168.144.64.5:59827 -> 37.47.218.224:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Advertisement/101][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.30 sec][Hostname/SNI: www.googleadservices.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 6.1; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 169051af8572ac08ea1ddeee0db208bc][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 26 UDP 168.144.64.5:62719 -> 31.219.210.96:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.30 sec][Hostname/SNI: lh4.googleusercontent.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 6.1; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 169051af8572ac08ea1ddeee0db208bc][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 27 UDP 168.144.64.5:64964 -> 133.202.76.105:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.30 sec][Hostname/SNI: accounts.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 6.1; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 169051af8572ac08ea1ddeee0db208bc][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 28 UDP 192.168.254.11:35124 -> 168.78.153.39:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.29 sec][Hostname/SNI: s-img.adskeeper.co.uk][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.0 Android 10; SM-A125F][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 29 UDP 10.117.78.100:44252 -> 251.236.18.198:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: accounts.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.0 Android 10; STK-L21][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 30 UDP 10.117.78.100:55273 -> 202.152.155.121:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: clients4.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.0 Android 10; STK-L21][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 31 UDP 159.117.176.124:51856 -> 16.205.123.234:443 [proto: 188.242/QUIC.WhatsAppFiles][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Download/7][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: media.fmct2-1.fna.whatsapp.net][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.5 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 32 UDP 168.144.64.5:49153 -> 153.98.28.78:443 [proto: 188.196/QUIC.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: dns.google][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 33 UDP 168.144.64.5:49217 -> 185.186.183.185:443 [proto: 188.239/QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: safebrowsing.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 34 UDP 168.144.64.5:49324 -> 35.194.157.47:443 [proto: 188.126/QUIC.Google][IP: 284/GoogleCloud][Encrypted][Confidence: DPI][cat: Advertisement/101][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: pagead2.googlesyndication.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 35 UDP 168.144.64.5:49860 -> 113.250.137.243:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Cloud/13][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: b1.nel.goog][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 36 UDP 168.144.64.5:49926 -> 103.179.40.184:443 [proto: 188.124/QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Media/1][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: r5---sn-vh5ouxa-hju6.googlevideo.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 37 UDP 168.144.64.5:50023 -> 76.231.104.92:443 [proto: 188.124/QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Media/1][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: www.youtube.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][PLAIN TEXT (TJdZNR)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 38 UDP 168.144.64.5:50073 -> 152.128.87.238:443 [proto: 188.124/QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Media/1][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: r3---sn-vh5ouxa-hjud.googlevideo.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 39 UDP 168.144.64.5:50423 -> 144.237.113.58:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: www.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 6.1; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 37b57e2a60f871d6f459268f91669a78][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 40 UDP 168.144.64.5:50482 -> 121.209.126.161:443 [proto: 188.124/QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Media/1][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: yt3.ggpht.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 41 UDP 168.144.64.5:50540 -> 99.45.60.254:443 [proto: 188.124/QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Media/1][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: i.ytimg.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 42 UDP 168.144.64.5:50552 -> 108.171.138.182:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: beacons.gvt2.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 43 UDP 168.144.64.5:51248 -> 99.42.133.245:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: beacons.gcp.gvt2.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 44 UDP 168.144.64.5:51296 -> 128.248.24.1:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: beacons.gcp.gvt2.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 45 UDP 168.144.64.5:51456 -> 102.194.207.179:443 [proto: 188.239/QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: clientservices.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 46 UDP 168.144.64.5:52273 -> 244.214.160.219:443 [proto: 188.124/QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Media/1][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: r3---sn-vh5ouxa-hju6.googlevideo.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 47 UDP 168.144.64.5:52387 -> 143.52.137.18:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Advertisement/101][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: pagead2.googlesyndication.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 48 UDP 168.144.64.5:52396 -> 153.98.28.78:443 [proto: 188.196/QUIC.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: dns.google][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 49 UDP 168.144.64.5:52942 -> 93.100.151.221:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: clients2.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 50 UDP 168.144.64.5:53127 -> 113.250.137.243:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Cloud/13][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: b1.nel.goog][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][PLAIN TEXT (R/maht)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 51 UDP 168.144.64.5:53404 -> 113.250.137.243:443 [proto: 188.239/QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: update.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 52 UDP 168.144.64.5:54016 -> 153.98.28.78:443 [proto: 188.196/QUIC.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: dns.google][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 53 UDP 168.144.64.5:54120 -> 153.98.28.78:443 [proto: 188.196/QUIC.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: dns.google][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 54 UDP 168.144.64.5:54449 -> 102.194.207.179:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: beacons3.gvt2.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 55 UDP 168.144.64.5:55066 -> 128.248.24.1:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: fonts.gstatic.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 56 UDP 168.144.64.5:55479 -> 113.250.137.243:443 [proto: 188.239/QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: clientservices.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 57 UDP 168.144.64.5:55561 -> 35.194.157.47:443 [proto: 188.126/QUIC.Google][IP: 284/GoogleCloud][Encrypted][Confidence: DPI][cat: Advertisement/101][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: googleads.g.doubleclick.net][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 58 UDP 168.144.64.5:55572 -> 117.148.117.30:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Advertisement/101][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: googleads.g.doubleclick.net][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 59 UDP 168.144.64.5:55637 -> 169.81.163.225:443 [proto: 188.124/QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Media/1][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: r3---sn-hju7enel.googlevideo.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 60 UDP 168.144.64.5:55844 -> 112.1.105.138:443 [proto: 188.228/QUIC.PlayStore][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SoftwareUpdate/19][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: android.clients.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 6.1; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 169051af8572ac08ea1ddeee0db208bc][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 61 UDP 168.144.64.5:56384 -> 117.148.117.30:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Advertisement/101][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: pagead2.googlesyndication.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 62 UDP 168.144.64.5:56425 -> 125.136.204.4:443 [proto: 188.124/QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Media/1][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: r1---sn-vh5ouxa-hjuk.googlevideo.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 63 UDP 168.144.64.5:56488 -> 177.86.46.206:443 [proto: 188.124/QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Media/1][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: www.youtube.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 64 UDP 168.144.64.5:56683 -> 113.250.137.243:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Cloud/13][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: b1.nel.goog][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 65 UDP 168.144.64.5:56844 -> 113.250.137.243:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Cloud/13][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: b1.nel.goog][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 66 UDP 168.144.64.5:57319 -> 7.71.118.27:443 [proto: 188.228/QUIC.PlayStore][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SoftwareUpdate/19][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: android.clients.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 6.1; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 169051af8572ac08ea1ddeee0db208bc][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 67 UDP 168.144.64.5:57398 -> 137.238.249.2:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Advertisement/101][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: www.googleadservices.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 68 UDP 168.144.64.5:57565 -> 217.254.108.174:443 [proto: 188.124/QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Media/1][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: r2---sn-vh5ouxa-hjuk.googlevideo.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 69 UDP 168.144.64.5:57735 -> 137.238.249.2:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Advertisement/101][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: ade.googlesyndication.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 70 UDP 168.144.64.5:57767 -> 76.83.40.87:443 [proto: 188.124/QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Media/1][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: r11---sn-vh5ouxa-hjuk.googlevideo.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 71 UDP 168.144.64.5:58414 -> 153.98.28.78:443 [proto: 188.196/QUIC.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: dns.google][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][PLAIN TEXT (rAnq62)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 72 UDP 168.144.64.5:58429 -> 38.57.8.121:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Advertisement/101][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: static.doubleclick.net][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 73 UDP 168.144.64.5:58703 -> 93.100.151.221:443 [proto: 188.228/QUIC.PlayStore][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SoftwareUpdate/19][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: android.clients.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 74 UDP 168.144.64.5:58832 -> 117.148.117.30:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Advertisement/101][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: googleads.g.doubleclick.net][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 75 UDP 168.144.64.5:58956 -> 128.248.24.1:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: beacons.gcp.gvt2.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 76 UDP 168.144.64.5:59206 -> 76.231.104.92:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: ogs.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.5 Windows NT 6.1][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 169051af8572ac08ea1ddeee0db208bc][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 77 UDP 168.144.64.5:59327 -> 153.98.28.78:443 [proto: 188.196/QUIC.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: dns.google][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 78 UDP 168.144.64.5:59622 -> 153.98.28.78:443 [proto: 188.196/QUIC.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: dns.google][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 79 UDP 168.144.64.5:59680 -> 117.148.117.30:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Advertisement/101][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: googleads.g.doubleclick.net][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][PLAIN TEXT (xqgfA/)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 80 UDP 168.144.64.5:59785 -> 128.248.24.1:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: beacons.gcp.gvt2.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 81 UDP 168.144.64.5:59965 -> 22.12.150.194:443 [proto: 188.124/QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Media/1][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: r1---sn-vh5ouxa-hju6.googlevideo.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 82 UDP 168.144.64.5:60342 -> 93.100.151.221:443 [proto: 188.124/QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Media/1][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: suggestqueries-clients6.youtube.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 83 UDP 168.144.64.5:60551 -> 128.248.24.1:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: beacons.gvt2.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 84 UDP 168.144.64.5:60809 -> 9.65.169.252:443 [proto: 188.124/QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Media/1][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: suggestqueries-clients6.youtube.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][PLAIN TEXT (XDlJUg)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 85 UDP 168.144.64.5:60896 -> 45.228.175.189:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: www.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 86 UDP 168.144.64.5:60919 -> 53.101.228.200:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: adservice.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 6.1; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 169051af8572ac08ea1ddeee0db208bc][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 87 UDP 168.144.64.5:60934 -> 128.248.24.1:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: beacons.gcp.gvt2.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 88 UDP 168.144.64.5:60936 -> 9.65.169.252:443 [proto: 188.124/QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Media/1][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: suggestqueries-clients6.youtube.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 89 UDP 168.144.64.5:60949 -> 185.186.183.185:443 [proto: 188.239/QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: content-autofill.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 90 UDP 168.144.64.5:61209 -> 35.194.157.47:443 [proto: 188.126/QUIC.Google][IP: 284/GoogleCloud][Encrypted][Confidence: DPI][cat: Advertisement/101][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: www.googleadservices.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 91 UDP 168.144.64.5:61341 -> 16.232.218.117:443 [proto: 188.124/QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Media/1][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: r9---sn-vh5ouxa-hjuk.googlevideo.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 92 UDP 168.144.64.5:61886 -> 65.33.51.74:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: adservice.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 93 UDP 168.144.64.5:62047 -> 136.125.67.96:443 [proto: 188.126/QUIC.Google][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: beacons4.gvt2.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 94 UDP 168.144.64.5:62652 -> 158.146.215.30:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Advertisement/101][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: static.doubleclick.net][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 95 UDP 168.144.64.5:62818 -> 113.250.137.243:443 [proto: 188.239/QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: clientservices.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 96 UDP 168.144.64.5:63136 -> 9.65.169.252:443 [proto: 188.124/QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Media/1][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: suggestqueries-clients6.youtube.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 97 UDP 168.144.64.5:63163 -> 113.250.137.243:443 [proto: 188.239/QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: update.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 98 UDP 168.144.64.5:63736 -> 213.188.47.247:443 [proto: 188.124/QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Media/1][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: r4---sn-vh5ouxa-hjud.googlevideo.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 99 UDP 168.144.64.5:63925 -> 39.227.72.32:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: beacons2.gvt2.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 100 UDP 168.144.64.5:64497 -> 102.194.207.179:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: beacons.gvt2.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 101 UDP 168.144.64.5:64693 -> 113.250.137.243:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Cloud/13][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: b1.nel.goog][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 102 UDP 168.144.64.5:64700 -> 16.232.218.117:443 [proto: 188.124/QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Media/1][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: r9---sn-vh5ouxa-hjuk.googlevideo.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][PLAIN TEXT (gjom@g)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 103 UDP 168.144.64.5:64976 -> 220.80.126.73:443 [proto: 188.124/QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Media/1][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: r1---sn-hju7enel.googlevideo.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 104 UDP 168.144.64.5:65186 -> 9.65.169.252:443 [proto: 188.124/QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Media/1][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: www.youtube.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 105 UDP 168.144.64.5:65360 -> 65.33.51.74:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Advertisement/101][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: googleads.g.doubleclick.net][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 78ba053b9aa352e84a4eea899207839a][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 106 UDP 168.144.64.5:65391 -> 128.248.24.1:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: fonts.gstatic.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.3 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 107 UDP 192.168.254.11:38331 -> 93.100.151.221:443 [proto: 188.46/QUIC.DataSaver][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: litepages.googlezip.net][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.0 Android 10; SM-A125F][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 108 UDP 192.168.254.11:43427 -> 98.251.203.81:443 [proto: 188.239/QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: optimizationguide-pa.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.0 Android 10; SM-A125F][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 109 UDP 192.168.254.11:45652 -> 170.196.90.126:443 [proto: 188.239/QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: content-autofill.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.0 Android 10; SM-A125F][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 110 UDP 192.168.254.11:49689 -> 87.179.155.149:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: www.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.0 Android 10; SM-A125F][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 111 UDP 192.168.254.11:51075 -> 117.148.117.30:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Advertisement/101][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: pagead2.googlesyndication.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.0 Android 10; SM-A125F][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 112 UDP 192.168.254.11:54692 -> 171.182.169.23:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: www.freearabianporn.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.0 Android 10; SM-A125F][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 113 UDP 192.168.254.11:59048 -> 251.236.18.198:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: accounts.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][User-Agent: dev Chrome/92.0.4503.0 Android 10; SM-A125F][TLSv1.3][JA3C: 8b979b020e67a82c4f1f7f3932805dbb][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] diff --git a/tests/result/quic_interop_V.pcapng.out b/tests/result/quic_interop_V.pcapng.out index 87b8cfc15..87e252787 100644 --- a/tests/result/quic_interop_V.pcapng.out +++ b/tests/result/quic_interop_V.pcapng.out @@ -15,7 +15,7 @@ Automa host: 63/3 (search/found) Automa domain: 63/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 42/0 (search/found) -Automa common alpns: 0/0 (search/found) +Automa common alpns: 504/504 (search/found) Patricia risk mask: 84/0 (search/found) Patricia risk: 0/0 (search/found) Patricia protocols: 70/16 (search/found) @@ -31,75 +31,75 @@ JA3 Host Stats: 2 2001:b07:ac9:d5ae:a4d3:fe47:691e:807d 1 - 1 UDP 192.168.1.128:34511 -> 131.159.24.198:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.94 sec][Hostname/SNI: pandora.cm.in.tum.de][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1419/0 4800/0 1551/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][PLAIN TEXT (SezYZO)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] - 2 UDP 192.168.1.128:37643 -> 71.202.41.169:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.98 sec][Hostname/SNI: 71.202.41.169][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 243/0 1426/0 4801/0 1546/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][PLAIN TEXT (tIABbj)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] - 3 UDP 192.168.1.128:42468 -> 138.91.188.147:4433 [proto: 188.276/QUIC.Azure][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Cloud/13][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.98 sec][Hostname/SNI: quic.westus.cloudapp.azure.com][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1425/0 4800/0 1548/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] - 4 UDP 192.168.1.128:46334 -> 40.112.191.60:443 [proto: 188/QUIC][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.98 sec][Hostname/SNI: f5quic.com][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 241/0 1426/0 4801/0 1545/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] - 5 UDP 192.168.1.128:49658 -> 193.190.10.98:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.96 sec][Hostname/SNI: quicker.edm.uhasselt.be][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1423/0 4800/0 1549/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] - 6 UDP 192.168.1.128:50705 -> 138.91.188.147:4434 [proto: 188.276/QUIC.Azure][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Cloud/13][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.86 sec][Hostname/SNI: quic.westus.cloudapp.azure.com][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1409/0 4800/0 1558/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] - 7 UDP 192.168.1.128:53402 -> 3.121.242.54:4434 [proto: 188/QUIC][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.97 sec][Hostname/SNI: ietf.akaquic.com][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1423/0 4800/0 1549/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] - 8 UDP 192.168.1.128:59171 -> 193.190.10.98:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.94 sec][Hostname/SNI: quicker.edm.uhasselt.be][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1420/0 4800/0 1551/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] - 9 UDP 192.168.1.128:59515 -> 193.190.10.98:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.84 sec][Hostname/SNI: quicker.edm.uhasselt.be][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1406/0 4800/0 1560/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] - 10 UDP 192.168.1.128:60784 -> 3.121.242.54:4433 [proto: 188/QUIC][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.97 sec][Hostname/SNI: ietf.akaquic.com][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1424/0 4800/0 1549/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] - 11 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:32957 -> [2606:4700:10::6816:826]:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][9.99 sec][Hostname/SNI: cloudflare-quic.com][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1427/0 4800/0 1547/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][PLAIN TEXT (uhbU.2)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] - 12 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:41857 -> [2606:4700:10::6816:826]:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][9.86 sec][Hostname/SNI: cloudflare-quic.com][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 151/0 1408/0 4800/0 1559/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] - 13 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:46242 -> [2600:1f18:2310:d230:5103:7d9e:7d75:374f]:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][9.85 sec][Hostname/SNI: test.privateoctopus.com][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1407/0 4800/0 1559/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][PLAIN TEXT (QQ/o746)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] + 1 UDP 192.168.1.128:34511 -> 131.159.24.198:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.94 sec][Hostname/SNI: pandora.cm.in.tum.de][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1419/0 4800/0 1551/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][PLAIN TEXT (SezYZO)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] + 2 UDP 192.168.1.128:37643 -> 71.202.41.169:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.98 sec][Hostname/SNI: 71.202.41.169][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 243/0 1426/0 4801/0 1546/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][PLAIN TEXT (tIABbj)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] + 3 UDP 192.168.1.128:42468 -> 138.91.188.147:4433 [proto: 188.276/QUIC.Azure][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Cloud/13][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.98 sec][Hostname/SNI: quic.westus.cloudapp.azure.com][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1425/0 4800/0 1548/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] + 4 UDP 192.168.1.128:46334 -> 40.112.191.60:443 [proto: 188/QUIC][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.98 sec][Hostname/SNI: f5quic.com][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 241/0 1426/0 4801/0 1545/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] + 5 UDP 192.168.1.128:49658 -> 193.190.10.98:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.96 sec][Hostname/SNI: quicker.edm.uhasselt.be][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1423/0 4800/0 1549/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] + 6 UDP 192.168.1.128:50705 -> 138.91.188.147:4434 [proto: 188.276/QUIC.Azure][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Cloud/13][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.86 sec][Hostname/SNI: quic.westus.cloudapp.azure.com][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1409/0 4800/0 1558/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] + 7 UDP 192.168.1.128:53402 -> 3.121.242.54:4434 [proto: 188/QUIC][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.97 sec][Hostname/SNI: ietf.akaquic.com][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1423/0 4800/0 1549/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] + 8 UDP 192.168.1.128:59171 -> 193.190.10.98:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.94 sec][Hostname/SNI: quicker.edm.uhasselt.be][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1420/0 4800/0 1551/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] + 9 UDP 192.168.1.128:59515 -> 193.190.10.98:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.84 sec][Hostname/SNI: quicker.edm.uhasselt.be][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1406/0 4800/0 1560/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] + 10 UDP 192.168.1.128:60784 -> 3.121.242.54:4433 [proto: 188/QUIC][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][9.97 sec][Hostname/SNI: ietf.akaquic.com][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1424/0 4800/0 1549/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] + 11 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:32957 -> [2606:4700:10::6816:826]:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][9.99 sec][Hostname/SNI: cloudflare-quic.com][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1427/0 4800/0 1547/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][PLAIN TEXT (uhbU.2)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] + 12 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:41857 -> [2606:4700:10::6816:826]:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][9.86 sec][Hostname/SNI: cloudflare-quic.com][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 151/0 1408/0 4800/0 1559/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] + 13 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:46242 -> [2600:1f18:2310:d230:5103:7d9e:7d75:374f]:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][8 pkts/10352 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][9.85 sec][Hostname/SNI: test.privateoctopus.com][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 150/0 1407/0 4800/0 1559/0][Pkt Len c2s/s2c min/avg/max/stddev: 1294/0 1294/0 1294/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][PLAIN TEXT (QQ/o746)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] 14 ICMPV6 [2400:8902::f03c:91ff:fe69:a454]:0 <-> [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:0 [proto: 102/ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/2588 bytes <-> 2 pkts/290 bytes][Goodput ratio: 95/57][0.32 sec][Plen Bins: 0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] - 15 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:44924 <-> [2400:8902::f03c:91ff:fe69:a454]:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/194 bytes][Goodput ratio: 95/36][0.38 sec][Hostname/SNI: nghttp2.org][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] - 16 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:56213 <-> [2400:8902::f03c:91ff:fe69:a454]:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/194 bytes][Goodput ratio: 95/36][0.42 sec][Hostname/SNI: nghttp2.org][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] - 17 UDP 192.168.1.128:39975 <-> 138.91.188.147:443 [proto: 188.276/QUIC.Azure][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Cloud/13][2 pkts/2588 bytes <-> 2 pkts/170 bytes][Goodput ratio: 97/50][0.33 sec][Hostname/SNI: quic.westus.cloudapp.azure.com][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0] - 18 UDP 192.168.1.128:35263 <-> 202.238.220.92:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/138 bytes][Goodput ratio: 97/39][0.41 sec][Hostname/SNI: mew.org][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0] - 19 UDP 192.168.1.128:38933 <-> 202.238.220.92:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/138 bytes][Goodput ratio: 97/39][0.41 sec][Hostname/SNI: mew.org][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0] - 20 UDP 192.168.1.128:46576 <-> 40.112.191.60:4433 [proto: 188/QUIC][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/138 bytes][Goodput ratio: 97/39][0.33 sec][Hostname/SNI: f5quic.com][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0] - 21 UDP 192.168.1.128:53791 <-> 40.112.191.60:4434 [proto: 188/QUIC][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/138 bytes][Goodput ratio: 97/39][0.34 sec][Hostname/SNI: f5quic.com][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0] - 22 UDP 192.168.1.128:37784 <-> 140.227.52.92:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/122 bytes][Goodput ratio: 97/31][0.42 sec][Hostname/SNI: quic.examp1e.net][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0] - 23 UDP 192.168.1.128:42456 <-> 133.242.206.244:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/122 bytes][Goodput ratio: 97/31][0.45 sec][Hostname/SNI: h2o.examp1e.net][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0] - 24 UDP 192.168.1.128:44619 <-> 140.227.52.92:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/122 bytes][Goodput ratio: 97/31][0.42 sec][Hostname/SNI: quic.examp1e.net][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][PLAIN TEXT (GypODF)][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0] - 25 UDP 192.168.1.128:45855 <-> 133.242.206.244:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/122 bytes][Goodput ratio: 97/31][0.46 sec][Hostname/SNI: h2o.examp1e.net][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0] - 26 UDP 192.168.1.128:57926 <-> 140.227.52.92:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/122 bytes][Goodput ratio: 97/31][0.43 sec][Hostname/SNI: quic.examp1e.net][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0] - 27 UDP 192.168.1.128:37661 -> 71.202.41.169:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/2588 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.15 sec][Hostname/SNI: 71.202.41.169][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] - 28 UDP 192.168.1.128:38366 -> 202.238.220.92:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/2588 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.15 sec][Hostname/SNI: mew.org][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] - 29 UDP 192.168.1.128:49151 -> 133.242.206.244:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/2588 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.18 sec][Hostname/SNI: h2o.examp1e.net][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] - 30 UDP 192.168.1.128:50289 -> 71.202.41.169:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/2588 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.15 sec][Hostname/SNI: 71.202.41.169][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][PLAIN TEXT (dCEQah)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] - 31 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:38077 -> [2400:8902::f03c:91ff:fe69:a454]:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/2588 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][0.15 sec][Hostname/SNI: nghttp2.org][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] + 15 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:44924 <-> [2400:8902::f03c:91ff:fe69:a454]:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/194 bytes][Goodput ratio: 95/36][0.38 sec][Hostname/SNI: nghttp2.org][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] + 16 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:56213 <-> [2400:8902::f03c:91ff:fe69:a454]:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/194 bytes][Goodput ratio: 95/36][0.42 sec][Hostname/SNI: nghttp2.org][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] + 17 UDP 192.168.1.128:39975 <-> 138.91.188.147:443 [proto: 188.276/QUIC.Azure][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Cloud/13][2 pkts/2588 bytes <-> 2 pkts/170 bytes][Goodput ratio: 97/50][0.33 sec][Hostname/SNI: quic.westus.cloudapp.azure.com][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0] + 18 UDP 192.168.1.128:35263 <-> 202.238.220.92:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/138 bytes][Goodput ratio: 97/39][0.41 sec][Hostname/SNI: mew.org][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0] + 19 UDP 192.168.1.128:38933 <-> 202.238.220.92:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/138 bytes][Goodput ratio: 97/39][0.41 sec][Hostname/SNI: mew.org][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0] + 20 UDP 192.168.1.128:46576 <-> 40.112.191.60:4433 [proto: 188/QUIC][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/138 bytes][Goodput ratio: 97/39][0.33 sec][Hostname/SNI: f5quic.com][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0] + 21 UDP 192.168.1.128:53791 <-> 40.112.191.60:4434 [proto: 188/QUIC][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/138 bytes][Goodput ratio: 97/39][0.34 sec][Hostname/SNI: f5quic.com][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0] + 22 UDP 192.168.1.128:37784 <-> 140.227.52.92:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/122 bytes][Goodput ratio: 97/31][0.42 sec][Hostname/SNI: quic.examp1e.net][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0] + 23 UDP 192.168.1.128:42456 <-> 133.242.206.244:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/122 bytes][Goodput ratio: 97/31][0.45 sec][Hostname/SNI: h2o.examp1e.net][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0] + 24 UDP 192.168.1.128:44619 <-> 140.227.52.92:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/122 bytes][Goodput ratio: 97/31][0.42 sec][Hostname/SNI: quic.examp1e.net][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][PLAIN TEXT (GypODF)][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0] + 25 UDP 192.168.1.128:45855 <-> 133.242.206.244:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/122 bytes][Goodput ratio: 97/31][0.46 sec][Hostname/SNI: h2o.examp1e.net][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0] + 26 UDP 192.168.1.128:57926 <-> 140.227.52.92:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/2588 bytes <-> 2 pkts/122 bytes][Goodput ratio: 97/31][0.43 sec][Hostname/SNI: quic.examp1e.net][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0] + 27 UDP 192.168.1.128:37661 -> 71.202.41.169:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/2588 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.15 sec][Hostname/SNI: 71.202.41.169][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] + 28 UDP 192.168.1.128:38366 -> 202.238.220.92:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/2588 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.15 sec][Hostname/SNI: mew.org][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] + 29 UDP 192.168.1.128:49151 -> 133.242.206.244:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/2588 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.18 sec][Hostname/SNI: h2o.examp1e.net][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] + 30 UDP 192.168.1.128:50289 -> 71.202.41.169:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/2588 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.15 sec][Hostname/SNI: 71.202.41.169][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][PLAIN TEXT (dCEQah)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] + 31 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:38077 -> [2400:8902::f03c:91ff:fe69:a454]:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/2588 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][0.15 sec][Hostname/SNI: nghttp2.org][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] 32 ICMPV6 [2001:19f0:4:34::1]:0 -> [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:0 [proto: 102/ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/2588 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][0.06 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] 33 ICMPV6 [2001:19f0:5:c21:5400:1ff:fe33:3b96]:0 -> [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:0 [proto: 102/ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/2588 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][0.17 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][PLAIN TEXT (bSuZ88)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] 34 ICMP 51.158.105.98:0 -> 192.168.1.128:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][3 pkts/1770 bytes -> 0 pkts/0 bytes][Goodput ratio: 93/0][0.20 sec][Risk: ** Suspicious Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No client to server traffic / Entropy 7.65][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 35 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:38394 <-> [2600:1f18:2310:d230:5103:7d9e:7d75:374f]:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/113 bytes][Goodput ratio: 95/45][0.14 sec][Hostname/SNI: test.privateoctopus.com][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] - 36 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:52080 <-> [2600:1f18:2310:d230:5103:7d9e:7d75:374f]:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/113 bytes][Goodput ratio: 95/45][0.13 sec][Hostname/SNI: test.privateoctopus.com][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] - 37 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:51040 <-> [2604:a880:800:a1::1279:3001]:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/109 bytes][Goodput ratio: 95/43][0.09 sec][Hostname/SNI: http3-test.litespeedtech.com][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][PLAIN TEXT (bOP/lk)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] - 38 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:53760 <-> [2604:a880:800:a1::1279:3001]:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/109 bytes][Goodput ratio: 95/43][0.09 sec][Hostname/SNI: http3-test.litespeedtech.com][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] - 39 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:48707 <-> [2a00:ac00:4000:400:2e0:4cff:fe68:199d]:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/97 bytes][Goodput ratio: 95/36][0.05 sec][Hostname/SNI: quant.eggert.org][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][PLAIN TEXT (BykFtI)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] - 40 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:52271 <-> [2a00:ac00:4000:400:2e0:4cff:fe68:199d]:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/97 bytes][Goodput ratio: 95/36][0.05 sec][Hostname/SNI: quant.eggert.org][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] - 41 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:60983 <-> [2a00:ac00:4000:400:2e0:4cff:fe68:199d]:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/97 bytes][Goodput ratio: 95/36][0.05 sec][Hostname/SNI: quant.eggert.org][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] - 42 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:35643 <-> [2001:19f0:4:34::1]:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/89 bytes][Goodput ratio: 95/30][0.10 sec][Hostname/SNI: quic.rocks][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] - 43 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:37876 <-> [2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab]:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/89 bytes][Goodput ratio: 95/30][0.04 sec][Hostname/SNI: quic.aiortc.org][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] - 44 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:39945 <-> [2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab]:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/89 bytes][Goodput ratio: 95/30][0.04 sec][Hostname/SNI: quic.aiortc.org][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] - 45 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:44605 <-> [2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab]:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/89 bytes][Goodput ratio: 95/30][0.04 sec][Hostname/SNI: quic.aiortc.org][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] - 46 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:45852 <-> [2001:19f0:5:c21:5400:1ff:fe33:3b96]:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/89 bytes][Goodput ratio: 95/30][0.10 sec][Hostname/SNI: quic.tech][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] - 47 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:46353 <-> [2606:4700:10::6816:826]:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/89 bytes][Goodput ratio: 95/30][0.02 sec][Hostname/SNI: cloudflare-quic.com][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] - 48 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:49788 <-> [2001:4800:7817:101:be76:4eff:fe04:631d]:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/89 bytes][Goodput ratio: 95/30][0.13 sec][Hostname/SNI: quic.ogre.com][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] - 49 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:53140 <-> [2001:4800:7817:101:be76:4eff:fe04:631d]:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/89 bytes][Goodput ratio: 95/30][0.13 sec][Hostname/SNI: quic.ogre.com][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] - 50 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:49270 <-> [2001:bc8:47a4:1c25::1]:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/85 bytes][Goodput ratio: 95/27][0.04 sec][Hostname/SNI: h3.stammw.eu][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] - 51 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:51185 <-> [2001:bc8:47a4:1c25::1]:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/85 bytes][Goodput ratio: 95/27][0.03 sec][Hostname/SNI: h3.stammw.eu][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] - 52 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:60346 <-> [2001:bc8:47a4:1c25::1]:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/85 bytes][Goodput ratio: 95/27][0.03 sec][Hostname/SNI: h3.stammw.eu][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] + 35 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:38394 <-> [2600:1f18:2310:d230:5103:7d9e:7d75:374f]:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/113 bytes][Goodput ratio: 95/45][0.14 sec][Hostname/SNI: test.privateoctopus.com][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] + 36 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:52080 <-> [2600:1f18:2310:d230:5103:7d9e:7d75:374f]:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/113 bytes][Goodput ratio: 95/45][0.13 sec][Hostname/SNI: test.privateoctopus.com][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] + 37 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:51040 <-> [2604:a880:800:a1::1279:3001]:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/109 bytes][Goodput ratio: 95/43][0.09 sec][Hostname/SNI: http3-test.litespeedtech.com][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][PLAIN TEXT (bOP/lk)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] + 38 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:53760 <-> [2604:a880:800:a1::1279:3001]:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/109 bytes][Goodput ratio: 95/43][0.09 sec][Hostname/SNI: http3-test.litespeedtech.com][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] + 39 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:48707 <-> [2a00:ac00:4000:400:2e0:4cff:fe68:199d]:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/97 bytes][Goodput ratio: 95/36][0.05 sec][Hostname/SNI: quant.eggert.org][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][PLAIN TEXT (BykFtI)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] + 40 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:52271 <-> [2a00:ac00:4000:400:2e0:4cff:fe68:199d]:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/97 bytes][Goodput ratio: 95/36][0.05 sec][Hostname/SNI: quant.eggert.org][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] + 41 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:60983 <-> [2a00:ac00:4000:400:2e0:4cff:fe68:199d]:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/97 bytes][Goodput ratio: 95/36][0.05 sec][Hostname/SNI: quant.eggert.org][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] + 42 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:35643 <-> [2001:19f0:4:34::1]:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/89 bytes][Goodput ratio: 95/30][0.10 sec][Hostname/SNI: quic.rocks][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] + 43 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:37876 <-> [2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab]:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/89 bytes][Goodput ratio: 95/30][0.04 sec][Hostname/SNI: quic.aiortc.org][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] + 44 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:39945 <-> [2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab]:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/89 bytes][Goodput ratio: 95/30][0.04 sec][Hostname/SNI: quic.aiortc.org][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] + 45 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:44605 <-> [2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab]:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/89 bytes][Goodput ratio: 95/30][0.04 sec][Hostname/SNI: quic.aiortc.org][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] + 46 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:45852 <-> [2001:19f0:5:c21:5400:1ff:fe33:3b96]:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/89 bytes][Goodput ratio: 95/30][0.10 sec][Hostname/SNI: quic.tech][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] + 47 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:46353 <-> [2606:4700:10::6816:826]:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/89 bytes][Goodput ratio: 95/30][0.02 sec][Hostname/SNI: cloudflare-quic.com][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] + 48 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:49788 <-> [2001:4800:7817:101:be76:4eff:fe04:631d]:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/89 bytes][Goodput ratio: 95/30][0.13 sec][Hostname/SNI: quic.ogre.com][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] + 49 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:53140 <-> [2001:4800:7817:101:be76:4eff:fe04:631d]:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/89 bytes][Goodput ratio: 95/30][0.13 sec][Hostname/SNI: quic.ogre.com][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] + 50 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:49270 <-> [2001:bc8:47a4:1c25::1]:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/85 bytes][Goodput ratio: 95/27][0.04 sec][Hostname/SNI: h3.stammw.eu][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] + 51 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:51185 <-> [2001:bc8:47a4:1c25::1]:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/85 bytes][Goodput ratio: 95/27][0.03 sec][Hostname/SNI: h3.stammw.eu][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] + 52 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:60346 <-> [2001:bc8:47a4:1c25::1]:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/85 bytes][Goodput ratio: 95/27][0.03 sec][Hostname/SNI: h3.stammw.eu][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] 53 ICMP 202.238.220.92:0 <-> 192.168.1.128:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/1180 bytes <-> 2 pkts/194 bytes][Goodput ratio: 93/56][0.28 sec][Risk: ** Suspicious Entropy **][Risk Score: 50][Risk Info: No server to client traffic / Entropy 7.60][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 54 UDP 192.168.1.128:34903 <-> 18.189.84.245:443 [proto: 188/QUIC][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/77 bytes][Goodput ratio: 97/45][0.13 sec][Hostname/SNI: fb.mvfst.net][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0] - 55 UDP 192.168.1.128:43475 <-> 18.189.84.245:4433 [proto: 188/QUIC][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/73 bytes][Goodput ratio: 97/42][0.12 sec][Hostname/SNI: fb.mvfst.net][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0] + 54 UDP 192.168.1.128:34903 <-> 18.189.84.245:443 [proto: 188/QUIC][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/77 bytes][Goodput ratio: 97/45][0.13 sec][Hostname/SNI: fb.mvfst.net][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0] + 55 UDP 192.168.1.128:43475 <-> 18.189.84.245:4433 [proto: 188/QUIC][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/73 bytes][Goodput ratio: 97/42][0.12 sec][Hostname/SNI: fb.mvfst.net][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0] 56 ICMP 133.242.206.244:0 <-> 192.168.1.128:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/1180 bytes <-> 2 pkts/178 bytes][Goodput ratio: 93/53][0.22 sec][Risk: ** Suspicious Entropy **][Risk Score: 50][Risk Info: No client to server traffic / Entropy 7.61][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 57 UDP 192.168.1.128:41587 -> 131.159.24.198:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: pandora.cm.in.tum.de][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] - 58 UDP 192.168.1.128:43735 -> 51.158.105.98:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: quic.seemann.io][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] - 59 UDP 192.168.1.128:45250 -> 51.158.105.98:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: quic.seemann.io][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] - 60 UDP 192.168.1.128:47010 -> 3.121.242.54:443 [proto: 188/QUIC][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: ietf.akaquic.com][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] - 61 UDP 192.168.1.128:48644 -> 131.159.24.198:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: pandora.cm.in.tum.de][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] - 62 UDP 192.168.1.128:51887 -> 51.158.105.98:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: quic.seemann.io][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] - 63 UDP 192.168.1.128:54570 -> 18.189.84.245:4434 [proto: 188/QUIC][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: fb.mvfst.net][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] - 64 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:34442 -> [2001:4800:7817:101:be76:4eff:fe04:631d]:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Hostname/SNI: quic.ogre.com][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] - 65 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:38689 -> [2001:19f0:5:c21:5400:1ff:fe33:3b96]:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Hostname/SNI: quic.tech][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][PLAIN TEXT (bSuZ88)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] - 66 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:39624 -> [2001:19f0:5:c21:5400:1ff:fe33:3b96]:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Hostname/SNI: quic.tech][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] - 67 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:43645 -> [2001:19f0:4:34::1]:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Hostname/SNI: quic.rocks][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] - 68 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:44243 -> [2001:19f0:4:34::1]:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Hostname/SNI: quic.rocks][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] - 69 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:56073 -> [2604:a880:800:a1::1279:3001]:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Hostname/SNI: http3-test.litespeedtech.com][ALPN: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] + 57 UDP 192.168.1.128:41587 -> 131.159.24.198:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: pandora.cm.in.tum.de][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] + 58 UDP 192.168.1.128:43735 -> 51.158.105.98:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: quic.seemann.io][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] + 59 UDP 192.168.1.128:45250 -> 51.158.105.98:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: quic.seemann.io][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] + 60 UDP 192.168.1.128:47010 -> 3.121.242.54:443 [proto: 188/QUIC][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: ietf.akaquic.com][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] + 61 UDP 192.168.1.128:48644 -> 131.159.24.198:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: pandora.cm.in.tum.de][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] + 62 UDP 192.168.1.128:51887 -> 51.158.105.98:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: quic.seemann.io][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] + 63 UDP 192.168.1.128:54570 -> 18.189.84.245:4434 [proto: 188/QUIC][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: fb.mvfst.net][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] + 64 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:34442 -> [2001:4800:7817:101:be76:4eff:fe04:631d]:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Hostname/SNI: quic.ogre.com][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] + 65 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:38689 -> [2001:19f0:5:c21:5400:1ff:fe33:3b96]:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Hostname/SNI: quic.tech][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][PLAIN TEXT (bSuZ88)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] + 66 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:39624 -> [2001:19f0:5:c21:5400:1ff:fe33:3b96]:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Hostname/SNI: quic.tech][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] + 67 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:43645 -> [2001:19f0:4:34::1]:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Hostname/SNI: quic.rocks][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] + 68 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:44243 -> [2001:19f0:4:34::1]:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Hostname/SNI: quic.rocks][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] + 69 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:56073 -> [2604:a880:800:a1::1279:3001]:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Hostname/SNI: http3-test.litespeedtech.com][(Advertised) ALPNs: hq-30;h3-30;hq-29;h3-29;hq-28;h3-28;hq-27;h3-27][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: 7d9e7f6dec1cb1dd8b79d72b1366b6cf][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] 70 ICMPV6 [2604:a880:800:a1::1279:3001]:0 -> [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:0 [proto: 102/ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] 71 ICMPV6 [2001:4800:7817:101:be76:4eff:fe04:631d]:0 -> [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:0 [proto: 102/ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] 72 ICMP 131.159.24.198:0 -> 192.168.1.128:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/1180 bytes -> 0 pkts/0 bytes][Goodput ratio: 93/0][0.14 sec][Risk: ** Suspicious Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No client to server traffic / Entropy 7.62][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/quic_t50.pcap.out b/tests/result/quic_t50.pcap.out index fe0c31a95..8e7d0a0de 100644 --- a/tests/result/quic_t50.pcap.out +++ b/tests/result/quic_t50.pcap.out @@ -14,7 +14,7 @@ Automa host: 1/1 (search/found) Automa domain: 1/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) -Automa common alpns: 0/0 (search/found) +Automa common alpns: 1/1 (search/found) Patricia risk mask: 2/0 (search/found) Patricia risk: 2/0 (search/found) Patricia protocols: 2/0 (search/found) @@ -26,4 +26,4 @@ JA3 Host Stats: 1 40.154.127.200 1 - 1 UDP 40.154.127.200:49836 <-> 166.240.188.209:443 [proto: 188.239/QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][6 pkts/3146 bytes <-> 6 pkts/5274 bytes][Goodput ratio: 92/95][0.42 sec][Hostname/SNI: fonts.googleapis.com][ALPN: h3-T050][TLS Supported Versions: TLSv1.3][bytes ratio: -0.253 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 61/61 178/136 71/62][Pkt Len c2s/s2c min/avg/max/stddev: 75/68 524/879 1392/1392 614/541][User-Agent: Chrome/85.0.4183.83 Windows NT 6.1; Win64; x64][TLSv1.3][JA3C: a2fc589336b7c13b674c1bab24655ce7][Plen Bins: 8,25,8,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,41,0,0,0,0,0] + 1 UDP 40.154.127.200:49836 <-> 166.240.188.209:443 [proto: 188.239/QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][6 pkts/3146 bytes <-> 6 pkts/5274 bytes][Goodput ratio: 92/95][0.42 sec][Hostname/SNI: fonts.googleapis.com][(Advertised) ALPNs: h3-T050][TLS Supported Versions: TLSv1.3][bytes ratio: -0.253 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 61/61 178/136 71/62][Pkt Len c2s/s2c min/avg/max/stddev: 75/68 524/879 1392/1392 614/541][User-Agent: Chrome/85.0.4183.83 Windows NT 6.1; Win64; x64][TLSv1.3][JA3C: a2fc589336b7c13b674c1bab24655ce7][Plen Bins: 8,25,8,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,41,0,0,0,0,0] diff --git a/tests/result/quic_t51.pcap.out b/tests/result/quic_t51.pcap.out index 20b735960..64bd621b0 100644 --- a/tests/result/quic_t51.pcap.out +++ b/tests/result/quic_t51.pcap.out @@ -14,7 +14,7 @@ Automa host: 1/1 (search/found) Automa domain: 1/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) -Automa common alpns: 0/0 (search/found) +Automa common alpns: 1/1 (search/found) Patricia risk mask: 2/0 (search/found) Patricia risk: 2/0 (search/found) Patricia protocols: 2/0 (search/found) @@ -26,4 +26,4 @@ JA3 Host Stats: 1 187.227.136.152 1 - 1 UDP 187.227.136.152:55356 <-> 211.247.147.90:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][171 pkts/29017 bytes <-> 471 pkts/544701 bytes][Goodput ratio: 75/96][90.07 sec][Hostname/SNI: www.google.com][ALPN: h3-T051][TLS Supported Versions: TLSv1.3][bytes ratio: -0.899 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 690/100 24967/10162 3186/822][Pkt Len c2s/s2c min/avg/max/stddev: 75/67 170/1156 1392/1392 256/481][User-Agent: dev Chrome/86.0.4240.9 Windows NT 6.1; Win64; x64][TLSv1.3][JA3C: 92e76078d514999cd950474995dab2b5][PLAIN TEXT (OO RJ/ Q)][Plen Bins: 11,29,2,1,0,2,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,51,0,0,0,0,0] + 1 UDP 187.227.136.152:55356 <-> 211.247.147.90:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][171 pkts/29017 bytes <-> 471 pkts/544701 bytes][Goodput ratio: 75/96][90.07 sec][Hostname/SNI: www.google.com][(Advertised) ALPNs: h3-T051][TLS Supported Versions: TLSv1.3][bytes ratio: -0.899 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 690/100 24967/10162 3186/822][Pkt Len c2s/s2c min/avg/max/stddev: 75/67 170/1156 1392/1392 256/481][User-Agent: dev Chrome/86.0.4240.9 Windows NT 6.1; Win64; x64][TLSv1.3][JA3C: 92e76078d514999cd950474995dab2b5][PLAIN TEXT (OO RJ/ Q)][Plen Bins: 11,29,2,1,0,2,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,51,0,0,0,0,0] diff --git a/tests/result/reddit.pcap.out b/tests/result/reddit.pcap.out index 3808178e5..84957d9cf 100644 --- a/tests/result/reddit.pcap.out +++ b/tests/result/reddit.pcap.out @@ -15,7 +15,7 @@ Automa host: 70/52 (search/found) Automa domain: 70/0 (search/found) Automa tls cert: 2/0 (search/found) Automa risk mask: 0/0 (search/found) -Automa common alpns: 48/48 (search/found) +Automa common alpns: 118/118 (search/found) Patricia risk mask: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia protocols: 0/0 (search/found) @@ -33,63 +33,63 @@ JA3 Host Stats: 1 2a01:cb01:2049:8b07:991d:ec85:28df:f629 1 - 1 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56582 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][1182 pkts/107925 bytes <-> 4298 pkts/6086910 bytes][Goodput ratio: 6/94][9.78 sec][Hostname/SNI: preview.redd.it][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.965 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/1 4593/1685 189/30][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 91/1416 603/9518 31/1058][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: redd.it,*.redd.it][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it][Certificate SHA-1: 3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12][Chrome][Validity: 2020-08-26 00:00:00 - 2021-02-22 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,8,4,1,1,1,0,1,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,70,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8] - 2 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56564 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][595 pkts/60755 bytes <-> 847 pkts/1985632 bytes][Goodput ratio: 16/96][10.35 sec][Hostname/SNI: www.redditstatic.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.941 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/6 2919/3146 144/121][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 102/2344 1474/11614 92/1954][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: www.redditstatic.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com][Certificate SHA-1: 24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8][Chrome][Validity: 2020-08-26 00:00:00 - 2021-02-22 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,2,3,2,1,2,0,0,1,0,0,0,1,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,1,0,1,34,0,0,0,0,0,0,0,0,0,0,1,0,0,0,45] - 3 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:54862 <-> [2a00:1450:4007:806::200e]:443 [proto: 91.124/TLS.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Media/1][253 pkts/27732 bytes <-> 383 pkts/775533 bytes][Goodput ratio: 22/96][10.85 sec][Hostname/SNI: www.youtube.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.931 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 50/31 8435/8445 612/473][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 110/2025 1474/7334 121/1705][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 1,1,2,0,0,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,49,0,0,0,0,0,0,0,0,0,39] - 4 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:48240 <-> [64:ff9b::9765:789d]:443 [proto: 91.120/TLS.Twitter][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][346 pkts/32399 bytes <-> 436 pkts/631157 bytes][Goodput ratio: 8/94][1.45 sec][Hostname/SNI: platform.twitter.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.902 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/3 335/403 27/27][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 94/1448 603/6374 44/1042][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: platform.twitter.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA][Subject: C=US, ST=California, L=San Francisco, O=Twitter, Inc., OU=Twitter Security, CN=platform.twitter.com][Certificate SHA-1: 2B:30:10:3B:07:2F:F2:EB:3D:08:E3:BB:45:61:F7:A3:9F:4C:A7:92][Chrome][Validity: 2020-08-13 00:00:00 - 2021-08-18 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,2,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,32] - 5 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56558 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][404 pkts/183421 bytes <-> 443 pkts/371457 bytes][Goodput ratio: 81/90][14.25 sec][Hostname/SNI: www.reddit.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.339 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 40/18 1287/1228 166/104][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 454/839 1474/6331 591/765][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: reddit.com,*.reddit.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.reddit.com][Certificate SHA-1: DB:E9:D5:FE:EB:EF:68:34:55:FD:62:BA:C9:BB:04:D4:E3:22:18:81][Chrome][Validity: 2020-08-26 00:00:00 - 2021-02-22 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,65,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30] - 6 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:52296 <-> [2a00:1450:4007:815::2016]:443 [proto: 91.124/TLS.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Media/1][60 pkts/6514 bytes <-> 114 pkts/132241 bytes][Goodput ratio: 21/93][9.64 sec][Hostname/SNI: i.ytimg.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.906 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/2 67/67 15/9][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 109/1160 603/3710 78/617][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 1,3,5,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,83,0,0,0,0,0,0,0,0,0,4] - 7 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:51026 <-> [64:ff9b::acd9:12c2]:443 [proto: 91.126/TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Advertisement/101][66 pkts/8507 bytes <-> 80 pkts/125556 bytes][Goodput ratio: 33/95][3.50 sec][Hostname/SNI: securepubads.g.doubleclick.net][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.873 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 57/52 2691/2682 373/334][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 129/1569 1133/5638 165/1322][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 5,6,2,1,0,0,0,1,3,0,0,0,0,2,0,1,1,0,1,0,0,1,1,0,0,0,0,1,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,42,0,0,0,27] - 8 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:46806 <-> [2a00:1450:4007:808::2001]:443 [proto: 91.126/TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][37 pkts/4520 bytes <-> 67 pkts/115565 bytes][Goodput ratio: 29/95][0.23 sec][Hostname/SNI: cdn.ampproject.org][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.925 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/3 37/32 9/7][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 122/1725 603/10958 105/1750][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 1,1,3,0,1,0,0,0,1,1,0,0,0,0,0,0,1,0,3,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,51,0,0,1,0,1,1,1,0,0,29] - 9 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56578 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][57 pkts/7347 bytes <-> 76 pkts/103122 bytes][Goodput ratio: 33/94][11.79 sec][Hostname/SNI: styles.redditmedia.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.867 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 271/71 6900/2972 1125/399][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 129/1357 603/10566 102/1695][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: *.redditmedia.com,redditmedia.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com][Certificate SHA-1: 96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85][Chrome][Validity: 2020-07-27 00:00:00 - 2021-01-23 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,4,13,1,1,0,0,1,1,0,0,1,1,1,0,1,6,2,0,0,1,0,0,0,0,2,1,1,0,0,0,0,35,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23] - 10 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:38320 <-> [64:ff9b::6853:b3b6]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][56 pkts/6503 bytes <-> 62 pkts/97797 bytes][Goodput ratio: 26/95][1.36 sec][Hostname/SNI: c.aaxads.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.875 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/16 501/619 77/87][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 116/1577 665/5638 108/1301][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 1,0,4,3,0,0,1,3,4,0,0,0,0,0,3,0,1,0,3,0,0,0,0,0,0,1,0,0,0,3,0,0,1,0,0,0,0,0,0,1,0,0,9,31,0,0,0,26] - 11 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:47302 <-> [2a00:1450:4007:80c::2003]:443 [proto: 91.126/TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][43 pkts/5078 bytes <-> 71 pkts/73972 bytes][Goodput ratio: 27/92][2.39 sec][Hostname/SNI: fonts.gstatic.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.872 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 73/38 2098/2123 370/274][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 118/1042 603/2502 91/579][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 1,4,5,4,0,0,1,0,1,1,0,0,2,1,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,69,0,0,0,0,1,0,0,0,0,4] - 12 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:50960 <-> [2a00:1450:4007:805::2002]:443 [proto: 91.239/TLS.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][63 pkts/9382 bytes <-> 101 pkts/50108 bytes][Goodput ratio: 42/83][11.54 sec][Hostname/SNI: www.googletagservices.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.685 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 175/97 3298/3291 595/448][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 149/496 1254/2419 170/528][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 5,27,7,4,3,9,1,3,4,0,0,1,1,0,1,2,1,0,1,0,0,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,1,24,0,0,0,0,0,0,0,0,0,1] - 13 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56594 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][56 pkts/6579 bytes <-> 56 pkts/43995 bytes][Goodput ratio: 27/89][10.00 sec][Hostname/SNI: b.thumbs.redditmedia.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.740 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 223/78 6000/1288 917/258][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 117/786 603/1134 85/450][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: *.thumbs.redditmedia.com,thumbs.redditmedia.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.thumbs.redditmedia.com][Certificate SHA-1: FF:F4:6C:CF:D6:FD:64:3E:50:17:A2:DE:B0:F2:B6:9B:76:59:C6:75][Chrome][Validity: 2020-02-18 00:00:00 - 2021-05-14 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,1,15,3,0,0,0,0,3,0,1,0,0,1,3,0,1,3,0,1,0,0,0,0,0,0,0,0,0,1,1,0,63,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 14 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:43492 <-> [64:ff9b::df9:21c6]:443 [proto: 91.178/TLS.Amazon][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][32 pkts/4130 bytes <-> 41 pkts/43404 bytes][Goodput ratio: 33/92][3.33 sec][Hostname/SNI: c.amazon-adsystem.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.826 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 124/83 2442/2482 493/425][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 129/1059 603/2862 111/716][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 5,0,7,2,2,0,0,2,2,5,2,0,0,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,5] - 15 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:36964 <-> [2a00:1450:4007:80f::2001]:443 [proto: 91.126/TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Advertisement/101][32 pkts/4373 bytes <-> 53 pkts/40038 bytes][Goodput ratio: 37/89][0.36 sec][Hostname/SNI: tpc.googlesyndication.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.803 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/5 45/138 11/21][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 137/755 603/2556 117/617][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 3,8,3,0,8,3,1,6,1,3,1,0,1,1,1,0,1,0,1,0,0,0,0,0,1,1,0,0,1,1,0,0,0,0,0,0,1,41,0,0,0,0,0,0,0,0,0,3] - 16 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:39520 <-> [2a00:1450:4007:816::2008]:443 [proto: 91.239/TLS.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][33 pkts/3852 bytes <-> 36 pkts/38105 bytes][Goodput ratio: 26/92][0.21 sec][Hostname/SNI: www.googletagmanager.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.816 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/4 43/38 12/10][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 117/1058 603/2502 99/724][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 8,2,5,0,0,0,0,0,2,0,0,0,0,0,5,0,5,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,54,0,0,0,0,0,0,0,0,0,14] - 17 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:58122 <-> [2a00:1450:4007:805::2001]:443 [proto: 91.124/TLS.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Media/1][34 pkts/4406 bytes <-> 37 pkts/20521 bytes][Goodput ratio: 33/84][9.61 sec][Hostname/SNI: yt3.ggpht.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.646 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 352/8 9266/68 1748/18][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 130/555 603/1294 104/520][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 5,17,5,17,0,0,0,0,2,0,2,0,2,2,0,2,5,0,2,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,32,0,0,0,0,0,0,0,0,0,0] - 18 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:48648 <-> [2620:116:800d:21:f916:5049:f87f:108e]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][22 pkts/3573 bytes <-> 22 pkts/14972 bytes][Goodput ratio: 47/87][0.65 sec][Hostname/SNI: secure.quantserve.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.615 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 21/11 94/78 32/20][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 162/681 603/1474 142/625][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: *.quantserve.com,*.quantcount.com,*.apextag.com,quantserve.com,quantcount.com,apextag.com][JA3S: b898351eb5e266aefd3723d466935494][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA][Subject: C=US, ST=California, L=San Francisco, O=Quantcast Corporation, CN=*.quantserve.com][Certificate SHA-1: 3A:30:B1:4A:CE:62:AF:55:B1:89:FF:0C:CB:69:E3:80:CB:B0:91:90][Chrome][Validity: 2020-10-02 00:00:00 - 2021-10-07 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,9,4,9,0,0,0,0,14,0,0,4,4,0,0,0,4,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0] - 19 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:57282 <-> [2a00:1450:4007:805::2004]:443 [proto: 91.126/TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][20 pkts/2757 bytes <-> 19 pkts/11579 bytes][Goodput ratio: 37/86][0.21 sec][Hostname/SNI: www.google.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.615 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/9 62/67 19/20][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 138/609 603/1294 125/544][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 5,11,11,0,0,0,11,0,5,0,0,0,0,5,0,0,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,39,0,0,0,0,0,0,0,0,0,0] - 20 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56592 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][19 pkts/2787 bytes <-> 18 pkts/10331 bytes][Goodput ratio: 41/85][0.20 sec][Hostname/SNI: emoji.redditmedia.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.575 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/7 52/50 19/17][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 147/574 603/1134 131/477][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: *.redditmedia.com,redditmedia.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com][Certificate SHA-1: 96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85][Chrome][Validity: 2020-07-27 00:00:00 - 2021-01-23 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,5,18,5,0,0,0,0,5,5,0,0,0,0,0,0,11,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,43,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 21 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:40028 <-> [2a00:1450:4007:80a::200a]:443 [proto: 91.239/TLS.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][25 pkts/5078 bytes <-> 28 pkts/7828 bytes][Goodput ratio: 57/69][14.15 sec][Hostname/SNI: safebrowsing.googleapis.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.213 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/634 75/13857 21/2886][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 203/280 910/1294 240/323][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 7,27,15,3,0,0,3,0,0,11,3,0,0,0,0,3,3,0,3,7,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0] - 22 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56782 <-> [64:ff9b::68f4:2ac8]:443 [proto: 91.120/TLS.Twitter][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][23 pkts/5030 bytes <-> 22 pkts/7292 bytes][Goodput ratio: 61/74][4.33 sec][Hostname/SNI: syndication.twitter.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.184 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 216/228 2512/2545 565/587][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 219/331 854/1474 227/405][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: syndication.twitter.com,syndication.twimg.com,syndication-o.twitter.com,syndication-o.twimg.com,cdn.syndication.twitter.com,cdn.syndication.twimg.com][JA3S: 8d2a028aa94425f76ced7826b1f39039][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA][Subject: C=US, ST=California, L=San Francisco, O=Twitter, Inc., OU=lon3, CN=syndication.twitter.com][Certificate SHA-1: 09:D3:FE:9A:3E:39:A7:E2:90:5B:C9:1F:3B:7D:CE:7C:7E:08:1C:6F][Chrome][Validity: 2020-01-02 00:00:00 - 2020-12-24 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,15,0,20,0,0,4,4,4,15,0,0,4,0,4,0,4,0,0,0,4,0,4,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0] - 23 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56640 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][23 pkts/3696 bytes <-> 22 pkts/8527 bytes][Goodput ratio: 46/78][0.57 sec][Hostname/SNI: gateway.reddit.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.395 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27/30 307/307 76/75][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 161/388 603/1134 157/388][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: reddit.com,*.reddit.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.reddit.com][Certificate SHA-1: DB:E9:D5:FE:EB:EF:68:34:55:FD:62:BA:C9:BB:04:D4:E3:22:18:81][Chrome][Validity: 2020-08-26 00:00:00 - 2021-02-22 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,14,20,4,4,0,0,0,4,0,0,4,9,0,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 24 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:46646 <-> [64:ff9b::345f:7ca5]:443 [proto: 91.178/TLS.Amazon][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][14 pkts/3201 bytes <-> 13 pkts/8450 bytes][Goodput ratio: 62/87][0.22 sec][Hostname/SNI: aax-eu.amazon-adsystem.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.451 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/17 60/42 22/16][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 229/650 762/1446 254/571][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: aax-eu.amazon-adsystem.com,aax.amazon-adsystem.com,aax-cpm.amazon-adsystem.com,aax-dtb-web.amazon-adsystem.com][JA3S: 49b45fc1ab090aa3a159778313fc9b9e][Issuer: C=US, O=Amazon, OU=Server CA 1B, CN=Amazon][Subject: CN=aax-eu.amazon-adsystem.com][Certificate SHA-1: 5D:18:8E:CB:B7:91:5C:79:26:B5:08:49:FF:2C:24:D8:06:54:91:8B][Chrome][Validity: 2020-06-15 00:00:00 - 2021-06-15 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,8,0,0,0,0,8,0,0,0,8,0,0,8,8,0,0,0,8,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,0] - 25 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:59624 <-> [2a00:1450:4007:80b::2001]:443 [proto: 91.126/TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Advertisement/101][18 pkts/2649 bytes <-> 17 pkts/8456 bytes][Goodput ratio: 41/83][0.15 sec][Hostname/SNI: 8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.523 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/5 34/33 12/10][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 147/497 603/1294 137/490][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 12,12,12,0,0,0,0,0,0,0,6,0,6,0,6,0,6,0,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0] - 26 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:46808 <-> [2a00:1450:4007:808::2001]:443 [proto: 91.126/TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][15 pkts/1843 bytes <-> 13 pkts/9101 bytes][Goodput ratio: 32/88][0.12 sec][Hostname/SNI: cdn.ampproject.org][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.663 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/5 32/32 11/10][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 123/700 603/1294 129/569][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,10,0,10,0,0,0,0,0,0,0,0,0,0,0,10,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0] - 27 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:46810 <-> [2a00:1450:4007:808::2001]:443 [proto: 91.126/TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][15 pkts/1843 bytes <-> 13 pkts/9100 bytes][Goodput ratio: 32/88][0.12 sec][Hostname/SNI: cdn.ampproject.org][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.663 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/6 31/34 11/11][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 123/700 603/1294 129/569][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,10,0,10,0,0,0,0,0,0,0,0,0,0,0,10,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0] - 28 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:46814 <-> [2a00:1450:4007:808::2001]:443 [proto: 91.126/TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][14 pkts/1769 bytes <-> 13 pkts/9102 bytes][Goodput ratio: 33/88][0.12 sec][Hostname/SNI: cdn.ampproject.org][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.675 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/5 43/36 15/11][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 126/700 603/1294 133/569][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,10,0,10,0,0,0,0,0,0,0,0,0,0,0,10,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0] - 29 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:46812 <-> [2a00:1450:4007:808::2001]:443 [proto: 91.126/TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][14 pkts/1769 bytes <-> 13 pkts/9101 bytes][Goodput ratio: 33/88][0.12 sec][Hostname/SNI: cdn.ampproject.org][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.675 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/5 43/36 15/11][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 126/700 603/1294 133/569][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,10,0,10,0,0,0,0,0,0,0,0,0,0,0,10,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0] - 30 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:39736 <-> [2606:2800:134:1a0d:1429:742:782:b6]:443 [proto: 91.120/TLS.Twitter][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][18 pkts/3180 bytes <-> 18 pkts/7527 bytes][Goodput ratio: 51/79][0.25 sec][Hostname/SNI: cdn.syndication.twimg.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.406 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/9 51/41 19/14][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 177/418 609/1294 176/478][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 11,0,18,11,0,0,0,11,0,0,5,0,5,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,0,0,0,0,0,0,0,0,0] - 31 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:51100 <-> [64:ff9b::d83a:d1e6]:443 [proto: 91.126/TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Advertisement/101][20 pkts/3169 bytes <-> 22 pkts/6495 bytes][Goodput ratio: 45/71][0.25 sec][Hostname/SNI: ad.doubleclick.net][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.344 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/6 50/31 19/9][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 158/295 603/1474 141/415][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 20,24,15,4,0,4,4,0,0,0,0,0,4,0,0,0,4,0,4,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0] - 32 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:47006 <-> [64:ff9b::34d3:acec]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][12 pkts/2260 bytes <-> 11 pkts/7351 bytes][Goodput ratio: 54/87][0.30 sec][Hostname/SNI: d9.flashtalking.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.530 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/31 67/134 23/42][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 188/668 663/1474 202/634][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: tag.device9.com,www.tag.device9.com,fp.zenaps.com,the.sciencebehindecommerce.com,d9.flashtalking.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2][Subject: OU=Domain Control Validated, CN=tag.device9.com][Certificate SHA-1: 8B:5C:A4:62:70:92:3A:09:C3:72:49:B2:A2:22:32:16:22:87:9D:F3][Chrome][Validity: 2020-08-06 10:30:28 - 2021-09-17 11:41:56][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,10,10,10,0,0,0,0,0,0,0,0,0,0,0,0,10,0,10,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,30,0,0,0,0] - 33 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56186 <-> [2600:9000:219c:ee00:6:44e3:f8c0:93a1]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][14 pkts/2163 bytes <-> 13 pkts/7387 bytes][Goodput ratio: 44/85][0.16 sec][Hostname/SNI: rules.quantcount.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.547 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/13 39/40 13/16][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 154/568 603/1294 140/540][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 8,0,25,0,0,0,0,8,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0] - 34 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:59336 <-> [2a00:1450:4007:80b::2002]:443 [proto: 91.126/TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][17 pkts/2490 bytes <-> 16 pkts/7006 bytes][Goodput ratio: 41/80][0.14 sec][Hostname/SNI: adservice.google.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.476 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/5 45/37 12/10][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 146/438 603/1294 132/466][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 13,13,13,0,0,0,6,0,6,0,0,0,0,6,0,0,6,0,6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0] - 35 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:38166 <-> [2a00:1450:4007:811::200a]:443 [proto: 91.239/TLS.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][18 pkts/2582 bytes <-> 17 pkts/6805 bytes][Goodput ratio: 40/78][0.19 sec][Hostname/SNI: fonts.googleapis.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.450 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/9 43/43 13/14][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 143/400 603/1294 130/409][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 12,12,12,0,0,0,6,0,12,0,0,0,0,0,6,6,6,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0] - 36 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:39626 <-> [64:ff9b::2278:cf94]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][16 pkts/2444 bytes <-> 15 pkts/6941 bytes][Goodput ratio: 43/81][0.43 sec][Hostname/SNI: id.rlcdn.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.479 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/33 104/221 29/63][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 153/463 603/1474 135/553][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 14,14,14,7,0,0,0,0,7,0,0,0,0,0,0,0,7,0,7,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,0] - 37 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:44264 <-> [64:ff9b::1736:86f1]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Advertisement/101][14 pkts/3387 bytes <-> 13 pkts/5574 bytes][Goodput ratio: 64/80][0.41 sec][Hostname/SNI: sb.scorecardresearch.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.244 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 35/18 125/117 43/36][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 242/429 620/1474 234/479][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,8,0,0,8,0,0,16,0,8,0,0,0,0,0,34,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0] - 38 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:51006 <-> [2a00:1450:4007:805::2002]:443 [proto: 91.126/TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][16 pkts/2404 bytes <-> 15 pkts/5962 bytes][Goodput ratio: 42/78][0.15 sec][Hostname/SNI: adservice.google.fr][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.425 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/7 52/37 15/11][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 150/397 603/1294 135/433][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 14,14,14,0,0,0,7,0,7,0,0,0,0,0,0,0,7,0,7,7,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0] - 39 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:54726 <-> [2a00:1450:4007:808::2006]:443 [proto: 91.126/TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Advertisement/101][16 pkts/2391 bytes <-> 15 pkts/5296 bytes][Goodput ratio: 42/75][0.22 sec][Hostname/SNI: static.doubleclick.net][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.378 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/9 66/45 24/16][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 149/353 603/1294 134/414][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 14,21,14,0,0,0,0,0,7,0,0,0,7,0,7,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0] - 40 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:32970 <-> [64:ff9b::6853:b3d1]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][11 pkts/2007 bytes <-> 10 pkts/4815 bytes][Goodput ratio: 52/82][0.14 sec][Hostname/SNI: www.aaxdetect.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.412 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/9 62/32 23/13][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 182/482 603/1474 186/513][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,11,0,0,0,0,11,22,0,11,0,0,0,11,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0] - 41 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56574 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][12 pkts/1614 bytes <-> 11 pkts/4917 bytes][Goodput ratio: 38/81][0.14 sec][Hostname/SNI: styles.redditmedia.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.506 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/6 41/38 16/12][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 134/447 603/1134 144/448][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: *.redditmedia.com,redditmedia.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com][Certificate SHA-1: 96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85][Chrome][Validity: 2020-07-27 00:00:00 - 2021-01-23 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,37,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 42 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56576 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][12 pkts/1614 bytes <-> 11 pkts/4917 bytes][Goodput ratio: 38/81][0.14 sec][Hostname/SNI: styles.redditmedia.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.506 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/5 53/38 20/12][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 134/447 603/1134 144/448][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: *.redditmedia.com,redditmedia.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com][Certificate SHA-1: 96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85][Chrome][Validity: 2020-07-27 00:00:00 - 2021-01-23 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,37,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 43 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56590 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][12 pkts/1614 bytes <-> 11 pkts/4917 bytes][Goodput ratio: 38/81][0.15 sec][Hostname/SNI: emoji.redditmedia.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.506 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/7 52/51 20/17][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 134/447 603/1134 144/448][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: *.redditmedia.com,redditmedia.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com][Certificate SHA-1: 96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85][Chrome][Validity: 2020-07-27 00:00:00 - 2021-01-23 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,37,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 44 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56584 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][12 pkts/1614 bytes <-> 11 pkts/4891 bytes][Goodput ratio: 38/80][0.14 sec][Hostname/SNI: preview.redd.it][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.504 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/6 43/43 17/14][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 134/445 603/1134 144/447][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: redd.it,*.redd.it][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it][Certificate SHA-1: 3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12][Chrome][Validity: 2020-08-26 00:00:00 - 2021-02-22 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,0,12,0,0,0,0,0,12,0,0,0,0,0,0,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,38,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 45 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56560 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][9 pkts/1392 bytes <-> 8 pkts/4613 bytes][Goodput ratio: 44/85][0.17 sec][Hostname/SNI: www.reddit.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.536 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 24/17 70/61 29/24][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 155/577 603/1134 161/461][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: reddit.com,*.reddit.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.reddit.com][Certificate SHA-1: DB:E9:D5:FE:EB:EF:68:34:55:FD:62:BA:C9:BB:04:D4:E3:22:18:81][Chrome][Validity: 2020-08-26 00:00:00 - 2021-02-22 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,14,0,0,0,0,0,14,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,42,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 46 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:40030 <-> [2a00:1450:4007:80a::200a]:443 [proto: 91.239/TLS.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][10 pkts/1425 bytes <-> 9 pkts/4279 bytes][Goodput ratio: 41/82][0.14 sec][Hostname/SNI: safebrowsing.googleapis.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.500 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/12 66/66 22/24][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 142/475 603/1294 155/488][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,0,0,0,0,0,0] - 47 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56568 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][10 pkts/1313 bytes <-> 8 pkts/4360 bytes][Goodput ratio: 39/84][0.11 sec][Hostname/SNI: www.redditstatic.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.537 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/15 37/46 15/17][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 131/545 603/1134 157/485][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: www.redditstatic.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com][Certificate SHA-1: 24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8][Chrome][Validity: 2020-08-26 00:00:00 - 2021-02-22 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 48 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56572 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][10 pkts/1313 bytes <-> 8 pkts/4360 bytes][Goodput ratio: 39/84][0.12 sec][Hostname/SNI: www.redditstatic.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.537 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/16 36/56 14/21][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 131/545 603/1134 157/485][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: www.redditstatic.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com][Certificate SHA-1: 24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8][Chrome][Validity: 2020-08-26 00:00:00 - 2021-02-22 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 49 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:51102 <-> [64:ff9b::d83a:d1e6]:443 [proto: 91.126/TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Advertisement/101][10 pkts/1425 bytes <-> 9 pkts/4239 bytes][Goodput ratio: 41/82][0.12 sec][Hostname/SNI: ad.doubleclick.net][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.497 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/6 40/37 18/14][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 142/471 603/1474 155/564][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,16,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0] - 50 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56580 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][9 pkts/1251 bytes <-> 8 pkts/4370 bytes][Goodput ratio: 41/84][0.14 sec][Hostname/SNI: styles.redditmedia.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.555 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/18 49/49 21/22][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 139/546 603/1134 164/485][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: *.redditmedia.com,redditmedia.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com][Certificate SHA-1: 96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85][Chrome][Validity: 2020-07-27 00:00:00 - 2021-01-23 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 51 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56566 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][9 pkts/1239 bytes <-> 8 pkts/4360 bytes][Goodput ratio: 42/84][0.11 sec][Hostname/SNI: www.redditstatic.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.557 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/15 37/46 15/17][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 138/545 603/1134 165/485][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: www.redditstatic.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com][Certificate SHA-1: 24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8][Chrome][Validity: 2020-08-26 00:00:00 - 2021-02-22 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 52 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56570 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][9 pkts/1239 bytes <-> 8 pkts/4360 bytes][Goodput ratio: 42/84][0.11 sec][Hostname/SNI: www.redditstatic.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.557 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/15 37/46 15/17][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 138/545 603/1134 165/485][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: www.redditstatic.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com][Certificate SHA-1: 24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8][Chrome][Validity: 2020-08-26 00:00:00 - 2021-02-22 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 53 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:36966 <-> [2a00:1450:4007:80f::2001]:443 [proto: 91.126/TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Advertisement/101][11 pkts/1499 bytes <-> 9 pkts/4018 bytes][Goodput ratio: 39/81][0.13 sec][Hostname/SNI: tpc.googlesyndication.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.457 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/8 46/40 15/14][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 136/446 603/1294 149/488][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,16,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,0,0,0,0,0,0] - 54 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:36970 <-> [2a00:1450:4007:80f::2001]:443 [proto: 91.126/TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Advertisement/101][11 pkts/1499 bytes <-> 9 pkts/4017 bytes][Goodput ratio: 39/81][0.14 sec][Hostname/SNI: tpc.googlesyndication.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.456 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/9 45/40 16/14][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 136/446 603/1294 149/488][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,16,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,0,0,0,0,0,0] - 55 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:47304 <-> [2a00:1450:4007:80c::2003]:443 [proto: 91.126/TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][10 pkts/1425 bytes <-> 9 pkts/4047 bytes][Goodput ratio: 41/81][0.16 sec][Hostname/SNI: fonts.gstatic.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.479 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/12 73/73 25/27][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 142/450 603/1294 155/487][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,16,0,0,0,0,0,16,0,0,0,0,0,0,0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,0,0,0,0,0,0] - 56 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56562 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][7 pkts/1091 bytes <-> 8 pkts/4360 bytes][Goodput ratio: 47/84][0.11 sec][Hostname/SNI: www.redditstatic.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.600 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 22/9 43/40 18/16][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 156/545 603/1134 183/485][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: www.redditstatic.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com][Certificate SHA-1: 24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8][Chrome][Validity: 2020-08-26 00:00:00 - 2021-02-22 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 57 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:36968 <-> [2a00:1450:4007:80f::2001]:443 [proto: 91.126/TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Advertisement/101][10 pkts/1425 bytes <-> 9 pkts/4016 bytes][Goodput ratio: 41/81][0.14 sec][Hostname/SNI: tpc.googlesyndication.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.476 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/8 47/40 18/15][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 142/446 603/1294 155/488][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,16,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,0,0,0,0,0,0] - 58 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56586 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][7 pkts/1091 bytes <-> 8 pkts/4344 bytes][Goodput ratio: 47/84][0.14 sec][Hostname/SNI: preview.redd.it][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.599 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27/9 54/43 23/17][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 156/543 603/1134 183/485][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: redd.it,*.redd.it][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it][Certificate SHA-1: 3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12][Chrome][Validity: 2020-08-26 00:00:00 - 2021-02-22 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 59 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56588 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][7 pkts/1091 bytes <-> 8 pkts/4344 bytes][Goodput ratio: 47/84][0.14 sec][Hostname/SNI: preview.redd.it][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.599 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27/9 53/42 22/17][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 156/543 603/1134 183/485][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: redd.it,*.redd.it][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it][Certificate SHA-1: 3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12][Chrome][Validity: 2020-08-26 00:00:00 - 2021-02-22 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56582 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][1182 pkts/107925 bytes <-> 4298 pkts/6086910 bytes][Goodput ratio: 6/94][9.78 sec][Hostname/SNI: preview.redd.it][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.965 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/1 4593/1685 189/30][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 91/1416 603/9518 31/1058][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: redd.it,*.redd.it][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it][Certificate SHA-1: 3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12][Chrome][Validity: 2020-08-26 00:00:00 - 2021-02-22 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,8,4,1,1,1,0,1,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,70,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8] + 2 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56564 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][595 pkts/60755 bytes <-> 847 pkts/1985632 bytes][Goodput ratio: 16/96][10.35 sec][Hostname/SNI: www.redditstatic.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.941 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/6 2919/3146 144/121][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 102/2344 1474/11614 92/1954][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: www.redditstatic.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com][Certificate SHA-1: 24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8][Chrome][Validity: 2020-08-26 00:00:00 - 2021-02-22 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,2,3,2,1,2,0,0,1,0,0,0,1,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,1,0,1,34,0,0,0,0,0,0,0,0,0,0,1,0,0,0,45] + 3 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:54862 <-> [2a00:1450:4007:806::200e]:443 [proto: 91.124/TLS.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Media/1][253 pkts/27732 bytes <-> 383 pkts/775533 bytes][Goodput ratio: 22/96][10.85 sec][Hostname/SNI: www.youtube.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.931 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 50/31 8435/8445 612/473][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 110/2025 1474/7334 121/1705][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 1,1,2,0,0,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,49,0,0,0,0,0,0,0,0,0,39] + 4 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:48240 <-> [64:ff9b::9765:789d]:443 [proto: 91.120/TLS.Twitter][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][346 pkts/32399 bytes <-> 436 pkts/631157 bytes][Goodput ratio: 8/94][1.45 sec][Hostname/SNI: platform.twitter.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.902 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/3 335/403 27/27][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 94/1448 603/6374 44/1042][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: platform.twitter.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA][Subject: C=US, ST=California, L=San Francisco, O=Twitter, Inc., OU=Twitter Security, CN=platform.twitter.com][Certificate SHA-1: 2B:30:10:3B:07:2F:F2:EB:3D:08:E3:BB:45:61:F7:A3:9F:4C:A7:92][Chrome][Validity: 2020-08-13 00:00:00 - 2021-08-18 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,2,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,32] + 5 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56558 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][404 pkts/183421 bytes <-> 443 pkts/371457 bytes][Goodput ratio: 81/90][14.25 sec][Hostname/SNI: www.reddit.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.339 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 40/18 1287/1228 166/104][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 454/839 1474/6331 591/765][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: reddit.com,*.reddit.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.reddit.com][Certificate SHA-1: DB:E9:D5:FE:EB:EF:68:34:55:FD:62:BA:C9:BB:04:D4:E3:22:18:81][Chrome][Validity: 2020-08-26 00:00:00 - 2021-02-22 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,65,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30] + 6 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:52296 <-> [2a00:1450:4007:815::2016]:443 [proto: 91.124/TLS.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Media/1][60 pkts/6514 bytes <-> 114 pkts/132241 bytes][Goodput ratio: 21/93][9.64 sec][Hostname/SNI: i.ytimg.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.906 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/2 67/67 15/9][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 109/1160 603/3710 78/617][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 1,3,5,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,83,0,0,0,0,0,0,0,0,0,4] + 7 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:51026 <-> [64:ff9b::acd9:12c2]:443 [proto: 91.126/TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Advertisement/101][66 pkts/8507 bytes <-> 80 pkts/125556 bytes][Goodput ratio: 33/95][3.50 sec][Hostname/SNI: securepubads.g.doubleclick.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.873 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 57/52 2691/2682 373/334][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 129/1569 1133/5638 165/1322][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 5,6,2,1,0,0,0,1,3,0,0,0,0,2,0,1,1,0,1,0,0,1,1,0,0,0,0,1,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,42,0,0,0,27] + 8 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:46806 <-> [2a00:1450:4007:808::2001]:443 [proto: 91.126/TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][37 pkts/4520 bytes <-> 67 pkts/115565 bytes][Goodput ratio: 29/95][0.23 sec][Hostname/SNI: cdn.ampproject.org][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.925 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/3 37/32 9/7][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 122/1725 603/10958 105/1750][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 1,1,3,0,1,0,0,0,1,1,0,0,0,0,0,0,1,0,3,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,51,0,0,1,0,1,1,1,0,0,29] + 9 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56578 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][57 pkts/7347 bytes <-> 76 pkts/103122 bytes][Goodput ratio: 33/94][11.79 sec][Hostname/SNI: styles.redditmedia.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.867 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 271/71 6900/2972 1125/399][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 129/1357 603/10566 102/1695][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: *.redditmedia.com,redditmedia.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com][Certificate SHA-1: 96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85][Chrome][Validity: 2020-07-27 00:00:00 - 2021-01-23 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,4,13,1,1,0,0,1,1,0,0,1,1,1,0,1,6,2,0,0,1,0,0,0,0,2,1,1,0,0,0,0,35,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23] + 10 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:38320 <-> [64:ff9b::6853:b3b6]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][56 pkts/6503 bytes <-> 62 pkts/97797 bytes][Goodput ratio: 26/95][1.36 sec][Hostname/SNI: c.aaxads.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.875 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/16 501/619 77/87][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 116/1577 665/5638 108/1301][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 1,0,4,3,0,0,1,3,4,0,0,0,0,0,3,0,1,0,3,0,0,0,0,0,0,1,0,0,0,3,0,0,1,0,0,0,0,0,0,1,0,0,9,31,0,0,0,26] + 11 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:47302 <-> [2a00:1450:4007:80c::2003]:443 [proto: 91.126/TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][43 pkts/5078 bytes <-> 71 pkts/73972 bytes][Goodput ratio: 27/92][2.39 sec][Hostname/SNI: fonts.gstatic.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.872 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 73/38 2098/2123 370/274][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 118/1042 603/2502 91/579][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 1,4,5,4,0,0,1,0,1,1,0,0,2,1,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,69,0,0,0,0,1,0,0,0,0,4] + 12 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:50960 <-> [2a00:1450:4007:805::2002]:443 [proto: 91.239/TLS.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][63 pkts/9382 bytes <-> 101 pkts/50108 bytes][Goodput ratio: 42/83][11.54 sec][Hostname/SNI: www.googletagservices.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.685 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 175/97 3298/3291 595/448][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 149/496 1254/2419 170/528][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 5,27,7,4,3,9,1,3,4,0,0,1,1,0,1,2,1,0,1,0,0,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,1,24,0,0,0,0,0,0,0,0,0,1] + 13 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56594 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][56 pkts/6579 bytes <-> 56 pkts/43995 bytes][Goodput ratio: 27/89][10.00 sec][Hostname/SNI: b.thumbs.redditmedia.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.740 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 223/78 6000/1288 917/258][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 117/786 603/1134 85/450][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: *.thumbs.redditmedia.com,thumbs.redditmedia.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.thumbs.redditmedia.com][Certificate SHA-1: FF:F4:6C:CF:D6:FD:64:3E:50:17:A2:DE:B0:F2:B6:9B:76:59:C6:75][Chrome][Validity: 2020-02-18 00:00:00 - 2021-05-14 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,1,15,3,0,0,0,0,3,0,1,0,0,1,3,0,1,3,0,1,0,0,0,0,0,0,0,0,0,1,1,0,63,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 14 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:43492 <-> [64:ff9b::df9:21c6]:443 [proto: 91.178/TLS.Amazon][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][32 pkts/4130 bytes <-> 41 pkts/43404 bytes][Goodput ratio: 33/92][3.33 sec][Hostname/SNI: c.amazon-adsystem.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.826 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 124/83 2442/2482 493/425][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 129/1059 603/2862 111/716][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 5,0,7,2,2,0,0,2,2,5,2,0,0,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,5] + 15 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:36964 <-> [2a00:1450:4007:80f::2001]:443 [proto: 91.126/TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Advertisement/101][32 pkts/4373 bytes <-> 53 pkts/40038 bytes][Goodput ratio: 37/89][0.36 sec][Hostname/SNI: tpc.googlesyndication.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.803 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/5 45/138 11/21][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 137/755 603/2556 117/617][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 3,8,3,0,8,3,1,6,1,3,1,0,1,1,1,0,1,0,1,0,0,0,0,0,1,1,0,0,1,1,0,0,0,0,0,0,1,41,0,0,0,0,0,0,0,0,0,3] + 16 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:39520 <-> [2a00:1450:4007:816::2008]:443 [proto: 91.239/TLS.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][33 pkts/3852 bytes <-> 36 pkts/38105 bytes][Goodput ratio: 26/92][0.21 sec][Hostname/SNI: www.googletagmanager.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.816 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/4 43/38 12/10][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 117/1058 603/2502 99/724][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 8,2,5,0,0,0,0,0,2,0,0,0,0,0,5,0,5,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,54,0,0,0,0,0,0,0,0,0,14] + 17 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:58122 <-> [2a00:1450:4007:805::2001]:443 [proto: 91.124/TLS.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Media/1][34 pkts/4406 bytes <-> 37 pkts/20521 bytes][Goodput ratio: 33/84][9.61 sec][Hostname/SNI: yt3.ggpht.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.646 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 352/8 9266/68 1748/18][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 130/555 603/1294 104/520][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 5,17,5,17,0,0,0,0,2,0,2,0,2,2,0,2,5,0,2,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,32,0,0,0,0,0,0,0,0,0,0] + 18 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:48648 <-> [2620:116:800d:21:f916:5049:f87f:108e]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][22 pkts/3573 bytes <-> 22 pkts/14972 bytes][Goodput ratio: 47/87][0.65 sec][Hostname/SNI: secure.quantserve.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.615 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 21/11 94/78 32/20][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 162/681 603/1474 142/625][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: *.quantserve.com,*.quantcount.com,*.apextag.com,quantserve.com,quantcount.com,apextag.com][JA3S: b898351eb5e266aefd3723d466935494][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA][Subject: C=US, ST=California, L=San Francisco, O=Quantcast Corporation, CN=*.quantserve.com][Certificate SHA-1: 3A:30:B1:4A:CE:62:AF:55:B1:89:FF:0C:CB:69:E3:80:CB:B0:91:90][Chrome][Validity: 2020-10-02 00:00:00 - 2021-10-07 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,9,4,9,0,0,0,0,14,0,0,4,4,0,0,0,4,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0] + 19 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:57282 <-> [2a00:1450:4007:805::2004]:443 [proto: 91.126/TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][20 pkts/2757 bytes <-> 19 pkts/11579 bytes][Goodput ratio: 37/86][0.21 sec][Hostname/SNI: www.google.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.615 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/9 62/67 19/20][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 138/609 603/1294 125/544][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 5,11,11,0,0,0,11,0,5,0,0,0,0,5,0,0,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,39,0,0,0,0,0,0,0,0,0,0] + 20 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56592 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][19 pkts/2787 bytes <-> 18 pkts/10331 bytes][Goodput ratio: 41/85][0.20 sec][Hostname/SNI: emoji.redditmedia.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.575 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/7 52/50 19/17][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 147/574 603/1134 131/477][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: *.redditmedia.com,redditmedia.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com][Certificate SHA-1: 96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85][Chrome][Validity: 2020-07-27 00:00:00 - 2021-01-23 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,5,18,5,0,0,0,0,5,5,0,0,0,0,0,0,11,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,43,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 21 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:40028 <-> [2a00:1450:4007:80a::200a]:443 [proto: 91.239/TLS.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][25 pkts/5078 bytes <-> 28 pkts/7828 bytes][Goodput ratio: 57/69][14.15 sec][Hostname/SNI: safebrowsing.googleapis.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.213 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/634 75/13857 21/2886][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 203/280 910/1294 240/323][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 7,27,15,3,0,0,3,0,0,11,3,0,0,0,0,3,3,0,3,7,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0] + 22 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56782 <-> [64:ff9b::68f4:2ac8]:443 [proto: 91.120/TLS.Twitter][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][23 pkts/5030 bytes <-> 22 pkts/7292 bytes][Goodput ratio: 61/74][4.33 sec][Hostname/SNI: syndication.twitter.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.184 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 216/228 2512/2545 565/587][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 219/331 854/1474 227/405][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: syndication.twitter.com,syndication.twimg.com,syndication-o.twitter.com,syndication-o.twimg.com,cdn.syndication.twitter.com,cdn.syndication.twimg.com][JA3S: 8d2a028aa94425f76ced7826b1f39039][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA][Subject: C=US, ST=California, L=San Francisco, O=Twitter, Inc., OU=lon3, CN=syndication.twitter.com][Certificate SHA-1: 09:D3:FE:9A:3E:39:A7:E2:90:5B:C9:1F:3B:7D:CE:7C:7E:08:1C:6F][Chrome][Validity: 2020-01-02 00:00:00 - 2020-12-24 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,15,0,20,0,0,4,4,4,15,0,0,4,0,4,0,4,0,0,0,4,0,4,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0] + 23 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56640 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][23 pkts/3696 bytes <-> 22 pkts/8527 bytes][Goodput ratio: 46/78][0.57 sec][Hostname/SNI: gateway.reddit.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.395 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27/30 307/307 76/75][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 161/388 603/1134 157/388][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: reddit.com,*.reddit.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.reddit.com][Certificate SHA-1: DB:E9:D5:FE:EB:EF:68:34:55:FD:62:BA:C9:BB:04:D4:E3:22:18:81][Chrome][Validity: 2020-08-26 00:00:00 - 2021-02-22 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,14,20,4,4,0,0,0,4,0,0,4,9,0,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 24 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:46646 <-> [64:ff9b::345f:7ca5]:443 [proto: 91.178/TLS.Amazon][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][14 pkts/3201 bytes <-> 13 pkts/8450 bytes][Goodput ratio: 62/87][0.22 sec][Hostname/SNI: aax-eu.amazon-adsystem.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.451 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/17 60/42 22/16][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 229/650 762/1446 254/571][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: aax-eu.amazon-adsystem.com,aax.amazon-adsystem.com,aax-cpm.amazon-adsystem.com,aax-dtb-web.amazon-adsystem.com][JA3S: 49b45fc1ab090aa3a159778313fc9b9e][Issuer: C=US, O=Amazon, OU=Server CA 1B, CN=Amazon][Subject: CN=aax-eu.amazon-adsystem.com][Certificate SHA-1: 5D:18:8E:CB:B7:91:5C:79:26:B5:08:49:FF:2C:24:D8:06:54:91:8B][Chrome][Validity: 2020-06-15 00:00:00 - 2021-06-15 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,8,0,0,0,0,8,0,0,0,8,0,0,8,8,0,0,0,8,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,0] + 25 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:59624 <-> [2a00:1450:4007:80b::2001]:443 [proto: 91.126/TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Advertisement/101][18 pkts/2649 bytes <-> 17 pkts/8456 bytes][Goodput ratio: 41/83][0.15 sec][Hostname/SNI: 8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.523 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/5 34/33 12/10][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 147/497 603/1294 137/490][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 12,12,12,0,0,0,0,0,0,0,6,0,6,0,6,0,6,0,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0] + 26 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:46808 <-> [2a00:1450:4007:808::2001]:443 [proto: 91.126/TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][15 pkts/1843 bytes <-> 13 pkts/9101 bytes][Goodput ratio: 32/88][0.12 sec][Hostname/SNI: cdn.ampproject.org][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.663 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/5 32/32 11/10][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 123/700 603/1294 129/569][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,10,0,10,0,0,0,0,0,0,0,0,0,0,0,10,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0] + 27 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:46810 <-> [2a00:1450:4007:808::2001]:443 [proto: 91.126/TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][15 pkts/1843 bytes <-> 13 pkts/9100 bytes][Goodput ratio: 32/88][0.12 sec][Hostname/SNI: cdn.ampproject.org][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.663 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/6 31/34 11/11][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 123/700 603/1294 129/569][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,10,0,10,0,0,0,0,0,0,0,0,0,0,0,10,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0] + 28 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:46814 <-> [2a00:1450:4007:808::2001]:443 [proto: 91.126/TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][14 pkts/1769 bytes <-> 13 pkts/9102 bytes][Goodput ratio: 33/88][0.12 sec][Hostname/SNI: cdn.ampproject.org][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.675 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/5 43/36 15/11][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 126/700 603/1294 133/569][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,10,0,10,0,0,0,0,0,0,0,0,0,0,0,10,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0] + 29 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:46812 <-> [2a00:1450:4007:808::2001]:443 [proto: 91.126/TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][14 pkts/1769 bytes <-> 13 pkts/9101 bytes][Goodput ratio: 33/88][0.12 sec][Hostname/SNI: cdn.ampproject.org][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.675 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/5 43/36 15/11][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 126/700 603/1294 133/569][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,10,0,10,0,0,0,0,0,0,0,0,0,0,0,10,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0] + 30 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:39736 <-> [2606:2800:134:1a0d:1429:742:782:b6]:443 [proto: 91.120/TLS.Twitter][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][18 pkts/3180 bytes <-> 18 pkts/7527 bytes][Goodput ratio: 51/79][0.25 sec][Hostname/SNI: cdn.syndication.twimg.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.406 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/9 51/41 19/14][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 177/418 609/1294 176/478][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 11,0,18,11,0,0,0,11,0,0,5,0,5,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,0,0,0,0,0,0,0,0,0] + 31 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:51100 <-> [64:ff9b::d83a:d1e6]:443 [proto: 91.126/TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Advertisement/101][20 pkts/3169 bytes <-> 22 pkts/6495 bytes][Goodput ratio: 45/71][0.25 sec][Hostname/SNI: ad.doubleclick.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.344 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/6 50/31 19/9][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 158/295 603/1474 141/415][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 20,24,15,4,0,4,4,0,0,0,0,0,4,0,0,0,4,0,4,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0] + 32 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:47006 <-> [64:ff9b::34d3:acec]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][12 pkts/2260 bytes <-> 11 pkts/7351 bytes][Goodput ratio: 54/87][0.30 sec][Hostname/SNI: d9.flashtalking.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.530 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/31 67/134 23/42][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 188/668 663/1474 202/634][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: tag.device9.com,www.tag.device9.com,fp.zenaps.com,the.sciencebehindecommerce.com,d9.flashtalking.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2][Subject: OU=Domain Control Validated, CN=tag.device9.com][Certificate SHA-1: 8B:5C:A4:62:70:92:3A:09:C3:72:49:B2:A2:22:32:16:22:87:9D:F3][Chrome][Validity: 2020-08-06 10:30:28 - 2021-09-17 11:41:56][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,10,10,10,0,0,0,0,0,0,0,0,0,0,0,0,10,0,10,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,30,0,0,0,0] + 33 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56186 <-> [2600:9000:219c:ee00:6:44e3:f8c0:93a1]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][14 pkts/2163 bytes <-> 13 pkts/7387 bytes][Goodput ratio: 44/85][0.16 sec][Hostname/SNI: rules.quantcount.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.547 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/13 39/40 13/16][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 154/568 603/1294 140/540][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 8,0,25,0,0,0,0,8,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0] + 34 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:59336 <-> [2a00:1450:4007:80b::2002]:443 [proto: 91.126/TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][17 pkts/2490 bytes <-> 16 pkts/7006 bytes][Goodput ratio: 41/80][0.14 sec][Hostname/SNI: adservice.google.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.476 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/5 45/37 12/10][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 146/438 603/1294 132/466][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 13,13,13,0,0,0,6,0,6,0,0,0,0,6,0,0,6,0,6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0] + 35 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:38166 <-> [2a00:1450:4007:811::200a]:443 [proto: 91.239/TLS.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][18 pkts/2582 bytes <-> 17 pkts/6805 bytes][Goodput ratio: 40/78][0.19 sec][Hostname/SNI: fonts.googleapis.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.450 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/9 43/43 13/14][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 143/400 603/1294 130/409][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 12,12,12,0,0,0,6,0,12,0,0,0,0,0,6,6,6,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0] + 36 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:39626 <-> [64:ff9b::2278:cf94]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][16 pkts/2444 bytes <-> 15 pkts/6941 bytes][Goodput ratio: 43/81][0.43 sec][Hostname/SNI: id.rlcdn.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.479 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/33 104/221 29/63][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 153/463 603/1474 135/553][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 14,14,14,7,0,0,0,0,7,0,0,0,0,0,0,0,7,0,7,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,0] + 37 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:44264 <-> [64:ff9b::1736:86f1]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Advertisement/101][14 pkts/3387 bytes <-> 13 pkts/5574 bytes][Goodput ratio: 64/80][0.41 sec][Hostname/SNI: sb.scorecardresearch.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.244 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 35/18 125/117 43/36][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 242/429 620/1474 234/479][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,8,0,0,8,0,0,16,0,8,0,0,0,0,0,34,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0] + 38 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:51006 <-> [2a00:1450:4007:805::2002]:443 [proto: 91.126/TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][16 pkts/2404 bytes <-> 15 pkts/5962 bytes][Goodput ratio: 42/78][0.15 sec][Hostname/SNI: adservice.google.fr][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.425 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/7 52/37 15/11][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 150/397 603/1294 135/433][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 14,14,14,0,0,0,7,0,7,0,0,0,0,0,0,0,7,0,7,7,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0] + 39 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:54726 <-> [2a00:1450:4007:808::2006]:443 [proto: 91.126/TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Advertisement/101][16 pkts/2391 bytes <-> 15 pkts/5296 bytes][Goodput ratio: 42/75][0.22 sec][Hostname/SNI: static.doubleclick.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.378 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/9 66/45 24/16][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 149/353 603/1294 134/414][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 14,21,14,0,0,0,0,0,7,0,0,0,7,0,7,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0] + 40 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:32970 <-> [64:ff9b::6853:b3d1]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][11 pkts/2007 bytes <-> 10 pkts/4815 bytes][Goodput ratio: 52/82][0.14 sec][Hostname/SNI: www.aaxdetect.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.412 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/9 62/32 23/13][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 182/482 603/1474 186/513][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,11,0,0,0,0,11,22,0,11,0,0,0,11,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0] + 41 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56574 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][12 pkts/1614 bytes <-> 11 pkts/4917 bytes][Goodput ratio: 38/81][0.14 sec][Hostname/SNI: styles.redditmedia.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.506 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/6 41/38 16/12][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 134/447 603/1134 144/448][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: *.redditmedia.com,redditmedia.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com][Certificate SHA-1: 96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85][Chrome][Validity: 2020-07-27 00:00:00 - 2021-01-23 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,37,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 42 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56576 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][12 pkts/1614 bytes <-> 11 pkts/4917 bytes][Goodput ratio: 38/81][0.14 sec][Hostname/SNI: styles.redditmedia.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.506 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/5 53/38 20/12][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 134/447 603/1134 144/448][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: *.redditmedia.com,redditmedia.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com][Certificate SHA-1: 96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85][Chrome][Validity: 2020-07-27 00:00:00 - 2021-01-23 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,37,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 43 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56590 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][12 pkts/1614 bytes <-> 11 pkts/4917 bytes][Goodput ratio: 38/81][0.15 sec][Hostname/SNI: emoji.redditmedia.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.506 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/7 52/51 20/17][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 134/447 603/1134 144/448][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: *.redditmedia.com,redditmedia.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com][Certificate SHA-1: 96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85][Chrome][Validity: 2020-07-27 00:00:00 - 2021-01-23 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,37,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 44 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56584 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][12 pkts/1614 bytes <-> 11 pkts/4891 bytes][Goodput ratio: 38/80][0.14 sec][Hostname/SNI: preview.redd.it][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.504 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/6 43/43 17/14][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 134/445 603/1134 144/447][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: redd.it,*.redd.it][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it][Certificate SHA-1: 3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12][Chrome][Validity: 2020-08-26 00:00:00 - 2021-02-22 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,0,12,0,0,0,0,0,12,0,0,0,0,0,0,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,38,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 45 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56560 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][9 pkts/1392 bytes <-> 8 pkts/4613 bytes][Goodput ratio: 44/85][0.17 sec][Hostname/SNI: www.reddit.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.536 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 24/17 70/61 29/24][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 155/577 603/1134 161/461][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: reddit.com,*.reddit.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.reddit.com][Certificate SHA-1: DB:E9:D5:FE:EB:EF:68:34:55:FD:62:BA:C9:BB:04:D4:E3:22:18:81][Chrome][Validity: 2020-08-26 00:00:00 - 2021-02-22 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,14,0,0,0,0,0,14,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,42,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 46 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:40030 <-> [2a00:1450:4007:80a::200a]:443 [proto: 91.239/TLS.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][10 pkts/1425 bytes <-> 9 pkts/4279 bytes][Goodput ratio: 41/82][0.14 sec][Hostname/SNI: safebrowsing.googleapis.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.500 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/12 66/66 22/24][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 142/475 603/1294 155/488][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,0,0,0,0,0,0] + 47 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56568 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][10 pkts/1313 bytes <-> 8 pkts/4360 bytes][Goodput ratio: 39/84][0.11 sec][Hostname/SNI: www.redditstatic.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.537 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/15 37/46 15/17][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 131/545 603/1134 157/485][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: www.redditstatic.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com][Certificate SHA-1: 24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8][Chrome][Validity: 2020-08-26 00:00:00 - 2021-02-22 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 48 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56572 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][10 pkts/1313 bytes <-> 8 pkts/4360 bytes][Goodput ratio: 39/84][0.12 sec][Hostname/SNI: www.redditstatic.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.537 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/16 36/56 14/21][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 131/545 603/1134 157/485][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: www.redditstatic.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com][Certificate SHA-1: 24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8][Chrome][Validity: 2020-08-26 00:00:00 - 2021-02-22 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 49 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:51102 <-> [64:ff9b::d83a:d1e6]:443 [proto: 91.126/TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Advertisement/101][10 pkts/1425 bytes <-> 9 pkts/4239 bytes][Goodput ratio: 41/82][0.12 sec][Hostname/SNI: ad.doubleclick.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.497 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/6 40/37 18/14][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 142/471 603/1474 155/564][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,16,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0] + 50 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56580 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][9 pkts/1251 bytes <-> 8 pkts/4370 bytes][Goodput ratio: 41/84][0.14 sec][Hostname/SNI: styles.redditmedia.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.555 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/18 49/49 21/22][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 139/546 603/1134 164/485][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: *.redditmedia.com,redditmedia.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com][Certificate SHA-1: 96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85][Chrome][Validity: 2020-07-27 00:00:00 - 2021-01-23 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 51 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56566 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][9 pkts/1239 bytes <-> 8 pkts/4360 bytes][Goodput ratio: 42/84][0.11 sec][Hostname/SNI: www.redditstatic.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.557 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/15 37/46 15/17][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 138/545 603/1134 165/485][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: www.redditstatic.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com][Certificate SHA-1: 24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8][Chrome][Validity: 2020-08-26 00:00:00 - 2021-02-22 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 52 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56570 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][9 pkts/1239 bytes <-> 8 pkts/4360 bytes][Goodput ratio: 42/84][0.11 sec][Hostname/SNI: www.redditstatic.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.557 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/15 37/46 15/17][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 138/545 603/1134 165/485][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: www.redditstatic.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com][Certificate SHA-1: 24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8][Chrome][Validity: 2020-08-26 00:00:00 - 2021-02-22 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 53 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:36966 <-> [2a00:1450:4007:80f::2001]:443 [proto: 91.126/TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Advertisement/101][11 pkts/1499 bytes <-> 9 pkts/4018 bytes][Goodput ratio: 39/81][0.13 sec][Hostname/SNI: tpc.googlesyndication.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.457 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/8 46/40 15/14][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 136/446 603/1294 149/488][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,16,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,0,0,0,0,0,0] + 54 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:36970 <-> [2a00:1450:4007:80f::2001]:443 [proto: 91.126/TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Advertisement/101][11 pkts/1499 bytes <-> 9 pkts/4017 bytes][Goodput ratio: 39/81][0.14 sec][Hostname/SNI: tpc.googlesyndication.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.456 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/9 45/40 16/14][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 136/446 603/1294 149/488][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,16,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,0,0,0,0,0,0] + 55 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:47304 <-> [2a00:1450:4007:80c::2003]:443 [proto: 91.126/TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][10 pkts/1425 bytes <-> 9 pkts/4047 bytes][Goodput ratio: 41/81][0.16 sec][Hostname/SNI: fonts.gstatic.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.479 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/12 73/73 25/27][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 142/450 603/1294 155/487][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,16,0,0,0,0,0,16,0,0,0,0,0,0,0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,0,0,0,0,0,0] + 56 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56562 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][7 pkts/1091 bytes <-> 8 pkts/4360 bytes][Goodput ratio: 47/84][0.11 sec][Hostname/SNI: www.redditstatic.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.600 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 22/9 43/40 18/16][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 156/545 603/1134 183/485][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: www.redditstatic.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com][Certificate SHA-1: 24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8][Chrome][Validity: 2020-08-26 00:00:00 - 2021-02-22 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 57 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:36968 <-> [2a00:1450:4007:80f::2001]:443 [proto: 91.126/TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Advertisement/101][10 pkts/1425 bytes <-> 9 pkts/4016 bytes][Goodput ratio: 41/81][0.14 sec][Hostname/SNI: tpc.googlesyndication.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.476 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/8 47/40 18/15][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 142/446 603/1294 155/488][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,16,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,0,0,0,0,0,0] + 58 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56586 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][7 pkts/1091 bytes <-> 8 pkts/4344 bytes][Goodput ratio: 47/84][0.14 sec][Hostname/SNI: preview.redd.it][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.599 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27/9 54/43 23/17][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 156/543 603/1134 183/485][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: redd.it,*.redd.it][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it][Certificate SHA-1: 3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12][Chrome][Validity: 2020-08-26 00:00:00 - 2021-02-22 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 59 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56588 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][7 pkts/1091 bytes <-> 8 pkts/4344 bytes][Goodput ratio: 47/84][0.14 sec][Hostname/SNI: preview.redd.it][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.599 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27/9 53/42 22/17][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 156/543 603/1134 183/485][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: redd.it,*.redd.it][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it][Certificate SHA-1: 3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12][Chrome][Validity: 2020-08-26 00:00:00 - 2021-02-22 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 60 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:36972 <-> [2a00:1450:4007:80f::2001]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][cat: Web/5][2 pkts/168 bytes <-> 1 pkts/94 bytes][Goodput ratio: 0/0][0.04 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/safari.pcap.out b/tests/result/safari.pcap.out index e79f0b2d0..38fcbc9be 100644 --- a/tests/result/safari.pcap.out +++ b/tests/result/safari.pcap.out @@ -26,10 +26,10 @@ JA3 Host Stats: 1 192.168.1.178 2 - 1 TCP 192.168.1.178:55262 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][770 pkts/55268 bytes <-> 1313 pkts/1959863 bytes][Goodput ratio: 8/96][5.92 sec][Hostname/SNI: www.iit.cnr.it][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.945 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/5 3388/3416 146/105][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 72/1493 514/1506 47/126][TLSv1.2][JA3C: a69708a64f853c3bcc214c2c5faf84f3][ServerNames: www.iit.cnr.it][JA3S: 263c859c5391203d774bc0599793d915][Issuer: C=NL, ST=Noord-Holland, L=Amsterdam, O=TERENA, CN=TERENA SSL CA 3][Subject: C=IT, ST=Lazio, L=Roma, O=Consiglio Nazionale delle Ricerche, OU=IIT, CN=www.iit.cnr.it][Certificate SHA-1: C4:F6:98:75:7E:20:5C:B6:33:14:59:3F:CF:26:96:38:D0:4B:73:69][Safari][Validity: 2019-12-10 00:00:00 - 2022-01-05 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,97,0,0] + 1 TCP 192.168.1.178:55262 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][770 pkts/55268 bytes <-> 1313 pkts/1959863 bytes][Goodput ratio: 8/96][5.92 sec][Hostname/SNI: www.iit.cnr.it][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.945 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/5 3388/3416 146/105][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 72/1493 514/1506 47/126][TLSv1.2][JA3C: a69708a64f853c3bcc214c2c5faf84f3][ServerNames: www.iit.cnr.it][JA3S: 263c859c5391203d774bc0599793d915][Issuer: C=NL, ST=Noord-Holland, L=Amsterdam, O=TERENA, CN=TERENA SSL CA 3][Subject: C=IT, ST=Lazio, L=Roma, O=Consiglio Nazionale delle Ricerche, OU=IIT, CN=www.iit.cnr.it][Certificate SHA-1: C4:F6:98:75:7E:20:5C:B6:33:14:59:3F:CF:26:96:38:D0:4B:73:69][Safari][Validity: 2019-12-10 00:00:00 - 2022-01-05 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,97,0,0] 2 TCP 192.168.1.178:55267 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][356 pkts/26392 bytes <-> 571 pkts/841944 bytes][Goodput ratio: 11/96][0.97 sec][Hostname/SNI: www.iit.cnr.it][bytes ratio: -0.939 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/1 84/77 9/6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 74/1475 517/1506 57/196][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: ee4ced3f2d15de4b5cb6fb0a894fec9f][JA3S: fd4bc6cea4877646ccd62f0792ec0b62][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,97,0,0] 3 TCP 192.168.1.178:55268 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][323 pkts/24626 bytes <-> 477 pkts/704321 bytes][Goodput ratio: 13/96][0.91 sec][Hostname/SNI: www.iit.cnr.it][bytes ratio: -0.932 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/1 116/146 12/11][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 76/1477 511/1506 64/189][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: ee4ced3f2d15de4b5cb6fb0a894fec9f][JA3S: fd4bc6cea4877646ccd62f0792ec0b62][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,97,0,0] 4 TCP 192.168.1.178:55265 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][343 pkts/25933 bytes <-> 458 pkts/675289 bytes][Goodput ratio: 13/96][0.98 sec][Hostname/SNI: www.iit.cnr.it][bytes ratio: -0.926 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/1 103/78 10/7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 76/1474 515/1506 62/190][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: ee4ced3f2d15de4b5cb6fb0a894fec9f][JA3S: fd4bc6cea4877646ccd62f0792ec0b62][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,98,0,0] 5 TCP 192.168.1.178:55269 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][307 pkts/22856 bytes <-> 462 pkts/676638 bytes][Goodput ratio: 9/95][0.89 sec][Hostname/SNI: www.iit.cnr.it][bytes ratio: -0.935 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/2 105/147 10/10][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 74/1465 508/1506 51/220][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: ee4ced3f2d15de4b5cb6fb0a894fec9f][JA3S: fd4bc6cea4877646ccd62f0792ec0b62][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,96,0,0] 6 TCP 192.168.1.178:55266 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][250 pkts/20232 bytes <-> 371 pkts/530337 bytes][Goodput ratio: 18/95][0.85 sec][Hostname/SNI: www.iit.cnr.it][bytes ratio: -0.927 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/1 106/77 11/7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 81/1429 503/1506 77/274][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: ee4ced3f2d15de4b5cb6fb0a894fec9f][JA3S: fd4bc6cea4877646ccd62f0792ec0b62][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,1,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,95,0,0] - 7 TCP 192.168.1.178:55285 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][9 pkts/1312 bytes <-> 9 pkts/5298 bytes][Goodput ratio: 54/89][0.13 sec][Hostname/SNI: www.iit.cnr.it][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.603 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/9 33/28 14/12][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 146/589 444/1506 129/618][TLSv1.2][JA3C: a69708a64f853c3bcc214c2c5faf84f3][ServerNames: www.iit.cnr.it][JA3S: 263c859c5391203d774bc0599793d915][Issuer: C=NL, ST=Noord-Holland, L=Amsterdam, O=TERENA, CN=TERENA SSL CA 3][Subject: C=IT, ST=Lazio, L=Roma, O=Consiglio Nazionale delle Ricerche, OU=IIT, CN=www.iit.cnr.it][Certificate SHA-1: C4:F6:98:75:7E:20:5C:B6:33:14:59:3F:CF:26:96:38:D0:4B:73:69][Safari][Validity: 2019-12-10 00:00:00 - 2022-01-05 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,12,12,0,0,0,0,12,0,0,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,25,0,0] + 7 TCP 192.168.1.178:55285 <-> 146.48.58.18:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][9 pkts/1312 bytes <-> 9 pkts/5298 bytes][Goodput ratio: 54/89][0.13 sec][Hostname/SNI: www.iit.cnr.it][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.603 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/9 33/28 14/12][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 146/589 444/1506 129/618][TLSv1.2][JA3C: a69708a64f853c3bcc214c2c5faf84f3][ServerNames: www.iit.cnr.it][JA3S: 263c859c5391203d774bc0599793d915][Issuer: C=NL, ST=Noord-Holland, L=Amsterdam, O=TERENA, CN=TERENA SSL CA 3][Subject: C=IT, ST=Lazio, L=Roma, O=Consiglio Nazionale delle Ricerche, OU=IIT, CN=www.iit.cnr.it][Certificate SHA-1: C4:F6:98:75:7E:20:5C:B6:33:14:59:3F:CF:26:96:38:D0:4B:73:69][Safari][Validity: 2019-12-10 00:00:00 - 2022-01-05 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,12,12,0,0,0,0,12,0,0,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,25,0,0] diff --git a/tests/result/salesforce.pcap.out b/tests/result/salesforce.pcap.out index e5b259201..6a79417be 100644 --- a/tests/result/salesforce.pcap.out +++ b/tests/result/salesforce.pcap.out @@ -26,4 +26,4 @@ JA3 Host Stats: 1 192.168.1.178 1 - 1 TCP 192.168.1.178:54399 <-> 85.222.142.6:443 [proto: 91.266/TLS.Salesforce][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Cloud/13][8 pkts/1150 bytes <-> 7 pkts/4055 bytes][Goodput ratio: 53/88][0.15 sec][Hostname/SNI: help.salesforce.com][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.558 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/5 28/25 13/10][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 144/579 583/1506 169/616][TLSv1.2][JA3C: 7570245c781d7d7a68e31419177e728d][ServerNames: support.salesforce.com,help.salesforce.com][JA3S: 263c859c5391203d774bc0599793d915][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=US, ST=California, L=San Francisco, O=salesforce.com, inc., CN=support.salesforce.com][Certificate SHA-1: 69:0B:02:F6:58:63:79:69:21:33:61:1A:5C:3D:6A:BD:FC:55:0C:6F][Safari][Validity: 2021-06-07 00:00:00 - 2022-06-06 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,14,28,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0] + 1 TCP 192.168.1.178:54399 <-> 85.222.142.6:443 [proto: 91.266/TLS.Salesforce][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Cloud/13][8 pkts/1150 bytes <-> 7 pkts/4055 bytes][Goodput ratio: 53/88][0.15 sec][Hostname/SNI: help.salesforce.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.558 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/5 28/25 13/10][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 144/579 583/1506 169/616][TLSv1.2][JA3C: 7570245c781d7d7a68e31419177e728d][ServerNames: support.salesforce.com,help.salesforce.com][JA3S: 263c859c5391203d774bc0599793d915][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=US, ST=California, L=San Francisco, O=salesforce.com, inc., CN=support.salesforce.com][Certificate SHA-1: 69:0B:02:F6:58:63:79:69:21:33:61:1A:5C:3D:6A:BD:FC:55:0C:6F][Safari][Validity: 2021-06-07 00:00:00 - 2022-06-06 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,14,28,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0] diff --git a/tests/result/selfsigned.pcap.out b/tests/result/selfsigned.pcap.out index d831cae99..b818fe61a 100644 --- a/tests/result/selfsigned.pcap.out +++ b/tests/result/selfsigned.pcap.out @@ -14,7 +14,7 @@ Automa host: 1/0 (search/found) Automa domain: 1/0 (search/found) Automa tls cert: 1/1 (search/found) Automa risk mask: 1/0 (search/found) -Automa common alpns: 0/0 (search/found) +Automa common alpns: 2/2 (search/found) Patricia risk mask: 2/0 (search/found) Patricia risk: 0/0 (search/found) Patricia protocols: 2/0 (search/found) @@ -26,4 +26,4 @@ JA3 Host Stats: 1 127.0.0.1 1 - 1 TCP 127.0.0.1:51607 <-> 127.0.0.1:3001 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][10 pkts/1421 bytes <-> 10 pkts/2345 bytes][Goodput ratio: 60/76][0.05 sec][Hostname/SNI: localhost][ALPN: h2;http/1.1][bytes ratio: -0.245 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/7 32/32 10/11][Pkt Len c2s/s2c min/avg/max/stddev: 56/44 142/234 573/1413 156/408][Risk: ** Known Proto on Non Std Port **** Self-signed Cert **** TLS Cert Expired **][Risk Score: 250][Risk Info: 10/Oct/2015 15:55:47 - 09/Oct/2016 15:55:47 / C=IT, ST=Some-State, O=ntop.org][TLSv1.2][JA3C: 2a26b1a62e40d25d4de3babc9d532f30][JA3S: 0debd3853f330c574b05e0b6d882dc27][Issuer: C=IT, ST=Some-State, O=ntop.org][Subject: C=IT, ST=Some-State, O=ntop.org][Certificate SHA-1: AF:CC:98:49:F2:00:0E:05:21:18:6C:77:5F:2A:CF:10:44:6E:D8:8B][Firefox][Validity: 2015-10-10 15:55:47 - 2016-10-09 15:55:47][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 14,14,0,14,0,0,14,0,0,0,0,14,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0] + 1 TCP 127.0.0.1:51607 <-> 127.0.0.1:3001 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][10 pkts/1421 bytes <-> 10 pkts/2345 bytes][Goodput ratio: 60/76][0.05 sec][Hostname/SNI: localhost][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.245 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/7 32/32 10/11][Pkt Len c2s/s2c min/avg/max/stddev: 56/44 142/234 573/1413 156/408][Risk: ** Known Proto on Non Std Port **** Self-signed Cert **** TLS Cert Expired **][Risk Score: 250][Risk Info: 10/Oct/2015 15:55:47 - 09/Oct/2016 15:55:47 / C=IT, ST=Some-State, O=ntop.org][TLSv1.2][JA3C: 2a26b1a62e40d25d4de3babc9d532f30][JA3S: 0debd3853f330c574b05e0b6d882dc27][Issuer: C=IT, ST=Some-State, O=ntop.org][Subject: C=IT, ST=Some-State, O=ntop.org][Certificate SHA-1: AF:CC:98:49:F2:00:0E:05:21:18:6C:77:5F:2A:CF:10:44:6E:D8:8B][Firefox][Validity: 2015-10-10 15:55:47 - 2016-10-09 15:55:47][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 14,14,0,14,0,0,14,0,0,0,0,14,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0] diff --git a/tests/result/signal.pcap.out b/tests/result/signal.pcap.out index 571403cef..0add6763a 100644 --- a/tests/result/signal.pcap.out +++ b/tests/result/signal.pcap.out @@ -16,7 +16,7 @@ Automa host: 16/14 (search/found) Automa domain: 16/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 2/0 (search/found) -Automa common alpns: 16/16 (search/found) +Automa common alpns: 20/20 (search/found) Patricia risk mask: 36/0 (search/found) Patricia risk: 2/0 (search/found) Patricia protocols: 27/11 (search/found) @@ -33,17 +33,17 @@ JA3 Host Stats: 1 192.168.2.17 3 - 1 TCP 192.168.2.17:57027 <-> 13.35.253.42:443 [proto: 91.39/TLS.Signal][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Chat/9][170 pkts/206962 bytes <-> 95 pkts/9293 bytes][Goodput ratio: 95/32][0.48 sec][Hostname/SNI: cdn.signal.org][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: 0.914 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/3 39/47 6/10][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1217/98 1506/1506 548/175][TLSv1.2][JA3C: 6725ca90906e1036febcbfd464e2e326][ServerNames: cdn.signal.org][JA3S: c4b2785a87896e19d37eee932070cb22][Issuer: C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure][Subject: C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=cdn.signal.org][Certificate SHA-1: 81:3D:8A:2E:EE:B2:E1:F4:1C:2B:6D:20:16:54:B2:C1:87:D0:1E:12][Safari][Validity: 2019-02-15 17:38:17 - 2029-03-12 18:19:50][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 1,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,84,0,0] - 2 TCP 192.168.2.17:57026 <-> 35.169.3.40:443 [proto: 91.39/TLS.Signal][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Chat/9][22 pkts/13757 bytes <-> 16 pkts/6493 bytes][Goodput ratio: 89/84][0.57 sec][Hostname/SNI: textsecure-service.whispersystems.org][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: 0.359 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/20 112/114 35/41][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 625/406 1506/1506 629/565][TLSv1.2][JA3C: 6725ca90906e1036febcbfd464e2e326][ServerNames: textsecure-service.whispersystems.org,service.signal.org][JA3S: 1089ea6f0461a29006cc96dfe7a11d80][Issuer: C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure][Subject: C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org][Certificate SHA-1: 5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B][Safari][Validity: 2019-02-15 17:38:17 - 2029-03-12 18:20:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,25,8,4,0,0,0,4,0,4,0,0,0,0,0,0,4,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,4,0,0,0,37,0,0] - 3 TCP 192.168.2.17:57022 <-> 23.57.24.16:443 [proto: 91.145/TLS.AppleiTunes][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Streaming/17][24 pkts/2540 bytes <-> 21 pkts/12673 bytes][Goodput ratio: 38/89][0.40 sec][Hostname/SNI: itunes.apple.com][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.666 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/14 124/83 35/28][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 106/603 583/1506 105/574][TLSv1.3][JA3C: 17305a56a62a10f6b0ee8edcc3b1769c][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 13,17,8,0,4,0,0,0,8,0,0,4,0,0,0,0,4,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,4,0,0,0,0,0,0,17,0,0] - 4 TCP 192.168.2.17:57018 <-> 23.57.24.16:443 [proto: 91.145/TLS.AppleiTunes][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Streaming/17][25 pkts/2582 bytes <-> 20 pkts/12000 bytes][Goodput ratio: 37/89][0.24 sec][Hostname/SNI: itunes.apple.com][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.646 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/10 47/52 16/19][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 103/600 583/1506 103/588][TLSv1.3][JA3C: 17305a56a62a10f6b0ee8edcc3b1769c][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 13,18,9,0,4,0,0,0,9,0,0,4,0,0,0,0,4,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,4,0,0,0,0,0,0,18,0,0] + 1 TCP 192.168.2.17:57027 <-> 13.35.253.42:443 [proto: 91.39/TLS.Signal][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Chat/9][170 pkts/206962 bytes <-> 95 pkts/9293 bytes][Goodput ratio: 95/32][0.48 sec][Hostname/SNI: cdn.signal.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: 0.914 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/3 39/47 6/10][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1217/98 1506/1506 548/175][TLSv1.2][JA3C: 6725ca90906e1036febcbfd464e2e326][ServerNames: cdn.signal.org][JA3S: c4b2785a87896e19d37eee932070cb22][Issuer: C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure][Subject: C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=cdn.signal.org][Certificate SHA-1: 81:3D:8A:2E:EE:B2:E1:F4:1C:2B:6D:20:16:54:B2:C1:87:D0:1E:12][Safari][Validity: 2019-02-15 17:38:17 - 2029-03-12 18:19:50][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 1,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,84,0,0] + 2 TCP 192.168.2.17:57026 <-> 35.169.3.40:443 [proto: 91.39/TLS.Signal][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Chat/9][22 pkts/13757 bytes <-> 16 pkts/6493 bytes][Goodput ratio: 89/84][0.57 sec][Hostname/SNI: textsecure-service.whispersystems.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: 0.359 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/20 112/114 35/41][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 625/406 1506/1506 629/565][TLSv1.2][JA3C: 6725ca90906e1036febcbfd464e2e326][ServerNames: textsecure-service.whispersystems.org,service.signal.org][JA3S: 1089ea6f0461a29006cc96dfe7a11d80][Issuer: C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure][Subject: C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org][Certificate SHA-1: 5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B][Safari][Validity: 2019-02-15 17:38:17 - 2029-03-12 18:20:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,25,8,4,0,0,0,4,0,4,0,0,0,0,0,0,4,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,4,0,0,0,37,0,0] + 3 TCP 192.168.2.17:57022 <-> 23.57.24.16:443 [proto: 91.145/TLS.AppleiTunes][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Streaming/17][24 pkts/2540 bytes <-> 21 pkts/12673 bytes][Goodput ratio: 38/89][0.40 sec][Hostname/SNI: itunes.apple.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.666 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/14 124/83 35/28][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 106/603 583/1506 105/574][TLSv1.3][JA3C: 17305a56a62a10f6b0ee8edcc3b1769c][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 13,17,8,0,4,0,0,0,8,0,0,4,0,0,0,0,4,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,4,0,0,0,0,0,0,17,0,0] + 4 TCP 192.168.2.17:57018 <-> 23.57.24.16:443 [proto: 91.145/TLS.AppleiTunes][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Streaming/17][25 pkts/2582 bytes <-> 20 pkts/12000 bytes][Goodput ratio: 37/89][0.24 sec][Hostname/SNI: itunes.apple.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.646 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/10 47/52 16/19][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 103/600 583/1506 103/588][TLSv1.3][JA3C: 17305a56a62a10f6b0ee8edcc3b1769c][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 13,18,9,0,4,0,0,0,9,0,0,4,0,0,0,0,4,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,4,0,0,0,0,0,0,18,0,0] 5 TCP 192.168.2.17:49227 <-> 35.169.3.40:443 [proto: 91.39/TLS.Signal][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Chat/9][13 pkts/1808 bytes <-> 12 pkts/4355 bytes][Goodput ratio: 52/82][3.03 sec][Hostname/SNI: textsecure-service.whispersystems.org][bytes ratio: -0.413 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 62/293 115/2199 52/677][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 139/363 502/1506 120/471][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][ServerNames: textsecure-service.whispersystems.org,service.signal.org][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure][Subject: C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org][Certificate SHA-1: 5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B][Firefox][Validity: 2019-02-15 17:38:17 - 2029-03-12 18:20:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,25,16,8,0,0,8,8,0,0,0,0,0,8,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0] - 6 TCP 192.168.2.17:57024 <-> 35.169.3.40:443 [proto: 91.39/TLS.Signal][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Chat/9][15 pkts/2054 bytes <-> 11 pkts/3775 bytes][Goodput ratio: 51/81][0.59 sec][Hostname/SNI: textsecure-service.whispersystems.org][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.295 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 30/59 167/186 55/77][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 137/343 583/1506 134/472][TLSv1.2][JA3C: 6725ca90906e1036febcbfd464e2e326][ServerNames: textsecure-service.whispersystems.org,service.signal.org][JA3S: 1089ea6f0461a29006cc96dfe7a11d80][Issuer: C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure][Subject: C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org][Certificate SHA-1: 5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B][Safari][Validity: 2019-02-15 17:38:17 - 2029-03-12 18:20:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,50,7,7,0,0,0,7,0,0,0,7,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0] - 7 TCP 192.168.2.17:57021 <-> 34.225.240.173:443 [proto: 91.39/TLS.Signal][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Chat/9][16 pkts/2108 bytes <-> 10 pkts/3709 bytes][Goodput ratio: 50/82][13.48 sec][Hostname/SNI: textsecure-service.whispersystems.org][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.275 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1020/50 13018/120 3464/57][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 132/371 583/1506 131/486][TLSv1.2][JA3C: 6725ca90906e1036febcbfd464e2e326][ServerNames: textsecure-service.whispersystems.org,service.signal.org][JA3S: 1089ea6f0461a29006cc96dfe7a11d80][Issuer: C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure][Subject: C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org][Certificate SHA-1: 5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B][Safari][Validity: 2019-02-15 17:38:17 - 2029-03-12 18:20:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,50,7,7,0,0,0,7,0,0,0,7,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0] - 8 TCP 192.168.2.17:57020 <-> 34.225.240.173:443 [proto: 91.39/TLS.Signal][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Chat/9][16 pkts/2103 bytes <-> 11 pkts/3562 bytes][Goodput ratio: 50/79][13.49 sec][Hostname/SNI: textsecure-service.whispersystems.org][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.258 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1019/44 13011/122 3462/57][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 131/324 583/1506 130/472][TLSv1.2][JA3C: 6725ca90906e1036febcbfd464e2e326][ServerNames: textsecure-service.whispersystems.org,service.signal.org][JA3S: 1089ea6f0461a29006cc96dfe7a11d80][Issuer: C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure][Subject: C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org][Certificate SHA-1: 5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B][Safari][Validity: 2019-02-15 17:38:17 - 2029-03-12 18:20:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,50,7,7,7,0,7,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0] - 9 TCP 192.168.2.17:57019 <-> 34.225.240.173:443 [proto: 91.39/TLS.Signal][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Chat/9][16 pkts/2095 bytes <-> 11 pkts/3527 bytes][Goodput ratio: 50/79][13.49 sec][Hostname/SNI: textsecure-service.whispersystems.org][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.255 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1020/43 13026/120 3466/55][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 131/321 583/1506 130/473][TLSv1.2][JA3C: 6725ca90906e1036febcbfd464e2e326][ServerNames: textsecure-service.whispersystems.org,service.signal.org][JA3S: 1089ea6f0461a29006cc96dfe7a11d80][Issuer: C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure][Subject: C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org][Certificate SHA-1: 5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B][Safari][Validity: 2019-02-15 17:38:17 - 2029-03-12 18:20:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,50,7,14,0,0,7,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0] - 10 TCP 192.168.2.17:57023 <-> 35.169.3.40:443 [proto: 91.39/TLS.Signal][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Chat/9][15 pkts/2049 bytes <-> 11 pkts/3562 bytes][Goodput ratio: 51/79][0.58 sec][Hostname/SNI: textsecure-service.whispersystems.org][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.270 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 30/58 168/181 54/76][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 137/324 583/1506 133/472][TLSv1.2][JA3C: 6725ca90906e1036febcbfd464e2e326][ServerNames: textsecure-service.whispersystems.org,service.signal.org][JA3S: 1089ea6f0461a29006cc96dfe7a11d80][Issuer: C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure][Subject: C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org][Certificate SHA-1: 5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B][Safari][Validity: 2019-02-15 17:38:17 - 2029-03-12 18:20:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,50,7,7,7,0,7,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0] - 11 TCP 192.168.2.17:57025 <-> 35.169.3.40:443 [proto: 91.39/TLS.Signal][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Chat/9][15 pkts/2041 bytes <-> 11 pkts/3527 bytes][Goodput ratio: 51/79][0.58 sec][Hostname/SNI: textsecure-service.whispersystems.org][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.267 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 30/58 166/184 54/77][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 136/321 583/1506 133/473][TLSv1.2][JA3C: 6725ca90906e1036febcbfd464e2e326][ServerNames: textsecure-service.whispersystems.org,service.signal.org][JA3S: 1089ea6f0461a29006cc96dfe7a11d80][Issuer: C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure][Subject: C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org][Certificate SHA-1: 5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B][Safari][Validity: 2019-02-15 17:38:17 - 2029-03-12 18:20:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,50,7,14,0,0,7,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0] + 6 TCP 192.168.2.17:57024 <-> 35.169.3.40:443 [proto: 91.39/TLS.Signal][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Chat/9][15 pkts/2054 bytes <-> 11 pkts/3775 bytes][Goodput ratio: 51/81][0.59 sec][Hostname/SNI: textsecure-service.whispersystems.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.295 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 30/59 167/186 55/77][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 137/343 583/1506 134/472][TLSv1.2][JA3C: 6725ca90906e1036febcbfd464e2e326][ServerNames: textsecure-service.whispersystems.org,service.signal.org][JA3S: 1089ea6f0461a29006cc96dfe7a11d80][Issuer: C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure][Subject: C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org][Certificate SHA-1: 5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B][Safari][Validity: 2019-02-15 17:38:17 - 2029-03-12 18:20:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,50,7,7,0,0,0,7,0,0,0,7,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0] + 7 TCP 192.168.2.17:57021 <-> 34.225.240.173:443 [proto: 91.39/TLS.Signal][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Chat/9][16 pkts/2108 bytes <-> 10 pkts/3709 bytes][Goodput ratio: 50/82][13.48 sec][Hostname/SNI: textsecure-service.whispersystems.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.275 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1020/50 13018/120 3464/57][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 132/371 583/1506 131/486][TLSv1.2][JA3C: 6725ca90906e1036febcbfd464e2e326][ServerNames: textsecure-service.whispersystems.org,service.signal.org][JA3S: 1089ea6f0461a29006cc96dfe7a11d80][Issuer: C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure][Subject: C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org][Certificate SHA-1: 5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B][Safari][Validity: 2019-02-15 17:38:17 - 2029-03-12 18:20:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,50,7,7,0,0,0,7,0,0,0,7,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0] + 8 TCP 192.168.2.17:57020 <-> 34.225.240.173:443 [proto: 91.39/TLS.Signal][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Chat/9][16 pkts/2103 bytes <-> 11 pkts/3562 bytes][Goodput ratio: 50/79][13.49 sec][Hostname/SNI: textsecure-service.whispersystems.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.258 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1019/44 13011/122 3462/57][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 131/324 583/1506 130/472][TLSv1.2][JA3C: 6725ca90906e1036febcbfd464e2e326][ServerNames: textsecure-service.whispersystems.org,service.signal.org][JA3S: 1089ea6f0461a29006cc96dfe7a11d80][Issuer: C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure][Subject: C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org][Certificate SHA-1: 5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B][Safari][Validity: 2019-02-15 17:38:17 - 2029-03-12 18:20:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,50,7,7,7,0,7,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0] + 9 TCP 192.168.2.17:57019 <-> 34.225.240.173:443 [proto: 91.39/TLS.Signal][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Chat/9][16 pkts/2095 bytes <-> 11 pkts/3527 bytes][Goodput ratio: 50/79][13.49 sec][Hostname/SNI: textsecure-service.whispersystems.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.255 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1020/43 13026/120 3466/55][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 131/321 583/1506 130/473][TLSv1.2][JA3C: 6725ca90906e1036febcbfd464e2e326][ServerNames: textsecure-service.whispersystems.org,service.signal.org][JA3S: 1089ea6f0461a29006cc96dfe7a11d80][Issuer: C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure][Subject: C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org][Certificate SHA-1: 5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B][Safari][Validity: 2019-02-15 17:38:17 - 2029-03-12 18:20:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,50,7,14,0,0,7,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0] + 10 TCP 192.168.2.17:57023 <-> 35.169.3.40:443 [proto: 91.39/TLS.Signal][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Chat/9][15 pkts/2049 bytes <-> 11 pkts/3562 bytes][Goodput ratio: 51/79][0.58 sec][Hostname/SNI: textsecure-service.whispersystems.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.270 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 30/58 168/181 54/76][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 137/324 583/1506 133/472][TLSv1.2][JA3C: 6725ca90906e1036febcbfd464e2e326][ServerNames: textsecure-service.whispersystems.org,service.signal.org][JA3S: 1089ea6f0461a29006cc96dfe7a11d80][Issuer: C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure][Subject: C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org][Certificate SHA-1: 5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B][Safari][Validity: 2019-02-15 17:38:17 - 2029-03-12 18:20:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,50,7,7,7,0,7,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0] + 11 TCP 192.168.2.17:57025 <-> 35.169.3.40:443 [proto: 91.39/TLS.Signal][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Chat/9][15 pkts/2041 bytes <-> 11 pkts/3527 bytes][Goodput ratio: 51/79][0.58 sec][Hostname/SNI: textsecure-service.whispersystems.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.267 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 30/58 166/184 54/77][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 136/321 583/1506 133/473][TLSv1.2][JA3C: 6725ca90906e1036febcbfd464e2e326][ServerNames: textsecure-service.whispersystems.org,service.signal.org][JA3S: 1089ea6f0461a29006cc96dfe7a11d80][Issuer: C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure][Subject: C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org][Certificate SHA-1: 5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B][Safari][Validity: 2019-02-15 17:38:17 - 2029-03-12 18:20:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,50,7,14,0,0,7,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0] 12 TCP 192.168.2.17:49226 <-> 34.225.240.173:443 [proto: 91.39/TLS.Signal][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Chat/9][13 pkts/1688 bytes <-> 11 pkts/3569 bytes][Goodput ratio: 48/79][9.90 sec][Hostname/SNI: textsecure-service.whispersystems.org][bytes ratio: -0.358 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 58/57 113/154 53/66][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 130/324 502/1506 120/473][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][ServerNames: textsecure-service.whispersystems.org,service.signal.org][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure][Subject: C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org][Certificate SHA-1: 5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B][Firefox][Validity: 2019-02-15 17:38:17 - 2029-03-12 18:20:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,30,20,0,0,0,10,10,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0] 13 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][4 pkts/1368 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][15.76 sec][Hostname/SNI: lucas-imac][DHCP Fingerprint: 1,121,3,6,15,119,252,95,44,46][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 14 TCP 23.57.24.16:443 <-> 192.168.2.17:57016 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][6 pkts/408 bytes <-> 6 pkts/471 bytes][Goodput ratio: 12/13][0.65 sec][bytes ratio: -0.072 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 7/16 158/4 347/16 157/7][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 68/78 90/105 16/15][Plen Bins: 75,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/simple-dnscrypt.pcap.out b/tests/result/simple-dnscrypt.pcap.out index d972f34e7..f3a74a963 100644 --- a/tests/result/simple-dnscrypt.pcap.out +++ b/tests/result/simple-dnscrypt.pcap.out @@ -27,7 +27,7 @@ JA3 Host Stats: 1 192.168.43.167 2 - 1 TCP 192.168.43.167:50233 <-> 134.119.26.24:443 [proto: 91.208/TLS.DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][18 pkts/1788 bytes <-> 21 pkts/14580 bytes][Goodput ratio: 45/92][0.71 sec][Hostname/SNI: simplednscrypt.org][ALPN: h2;http/1.1][bytes ratio: -0.782 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 36/20 114/119 43/34][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 99/694 272/1364 68/594][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: b8f81673c0e1d29908346f3bab892b9b][TLSv1.2][JA3C: b8f81673c0e1d29908346f3bab892b9b][ServerNames: simplednscrypt.org,www.simplednscrypt.org][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA][Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org][Certificate SHA-1: 3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41][Validity: 2015-09-21 00:00:00 - 2017-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,25,8,4,0,0,8,0,4,4,0,4,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,33,0,0,0,0,0,0,0] - 2 TCP 192.168.43.167:50259 <-> 134.119.26.24:443 [proto: 91.208/TLS.DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI (cache)][cat: Network/14][18 pkts/1988 bytes <-> 18 pkts/9290 bytes][Goodput ratio: 50/89][0.52 sec][Hostname/SNI: simplednscrypt.org][ALPN: h2;http/1.1][bytes ratio: -0.647 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/25 105/106 34/35][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 110/516 334/1364 76/542][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: 83e04bc58d402f9633983cbf22724b02][TLSv1.2][JA3C: 83e04bc58d402f9633983cbf22724b02][ServerNames: simplednscrypt.org,www.simplednscrypt.org][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA][Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org][Certificate SHA-1: 3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41][Validity: 2015-09-21 00:00:00 - 2017-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,28,13,4,0,0,4,0,9,4,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,0,0,0] - 3 TCP 192.168.43.167:50253 <-> 134.119.26.24:443 [proto: 91.208/TLS.DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI (cache)][cat: Network/14][8 pkts/780 bytes <-> 10 pkts/7735 bytes][Goodput ratio: 43/93][0.44 sec][Hostname/SNI: simplednscrypt.org][ALPN: h2;http/1.1][bytes ratio: -0.817 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 72/32 188/124 74/51][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 98/774 264/1364 75/597][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: 83e04bc58d402f9633983cbf22724b02][TLSv1.2][JA3C: 83e04bc58d402f9633983cbf22724b02][ServerNames: simplednscrypt.org,www.simplednscrypt.org][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA][Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org][Certificate SHA-1: 3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41][Validity: 2015-09-21 00:00:00 - 2017-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,10,10,0,0,10,0,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0] - 4 TCP 192.168.43.167:50258 <-> 134.119.26.24:443 [proto: 91.208/TLS.DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI (cache)][cat: Network/14][8 pkts/780 bytes <-> 10 pkts/7735 bytes][Goodput ratio: 43/93][0.36 sec][Hostname/SNI: simplednscrypt.org][ALPN: h2;http/1.1][bytes ratio: -0.817 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 60/32 136/140 59/53][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 98/774 264/1364 75/597][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: 83e04bc58d402f9633983cbf22724b02][TLSv1.2][JA3C: 83e04bc58d402f9633983cbf22724b02][ServerNames: simplednscrypt.org,www.simplednscrypt.org][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA][Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org][Certificate SHA-1: 3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41][Validity: 2015-09-21 00:00:00 - 2017-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,10,10,0,0,10,0,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0] + 1 TCP 192.168.43.167:50233 <-> 134.119.26.24:443 [proto: 91.208/TLS.DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][18 pkts/1788 bytes <-> 21 pkts/14580 bytes][Goodput ratio: 45/92][0.71 sec][Hostname/SNI: simplednscrypt.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.782 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 36/20 114/119 43/34][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 99/694 272/1364 68/594][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: b8f81673c0e1d29908346f3bab892b9b][TLSv1.2][JA3C: b8f81673c0e1d29908346f3bab892b9b][ServerNames: simplednscrypt.org,www.simplednscrypt.org][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA][Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org][Certificate SHA-1: 3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41][Validity: 2015-09-21 00:00:00 - 2017-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,25,8,4,0,0,8,0,4,4,0,4,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,33,0,0,0,0,0,0,0] + 2 TCP 192.168.43.167:50259 <-> 134.119.26.24:443 [proto: 91.208/TLS.DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI (cache)][cat: Network/14][18 pkts/1988 bytes <-> 18 pkts/9290 bytes][Goodput ratio: 50/89][0.52 sec][Hostname/SNI: simplednscrypt.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.647 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/25 105/106 34/35][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 110/516 334/1364 76/542][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: 83e04bc58d402f9633983cbf22724b02][TLSv1.2][JA3C: 83e04bc58d402f9633983cbf22724b02][ServerNames: simplednscrypt.org,www.simplednscrypt.org][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA][Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org][Certificate SHA-1: 3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41][Validity: 2015-09-21 00:00:00 - 2017-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,28,13,4,0,0,4,0,9,4,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,0,0,0] + 3 TCP 192.168.43.167:50253 <-> 134.119.26.24:443 [proto: 91.208/TLS.DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI (cache)][cat: Network/14][8 pkts/780 bytes <-> 10 pkts/7735 bytes][Goodput ratio: 43/93][0.44 sec][Hostname/SNI: simplednscrypt.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.817 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 72/32 188/124 74/51][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 98/774 264/1364 75/597][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: 83e04bc58d402f9633983cbf22724b02][TLSv1.2][JA3C: 83e04bc58d402f9633983cbf22724b02][ServerNames: simplednscrypt.org,www.simplednscrypt.org][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA][Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org][Certificate SHA-1: 3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41][Validity: 2015-09-21 00:00:00 - 2017-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,10,10,0,0,10,0,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0] + 4 TCP 192.168.43.167:50258 <-> 134.119.26.24:443 [proto: 91.208/TLS.DNScrypt][IP: 0/Unknown][Encrypted][Confidence: DPI (cache)][cat: Network/14][8 pkts/780 bytes <-> 10 pkts/7735 bytes][Goodput ratio: 43/93][0.36 sec][Hostname/SNI: simplednscrypt.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.817 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 60/32 136/140 59/53][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 98/774 264/1364 75/597][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: 83e04bc58d402f9633983cbf22724b02][TLSv1.2][JA3C: 83e04bc58d402f9633983cbf22724b02][ServerNames: simplednscrypt.org,www.simplednscrypt.org][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA][Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org][Certificate SHA-1: 3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41][Validity: 2015-09-21 00:00:00 - 2017-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,10,10,0,0,10,0,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0] diff --git a/tests/result/sites.pcapng.out b/tests/result/sites.pcapng.out index 302b38c2a..5c9ded2cf 100644 --- a/tests/result/sites.pcapng.out +++ b/tests/result/sites.pcapng.out @@ -16,7 +16,7 @@ Automa host: 47/42 (search/found) Automa domain: 47/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 1/0 (search/found) -Automa common alpns: 24/24 (search/found) +Automa common alpns: 80/80 (search/found) Patricia risk mask: 106/0 (search/found) Patricia risk: 0/0 (search/found) Patricia protocols: 73/33 (search/found) @@ -73,48 +73,48 @@ JA3 Host Stats: 1 TCP 192.168.1.250:39890 <-> 45.82.241.51:80 [proto: 7.261/HTTP.Likee][IP: 0/Unknown][ClearText][Confidence: DPI][cat: SocialNetwork/6][58 pkts/4414 bytes <-> 54 pkts/74431 bytes][Goodput ratio: 22/96][182.93 sec][Hostname/SNI: videosnap.like.video][bytes ratio: -0.888 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 58/40 1449/1478 252/226][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 76/1378 244/1514 52/370][URL: videosnap.like.video/eu_live/5uz/1YOmxT.webp?type=8&resize=1&dw=360][StatusCode: 200][Content-Type: image/webp][User-Agent: Like-Android][PLAIN TEXT (GET /eu)][Plen Bins: 0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,3,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,85,0,0] - 2 TCP 192.168.1.128:50620 <-> 91.198.174.208:443 [proto: 91.176/TLS.Wikipedia][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][28 pkts/3033 bytes <-> 24 pkts/18149 bytes][Goodput ratio: 39/91][170.60 sec][Hostname/SNI: upload.wikimedia.org][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.714 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5077/6202 58326/58377 16039/17553][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 108/756 583/1514 106/683][TLSv1.3][JA3C: 6b5e0cfe988c723ee71faf54f8460684][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 11,23,3,3,0,3,0,3,0,3,3,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,39,0,0] - 3 TCP 192.168.1.250:41878 <-> 92.122.95.99:443 [proto: 91.49/TLS.TikTok][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][16 pkts/3550 bytes <-> 15 pkts/7010 bytes][Goodput ratio: 70/86][16.63 sec][Hostname/SNI: vcs-va.tiktokv.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.328 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1381/1506 16408/16423 4531/4717][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 222/467 1090/1514 286/552][TLSv1.3][JA3C: 66918128f1b9b03303d77c6f2eefd128][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 7,0,7,0,0,0,0,0,24,0,0,0,7,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,7,0,0,0,0,0,0,0,7,0,0,0,0,15,0,0] - 4 TCP 192.168.1.227:50071 <-> 52.73.71.226:443 [proto: 91.270/TLS.Fuze][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: VoIP/10][14 pkts/3035 bytes <-> 17 pkts/7520 bytes][Goodput ratio: 73/87][60.43 sec][Hostname/SNI: presence.fuze.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.425 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5482/5008 45124/45106 13235/12754][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 217/442 1019/1514 278/561][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: *.presence.fuze.com,presence.fuze.com][JA3S: 8d2a028aa94425f76ced7826b1f39039][Issuer: C=US, O=Amazon, OU=Server CA 1B, CN=Amazon][Subject: CN=*.presence.fuze.com][Certificate SHA-1: B4:E1:85:91:CD:36:0A:89:7B:6F:A0:C1:11:B5:A5:29:CE:05:13:79][Chrome][Validity: 2020-09-23 00:00:00 - 2021-10-25 00:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 11,23,5,11,0,0,0,0,5,0,0,0,0,0,0,5,5,0,0,0,0,0,0,0,5,0,0,0,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0] - 5 TCP 192.168.1.128:48918 <-> 143.204.9.65:443 [proto: 91.71/TLS.DisneyPlus][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Streaming/17][15 pkts/1802 bytes <-> 14 pkts/7915 bytes][Goodput ratio: 44/88][0.05 sec][Hostname/SNI: prod-static.disney-plus.net][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.629 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/3 17/11 5/4][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 120/565 583/1494 132/660][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 10,0,20,0,0,10,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,40,0,0,0] - 6 TCP 192.168.12.169:39248 <-> 23.12.104.83:443 [proto: 91.280/TLS.AccuWeather][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][16 pkts/1964 bytes <-> 14 pkts/6598 bytes][Goodput ratio: 47/86][1.75 sec][Hostname/SNI: api.accuweather.com][ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.541 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 125/170 1421/1444 375/427][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 123/471 583/1514 140/534][TLSv1.3][JA3C: 9b02ebd3a43b62d825e1ac605b621dc8][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 16,0,8,0,0,0,0,0,16,8,0,8,0,0,0,0,8,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,16,0,0] - 7 TCP 192.168.1.128:56836 <-> 13.107.42.13:443 [proto: 91.221/TLS.MS_OneDrive][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Cloud/13][3 pkts/857 bytes <-> 7 pkts/6562 bytes][Goodput ratio: 79/94][0.08 sec][Hostname/SNI: onedrive.live.com][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.769 (Download)][IAT c2s/s2c min/avg/max/stddev: 22/0 28/9 33/33 6/13][Pkt Len c2s/s2c min/avg/max/stddev: 74/60 286/937 571/1514 209/673][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][ServerNames: onedrive.com,p.sfx.ms,*.live.com,*.live.net,*.skydrive.live.com,*.onedrive.live.com,*.onedrive.com,d.sfx-df.ms,*.odwebb.svc.ms,*.odwebp.svc.ms,*.odwebdf.svc.ms,*.odwebpl.svc.ms][JA3S: a66ea560599a2f5c89eec8c3a0d69cee][Issuer: C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 02][Subject: CN=onedrive.com][Certificate SHA-1: 77:7F:F2:95:29:A7:E3:CC:0F:BF:2F:BA:2E:6F:2A:38:62:8B:48:4D][Firefox][Validity: 2022-02-01 00:13:15 - 2023-02-01 00:13:15][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 12,0,0,0,12,0,0,0,0,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,51,0,0] - 8 TCP 192.168.1.128:46724 <-> 199.232.82.109:443 [proto: 91.267/TLS.Vimeo][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Streaming/17][13 pkts/1452 bytes <-> 12 pkts/5804 bytes][Goodput ratio: 42/86][52.80 sec][Hostname/SNI: f.vimeocdn.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.600 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5278/5835 46637/46651 13906/15427][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 112/484 583/1410 138/567][TLSv1.2][JA3C: cd08e31494f9531f560d64c695473da9][ServerNames: *.vimeocdn.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2020][Subject: CN=*.vimeocdn.com][Certificate SHA-1: 3A:0F:CF:EC:3C:13:25:E2:E1:4D:C6:52:A6:4D:8D:96:10:1E:8E:37][Chrome][Validity: 2021-05-18 18:45:52 - 2022-06-19 18:45:51][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,12,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,38,0,0,0,0,0] - 9 TCP 192.168.1.128:33102 <-> 13.81.118.91:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Cloud/13][3 pkts/857 bytes <-> 6 pkts/6226 bytes][Goodput ratio: 79/95][0.11 sec][Hostname/SNI: onedrive.com][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.758 (Download)][IAT c2s/s2c min/avg/max/stddev: 37/0 40/16 42/41 2/19][Pkt Len c2s/s2c min/avg/max/stddev: 74/66 286/1038 571/1514 209/673][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][ServerNames: onedrive.com,p.sfx.ms,*.live.com,*.live.net,*.skydrive.live.com,*.onedrive.live.com,*.onedrive.com,d.sfx-df.ms,*.odwebb.svc.ms,*.odwebp.svc.ms,*.odwebdf.svc.ms,*.odwebpl.svc.ms][JA3S: 67bfe5d15ae567fb35fd7837f0116eec][Issuer: C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01][Subject: CN=onedrive.com][Certificate SHA-1: 50:2F:33:10:92:AC:27:7B:17:BE:82:68:3B:E2:29:AD:97:41:B7:BB][Firefox][Validity: 2021-08-13 07:38:24 - 2022-08-13 07:38:24][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,14,0,0,14,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,57,0,0] - 10 TCP 192.168.1.128:42580 <-> 2.17.141.128:443 [proto: 91.258/TLS.Activision][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Game/8][3 pkts/849 bytes <-> 6 pkts/5606 bytes][Goodput ratio: 76/93][0.06 sec][Hostname/SNI: www.activision.com][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.737 (Download)][IAT c2s/s2c min/avg/max/stddev: 20/0 24/9 27/24 4/10][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 283/934 583/1514 218/562][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][ServerNames: www.benefitsforeveryworld.com,worldseriesofwarzone.com,treyarch.com,toysforbob.com,spyrothedragon.com,sledgehammergames.com,skylanders.com,sierragames.com,sekirothegame.com,ravensoftware.com,preview.demonware.net,infinityward.com,highmoonstudios.com,highmoon.com,guitarhero.com,europeanwarzoneseries.com,demonware.net,crashbandicoot.com,cdn.gh5.ps3.guitarhero.com,callofdutyleague.com,callofdutyendowment.org,callofdutyendowment.com,callofduty.com,benefitsforeveryworld.com,activisionretail.com,activisionblizzardmedia.com,activisionblizzard.com,activision.com,*.worldseriesofwarzone.com,*.treyarch.com,*.toysforbob.com,*.support.activision.com,*.spyrothedragon.com,*.sledgehammergames.com,*.skylanders.com,*.sierragames.com,*.sekirothegame.com,*.ravensoftware.com,*.infinityward.com,*.highmoonstudios.com,*.highmoon.com,*.guitarhero.com,*.europeanwarzoneseries.com,*.demonware.net,*.crashbandicoot.com,*.callofdutyleague.com,*.callofdutyendowment.org,*.callofdutyendowment.com,*.callofduty.com,*.activisionretail.com,*.activisionblizzardmedia.com,*.activisionblizzard.com,*.activision.com][JA3S: 35af4c8cd9495354f7d701ce8ad7fd2d][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=Santa Monica, O=Activision Publishing, Inc., CN=activision.com][Certificate SHA-1: F7:39:B4:E7:27:83:D4:55:8B:13:77:16:D5:8A:3E:77:FB:2A:4F:41][Firefox][Validity: 2021-12-07 00:00:00 - 2022-12-07 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,14,0,0,0,0,14,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,28,0,0] - 11 TCP 192.168.1.128:48654 <-> 13.107.42.14:443 [proto: 91.233/TLS.LinkedIn][IP: 276/Azure][Encrypted][Confidence: DPI][cat: SocialNetwork/6][3 pkts/857 bytes <-> 6 pkts/5137 bytes][Goodput ratio: 79/93][0.09 sec][Hostname/SNI: www.linkedin.com][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.714 (Download)][IAT c2s/s2c min/avg/max/stddev: 27/0 30/12 34/35 4/15][Pkt Len c2s/s2c min/avg/max/stddev: 74/66 286/856 571/1514 209/665][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][ServerNames: www.linkedin.com,linkedin.com,rum5.perf.linkedin.com,exp4.www.linkedin.com,exp3.www.linkedin.com,exp2.www.linkedin.com,exp1.www.linkedin.com,rum2.perf.linkedin.com,rum4.perf.linkedin.com,rum6.perf.linkedin.com,rum17.perf.linkedin.com,rum8.perf.linkedin.com,rum9.perf.linkedin.com,afd.perf.linkedin.com,rum14.perf.linkedin.com,rum18.perf.linkedin.com,rum19.perf.linkedin.com,exp5.www.linkedin.com,realtime.www.linkedin.com,px.ads.linkedin.com,px4.ads.linkedin.com,dc.ads.linkedin.com,lnkd.in,px.jobs.linkedin.com][JA3S: a66ea560599a2f5c89eec8c3a0d69cee][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=Sunnyvale, O=LinkedIn Corporation, CN=www.linkedin.com][Certificate SHA-1: CE:D8:A5:BE:BD:4B:EF:E9:22:C8:0D:55:A6:7A:A6:4A:B8:03:4A:53][Firefox][Validity: 2022-03-01 00:00:00 - 2022-09-01 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,14,0,14,0,0,0,0,0,14,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,42,0,0] - 12 TCP 192.168.1.128:43412 <-> 151.101.193.73:443 [proto: 91.246/TLS.Bloomberg][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Cloud/13][3 pkts/816 bytes <-> 6 pkts/5140 bytes][Goodput ratio: 75/92][0.04 sec][Hostname/SNI: www.bloomberg.com][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.726 (Download)][IAT c2s/s2c min/avg/max/stddev: 10/0 15/6 20/20 5/8][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 272/857 583/1406 223/565][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][ServerNames: www.bloomberg.com,api.businessweek.com,api.bwbx.io,assets.bwbx.io,byzantium.bloomberg.com,cdn-mobapi.bloomberg.com,cdn-videos.bloomberg.com,cdn.gotraffic.net,charts.bloomberg.com,embeds.bloomberg.com,fastly.bloomberg.tv,feeds.bloomberg.com,fonts.gotraffic.net,staging-assets.bwbx.io,nav.bloomberg.com,sponsored.bloomberg.com,spotlight.bloomberg.com,tictoc.video,www.bbthat.com,www.bloomberg.co.jp,www.bloomberg.co.jp.shared.bloomberga.com,www.bloomberg.com.shared.bloomberga.com,www.bloombergview.com,www.citylab.com,www.citylab.com.shared.bloomberga.com,www.quicktake.video,www.tictoc.video,cdn-api.cmobile.bloomberg.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=US, ST=New York, L=New York, O=Bloomberg LP, CN=www.bloomberg.com][Certificate SHA-1: 88:4A:85:34:1D:E6:C0:BE:5E:C6:14:BB:BA:94:A3:55:92:BA:95:82][Firefox][Validity: 2022-02-22 00:00:00 - 2023-03-24 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,14,0,0,0,0,0,14,0,0,0,0,0,14,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,42,0,0,0,0,0,0] - 13 TCP 192.168.1.128:39828 <-> 40.97.160.2:443 [proto: 91.21/TLS.Outlook][IP: 21/Outlook][Encrypted][Confidence: DPI][cat: Email/3][3 pkts/857 bytes <-> 6 pkts/5097 bytes][Goodput ratio: 79/93][0.55 sec][Hostname/SNI: outlook.com][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.712 (Download)][IAT c2s/s2c min/avg/max/stddev: 178/0 184/74 190/189 6/90][Pkt Len c2s/s2c min/avg/max/stddev: 74/66 286/850 571/1514 209/672][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][ServerNames: *.internal.outlook.com,*.outlook.com,outlook.com,office365.com,*.office365.com,*.outlook.office365.com,*.office.com,outlook.office.com,substrate.office.com,attachment.outlook.live.net,attachment.outlook.office.net,attachment.outlook.officeppe.net,attachments.office.net,*.clo.footprintdns.com,*.nrb.footprintdns.com,ccs.login.microsoftonline.com,ccs-sdf.login.microsoftonline.com,substrate-sdf.office.com,attachments-sdf.office.net,*.live.com,mail.services.live.com,hotmail.com,*.hotmail.com][JA3S: 71d9ce75f347e6cf54268d7114ae6925][Issuer: C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=outlook.com][Certificate SHA-1: 4E:39:B4:13:4B:8C:77:57:7D:80:3D:76:40:E8:88:22:05:00:1C:58][Firefox][Validity: 2021-12-22 00:00:00 - 2022-12-22 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,14,0,0,14,0,0,0,0,0,14,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,42,0,0] - 14 TCP 192.168.1.128:57878 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][IP: 125/Skype_Teams][Encrypted][Confidence: DPI][cat: Collaborative/15][3 pkts/857 bytes <-> 5 pkts/4534 bytes][Goodput ratio: 79/94][0.08 sec][Hostname/SNI: teams.office.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.682 (Download)][IAT c2s/s2c min/avg/max/stddev: 20/0 32/16 44/36 12/16][Pkt Len c2s/s2c min/avg/max/stddev: 74/66 286/907 571/1514 209/591][TLSv1.2][JA3C: cd08e31494f9531f560d64c695473da9][ServerNames: teams.office.com][JA3S: 104071bf77c5f0d7bae5f17542ba9428][Issuer: C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01][Subject: CN=teams.office.com][Certificate SHA-1: 27:20:65:85:4C:34:BF:09:F0:25:56:B8:50:A7:4D:38:8C:45:82:80][Chrome][Validity: 2021-09-06 22:02:06 - 2022-09-06 22:02:06][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,16,0,0,0,0,0,16,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0] - 15 TCP 192.168.1.128:57336 <-> 23.1.68.189:443 [proto: 91.231/TLS.Playstation][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Game/8][3 pkts/849 bytes <-> 5 pkts/4459 bytes][Goodput ratio: 76/92][0.07 sec][Hostname/SNI: www.playstation.com][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.680 (Download)][IAT c2s/s2c min/avg/max/stddev: 23/0 24/12 24/23 0/12][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 283/892 583/1514 218/598][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][ServerNames: playstation.com,webforms.playstation.com,www.playstation.com][JA3S: 19e4a55cecd087d9ebf88da03db13a0f][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Mateo, O=SONY INTERACTIVE ENTERTAINMENT LLC, CN=www.playstation.com][Certificate SHA-1: 19:BC:48:84:B7:B0:91:46:45:D5:DD:3B:B5:8D:8E:45:E8:42:1A:8A][Firefox][Validity: 2021-11-19 00:00:00 - 2022-11-18 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,16,0,0,0,0,16,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0] - 16 TCP 192.168.1.128:45014 <-> 129.226.107.210:443 [proto: 91.202/TLS.IFLIX][IP: 285/Tencent][Encrypted][Confidence: DPI][cat: Video/26][3 pkts/792 bytes <-> 5 pkts/4228 bytes][Goodput ratio: 77/93][0.97 sec][Hostname/SNI: www.iflix.com][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.684 (Download)][IAT c2s/s2c min/avg/max/stddev: 324/0 325/162 326/326 1/163][Pkt Len c2s/s2c min/avg/max/stddev: 74/66 264/846 571/1486 219/582][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][ServerNames: jan18-2022-1.ias.iflix.com,access.iflix.com,accounts.iflix.com,debugaccess.iflix.com,hwvip.iflix.com,iflix.com,live.iflix.com,pbaccess.iflix.com,pbdebugaccess.iflix.com,test.iflix.com,testupload.iflix.com,tv.iflix.com,upload.iflix.com,vplay.iflix.com,www.iflix.com][JA3S: 00447ab319e9d94ba2b4c1248e155917][Issuer: C=US, O=DigiCert Inc, CN=DigiCert Secure Site CN CA G3][Subject: C=CN, ST=Guangdong Province, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=jan18-2022-1.ias.iflix.com][Certificate SHA-1: 6F:FD:C1:38:F4:2A:0B:65:51:9C:0E:11:86:63:B5:58:52:FC:96:B0][Firefox][Validity: 2022-01-18 00:00:00 - 2023-01-17 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,16,0,0,0,0,0,16,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0] - 17 TCP 192.168.1.128:56468 <-> 151.101.192.92:443 [proto: 91.186/TLS.Vevo][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Music/25][3 pkts/816 bytes <-> 5 pkts/4204 bytes][Goodput ratio: 75/92][0.04 sec][Hostname/SNI: vevo.com][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.675 (Download)][IAT c2s/s2c min/avg/max/stddev: 10/0 14/7 18/18 4/7][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 272/841 583/1406 223/551][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][ServerNames: *.cache.vevo.com,*.cache.vevodev.com,*.cache.vevoprd.com,*.cache.vevostg.com,*.vevodev.com,*.vevoprd.com,*.vevostg.com,stg.vevo.ly,vevo.com,vevo.ly,vevo.pl,vevo.tv,vevoapi.com,vevocdn.com,vevolive.tv,vevosubmit.com,www.vevo.ly,www.vevo.pl,*.vevo.com,*.vevo.ly,*.vevo.pl,*.vevo.tv,*.vevoapi.com,*.vevocdn.com,*.vevolive.tv,*.vevosubmit.com][JA3S: 00447ab319e9d94ba2b4c1248e155917][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2020][Subject: CN=*.cache.vevo.com][Certificate SHA-1: ED:55:58:0E:19:94:FE:95:93:86:88:FE:30:27:DF:43:EB:74:17:C2][Firefox][Validity: 2021-06-01 16:55:32 - 2022-07-03 16:55:31][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,16,0,0,0,0,0,16,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,0,0] - 18 TCP 192.168.1.128:53978 <-> 208.85.40.158:443 [proto: 91.187/TLS.Pandora][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Streaming/17][3 pkts/849 bytes <-> 5 pkts/3932 bytes][Goodput ratio: 76/91][0.68 sec][Hostname/SNI: pandora.com][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.645 (Download)][IAT c2s/s2c min/avg/max/stddev: 170/0 254/127 339/173 84/73][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 283/786 583/1514 218/607][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][ServerNames: *.pandora.com,pandora.com][JA3S: 7047b9d842ee4b3fba6a86353828c915][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust TLS RSA CA G1][Subject: C=US, ST=California, L=Oakland, O=Pandora Media, LLC, CN=*.pandora.com][Certificate SHA-1: 40:BB:03:6C:E8:D4:7C:D7:72:59:2F:8D:DB:4B:64:4F:8F:C4:EB:AF][Firefox][Validity: 2021-05-12 00:00:00 - 2022-06-12 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,16,0,0,0,0,0,0,16,16,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0] - 19 TCP 192.168.1.128:39302 <-> 95.131.170.91:443 [proto: 91.149/TLS.Tuenti][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: VoIP/10][3 pkts/849 bytes <-> 5 pkts/3703 bytes][Goodput ratio: 76/91][0.14 sec][Hostname/SNI: static.tuenti.com][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.627 (Download)][IAT c2s/s2c min/avg/max/stddev: 43/0 46/24 50/49 4/24][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 283/741 583/1514 218/647][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][ServerNames: *.tuenti.com,tuenti.com][JA3S: 61be9ce3d068c08ff99a857f62352f9d][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=ES, L=Madrid, O=Tuenti Technologies S.L., CN=*.tuenti.com][Certificate SHA-1: 89:B8:FA:C7:22:04:D2:BE:C5:6E:59:10:31:67:42:B1:3F:6D:F8:3B][Firefox][Validity: 2021-04-05 00:00:00 - 2022-05-06 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,16,0,16,0,0,0,0,0,0,0,0,0,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0] - 20 TCP 192.168.1.128:51248 <-> 95.131.169.91:443 [proto: 91.149/TLS.Tuenti][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: VoIP/10][3 pkts/849 bytes <-> 5 pkts/3703 bytes][Goodput ratio: 76/91][0.14 sec][Hostname/SNI: tuenti.com][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.627 (Download)][IAT c2s/s2c min/avg/max/stddev: 46/0 47/24 48/47 1/24][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 283/741 583/1514 218/647][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][ServerNames: *.tuenti.com,tuenti.com][JA3S: 61be9ce3d068c08ff99a857f62352f9d][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=ES, L=Madrid, O=Tuenti Technologies S.L., CN=*.tuenti.com][Certificate SHA-1: 89:B8:FA:C7:22:04:D2:BE:C5:6E:59:10:31:67:42:B1:3F:6D:F8:3B][Firefox][Validity: 2021-04-05 00:00:00 - 2022-05-06 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,16,0,16,0,0,0,0,0,0,0,0,0,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0] - 21 UDP 192.168.1.128:36832 <-> 142.250.181.238:443 [proto: 188.72/QUIC.GooglePlus][IP: 126/Google][Encrypted][Confidence: DPI][cat: SocialNetwork/6][1 pkts/1399 bytes <-> 1 pkts/1399 bytes][Goodput ratio: 97/97][0.02 sec][Hostname/SNI: plus.google.com][ALPN: h3][TLS Supported Versions: TLSv1.3][TLSv1.3][JA3C: b719940c5ab9a3373cb4475d8143ff88][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 22 UDP 192.168.1.128:38642 <-> 216.58.212.142:443 [proto: 188.126/QUIC.Google][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1399 bytes <-> 1 pkts/1399 bytes][Goodput ratio: 97/97][0.03 sec][Hostname/SNI: hangouts.google.com][ALPN: h3][TLS Supported Versions: TLSv1.3][TLSv1.3][JA3C: 2a18e6bf307f97c5e27f0ab407dc65db][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 23 TCP 192.168.1.128:40832 <-> 2.17.141.49:443 [proto: 91.179/TLS.eBay][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Shopping/27][2 pkts/657 bytes <-> 2 pkts/1588 bytes][Goodput ratio: 79/91][0.04 sec][Hostname/SNI: www.ebay.com][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] - 24 TCP 192.168.1.128:42884 <-> 185.125.190.21:443 [proto: 91.169/TLS.UbuntuONE][IP: 169/UbuntuONE][Encrypted][Confidence: DPI][cat: Cloud/13][2 pkts/657 bytes <-> 2 pkts/1588 bytes][Goodput ratio: 79/91][0.06 sec][Hostname/SNI: assets.ubuntu.com][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] - 25 TCP 192.168.1.128:45898 <-> 15.160.39.187:443 [proto: 91.254/TLS.AppleSiri][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: VirtAssistant/32][2 pkts/657 bytes <-> 2 pkts/1588 bytes][Goodput ratio: 79/91][0.02 sec][Hostname/SNI: guzzoni.apple.com][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] - 26 TCP 192.168.1.128:46264 <-> 23.51.246.65:443 [proto: 91.231/TLS.Playstation][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Game/8][2 pkts/657 bytes <-> 2 pkts/1588 bytes][Goodput ratio: 79/91][0.03 sec][Hostname/SNI: static.playstation.com][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] - 27 TCP 192.168.1.128:48140 <-> 23.1.66.79:443 [proto: 91.180/TLS.CNN][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/657 bytes <-> 2 pkts/1588 bytes][Goodput ratio: 79/91][0.04 sec][Hostname/SNI: cdn.cnn.com][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] - 28 TCP 192.168.1.128:48902 <-> 2.17.140.63:443 [proto: 91.47/TLS.Xbox][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Game/8][2 pkts/657 bytes <-> 2 pkts/1588 bytes][Goodput ratio: 79/91][0.04 sec][Hostname/SNI: account.xbox.com][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] - 29 TCP 192.168.1.128:51432 <-> 95.101.195.214:443 [proto: 91.137/TLS.Hulu][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Streaming/17][2 pkts/657 bytes <-> 2 pkts/1588 bytes][Goodput ratio: 79/91][0.05 sec][Hostname/SNI: hulu.com][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] - 30 TCP 192.168.1.128:33664 <-> 108.138.185.106:443 [proto: 91.240/TLS.AmazonVideo][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Video/26][2 pkts/657 bytes <-> 2 pkts/1568 bytes][Goodput ratio: 79/91][0.02 sec][Hostname/SNI: www.primevideo.com][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] - 31 TCP 192.168.1.128:39934 <-> 104.23.98.190:443 [proto: 91.232/TLS.Pastebin][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: Download/7][2 pkts/645 bytes <-> 2 pkts/1580 bytes][Goodput ratio: 80/92][0.04 sec][Hostname/SNI: pastebin.com][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][Risk: ** Unsafe Protocol **][Risk Score: 10][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] - 32 TCP 192.168.1.128:43150 <-> 108.138.199.67:443 [proto: 91.210/TLS.Deezer][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Music/25][2 pkts/657 bytes <-> 2 pkts/1568 bytes][Goodput ratio: 79/91][0.02 sec][Hostname/SNI: deezer.com][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] - 33 TCP 192.168.1.128:51806 <-> 18.66.196.102:443 [proto: 91.234/TLS.SoundCloud][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Music/25][2 pkts/657 bytes <-> 2 pkts/1568 bytes][Goodput ratio: 79/91][0.02 sec][Hostname/SNI: soundcloud.com][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] - 34 TCP 192.168.1.128:53998 <-> 172.65.251.78:443 [proto: 91.262/TLS.GitLab][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: Collaborative/15][2 pkts/645 bytes <-> 2 pkts/1580 bytes][Goodput ratio: 80/92][0.05 sec][Hostname/SNI: www.gitlab.com][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] - 35 TCP 192.168.1.128:57014 <-> 108.139.210.102:443 [proto: 91.246/TLS.Bloomberg][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Cloud/13][2 pkts/657 bytes <-> 2 pkts/1568 bytes][Goodput ratio: 79/91][0.04 sec][Hostname/SNI: sourcepointcmp.bloomberg.com][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] - 36 TCP 192.168.1.128:38858 <-> 142.250.180.142:443 [proto: 91.123/TLS.GoogleMaps][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/657 bytes <-> 2 pkts/1558 bytes][Goodput ratio: 79/91][0.03 sec][Hostname/SNI: maps.google.com][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] - 37 TCP 192.168.1.128:47122 <-> 35.201.112.136:443 [proto: 91.134/TLS.LastFM][IP: 284/GoogleCloud][Encrypted][Confidence: DPI][cat: Music/25][2 pkts/657 bytes <-> 2 pkts/1558 bytes][Goodput ratio: 79/91][0.02 sec][Hostname/SNI: kerve.last.fm][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] - 38 TCP 192.168.1.128:50608 <-> 142.250.185.206:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/657 bytes <-> 2 pkts/1558 bytes][Goodput ratio: 79/91][0.04 sec][Hostname/SNI: googleplus.com][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] - 39 TCP 192.168.1.128:56458 <-> 142.250.185.142:443 [proto: 91.217/TLS.GoogleDrive][IP: 126/Google][Encrypted][Confidence: DPI][cat: Cloud/13][2 pkts/657 bytes <-> 2 pkts/1558 bytes][Goodput ratio: 79/91][0.04 sec][Hostname/SNI: drive.google.com][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] - 40 TCP 192.168.1.128:35054 <-> 31.222.67.112:443 [proto: 91.279/TLS.Badoo][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][2 pkts/645 bytes <-> 2 pkts/1500 bytes][Goodput ratio: 80/92][0.09 sec][Hostname/SNI: www.badoo.com][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0] - 41 TCP 192.168.1.128:46084 <-> 146.75.62.167:443 [proto: 91.195/TLS.Twitch][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Video/26][2 pkts/657 bytes <-> 2 pkts/1480 bytes][Goodput ratio: 79/90][0.05 sec][Hostname/SNI: gql.twitch.tv][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0] - 42 UDP 192.168.1.123:59102 -> 216.58.209.46:443 [proto: 188.281/QUIC.GoogleClassroom][IP: 126/Google][Encrypted][Confidence: DPI][cat: Collaborative/15][1 pkts/1292 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: classroom.google.com][ALPN: h3][TLS Supported Versions: TLSv1.3][User-Agent: Chrome/97.0.4692.99 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: a27a03a8478393fe7f8958648bb71ff4][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] - 43 TCP 192.168.12.169:46160 <-> 69.171.250.20:443 [proto: 91.157/TLS.Messenger][IP: 119/Facebook][Encrypted][Confidence: DPI][cat: Chat/9][2 pkts/521 bytes <-> 2 pkts/356 bytes][Goodput ratio: 73/61][0.02 sec][Hostname/SNI: edge-mqtt.facebook.com][ALPN: h2;h2-fb][TLS Supported Versions: TLSv1.3;TLSv1.3 (Fizz)][TLSv1.3 (Fizz)][JA3C: 44dab16d680ef93487bc16ad23b3ffb1][JA3S: fcb2d4d0991292272fcb1e464eedfd43][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 TCP 192.168.1.128:50620 <-> 91.198.174.208:443 [proto: 91.176/TLS.Wikipedia][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][28 pkts/3033 bytes <-> 24 pkts/18149 bytes][Goodput ratio: 39/91][170.60 sec][Hostname/SNI: upload.wikimedia.org][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.714 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5077/6202 58326/58377 16039/17553][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 108/756 583/1514 106/683][TLSv1.3][JA3C: 6b5e0cfe988c723ee71faf54f8460684][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 11,23,3,3,0,3,0,3,0,3,3,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,39,0,0] + 3 TCP 192.168.1.250:41878 <-> 92.122.95.99:443 [proto: 91.49/TLS.TikTok][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][16 pkts/3550 bytes <-> 15 pkts/7010 bytes][Goodput ratio: 70/86][16.63 sec][Hostname/SNI: vcs-va.tiktokv.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.328 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1381/1506 16408/16423 4531/4717][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 222/467 1090/1514 286/552][TLSv1.3][JA3C: 66918128f1b9b03303d77c6f2eefd128][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 7,0,7,0,0,0,0,0,24,0,0,0,7,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,7,0,0,0,0,0,0,0,7,0,0,0,0,15,0,0] + 4 TCP 192.168.1.227:50071 <-> 52.73.71.226:443 [proto: 91.270/TLS.Fuze][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: VoIP/10][14 pkts/3035 bytes <-> 17 pkts/7520 bytes][Goodput ratio: 73/87][60.43 sec][Hostname/SNI: presence.fuze.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.425 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5482/5008 45124/45106 13235/12754][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 217/442 1019/1514 278/561][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: *.presence.fuze.com,presence.fuze.com][JA3S: 8d2a028aa94425f76ced7826b1f39039][Issuer: C=US, O=Amazon, OU=Server CA 1B, CN=Amazon][Subject: CN=*.presence.fuze.com][Certificate SHA-1: B4:E1:85:91:CD:36:0A:89:7B:6F:A0:C1:11:B5:A5:29:CE:05:13:79][Chrome][Validity: 2020-09-23 00:00:00 - 2021-10-25 00:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 11,23,5,11,0,0,0,0,5,0,0,0,0,0,0,5,5,0,0,0,0,0,0,0,5,0,0,0,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0] + 5 TCP 192.168.1.128:48918 <-> 143.204.9.65:443 [proto: 91.71/TLS.DisneyPlus][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Streaming/17][15 pkts/1802 bytes <-> 14 pkts/7915 bytes][Goodput ratio: 44/88][0.05 sec][Hostname/SNI: prod-static.disney-plus.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.629 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/3 17/11 5/4][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 120/565 583/1494 132/660][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 10,0,20,0,0,10,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,40,0,0,0] + 6 TCP 192.168.12.169:39248 <-> 23.12.104.83:443 [proto: 91.280/TLS.AccuWeather][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][16 pkts/1964 bytes <-> 14 pkts/6598 bytes][Goodput ratio: 47/86][1.75 sec][Hostname/SNI: api.accuweather.com][(Advertised) ALPNs: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.541 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 125/170 1421/1444 375/427][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 123/471 583/1514 140/534][TLSv1.3][JA3C: 9b02ebd3a43b62d825e1ac605b621dc8][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 16,0,8,0,0,0,0,0,16,8,0,8,0,0,0,0,8,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,16,0,0] + 7 TCP 192.168.1.128:56836 <-> 13.107.42.13:443 [proto: 91.221/TLS.MS_OneDrive][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Cloud/13][3 pkts/857 bytes <-> 7 pkts/6562 bytes][Goodput ratio: 79/94][0.08 sec][Hostname/SNI: onedrive.live.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.769 (Download)][IAT c2s/s2c min/avg/max/stddev: 22/0 28/9 33/33 6/13][Pkt Len c2s/s2c min/avg/max/stddev: 74/60 286/937 571/1514 209/673][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][ServerNames: onedrive.com,p.sfx.ms,*.live.com,*.live.net,*.skydrive.live.com,*.onedrive.live.com,*.onedrive.com,d.sfx-df.ms,*.odwebb.svc.ms,*.odwebp.svc.ms,*.odwebdf.svc.ms,*.odwebpl.svc.ms][JA3S: a66ea560599a2f5c89eec8c3a0d69cee][Issuer: C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 02][Subject: CN=onedrive.com][Certificate SHA-1: 77:7F:F2:95:29:A7:E3:CC:0F:BF:2F:BA:2E:6F:2A:38:62:8B:48:4D][Firefox][Validity: 2022-02-01 00:13:15 - 2023-02-01 00:13:15][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 12,0,0,0,12,0,0,0,0,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,51,0,0] + 8 TCP 192.168.1.128:46724 <-> 199.232.82.109:443 [proto: 91.267/TLS.Vimeo][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Streaming/17][13 pkts/1452 bytes <-> 12 pkts/5804 bytes][Goodput ratio: 42/86][52.80 sec][Hostname/SNI: f.vimeocdn.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.600 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5278/5835 46637/46651 13906/15427][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 112/484 583/1410 138/567][TLSv1.2][JA3C: cd08e31494f9531f560d64c695473da9][ServerNames: *.vimeocdn.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2020][Subject: CN=*.vimeocdn.com][Certificate SHA-1: 3A:0F:CF:EC:3C:13:25:E2:E1:4D:C6:52:A6:4D:8D:96:10:1E:8E:37][Chrome][Validity: 2021-05-18 18:45:52 - 2022-06-19 18:45:51][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,12,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,38,0,0,0,0,0] + 9 TCP 192.168.1.128:33102 <-> 13.81.118.91:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Cloud/13][3 pkts/857 bytes <-> 6 pkts/6226 bytes][Goodput ratio: 79/95][0.11 sec][Hostname/SNI: onedrive.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.758 (Download)][IAT c2s/s2c min/avg/max/stddev: 37/0 40/16 42/41 2/19][Pkt Len c2s/s2c min/avg/max/stddev: 74/66 286/1038 571/1514 209/673][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][ServerNames: onedrive.com,p.sfx.ms,*.live.com,*.live.net,*.skydrive.live.com,*.onedrive.live.com,*.onedrive.com,d.sfx-df.ms,*.odwebb.svc.ms,*.odwebp.svc.ms,*.odwebdf.svc.ms,*.odwebpl.svc.ms][JA3S: 67bfe5d15ae567fb35fd7837f0116eec][Issuer: C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01][Subject: CN=onedrive.com][Certificate SHA-1: 50:2F:33:10:92:AC:27:7B:17:BE:82:68:3B:E2:29:AD:97:41:B7:BB][Firefox][Validity: 2021-08-13 07:38:24 - 2022-08-13 07:38:24][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,14,0,0,14,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,57,0,0] + 10 TCP 192.168.1.128:42580 <-> 2.17.141.128:443 [proto: 91.258/TLS.Activision][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Game/8][3 pkts/849 bytes <-> 6 pkts/5606 bytes][Goodput ratio: 76/93][0.06 sec][Hostname/SNI: www.activision.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.737 (Download)][IAT c2s/s2c min/avg/max/stddev: 20/0 24/9 27/24 4/10][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 283/934 583/1514 218/562][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][ServerNames: www.benefitsforeveryworld.com,worldseriesofwarzone.com,treyarch.com,toysforbob.com,spyrothedragon.com,sledgehammergames.com,skylanders.com,sierragames.com,sekirothegame.com,ravensoftware.com,preview.demonware.net,infinityward.com,highmoonstudios.com,highmoon.com,guitarhero.com,europeanwarzoneseries.com,demonware.net,crashbandicoot.com,cdn.gh5.ps3.guitarhero.com,callofdutyleague.com,callofdutyendowment.org,callofdutyendowment.com,callofduty.com,benefitsforeveryworld.com,activisionretail.com,activisionblizzardmedia.com,activisionblizzard.com,activision.com,*.worldseriesofwarzone.com,*.treyarch.com,*.toysforbob.com,*.support.activision.com,*.spyrothedragon.com,*.sledgehammergames.com,*.skylanders.com,*.sierragames.com,*.sekirothegame.com,*.ravensoftware.com,*.infinityward.com,*.highmoonstudios.com,*.highmoon.com,*.guitarhero.com,*.europeanwarzoneseries.com,*.demonware.net,*.crashbandicoot.com,*.callofdutyleague.com,*.callofdutyendowment.org,*.callofdutyendowment.com,*.callofduty.com,*.activisionretail.com,*.activisionblizzardmedia.com,*.activisionblizzard.com,*.activision.com][JA3S: 35af4c8cd9495354f7d701ce8ad7fd2d][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=Santa Monica, O=Activision Publishing, Inc., CN=activision.com][Certificate SHA-1: F7:39:B4:E7:27:83:D4:55:8B:13:77:16:D5:8A:3E:77:FB:2A:4F:41][Firefox][Validity: 2021-12-07 00:00:00 - 2022-12-07 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,14,0,0,0,0,14,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,28,0,0] + 11 TCP 192.168.1.128:48654 <-> 13.107.42.14:443 [proto: 91.233/TLS.LinkedIn][IP: 276/Azure][Encrypted][Confidence: DPI][cat: SocialNetwork/6][3 pkts/857 bytes <-> 6 pkts/5137 bytes][Goodput ratio: 79/93][0.09 sec][Hostname/SNI: www.linkedin.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.714 (Download)][IAT c2s/s2c min/avg/max/stddev: 27/0 30/12 34/35 4/15][Pkt Len c2s/s2c min/avg/max/stddev: 74/66 286/856 571/1514 209/665][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][ServerNames: www.linkedin.com,linkedin.com,rum5.perf.linkedin.com,exp4.www.linkedin.com,exp3.www.linkedin.com,exp2.www.linkedin.com,exp1.www.linkedin.com,rum2.perf.linkedin.com,rum4.perf.linkedin.com,rum6.perf.linkedin.com,rum17.perf.linkedin.com,rum8.perf.linkedin.com,rum9.perf.linkedin.com,afd.perf.linkedin.com,rum14.perf.linkedin.com,rum18.perf.linkedin.com,rum19.perf.linkedin.com,exp5.www.linkedin.com,realtime.www.linkedin.com,px.ads.linkedin.com,px4.ads.linkedin.com,dc.ads.linkedin.com,lnkd.in,px.jobs.linkedin.com][JA3S: a66ea560599a2f5c89eec8c3a0d69cee][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=Sunnyvale, O=LinkedIn Corporation, CN=www.linkedin.com][Certificate SHA-1: CE:D8:A5:BE:BD:4B:EF:E9:22:C8:0D:55:A6:7A:A6:4A:B8:03:4A:53][Firefox][Validity: 2022-03-01 00:00:00 - 2022-09-01 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,14,0,14,0,0,0,0,0,14,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,42,0,0] + 12 TCP 192.168.1.128:43412 <-> 151.101.193.73:443 [proto: 91.246/TLS.Bloomberg][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Cloud/13][3 pkts/816 bytes <-> 6 pkts/5140 bytes][Goodput ratio: 75/92][0.04 sec][Hostname/SNI: www.bloomberg.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.726 (Download)][IAT c2s/s2c min/avg/max/stddev: 10/0 15/6 20/20 5/8][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 272/857 583/1406 223/565][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][ServerNames: www.bloomberg.com,api.businessweek.com,api.bwbx.io,assets.bwbx.io,byzantium.bloomberg.com,cdn-mobapi.bloomberg.com,cdn-videos.bloomberg.com,cdn.gotraffic.net,charts.bloomberg.com,embeds.bloomberg.com,fastly.bloomberg.tv,feeds.bloomberg.com,fonts.gotraffic.net,staging-assets.bwbx.io,nav.bloomberg.com,sponsored.bloomberg.com,spotlight.bloomberg.com,tictoc.video,www.bbthat.com,www.bloomberg.co.jp,www.bloomberg.co.jp.shared.bloomberga.com,www.bloomberg.com.shared.bloomberga.com,www.bloombergview.com,www.citylab.com,www.citylab.com.shared.bloomberga.com,www.quicktake.video,www.tictoc.video,cdn-api.cmobile.bloomberg.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=US, ST=New York, L=New York, O=Bloomberg LP, CN=www.bloomberg.com][Certificate SHA-1: 88:4A:85:34:1D:E6:C0:BE:5E:C6:14:BB:BA:94:A3:55:92:BA:95:82][Firefox][Validity: 2022-02-22 00:00:00 - 2023-03-24 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,14,0,0,0,0,0,14,0,0,0,0,0,14,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,42,0,0,0,0,0,0] + 13 TCP 192.168.1.128:39828 <-> 40.97.160.2:443 [proto: 91.21/TLS.Outlook][IP: 21/Outlook][Encrypted][Confidence: DPI][cat: Email/3][3 pkts/857 bytes <-> 6 pkts/5097 bytes][Goodput ratio: 79/93][0.55 sec][Hostname/SNI: outlook.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.712 (Download)][IAT c2s/s2c min/avg/max/stddev: 178/0 184/74 190/189 6/90][Pkt Len c2s/s2c min/avg/max/stddev: 74/66 286/850 571/1514 209/672][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][ServerNames: *.internal.outlook.com,*.outlook.com,outlook.com,office365.com,*.office365.com,*.outlook.office365.com,*.office.com,outlook.office.com,substrate.office.com,attachment.outlook.live.net,attachment.outlook.office.net,attachment.outlook.officeppe.net,attachments.office.net,*.clo.footprintdns.com,*.nrb.footprintdns.com,ccs.login.microsoftonline.com,ccs-sdf.login.microsoftonline.com,substrate-sdf.office.com,attachments-sdf.office.net,*.live.com,mail.services.live.com,hotmail.com,*.hotmail.com][JA3S: 71d9ce75f347e6cf54268d7114ae6925][Issuer: C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=outlook.com][Certificate SHA-1: 4E:39:B4:13:4B:8C:77:57:7D:80:3D:76:40:E8:88:22:05:00:1C:58][Firefox][Validity: 2021-12-22 00:00:00 - 2022-12-22 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,14,0,0,14,0,0,0,0,0,14,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,42,0,0] + 14 TCP 192.168.1.128:57878 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][IP: 125/Skype_Teams][Encrypted][Confidence: DPI][cat: Collaborative/15][3 pkts/857 bytes <-> 5 pkts/4534 bytes][Goodput ratio: 79/94][0.08 sec][Hostname/SNI: teams.office.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.682 (Download)][IAT c2s/s2c min/avg/max/stddev: 20/0 32/16 44/36 12/16][Pkt Len c2s/s2c min/avg/max/stddev: 74/66 286/907 571/1514 209/591][TLSv1.2][JA3C: cd08e31494f9531f560d64c695473da9][ServerNames: teams.office.com][JA3S: 104071bf77c5f0d7bae5f17542ba9428][Issuer: C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01][Subject: CN=teams.office.com][Certificate SHA-1: 27:20:65:85:4C:34:BF:09:F0:25:56:B8:50:A7:4D:38:8C:45:82:80][Chrome][Validity: 2021-09-06 22:02:06 - 2022-09-06 22:02:06][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,16,0,0,0,0,0,16,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0] + 15 TCP 192.168.1.128:57336 <-> 23.1.68.189:443 [proto: 91.231/TLS.Playstation][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Game/8][3 pkts/849 bytes <-> 5 pkts/4459 bytes][Goodput ratio: 76/92][0.07 sec][Hostname/SNI: www.playstation.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.680 (Download)][IAT c2s/s2c min/avg/max/stddev: 23/0 24/12 24/23 0/12][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 283/892 583/1514 218/598][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][ServerNames: playstation.com,webforms.playstation.com,www.playstation.com][JA3S: 19e4a55cecd087d9ebf88da03db13a0f][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Mateo, O=SONY INTERACTIVE ENTERTAINMENT LLC, CN=www.playstation.com][Certificate SHA-1: 19:BC:48:84:B7:B0:91:46:45:D5:DD:3B:B5:8D:8E:45:E8:42:1A:8A][Firefox][Validity: 2021-11-19 00:00:00 - 2022-11-18 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,16,0,0,0,0,16,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0] + 16 TCP 192.168.1.128:45014 <-> 129.226.107.210:443 [proto: 91.202/TLS.IFLIX][IP: 285/Tencent][Encrypted][Confidence: DPI][cat: Video/26][3 pkts/792 bytes <-> 5 pkts/4228 bytes][Goodput ratio: 77/93][0.97 sec][Hostname/SNI: www.iflix.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.684 (Download)][IAT c2s/s2c min/avg/max/stddev: 324/0 325/162 326/326 1/163][Pkt Len c2s/s2c min/avg/max/stddev: 74/66 264/846 571/1486 219/582][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][ServerNames: jan18-2022-1.ias.iflix.com,access.iflix.com,accounts.iflix.com,debugaccess.iflix.com,hwvip.iflix.com,iflix.com,live.iflix.com,pbaccess.iflix.com,pbdebugaccess.iflix.com,test.iflix.com,testupload.iflix.com,tv.iflix.com,upload.iflix.com,vplay.iflix.com,www.iflix.com][JA3S: 00447ab319e9d94ba2b4c1248e155917][Issuer: C=US, O=DigiCert Inc, CN=DigiCert Secure Site CN CA G3][Subject: C=CN, ST=Guangdong Province, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=jan18-2022-1.ias.iflix.com][Certificate SHA-1: 6F:FD:C1:38:F4:2A:0B:65:51:9C:0E:11:86:63:B5:58:52:FC:96:B0][Firefox][Validity: 2022-01-18 00:00:00 - 2023-01-17 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,16,0,0,0,0,0,16,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0] + 17 TCP 192.168.1.128:56468 <-> 151.101.192.92:443 [proto: 91.186/TLS.Vevo][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Music/25][3 pkts/816 bytes <-> 5 pkts/4204 bytes][Goodput ratio: 75/92][0.04 sec][Hostname/SNI: vevo.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.675 (Download)][IAT c2s/s2c min/avg/max/stddev: 10/0 14/7 18/18 4/7][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 272/841 583/1406 223/551][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][ServerNames: *.cache.vevo.com,*.cache.vevodev.com,*.cache.vevoprd.com,*.cache.vevostg.com,*.vevodev.com,*.vevoprd.com,*.vevostg.com,stg.vevo.ly,vevo.com,vevo.ly,vevo.pl,vevo.tv,vevoapi.com,vevocdn.com,vevolive.tv,vevosubmit.com,www.vevo.ly,www.vevo.pl,*.vevo.com,*.vevo.ly,*.vevo.pl,*.vevo.tv,*.vevoapi.com,*.vevocdn.com,*.vevolive.tv,*.vevosubmit.com][JA3S: 00447ab319e9d94ba2b4c1248e155917][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2020][Subject: CN=*.cache.vevo.com][Certificate SHA-1: ED:55:58:0E:19:94:FE:95:93:86:88:FE:30:27:DF:43:EB:74:17:C2][Firefox][Validity: 2021-06-01 16:55:32 - 2022-07-03 16:55:31][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,16,0,0,0,0,0,16,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,0,0] + 18 TCP 192.168.1.128:53978 <-> 208.85.40.158:443 [proto: 91.187/TLS.Pandora][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Streaming/17][3 pkts/849 bytes <-> 5 pkts/3932 bytes][Goodput ratio: 76/91][0.68 sec][Hostname/SNI: pandora.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.645 (Download)][IAT c2s/s2c min/avg/max/stddev: 170/0 254/127 339/173 84/73][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 283/786 583/1514 218/607][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][ServerNames: *.pandora.com,pandora.com][JA3S: 7047b9d842ee4b3fba6a86353828c915][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust TLS RSA CA G1][Subject: C=US, ST=California, L=Oakland, O=Pandora Media, LLC, CN=*.pandora.com][Certificate SHA-1: 40:BB:03:6C:E8:D4:7C:D7:72:59:2F:8D:DB:4B:64:4F:8F:C4:EB:AF][Firefox][Validity: 2021-05-12 00:00:00 - 2022-06-12 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,16,0,0,0,0,0,0,16,16,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0] + 19 TCP 192.168.1.128:39302 <-> 95.131.170.91:443 [proto: 91.149/TLS.Tuenti][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: VoIP/10][3 pkts/849 bytes <-> 5 pkts/3703 bytes][Goodput ratio: 76/91][0.14 sec][Hostname/SNI: static.tuenti.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.627 (Download)][IAT c2s/s2c min/avg/max/stddev: 43/0 46/24 50/49 4/24][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 283/741 583/1514 218/647][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][ServerNames: *.tuenti.com,tuenti.com][JA3S: 61be9ce3d068c08ff99a857f62352f9d][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=ES, L=Madrid, O=Tuenti Technologies S.L., CN=*.tuenti.com][Certificate SHA-1: 89:B8:FA:C7:22:04:D2:BE:C5:6E:59:10:31:67:42:B1:3F:6D:F8:3B][Firefox][Validity: 2021-04-05 00:00:00 - 2022-05-06 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,16,0,16,0,0,0,0,0,0,0,0,0,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0] + 20 TCP 192.168.1.128:51248 <-> 95.131.169.91:443 [proto: 91.149/TLS.Tuenti][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: VoIP/10][3 pkts/849 bytes <-> 5 pkts/3703 bytes][Goodput ratio: 76/91][0.14 sec][Hostname/SNI: tuenti.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.627 (Download)][IAT c2s/s2c min/avg/max/stddev: 46/0 47/24 48/47 1/24][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 283/741 583/1514 218/647][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][ServerNames: *.tuenti.com,tuenti.com][JA3S: 61be9ce3d068c08ff99a857f62352f9d][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=ES, L=Madrid, O=Tuenti Technologies S.L., CN=*.tuenti.com][Certificate SHA-1: 89:B8:FA:C7:22:04:D2:BE:C5:6E:59:10:31:67:42:B1:3F:6D:F8:3B][Firefox][Validity: 2021-04-05 00:00:00 - 2022-05-06 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,16,0,16,0,0,0,0,0,0,0,0,0,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0] + 21 UDP 192.168.1.128:36832 <-> 142.250.181.238:443 [proto: 188.72/QUIC.GooglePlus][IP: 126/Google][Encrypted][Confidence: DPI][cat: SocialNetwork/6][1 pkts/1399 bytes <-> 1 pkts/1399 bytes][Goodput ratio: 97/97][0.02 sec][Hostname/SNI: plus.google.com][(Advertised) ALPNs: h3][TLS Supported Versions: TLSv1.3][TLSv1.3][JA3C: b719940c5ab9a3373cb4475d8143ff88][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 22 UDP 192.168.1.128:38642 <-> 216.58.212.142:443 [proto: 188.126/QUIC.Google][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/1399 bytes <-> 1 pkts/1399 bytes][Goodput ratio: 97/97][0.03 sec][Hostname/SNI: hangouts.google.com][(Advertised) ALPNs: h3][TLS Supported Versions: TLSv1.3][TLSv1.3][JA3C: 2a18e6bf307f97c5e27f0ab407dc65db][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 23 TCP 192.168.1.128:40832 <-> 2.17.141.49:443 [proto: 91.179/TLS.eBay][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Shopping/27][2 pkts/657 bytes <-> 2 pkts/1588 bytes][Goodput ratio: 79/91][0.04 sec][Hostname/SNI: www.ebay.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] + 24 TCP 192.168.1.128:42884 <-> 185.125.190.21:443 [proto: 91.169/TLS.UbuntuONE][IP: 169/UbuntuONE][Encrypted][Confidence: DPI][cat: Cloud/13][2 pkts/657 bytes <-> 2 pkts/1588 bytes][Goodput ratio: 79/91][0.06 sec][Hostname/SNI: assets.ubuntu.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] + 25 TCP 192.168.1.128:45898 <-> 15.160.39.187:443 [proto: 91.254/TLS.AppleSiri][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: VirtAssistant/32][2 pkts/657 bytes <-> 2 pkts/1588 bytes][Goodput ratio: 79/91][0.02 sec][Hostname/SNI: guzzoni.apple.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] + 26 TCP 192.168.1.128:46264 <-> 23.51.246.65:443 [proto: 91.231/TLS.Playstation][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Game/8][2 pkts/657 bytes <-> 2 pkts/1588 bytes][Goodput ratio: 79/91][0.03 sec][Hostname/SNI: static.playstation.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] + 27 TCP 192.168.1.128:48140 <-> 23.1.66.79:443 [proto: 91.180/TLS.CNN][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/657 bytes <-> 2 pkts/1588 bytes][Goodput ratio: 79/91][0.04 sec][Hostname/SNI: cdn.cnn.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] + 28 TCP 192.168.1.128:48902 <-> 2.17.140.63:443 [proto: 91.47/TLS.Xbox][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Game/8][2 pkts/657 bytes <-> 2 pkts/1588 bytes][Goodput ratio: 79/91][0.04 sec][Hostname/SNI: account.xbox.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] + 29 TCP 192.168.1.128:51432 <-> 95.101.195.214:443 [proto: 91.137/TLS.Hulu][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Streaming/17][2 pkts/657 bytes <-> 2 pkts/1588 bytes][Goodput ratio: 79/91][0.05 sec][Hostname/SNI: hulu.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] + 30 TCP 192.168.1.128:33664 <-> 108.138.185.106:443 [proto: 91.240/TLS.AmazonVideo][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Video/26][2 pkts/657 bytes <-> 2 pkts/1568 bytes][Goodput ratio: 79/91][0.02 sec][Hostname/SNI: www.primevideo.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] + 31 TCP 192.168.1.128:39934 <-> 104.23.98.190:443 [proto: 91.232/TLS.Pastebin][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: Download/7][2 pkts/645 bytes <-> 2 pkts/1580 bytes][Goodput ratio: 80/92][0.04 sec][Hostname/SNI: pastebin.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][Risk: ** Unsafe Protocol **][Risk Score: 10][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] + 32 TCP 192.168.1.128:43150 <-> 108.138.199.67:443 [proto: 91.210/TLS.Deezer][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Music/25][2 pkts/657 bytes <-> 2 pkts/1568 bytes][Goodput ratio: 79/91][0.02 sec][Hostname/SNI: deezer.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] + 33 TCP 192.168.1.128:51806 <-> 18.66.196.102:443 [proto: 91.234/TLS.SoundCloud][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Music/25][2 pkts/657 bytes <-> 2 pkts/1568 bytes][Goodput ratio: 79/91][0.02 sec][Hostname/SNI: soundcloud.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] + 34 TCP 192.168.1.128:53998 <-> 172.65.251.78:443 [proto: 91.262/TLS.GitLab][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: Collaborative/15][2 pkts/645 bytes <-> 2 pkts/1580 bytes][Goodput ratio: 80/92][0.05 sec][Hostname/SNI: www.gitlab.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] + 35 TCP 192.168.1.128:57014 <-> 108.139.210.102:443 [proto: 91.246/TLS.Bloomberg][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Cloud/13][2 pkts/657 bytes <-> 2 pkts/1568 bytes][Goodput ratio: 79/91][0.04 sec][Hostname/SNI: sourcepointcmp.bloomberg.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] + 36 TCP 192.168.1.128:38858 <-> 142.250.180.142:443 [proto: 91.123/TLS.GoogleMaps][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/657 bytes <-> 2 pkts/1558 bytes][Goodput ratio: 79/91][0.03 sec][Hostname/SNI: maps.google.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] + 37 TCP 192.168.1.128:47122 <-> 35.201.112.136:443 [proto: 91.134/TLS.LastFM][IP: 284/GoogleCloud][Encrypted][Confidence: DPI][cat: Music/25][2 pkts/657 bytes <-> 2 pkts/1558 bytes][Goodput ratio: 79/91][0.02 sec][Hostname/SNI: kerve.last.fm][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] + 38 TCP 192.168.1.128:50608 <-> 142.250.185.206:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/657 bytes <-> 2 pkts/1558 bytes][Goodput ratio: 79/91][0.04 sec][Hostname/SNI: googleplus.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] + 39 TCP 192.168.1.128:56458 <-> 142.250.185.142:443 [proto: 91.217/TLS.GoogleDrive][IP: 126/Google][Encrypted][Confidence: DPI][cat: Cloud/13][2 pkts/657 bytes <-> 2 pkts/1558 bytes][Goodput ratio: 79/91][0.04 sec][Hostname/SNI: drive.google.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] + 40 TCP 192.168.1.128:35054 <-> 31.222.67.112:443 [proto: 91.279/TLS.Badoo][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][2 pkts/645 bytes <-> 2 pkts/1500 bytes][Goodput ratio: 80/92][0.09 sec][Hostname/SNI: www.badoo.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0] + 41 TCP 192.168.1.128:46084 <-> 146.75.62.167:443 [proto: 91.195/TLS.Twitch][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Video/26][2 pkts/657 bytes <-> 2 pkts/1480 bytes][Goodput ratio: 79/90][0.05 sec][Hostname/SNI: gql.twitch.tv][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0] + 42 UDP 192.168.1.123:59102 -> 216.58.209.46:443 [proto: 188.281/QUIC.GoogleClassroom][IP: 126/Google][Encrypted][Confidence: DPI][cat: Collaborative/15][1 pkts/1292 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: classroom.google.com][(Advertised) ALPNs: h3][TLS Supported Versions: TLSv1.3][User-Agent: Chrome/97.0.4692.99 Windows NT 10.0; Win64; x64][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][JA3C: a27a03a8478393fe7f8958648bb71ff4][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] + 43 TCP 192.168.12.169:46160 <-> 69.171.250.20:443 [proto: 91.157/TLS.Messenger][IP: 119/Facebook][Encrypted][Confidence: DPI][cat: Chat/9][2 pkts/521 bytes <-> 2 pkts/356 bytes][Goodput ratio: 73/61][0.02 sec][Hostname/SNI: edge-mqtt.facebook.com][(Advertised) ALPNs: h2;h2-fb][TLS Supported Versions: TLSv1.3;TLSv1.3 (Fizz)][TLSv1.3 (Fizz)][JA3C: 44dab16d680ef93487bc16ad23b3ffb1][JA3S: fcb2d4d0991292272fcb1e464eedfd43][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 44 TCP 192.168.1.128:39036 <-> 69.191.252.15:80 [proto: 7/HTTP][IP: 246/Bloomberg][ClearText][Confidence: Match by port][cat: Web/5][7 pkts/518 bytes <-> 1 pkts/78 bytes][Goodput ratio: 0/0][65.08 sec][bytes ratio: 0.738 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1012/0 10830/0 33535/0 11329/0][Pkt Len c2s/s2c min/avg/max/stddev: 74/78 74/78 74/78 0/0][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 45 TCP 192.168.1.128:44954 <-> 34.96.123.111:80 [proto: 7/HTTP][IP: 284/GoogleCloud][ClearText][Confidence: Match by port][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/74 bytes][Goodput ratio: 0/0][0.01 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 46 TCP 192.168.1.128:45936 <-> 208.85.40.158:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/74 bytes][Goodput ratio: 0/0][0.17 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/snapchat.pcap.out b/tests/result/snapchat.pcap.out index c2c258237..a526a692a 100644 --- a/tests/result/snapchat.pcap.out +++ b/tests/result/snapchat.pcap.out @@ -27,6 +27,6 @@ JA3 Host Stats: 1 10.8.0.1 2 - 1 TCP 10.8.0.1:56193 <-> 74.125.136.141:443 [proto: 91.199/TLS.Snapchat][IP: 126/Google][Encrypted][Confidence: DPI][cat: SocialNetwork/6][9 pkts/2290 bytes <-> 8 pkts/1653 bytes][Goodput ratio: 78/74][0.72 sec][Hostname/SNI: feelinsonice-hrd.appspot.com][ALPN: http/1.1][bytes ratio: 0.162 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 102/102 503/453 172/166][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 254/207 590/1123 237/350][TLSv1.2][JA3C: fded31ac9b978e56ce306f8056092f2a][JA3S: 7bee5c1d424b7e5f943b06983bb11422][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,14,0,0,28,0,0,0,0,0,0,0,0,0,0,0,42,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 2 TCP 10.8.0.1:44536 <-> 74.125.136.141:443 [proto: 91.199/TLS.Snapchat][IP: 126/Google][Encrypted][Confidence: DPI][cat: SocialNetwork/6][9 pkts/2345 bytes <-> 8 pkts/1032 bytes][Goodput ratio: 78/58][0.57 sec][Hostname/SNI: feelinsonice-hrd.appspot.com][ALPN: http/1.1][bytes ratio: 0.389 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 81/86 403/353 142/131][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 261/129 590/502 236/150][TLSv1.2][JA3C: fded31ac9b978e56ce306f8056092f2a][JA3S: 7bee5c1d424b7e5f943b06983bb11422][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,14,0,0,14,0,14,0,0,0,0,0,0,0,14,0,42,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 TCP 10.8.0.1:56193 <-> 74.125.136.141:443 [proto: 91.199/TLS.Snapchat][IP: 126/Google][Encrypted][Confidence: DPI][cat: SocialNetwork/6][9 pkts/2290 bytes <-> 8 pkts/1653 bytes][Goodput ratio: 78/74][0.72 sec][Hostname/SNI: feelinsonice-hrd.appspot.com][(Advertised) ALPNs: http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: 0.162 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 102/102 503/453 172/166][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 254/207 590/1123 237/350][TLSv1.2][JA3C: fded31ac9b978e56ce306f8056092f2a][JA3S: 7bee5c1d424b7e5f943b06983bb11422][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,14,0,0,28,0,0,0,0,0,0,0,0,0,0,0,42,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 TCP 10.8.0.1:44536 <-> 74.125.136.141:443 [proto: 91.199/TLS.Snapchat][IP: 126/Google][Encrypted][Confidence: DPI][cat: SocialNetwork/6][9 pkts/2345 bytes <-> 8 pkts/1032 bytes][Goodput ratio: 78/58][0.57 sec][Hostname/SNI: feelinsonice-hrd.appspot.com][(Advertised) ALPNs: http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: 0.389 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 81/86 403/353 142/131][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 261/129 590/502 236/150][TLSv1.2][JA3C: fded31ac9b978e56ce306f8056092f2a][JA3S: 7bee5c1d424b7e5f943b06983bb11422][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,14,0,0,14,0,14,0,0,0,0,0,0,0,14,0,42,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 10.8.0.1:33233 <-> 74.125.136.141:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][11 pkts/1910 bytes <-> 11 pkts/969 bytes][Goodput ratio: 68/39][2.27 sec][bytes ratio: 0.327 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 283/283 2052/2000 670/650][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 174/88 590/292 163/75][Risk: ** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 60][Risk Info: No ALPN][TLSv1.2][JA3C: 36e9ceaa96dd810482573844f78a063f][JA3S: fbe78c619e7ea20046131294ad087f05][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,12,0,0,12,12,0,25,12,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/ssl-cert-name-mismatch.pcap.out b/tests/result/ssl-cert-name-mismatch.pcap.out index d6386ec65..bbed66d90 100644 --- a/tests/result/ssl-cert-name-mismatch.pcap.out +++ b/tests/result/ssl-cert-name-mismatch.pcap.out @@ -26,4 +26,4 @@ JA3 Host Stats: 1 192.168.2.222 1 - 1 TCP 192.168.2.222:54772 <-> 104.154.89.105:443 [proto: 91/TLS][IP: 284/GoogleCloud][Encrypted][Confidence: DPI][cat: Web/5][11 pkts/1136 bytes <-> 10 pkts/4276 bytes][Goodput ratio: 35/84][0.72 sec][Hostname/SNI: wrong.host.badssl.com][ALPN: http/1.1][bytes ratio: -0.580 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 79/48 167/160 64/68][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103/428 311/1474 70/548][TLSv1.2][JA3C: 4e69e4e5627c5e4c2846ba3e64d23fb9][ServerNames: *.badssl.com,badssl.com][JA3S: b898351eb5e266aefd3723d466935494][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=Walnut Creek, O=Lucas Garron Torres, CN=*.badssl.com][Certificate SHA-1: 18:45:B2:16:EF:D0:83:9A:18:51:A9:57:32:5D:A3:36:21:70:49:CB][Firefox][Validity: 2020-03-23 00:00:00 - 2022-05-17 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,12,12,0,0,0,0,12,12,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0] + 1 TCP 192.168.2.222:54772 <-> 104.154.89.105:443 [proto: 91/TLS][IP: 284/GoogleCloud][Encrypted][Confidence: DPI][cat: Web/5][11 pkts/1136 bytes <-> 10 pkts/4276 bytes][Goodput ratio: 35/84][0.72 sec][Hostname/SNI: wrong.host.badssl.com][(Advertised) ALPNs: http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.580 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 79/48 167/160 64/68][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103/428 311/1474 70/548][TLSv1.2][JA3C: 4e69e4e5627c5e4c2846ba3e64d23fb9][ServerNames: *.badssl.com,badssl.com][JA3S: b898351eb5e266aefd3723d466935494][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=Walnut Creek, O=Lucas Garron Torres, CN=*.badssl.com][Certificate SHA-1: 18:45:B2:16:EF:D0:83:9A:18:51:A9:57:32:5D:A3:36:21:70:49:CB][Firefox][Validity: 2020-03-23 00:00:00 - 2022-05-17 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,12,12,0,0,0,0,12,12,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0] diff --git a/tests/result/teams.pcap.out b/tests/result/teams.pcap.out index d61c67df2..ad2d6ddd4 100644 --- a/tests/result/teams.pcap.out +++ b/tests/result/teams.pcap.out @@ -19,7 +19,7 @@ Automa host: 85/71 (search/found) Automa domain: 85/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 21/0 (search/found) -Automa common alpns: 12/12 (search/found) +Automa common alpns: 67/67 (search/found) Patricia risk mask: 156/0 (search/found) Patricia risk: 2/0 (search/found) Patricia protocols: 125/48 (search/found) @@ -46,47 +46,47 @@ JA3 Host Stats: 1 192.168.1.6 6 - 1 TCP 192.168.1.6:60536 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][IP: 125/Skype_Teams][Encrypted][Confidence: DPI][cat: Collaborative/15][614 pkts/242051 bytes <-> 686 pkts/579301 bytes][Goodput ratio: 86/93][19.89 sec][Hostname/SNI: teams.microsoft.com][ALPN: h2;http/1.1][bytes ratio: -0.411 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 38/23 3909/3921 278/223][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 394/844 1494/1506 582/685][TLSv1.2][JA3C: 74d5fa154a7fc0a7c655d8eaa34b89bf][ServerNames: teams.microsoft.com][JA3S: 0f14538e1c9070becdad7739c67d6363][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=teams.microsoft.com][Certificate SHA-1: 68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E][Validity: 2019-09-12 18:16:45 - 2021-09-12 18:16:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,1,2,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,91,0,0] + 1 TCP 192.168.1.6:60536 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][IP: 125/Skype_Teams][Encrypted][Confidence: DPI][cat: Collaborative/15][614 pkts/242051 bytes <-> 686 pkts/579301 bytes][Goodput ratio: 86/93][19.89 sec][Hostname/SNI: teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.411 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 38/23 3909/3921 278/223][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 394/844 1494/1506 582/685][TLSv1.2][JA3C: 74d5fa154a7fc0a7c655d8eaa34b89bf][ServerNames: teams.microsoft.com][JA3S: 0f14538e1c9070becdad7739c67d6363][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=teams.microsoft.com][Certificate SHA-1: 68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E][Validity: 2019-09-12 18:16:45 - 2021-09-12 18:16:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,1,2,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,91,0,0] 2 TCP 192.168.1.6:60543 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Cloud/13][67 pkts/86089 bytes <-> 40 pkts/7347 bytes][Goodput ratio: 95/64][0.72 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.843 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/16 152/86 28/26][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1285/184 1494/1506 497/372][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: a1674500365bdd882188db63730e69a2][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 1,1,1,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,89,3,0,0] 3 TCP 192.168.1.6:60532 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Cloud/13][49 pkts/58592 bytes <-> 28 pkts/6555 bytes][Goodput ratio: 94/72][0.71 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.799 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/29 177/221 32/57][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1196/234 1494/1506 564/435][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: a1674500365bdd882188db63730e69a2][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 2,2,2,0,0,2,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,81,4,0,0] 4 TCP 192.168.1.6:60554 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][IP: 125/Skype_Teams][Encrypted][Confidence: DPI][cat: Collaborative/15][24 pkts/2746 bytes <-> 28 pkts/30546 bytes][Goodput ratio: 52/95][0.23 sec][Hostname/SNI: config.teams.microsoft.com][bytes ratio: -0.835 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/9 21/140 7/29][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 114/1091 1136/1506 217/607][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][ServerNames: *.config.teams.microsoft.com,config.teams.microsoft.com][JA3S: 7d8fd34fdb13a7fff30d5a52846b6c4c][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=config.teams.microsoft.com][Certificate SHA-1: B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA][Firefox][Validity: 2019-12-11 02:04:20 - 2021-12-11 02:04:20][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,7,0,3,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,0,0,0,7,0,0,0,0,0,65,0,0] 5 TCP 192.168.1.6:60561 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Cloud/13][23 pkts/19184 bytes <-> 14 pkts/5643 bytes][Goodput ratio: 92/83][0.82 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.545 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/44 161/136 43/48][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 834/403 1494/1506 690/567][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: a1674500365bdd882188db63730e69a2][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 4,4,4,0,0,0,9,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,60,9,0,0] 6 TCP 192.168.1.6:60535 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Cloud/13][21 pkts/16793 bytes <-> 13 pkts/5565 bytes][Goodput ratio: 92/84][0.33 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.502 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/18 48/49 17/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 800/428 1494/1506 681/581][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: a1674500365bdd882188db63730e69a2][Safari][Plen Bins: 5,5,5,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,53,10,0,0] 7 TCP 192.168.1.6:60559 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Cloud/13][21 pkts/15525 bytes <-> 12 pkts/5499 bytes][Goodput ratio: 91/85][0.35 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.477 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/21 52/51 22/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 739/458 1494/1506 682/595][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: a1674500365bdd882188db63730e69a2][Safari][Plen Bins: 5,5,5,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,5,0,0,52,11,0,0] - 8 TCP 192.168.1.6:60545 <-> 52.114.77.58:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Collaborative/15][49 pkts/7568 bytes <-> 34 pkts/11426 bytes][Goodput ratio: 65/83][9.23 sec][Hostname/SNI: presence.teams.microsoft.com][ALPN: h2;http/1.1][bytes ratio: -0.203 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 226/294 4927/4971 803/983][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 154/336 1494/1506 217/458][TLSv1.2][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][Plen Bins: 0,21,17,10,8,6,4,0,6,2,0,0,2,6,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0] - 9 TCP 192.168.1.6:60549 <-> 13.107.18.11:443 [proto: 91.219/TLS.Microsoft365][IP: 21/Outlook][Encrypted][Confidence: DPI][cat: Collaborative/15][28 pkts/7696 bytes <-> 26 pkts/9797 bytes][Goodput ratio: 80/85][1.16 sec][Hostname/SNI: substrate.office.com][ALPN: h2;http/1.1][bytes ratio: -0.120 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 47/23 539/167 115/43][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 275/377 1494/1506 397/471][TLSv1.2][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][ServerNames: outlook.office.com,attachment.outlook.office.net,attachment.outlook.officeppe.net,bookings.office.com,delve.office.com,edge.outlook.office365.com,edgesdf.outlook.com,img.delve.office.com,outlook.live.com,outlook-sdf.live.com,outlook-sdf.office.com,sdfedge-pilot.outlook.com,substrate.office.com,substrate-sdf.office.com,afd-k-acdc-direct.office.com,beta-sdf.yammer.com,teams-sdf.yammer.com,beta.yammer.com,teams.yammer.com,attachments.office.net,attachments-sdf.office.net,afd-k.office.com,afd-k-sdf.office.com][JA3S: a66ea560599a2f5c89eec8c3a0d69cee][Issuer: C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Outlook.office.com][Certificate SHA-1: AA:D3:F5:66:06:48:AA:F8:8E:9B:79:D6:7F:1D:53:EA:3F:97:03:A2][Validity: 2019-07-12 00:00:00 - 2021-07-12 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,22,7,0,7,0,7,0,0,3,3,0,0,0,3,0,7,0,3,0,10,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0] + 8 TCP 192.168.1.6:60545 <-> 52.114.77.58:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Collaborative/15][49 pkts/7568 bytes <-> 34 pkts/11426 bytes][Goodput ratio: 65/83][9.23 sec][Hostname/SNI: presence.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.203 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 226/294 4927/4971 803/983][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 154/336 1494/1506 217/458][TLSv1.2][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][Plen Bins: 0,21,17,10,8,6,4,0,6,2,0,0,2,6,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0] + 9 TCP 192.168.1.6:60549 <-> 13.107.18.11:443 [proto: 91.219/TLS.Microsoft365][IP: 21/Outlook][Encrypted][Confidence: DPI][cat: Collaborative/15][28 pkts/7696 bytes <-> 26 pkts/9797 bytes][Goodput ratio: 80/85][1.16 sec][Hostname/SNI: substrate.office.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.120 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 47/23 539/167 115/43][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 275/377 1494/1506 397/471][TLSv1.2][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][ServerNames: outlook.office.com,attachment.outlook.office.net,attachment.outlook.officeppe.net,bookings.office.com,delve.office.com,edge.outlook.office365.com,edgesdf.outlook.com,img.delve.office.com,outlook.live.com,outlook-sdf.live.com,outlook-sdf.office.com,sdfedge-pilot.outlook.com,substrate.office.com,substrate-sdf.office.com,afd-k-acdc-direct.office.com,beta-sdf.yammer.com,teams-sdf.yammer.com,beta.yammer.com,teams.yammer.com,attachments.office.net,attachments-sdf.office.net,afd-k.office.com,afd-k-sdf.office.com][JA3S: a66ea560599a2f5c89eec8c3a0d69cee][Issuer: C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Outlook.office.com][Certificate SHA-1: AA:D3:F5:66:06:48:AA:F8:8E:9B:79:D6:7F:1D:53:EA:3F:97:03:A2][Validity: 2019-07-12 00:00:00 - 2021-07-12 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,22,7,0,7,0,7,0,0,3,3,0,0,0,3,0,7,0,3,0,10,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0] 10 TCP 192.168.1.6:60548 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Cloud/13][18 pkts/12047 bytes <-> 11 pkts/5433 bytes][Goodput ratio: 90/86][0.32 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.378 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/23 51/51 21/23][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 669/494 1494/1506 669/609][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: a1674500365bdd882188db63730e69a2][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 6,6,6,0,0,0,6,0,0,0,0,0,0,6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,44,12,0,0] - 11 TCP 192.168.1.6:60533 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][IP: 125/Skype_Teams][Encrypted][Confidence: DPI][cat: Collaborative/15][20 pkts/1861 bytes <-> 20 pkts/12980 bytes][Goodput ratio: 41/91][0.10 sec][Hostname/SNI: teams.microsoft.com][ALPN: h2;http/1.1][bytes ratio: -0.749 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/4 29/29 8/8][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 93/649 312/1506 76/603][TLSv1.2][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][ServerNames: teams.microsoft.com][JA3S: 0f14538e1c9070becdad7739c67d6363][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=teams.microsoft.com][Certificate SHA-1: 68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E][Validity: 2019-09-12 18:16:45 - 2021-09-12 18:16:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,15,10,0,5,0,10,0,5,0,5,0,0,0,0,0,5,0,0,10,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0] - 12 TCP 192.168.1.6:60540 <-> 52.114.75.70:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Collaborative/15][14 pkts/5711 bytes <-> 10 pkts/8093 bytes][Goodput ratio: 83/92][0.13 sec][Hostname/SNI: eu-prod.asyncgw.teams.microsoft.com][ALPN: h2;http/1.1][bytes ratio: -0.173 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/9 32/32 13/14][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 408/809 1494/1506 517/688][TLSv1.2][JA3C: 74d5fa154a7fc0a7c655d8eaa34b89bf][Plen Bins: 0,7,0,7,0,0,0,15,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,15,31,0,0] + 11 TCP 192.168.1.6:60533 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][IP: 125/Skype_Teams][Encrypted][Confidence: DPI][cat: Collaborative/15][20 pkts/1861 bytes <-> 20 pkts/12980 bytes][Goodput ratio: 41/91][0.10 sec][Hostname/SNI: teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.749 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/4 29/29 8/8][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 93/649 312/1506 76/603][TLSv1.2][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][ServerNames: teams.microsoft.com][JA3S: 0f14538e1c9070becdad7739c67d6363][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=teams.microsoft.com][Certificate SHA-1: 68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E][Validity: 2019-09-12 18:16:45 - 2021-09-12 18:16:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,15,10,0,5,0,10,0,5,0,5,0,0,0,0,0,5,0,0,10,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0] + 12 TCP 192.168.1.6:60540 <-> 52.114.75.70:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Collaborative/15][14 pkts/5711 bytes <-> 10 pkts/8093 bytes][Goodput ratio: 83/92][0.13 sec][Hostname/SNI: eu-prod.asyncgw.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.173 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/9 32/32 13/14][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 408/809 1494/1506 517/688][TLSv1.2][JA3C: 74d5fa154a7fc0a7c655d8eaa34b89bf][Plen Bins: 0,7,0,7,0,0,0,15,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,15,31,0,0] 13 TCP 192.168.1.6:60537 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Cloud/13][16 pkts/8418 bytes <-> 10 pkts/5367 bytes][Goodput ratio: 87/88][0.27 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.221 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/27 46/46 20/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 526/537 1494/1506 639/623][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: a1674500365bdd882188db63730e69a2][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 7,7,7,0,0,0,7,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,7,0,0,31,15,0,0] 14 TCP 192.168.1.6:60555 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Cloud/13][18 pkts/5861 bytes <-> 13 pkts/7901 bytes][Goodput ratio: 80/89][2.79 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: -0.148 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 192/269 2443/2490 625/741][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 326/608 1494/1506 448/617][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Firefox][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,16,11,0,0,5,0,0,0,5,5,0,0,11,0,5,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,22,0,0] 15 UDP 192.168.1.6:51681 <-> 52.114.77.136:3478 [proto: 78/STUN][IP: 276/Azure][ClearText][Confidence: DPI (partial)][cat: Network/14][14 pkts/5838 bytes <-> 17 pkts/7907 bytes][Goodput ratio: 90/91][4.57 sec][bytes ratio: -0.151 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 347/256 2336/2336 693/595][Pkt Len c2s/s2c min/avg/max/stddev: 79/79 417/465 1243/1227 434/401][PLAIN TEXT (TBHSWF)][Plen Bins: 0,36,0,0,0,12,6,0,3,6,0,0,0,3,0,0,0,0,0,0,0,0,0,6,6,0,0,0,0,0,3,0,3,3,0,0,0,9,0,0,0,0,0,0,0,0,0,0] - 16 TCP 192.168.1.6:60547 <-> 52.114.88.59:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Collaborative/15][20 pkts/3926 bytes <-> 15 pkts/8828 bytes][Goodput ratio: 66/89][0.32 sec][Hostname/SNI: chatsvcagg.teams.microsoft.com][ALPN: h2;http/1.1][bytes ratio: -0.384 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/25 91/80 23/31][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 196/589 1494/1506 320/612][TLSv1.2][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][Plen Bins: 0,21,10,5,0,5,10,5,0,0,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,5,21,0,0] - 17 TCP 192.168.1.6:60565 <-> 52.114.108.8:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Collaborative/15][19 pkts/3306 bytes <-> 14 pkts/9053 bytes][Goodput ratio: 61/90][0.43 sec][Hostname/SNI: emea.ng.msg.teams.microsoft.com][ALPN: h2;http/1.1][bytes ratio: -0.465 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27/12 276/54 68/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 174/647 1060/1506 238/633][TLSv1.2][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][Plen Bins: 0,22,16,5,0,0,5,0,0,0,0,0,0,5,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,22,0,0] - 18 TCP 192.168.1.6:60541 <-> 52.114.75.69:443 [proto: 91.125/TLS.Skype_Teams][IP: 276/Azure][Encrypted][Confidence: DPI][cat: VoIP/10][13 pkts/4051 bytes <-> 9 pkts/7973 bytes][Goodput ratio: 79/92][0.14 sec][Hostname/SNI: eu-api.asm.skype.com][ALPN: h2;http/1.1][bytes ratio: -0.326 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/11 31/36 14/16][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 312/886 1494/1506 422/676][TLSv1.2][JA3C: 74d5fa154a7fc0a7c655d8eaa34b89bf][ServerNames: *.asm.skype.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=*.asm.skype.com][Certificate SHA-1: B9:41:1D:AE:56:09:68:D2:07:D0:69:E1:68:00:08:2B:EF:63:1E:48][Validity: 2019-05-07 12:50:03 - 2021-05-07 12:50:03][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,8,0,8,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8,34,0,0] - 19 TCP 192.168.1.6:60556 <-> 40.126.9.7:443 [proto: 91.219/TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Collaborative/15][15 pkts/4178 bytes <-> 12 pkts/7795 bytes][Goodput ratio: 76/90][0.43 sec][Hostname/SNI: login.microsoftonline.com][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.302 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/45 105/135 29/49][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 279/650 1494/1506 415/671][TLSv1.2][JA3C: a69708a64f853c3bcc214c2c5faf84f3][Safari][Plen Bins: 7,7,0,15,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,7,31,0,0] - 20 TCP 192.168.1.6:60560 <-> 40.126.9.67:443 [proto: 91.219/TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Collaborative/15][14 pkts/4099 bytes <-> 12 pkts/7812 bytes][Goodput ratio: 77/90][0.36 sec][Hostname/SNI: login.microsoftonline.com][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.312 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/20 107/54 31/21][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 293/651 1494/1506 427/672][TLSv1.2][JA3C: a69708a64f853c3bcc214c2c5faf84f3][ServerNames: login.microsoftonline.com,login.microsoftonline-p.com,loginex.microsoftonline.com,login2.microsoftonline.com,stamp2.login.microsoftonline-int.com,login.microsoftonline-int.com,loginex.microsoftonline-int.com,login2.microsoftonline-int.com,stamp2.login.microsoftonline.com][JA3S: 678aeaf909676262acfb913ccb78a126][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=stamp2.login.microsoftonline.com][Certificate SHA-1: 7E:0F:A2:51:8F:FB:49:30:C3:34:07:5E:F8:7C:FD:34:20:A2:96:63][Safari][Validity: 2018-09-24 21:49:30 - 2020-09-24 21:49:30][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 7,7,0,15,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,7,31,0,0] - 21 TCP 192.168.1.6:60544 <-> 52.114.76.48:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Collaborative/15][21 pkts/3510 bytes <-> 17 pkts/8350 bytes][Goodput ratio: 67/89][9.73 sec][Hostname/SNI: northeurope.notifications.teams.microsoft.com][ALPN: h2;http/1.1][bytes ratio: -0.408 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 34/743 403/8978 94/2380][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 167/491 1114/1506 247/578][TLSv1.2][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][Plen Bins: 0,21,10,0,5,0,0,10,5,0,0,15,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,21,0,0] - 22 TCP 192.168.1.6:60562 <-> 104.40.187.151:443 [proto: 91/TLS][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Web/5][19 pkts/3484 bytes <-> 13 pkts/8009 bytes][Goodput ratio: 63/89][0.29 sec][Hostname/SNI: api.microsoftstream.com][ALPN: h2;http/1.1][bytes ratio: -0.394 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/12 45/45 15/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 183/616 1379/1506 297/613][TLSv1.2][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][Plen Bins: 0,22,22,0,0,0,5,5,0,0,0,5,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,22,0,0] - 23 TCP 192.168.1.6:60563 <-> 52.169.186.119:443 [proto: 91/TLS][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Web/5][17 pkts/3244 bytes <-> 12 pkts/8152 bytes][Goodput ratio: 65/90][0.22 sec][Hostname/SNI: euno-1.api.microsoftstream.com][ALPN: h2;http/1.1][bytes ratio: -0.431 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/13 69/48 22/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 191/679 1352/1506 306/618][TLSv1.2][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][Plen Bins: 0,18,18,0,0,0,6,6,0,0,0,6,0,0,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,25,0,0] + 16 TCP 192.168.1.6:60547 <-> 52.114.88.59:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Collaborative/15][20 pkts/3926 bytes <-> 15 pkts/8828 bytes][Goodput ratio: 66/89][0.32 sec][Hostname/SNI: chatsvcagg.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.384 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/25 91/80 23/31][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 196/589 1494/1506 320/612][TLSv1.2][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][Plen Bins: 0,21,10,5,0,5,10,5,0,0,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,5,21,0,0] + 17 TCP 192.168.1.6:60565 <-> 52.114.108.8:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Collaborative/15][19 pkts/3306 bytes <-> 14 pkts/9053 bytes][Goodput ratio: 61/90][0.43 sec][Hostname/SNI: emea.ng.msg.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.465 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27/12 276/54 68/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 174/647 1060/1506 238/633][TLSv1.2][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][Plen Bins: 0,22,16,5,0,0,5,0,0,0,0,0,0,5,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,22,0,0] + 18 TCP 192.168.1.6:60541 <-> 52.114.75.69:443 [proto: 91.125/TLS.Skype_Teams][IP: 276/Azure][Encrypted][Confidence: DPI][cat: VoIP/10][13 pkts/4051 bytes <-> 9 pkts/7973 bytes][Goodput ratio: 79/92][0.14 sec][Hostname/SNI: eu-api.asm.skype.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.326 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/11 31/36 14/16][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 312/886 1494/1506 422/676][TLSv1.2][JA3C: 74d5fa154a7fc0a7c655d8eaa34b89bf][ServerNames: *.asm.skype.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=*.asm.skype.com][Certificate SHA-1: B9:41:1D:AE:56:09:68:D2:07:D0:69:E1:68:00:08:2B:EF:63:1E:48][Validity: 2019-05-07 12:50:03 - 2021-05-07 12:50:03][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,8,0,8,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8,34,0,0] + 19 TCP 192.168.1.6:60556 <-> 40.126.9.7:443 [proto: 91.219/TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Collaborative/15][15 pkts/4178 bytes <-> 12 pkts/7795 bytes][Goodput ratio: 76/90][0.43 sec][Hostname/SNI: login.microsoftonline.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.302 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/45 105/135 29/49][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 279/650 1494/1506 415/671][TLSv1.2][JA3C: a69708a64f853c3bcc214c2c5faf84f3][Safari][Plen Bins: 7,7,0,15,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,7,31,0,0] + 20 TCP 192.168.1.6:60560 <-> 40.126.9.67:443 [proto: 91.219/TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Collaborative/15][14 pkts/4099 bytes <-> 12 pkts/7812 bytes][Goodput ratio: 77/90][0.36 sec][Hostname/SNI: login.microsoftonline.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.312 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/20 107/54 31/21][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 293/651 1494/1506 427/672][TLSv1.2][JA3C: a69708a64f853c3bcc214c2c5faf84f3][ServerNames: login.microsoftonline.com,login.microsoftonline-p.com,loginex.microsoftonline.com,login2.microsoftonline.com,stamp2.login.microsoftonline-int.com,login.microsoftonline-int.com,loginex.microsoftonline-int.com,login2.microsoftonline-int.com,stamp2.login.microsoftonline.com][JA3S: 678aeaf909676262acfb913ccb78a126][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=stamp2.login.microsoftonline.com][Certificate SHA-1: 7E:0F:A2:51:8F:FB:49:30:C3:34:07:5E:F8:7C:FD:34:20:A2:96:63][Safari][Validity: 2018-09-24 21:49:30 - 2020-09-24 21:49:30][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 7,7,0,15,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,7,31,0,0] + 21 TCP 192.168.1.6:60544 <-> 52.114.76.48:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Collaborative/15][21 pkts/3510 bytes <-> 17 pkts/8350 bytes][Goodput ratio: 67/89][9.73 sec][Hostname/SNI: northeurope.notifications.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.408 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 34/743 403/8978 94/2380][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 167/491 1114/1506 247/578][TLSv1.2][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][Plen Bins: 0,21,10,0,5,0,0,10,5,0,0,15,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,21,0,0] + 22 TCP 192.168.1.6:60562 <-> 104.40.187.151:443 [proto: 91/TLS][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Web/5][19 pkts/3484 bytes <-> 13 pkts/8009 bytes][Goodput ratio: 63/89][0.29 sec][Hostname/SNI: api.microsoftstream.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.394 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/12 45/45 15/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 183/616 1379/1506 297/613][TLSv1.2][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][Plen Bins: 0,22,22,0,0,0,5,5,0,0,0,5,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,22,0,0] + 23 TCP 192.168.1.6:60563 <-> 52.169.186.119:443 [proto: 91/TLS][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Web/5][17 pkts/3244 bytes <-> 12 pkts/8152 bytes][Goodput ratio: 65/90][0.22 sec][Hostname/SNI: euno-1.api.microsoftstream.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.431 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/13 69/48 22/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 191/679 1352/1506 306/618][TLSv1.2][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][Plen Bins: 0,18,18,0,0,0,6,6,0,0,0,6,0,0,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,25,0,0] 24 TCP 192.168.1.6:60552 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Cloud/13][14 pkts/5842 bytes <-> 11 pkts/5445 bytes][Goodput ratio: 84/86][0.66 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.035 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 22/71 143/237 42/77][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 417/495 1494/1506 527/609][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: a1674500365bdd882188db63730e69a2][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 8,8,8,0,0,0,8,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,16,16,0,0] - 25 TCP 192.168.1.6:60542 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][IP: 125/Skype_Teams][Encrypted][Confidence: DPI][cat: Collaborative/15][18 pkts/2750 bytes <-> 19 pkts/8360 bytes][Goodput ratio: 64/87][2.95 sec][Hostname/SNI: config.teams.microsoft.com][ALPN: h2;http/1.1][bytes ratio: -0.505 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 197/61 1998/468 513/122][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 153/440 575/1506 158/563][TLSv1.2][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][ServerNames: *.config.teams.microsoft.com,config.teams.microsoft.com][JA3S: 0f14538e1c9070becdad7739c67d6363][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=config.teams.microsoft.com][Certificate SHA-1: B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA][Validity: 2019-12-11 02:04:20 - 2021-12-11 02:04:20][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,11,11,0,11,0,11,0,0,11,5,0,5,5,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0] - 26 TCP 192.168.1.6:60568 <-> 40.79.138.41:443 [proto: 91/TLS][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Web/5][12 pkts/2175 bytes <-> 9 pkts/8211 bytes][Goodput ratio: 62/93][0.18 sec][Hostname/SNI: gate.hockeyapp.net][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.581 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/22 37/68 16/23][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 181/912 599/1506 178/631][TLSv1.2][JA3C: a69708a64f853c3bcc214c2c5faf84f3][Safari][Plen Bins: 0,0,0,9,0,9,0,9,0,0,0,0,9,0,0,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,36,0,0] - 27 TCP 192.168.1.6:60564 <-> 40.79.138.41:443 [proto: 91/TLS][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Web/5][12 pkts/2159 bytes <-> 9 pkts/8211 bytes][Goodput ratio: 62/93][0.17 sec][Hostname/SNI: gate.hockeyapp.net][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.584 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 12/20 33/42 14/18][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 180/912 599/1506 176/631][TLSv1.2][JA3C: a69708a64f853c3bcc214c2c5faf84f3][Safari][Plen Bins: 0,0,0,9,0,9,0,9,0,0,0,0,9,0,0,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,36,0,0] + 25 TCP 192.168.1.6:60542 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][IP: 125/Skype_Teams][Encrypted][Confidence: DPI][cat: Collaborative/15][18 pkts/2750 bytes <-> 19 pkts/8360 bytes][Goodput ratio: 64/87][2.95 sec][Hostname/SNI: config.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.505 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 197/61 1998/468 513/122][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 153/440 575/1506 158/563][TLSv1.2][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][ServerNames: *.config.teams.microsoft.com,config.teams.microsoft.com][JA3S: 0f14538e1c9070becdad7739c67d6363][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=config.teams.microsoft.com][Certificate SHA-1: B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA][Validity: 2019-12-11 02:04:20 - 2021-12-11 02:04:20][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,11,11,0,11,0,11,0,0,11,5,0,5,5,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0] + 26 TCP 192.168.1.6:60568 <-> 40.79.138.41:443 [proto: 91/TLS][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Web/5][12 pkts/2175 bytes <-> 9 pkts/8211 bytes][Goodput ratio: 62/93][0.18 sec][Hostname/SNI: gate.hockeyapp.net][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.581 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/22 37/68 16/23][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 181/912 599/1506 178/631][TLSv1.2][JA3C: a69708a64f853c3bcc214c2c5faf84f3][Safari][Plen Bins: 0,0,0,9,0,9,0,9,0,0,0,0,9,0,0,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,36,0,0] + 27 TCP 192.168.1.6:60564 <-> 40.79.138.41:443 [proto: 91/TLS][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Web/5][12 pkts/2159 bytes <-> 9 pkts/8211 bytes][Goodput ratio: 62/93][0.17 sec][Hostname/SNI: gate.hockeyapp.net][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.584 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 12/20 33/42 14/18][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 180/912 599/1506 176/631][TLSv1.2][JA3C: a69708a64f853c3bcc214c2c5faf84f3][Safari][Plen Bins: 0,0,0,9,0,9,0,9,0,0,0,0,9,0,0,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,36,0,0] 28 TCP 192.168.1.6:60551 <-> 52.114.15.45:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Collaborative/15][13 pkts/2426 bytes <-> 11 pkts/7772 bytes][Goodput ratio: 70/92][0.88 sec][Hostname/SNI: trouter2-asse-a.trouter.teams.microsoft.com][bytes ratio: -0.524 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 70/90 207/235 82/92][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 187/707 1393/1506 353/636][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][ServerNames: *.trouter.teams.microsoft.com,go.trouter.io,*.drip.trouter.io,*.dc.trouter.io][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2][Subject: CN=*.trouter.teams.microsoft.com][Certificate SHA-1: DD:24:DF:0E:F3:63:CC:10:B5:03:CF:34:EB:A5:14:8B:97:90:9B:D4][Firefox][Validity: 2019-11-29 17:57:58 - 2021-11-29 17:57:58][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,24,0,7,7,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,31,0,0] - 29 TCP 192.168.1.6:60534 <-> 40.126.9.5:443 [proto: 91.219/TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Collaborative/15][15 pkts/2846 bytes <-> 10 pkts/7289 bytes][Goodput ratio: 64/91][0.20 sec][Hostname/SNI: login.microsoftonline.com][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.438 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/21 41/53 16/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 190/729 1471/1506 349/665][TLSv1.2][JA3C: a69708a64f853c3bcc214c2c5faf84f3][Safari][Plen Bins: 9,9,0,18,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,36,0,0] + 29 TCP 192.168.1.6:60534 <-> 40.126.9.5:443 [proto: 91.219/TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Collaborative/15][15 pkts/2846 bytes <-> 10 pkts/7289 bytes][Goodput ratio: 64/91][0.20 sec][Hostname/SNI: login.microsoftonline.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.438 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/21 41/53 16/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 190/729 1471/1506 349/665][TLSv1.2][JA3C: a69708a64f853c3bcc214c2c5faf84f3][Safari][Plen Bins: 9,9,0,18,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,36,0,0] 30 TCP 162.125.19.131:443 <-> 192.168.1.6:60344 [proto: 91/TLS][IP: 121/Dropbox][Encrypted][Confidence: DPI][cat: Web/5][8 pkts/761 bytes <-> 8 pkts/9347 bytes][Goodput ratio: 31/94][0.12 sec][bytes ratio: -0.849 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/1 111/4 41/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 95/1168 299/1494 77/500][Plen Bins: 0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,63,0,0,0] 31 TCP 192.168.1.6:60567 <-> 52.114.77.136:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Collaborative/15][13 pkts/2389 bytes <-> 11 pkts/7293 bytes][Goodput ratio: 69/91][1.77 sec][Hostname/SNI: api.flightproxy.teams.microsoft.com][bytes ratio: -0.507 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/50 84/122 28/46][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 184/663 703/1506 228/665][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][Firefox][Plen Bins: 0,16,0,16,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,16,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0] 32 TCP 192.168.1.6:60557 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][IP: 125/Skype_Teams][Encrypted][Confidence: DPI][cat: Collaborative/15][12 pkts/2422 bytes <-> 13 pkts/7118 bytes][Goodput ratio: 72/90][0.17 sec][Hostname/SNI: teams.microsoft.com][bytes ratio: -0.492 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/14 91/79 27/23][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 202/548 954/1506 267/645][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][ServerNames: teams.microsoft.com][JA3S: 7d8fd34fdb13a7fff30d5a52846b6c4c][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=teams.microsoft.com][Certificate SHA-1: 68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E][Firefox][Validity: 2019-09-12 18:16:45 - 2021-09-12 18:16:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,16,0,8,0,8,8,0,0,8,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0] 33 UDP 93.71.110.205:16332 <-> 192.168.1.6:50016 [proto: 78.38/STUN.Skype_TeamsCall][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VoIP/10][30 pkts/5952 bytes <-> 7 pkts/3184 bytes][Goodput ratio: 79/91][2.72 sec][bytes ratio: 0.303 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 99/467 1167/1168 282/553][Pkt Len c2s/s2c min/avg/max/stddev: 80/80 198/455 1256/1256 284/507][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No client to server traffic][PLAIN TEXT (SMnzNK)][Plen Bins: 0,8,60,18,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0] 34 TCP 192.168.1.6:50036 <-> 52.114.250.153:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Collaborative/15][17 pkts/1759 bytes <-> 13 pkts/7267 bytes][Goodput ratio: 46/90][3.92 sec][Hostname/SNI: 52.114.250.153][bytes ratio: -0.610 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 273/381 3619/3662 928/1094][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 103/559 289/1506 79/554][Risk: ** TLS Cert Mismatch **** TLS (probably) Not Carrying HTTPS **][Risk Score: 110][Risk Info: No ALPN / 52.114.250.153 vs tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.co][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][ServerNames: tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5][Subject: CN=tr.teams.microsoft.com][Certificate SHA-1: A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75][Firefox][Validity: 2019-05-24 14:10:26 - 2021-05-24 14:10:26][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 11,11,0,11,0,18,5,5,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0] - 35 TCP 192.168.1.6:60538 <-> 52.114.75.70:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Collaborative/15][12 pkts/1791 bytes <-> 8 pkts/7215 bytes][Goodput ratio: 54/93][0.15 sec][Hostname/SNI: eu-prod.asyncgw.teams.microsoft.com][ALPN: h2;http/1.1][bytes ratio: -0.602 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/16 37/65 15/24][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 149/902 689/1506 176/629][TLSv1.2][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][Plen Bins: 0,10,0,10,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0] - 36 TCP 192.168.1.6:60539 <-> 52.114.75.69:443 [proto: 91.125/TLS.Skype_Teams][IP: 276/Azure][Encrypted][Confidence: DPI][cat: VoIP/10][12 pkts/1773 bytes <-> 8 pkts/7189 bytes][Goodput ratio: 53/93][0.15 sec][Hostname/SNI: eu-api.asm.skype.com][ALPN: h2;http/1.1][bytes ratio: -0.604 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/20 32/58 15/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 148/899 674/1506 171/632][TLSv1.2][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][Plen Bins: 0,10,0,10,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0] + 35 TCP 192.168.1.6:60538 <-> 52.114.75.70:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Collaborative/15][12 pkts/1791 bytes <-> 8 pkts/7215 bytes][Goodput ratio: 54/93][0.15 sec][Hostname/SNI: eu-prod.asyncgw.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.602 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/16 37/65 15/24][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 149/902 689/1506 176/629][TLSv1.2][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][Plen Bins: 0,10,0,10,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0] + 36 TCP 192.168.1.6:60539 <-> 52.114.75.69:443 [proto: 91.125/TLS.Skype_Teams][IP: 276/Azure][Encrypted][Confidence: DPI][cat: VoIP/10][12 pkts/1773 bytes <-> 8 pkts/7189 bytes][Goodput ratio: 53/93][0.15 sec][Hostname/SNI: eu-api.asm.skype.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.604 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/20 32/58 15/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 148/899 674/1506 171/632][TLSv1.2][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][Plen Bins: 0,10,0,10,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0] 37 TCP 192.168.1.6:50018 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Collaborative/15][20 pkts/1629 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 29/90][1.92 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][bytes ratio: -0.626 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/18 69/92 24/32][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 81/546 241/1506 48/564][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][Firefox][Plen Bins: 13,13,0,20,0,13,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0] 38 TCP 192.168.1.6:50021 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Collaborative/15][18 pkts/1509 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 32/90][0.66 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][bytes ratio: -0.649 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/23 46/85 20/34][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 84/546 241/1506 50/564][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][Firefox][Plen Bins: 13,13,0,20,0,13,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0] 39 TCP 192.168.1.6:50014 <-> 52.114.250.152:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Collaborative/15][14 pkts/1347 bytes <-> 11 pkts/6975 bytes][Goodput ratio: 42/91][0.22 sec][Hostname/SNI: 52.114.250.152][bytes ratio: -0.676 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/22 43/84 20/30][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 96/634 289/1506 73/570][Risk: ** TLS Cert Mismatch **** TLS (probably) Not Carrying HTTPS **][Risk Score: 110][Risk Info: No ALPN / 52.114.250.152 vs tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.co][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][ServerNames: tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5][Subject: CN=tr.teams.microsoft.com][Certificate SHA-1: A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75][Firefox][Validity: 2019-05-24 14:10:26 - 2021-05-24 14:10:26][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 7,14,0,14,0,14,0,7,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0] - 40 TCP 192.168.1.6:60566 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][9 pkts/3029 bytes <-> 8 pkts/2213 bytes][Goodput ratio: 80/76][2.73 sec][Hostname/SNI: dati.ntop.org][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.156 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 351/431 1977/2053 668/728][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 337/277 1012/1291 385/397][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TLSv1.2][JA3C: 7120d65624bcd2e02ed4b01388d84cdb][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,14,0,0,14,0,0,0,0,14,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,14,14,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0] - 41 TCP 192.168.1.6:60546 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][10 pkts/2195 bytes <-> 10 pkts/2077 bytes][Goodput ratio: 69/68][5.38 sec][Hostname/SNI: dati.ntop.org][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 650/754 5000/5000 1645/1734][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 220/208 1021/1292 308/364][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TLSv1.2][JA3C: 7120d65624bcd2e02ed4b01388d84cdb][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 16,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0] + 40 TCP 192.168.1.6:60566 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][9 pkts/3029 bytes <-> 8 pkts/2213 bytes][Goodput ratio: 80/76][2.73 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.156 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 351/431 1977/2053 668/728][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 337/277 1012/1291 385/397][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TLSv1.2][JA3C: 7120d65624bcd2e02ed4b01388d84cdb][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,14,0,0,14,0,0,0,0,14,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,14,14,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0] + 41 TCP 192.168.1.6:60546 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][10 pkts/2195 bytes <-> 10 pkts/2077 bytes][Goodput ratio: 69/68][5.38 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 650/754 5000/5000 1645/1734][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 220/208 1021/1292 308/364][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TLSv1.2][JA3C: 7120d65624bcd2e02ed4b01388d84cdb][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 16,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0] 42 UDP 192.168.1.6:50036 <-> 52.114.250.137:3478 [proto: 78.250/STUN.Teams][IP: 276/Azure][ClearText][Confidence: DPI][cat: VoIP/10][5 pkts/1390 bytes <-> 4 pkts/733 bytes][Goodput ratio: 85/77][4.06 sec][bytes ratio: 0.309 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/100 1003/774 2235/2092 994/932][Pkt Len c2s/s2c min/avg/max/stddev: 228/174 278/183 314/198 33/10][PLAIN TEXT (rtcmedia)][Plen Bins: 0,0,0,0,44,11,11,11,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 43 UDP 192.168.0.1:68 -> 255.255.255.255:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][6 pkts/1926 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][25.01 sec][Hostname/SNI: tl-sg116e][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 4986/0 5001/0 5018/0 11/0][Pkt Len c2s/s2c min/avg/max/stddev: 321/0 321/0 321/0 0/0][DHCP Fingerprint: 1,3][DHCP Class Ident: TL-SG116E][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 44 UDP 192.168.1.6:50016 <-> 52.114.250.141:3478 [proto: 78.250/STUN.Teams][IP: 276/Azure][ClearText][Confidence: DPI][cat: VoIP/10][4 pkts/1162 bytes <-> 3 pkts/546 bytes][Goodput ratio: 85/77][1.99 sec][bytes ratio: 0.361 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/98 611/101 1783/104 829/3][Pkt Len c2s/s2c min/avg/max/stddev: 256/174 290/182 314/198 25/11][PLAIN TEXT (rtcmedia)][Plen Bins: 0,0,0,0,42,0,14,14,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/tls-esni-fuzzed.pcap.out b/tests/result/tls-esni-fuzzed.pcap.out index 82147e3a0..d94495300 100644 --- a/tests/result/tls-esni-fuzzed.pcap.out +++ b/tests/result/tls-esni-fuzzed.pcap.out @@ -14,7 +14,7 @@ Automa host: 0/0 (search/found) Automa domain: 0/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) -Automa common alpns: 0/0 (search/found) +Automa common alpns: 6/6 (search/found) Patricia risk mask: 6/0 (search/found) Patricia risk: 0/0 (search/found) Patricia protocols: 3/3 (search/found) @@ -26,6 +26,6 @@ JA3 Host Stats: 1 192.168.1.12 1 - 1 TCP 192.168.1.12:49886 -> 104.27.129.77:443 [proto: 91/TLS][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/770 bytes -> 0 pkts/0 bytes][Goodput ratio: 93/0][< 1 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.2][JA3C: 957015a0b1e2500d8777219893a09495][ESNI: 9624CB3C4E230827F78CF5BF640D22DEA33FCC598EA6A32D939905586FBE997B9E68661F8956D4893072E19DE24CD1FB88A9F71FC4CC01BAB5C914FDF96A647D671B5E89859BAEEAB122218688496DF4DF0C328C3D5F940B109CEB2A2743D5CBE3594288A229B8C7E2F88303E3FE1A26A89E5001F2BD936890FEF78F06E05ECC063A68BDB8C18DFAC114CF1FECDB8BE1FC2FEECB2315D27998D682B129FD1E3EB5D7985DCBDC452A1082CCC038E0BF69570FEFAC6BC6FB951F89B6792CADA76403C02CEB5DCE1CE6EDDD16D5F7FB6B85D2B92485448DE0088E421E83F1E28B267FBE3B59AE0496FB845213C271D4C5AC5E9E7E5F6A3072445307FCCEB7306710459991C40CC4DC1FC325154C7974DD780371397805456A19AE23EE88475C1DF07697B666][ESNI Cipher: TLS_AES_128_GCM_SHA256][Firefox][PLAIN TEXT (http/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 2 TCP 192.168.1.12:49887 -> 104.16.125.175:443 [proto: 91/TLS][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/770 bytes -> 0 pkts/0 bytes][Goodput ratio: 93/0][< 1 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.2][JA3C: 957015a0b1e2500d8777219893a09495][ESNI: B900004E39E84B98F5AE87B0A020EC49FED86F2B488B6AB28BDE9F957621F2774366DE90E65C4CA808668911624685EC4C6DC6C161A97CBE82281BC08427697AA3BE6A40E5F00ACF8B63E329317B0E4E85642D50AB8790E6197DA62D9F5B3239DCC59437797FE768A520C9D471FEABA1375DF61E4A39B09363CB109E7B24A793844896DDD16B6EE7DBE576D767161D782D7BF6FEC453A05A923D8D8E9BEFFC97E8E56C4F1AAB70FE99BC97819E1D908A5F3B3094F4BF25EB7A24A94FDBC3E107A423B8BB341F22900F7BBD87780E30B6ECF393FEB8FBFFEB54C79FA0673FE1AAD17B221D4BFF6450AA0CD4AF513066B66080B602147F3ACB7145A436C5689DA20BACB8BF9BABD851012556EC8F7BB9D74BFAAF25DCF4362A5775607C3CE5C2C29F183969][ESNI Cipher: TLS_AES_128_GCM_SHA256][Firefox][PLAIN TEXT (http/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 3 TCP 192.168.1.12:49897 -> 104.22.71.197:443 [proto: 91/TLS][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/770 bytes -> 0 pkts/0 bytes][Goodput ratio: 93/0][< 1 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][Risk: ** Missing SNI TLS Extn **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][TLSv1.2][JA3C: 957015a0b1e2500d8777219893a09495][Firefox][PLAIN TEXT (http/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 TCP 192.168.1.12:49886 -> 104.27.129.77:443 [proto: 91/TLS][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/770 bytes -> 0 pkts/0 bytes][Goodput ratio: 93/0][< 1 sec][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.2][JA3C: 957015a0b1e2500d8777219893a09495][ESNI: 9624CB3C4E230827F78CF5BF640D22DEA33FCC598EA6A32D939905586FBE997B9E68661F8956D4893072E19DE24CD1FB88A9F71FC4CC01BAB5C914FDF96A647D671B5E89859BAEEAB122218688496DF4DF0C328C3D5F940B109CEB2A2743D5CBE3594288A229B8C7E2F88303E3FE1A26A89E5001F2BD936890FEF78F06E05ECC063A68BDB8C18DFAC114CF1FECDB8BE1FC2FEECB2315D27998D682B129FD1E3EB5D7985DCBDC452A1082CCC038E0BF69570FEFAC6BC6FB951F89B6792CADA76403C02CEB5DCE1CE6EDDD16D5F7FB6B85D2B92485448DE0088E421E83F1E28B267FBE3B59AE0496FB845213C271D4C5AC5E9E7E5F6A3072445307FCCEB7306710459991C40CC4DC1FC325154C7974DD780371397805456A19AE23EE88475C1DF07697B666][ESNI Cipher: TLS_AES_128_GCM_SHA256][Firefox][PLAIN TEXT (http/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 TCP 192.168.1.12:49887 -> 104.16.125.175:443 [proto: 91/TLS][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/770 bytes -> 0 pkts/0 bytes][Goodput ratio: 93/0][< 1 sec][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.2][JA3C: 957015a0b1e2500d8777219893a09495][ESNI: B900004E39E84B98F5AE87B0A020EC49FED86F2B488B6AB28BDE9F957621F2774366DE90E65C4CA808668911624685EC4C6DC6C161A97CBE82281BC08427697AA3BE6A40E5F00ACF8B63E329317B0E4E85642D50AB8790E6197DA62D9F5B3239DCC59437797FE768A520C9D471FEABA1375DF61E4A39B09363CB109E7B24A793844896DDD16B6EE7DBE576D767161D782D7BF6FEC453A05A923D8D8E9BEFFC97E8E56C4F1AAB70FE99BC97819E1D908A5F3B3094F4BF25EB7A24A94FDBC3E107A423B8BB341F22900F7BBD87780E30B6ECF393FEB8FBFFEB54C79FA0673FE1AAD17B221D4BFF6450AA0CD4AF513066B66080B602147F3ACB7145A436C5689DA20BACB8BF9BABD851012556EC8F7BB9D74BFAAF25DCF4362A5775607C3CE5C2C29F183969][ESNI Cipher: TLS_AES_128_GCM_SHA256][Firefox][PLAIN TEXT (http/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 TCP 192.168.1.12:49897 -> 104.22.71.197:443 [proto: 91/TLS][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: Web/5][1 pkts/770 bytes -> 0 pkts/0 bytes][Goodput ratio: 93/0][< 1 sec][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][Risk: ** Missing SNI TLS Extn **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][TLSv1.2][JA3C: 957015a0b1e2500d8777219893a09495][Firefox][PLAIN TEXT (http/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/tls_2_reasms.pcapng.out b/tests/result/tls_2_reasms.pcapng.out index 7fb9bfe5c..d71726130 100644 --- a/tests/result/tls_2_reasms.pcapng.out +++ b/tests/result/tls_2_reasms.pcapng.out @@ -14,7 +14,7 @@ Automa host: 1/1 (search/found) Automa domain: 1/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) -Automa common alpns: 0/0 (search/found) +Automa common alpns: 3/3 (search/found) Patricia risk mask: 2/0 (search/found) Patricia risk: 2/0 (search/found) Patricia protocols: 2/0 (search/found) @@ -26,4 +26,4 @@ JA3 Host Stats: 1 192.91.186.174 1 - 1 TCP 192.91.186.174:443 <-> 25.137.80.32:38134 [proto: 91.211/TLS.Instagram][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][11 pkts/4419 bytes <-> 3 pkts/2488 bytes][Goodput ratio: 83/92][0.95 sec][Hostname/SNI: i.instagram.com][ALPN: h2;h2-fb;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.3 (Fizz)][bytes ratio: 0.280 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/15 105/232 465/449 152/217][Pkt Len c2s/s2c min/avg/max/stddev: 74/470 402/829 1414/1414 483/417][TLSv1.3 (Fizz)][JA3C: 44dab16d680ef93487bc16ad23b3ffb1][JA3S: fcb2d4d0991292272fcb1e464eedfd43][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 7,0,24,7,0,7,7,7,0,0,0,0,7,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,0,0,0,0] + 1 TCP 192.91.186.174:443 <-> 25.137.80.32:38134 [proto: 91.211/TLS.Instagram][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][11 pkts/4419 bytes <-> 3 pkts/2488 bytes][Goodput ratio: 83/92][0.95 sec][Hostname/SNI: i.instagram.com][(Advertised) ALPNs: h2;h2-fb;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.3 (Fizz)][bytes ratio: 0.280 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/15 105/232 465/449 152/217][Pkt Len c2s/s2c min/avg/max/stddev: 74/470 402/829 1414/1414 483/417][TLSv1.3 (Fizz)][JA3C: 44dab16d680ef93487bc16ad23b3ffb1][JA3S: fcb2d4d0991292272fcb1e464eedfd43][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 7,0,24,7,0,7,7,7,0,0,0,0,7,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,0,0,0,0] diff --git a/tests/result/tls_2_reasms_b.pcapng.out b/tests/result/tls_2_reasms_b.pcapng.out index c4afe1535..77082c931 100644 --- a/tests/result/tls_2_reasms_b.pcapng.out +++ b/tests/result/tls_2_reasms_b.pcapng.out @@ -14,7 +14,7 @@ Automa host: 1/1 (search/found) Automa domain: 1/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) -Automa common alpns: 0/0 (search/found) +Automa common alpns: 1/1 (search/found) Patricia risk mask: 2/0 (search/found) Patricia risk: 2/0 (search/found) Patricia protocols: 2/0 (search/found) @@ -26,4 +26,4 @@ JA3 Host Stats: 1 88.14.137.195 1 - 1 TCP 88.14.137.195:443 <-> 196.234.165.216:37658 [proto: 91.119/TLS.Facebook][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][12 pkts/11078 bytes <-> 3 pkts/2377 bytes][Goodput ratio: 93/92][1.05 sec][Hostname/SNI: video.fmct2-3.fna.fbcdn.net][ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.3 (Fizz)][bytes ratio: 0.647 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/4 105/8 1002/12 299/4][Pkt Len c2s/s2c min/avg/max/stddev: 74/478 923/792 1414/1414 599/440][TLSv1.3 (Fizz)][JA3C: 44dab16d680ef93487bc16ad23b3ffb1][JA3S: fcb2d4d0991292272fcb1e464eedfd43][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 7,0,0,0,0,0,7,0,0,0,0,0,7,7,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,63,0,0,0,0,0] + 1 TCP 88.14.137.195:443 <-> 196.234.165.216:37658 [proto: 91.119/TLS.Facebook][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][12 pkts/11078 bytes <-> 3 pkts/2377 bytes][Goodput ratio: 93/92][1.05 sec][Hostname/SNI: video.fmct2-3.fna.fbcdn.net][(Advertised) ALPNs: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.3 (Fizz)][bytes ratio: 0.647 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/4 105/8 1002/12 299/4][Pkt Len c2s/s2c min/avg/max/stddev: 74/478 923/792 1414/1414 599/440][TLSv1.3 (Fizz)][JA3C: 44dab16d680ef93487bc16ad23b3ffb1][JA3S: fcb2d4d0991292272fcb1e464eedfd43][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 7,0,0,0,0,0,7,0,0,0,0,0,7,7,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,63,0,0,0,0,0] diff --git a/tests/result/tls_alert.pcap.out b/tests/result/tls_alert.pcap.out index a373f0c90..967968672 100644 --- a/tests/result/tls_alert.pcap.out +++ b/tests/result/tls_alert.pcap.out @@ -14,7 +14,7 @@ Automa host: 1/1 (search/found) Automa domain: 1/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 1/0 (search/found) -Automa common alpns: 0/0 (search/found) +Automa common alpns: 7/7 (search/found) Patricia risk mask: 4/0 (search/found) Patricia risk: 0/0 (search/found) Patricia protocols: 4/0 (search/found) @@ -27,5 +27,5 @@ JA3 Host Stats: 1 192.168.1.192 1 - 1 TCP 192.168.1.192:63158 <-> 192.168.1.20:443 [proto: 91.126/TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Advertisement/101][6 pkts/607 bytes <-> 5 pkts/345 bytes][Goodput ratio: 33/2][0.00 sec][Hostname/SNI: www.google-analytics.com][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: 0.275 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 101/69 265/74 73/4][Risk: ** Obsolete TLS (v1.1 or older) **** TLS Fatal Alert **][Risk Score: 110][Risk Info: TLSv1][TLSv1][JA3C: d78489b860c8bf7838a6ff0b4d131541][Plen Bins: 50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 TCP 192.168.1.192:63158 <-> 192.168.1.20:443 [proto: 91.126/TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Advertisement/101][6 pkts/607 bytes <-> 5 pkts/345 bytes][Goodput ratio: 33/2][0.00 sec][Hostname/SNI: www.google-analytics.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: 0.275 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 101/69 265/74 73/4][Risk: ** Obsolete TLS (v1.1 or older) **** TLS Fatal Alert **][Risk Score: 110][Risk Info: TLSv1][TLSv1][JA3C: d78489b860c8bf7838a6ff0b4d131541][Plen Bins: 50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 192.168.2.100:37780 -> 160.44.202.202:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][7 pkts/533 bytes -> 0 pkts/0 bytes][Goodput ratio: 29/0][3.67 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 3/0 612/0 1878/0 656/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/0 76/0 85/0 14/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/tls_certificate_too_long.pcap.out b/tests/result/tls_certificate_too_long.pcap.out index dc9651101..4b0c62f13 100644 --- a/tests/result/tls_certificate_too_long.pcap.out +++ b/tests/result/tls_certificate_too_long.pcap.out @@ -40,14 +40,14 @@ JA3 Host Stats: 1 TCP 192.168.1.121:53428 <-> 52.98.163.18:443 [proto: 91/TLS][IP: 21/Outlook][Encrypted][Confidence: DPI][cat: Web/5][29 pkts/21518 bytes <-> 43 pkts/11702 bytes][Goodput ratio: 93/80][0.38 sec][bytes ratio: 0.295 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/7 67/51 19/15][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 742/272 1502/1366 612/367][Plen Bins: 0,35,7,0,3,5,3,1,0,1,0,0,3,0,0,0,0,0,0,0,3,0,0,0,0,0,0,10,0,1,0,0,1,0,0,0,0,0,3,0,3,1,0,0,0,15,0,0] 2 TCP 192.168.1.121:53429 <-> 52.98.163.18:443 [proto: 91/TLS][IP: 21/Outlook][Encrypted][Confidence: DPI][cat: Web/5][16 pkts/10693 bytes <-> 38 pkts/9863 bytes][Goodput ratio: 92/79][0.15 sec][bytes ratio: 0.040 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/3 17/42 5/9][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 668/260 1502/1372 596/276][Plen Bins: 0,20,2,2,2,0,29,17,2,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,4,0,0,2,0,0,0,0,0,0,0,0,0,2,2,0,0,0,9,0,0] - 3 TCP 192.168.1.121:53911 <-> 40.113.10.47:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Cloud/13][7 pkts/919 bytes <-> 5 pkts/4143 bytes][Goodput ratio: 56/93][0.25 sec][Hostname/SNI: wdcp.microsoft.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.637 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/17 51/50 25/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 131/829 571/1502 180/652][Risk: ** TLS Cert Validity Too Long **][Risk Score: 50][Risk Info: TLS Cert lasts 455 days][TLSv1.2][JA3C: 656b9a2f4de6ed4909e157482860ab3d][ServerNames: wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com][JA3S: 17e97216fa7f4ec8c43090c6eed97c25][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com][Certificate SHA-1: 81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22][Safari][Validity: 2020-12-10 19:38:28 - 2022-03-10 19:38:28][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] - 4 TCP 192.168.1.121:53915 <-> 40.113.10.47:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Cloud/13][7 pkts/919 bytes <-> 5 pkts/4143 bytes][Goodput ratio: 56/93][0.16 sec][Hostname/SNI: wdcp.microsoft.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.637 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 21/18 53/53 25/25][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 131/829 571/1502 180/652][Risk: ** TLS Cert Validity Too Long **][Risk Score: 50][Risk Info: TLS Cert lasts 455 days][TLSv1.2][JA3C: 656b9a2f4de6ed4909e157482860ab3d][ServerNames: wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com][JA3S: 17e97216fa7f4ec8c43090c6eed97c25][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com][Certificate SHA-1: 81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22][Safari][Validity: 2020-12-10 19:38:28 - 2022-03-10 19:38:28][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] - 5 TCP 192.168.1.121:53916 <-> 40.113.10.47:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Cloud/13][7 pkts/919 bytes <-> 5 pkts/4143 bytes][Goodput ratio: 56/93][0.19 sec][Hostname/SNI: wdcp.microsoft.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.637 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/17 51/50 25/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 131/829 571/1502 180/652][Risk: ** TLS Cert Validity Too Long **][Risk Score: 50][Risk Info: TLS Cert lasts 455 days][TLSv1.2][JA3C: 656b9a2f4de6ed4909e157482860ab3d][ServerNames: wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com][JA3S: 17e97216fa7f4ec8c43090c6eed97c25][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com][Certificate SHA-1: 81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22][Safari][Validity: 2020-12-10 19:38:28 - 2022-03-10 19:38:28][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] - 6 TCP 192.168.1.121:53910 <-> 40.113.10.47:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Cloud/13][6 pkts/865 bytes <-> 5 pkts/4143 bytes][Goodput ratio: 60/93][0.28 sec][Hostname/SNI: wdcp.microsoft.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.655 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 47/16 138/48 50/23][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 144/829 571/1502 191/652][Risk: ** TLS Cert Validity Too Long **][Risk Score: 50][Risk Info: TLS Cert lasts 455 days][TLSv1.2][JA3C: 656b9a2f4de6ed4909e157482860ab3d][ServerNames: wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com][JA3S: 17e97216fa7f4ec8c43090c6eed97c25][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com][Certificate SHA-1: 81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22][Safari][Validity: 2020-12-10 19:38:28 - 2022-03-10 19:38:28][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] - 7 TCP 192.168.1.121:53914 <-> 40.113.10.47:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Cloud/13][6 pkts/865 bytes <-> 5 pkts/4143 bytes][Goodput ratio: 60/93][0.15 sec][Hostname/SNI: wdcp.microsoft.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.655 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 21/16 48/48 22/23][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 144/829 571/1502 191/652][Risk: ** TLS Cert Validity Too Long **][Risk Score: 50][Risk Info: TLS Cert lasts 455 days][TLSv1.2][JA3C: 656b9a2f4de6ed4909e157482860ab3d][ServerNames: wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com][JA3S: 17e97216fa7f4ec8c43090c6eed97c25][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com][Certificate SHA-1: 81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22][Safari][Validity: 2020-12-10 19:38:28 - 2022-03-10 19:38:28][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] - 8 TCP 192.168.1.121:53917 <-> 40.113.10.47:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Cloud/13][6 pkts/865 bytes <-> 5 pkts/4143 bytes][Goodput ratio: 60/93][0.16 sec][Hostname/SNI: wdcp.microsoft.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.655 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 22/17 50/50 22/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 144/829 571/1502 191/652][Risk: ** TLS Cert Validity Too Long **][Risk Score: 50][Risk Info: TLS Cert lasts 455 days][TLSv1.2][JA3C: 656b9a2f4de6ed4909e157482860ab3d][ServerNames: wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com][JA3S: 17e97216fa7f4ec8c43090c6eed97c25][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com][Certificate SHA-1: 81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22][Safari][Validity: 2020-12-10 19:38:28 - 2022-03-10 19:38:28][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] - 9 TCP 192.168.1.121:53918 <-> 40.113.10.47:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Cloud/13][6 pkts/865 bytes <-> 5 pkts/4143 bytes][Goodput ratio: 60/93][0.16 sec][Hostname/SNI: wdcp.microsoft.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.655 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 21/17 51/51 23/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 144/829 571/1502 191/652][Risk: ** TLS Cert Validity Too Long **][Risk Score: 50][Risk Info: TLS Cert lasts 455 days][TLSv1.2][JA3C: 656b9a2f4de6ed4909e157482860ab3d][ServerNames: wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com][JA3S: 17e97216fa7f4ec8c43090c6eed97c25][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com][Certificate SHA-1: 81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22][Safari][Validity: 2020-12-10 19:38:28 - 2022-03-10 19:38:28][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] - 10 TCP 192.168.1.121:53919 <-> 40.113.10.47:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Cloud/13][6 pkts/865 bytes <-> 5 pkts/4143 bytes][Goodput ratio: 60/93][0.16 sec][Hostname/SNI: wdcp.microsoft.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.655 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 22/16 48/48 21/23][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 144/829 571/1502 191/652][Risk: ** TLS Cert Validity Too Long **][Risk Score: 50][Risk Info: TLS Cert lasts 455 days][TLSv1.2][JA3C: 656b9a2f4de6ed4909e157482860ab3d][ServerNames: wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com][JA3S: 17e97216fa7f4ec8c43090c6eed97c25][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com][Certificate SHA-1: 81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22][Safari][Validity: 2020-12-10 19:38:28 - 2022-03-10 19:38:28][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] + 3 TCP 192.168.1.121:53911 <-> 40.113.10.47:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Cloud/13][7 pkts/919 bytes <-> 5 pkts/4143 bytes][Goodput ratio: 56/93][0.25 sec][Hostname/SNI: wdcp.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.637 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/17 51/50 25/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 131/829 571/1502 180/652][Risk: ** TLS Cert Validity Too Long **][Risk Score: 50][Risk Info: TLS Cert lasts 455 days][TLSv1.2][JA3C: 656b9a2f4de6ed4909e157482860ab3d][ServerNames: wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com][JA3S: 17e97216fa7f4ec8c43090c6eed97c25][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com][Certificate SHA-1: 81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22][Safari][Validity: 2020-12-10 19:38:28 - 2022-03-10 19:38:28][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] + 4 TCP 192.168.1.121:53915 <-> 40.113.10.47:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Cloud/13][7 pkts/919 bytes <-> 5 pkts/4143 bytes][Goodput ratio: 56/93][0.16 sec][Hostname/SNI: wdcp.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.637 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 21/18 53/53 25/25][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 131/829 571/1502 180/652][Risk: ** TLS Cert Validity Too Long **][Risk Score: 50][Risk Info: TLS Cert lasts 455 days][TLSv1.2][JA3C: 656b9a2f4de6ed4909e157482860ab3d][ServerNames: wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com][JA3S: 17e97216fa7f4ec8c43090c6eed97c25][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com][Certificate SHA-1: 81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22][Safari][Validity: 2020-12-10 19:38:28 - 2022-03-10 19:38:28][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] + 5 TCP 192.168.1.121:53916 <-> 40.113.10.47:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Cloud/13][7 pkts/919 bytes <-> 5 pkts/4143 bytes][Goodput ratio: 56/93][0.19 sec][Hostname/SNI: wdcp.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.637 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/17 51/50 25/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 131/829 571/1502 180/652][Risk: ** TLS Cert Validity Too Long **][Risk Score: 50][Risk Info: TLS Cert lasts 455 days][TLSv1.2][JA3C: 656b9a2f4de6ed4909e157482860ab3d][ServerNames: wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com][JA3S: 17e97216fa7f4ec8c43090c6eed97c25][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com][Certificate SHA-1: 81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22][Safari][Validity: 2020-12-10 19:38:28 - 2022-03-10 19:38:28][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] + 6 TCP 192.168.1.121:53910 <-> 40.113.10.47:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Cloud/13][6 pkts/865 bytes <-> 5 pkts/4143 bytes][Goodput ratio: 60/93][0.28 sec][Hostname/SNI: wdcp.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.655 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 47/16 138/48 50/23][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 144/829 571/1502 191/652][Risk: ** TLS Cert Validity Too Long **][Risk Score: 50][Risk Info: TLS Cert lasts 455 days][TLSv1.2][JA3C: 656b9a2f4de6ed4909e157482860ab3d][ServerNames: wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com][JA3S: 17e97216fa7f4ec8c43090c6eed97c25][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com][Certificate SHA-1: 81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22][Safari][Validity: 2020-12-10 19:38:28 - 2022-03-10 19:38:28][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] + 7 TCP 192.168.1.121:53914 <-> 40.113.10.47:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Cloud/13][6 pkts/865 bytes <-> 5 pkts/4143 bytes][Goodput ratio: 60/93][0.15 sec][Hostname/SNI: wdcp.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.655 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 21/16 48/48 22/23][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 144/829 571/1502 191/652][Risk: ** TLS Cert Validity Too Long **][Risk Score: 50][Risk Info: TLS Cert lasts 455 days][TLSv1.2][JA3C: 656b9a2f4de6ed4909e157482860ab3d][ServerNames: wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com][JA3S: 17e97216fa7f4ec8c43090c6eed97c25][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com][Certificate SHA-1: 81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22][Safari][Validity: 2020-12-10 19:38:28 - 2022-03-10 19:38:28][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] + 8 TCP 192.168.1.121:53917 <-> 40.113.10.47:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Cloud/13][6 pkts/865 bytes <-> 5 pkts/4143 bytes][Goodput ratio: 60/93][0.16 sec][Hostname/SNI: wdcp.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.655 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 22/17 50/50 22/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 144/829 571/1502 191/652][Risk: ** TLS Cert Validity Too Long **][Risk Score: 50][Risk Info: TLS Cert lasts 455 days][TLSv1.2][JA3C: 656b9a2f4de6ed4909e157482860ab3d][ServerNames: wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com][JA3S: 17e97216fa7f4ec8c43090c6eed97c25][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com][Certificate SHA-1: 81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22][Safari][Validity: 2020-12-10 19:38:28 - 2022-03-10 19:38:28][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] + 9 TCP 192.168.1.121:53918 <-> 40.113.10.47:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Cloud/13][6 pkts/865 bytes <-> 5 pkts/4143 bytes][Goodput ratio: 60/93][0.16 sec][Hostname/SNI: wdcp.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.655 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 21/17 51/51 23/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 144/829 571/1502 191/652][Risk: ** TLS Cert Validity Too Long **][Risk Score: 50][Risk Info: TLS Cert lasts 455 days][TLSv1.2][JA3C: 656b9a2f4de6ed4909e157482860ab3d][ServerNames: wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com][JA3S: 17e97216fa7f4ec8c43090c6eed97c25][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com][Certificate SHA-1: 81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22][Safari][Validity: 2020-12-10 19:38:28 - 2022-03-10 19:38:28][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] + 10 TCP 192.168.1.121:53919 <-> 40.113.10.47:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][cat: Cloud/13][6 pkts/865 bytes <-> 5 pkts/4143 bytes][Goodput ratio: 60/93][0.16 sec][Hostname/SNI: wdcp.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.655 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 22/16 48/48 21/23][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 144/829 571/1502 191/652][Risk: ** TLS Cert Validity Too Long **][Risk Score: 50][Risk Info: TLS Cert lasts 455 days][TLSv1.2][JA3C: 656b9a2f4de6ed4909e157482860ab3d][ServerNames: wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com][JA3S: 17e97216fa7f4ec8c43090c6eed97c25][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com][Certificate SHA-1: 81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22][Safari][Validity: 2020-12-10 19:38:28 - 2022-03-10 19:38:28][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] 11 TCP 192.168.1.121:53913 <-> 2.22.33.235:80 [proto: 7.212/HTTP.Microsoft][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Download/7][6 pkts/621 bytes <-> 5 pkts/2517 bytes][Goodput ratio: 34/87][0.04 sec][Hostname/SNI: www.microsoft.com][bytes ratio: -0.604 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/7 20/11 8/5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 104/503 279/1502 79/576][URL: www.microsoft.com/pkiops/certs/MicSecSerCA2011_2011-10-18.crt][StatusCode: 200][Content-Type: application/octet-stream][User-Agent: com.apple.trustd/2.0][Risk: ** Binary App Transfer **][Risk Score: 150][Risk Info: Found mime exe octet-stream][PLAIN TEXT (GET /pkiops/certs/MicSecSerCA)][Plen Bins: 0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0] 12 TCP 192.168.1.121:53912 <-> 2.22.33.235:80 [proto: 7.212/HTTP.Microsoft][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Download/7][6 pkts/619 bytes <-> 5 pkts/2282 bytes][Goodput ratio: 34/85][0.05 sec][Hostname/SNI: www.microsoft.com][bytes ratio: -0.573 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/7 21/11 8/5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103/456 277/1502 78/558][URL: www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt][StatusCode: 200][Content-Type: application/octet-stream][User-Agent: com.apple.trustd/2.0][Risk: ** Binary App Transfer **][Risk Score: 150][Risk Info: Found mime exe octet-stream][PLAIN TEXT (GET /pki/certs/MicRooCerAut)][Plen Bins: 0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0] 13 UDP 192.168.1.121:52251 <-> 8.8.8.8:53 [proto: 5/DNS][IP: 126/Google][ClearText][Confidence: DPI][cat: Network/14][8 pkts/767 bytes <-> 8 pkts/1085 bytes][Goodput ratio: 56/69][1.01 sec][Hostname/SNI: 60.21.149.52.in-addr.arpa][::][bytes ratio: -0.172 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 165/2 988/5 368/2][Pkt Len c2s/s2c min/avg/max/stddev: 80/86 96/136 132/196 21/42][Risk: ** Error Code **][Risk Score: 10][Risk Info: DNS Error Code NXDOMAIN][PLAIN TEXT (msnhst)][Plen Bins: 0,57,18,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/tls_client_certificate_with_missing_server_one.pcapng.out b/tests/result/tls_client_certificate_with_missing_server_one.pcapng.out index 1d8c26861..7381129df 100644 --- a/tests/result/tls_client_certificate_with_missing_server_one.pcapng.out +++ b/tests/result/tls_client_certificate_with_missing_server_one.pcapng.out @@ -14,7 +14,7 @@ Automa host: 0/0 (search/found) Automa domain: 0/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) -Automa common alpns: 0/0 (search/found) +Automa common alpns: 1/0 (search/found) Patricia risk mask: 4/0 (search/found) Patricia risk: 0/0 (search/found) Patricia protocols: 4/0 (search/found) @@ -28,5 +28,5 @@ JA3 Host Stats: 2 195.181.174.176 1 - 1 TCP 195.181.174.176:443 <-> 192.168.1.128:48260 [proto: 91.252/TLS.AnyDesk][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: RemoteAccess/12][3 pkts/1654 bytes <-> 6 pkts/1779 bytes][Goodput ratio: 87/78][0.04 sec][ALPN: anydesk/6.2.0/linux][bytes ratio: -0.036 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 3/0 10/8 17/20 7/9][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 551/296 1514/1160 681/400][Risk: ** Missing SNI TLS Extn **** Desktop/File Sharing **][Risk Score: 60][Risk Info: Found AnyDesk][TLSv1.2][JA3C: 29b5a018fa5992fe23560c16af0dc9fc][JA3S: e58f0b3c1e9eefb8ee4f92aeceee5858][Firefox][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,33,0,0] + 1 TCP 195.181.174.176:443 <-> 192.168.1.128:48260 [proto: 91.252/TLS.AnyDesk][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: RemoteAccess/12][3 pkts/1654 bytes <-> 6 pkts/1779 bytes][Goodput ratio: 87/78][0.04 sec][(Advertised) ALPNs: anydesk/6.2.0/linux][bytes ratio: -0.036 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 3/0 10/8 17/20 7/9][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 551/296 1514/1160 681/400][Risk: ** Missing SNI TLS Extn **** Desktop/File Sharing **** Uncommon TLS ALPN **][Risk Score: 110][Risk Info: anydesk/6.2.0/linu / Found AnyDesk][TLSv1.2][JA3C: 29b5a018fa5992fe23560c16af0dc9fc][JA3S: e58f0b3c1e9eefb8ee4f92aeceee5858][Firefox][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,33,0,0] 2 TCP 192.168.1.128:59754 <-> 192.168.1.181:7070 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][6 pkts/1953 bytes <-> 2 pkts/140 bytes][Goodput ratio: 79/0][0.08 sec][bytes ratio: 0.866 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/6 15/6 54/6 20/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 326/70 1352/74 469/4][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 110][Risk Info: No ALPN][TLSv1.2][JA3C: 201999283915cc31cee6b15472ef3332][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0] diff --git a/tests/result/tls_esni_sni_both.pcap.out b/tests/result/tls_esni_sni_both.pcap.out index 3676f05e8..f63717677 100644 --- a/tests/result/tls_esni_sni_both.pcap.out +++ b/tests/result/tls_esni_sni_both.pcap.out @@ -26,5 +26,5 @@ JA3 Host Stats: 1 192.168.1.21 1 - 1 TCP 192.168.1.21:55500 <-> 104.17.175.85:443 [proto: 91/TLS][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: Web/5][11 pkts/1461 bytes <-> 9 pkts/7270 bytes][Goodput ratio: 58/93][0.13 sec][Hostname/SNI: these-are-not-the-droids-youre-looking-for.com][bytes ratio: -0.665 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/10 53/43 21/15][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 133/808 688/1514 179/685][Risk: ** TLS (probably) Not Carrying HTTPS **** TLS Suspicious ESNI Usage **][Risk Score: 60][Risk Info: No ALPN / Found ESNI w/o SNI][TLSv1.3][JA3C: 077d20c3f8c5a1f091dc937c515b69c1][JA3S: d75f9129bb5d05492a65ff78e081bcb2][ESNI: B8845D1A37225D055CB7187B6D7CBD852ADFDA5269097680CB388AF4FC9F5C7BCE03772D5259820AFC2DA5C949A663F997D270BBD2525D0D7C4D83E6FA9CFA038C1E78C2C847BB2033853998E7D391737C1CBB3796A9F7F24D5E88F6C5AF94E95D93C2F8A168E73F18D090EAB69D7C689AFA7AD9BCAAFEFCF496509DD4DFEB3E96CE334F2B00A6C03C1F9C1BF5040BA031E789D03185DDB6BD2D2105A91463519A23CAAE0295E3F068B701D99B1AB486583C7254DDA07BE99D50C23E4681CB62A5FAA669ADFEF76693137788B3C0A5B0EEC36E004F8A11E7B5B14DD37F50C1F6F20D68828620BEFB7460A5D6910255C126F921FE6B70F2E9C7299683FAE6F9D068B139BAD1EF709DA821642B00FA7FD1BBA44EF6C3DAC61043C434224F3E570F62DAA4BF][ESNI Cipher: TLS_AES_128_GCM_SHA256][Firefox][Cipher: TLS_CHACHA20_POLY1305_SHA256][PLAIN TEXT (mw/KUc)][Plen Bins: 11,0,11,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,11,0,33,0,0] - 2 TCP 192.168.1.21:55514 <-> 104.17.175.85:443 [proto: 91/TLS][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: Web/5][10 pkts/1412 bytes <-> 8 pkts/5756 bytes][Goodput ratio: 60/92][0.12 sec][Hostname/SNI: you-think-thats-normal-tls-traffic-youre-seeing.com][bytes ratio: -0.606 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/11 50/38 20/14][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 141/720 693/1514 188/676][Risk: ** TLS (probably) Not Carrying HTTPS **** TLS Suspicious ESNI Usage **][Risk Score: 60][Risk Info: No ALPN / Found ESNI w/o SNI][TLSv1.3][JA3C: 077d20c3f8c5a1f091dc937c515b69c1][JA3S: d75f9129bb5d05492a65ff78e081bcb2][ESNI: 4B80F11C3E3E40385229D888F5DB7398460E5FF5EC9E03E8331810BCD314C33227B55F4F0DADD4B813C9274B884ABDC0D2434429EBB559832A5D54B5D55B138366BDA28FF8DE68A292825CA14522CB5FB23A04CC654E9C6D9C5B967B20520D7FC4EFEC9D04154A40428DD4FB89742AFBAADD01105020F05B23C44F216802FDA5F9CDFBD129BAA1CCA4A4235E9F1E9D16A96FE72CEF01ACA433C697DD49D2389E1AAF817F54E971E4F290DE91ECB83A5876A3B37B97E66EBCBB90AEFE3BF39455BA2AECB7B4161D157606BCBE1E4D0C0391D57652585A1E6C49290F4D40FD6DE2EEBA63F76D6D7D924134335BA9EBE813A4197DAAC8EF6603A8B6C71AAF6A6FAAD92B1345DF53A2943845A7AB6A09CFC3783C8FBC72AD48B2ED5C04924E9DFBF57EBCDEBF][ESNI Cipher: TLS_AES_128_GCM_SHA256][Firefox][Cipher: TLS_CHACHA20_POLY1305_SHA256][Plen Bins: 12,0,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,12,0,25,0,0] + 1 TCP 192.168.1.21:55500 <-> 104.17.175.85:443 [proto: 91/TLS][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: Web/5][11 pkts/1461 bytes <-> 9 pkts/7270 bytes][Goodput ratio: 58/93][0.13 sec][Hostname/SNI: these-are-not-the-droids-youre-looking-for.com][TLS Supported Versions: TLSv1.3][bytes ratio: -0.665 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/10 53/43 21/15][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 133/808 688/1514 179/685][Risk: ** TLS (probably) Not Carrying HTTPS **** TLS Suspicious ESNI Usage **][Risk Score: 60][Risk Info: No ALPN / Found ESNI w/o SNI][TLSv1.3][JA3C: 077d20c3f8c5a1f091dc937c515b69c1][JA3S: d75f9129bb5d05492a65ff78e081bcb2][ESNI: B8845D1A37225D055CB7187B6D7CBD852ADFDA5269097680CB388AF4FC9F5C7BCE03772D5259820AFC2DA5C949A663F997D270BBD2525D0D7C4D83E6FA9CFA038C1E78C2C847BB2033853998E7D391737C1CBB3796A9F7F24D5E88F6C5AF94E95D93C2F8A168E73F18D090EAB69D7C689AFA7AD9BCAAFEFCF496509DD4DFEB3E96CE334F2B00A6C03C1F9C1BF5040BA031E789D03185DDB6BD2D2105A91463519A23CAAE0295E3F068B701D99B1AB486583C7254DDA07BE99D50C23E4681CB62A5FAA669ADFEF76693137788B3C0A5B0EEC36E004F8A11E7B5B14DD37F50C1F6F20D68828620BEFB7460A5D6910255C126F921FE6B70F2E9C7299683FAE6F9D068B139BAD1EF709DA821642B00FA7FD1BBA44EF6C3DAC61043C434224F3E570F62DAA4BF][ESNI Cipher: TLS_AES_128_GCM_SHA256][Firefox][Cipher: TLS_CHACHA20_POLY1305_SHA256][PLAIN TEXT (mw/KUc)][Plen Bins: 11,0,11,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,11,0,33,0,0] + 2 TCP 192.168.1.21:55514 <-> 104.17.175.85:443 [proto: 91/TLS][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: Web/5][10 pkts/1412 bytes <-> 8 pkts/5756 bytes][Goodput ratio: 60/92][0.12 sec][Hostname/SNI: you-think-thats-normal-tls-traffic-youre-seeing.com][TLS Supported Versions: TLSv1.3][bytes ratio: -0.606 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/11 50/38 20/14][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 141/720 693/1514 188/676][Risk: ** TLS (probably) Not Carrying HTTPS **** TLS Suspicious ESNI Usage **][Risk Score: 60][Risk Info: No ALPN / Found ESNI w/o SNI][TLSv1.3][JA3C: 077d20c3f8c5a1f091dc937c515b69c1][JA3S: d75f9129bb5d05492a65ff78e081bcb2][ESNI: 4B80F11C3E3E40385229D888F5DB7398460E5FF5EC9E03E8331810BCD314C33227B55F4F0DADD4B813C9274B884ABDC0D2434429EBB559832A5D54B5D55B138366BDA28FF8DE68A292825CA14522CB5FB23A04CC654E9C6D9C5B967B20520D7FC4EFEC9D04154A40428DD4FB89742AFBAADD01105020F05B23C44F216802FDA5F9CDFBD129BAA1CCA4A4235E9F1E9D16A96FE72CEF01ACA433C697DD49D2389E1AAF817F54E971E4F290DE91ECB83A5876A3B37B97E66EBCBB90AEFE3BF39455BA2AECB7B4161D157606BCBE1E4D0C0391D57652585A1E6C49290F4D40FD6DE2EEBA63F76D6D7D924134335BA9EBE813A4197DAAC8EF6603A8B6C71AAF6A6FAAD92B1345DF53A2943845A7AB6A09CFC3783C8FBC72AD48B2ED5C04924E9DFBF57EBCDEBF][ESNI Cipher: TLS_AES_128_GCM_SHA256][Firefox][Cipher: TLS_CHACHA20_POLY1305_SHA256][Plen Bins: 12,0,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,12,0,25,0,0] diff --git a/tests/result/tls_invalid_reads.pcap.out b/tests/result/tls_invalid_reads.pcap.out index 0a6e9948c..1bbe2e815 100644 --- a/tests/result/tls_invalid_reads.pcap.out +++ b/tests/result/tls_invalid_reads.pcap.out @@ -15,7 +15,7 @@ Automa host: 1/1 (search/found) Automa domain: 1/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 1/0 (search/found) -Automa common alpns: 0/0 (search/found) +Automa common alpns: 1/0 (search/found) Patricia risk mask: 6/0 (search/found) Patricia risk: 2/0 (search/found) Patricia protocols: 4/2 (search/found) @@ -29,5 +29,5 @@ JA3 Host Stats: 1 TCP 192.168.10.101:3967 <-> 206.33.61.113:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][4 pkts/330 bytes <-> 3 pkts/1497 bytes][Goodput ratio: 31/89][0.08 sec][bytes ratio: -0.639 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/38 25/19 58/38 24/19][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 82/499 156/905 43/346][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TLSv1][JA3S: 53611273a714cb4789c8222932efd5a7 (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 0,0,0,33,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 2 TCP 10.191.139.17:58552 <-> 54.221.224.45:443 [VLAN: 2][proto: GTP:91.275/TLS.Crashlytics][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: DataTransfer/4][2 pkts/442 bytes <-> 1 pkts/118 bytes][Goodput ratio: 41/0][0.23 sec][Hostname/SNI: e.crashlytics.com][ALPN: ][Risk: ** TLS Suspicious Extn **][Risk Score: 100][TLSv1.2][JA3C: 9d5430e6dfce44459702b74d790df353][Firefox][PLAIN TEXT (e.crashlytics.com)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 TCP 10.191.139.17:58552 <-> 54.221.224.45:443 [VLAN: 2][proto: GTP:91.275/TLS.Crashlytics][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: DataTransfer/4][2 pkts/442 bytes <-> 1 pkts/118 bytes][Goodput ratio: 41/0][0.23 sec][Hostname/SNI: e.crashlytics.com][(Advertised) ALPNs: ][Risk: ** Uncommon TLS ALPN **** TLS Suspicious Extn **][Risk Score: 150][TLSv1.2][JA3C: 9d5430e6dfce44459702b74d790df353][Firefox][PLAIN TEXT (e.crashlytics.com)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 74.80.160.99:3258 -> 67.217.77.28:443 [proto: 91/TLS][IP: 293/GoTo][Encrypted][Confidence: Match by port][cat: Web/5][1 pkts/64 bytes -> 0 pkts/0 bytes][Goodput ratio: 15/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/tls_long_cert.pcap.out b/tests/result/tls_long_cert.pcap.out index 9947b1d1d..9d07a2e51 100644 --- a/tests/result/tls_long_cert.pcap.out +++ b/tests/result/tls_long_cert.pcap.out @@ -26,4 +26,4 @@ JA3 Host Stats: 1 192.168.2.126 1 - 1 TCP 192.168.2.126:60174 <-> 104.111.215.93:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][86 pkts/8534 bytes <-> 96 pkts/109067 bytes][Goodput ratio: 33/94][71.34 sec][Hostname/SNI: www.repubblica.it][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.855 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1046/930 45462/45488 6189/5865][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 99/1136 902/1514 118/525][TLSv1.2][JA3C: 66918128f1b9b03303d77c6f2eefd128][ServerNames: www.repstatic.it,repstatic.it,amp-video.lastampa.it,www.repubblica.it,amp-video.deejay.it,amp-video.d.repubblica.it,www.gelestatic.it,oasjs.kataweb.it,video.d.repubblica.it,www.test.capital.it,napoli.repubblica.it,video.ilsecoloxix.it,genova.repubblica.it,cdn.gelestatic.it,video.gelocal.it,media.deejay.it,media.m2o.it,amp-video.espresso.repubblica.it,download.gelocal.it,amp-video.m2o.it,bologna.repubblica.it,torino.repubblica.it,scripts.kataweb.it,palermo.repubblica.it,roma.repubblica.it,video.xl.repubblica.it,amp-video.gelocal.it,video.espresso.repubblica.it,www.capital.it,video.limesonline.com,media.capital.it,syndication-vod-pro.akamai.media.kataweb.it,test.capital.it,video.deejay.it,video.repubblica.it,milano.repubblica.it,video.lanuovasardegna.it,video.m2o.it,parma.repubblica.it,video.3nz.it,syndication-vod-hds.akamai.media.kataweb.it,amp-video.repubblica.it,video.lastampa.it,webfragments.repubblica.it,amp-video.xl.repubblica.it,amp-video.limesonline.com,media.kataweb.it,bari.repubblica.it,syndication-vod-hls.akamai.media.kataweb.it,amp-video.3nz.it,syndication3rd-vod-pro.akamai.media.kataweb.it,firenze.repubblica.it,amp-video.ilsecoloxix.it,amp-video.lanuovasardegna.it,cdn.flv.kataweb.it][JA3S: 35af4c8cd9495354f7d701ce8ad7fd2d][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust RSA CA 2018][Subject: C=IT, ST=Roma, L=Roma, O=GEDI Digital S.r.l., CN=www.repstatic.it][Certificate SHA-1: 0C:9F:21:DB:65:A1:BE:EB:D8:89:38:D3:FF:7A:D9:02:8B:F1:60:A1][Chrome][Validity: 2019-03-07 00:00:00 - 2020-05-05 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 1,1,4,3,1,1,0,2,3,0,0,1,0,1,0,0,1,0,0,0,6,0,0,0,1,0,1,0,0,1,0,0,13,0,0,0,0,2,0,0,1,1,0,0,0,54,0,0] + 1 TCP 192.168.2.126:60174 <-> 104.111.215.93:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][86 pkts/8534 bytes <-> 96 pkts/109067 bytes][Goodput ratio: 33/94][71.34 sec][Hostname/SNI: www.repubblica.it][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.855 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1046/930 45462/45488 6189/5865][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 99/1136 902/1514 118/525][TLSv1.2][JA3C: 66918128f1b9b03303d77c6f2eefd128][ServerNames: www.repstatic.it,repstatic.it,amp-video.lastampa.it,www.repubblica.it,amp-video.deejay.it,amp-video.d.repubblica.it,www.gelestatic.it,oasjs.kataweb.it,video.d.repubblica.it,www.test.capital.it,napoli.repubblica.it,video.ilsecoloxix.it,genova.repubblica.it,cdn.gelestatic.it,video.gelocal.it,media.deejay.it,media.m2o.it,amp-video.espresso.repubblica.it,download.gelocal.it,amp-video.m2o.it,bologna.repubblica.it,torino.repubblica.it,scripts.kataweb.it,palermo.repubblica.it,roma.repubblica.it,video.xl.repubblica.it,amp-video.gelocal.it,video.espresso.repubblica.it,www.capital.it,video.limesonline.com,media.capital.it,syndication-vod-pro.akamai.media.kataweb.it,test.capital.it,video.deejay.it,video.repubblica.it,milano.repubblica.it,video.lanuovasardegna.it,video.m2o.it,parma.repubblica.it,video.3nz.it,syndication-vod-hds.akamai.media.kataweb.it,amp-video.repubblica.it,video.lastampa.it,webfragments.repubblica.it,amp-video.xl.repubblica.it,amp-video.limesonline.com,media.kataweb.it,bari.repubblica.it,syndication-vod-hls.akamai.media.kataweb.it,amp-video.3nz.it,syndication3rd-vod-pro.akamai.media.kataweb.it,firenze.repubblica.it,amp-video.ilsecoloxix.it,amp-video.lanuovasardegna.it,cdn.flv.kataweb.it][JA3S: 35af4c8cd9495354f7d701ce8ad7fd2d][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust RSA CA 2018][Subject: C=IT, ST=Roma, L=Roma, O=GEDI Digital S.r.l., CN=www.repstatic.it][Certificate SHA-1: 0C:9F:21:DB:65:A1:BE:EB:D8:89:38:D3:FF:7A:D9:02:8B:F1:60:A1][Chrome][Validity: 2019-03-07 00:00:00 - 2020-05-05 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 1,1,4,3,1,1,0,2,3,0,0,1,0,1,0,0,1,0,0,0,6,0,0,0,1,0,1,0,0,1,0,0,13,0,0,0,0,2,0,0,1,1,0,0,0,54,0,0] diff --git a/tests/result/tls_multiple_synack_different_seq.pcapng.out b/tests/result/tls_multiple_synack_different_seq.pcapng.out index 96f38c918..d277fd13e 100644 --- a/tests/result/tls_multiple_synack_different_seq.pcapng.out +++ b/tests/result/tls_multiple_synack_different_seq.pcapng.out @@ -14,7 +14,7 @@ Automa host: 1/1 (search/found) Automa domain: 1/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) -Automa common alpns: 0/0 (search/found) +Automa common alpns: 2/2 (search/found) Patricia risk mask: 2/0 (search/found) Patricia risk: 0/0 (search/found) Patricia protocols: 2/0 (search/found) @@ -26,4 +26,4 @@ JA3 Host Stats: 1 10.10.10.1 1 - 1 TCP 10.10.10.1:443 <-> 192.168.0.1:59927 [proto: 91.265/TLS.AmazonAWS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Cloud/13][9 pkts/5961 bytes <-> 1 pkts/571 bytes][Goodput ratio: 91/90][29.38 sec][Hostname/SNI: bolt-prod-s3-eu-west-1.s3.eu-west-1.amazonaws.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.825 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 3672/0 15063/0 5728/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/571 662/571 1414/571 649/0][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: s3-eu-west-1.amazonaws.com,*.s3-eu-west-1.amazonaws.com,s3.eu-west-1.amazonaws.com,*.s3.eu-west-1.amazonaws.com,s3.dualstack.eu-west-1.amazonaws.com,*.s3.dualstack.eu-west-1.amazonaws.com,*.s3.amazonaws.com,*.s3-control.eu-west-1.amazonaws.com,s3-control.eu-west-1.amazonaws.com,*.s3-control.dualstack.eu-west-1.amazonaws.com,s3-control.dualstack.eu-west-1.amazonaws.com,*.s3-accesspoint.eu-west-1.amazonaws.com,*.s3-accesspoint.dualstack.eu-west-1.amazonaws.com,*.s3.eu-west-1.vpce.amazonaws.com][JA3S: 704239182a9091e4453fdbfe0fd17586][Issuer: C=US, O=Amazon, OU=Server CA 1B, CN=Amazon][Subject: CN=*.s3-eu-west-1.amazonaws.com][Certificate SHA-1: 5A:47:18:0A:2F:90:02:C9:30:5C:B1:BE:D6:0D:5A:42:24:C8:81:76][Chrome][Validity: 2021-03-26 00:00:00 - 2022-03-08 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][PLAIN TEXT (Starfield Technologies)][Plen Bins: 0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,51,0,0,0,0,0] + 1 TCP 10.10.10.1:443 <-> 192.168.0.1:59927 [proto: 91.265/TLS.AmazonAWS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Cloud/13][9 pkts/5961 bytes <-> 1 pkts/571 bytes][Goodput ratio: 91/90][29.38 sec][Hostname/SNI: bolt-prod-s3-eu-west-1.s3.eu-west-1.amazonaws.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.825 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 3672/0 15063/0 5728/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/571 662/571 1414/571 649/0][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: s3-eu-west-1.amazonaws.com,*.s3-eu-west-1.amazonaws.com,s3.eu-west-1.amazonaws.com,*.s3.eu-west-1.amazonaws.com,s3.dualstack.eu-west-1.amazonaws.com,*.s3.dualstack.eu-west-1.amazonaws.com,*.s3.amazonaws.com,*.s3-control.eu-west-1.amazonaws.com,s3-control.eu-west-1.amazonaws.com,*.s3-control.dualstack.eu-west-1.amazonaws.com,s3-control.dualstack.eu-west-1.amazonaws.com,*.s3-accesspoint.eu-west-1.amazonaws.com,*.s3-accesspoint.dualstack.eu-west-1.amazonaws.com,*.s3.eu-west-1.vpce.amazonaws.com][JA3S: 704239182a9091e4453fdbfe0fd17586][Issuer: C=US, O=Amazon, OU=Server CA 1B, CN=Amazon][Subject: CN=*.s3-eu-west-1.amazonaws.com][Certificate SHA-1: 5A:47:18:0A:2F:90:02:C9:30:5C:B1:BE:D6:0D:5A:42:24:C8:81:76][Chrome][Validity: 2021-03-26 00:00:00 - 2022-03-08 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][PLAIN TEXT (Starfield Technologies)][Plen Bins: 0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,51,0,0,0,0,0] diff --git a/tests/result/tls_unidirectional.pcap.out b/tests/result/tls_unidirectional.pcap.out index 9fb332c02..70c6b82ae 100644 --- a/tests/result/tls_unidirectional.pcap.out +++ b/tests/result/tls_unidirectional.pcap.out @@ -14,7 +14,7 @@ Automa host: 1/1 (search/found) Automa domain: 1/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) -Automa common alpns: 0/0 (search/found) +Automa common alpns: 1/0 (search/found) Patricia risk mask: 4/0 (search/found) Patricia risk: 0/0 (search/found) Patricia protocols: 3/1 (search/found) @@ -27,5 +27,5 @@ JA3 Host Stats: 1 192.168.1.128 1 - 1 TCP 192.168.1.128:48260 -> 195.181.174.176:443 [proto: 91.252/TLS.AnyDesk][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: RemoteAccess/12][27 pkts/7693 bytes -> 0 pkts/0 bytes][Goodput ratio: 77/0][58.79 sec][ALPN: anydesk/6.2.0/linux][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2023/0 10210/0 3873/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 285/0 1514/0 460/0][Risk: ** Missing SNI TLS Extn **** Desktop/File Sharing **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found AnyDesk][TLSv1.2][JA3C: 29b5a018fa5992fe23560c16af0dc9fc][Firefox][Plen Bins: 0,20,20,0,10,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,10,0,0,0,0,0,0,20,0,0] + 1 TCP 192.168.1.128:48260 -> 195.181.174.176:443 [proto: 91.252/TLS.AnyDesk][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: RemoteAccess/12][27 pkts/7693 bytes -> 0 pkts/0 bytes][Goodput ratio: 77/0][58.79 sec][(Advertised) ALPNs: anydesk/6.2.0/linux][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2023/0 10210/0 3873/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 285/0 1514/0 460/0][Risk: ** Missing SNI TLS Extn **** Desktop/File Sharing **** Uncommon TLS ALPN **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / anydesk/6.2.0/linu / Found AnyDesk][TLSv1.2][JA3C: 29b5a018fa5992fe23560c16af0dc9fc][Firefox][Plen Bins: 0,20,20,0,10,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,10,0,0,0,0,0,0,20,0,0] 2 TCP 142.250.27.188:5228 -> 10.140.72.24:12654 [VLAN: 308][proto: 91.126/TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][6 pkts/6972 bytes -> 0 pkts/0 bytes][Goodput ratio: 94/0][0.16 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/0 160/0 64/0][Pkt Len c2s/s2c min/avg/max/stddev: 78/0 1162/0 1418/0 490/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No client to server traffic][ServerNames: *.google.com,*.appengine.google.com,*.bdn.dev,*.cloud.google.com,*.crowdsource.google.com,*.datacompute.google.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlevideo.com,*.gstatic.cn,*.gstatic-cn.com,googlecnapps.cn,*.googlecnapps.cn,googleapps-cn.com,*.googleapps-cn.com,gkecnapps.cn,*.gkecnapps.cn,googledownloads.cn,*.googledownloads.cn,recaptcha.net.cn,*.recaptcha.net.cn,widevine.cn,*.widevine.cn,ampproject.org.cn,*.ampproject.org.cn,ampproject.net.cn,*.ampproject.net.cn,google-analytics-cn.com,*.google-analytics-cn.com,googleadservices-cn.com,*.googleadservices-cn.com,googlevads-cn.com,*.googlevads-cn.com,googleapis-cn.com,*.googleapis-cn.com,googleoptimize-cn.com,*.googleoptimize-cn.com,doubleclick-cn.net,*.doubleclick-cn.net,*.fls.doubleclick-cn.net,*.g.doubleclick-cn.net,doubleclick.cn,*.doubleclick.cn,*.fls.doubleclick.cn,*.g.doubleclick.cn,dartsearch-cn.net,*.dartsearch-cn.net,googletraveladservices-cn.com,*.googletraveladservices-cn.com,googletagservices-cn.com,*.googletagservices-cn.com,googletagmanager-cn.com,*.googletagmanager-cn.com,googlesyndication-cn.com,*.googlesyndication-cn.com,*.safeframe.googlesyndication-cn.com,app-measurement-cn.com,*.app-measurement-cn.com,gvt1-cn.com,*.gvt1-cn.com,gvt2-cn.com,*.gvt2-cn.com,2mdn-cn.net,*.2mdn-cn.net,googleflights-cn.net,*.googleflights-cn.net,admob-cn.com,*.admob-cn.com,*.gstatic.com,*.metric.gstatic.com,*.gvt1.com,*.gcpcdn.gvt1.com,*.gvt2.com,*.gcp.gvt2.com,*.url.google.com,*.youtube-nocookie.com,*.ytimg.com,android.com,*.android.com,*.flash.android.com,g.cn,*.g.cn,g.co,*.g.co,goo.gl,www.goo.gl,google-analytics.com,*.google-analytics.com,google.com,googlecommerce.com,*.googlecommerce.com,ggpht.cn,*.ggpht.cn,urchin.com,*.urchin.com,youtu.be,youtube.com,*.youtube.com,youtubeeducation.com,*.youtubeeducation.com,youtubekids.com,*.youtubekids.com,yt.be,*.yt.be,android.clients.google.com,developer.android.google.cn,developers.android.google.cn,source.android.google.cn][JA3S: 84aaf6d03fc8c5bfb56d1d188735b268][Issuer: C=US, O=Google Trust Services LLC, CN=GTS CA 1C3][Subject: CN=*.google.com][Certificate SHA-1: 02:64:CA:2E:8A:2F:BB:C4:97:9D:A7:AC:2B:47:FF:DE:28:0E:71:B1][Validity: 2021-11-01 02:19:52 - 2022-01-24 02:19:51][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,80,0,0,0,0,0] diff --git a/tests/result/tls_verylong_certificate.pcap.out b/tests/result/tls_verylong_certificate.pcap.out index b433c43e8..c08932936 100644 --- a/tests/result/tls_verylong_certificate.pcap.out +++ b/tests/result/tls_verylong_certificate.pcap.out @@ -26,4 +26,4 @@ JA3 Host Stats: 1 192.168.1.160 1 - 1 TCP 192.168.1.160:54804 <-> 151.101.66.49:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Media/1][24 pkts/2404 bytes <-> 24 pkts/19825 bytes][Goodput ratio: 35/92][0.09 sec][Hostname/SNI: feodotracker.abuse.ch][ALPN: http/1.1][bytes ratio: -0.784 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/4 15/21 5/7][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 100/826 583/1434 109/662][TLSv1.2][JA3C: 2a26b1a62e40d25d4de3babc9d532f30][ServerNames: p2.shared.global.fastly.net,*.12wbt.com,*.2bleacherreport.com,*.3bleacherreport.com,*.4bleacherreport.com,*.8bleacherreport.com,*.abuse.ch,*.acdn-it.ps-pantheon.com,*.cdn.livingmap.com,*.content.plastiq.com,*.dimensions.ai,*.dollarshaveclub.co.uk,*.dollarshaveclub.com,*.dontpayfull.com,*.ebisubook.com,*.foreignaffairs.com,*.fs.jibjab.com,*.fs.unitprints.com,*.ggleap.com,*.goodeggs.com,*.huevosbuenos.com,*.indy.myomnigon.com,*.jwatch.org,*.kingsfordcharcoal.com.au,*.lancenters.com,*.madebywe.com,*.minirodini.com,*.modcloth.net,*.orionlabs.io,*.ps-pantheon.com,*.scodle.com,*.steelseries.com,*.theforeman.org,*.uploads.eversign.com,*.uploads.schoox.com,*.vts.com,*.x.stg1.ebisubook.com,*.yang2020.com,12wbt.com,2bleacherreport.com,3bleacherreport.com,4bleacherreport.com,8bleacherreport.com,abuse.ch,brita.com,cdn.fwupd.org,cdn.livingmap.com,cdn.seated.com,cdn.skillacademy.com,clinicaloptions.com,clorox.com,content-preprod.beaverbrooksweb2.co.uk,content.beaverbrooks.co.uk,content.plastiq.com,coolmathgames.com,copterroyale.coolmathgames.com,d8-dev.coolmathgames.com,deflyio.coolmathgames.com,delivery-api.evadacms.com,dimensions.ai,dollarshaveclub.co.uk,dollarshaveclub.com,dontpayfull.com,eluniverso.com,email.amg-group.co,email.tekoforlife.co.uk,feedmarket.fr,freshstep.com,ggleap.com,goodeggs.com,heap.io,huevosbuenos.com,identity.linuxfoundation.org,joebiden.com,jwatch.org,kingsford.co.nz,kingsfordcharcoal.com.au,lancenters.com,lists.linuxfoundation.org,m-stage.coolmathgames.com,m.coolmathgames.com,madebywe.com,minirodini.com,modcloth.net,orionlabs.io,puritanmedproducts.com,reviews.org,rg-video-staging.ruangguru.com,rg-video.ruangguru.com,ruangguru.com,scodle.com,stage.coolmathgames.com,staging.appblade.com,steelseries.com,stg.platform.eluniverso.com,test.brita.com,test.heap.io,test.joebiden.com,test.ruangguru.com,theforeman.org,video-cdn.quipper.com,videos.calcworkshop.com,vts.com,www.101network.com,www.autos101.com,www.brita.com,www.clorox.com,www.collider.com,www.coolmathgames.com,www.eluniverso.com,www.flinto.com,www.freshstep.com,www.heap.io,www.holagente.com,www.icsydney.com.au,www.joebiden.com,www.kingsford.co.nz,www.mrnatty.com,www.myjewellerystory.com.au,www.myjs.com,www.netacea.com,www.parenting101.com,www.puritanmedproducts.com,www.reviews.org,www.sba.sa,www.shashatcom.sa,www.uat.ontariocolleges.ca,www.vacation101.com,www.walterspeople.co.uk,www.westwayelectricsupply.com][JA3S: ae53107a2e47ea20c72ac44821a728bf][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3][Subject: C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=p2.shared.global.fastly.net][Certificate SHA-1: E9:34:DF:E0:C5:31:3C:59:7E:E2:57:44:F2:82:E9:80:F5:5D:05:4B][Firefox][Validity: 2019-11-19 01:31:22 - 2020-08-29 17:19:32][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,16,0,4,0,4,4,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,55,0,0,0,0,0] + 1 TCP 192.168.1.160:54804 <-> 151.101.66.49:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Media/1][24 pkts/2404 bytes <-> 24 pkts/19825 bytes][Goodput ratio: 35/92][0.09 sec][Hostname/SNI: feodotracker.abuse.ch][(Advertised) ALPNs: http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.784 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/4 15/21 5/7][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 100/826 583/1434 109/662][TLSv1.2][JA3C: 2a26b1a62e40d25d4de3babc9d532f30][ServerNames: p2.shared.global.fastly.net,*.12wbt.com,*.2bleacherreport.com,*.3bleacherreport.com,*.4bleacherreport.com,*.8bleacherreport.com,*.abuse.ch,*.acdn-it.ps-pantheon.com,*.cdn.livingmap.com,*.content.plastiq.com,*.dimensions.ai,*.dollarshaveclub.co.uk,*.dollarshaveclub.com,*.dontpayfull.com,*.ebisubook.com,*.foreignaffairs.com,*.fs.jibjab.com,*.fs.unitprints.com,*.ggleap.com,*.goodeggs.com,*.huevosbuenos.com,*.indy.myomnigon.com,*.jwatch.org,*.kingsfordcharcoal.com.au,*.lancenters.com,*.madebywe.com,*.minirodini.com,*.modcloth.net,*.orionlabs.io,*.ps-pantheon.com,*.scodle.com,*.steelseries.com,*.theforeman.org,*.uploads.eversign.com,*.uploads.schoox.com,*.vts.com,*.x.stg1.ebisubook.com,*.yang2020.com,12wbt.com,2bleacherreport.com,3bleacherreport.com,4bleacherreport.com,8bleacherreport.com,abuse.ch,brita.com,cdn.fwupd.org,cdn.livingmap.com,cdn.seated.com,cdn.skillacademy.com,clinicaloptions.com,clorox.com,content-preprod.beaverbrooksweb2.co.uk,content.beaverbrooks.co.uk,content.plastiq.com,coolmathgames.com,copterroyale.coolmathgames.com,d8-dev.coolmathgames.com,deflyio.coolmathgames.com,delivery-api.evadacms.com,dimensions.ai,dollarshaveclub.co.uk,dollarshaveclub.com,dontpayfull.com,eluniverso.com,email.amg-group.co,email.tekoforlife.co.uk,feedmarket.fr,freshstep.com,ggleap.com,goodeggs.com,heap.io,huevosbuenos.com,identity.linuxfoundation.org,joebiden.com,jwatch.org,kingsford.co.nz,kingsfordcharcoal.com.au,lancenters.com,lists.linuxfoundation.org,m-stage.coolmathgames.com,m.coolmathgames.com,madebywe.com,minirodini.com,modcloth.net,orionlabs.io,puritanmedproducts.com,reviews.org,rg-video-staging.ruangguru.com,rg-video.ruangguru.com,ruangguru.com,scodle.com,stage.coolmathgames.com,staging.appblade.com,steelseries.com,stg.platform.eluniverso.com,test.brita.com,test.heap.io,test.joebiden.com,test.ruangguru.com,theforeman.org,video-cdn.quipper.com,videos.calcworkshop.com,vts.com,www.101network.com,www.autos101.com,www.brita.com,www.clorox.com,www.collider.com,www.coolmathgames.com,www.eluniverso.com,www.flinto.com,www.freshstep.com,www.heap.io,www.holagente.com,www.icsydney.com.au,www.joebiden.com,www.kingsford.co.nz,www.mrnatty.com,www.myjewellerystory.com.au,www.myjs.com,www.netacea.com,www.parenting101.com,www.puritanmedproducts.com,www.reviews.org,www.sba.sa,www.shashatcom.sa,www.uat.ontariocolleges.ca,www.vacation101.com,www.walterspeople.co.uk,www.westwayelectricsupply.com][JA3S: ae53107a2e47ea20c72ac44821a728bf][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3][Subject: C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=p2.shared.global.fastly.net][Certificate SHA-1: E9:34:DF:E0:C5:31:3C:59:7E:E2:57:44:F2:82:E9:80:F5:5D:05:4B][Firefox][Validity: 2019-11-19 01:31:22 - 2020-08-29 17:19:32][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,16,0,4,0,4,4,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,55,0,0,0,0,0] diff --git a/tests/result/tumblr.pcap.out b/tests/result/tumblr.pcap.out index a6025551e..2ed9d061e 100644 --- a/tests/result/tumblr.pcap.out +++ b/tests/result/tumblr.pcap.out @@ -15,7 +15,7 @@ Automa host: 9/5 (search/found) Automa domain: 9/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) -Automa common alpns: 2/2 (search/found) +Automa common alpns: 18/18 (search/found) Patricia risk mask: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia protocols: 0/0 (search/found) @@ -32,22 +32,22 @@ JA3 Host Stats: 1 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56794 <-> [64:ff9b::c000:4d03]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][4211 pkts/395469 bytes <-> 16806 pkts/21471795 bytes][Goodput ratio: 5/93][17.22 sec][bytes ratio: -0.964 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/0 7179/1998 174/17][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 94/1278 1474/2858 55/501][Plen Bins: 21,2,1,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,71,0,0,0,0] - 2 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56842 <-> [64:ff9b::c000:4d03]:443 [proto: 91.90/TLS.Tumblr][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][761 pkts/66942 bytes <-> 910 pkts/1112522 bytes][Goodput ratio: 2/93][6.32 sec][Hostname/SNI: 64.media.tumblr.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.886 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/1 5753/83 236/5][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 88/1223 603/2512 26/530][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 14,1,1,1,0,0,1,0,1,0,2,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,71,0,0,0,1] + 2 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56842 <-> [64:ff9b::c000:4d03]:443 [proto: 91.90/TLS.Tumblr][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][761 pkts/66942 bytes <-> 910 pkts/1112522 bytes][Goodput ratio: 2/93][6.32 sec][Hostname/SNI: 64.media.tumblr.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.886 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/1 5753/83 236/5][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 88/1223 603/2512 26/530][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 14,1,1,1,0,0,1,0,1,0,2,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,71,0,0,0,1] 3 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:42908 <-> [64:ff9b::98c7:1593]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][385 pkts/77999 bytes <-> 477 pkts/518966 bytes][Goodput ratio: 58/92][18.94 sec][bytes ratio: -0.739 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 57/13 11658/1405 679/90][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 203/1088 1474/2380 361/613][Plen Bins: 8,3,0,2,1,0,0,0,4,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,2,0,0,0,0,73,0,0,0,0] 4 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:43434 <-> [64:ff9b::c000:4d28]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][157 pkts/14309 bytes <-> 169 pkts/199532 bytes][Goodput ratio: 6/93][17.57 sec][bytes ratio: -0.866 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 141/1 13385/22 1229/3][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 91/1181 249/1486 23/567][Plen Bins: 13,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,82,0,0,0,0] 5 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:43420 <-> [64:ff9b::c000:4d28]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][125 pkts/12378 bytes <-> 164 pkts/199664 bytes][Goodput ratio: 13/93][17.28 sec][bytes ratio: -0.883 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 155/38 9909/4918 1100/422][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 99/1217 337/1486 41/527][Plen Bins: 7,1,1,3,1,2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,82,0,0,0,0] - 6 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:49548 <-> [2a00:1450:4007:809::200e]:443 [proto: 91.126/TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][38 pkts/4471 bytes <-> 69 pkts/80966 bytes][Goodput ratio: 27/93][0.38 sec][Hostname/SNI: apis.google.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.895 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/5 83/70 18/12][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 118/1173 603/6126 94/887][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 2,2,2,0,1,1,1,4,1,1,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,2,0,1,0,0,0,0,0,0,70,0,0,0,0,0,0,0,0,0,7] - 7 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:38608 <-> [2a00:1450:4007:80b::200a]:443 [proto: 91.239/TLS.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][26 pkts/3265 bytes <-> 37 pkts/41715 bytes][Goodput ratio: 31/92][0.25 sec][Hostname/SNI: ajax.googleapis.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.855 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/3 67/44 18/8][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 126/1127 603/3227 111/829][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 8,2,5,0,0,0,0,0,5,0,0,0,0,0,2,2,2,0,2,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,17] + 6 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:49548 <-> [2a00:1450:4007:809::200e]:443 [proto: 91.126/TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][38 pkts/4471 bytes <-> 69 pkts/80966 bytes][Goodput ratio: 27/93][0.38 sec][Hostname/SNI: apis.google.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.895 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/5 83/70 18/12][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 118/1173 603/6126 94/887][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 2,2,2,0,1,1,1,4,1,1,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,2,0,1,0,0,0,0,0,0,70,0,0,0,0,0,0,0,0,0,7] + 7 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:38608 <-> [2a00:1450:4007:80b::200a]:443 [proto: 91.239/TLS.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][26 pkts/3265 bytes <-> 37 pkts/41715 bytes][Goodput ratio: 31/92][0.25 sec][Hostname/SNI: ajax.googleapis.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.855 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/3 67/44 18/8][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 126/1127 603/3227 111/829][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 8,2,5,0,0,0,0,0,5,0,0,0,0,0,2,2,2,0,2,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,17] 8 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:48240 <-> [64:ff9b::9765:789d]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][38 pkts/3530 bytes <-> 38 pkts/38240 bytes][Goodput ratio: 7/91][19.87 sec][bytes ratio: -0.831 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 662/0 19473/1 3494/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 93/1006 216/1134 25/322][Plen Bins: 0,5,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,2,0,0,0,0,0,0,0,0,86,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 9 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:43328 <-> [64:ff9b::4a72:9a16]:443 [proto: 91.90/TLS.Tumblr][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][29 pkts/3925 bytes <-> 33 pkts/25475 bytes][Goodput ratio: 36/89][1.02 sec][Hostname/SNI: catasters.tumblr.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.733 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 36/31 200/232 63/57][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 135/772 603/1486 124/645][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: *.tumblr.com,tumblr.com][JA3S: 738f0c3c6e00286f3afac626676d352d][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA][Subject: CN=*.tumblr.com][Certificate SHA-1: 14:78:BA:5B:B5:54:5D:A1:2C:D2:79:4C:42:99:BB:3A:A9:DB:86:C2][Chrome][Validity: 2020-03-26 00:00:00 - 2022-06-28 00:00:00][Cipher: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256][Plen Bins: 18,0,9,3,3,0,0,0,3,3,0,0,0,0,3,0,3,0,0,0,0,3,0,3,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,3,0,0,41,0,0,0,0] - 10 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:58380 <-> [2606:2800:135:155a:23ba:b2a:25ff:122d]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][21 pkts/3364 bytes <-> 29 pkts/20662 bytes][Goodput ratio: 46/88][0.18 sec][Hostname/SNI: consent.cmp.oath.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.720 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/5 47/47 13/12][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 160/712 609/1294 156/543][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 7,3,7,7,0,0,0,7,3,0,0,0,0,0,3,0,7,0,0,0,3,0,0,0,0,3,0,0,0,0,3,0,0,0,0,0,0,44,0,0,0,0,0,0,0,0,0,0] - 11 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:39152 <-> [64:ff9b::6006:749]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Advertisement/101][18 pkts/5773 bytes <-> 17 pkts/6416 bytes][Goodput ratio: 73/77][17.45 sec][Hostname/SNI: sb.scorecardresearch.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.053 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/6 1233/1326 16556/16588 4251/4407][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 321/377 850/1365 296/411][TLSv1.3][JA3C: 44d502d471cfdb99c59bdfb0f220e5a8][JA3S: 2253c82f03b621c5144709b393fde2c9][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,6,0,0,0,0,0,25,0,0,0,0,12,0,0,0,6,12,6,0,0,0,12,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,6,0,0,0,0,0,0,0,0] - 12 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:47118 <-> [2001:4998:14:800::1001]:443 [proto: 91.70/TLS.Yahoo][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][16 pkts/2550 bytes <-> 15 pkts/7383 bytes][Goodput ratio: 46/82][0.57 sec][Hostname/SNI: cookiex.ngd.yahoo.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.487 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 28/48 315/282 83/84][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 159/492 603/1474 154/531][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 7,14,14,0,0,0,0,0,14,0,0,0,0,7,0,0,7,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,14,0,0,0,0] - 13 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:39164 <-> [64:ff9b::6006:749]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Advertisement/101][10 pkts/2724 bytes <-> 9 pkts/2209 bytes][Goodput ratio: 68/65][0.19 sec][Hostname/SNI: sb.scorecardresearch.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.104 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/23 56/53 21/18][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 272/245 706/686 267/200][TLSv1.3][JA3C: 44d502d471cfdb99c59bdfb0f220e5a8][JA3S: 2253c82f03b621c5144709b393fde2c9][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,12,0,0,0,0,0,37,0,0,0,0,0,0,0,0,12,25,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 9 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:43328 <-> [64:ff9b::4a72:9a16]:443 [proto: 91.90/TLS.Tumblr][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: SocialNetwork/6][29 pkts/3925 bytes <-> 33 pkts/25475 bytes][Goodput ratio: 36/89][1.02 sec][Hostname/SNI: catasters.tumblr.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.733 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 36/31 200/232 63/57][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 135/772 603/1486 124/645][TLSv1.2][JA3C: b32309a26951912be7dba376398abc3b][ServerNames: *.tumblr.com,tumblr.com][JA3S: 738f0c3c6e00286f3afac626676d352d][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA][Subject: CN=*.tumblr.com][Certificate SHA-1: 14:78:BA:5B:B5:54:5D:A1:2C:D2:79:4C:42:99:BB:3A:A9:DB:86:C2][Chrome][Validity: 2020-03-26 00:00:00 - 2022-06-28 00:00:00][Cipher: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256][Plen Bins: 18,0,9,3,3,0,0,0,3,3,0,0,0,0,3,0,3,0,0,0,0,3,0,3,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,3,0,0,41,0,0,0,0] + 10 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:58380 <-> [2606:2800:135:155a:23ba:b2a:25ff:122d]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][21 pkts/3364 bytes <-> 29 pkts/20662 bytes][Goodput ratio: 46/88][0.18 sec][Hostname/SNI: consent.cmp.oath.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.720 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/5 47/47 13/12][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 160/712 609/1294 156/543][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 7,3,7,7,0,0,0,7,3,0,0,0,0,0,3,0,7,0,0,0,3,0,0,0,0,3,0,0,0,0,3,0,0,0,0,0,0,44,0,0,0,0,0,0,0,0,0,0] + 11 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:39152 <-> [64:ff9b::6006:749]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Advertisement/101][18 pkts/5773 bytes <-> 17 pkts/6416 bytes][Goodput ratio: 73/77][17.45 sec][Hostname/SNI: sb.scorecardresearch.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.053 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/6 1233/1326 16556/16588 4251/4407][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 321/377 850/1365 296/411][TLSv1.3][JA3C: 44d502d471cfdb99c59bdfb0f220e5a8][JA3S: 2253c82f03b621c5144709b393fde2c9][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,6,0,0,0,0,0,25,0,0,0,0,12,0,0,0,6,12,6,0,0,0,12,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,6,0,0,0,0,0,0,0,0] + 12 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:47118 <-> [2001:4998:14:800::1001]:443 [proto: 91.70/TLS.Yahoo][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][16 pkts/2550 bytes <-> 15 pkts/7383 bytes][Goodput ratio: 46/82][0.57 sec][Hostname/SNI: cookiex.ngd.yahoo.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.487 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 28/48 315/282 83/84][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 159/492 603/1474 154/531][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 7,14,14,0,0,0,0,0,14,0,0,0,0,7,0,0,7,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,14,0,0,0,0] + 13 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:39164 <-> [64:ff9b::6006:749]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Advertisement/101][10 pkts/2724 bytes <-> 9 pkts/2209 bytes][Goodput ratio: 68/65][0.19 sec][Hostname/SNI: sb.scorecardresearch.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.104 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/23 56/53 21/18][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 272/245 706/686 267/200][TLSv1.3][JA3C: 44d502d471cfdb99c59bdfb0f220e5a8][JA3S: 2253c82f03b621c5144709b393fde2c9][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,12,0,0,0,0,0,37,0,0,0,0,0,0,0,0,12,25,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 14 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:51874 <-> [64:ff9b::c000:4c03]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][14 pkts/1971 bytes <-> 14 pkts/1808 bytes][Goodput ratio: 39/33][17.08 sec][bytes ratio: 0.043 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1544/33 16623/194 4769/64][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 141/129 243/205 64/49][Plen Bins: 0,28,0,42,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 15 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:57286 <-> [64:ff9b::8fcc:d927]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][5 pkts/1152 bytes <-> 4 pkts/910 bytes][Goodput ratio: 63/62][0.20 sec][bytes ratio: 0.117 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 3/0 50/4 113/9 49/4][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 230/228 730/613 250/223][Plen Bins: 0,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 16 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:41266 <-> [2620:116:800d:21:8c6e:cf2c:8d6:9fb5]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][5 pkts/1186 bytes <-> 4 pkts/790 bytes][Goodput ratio: 64/56][0.21 sec][bytes ratio: 0.200 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/0 52/8 121/15 49/6][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 237/198 750/486 257/168][Plen Bins: 0,60,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 17 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:58382 <-> [2606:2800:135:155a:23ba:b2a:25ff:122d]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][7 pkts/1091 bytes <-> 5 pkts/537 bytes][Goodput ratio: 47/18][0.07 sec][Hostname/SNI: consent.cmp.oath.com][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.340 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 14/15 24/39 10/17][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 156/107 603/185 183/39][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 17 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:58382 <-> [2606:2800:135:155a:23ba:b2a:25ff:122d]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][7 pkts/1091 bytes <-> 5 pkts/537 bytes][Goodput ratio: 47/18][0.07 sec][Hostname/SNI: consent.cmp.oath.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.340 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 14/15 24/39 10/17][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 156/107 603/185 183/39][TLSv1.3][JA3C: b32309a26951912be7dba376398abc3b][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 18 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:55560 <-> [2a00:1450:4007:817::200a]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][5 pkts/625 bytes <-> 8 pkts/900 bytes][Goodput ratio: 31/24][0.84 sec][bytes ratio: -0.180 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 255/130 765/770 360/286][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 125/112 203/157 43/28][Plen Bins: 0,71,14,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 19 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56782 <-> [64:ff9b::68f4:2ac8]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][5 pkts/539 bytes <-> 5 pkts/763 bytes][Goodput ratio: 20/44][18.08 sec][bytes ratio: -0.172 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 4520/4504 17850/17820 7696/7688][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 108/153 149/373 27/112][Plen Bins: 0,75,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 20 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:35892 <-> [2a00:1450:4007:815::2002]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.23 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/tunnelbear.pcap.out b/tests/result/tunnelbear.pcap.out index 5a0d5e2f3..6eaeffd63 100644 --- a/tests/result/tunnelbear.pcap.out +++ b/tests/result/tunnelbear.pcap.out @@ -15,7 +15,7 @@ Automa host: 26/17 (search/found) Automa domain: 26/0 (search/found) Automa tls cert: 3/0 (search/found) Automa risk mask: 3/0 (search/found) -Automa common alpns: 28/28 (search/found) +Automa common alpns: 32/32 (search/found) Patricia risk mask: 42/0 (search/found) Patricia risk: 0/0 (search/found) Patricia protocols: 23/19 (search/found) @@ -32,24 +32,24 @@ JA3 Host Stats: 2 10.158.132.91 1 - 1 TCP 10.8.0.1:45104 <-> 104.17.115.40:443 [proto: 91.299/TLS.TunnelBear][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: VPN/2][28 pkts/5840 bytes <-> 27 pkts/10868 bytes][Goodput ratio: 74/87][1.54 sec][Hostname/SNI: api.polargrizzly.com][ALPN: h2;http/1.1][bytes ratio: -0.301 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 43/66 265/436 77/110][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 209/403 590/3711 190/888][TLSv1.2][JA3C: e9ec38c2b40ff3e300e9975dd7619902][ServerNames: *.polargrizzly.com,polargrizzly.com][JA3S: 9ebc57def2efb523f25c77af13aa6d48][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo ECC Domain Validation Secure Server CA][Subject: CN=*.polargrizzly.com][Certificate SHA-1: 1D:D9:82:8B:E8:9A:66:86:18:67:66:52:EE:02:6C:7D:09:12:B4:17][Safari][Validity: 2022-06-15 00:00:00 - 2023-07-15 23:59:59][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 4,8,4,17,0,0,0,0,4,4,21,0,0,0,0,0,17,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13] - 2 TCP 10.8.0.1:33830 <-> 104.17.114.40:443 [proto: 91.299/TLS.TunnelBear][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: VPN/2][29 pkts/6388 bytes <-> 30 pkts/7789 bytes][Goodput ratio: 75/79][1.45 sec][Hostname/SNI: api.polargrizzly.com][ALPN: h2;http/1.1][bytes ratio: -0.099 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 35/57 344/340 83/95][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 220/260 590/2954 209/644][TLSv1.2][JA3C: e9ec38c2b40ff3e300e9975dd7619902][JA3S: 5badad76fbdd6e8b6296e2e9f4024401][Safari][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 3,22,7,11,3,0,7,0,3,0,11,0,0,0,0,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7] - 3 TCP 10.8.0.1:50178 <-> 104.17.154.236:443 [proto: 91.299/TLS.TunnelBear][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: VPN/2][13 pkts/2849 bytes <-> 12 pkts/7134 bytes][Goodput ratio: 75/91][0.68 sec][Hostname/SNI: api.tunnelbear.com][ALPN: h2;http/1.1][bytes ratio: -0.429 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 51/74 393/449 118/137][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 219/594 590/5527 219/1499][TLSv1.2][JA3C: a1c672bda2bda1a05bdca801144b2760][ServerNames: *.tunnelbear.com,tunnelbear.com][JA3S: a885fb01204bc11cc58efc02fe640899][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA][Subject: CN=*.tunnelbear.com][Certificate SHA-1: 52:96:E2:83:CC:15:4E:B3:0F:5B:1D:E2:E8:FF:4E:A9:C4:E9:C0:AF][Safari][Validity: 2022-06-07 00:00:00 - 2023-07-08 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,27,9,0,0,0,0,0,0,0,9,9,0,0,0,0,27,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9] - 4 TCP 10.8.0.1:50904 <-> 104.17.154.236:443 [proto: 91.299/TLS.TunnelBear][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: VPN/2][10 pkts/2689 bytes <-> 10 pkts/6997 bytes][Goodput ratio: 79/92][0.84 sec][Hostname/SNI: api.tunnelbear.com][ALPN: h2;http/1.1][bytes ratio: -0.445 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 105/97 383/336 151/137][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 269/700 590/5527 236/1622][TLSv1.2][JA3C: a1c672bda2bda1a05bdca801144b2760][ServerNames: *.tunnelbear.com,tunnelbear.com][JA3S: a885fb01204bc11cc58efc02fe640899][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA][Subject: CN=*.tunnelbear.com][Certificate SHA-1: 52:96:E2:83:CC:15:4E:B3:0F:5B:1D:E2:E8:FF:4E:A9:C4:E9:C0:AF][Safari][Validity: 2022-06-07 00:00:00 - 2023-07-08 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,11,11,0,0,0,0,0,0,0,11,0,11,0,0,0,33,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11] + 1 TCP 10.8.0.1:45104 <-> 104.17.115.40:443 [proto: 91.299/TLS.TunnelBear][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: VPN/2][28 pkts/5840 bytes <-> 27 pkts/10868 bytes][Goodput ratio: 74/87][1.54 sec][Hostname/SNI: api.polargrizzly.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.301 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 43/66 265/436 77/110][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 209/403 590/3711 190/888][TLSv1.2][JA3C: e9ec38c2b40ff3e300e9975dd7619902][ServerNames: *.polargrizzly.com,polargrizzly.com][JA3S: 9ebc57def2efb523f25c77af13aa6d48][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo ECC Domain Validation Secure Server CA][Subject: CN=*.polargrizzly.com][Certificate SHA-1: 1D:D9:82:8B:E8:9A:66:86:18:67:66:52:EE:02:6C:7D:09:12:B4:17][Safari][Validity: 2022-06-15 00:00:00 - 2023-07-15 23:59:59][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 4,8,4,17,0,0,0,0,4,4,21,0,0,0,0,0,17,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13] + 2 TCP 10.8.0.1:33830 <-> 104.17.114.40:443 [proto: 91.299/TLS.TunnelBear][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: VPN/2][29 pkts/6388 bytes <-> 30 pkts/7789 bytes][Goodput ratio: 75/79][1.45 sec][Hostname/SNI: api.polargrizzly.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.099 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 35/57 344/340 83/95][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 220/260 590/2954 209/644][TLSv1.2][JA3C: e9ec38c2b40ff3e300e9975dd7619902][JA3S: 5badad76fbdd6e8b6296e2e9f4024401][Safari][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 3,22,7,11,3,0,7,0,3,0,11,0,0,0,0,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7] + 3 TCP 10.8.0.1:50178 <-> 104.17.154.236:443 [proto: 91.299/TLS.TunnelBear][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: VPN/2][13 pkts/2849 bytes <-> 12 pkts/7134 bytes][Goodput ratio: 75/91][0.68 sec][Hostname/SNI: api.tunnelbear.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.429 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 51/74 393/449 118/137][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 219/594 590/5527 219/1499][TLSv1.2][JA3C: a1c672bda2bda1a05bdca801144b2760][ServerNames: *.tunnelbear.com,tunnelbear.com][JA3S: a885fb01204bc11cc58efc02fe640899][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA][Subject: CN=*.tunnelbear.com][Certificate SHA-1: 52:96:E2:83:CC:15:4E:B3:0F:5B:1D:E2:E8:FF:4E:A9:C4:E9:C0:AF][Safari][Validity: 2022-06-07 00:00:00 - 2023-07-08 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,27,9,0,0,0,0,0,0,0,9,9,0,0,0,0,27,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9] + 4 TCP 10.8.0.1:50904 <-> 104.17.154.236:443 [proto: 91.299/TLS.TunnelBear][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: VPN/2][10 pkts/2689 bytes <-> 10 pkts/6997 bytes][Goodput ratio: 79/92][0.84 sec][Hostname/SNI: api.tunnelbear.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.445 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 105/97 383/336 151/137][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 269/700 590/5527 236/1622][TLSv1.2][JA3C: a1c672bda2bda1a05bdca801144b2760][ServerNames: *.tunnelbear.com,tunnelbear.com][JA3S: a885fb01204bc11cc58efc02fe640899][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA][Subject: CN=*.tunnelbear.com][Certificate SHA-1: 52:96:E2:83:CC:15:4E:B3:0F:5B:1D:E2:E8:FF:4E:A9:C4:E9:C0:AF][Safari][Validity: 2022-06-07 00:00:00 - 2023-07-08 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,11,11,0,0,0,0,0,0,0,11,0,11,0,0,0,33,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11] 5 TCP 10.8.0.1:47594 <-> 99.83.135.170:443 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][11 pkts/2035 bytes <-> 13 pkts/7075 bytes][Goodput ratio: 70/90][2.41 sec][Hostname/SNI: capi.grammarly.com][bytes ratio: -0.553 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 146/225 445/907 178/264][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 185/544 590/4080 163/1089][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: c60d01d600aacc2c04844595ce224279][ServerNames: capi.grammarly.com,capi-msdk.grammarly.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Amazon, OU=Server CA 1B, CN=Amazon][Subject: CN=capi.grammarly.com][Certificate SHA-1: 1F:4A:0B:A6:60:01:94:7D:3D:94:03:14:5A:30:AF:64:D5:EC:58:DD][Safari][Validity: 2022-03-22 00:00:00 - 2023-04-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,16,0,16,8,8,0,0,0,8,8,0,0,0,0,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,8] - 6 TCP 10.8.0.1:48222 <-> 162.247.243.188:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][9 pkts/1985 bytes <-> 8 pkts/4930 bytes][Goodput ratio: 74/91][1.54 sec][Hostname/SNI: mobile-collector.newrelic.com][ALPN: http/1.1][bytes ratio: -0.426 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 212/256 1145/1199 391/431][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 221/616 590/3918 217/1255][TLSv1.2][JA3C: 3967ff2d2c9c4d144e7e30f24f4e9761][ServerNames: *.newrelic.com,newrelic.com][JA3S: a885fb01204bc11cc58efc02fe640899][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=US, ST=California, L=San Francisco, O=New Relic, Inc., CN=*.newrelic.com][Certificate SHA-1: 90:B0:56:FB:4D:88:5C:EB:F9:79:45:35:26:15:0C:00:F4:08:72:77][Safari][Validity: 2022-02-07 00:00:00 - 2023-03-03 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,14,0,0,0,0,0,14,0,14,14,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14] - 7 TCP 10.8.0.1:47496 <-> 162.247.243.188:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][9 pkts/1892 bytes <-> 8 pkts/4930 bytes][Goodput ratio: 73/91][0.51 sec][Hostname/SNI: mobile-collector.newrelic.com][ALPN: http/1.1][bytes ratio: -0.445 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 65/76 290/290 100/104][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 210/616 590/3918 211/1255][TLSv1.2][JA3C: 3967ff2d2c9c4d144e7e30f24f4e9761][ServerNames: *.newrelic.com,newrelic.com][JA3S: a885fb01204bc11cc58efc02fe640899][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=US, ST=California, L=San Francisco, O=New Relic, Inc., CN=*.newrelic.com][Certificate SHA-1: 90:B0:56:FB:4D:88:5C:EB:F9:79:45:35:26:15:0C:00:F4:08:72:77][Safari][Validity: 2022-02-07 00:00:00 - 2023-03-03 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,14,0,0,0,0,14,14,0,0,14,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14] - 8 TCP 10.8.0.1:45108 <-> 104.17.115.40:443 [proto: 91.299/TLS.TunnelBear][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: VPN/2][10 pkts/1309 bytes <-> 7 pkts/4360 bytes][Goodput ratio: 57/91][0.20 sec][Hostname/SNI: api.polargrizzly.com][ALPN: h2;http/1.1][bytes ratio: -0.538 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/39 135/132 44/50][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 131/623 571/3709 151/1265][TLSv1.2][JA3C: e9ec38c2b40ff3e300e9975dd7619902][ServerNames: *.polargrizzly.com,polargrizzly.com][JA3S: 9ebc57def2efb523f25c77af13aa6d48][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo ECC Domain Validation Secure Server CA][Subject: CN=*.polargrizzly.com][Certificate SHA-1: 1D:D9:82:8B:E8:9A:66:86:18:67:66:52:EE:02:6C:7D:09:12:B4:17][Safari][Validity: 2022-06-15 00:00:00 - 2023-07-15 23:59:59][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,16,34,0,0,0,0,0,0,0,16,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16] - 9 TCP 10.8.0.1:45114 <-> 104.17.115.40:443 [proto: 91.299/TLS.TunnelBear][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: VPN/2][7 pkts/1147 bytes <-> 6 pkts/4309 bytes][Goodput ratio: 65/92][0.25 sec][Hostname/SNI: api.polargrizzly.com][ALPN: h2;http/1.1][bytes ratio: -0.580 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/51 39/61 135/132 53/47][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 164/718 571/3712 174/1344][TLSv1.2][JA3C: e9ec38c2b40ff3e300e9975dd7619902][ServerNames: *.polargrizzly.com,polargrizzly.com][JA3S: 9ebc57def2efb523f25c77af13aa6d48][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo ECC Domain Validation Secure Server CA][Subject: CN=*.polargrizzly.com][Certificate SHA-1: 1D:D9:82:8B:E8:9A:66:86:18:67:66:52:EE:02:6C:7D:09:12:B4:17][Safari][Validity: 2022-06-15 00:00:00 - 2023-07-15 23:59:59][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,20,0,20,0,0,0,0,0,20,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20] - 10 TCP 10.8.0.1:45106 <-> 104.17.115.40:443 [proto: 91.299/TLS.TunnelBear][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: VPN/2][7 pkts/1147 bytes <-> 6 pkts/4308 bytes][Goodput ratio: 65/92][0.26 sec][Hostname/SNI: api.polargrizzly.com][ALPN: h2;http/1.1][bytes ratio: -0.579 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/3 40/62 133/131 52/46][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 164/718 571/3711 174/1344][TLSv1.2][JA3C: e9ec38c2b40ff3e300e9975dd7619902][ServerNames: *.polargrizzly.com,polargrizzly.com][JA3S: 9ebc57def2efb523f25c77af13aa6d48][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo ECC Domain Validation Secure Server CA][Subject: CN=*.polargrizzly.com][Certificate SHA-1: 1D:D9:82:8B:E8:9A:66:86:18:67:66:52:EE:02:6C:7D:09:12:B4:17][Safari][Validity: 2022-06-15 00:00:00 - 2023-07-15 23:59:59][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,20,0,20,0,0,0,0,0,20,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20] - 11 TCP 10.8.0.1:60224 <-> 157.240.7.32:443 [proto: 91.157/TLS.Messenger][IP: 119/Facebook][Encrypted][Confidence: DPI][cat: Chat/9][9 pkts/1320 bytes <-> 9 pkts/3943 bytes][Goodput ratio: 62/88][0.75 sec][Hostname/SNI: mqtt-mini.facebook.com][bytes ratio: -0.498 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 107/92 386/335 131/108][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 147/438 575/2814 167/854][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.3][JA3C: 82932b3c6398511df186dfc9416db2d4][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 25,12,0,0,0,12,0,12,0,0,0,0,0,0,0,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12] - 12 TCP 10.8.0.1:45126 <-> 104.17.115.40:443 [proto: 91.299/TLS.TunnelBear][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: VPN/2][16 pkts/3179 bytes <-> 16 pkts/2058 bytes][Goodput ratio: 72/58][0.56 sec][Hostname/SNI: api.polargrizzly.com][ALPN: h2;http/1.1][bytes ratio: 0.214 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 26/29 107/57 34/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 199/129 590/803 207/183][TLSv1.2][JA3C: e9ec38c2b40ff3e300e9975dd7619902][JA3S: 5badad76fbdd6e8b6296e2e9f4024401][Safari][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 7,24,7,0,7,7,0,0,7,0,7,0,0,0,0,0,24,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 13 TCP 10.8.0.1:47046 <-> 74.125.200.188:5228 [proto: 91.239/TLS.GoogleServices][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][8 pkts/1433 bytes <-> 7 pkts/1228 bytes][Goodput ratio: 68/69][0.45 sec][Hostname/SNI: mtalk.google.com][bytes ratio: 0.077 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/3 50/79 243/193 88/64][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 179/175 587/583 197/182][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **][Risk Score: 60][Risk Info: No ALPN][TLSv1.3][JA3C: 58e34c2965c9f3fa4919d58deef1f49e][JA3S: 2b0648ab686ee45e0e7c35fcfb0eea7e][Safari][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,16,16,0,0,16,0,0,0,0,0,16,0,0,0,34,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 14 TCP 10.8.0.1:33846 <-> 104.17.114.40:443 [proto: 91.299/TLS.TunnelBear][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: VPN/2][10 pkts/1298 bytes <-> 9 pkts/642 bytes][Goodput ratio: 57/24][0.37 sec][Hostname/SNI: api.polargrizzly.com][ALPN: h2;http/1.1][bytes ratio: 0.338 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 46/58 339/331 111/122][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 130/71 571/210 150/49][TLSv1.2][JA3C: e9ec38c2b40ff3e300e9975dd7619902][JA3S: 5badad76fbdd6e8b6296e2e9f4024401][Safari][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 16,34,16,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 15 TCP 10.8.0.1:45124 <-> 104.17.115.40:443 [proto: 91.299/TLS.TunnelBear][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: VPN/2][9 pkts/1244 bytes <-> 8 pkts/588 bytes][Goodput ratio: 59/26][0.42 sec][Hostname/SNI: api.polargrizzly.com][ALPN: h2;http/1.1][bytes ratio: 0.358 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/4 53/90 192/193 68/71][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 138/74 571/210 162/52][TLSv1.2][JA3C: e9ec38c2b40ff3e300e9975dd7619902][JA3S: 5badad76fbdd6e8b6296e2e9f4024401][Safari][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,25,0,0,25,25,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 16 TCP 10.158.132.91:38398 -> 104.17.114.40:443 [proto: 91.299/TLS.TunnelBear][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: VPN/2][5 pkts/1821 bytes -> 0 pkts/0 bytes][Goodput ratio: 85/0][0.46 sec][Hostname/SNI: api.polargrizzly.com][ALPN: h2;http/1.1][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.2][JA3C: e9ec38c2b40ff3e300e9975dd7619902][Safari][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 17 TCP 10.8.0.1:33838 <-> 104.17.114.40:443 [proto: 91.299/TLS.TunnelBear][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: VPN/2][8 pkts/1190 bytes <-> 7 pkts/603 bytes][Goodput ratio: 62/37][0.45 sec][Hostname/SNI: api.polargrizzly.com][ALPN: h2;http/1.1][bytes ratio: 0.327 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 75/84 359/350 129/135][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 149/86 571/210 164/56][TLSv1.2][JA3C: e9ec38c2b40ff3e300e9975dd7619902][JA3S: 5badad76fbdd6e8b6296e2e9f4024401][Safari][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,34,16,16,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 18 TCP 10.8.0.1:33842 <-> 104.17.114.40:443 [proto: 91.299/TLS.TunnelBear][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: VPN/2][8 pkts/1190 bytes <-> 7 pkts/603 bytes][Goodput ratio: 62/37][0.45 sec][Hostname/SNI: api.polargrizzly.com][ALPN: h2;http/1.1][bytes ratio: 0.327 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/2 74/85 340/331 122/125][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 149/86 571/210 164/56][TLSv1.2][JA3C: e9ec38c2b40ff3e300e9975dd7619902][JA3S: 5badad76fbdd6e8b6296e2e9f4024401][Safari][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,34,16,16,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 19 TCP 10.8.0.1:33848 <-> 104.17.114.40:443 [proto: 91.299/TLS.TunnelBear][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: VPN/2][8 pkts/1190 bytes <-> 7 pkts/603 bytes][Goodput ratio: 62/37][0.43 sec][Hostname/SNI: api.polargrizzly.com][ALPN: h2;http/1.1][bytes ratio: 0.327 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 72/80 338/330 121/127][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 149/86 571/210 164/56][TLSv1.2][JA3C: e9ec38c2b40ff3e300e9975dd7619902][JA3S: 5badad76fbdd6e8b6296e2e9f4024401][Safari][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,34,16,16,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 20 TCP 10.8.0.1:33858 <-> 104.17.114.40:443 [proto: 91.299/TLS.TunnelBear][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: VPN/2][3 pkts/699 bytes <-> 2 pkts/108 bytes][Goodput ratio: 74/0][0.01 sec][Hostname/SNI: api.polargrizzly.com][ALPN: h2;http/1.1][TLSv1.2][JA3C: e9ec38c2b40ff3e300e9975dd7619902][Safari][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 6 TCP 10.8.0.1:48222 <-> 162.247.243.188:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][9 pkts/1985 bytes <-> 8 pkts/4930 bytes][Goodput ratio: 74/91][1.54 sec][Hostname/SNI: mobile-collector.newrelic.com][(Advertised) ALPNs: http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.426 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 212/256 1145/1199 391/431][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 221/616 590/3918 217/1255][TLSv1.2][JA3C: 3967ff2d2c9c4d144e7e30f24f4e9761][ServerNames: *.newrelic.com,newrelic.com][JA3S: a885fb01204bc11cc58efc02fe640899][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=US, ST=California, L=San Francisco, O=New Relic, Inc., CN=*.newrelic.com][Certificate SHA-1: 90:B0:56:FB:4D:88:5C:EB:F9:79:45:35:26:15:0C:00:F4:08:72:77][Safari][Validity: 2022-02-07 00:00:00 - 2023-03-03 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,14,0,0,0,0,0,14,0,14,14,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14] + 7 TCP 10.8.0.1:47496 <-> 162.247.243.188:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][9 pkts/1892 bytes <-> 8 pkts/4930 bytes][Goodput ratio: 73/91][0.51 sec][Hostname/SNI: mobile-collector.newrelic.com][(Advertised) ALPNs: http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.445 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 65/76 290/290 100/104][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 210/616 590/3918 211/1255][TLSv1.2][JA3C: 3967ff2d2c9c4d144e7e30f24f4e9761][ServerNames: *.newrelic.com,newrelic.com][JA3S: a885fb01204bc11cc58efc02fe640899][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=US, ST=California, L=San Francisco, O=New Relic, Inc., CN=*.newrelic.com][Certificate SHA-1: 90:B0:56:FB:4D:88:5C:EB:F9:79:45:35:26:15:0C:00:F4:08:72:77][Safari][Validity: 2022-02-07 00:00:00 - 2023-03-03 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,14,0,0,0,0,14,14,0,0,14,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14] + 8 TCP 10.8.0.1:45108 <-> 104.17.115.40:443 [proto: 91.299/TLS.TunnelBear][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: VPN/2][10 pkts/1309 bytes <-> 7 pkts/4360 bytes][Goodput ratio: 57/91][0.20 sec][Hostname/SNI: api.polargrizzly.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.538 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/39 135/132 44/50][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 131/623 571/3709 151/1265][TLSv1.2][JA3C: e9ec38c2b40ff3e300e9975dd7619902][ServerNames: *.polargrizzly.com,polargrizzly.com][JA3S: 9ebc57def2efb523f25c77af13aa6d48][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo ECC Domain Validation Secure Server CA][Subject: CN=*.polargrizzly.com][Certificate SHA-1: 1D:D9:82:8B:E8:9A:66:86:18:67:66:52:EE:02:6C:7D:09:12:B4:17][Safari][Validity: 2022-06-15 00:00:00 - 2023-07-15 23:59:59][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,16,34,0,0,0,0,0,0,0,16,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16] + 9 TCP 10.8.0.1:45114 <-> 104.17.115.40:443 [proto: 91.299/TLS.TunnelBear][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: VPN/2][7 pkts/1147 bytes <-> 6 pkts/4309 bytes][Goodput ratio: 65/92][0.25 sec][Hostname/SNI: api.polargrizzly.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.580 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/51 39/61 135/132 53/47][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 164/718 571/3712 174/1344][TLSv1.2][JA3C: e9ec38c2b40ff3e300e9975dd7619902][ServerNames: *.polargrizzly.com,polargrizzly.com][JA3S: 9ebc57def2efb523f25c77af13aa6d48][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo ECC Domain Validation Secure Server CA][Subject: CN=*.polargrizzly.com][Certificate SHA-1: 1D:D9:82:8B:E8:9A:66:86:18:67:66:52:EE:02:6C:7D:09:12:B4:17][Safari][Validity: 2022-06-15 00:00:00 - 2023-07-15 23:59:59][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,20,0,20,0,0,0,0,0,20,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20] + 10 TCP 10.8.0.1:45106 <-> 104.17.115.40:443 [proto: 91.299/TLS.TunnelBear][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: VPN/2][7 pkts/1147 bytes <-> 6 pkts/4308 bytes][Goodput ratio: 65/92][0.26 sec][Hostname/SNI: api.polargrizzly.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.579 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/3 40/62 133/131 52/46][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 164/718 571/3711 174/1344][TLSv1.2][JA3C: e9ec38c2b40ff3e300e9975dd7619902][ServerNames: *.polargrizzly.com,polargrizzly.com][JA3S: 9ebc57def2efb523f25c77af13aa6d48][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo ECC Domain Validation Secure Server CA][Subject: CN=*.polargrizzly.com][Certificate SHA-1: 1D:D9:82:8B:E8:9A:66:86:18:67:66:52:EE:02:6C:7D:09:12:B4:17][Safari][Validity: 2022-06-15 00:00:00 - 2023-07-15 23:59:59][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,20,0,20,0,0,0,0,0,20,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20] + 11 TCP 10.8.0.1:60224 <-> 157.240.7.32:443 [proto: 91.157/TLS.Messenger][IP: 119/Facebook][Encrypted][Confidence: DPI][cat: Chat/9][9 pkts/1320 bytes <-> 9 pkts/3943 bytes][Goodput ratio: 62/88][0.75 sec][Hostname/SNI: mqtt-mini.facebook.com][TLS Supported Versions: TLSv1.3;TLSv1.3 (Fizz)][bytes ratio: -0.498 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 107/92 386/335 131/108][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 147/438 575/2814 167/854][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.3][JA3C: 82932b3c6398511df186dfc9416db2d4][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 25,12,0,0,0,12,0,12,0,0,0,0,0,0,0,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12] + 12 TCP 10.8.0.1:45126 <-> 104.17.115.40:443 [proto: 91.299/TLS.TunnelBear][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: VPN/2][16 pkts/3179 bytes <-> 16 pkts/2058 bytes][Goodput ratio: 72/58][0.56 sec][Hostname/SNI: api.polargrizzly.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: 0.214 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 26/29 107/57 34/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 199/129 590/803 207/183][TLSv1.2][JA3C: e9ec38c2b40ff3e300e9975dd7619902][JA3S: 5badad76fbdd6e8b6296e2e9f4024401][Safari][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 7,24,7,0,7,7,0,0,7,0,7,0,0,0,0,0,24,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 13 TCP 10.8.0.1:47046 <-> 74.125.200.188:5228 [proto: 91.239/TLS.GoogleServices][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][8 pkts/1433 bytes <-> 7 pkts/1228 bytes][Goodput ratio: 68/69][0.45 sec][Hostname/SNI: mtalk.google.com][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.077 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/3 50/79 243/193 88/64][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 179/175 587/583 197/182][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **][Risk Score: 60][Risk Info: No ALPN][TLSv1.3][JA3C: 58e34c2965c9f3fa4919d58deef1f49e][JA3S: 2b0648ab686ee45e0e7c35fcfb0eea7e][Safari][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,16,16,0,0,16,0,0,0,0,0,16,0,0,0,34,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 14 TCP 10.8.0.1:33846 <-> 104.17.114.40:443 [proto: 91.299/TLS.TunnelBear][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: VPN/2][10 pkts/1298 bytes <-> 9 pkts/642 bytes][Goodput ratio: 57/24][0.37 sec][Hostname/SNI: api.polargrizzly.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: 0.338 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 46/58 339/331 111/122][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 130/71 571/210 150/49][TLSv1.2][JA3C: e9ec38c2b40ff3e300e9975dd7619902][JA3S: 5badad76fbdd6e8b6296e2e9f4024401][Safari][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 16,34,16,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 15 TCP 10.8.0.1:45124 <-> 104.17.115.40:443 [proto: 91.299/TLS.TunnelBear][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: VPN/2][9 pkts/1244 bytes <-> 8 pkts/588 bytes][Goodput ratio: 59/26][0.42 sec][Hostname/SNI: api.polargrizzly.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: 0.358 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/4 53/90 192/193 68/71][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 138/74 571/210 162/52][TLSv1.2][JA3C: e9ec38c2b40ff3e300e9975dd7619902][JA3S: 5badad76fbdd6e8b6296e2e9f4024401][Safari][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,25,0,0,25,25,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 16 TCP 10.158.132.91:38398 -> 104.17.114.40:443 [proto: 91.299/TLS.TunnelBear][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: VPN/2][5 pkts/1821 bytes -> 0 pkts/0 bytes][Goodput ratio: 85/0][0.46 sec][Hostname/SNI: api.polargrizzly.com][(Advertised) ALPNs: h2;http/1.1][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.2][JA3C: e9ec38c2b40ff3e300e9975dd7619902][Safari][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 17 TCP 10.8.0.1:33838 <-> 104.17.114.40:443 [proto: 91.299/TLS.TunnelBear][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: VPN/2][8 pkts/1190 bytes <-> 7 pkts/603 bytes][Goodput ratio: 62/37][0.45 sec][Hostname/SNI: api.polargrizzly.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: 0.327 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 75/84 359/350 129/135][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 149/86 571/210 164/56][TLSv1.2][JA3C: e9ec38c2b40ff3e300e9975dd7619902][JA3S: 5badad76fbdd6e8b6296e2e9f4024401][Safari][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,34,16,16,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 18 TCP 10.8.0.1:33842 <-> 104.17.114.40:443 [proto: 91.299/TLS.TunnelBear][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: VPN/2][8 pkts/1190 bytes <-> 7 pkts/603 bytes][Goodput ratio: 62/37][0.45 sec][Hostname/SNI: api.polargrizzly.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: 0.327 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/2 74/85 340/331 122/125][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 149/86 571/210 164/56][TLSv1.2][JA3C: e9ec38c2b40ff3e300e9975dd7619902][JA3S: 5badad76fbdd6e8b6296e2e9f4024401][Safari][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,34,16,16,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 19 TCP 10.8.0.1:33848 <-> 104.17.114.40:443 [proto: 91.299/TLS.TunnelBear][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: VPN/2][8 pkts/1190 bytes <-> 7 pkts/603 bytes][Goodput ratio: 62/37][0.43 sec][Hostname/SNI: api.polargrizzly.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: 0.327 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 72/80 338/330 121/127][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 149/86 571/210 164/56][TLSv1.2][JA3C: e9ec38c2b40ff3e300e9975dd7619902][JA3S: 5badad76fbdd6e8b6296e2e9f4024401][Safari][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,34,16,16,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 20 TCP 10.8.0.1:33858 <-> 104.17.114.40:443 [proto: 91.299/TLS.TunnelBear][IP: 220/Cloudflare][Encrypted][Confidence: DPI][cat: VPN/2][3 pkts/699 bytes <-> 2 pkts/108 bytes][Goodput ratio: 74/0][0.01 sec][Hostname/SNI: api.polargrizzly.com][(Advertised) ALPNs: h2;http/1.1][TLSv1.2][JA3C: e9ec38c2b40ff3e300e9975dd7619902][Safari][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 21 TCP 10.158.132.91:51120 <-> 8.8.8.8:53 [proto: 5/DNS][IP: 126/Google][ClearText][Confidence: Match by port][cat: Network/14][3 pkts/198 bytes <-> 2 pkts/108 bytes][Goodput ratio: 0/0][0.00 sec][::][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/ultrasurf.pcap.out b/tests/result/ultrasurf.pcap.out index fc127c3c8..aa4ad3bd9 100644 --- a/tests/result/ultrasurf.pcap.out +++ b/tests/result/ultrasurf.pcap.out @@ -14,7 +14,7 @@ Automa host: 0/0 (search/found) Automa domain: 0/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) -Automa common alpns: 0/0 (search/found) +Automa common alpns: 4/4 (search/found) Patricia risk mask: 6/0 (search/found) Patricia risk: 0/0 (search/found) Patricia protocols: 8/0 (search/found) @@ -27,6 +27,6 @@ JA3 Host Stats: 1 10.132.0.23 1 - 1 TCP 10.132.0.23:38120 <-> 65.49.68.25:50053 [VLAN: 200][proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1826 pkts/239610 bytes <-> 2699 pkts/4500129 bytes][Goodput ratio: 32/96][53.52 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.899 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/17 550/499 45/36][Pkt Len c2s/s2c min/avg/max/stddev: 60/70 131/1667 1603/2646 187/725][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **][Risk Score: 100][TLSv1.3][JA3C: b592adaa596bb72a5c1ccdbecae52e3f][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 1,20,5,2,4,3,1,0,1,1,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,34,0,1,0,0,0,0,20] + 1 TCP 10.132.0.23:38120 <-> 65.49.68.25:50053 [VLAN: 200][proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][1826 pkts/239610 bytes <-> 2699 pkts/4500129 bytes][Goodput ratio: 32/96][53.52 sec][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.899 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/17 550/499 45/36][Pkt Len c2s/s2c min/avg/max/stddev: 60/70 131/1667 1603/2646 187/725][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **][Risk Score: 100][TLSv1.3][JA3C: b592adaa596bb72a5c1ccdbecae52e3f][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 1,20,5,2,4,3,1,0,1,1,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,34,0,1,0,0,0,0,20] 2 TCP 65.49.68.25:50053 <-> 10.132.0.23:37898 [VLAN: 200][proto: 304/UltraSurf][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: VPN/2][1802 pkts/2867775 bytes <-> 1169 pkts/124143 bytes][Goodput ratio: 96/19][46.77 sec][bytes ratio: 0.917 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 24/31 438/290 32/43][Pkt Len c2s/s2c min/avg/max/stddev: 70/60 1591/106 2646/1900 592/121][PLAIN TEXT (OFdfbY)][Plen Bins: 0,10,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,28] - 3 TCP 10.132.0.23:38152 <-> 65.49.68.25:50053 [VLAN: 200][proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][304 pkts/83187 bytes <-> 342 pkts/304097 bytes][Goodput ratio: 68/92][8.22 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.570 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/17 721/460 63/47][Pkt Len c2s/s2c min/avg/max/stddev: 60/70 274/889 1489/2646 406/918][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **][Risk Score: 100][TLSv1.3][JA3C: b592adaa596bb72a5c1ccdbecae52e3f][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,35,7,5,4,4,1,0,1,0,1,0,0,1,0,0,1,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,17,4,4,1,0,0,0,3] + 3 TCP 10.132.0.23:38152 <-> 65.49.68.25:50053 [VLAN: 200][proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][304 pkts/83187 bytes <-> 342 pkts/304097 bytes][Goodput ratio: 68/92][8.22 sec][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.570 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/17 721/460 63/47][Pkt Len c2s/s2c min/avg/max/stddev: 60/70 274/889 1489/2646 406/918][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **][Risk Score: 100][TLSv1.3][JA3C: b592adaa596bb72a5c1ccdbecae52e3f][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,35,7,5,4,4,1,0,1,0,1,0,0,1,0,0,1,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,17,4,4,1,0,0,0,3] diff --git a/tests/result/viber.pcap.out b/tests/result/viber.pcap.out index 27031223a..937b46d81 100644 --- a/tests/result/viber.pcap.out +++ b/tests/result/viber.pcap.out @@ -18,7 +18,7 @@ Automa host: 31/13 (search/found) Automa domain: 31/0 (search/found) Automa tls cert: 2/0 (search/found) Automa risk mask: 0/0 (search/found) -Automa common alpns: 7/7 (search/found) +Automa common alpns: 9/9 (search/found) Patricia risk mask: 54/0 (search/found) Patricia risk: 0/0 (search/found) Patricia protocols: 41/18 (search/found) @@ -38,14 +38,14 @@ JA3 Host Stats: 1 192.168.0.17 2 - 1 TCP 192.168.0.17:53934 <-> 54.230.93.53:443 [proto: 91.144/TLS.Viber][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Chat/9][43 pkts/4571 bytes <-> 46 pkts/60087 bytes][Goodput ratio: 38/95][5.64 sec][Hostname/SNI: dl-media.viber.com][ALPN: h2;http/1.1][bytes ratio: -0.859 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 162/2 5370/40 907/7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 106/1306 774/1514 151/466][TLSv1.2][JA3C: d8c87b9bfde38897979e41242626c2f3][ServerNames: *.viber.com,viber.com][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=US, O=thawte, Inc., CN=thawte SSL CA - G2][Subject: C=LU, ST=Luxembourg, L=Luxembourg, O=Viber Media Sarl, OU=IT, CN=*.viber.com][Certificate SHA-1: E1:11:26:E6:14:A5:E6:F7:F1:CB:68:D1:A6:95:A1:5E:11:48:72:2A][Firefox][Validity: 2016-06-26 00:00:00 - 2018-06-26 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,4,0,2,0,2,0,0,2,0,0,0,0,0,0,0,2,0,0,0,4,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,81,0,0] - 2 TCP 192.168.0.17:57520 <-> 54.230.93.96:443 [proto: 91.144/TLS.Viber][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Chat/9][12 pkts/1848 bytes <-> 12 pkts/9317 bytes][Goodput ratio: 57/91][5.69 sec][Hostname/SNI: media.cdn.viber.com][ALPN: h2;http/1.1][bytes ratio: -0.669 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 622/10 5492/35 1722/14][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 154/776 435/1514 138/635][TLSv1.2][JA3C: d8c87b9bfde38897979e41242626c2f3][ServerNames: *.cdn.viber.com][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=US, O=thawte, Inc., CN=thawte SSL CA - G2][Subject: C=LU, ST=Luxembourg, L=Luxembourg, O=Viber Media Sarl, OU=IT, CN=*.cdn.viber.com][Certificate SHA-1: B6:30:6F:02:75:A8:08:0A:AE:AA:9C:6C:9F:B5:8E:4C:82:02:3D:39][Firefox][Validity: 2016-07-03 00:00:00 - 2018-07-03 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,7,0,7,0,7,0,0,15,23,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,39,0,0] - 3 TCP 192.168.0.17:49048 <-> 54.187.91.182:443 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][13 pkts/2823 bytes <-> 14 pkts/6552 bytes][Goodput ratio: 69/86][1.00 sec][Hostname/SNI: brahe.apptimize.com][ALPN: http/1.1][bytes ratio: -0.398 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 58/60 176/183 76/72][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 217/468 1514/1514 380/570][TLSv1.2][JA3C: d8c87b9bfde38897979e41242626c2f3][ServerNames: *.apptimize.com,apptimize.com][JA3S: 8d2a028aa94425f76ced7826b1f39039][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Organization Validation Secure Server CA][Subject: C=US, ST=CA, L=Mountain View, O=Apptimize, Inc, OU=PremiumSSL Wildcard, CN=*.apptimize.com][Certificate SHA-1: BC:4C:8F:EC:8B:7B:85:BD:54:61:8B:C0:7B:E7:A2:69:0B:F2:49:E5][Firefox][Validity: 2016-02-11 00:00:00 - 2019-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 7,15,0,7,0,15,0,0,7,0,0,0,7,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,0,0] + 1 TCP 192.168.0.17:53934 <-> 54.230.93.53:443 [proto: 91.144/TLS.Viber][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Chat/9][43 pkts/4571 bytes <-> 46 pkts/60087 bytes][Goodput ratio: 38/95][5.64 sec][Hostname/SNI: dl-media.viber.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.859 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 162/2 5370/40 907/7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 106/1306 774/1514 151/466][TLSv1.2][JA3C: d8c87b9bfde38897979e41242626c2f3][ServerNames: *.viber.com,viber.com][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=US, O=thawte, Inc., CN=thawte SSL CA - G2][Subject: C=LU, ST=Luxembourg, L=Luxembourg, O=Viber Media Sarl, OU=IT, CN=*.viber.com][Certificate SHA-1: E1:11:26:E6:14:A5:E6:F7:F1:CB:68:D1:A6:95:A1:5E:11:48:72:2A][Firefox][Validity: 2016-06-26 00:00:00 - 2018-06-26 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,4,0,2,0,2,0,0,2,0,0,0,0,0,0,0,2,0,0,0,4,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,81,0,0] + 2 TCP 192.168.0.17:57520 <-> 54.230.93.96:443 [proto: 91.144/TLS.Viber][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Chat/9][12 pkts/1848 bytes <-> 12 pkts/9317 bytes][Goodput ratio: 57/91][5.69 sec][Hostname/SNI: media.cdn.viber.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.669 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 622/10 5492/35 1722/14][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 154/776 435/1514 138/635][TLSv1.2][JA3C: d8c87b9bfde38897979e41242626c2f3][ServerNames: *.cdn.viber.com][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=US, O=thawte, Inc., CN=thawte SSL CA - G2][Subject: C=LU, ST=Luxembourg, L=Luxembourg, O=Viber Media Sarl, OU=IT, CN=*.cdn.viber.com][Certificate SHA-1: B6:30:6F:02:75:A8:08:0A:AE:AA:9C:6C:9F:B5:8E:4C:82:02:3D:39][Firefox][Validity: 2016-07-03 00:00:00 - 2018-07-03 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,7,0,7,0,7,0,0,15,23,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,39,0,0] + 3 TCP 192.168.0.17:49048 <-> 54.187.91.182:443 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][13 pkts/2823 bytes <-> 14 pkts/6552 bytes][Goodput ratio: 69/86][1.00 sec][Hostname/SNI: brahe.apptimize.com][(Advertised) ALPNs: http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.398 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 58/60 176/183 76/72][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 217/468 1514/1514 380/570][TLSv1.2][JA3C: d8c87b9bfde38897979e41242626c2f3][ServerNames: *.apptimize.com,apptimize.com][JA3S: 8d2a028aa94425f76ced7826b1f39039][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Organization Validation Secure Server CA][Subject: C=US, ST=CA, L=Mountain View, O=Apptimize, Inc, OU=PremiumSSL Wildcard, CN=*.apptimize.com][Certificate SHA-1: BC:4C:8F:EC:8B:7B:85:BD:54:61:8B:C0:7B:E7:A2:69:0B:F2:49:E5][Firefox][Validity: 2016-02-11 00:00:00 - 2019-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 7,15,0,7,0,15,0,0,7,0,0,0,7,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,0,0] 4 TCP 192.168.0.17:33208 <-> 52.0.253.101:4244 [proto: 144/Viber][IP: 144/Viber][Encrypted][Confidence: Match by port][cat: VoIP/10][32 pkts/6563 bytes <-> 26 pkts/2782 bytes][Goodput ratio: 68/38][46.77 sec][bytes ratio: 0.405 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1220/1489 7187/7333 2090/2188][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 205/107 657/176 184/43][Plen Bins: 0,3,57,18,0,0,0,0,0,0,3,3,0,3,0,0,9,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 5 TCP 192.168.0.17:43702 <-> 172.217.23.78:443 [proto: 91.126/TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][15 pkts/5339 bytes <-> 12 pkts/3436 bytes][Goodput ratio: 81/77][33.94 sec][Hostname/SNI: app-measurement.com][ALPN: http/1.1][bytes ratio: 0.217 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2821/2646 23555/23575 6838/7399][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 356/286 1038/884 370/258][TLSv1.2][JA3C: 3967ff2d2c9c4d144e7e30f24f4e9761][JA3S: 67619a80665d7ab92d1041b1d11f9164][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,7,0,0,0,7,0,0,0,0,0,0,40,0,0,0,7,0,0,0,0,0,0,7,0,15,7,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 6 TCP 192.168.0.17:36986 <-> 54.69.166.226:443 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][11 pkts/1437 bytes <-> 11 pkts/6412 bytes][Goodput ratio: 49/89][1.01 sec][Hostname/SNI: mapi.apptimize.com][ALPN: http/1.1][bytes ratio: -0.634 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 104/51 273/178 102/80][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 131/583 432/1514 112/601][TLSv1.2][JA3C: d8c87b9bfde38897979e41242626c2f3][ServerNames: *.apptimize.com,apptimize.com][JA3S: 8d2a028aa94425f76ced7826b1f39039][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Organization Validation Secure Server CA][Subject: C=US, ST=CA, L=Mountain View, O=Apptimize, Inc, OU=PremiumSSL Wildcard, CN=*.apptimize.com][Certificate SHA-1: BC:4C:8F:EC:8B:7B:85:BD:54:61:8B:C0:7B:E7:A2:69:0B:F2:49:E5][Firefox][Validity: 2016-02-11 00:00:00 - 2019-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 18,0,0,9,0,9,0,0,9,0,0,9,0,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,27,0,0] - 7 TCP 192.168.0.17:55746 <-> 151.101.1.130:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][10 pkts/1534 bytes <-> 9 pkts/6239 bytes][Goodput ratio: 55/90][0.23 sec][Hostname/SNI: venetia.iad.appboy.com][ALPN: http/1.1][bytes ratio: -0.605 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 29/19 152/60 47/24][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 153/693 631/1514 169/616][TLSv1.2][JA3C: d8c87b9bfde38897979e41242626c2f3][Firefox][Plen Bins: 0,0,11,0,0,11,0,0,11,0,11,0,0,0,0,0,0,11,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0] - 8 TCP 192.168.0.17:36988 <-> 54.69.166.226:443 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][11 pkts/1462 bytes <-> 11 pkts/6163 bytes][Goodput ratio: 48/88][0.92 sec][Hostname/SNI: mapi.apptimize.com][ALPN: http/1.1][bytes ratio: -0.617 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 93/53 185/189 87/84][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 133/560 433/1514 111/605][TLSv1.2][JA3C: d8c87b9bfde38897979e41242626c2f3][Firefox][Plen Bins: 18,0,0,9,0,9,0,0,18,0,0,9,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,27,0,0] + 5 TCP 192.168.0.17:43702 <-> 172.217.23.78:443 [proto: 91.126/TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][15 pkts/5339 bytes <-> 12 pkts/3436 bytes][Goodput ratio: 81/77][33.94 sec][Hostname/SNI: app-measurement.com][(Advertised) ALPNs: http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: 0.217 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2821/2646 23555/23575 6838/7399][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 356/286 1038/884 370/258][TLSv1.2][JA3C: 3967ff2d2c9c4d144e7e30f24f4e9761][JA3S: 67619a80665d7ab92d1041b1d11f9164][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,7,0,0,0,7,0,0,0,0,0,0,40,0,0,0,7,0,0,0,0,0,0,7,0,15,7,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 6 TCP 192.168.0.17:36986 <-> 54.69.166.226:443 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][11 pkts/1437 bytes <-> 11 pkts/6412 bytes][Goodput ratio: 49/89][1.01 sec][Hostname/SNI: mapi.apptimize.com][(Advertised) ALPNs: http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.634 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 104/51 273/178 102/80][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 131/583 432/1514 112/601][TLSv1.2][JA3C: d8c87b9bfde38897979e41242626c2f3][ServerNames: *.apptimize.com,apptimize.com][JA3S: 8d2a028aa94425f76ced7826b1f39039][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Organization Validation Secure Server CA][Subject: C=US, ST=CA, L=Mountain View, O=Apptimize, Inc, OU=PremiumSSL Wildcard, CN=*.apptimize.com][Certificate SHA-1: BC:4C:8F:EC:8B:7B:85:BD:54:61:8B:C0:7B:E7:A2:69:0B:F2:49:E5][Firefox][Validity: 2016-02-11 00:00:00 - 2019-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 18,0,0,9,0,9,0,0,9,0,0,9,0,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,27,0,0] + 7 TCP 192.168.0.17:55746 <-> 151.101.1.130:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][10 pkts/1534 bytes <-> 9 pkts/6239 bytes][Goodput ratio: 55/90][0.23 sec][Hostname/SNI: venetia.iad.appboy.com][(Advertised) ALPNs: http/1.1][bytes ratio: -0.605 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 29/19 152/60 47/24][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 153/693 631/1514 169/616][TLSv1.2][JA3C: d8c87b9bfde38897979e41242626c2f3][Firefox][Plen Bins: 0,0,11,0,0,11,0,0,11,0,11,0,0,0,0,0,0,11,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0] + 8 TCP 192.168.0.17:36988 <-> 54.69.166.226:443 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: Web/5][11 pkts/1462 bytes <-> 11 pkts/6163 bytes][Goodput ratio: 48/88][0.92 sec][Hostname/SNI: mapi.apptimize.com][(Advertised) ALPNs: http/1.1][bytes ratio: -0.617 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 93/53 185/189 87/84][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 133/560 433/1514 111/605][TLSv1.2][JA3C: d8c87b9bfde38897979e41242626c2f3][Firefox][Plen Bins: 18,0,0,9,0,9,0,0,18,0,0,9,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,27,0,0] 9 UDP 192.168.0.17:47171 <-> 18.201.4.32:7985 [proto: 144/Viber][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: VoIP/10][24 pkts/5035 bytes <-> 22 pkts/2302 bytes][Goodput ratio: 80/60][7.22 sec][bytes ratio: 0.372 (Upload)][IAT c2s/s2c min/avg/max/stddev: 15/15 304/334 529/529 209/188][Pkt Len c2s/s2c min/avg/max/stddev: 54/76 210/105 299/118 115/20][PLAIN TEXT (Android)][Plen Bins: 19,15,32,0,0,0,0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 10 UDP 192.168.0.17:38190 <-> 18.201.4.3:7985 [proto: 144/Viber][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][cat: VoIP/10][25 pkts/4344 bytes <-> 18 pkts/1872 bytes][Goodput ratio: 76/60][5.68 sec][bytes ratio: 0.398 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 203/279 513/531 233/236][Pkt Len c2s/s2c min/avg/max/stddev: 54/76 174/104 299/118 120/20][PLAIN TEXT (Android)][Plen Bins: 30,13,27,0,0,0,0,0,27,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 11 TCP 192.168.2.100:48690 <-> 52.0.252.145:4244 [proto: 144/Viber][IP: 144/Viber][Encrypted][Confidence: DPI][cat: VoIP/10][7 pkts/679 bytes <-> 8 pkts/3857 bytes][Goodput ratio: 29/86][1.11 sec][bytes ratio: -0.701 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 201/136 711/814 261/303][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 97/482 167/1506 43/573][Plen Bins: 12,0,25,25,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,12,0,0] diff --git a/tests/result/wa_voice.pcap.out b/tests/result/wa_voice.pcap.out index a34d5d062..33aa28cb4 100644 --- a/tests/result/wa_voice.pcap.out +++ b/tests/result/wa_voice.pcap.out @@ -17,7 +17,7 @@ Automa host: 20/10 (search/found) Automa domain: 20/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) -Automa common alpns: 0/0 (search/found) +Automa common alpns: 14/14 (search/found) Patricia risk mask: 36/0 (search/found) Patricia risk: 2/0 (search/found) Patricia protocols: 46/11 (search/found) @@ -41,10 +41,10 @@ JA3 Host Stats: 1 192.168.2.12 2 - 1 TCP 192.168.2.12:50504 <-> 157.240.20.52:443 [proto: 91.142/TLS.WhatsApp][IP: 142/WhatsApp][Encrypted][Confidence: DPI][cat: Chat/9][41 pkts/3669 bytes <-> 44 pkts/43871 bytes][Goodput ratio: 27/93][0.41 sec][Hostname/SNI: pps.whatsapp.net][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.846 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/8 129/77 24/19][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 89/997 583/1454 85/624][TLSv1.3][JA3C: 7a7a639628f0fe5c7e057628a5bbec5a][JA3S: 475c9302dc42b2751db9edcac3b74891][Safari][Cipher: TLS_CHACHA20_POLY1305_SHA256][Plen Bins: 8,11,4,0,0,2,2,0,2,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,61,0,0,0,0] + 1 TCP 192.168.2.12:50504 <-> 157.240.20.52:443 [proto: 91.142/TLS.WhatsApp][IP: 142/WhatsApp][Encrypted][Confidence: DPI][cat: Chat/9][41 pkts/3669 bytes <-> 44 pkts/43871 bytes][Goodput ratio: 27/93][0.41 sec][Hostname/SNI: pps.whatsapp.net][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.846 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/8 129/77 24/19][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 89/997 583/1454 85/624][TLSv1.3][JA3C: 7a7a639628f0fe5c7e057628a5bbec5a][JA3S: 475c9302dc42b2751db9edcac3b74891][Safari][Cipher: TLS_CHACHA20_POLY1305_SHA256][Plen Bins: 8,11,4,0,0,2,2,0,2,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,61,0,0,0,0] 2 TCP 192.168.2.12:49355 <-> 157.240.20.53:5222 [proto: 142/WhatsApp][IP: 142/WhatsApp][Encrypted][Confidence: DPI][cat: Chat/9][132 pkts/14116 bytes <-> 131 pkts/24439 bytes][Goodput ratio: 38/65][54.73 sec][bytes ratio: -0.268 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 342/421 9349/9387 1279/1420][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 107/187 393/1454 62/283][PLAIN TEXT (fd.9LTIP9)][Plen Bins: 1,63,2,3,10,10,0,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0] 3 UDP 91.252.56.51:32704 <-> 192.168.2.12:56328 [proto: 78.45/STUN.WhatsAppCall][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VoIP/10][87 pkts/14598 bytes <-> 77 pkts/17336 bytes][Goodput ratio: 75/81][11.91 sec][bytes ratio: -0.086 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 136/121 921/265 137/64][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 168/225 318/331 61/68][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No client to server traffic][PLAIN TEXT (KEXQD/)][Plen Bins: 6,4,7,27,16,4,11,12,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 4 TCP 192.168.2.12:50503 <-> 31.13.86.51:443 [proto: 91.242/TLS.WhatsAppFiles][IP: 142/WhatsApp][Encrypted][Confidence: DPI][cat: Download/7][25 pkts/2993 bytes <-> 25 pkts/21759 bytes][Goodput ratio: 44/92][0.39 sec][Hostname/SNI: media-mxp1-1.cdn.whatsapp.net][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.758 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/10 127/126 28/30][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 120/870 583/1454 124/639][TLSv1.3][JA3C: b92a79ed03c3ff5611abb2305370d3e3][JA3S: 475c9302dc42b2751db9edcac3b74891][Safari][Cipher: TLS_CHACHA20_POLY1305_SHA256][Plen Bins: 7,14,7,0,0,3,0,0,7,0,3,0,0,3,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,47,0,0,0,0] + 4 TCP 192.168.2.12:50503 <-> 31.13.86.51:443 [proto: 91.242/TLS.WhatsAppFiles][IP: 142/WhatsApp][Encrypted][Confidence: DPI][cat: Download/7][25 pkts/2993 bytes <-> 25 pkts/21759 bytes][Goodput ratio: 44/92][0.39 sec][Hostname/SNI: media-mxp1-1.cdn.whatsapp.net][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.758 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/10 127/126 28/30][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 120/870 583/1454 124/639][TLSv1.3][JA3C: b92a79ed03c3ff5611abb2305370d3e3][JA3S: 475c9302dc42b2751db9edcac3b74891][Safari][Cipher: TLS_CHACHA20_POLY1305_SHA256][Plen Bins: 7,14,7,0,0,3,0,0,7,0,3,0,0,3,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,47,0,0,0,0] 5 TCP 192.168.2.12:49354 <-> 17.242.60.84:5223 [proto: 238/ApplePush][IP: 140/Apple][Encrypted][Confidence: DPI][cat: Cloud/13][14 pkts/6933 bytes <-> 10 pkts/1074 bytes][Goodput ratio: 87/39][54.11 sec][bytes ratio: 0.732 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 4462/757 43773/5113 12515/1779][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 495/107 1506/215 607/44][Plen Bins: 0,42,14,0,7,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,21,0,0] 6 UDP 192.168.2.12:56328 <-> 31.13.86.48:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][cat: VoIP/10][21 pkts/2349 bytes <-> 28 pkts/3668 bytes][Goodput ratio: 62/68][34.51 sec][bytes ratio: -0.219 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1959/1447 12194/12196 2978/2626][Pkt Len c2s/s2c min/avg/max/stddev: 48/44 112/131 249/326 64/101][Plen Bins: 40,20,0,20,0,0,8,4,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 7 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][5 pkts/1710 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][17.30 sec][Hostname/SNI: lucas-imac][DHCP Fingerprint: 1,121,3,6,15,119,252,95,44,46][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/wechat.pcap.out b/tests/result/wechat.pcap.out index 4bc10a5bd..4038881dd 100644 --- a/tests/result/wechat.pcap.out +++ b/tests/result/wechat.pcap.out @@ -18,7 +18,7 @@ Automa host: 96/51 (search/found) Automa domain: 94/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 29/0 (search/found) -Automa common alpns: 4/4 (search/found) +Automa common alpns: 56/56 (search/found) Patricia risk mask: 168/0 (search/found) Patricia risk: 2/0 (search/found) Patricia protocols: 171/21 (search/found) @@ -46,36 +46,36 @@ JA3 Host Stats: 1 TCP 203.205.151.162:443 <-> 192.168.1.103:54058 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][88 pkts/15114 bytes <-> 91 pkts/61842 bytes][Goodput ratio: 62/90][553.47 sec][bytes ratio: -0.607 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/11 6995/5837 150373/150695 18892/18424][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 172/680 264/1254 99/594][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0] - 2 TCP 192.168.1.103:54101 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Chat/9][46 pkts/12575 bytes <-> 40 pkts/53424 bytes][Goodput ratio: 76/95][15.73 sec][Hostname/SNI: web.wechat.com][ALPN: h2;http/1.1][bytes ratio: -0.619 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 403/151 10035/951 1616/288][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 273/1336 1306/4350 407/922][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: e330bca99c8a5256ae126a55c4c725c5][TLSv1.2][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,2,0,2,0,2,4,2,0,0,0,4,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,4,0,2,0,0,0,2,0,54,0,0,10] - 3 TCP 192.168.1.103:54103 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Chat/9][50 pkts/23958 bytes <-> 46 pkts/39684 bytes][Goodput ratio: 86/92][23.11 sec][Hostname/SNI: web.wechat.com][ALPN: h2;http/1.1][bytes ratio: -0.247 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 538/312 9999/7018 1833/1162][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 479/863 1306/4059 492/922][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: e330bca99c8a5256ae126a55c4c725c5][TLSv1.2][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,1,0,1,0,6,6,3,1,0,0,6,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,3,0,8,0,10,0,0,0,0,0,29,0,0,5] - 4 TCP 192.168.1.103:54113 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Chat/9][38 pkts/8933 bytes <-> 35 pkts/35112 bytes][Goodput ratio: 72/93][27.77 sec][Hostname/SNI: web.wechat.com][ALPN: h2;http/1.1][bytes ratio: -0.594 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 559/54 8107/380 1792/116][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 235/1003 1306/1494 368/649][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: e330bca99c8a5256ae126a55c4c725c5][TLSv1.2][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,5,0,2,0,0,2,2,2,0,0,2,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,2,0,0,2,0,5,0,2,0,0,0,63,0,0,0] - 5 TCP 192.168.1.103:54099 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Chat/9][25 pkts/9013 bytes <-> 29 pkts/27440 bytes][Goodput ratio: 82/93][14.74 sec][Hostname/SNI: web.wechat.com][ALPN: h2;http/1.1][bytes ratio: -0.506 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 168/172 1085/1495 276/329][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 361/946 1306/1754 450/673][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: e330bca99c8a5256ae126a55c4c725c5][TLSv1.2][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,3,0,3,0,0,6,3,3,3,0,6,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,6,0,3,0,0,0,0,3,47,0,0,3] - 6 TCP 192.168.1.103:54119 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Chat/9][26 pkts/8129 bytes <-> 24 pkts/22836 bytes][Goodput ratio: 79/93][28.03 sec][Hostname/SNI: web.wechat.com][ALPN: h2;http/1.1][bytes ratio: -0.475 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1291/951 9696/8423 2840/2427][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 313/952 1306/2922 423/964][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: e330bca99c8a5256ae126a55c4c725c5][TLSv1.2][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,8,0,4,0,0,4,4,4,0,0,4,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,4,0,0,8,0,8,0,0,0,0,0,28,0,0,12] - 7 TCP 192.168.1.103:58038 <-> 203.205.147.171:443 [proto: 91.197/TLS.WeChat][IP: 285/Tencent][Encrypted][Confidence: DPI][cat: Chat/9][34 pkts/17556 bytes <-> 25 pkts/12172 bytes][Goodput ratio: 87/86][38.16 sec][Hostname/SNI: web.wechat.com][ALPN: h2;http/1.1][bytes ratio: 0.181 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1114/1110 15327/15635 3311/3567][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 516/487 1306/1754 494/579][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: e330bca99c8a5256ae126a55c4c725c5][TLSv1.2][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,3,0,3,0,0,9,3,0,0,0,9,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,9,0,18,0,3,6,0,0,3,0,0,3] - 8 TCP 192.168.1.103:54089 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Chat/9][21 pkts/7826 bytes <-> 20 pkts/18761 bytes][Goodput ratio: 82/93][13.58 sec][Hostname/SNI: web.wechat.com][ALPN: h2;http/1.1][bytes ratio: -0.411 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 777/120 9999/394 2313/166][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 373/938 1306/5892 454/1304][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: e330bca99c8a5256ae126a55c4c725c5][TLSv1.2][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,4,0,4,0,4,4,4,4,0,0,4,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,4,0,4,0,9,0,0,0,0,0,33,0,0,4] - 9 TCP 192.168.1.103:54095 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Chat/9][21 pkts/7825 bytes <-> 18 pkts/17898 bytes][Goodput ratio: 82/93][22.24 sec][Hostname/SNI: web.wechat.com][ALPN: h2;http/1.1][bytes ratio: -0.392 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1174/416 10039/3644 2412/985][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 373/994 1306/8291 454/1871][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: e330bca99c8a5256ae126a55c4c725c5][TLSv1.2][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,5,0,5,0,0,5,5,5,0,0,5,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,5,0,0,5,0,10,0,5,0,0,0,21,0,0,5] - 10 TCP 192.168.1.103:58040 <-> 203.205.147.171:443 [proto: 91.197/TLS.WeChat][IP: 285/Tencent][Encrypted][Confidence: DPI][cat: Chat/9][29 pkts/17545 bytes <-> 20 pkts/6923 bytes][Goodput ratio: 89/81][31.02 sec][Hostname/SNI: web.wechat.com][ALPN: h2;http/1.1][bytes ratio: 0.434 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1265/1401 15319/15624 3541/3988][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 605/346 1494/1494 586/472][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: e330bca99c8a5256ae126a55c4c725c5][TLSv1.2][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,3,3,3,0,0,0,11,7,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,11,0,7,0,0,0,0,0,27,0,0,0] - 11 TCP 192.168.1.103:54097 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Chat/9][25 pkts/12063 bytes <-> 19 pkts/7932 bytes][Goodput ratio: 86/84][47.29 sec][Hostname/SNI: web.wechat.com][ALPN: h2;http/1.1][bytes ratio: 0.207 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1388/1930 15313/15715 3511/4240][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 483/417 1306/1754 480/530][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: e330bca99c8a5256ae126a55c4c725c5][TLSv1.2][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,4,0,4,0,0,0,17,0,0,0,0,0,0,26,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,13,0,13,0,0,0,0,0,4,0,0,4] - 12 TCP 192.168.1.103:54094 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Chat/9][22 pkts/10193 bytes <-> 18 pkts/8262 bytes][Goodput ratio: 86/86][22.50 sec][Hostname/SNI: web.wechat.com][ALPN: h2;http/1.1][bytes ratio: 0.105 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1165/786 10037/4544 2455/1496][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 463/459 1306/1754 478/579][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: e330bca99c8a5256ae126a55c4c725c5][TLSv1.2][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,4,0,4,0,4,4,9,0,0,0,4,0,0,15,4,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,9,0,15,0,0,0,0,0,9,0,0,4] - 13 TCP 192.168.1.103:54102 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Chat/9][13 pkts/2317 bytes <-> 15 pkts/15724 bytes][Goodput ratio: 63/94][13.04 sec][Hostname/SNI: web.wechat.com][ALPN: h2;http/1.1][bytes ratio: -0.743 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1232/213 9996/1647 2944/472][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 178/1048 1153/3182 290/878][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: e330bca99c8a5256ae126a55c4c725c5][TLSv1.2][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,7,0,7,7,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,57,0,0,7] - 14 TCP 192.168.1.103:54098 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Chat/9][22 pkts/8507 bytes <-> 16 pkts/6575 bytes][Goodput ratio: 83/84][47.03 sec][Hostname/SNI: web.wechat.com][ALPN: h2;http/1.1][bytes ratio: 0.128 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2/0 2592/2688 15693/16086 4163/4916][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 387/411 1306/1754 452/551][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: e330bca99c8a5256ae126a55c4c725c5][TLSv1.2][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,5,0,5,0,0,0,18,0,0,0,0,0,0,24,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,11,0,11,0,0,0,0,0,5,0,0,5] - 15 TCP 192.168.1.103:54117 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Chat/9][20 pkts/8397 bytes <-> 16 pkts/6566 bytes][Goodput ratio: 84/84][25.19 sec][Hostname/SNI: web.wechat.com][ALPN: h2;http/1.1][bytes ratio: 0.122 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1503/1316 9999/7806 2987/2505][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 420/410 1306/1494 462/507][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: e330bca99c8a5256ae126a55c4c725c5][TLSv1.2][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,5,0,5,0,0,0,16,5,0,0,0,0,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,11,0,11,0,0,0,0,0,11,0,0,0] - 16 TCP 192.168.1.103:58036 <-> 203.205.147.171:443 [proto: 91.197/TLS.WeChat][IP: 285/Tencent][Encrypted][Confidence: DPI][cat: Chat/9][15 pkts/6450 bytes <-> 11 pkts/5068 bytes][Goodput ratio: 85/86][11.52 sec][Hostname/SNI: web.wechat.com][ALPN: h2;http/1.1][bytes ratio: 0.120 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 931/134 9811/287 2681/130][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 430/461 1306/1494 463/553][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: e330bca99c8a5256ae126a55c4c725c5][TLSv1.2][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,7,0,7,0,0,0,14,7,0,0,0,0,0,14,7,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,7,0,14,0,0,0,0,0,14,0,0,0] - 17 TCP 192.168.1.103:54092 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Chat/9][15 pkts/6438 bytes <-> 11 pkts/5068 bytes][Goodput ratio: 84/86][11.77 sec][Hostname/SNI: web.wechat.com][ALPN: h2;http/1.1][bytes ratio: 0.119 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 947/155 9639/333 2626/154][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 429/461 1306/1494 463/553][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: e330bca99c8a5256ae126a55c4c725c5][TLSv1.2][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,7,0,7,0,0,0,14,7,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,7,0,14,0,0,0,0,0,14,0,0,0] - 18 TCP 192.168.1.103:54100 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Chat/9][15 pkts/4627 bytes <-> 12 pkts/5905 bytes][Goodput ratio: 78/86][14.48 sec][Hostname/SNI: web.wechat.com][ALPN: h2;http/1.1][bytes ratio: -0.121 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 1140/318 10004/1570 2698/530][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 308/492 1306/1798 406/692][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: e330bca99c8a5256ae126a55c4c725c5][TLSv1.2][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,9,0,9,0,0,9,9,0,0,0,9,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,9,0,0,0,0,0,9,0,0,18] - 19 TCP 192.168.1.103:54111 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Chat/9][14 pkts/4626 bytes <-> 12 pkts/5135 bytes][Goodput ratio: 80/84][22.95 sec][Hostname/SNI: web.wechat.com][ALPN: h2;http/1.1][bytes ratio: -0.052 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2021/1536 10879/11228 3976/3666][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 330/428 1306/1494 416/541][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: e330bca99c8a5256ae126a55c4c725c5][TLSv1.2][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,8,0,8,0,0,0,16,8,0,0,0,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,8,0,8,0,0,0,0,0,16,0,0,0] - 20 TCP 192.168.1.103:58042 <-> 203.205.147.171:443 [proto: 91.197/TLS.WeChat][IP: 285/Tencent][Encrypted][Confidence: DPI][cat: Chat/9][12 pkts/4516 bytes <-> 10 pkts/5004 bytes][Goodput ratio: 82/87][11.54 sec][Hostname/SNI: web.wechat.com][ALPN: h2;http/1.1][bytes ratio: -0.051 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 140/136 356/292 157/130][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 376/500 1306/1754 434/627][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: e330bca99c8a5256ae126a55c4c725c5][TLSv1.2][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,9,0,9,0,0,0,18,0,0,0,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,9,0,9,0,0,0,0,0,9,0,0,9] - 21 TCP 192.168.1.103:43850 <-> 203.205.158.34:443 [proto: 91.48/TLS.QQ][IP: 285/Tencent][Encrypted][Confidence: DPI][cat: Chat/9][12 pkts/2005 bytes <-> 12 pkts/6787 bytes][Goodput ratio: 67/90][72.13 sec][Hostname/SNI: res.wx.qq.com][ALPN: h2;http/1.1][bytes ratio: -0.544 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7939/7944 44960/45306 14472/14557][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 167/566 571/3484 197/987][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: 550dce18de1bb143e69d6dd9413b8355 / Cipher TLS_RSA_WITH_AES_256_GCM_SHA384][TLSv1.2][JA3C: 550dce18de1bb143e69d6dd9413b8355][ServerNames: wx1.qq.com,webpush.wx.qq.com,webpush1.weixin.qq.com,loginpoll.weixin.qq.com,login.wx.qq.com,file.wx2.qq.com,wx2.qq.com,login.wx2.qq.com,wxitil.qq.com,file.wx.qq.com,login.weixin.qq.com,webpush2.weixin.qq.com,webpush.wx2.qq.com,webpush.weixin.qq.com,web.weixin.qq.com,res.wx.qq.com,wx.qq.com][JA3S: 290adf098a54ade688d1df074dbecbf2 (WEAK)][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, OU=R&D, CN=wx.qq.com][Certificate SHA-1: 67:53:57:7F:22:BB:D0:A6:D4:5F:A6:D4:B3:0A:13:73:29:23:D0:C9][Validity: 2016-05-10 00:00:00 - 2018-08-09 23:59:59][Cipher: TLS_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 12,0,0,0,0,0,0,0,12,12,0,0,0,0,0,12,12,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,12] - 22 TCP 192.168.1.103:38657 <-> 172.217.22.14:443 [proto: 91.126/TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][17 pkts/2413 bytes <-> 17 pkts/6268 bytes][Goodput ratio: 53/82][135.40 sec][Hostname/SNI: safebrowsing.googleusercontent.com][ALPN: h2;http/1.1][bytes ratio: -0.444 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6942/6942 45055/45055 16249/16250][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 142/369 895/1484 196/525][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: *.googleusercontent.com,*.apps.googleusercontent.com,*.appspot.com.storage.googleapis.com,*.blogspot.com,*.bp.blogspot.com,*.commondatastorage.googleapis.com,*.content-storage-download.googleapis.com,*.content-storage-upload.googleapis.com,*.content-storage.googleapis.com,*.doubleclickusercontent.com,*.ggpht.com,*.googledrive.com,*.googlesyndication.com,*.googleweblight.com,*.safenup.googleusercontent.com,*.sandbox.googleusercontent.com,*.storage-download.googleapis.com,*.storage-upload.googleapis.com,*.storage.googleapis.com,*.storage.select.googleapis.com,blogspot.com,bp.blogspot.com,commondatastorage.googleapis.com,doubleclickusercontent.com,ggpht.com,googledrive.com,googleusercontent.com,googleweblight.com,static.panoramio.com.storage.googleapis.com,storage.googleapis.com,storage.select.googleapis.com,unfiltered.news][JA3S: d655f7cd00e93ea8969c3c6e06f0156f][Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2][Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.googleusercontent.com][Certificate SHA-1: 8B:36:AF:31:A2:4C:EE:50:CC:6F:34:F7:2C:A3:C5:B6:4B:02:AC:53][Validity: 2017-04-05 17:14:46 - 2017-06-28 16:57:00][Cipher: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256][Plen Bins: 12,38,6,0,0,0,6,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,12,0,0,0] + 2 TCP 192.168.1.103:54101 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Chat/9][46 pkts/12575 bytes <-> 40 pkts/53424 bytes][Goodput ratio: 76/95][15.73 sec][Hostname/SNI: web.wechat.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.619 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 403/151 10035/951 1616/288][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 273/1336 1306/4350 407/922][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: e330bca99c8a5256ae126a55c4c725c5][TLSv1.2][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,2,0,2,0,2,4,2,0,0,0,4,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,4,0,2,0,0,0,2,0,54,0,0,10] + 3 TCP 192.168.1.103:54103 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Chat/9][50 pkts/23958 bytes <-> 46 pkts/39684 bytes][Goodput ratio: 86/92][23.11 sec][Hostname/SNI: web.wechat.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.247 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 538/312 9999/7018 1833/1162][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 479/863 1306/4059 492/922][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: e330bca99c8a5256ae126a55c4c725c5][TLSv1.2][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,1,0,1,0,6,6,3,1,0,0,6,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,3,0,8,0,10,0,0,0,0,0,29,0,0,5] + 4 TCP 192.168.1.103:54113 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Chat/9][38 pkts/8933 bytes <-> 35 pkts/35112 bytes][Goodput ratio: 72/93][27.77 sec][Hostname/SNI: web.wechat.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.594 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 559/54 8107/380 1792/116][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 235/1003 1306/1494 368/649][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: e330bca99c8a5256ae126a55c4c725c5][TLSv1.2][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,5,0,2,0,0,2,2,2,0,0,2,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,2,0,0,2,0,5,0,2,0,0,0,63,0,0,0] + 5 TCP 192.168.1.103:54099 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Chat/9][25 pkts/9013 bytes <-> 29 pkts/27440 bytes][Goodput ratio: 82/93][14.74 sec][Hostname/SNI: web.wechat.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.506 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 168/172 1085/1495 276/329][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 361/946 1306/1754 450/673][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: e330bca99c8a5256ae126a55c4c725c5][TLSv1.2][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,3,0,3,0,0,6,3,3,3,0,6,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,6,0,3,0,0,0,0,3,47,0,0,3] + 6 TCP 192.168.1.103:54119 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Chat/9][26 pkts/8129 bytes <-> 24 pkts/22836 bytes][Goodput ratio: 79/93][28.03 sec][Hostname/SNI: web.wechat.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.475 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1291/951 9696/8423 2840/2427][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 313/952 1306/2922 423/964][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: e330bca99c8a5256ae126a55c4c725c5][TLSv1.2][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,8,0,4,0,0,4,4,4,0,0,4,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,4,0,0,8,0,8,0,0,0,0,0,28,0,0,12] + 7 TCP 192.168.1.103:58038 <-> 203.205.147.171:443 [proto: 91.197/TLS.WeChat][IP: 285/Tencent][Encrypted][Confidence: DPI][cat: Chat/9][34 pkts/17556 bytes <-> 25 pkts/12172 bytes][Goodput ratio: 87/86][38.16 sec][Hostname/SNI: web.wechat.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.181 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1114/1110 15327/15635 3311/3567][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 516/487 1306/1754 494/579][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: e330bca99c8a5256ae126a55c4c725c5][TLSv1.2][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,3,0,3,0,0,9,3,0,0,0,9,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,9,0,18,0,3,6,0,0,3,0,0,3] + 8 TCP 192.168.1.103:54089 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Chat/9][21 pkts/7826 bytes <-> 20 pkts/18761 bytes][Goodput ratio: 82/93][13.58 sec][Hostname/SNI: web.wechat.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.411 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 777/120 9999/394 2313/166][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 373/938 1306/5892 454/1304][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: e330bca99c8a5256ae126a55c4c725c5][TLSv1.2][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,4,0,4,0,4,4,4,4,0,0,4,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,4,0,4,0,9,0,0,0,0,0,33,0,0,4] + 9 TCP 192.168.1.103:54095 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Chat/9][21 pkts/7825 bytes <-> 18 pkts/17898 bytes][Goodput ratio: 82/93][22.24 sec][Hostname/SNI: web.wechat.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.392 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1174/416 10039/3644 2412/985][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 373/994 1306/8291 454/1871][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: e330bca99c8a5256ae126a55c4c725c5][TLSv1.2][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,5,0,5,0,0,5,5,5,0,0,5,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,5,0,0,5,0,10,0,5,0,0,0,21,0,0,5] + 10 TCP 192.168.1.103:58040 <-> 203.205.147.171:443 [proto: 91.197/TLS.WeChat][IP: 285/Tencent][Encrypted][Confidence: DPI][cat: Chat/9][29 pkts/17545 bytes <-> 20 pkts/6923 bytes][Goodput ratio: 89/81][31.02 sec][Hostname/SNI: web.wechat.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.434 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1265/1401 15319/15624 3541/3988][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 605/346 1494/1494 586/472][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: e330bca99c8a5256ae126a55c4c725c5][TLSv1.2][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,3,3,3,0,0,0,11,7,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,11,0,7,0,0,0,0,0,27,0,0,0] + 11 TCP 192.168.1.103:54097 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Chat/9][25 pkts/12063 bytes <-> 19 pkts/7932 bytes][Goodput ratio: 86/84][47.29 sec][Hostname/SNI: web.wechat.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.207 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1388/1930 15313/15715 3511/4240][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 483/417 1306/1754 480/530][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: e330bca99c8a5256ae126a55c4c725c5][TLSv1.2][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,4,0,4,0,0,0,17,0,0,0,0,0,0,26,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,13,0,13,0,0,0,0,0,4,0,0,4] + 12 TCP 192.168.1.103:54094 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Chat/9][22 pkts/10193 bytes <-> 18 pkts/8262 bytes][Goodput ratio: 86/86][22.50 sec][Hostname/SNI: web.wechat.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.105 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1165/786 10037/4544 2455/1496][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 463/459 1306/1754 478/579][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: e330bca99c8a5256ae126a55c4c725c5][TLSv1.2][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,4,0,4,0,4,4,9,0,0,0,4,0,0,15,4,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,9,0,15,0,0,0,0,0,9,0,0,4] + 13 TCP 192.168.1.103:54102 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Chat/9][13 pkts/2317 bytes <-> 15 pkts/15724 bytes][Goodput ratio: 63/94][13.04 sec][Hostname/SNI: web.wechat.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.743 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1232/213 9996/1647 2944/472][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 178/1048 1153/3182 290/878][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: e330bca99c8a5256ae126a55c4c725c5][TLSv1.2][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,7,0,7,7,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,57,0,0,7] + 14 TCP 192.168.1.103:54098 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Chat/9][22 pkts/8507 bytes <-> 16 pkts/6575 bytes][Goodput ratio: 83/84][47.03 sec][Hostname/SNI: web.wechat.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.128 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2/0 2592/2688 15693/16086 4163/4916][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 387/411 1306/1754 452/551][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: e330bca99c8a5256ae126a55c4c725c5][TLSv1.2][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,5,0,5,0,0,0,18,0,0,0,0,0,0,24,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,11,0,11,0,0,0,0,0,5,0,0,5] + 15 TCP 192.168.1.103:54117 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Chat/9][20 pkts/8397 bytes <-> 16 pkts/6566 bytes][Goodput ratio: 84/84][25.19 sec][Hostname/SNI: web.wechat.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.122 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1503/1316 9999/7806 2987/2505][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 420/410 1306/1494 462/507][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: e330bca99c8a5256ae126a55c4c725c5][TLSv1.2][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,5,0,5,0,0,0,16,5,0,0,0,0,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,11,0,11,0,0,0,0,0,11,0,0,0] + 16 TCP 192.168.1.103:58036 <-> 203.205.147.171:443 [proto: 91.197/TLS.WeChat][IP: 285/Tencent][Encrypted][Confidence: DPI][cat: Chat/9][15 pkts/6450 bytes <-> 11 pkts/5068 bytes][Goodput ratio: 85/86][11.52 sec][Hostname/SNI: web.wechat.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.120 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 931/134 9811/287 2681/130][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 430/461 1306/1494 463/553][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: e330bca99c8a5256ae126a55c4c725c5][TLSv1.2][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,7,0,7,0,0,0,14,7,0,0,0,0,0,14,7,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,7,0,14,0,0,0,0,0,14,0,0,0] + 17 TCP 192.168.1.103:54092 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Chat/9][15 pkts/6438 bytes <-> 11 pkts/5068 bytes][Goodput ratio: 84/86][11.77 sec][Hostname/SNI: web.wechat.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.119 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 947/155 9639/333 2626/154][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 429/461 1306/1494 463/553][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: e330bca99c8a5256ae126a55c4c725c5][TLSv1.2][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,7,0,7,0,0,0,14,7,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,7,0,14,0,0,0,0,0,14,0,0,0] + 18 TCP 192.168.1.103:54100 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Chat/9][15 pkts/4627 bytes <-> 12 pkts/5905 bytes][Goodput ratio: 78/86][14.48 sec][Hostname/SNI: web.wechat.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.121 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 1140/318 10004/1570 2698/530][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 308/492 1306/1798 406/692][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: e330bca99c8a5256ae126a55c4c725c5][TLSv1.2][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,9,0,9,0,0,9,9,0,0,0,9,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,9,0,0,0,0,0,9,0,0,18] + 19 TCP 192.168.1.103:54111 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Chat/9][14 pkts/4626 bytes <-> 12 pkts/5135 bytes][Goodput ratio: 80/84][22.95 sec][Hostname/SNI: web.wechat.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.052 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2021/1536 10879/11228 3976/3666][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 330/428 1306/1494 416/541][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: e330bca99c8a5256ae126a55c4c725c5][TLSv1.2][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,8,0,8,0,0,0,16,8,0,0,0,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,8,0,8,0,0,0,0,0,16,0,0,0] + 20 TCP 192.168.1.103:58042 <-> 203.205.147.171:443 [proto: 91.197/TLS.WeChat][IP: 285/Tencent][Encrypted][Confidence: DPI][cat: Chat/9][12 pkts/4516 bytes <-> 10 pkts/5004 bytes][Goodput ratio: 82/87][11.54 sec][Hostname/SNI: web.wechat.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.051 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 140/136 356/292 157/130][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 376/500 1306/1754 434/627][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: e330bca99c8a5256ae126a55c4c725c5][TLSv1.2][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,9,0,9,0,0,0,18,0,0,0,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,9,0,9,0,0,0,0,0,9,0,0,9] + 21 TCP 192.168.1.103:43850 <-> 203.205.158.34:443 [proto: 91.48/TLS.QQ][IP: 285/Tencent][Encrypted][Confidence: DPI][cat: Chat/9][12 pkts/2005 bytes <-> 12 pkts/6787 bytes][Goodput ratio: 67/90][72.13 sec][Hostname/SNI: res.wx.qq.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.544 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7939/7944 44960/45306 14472/14557][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 167/566 571/3484 197/987][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: 550dce18de1bb143e69d6dd9413b8355 / Cipher TLS_RSA_WITH_AES_256_GCM_SHA384][TLSv1.2][JA3C: 550dce18de1bb143e69d6dd9413b8355][ServerNames: wx1.qq.com,webpush.wx.qq.com,webpush1.weixin.qq.com,loginpoll.weixin.qq.com,login.wx.qq.com,file.wx2.qq.com,wx2.qq.com,login.wx2.qq.com,wxitil.qq.com,file.wx.qq.com,login.weixin.qq.com,webpush2.weixin.qq.com,webpush.wx2.qq.com,webpush.weixin.qq.com,web.weixin.qq.com,res.wx.qq.com,wx.qq.com][JA3S: 290adf098a54ade688d1df074dbecbf2 (WEAK)][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, OU=R&D, CN=wx.qq.com][Certificate SHA-1: 67:53:57:7F:22:BB:D0:A6:D4:5F:A6:D4:B3:0A:13:73:29:23:D0:C9][Validity: 2016-05-10 00:00:00 - 2018-08-09 23:59:59][Cipher: TLS_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 12,0,0,0,0,0,0,0,12,12,0,0,0,0,0,12,12,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,12] + 22 TCP 192.168.1.103:38657 <-> 172.217.22.14:443 [proto: 91.126/TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][17 pkts/2413 bytes <-> 17 pkts/6268 bytes][Goodput ratio: 53/82][135.40 sec][Hostname/SNI: safebrowsing.googleusercontent.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.444 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6942/6942 45055/45055 16249/16250][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 142/369 895/1484 196/525][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: *.googleusercontent.com,*.apps.googleusercontent.com,*.appspot.com.storage.googleapis.com,*.blogspot.com,*.bp.blogspot.com,*.commondatastorage.googleapis.com,*.content-storage-download.googleapis.com,*.content-storage-upload.googleapis.com,*.content-storage.googleapis.com,*.doubleclickusercontent.com,*.ggpht.com,*.googledrive.com,*.googlesyndication.com,*.googleweblight.com,*.safenup.googleusercontent.com,*.sandbox.googleusercontent.com,*.storage-download.googleapis.com,*.storage-upload.googleapis.com,*.storage.googleapis.com,*.storage.select.googleapis.com,blogspot.com,bp.blogspot.com,commondatastorage.googleapis.com,doubleclickusercontent.com,ggpht.com,googledrive.com,googleusercontent.com,googleweblight.com,static.panoramio.com.storage.googleapis.com,storage.googleapis.com,storage.select.googleapis.com,unfiltered.news][JA3S: d655f7cd00e93ea8969c3c6e06f0156f][Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2][Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.googleusercontent.com][Certificate SHA-1: 8B:36:AF:31:A2:4C:EE:50:CC:6F:34:F7:2C:A3:C5:B6:4B:02:AC:53][Validity: 2017-04-05 17:14:46 - 2017-06-28 16:57:00][Cipher: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256][Plen Bins: 12,38,6,0,0,0,6,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,12,0,0,0] 23 UDP 192.168.1.103:51507 <-> 172.217.23.67:443 [proto: 188.126/QUIC.Google][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][7 pkts/3507 bytes <-> 6 pkts/3329 bytes][Goodput ratio: 92/92][0.18 sec][Hostname/SNI: ssl.gstatic.com][bytes ratio: 0.026 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 3/0 27/2 76/4 27/1][Pkt Len c2s/s2c min/avg/max/stddev: 80/72 501/555 1392/1392 574/599][User-Agent: Chrome/57.0.2987.133 Linux x86_64][PLAIN TEXT (ssl.gstatic.com)][Plen Bins: 23,30,0,0,0,0,0,0,7,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0,0,0,0] 24 UDP 192.168.1.103:57591 <-> 216.58.198.46:443 [proto: 188.241/QUIC.GoogleDocs][IP: 126/Google][Encrypted][Confidence: DPI][cat: Collaborative/15][6 pkts/2687 bytes <-> 7 pkts/2125 bytes][Goodput ratio: 91/86][1.33 sec][Hostname/SNI: docs.google.com][bytes ratio: 0.117 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 21/248 55/1178 23/465][Pkt Len c2s/s2c min/avg/max/stddev: 77/70 448/304 1392/1392 532/455][User-Agent: Chrome/57.0.2987.133 Linux x86_64][PLAIN TEXT (docs.google.comr)][Plen Bins: 30,39,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0,0,0,0] - 25 TCP 192.168.1.103:54120 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Chat/9][10 pkts/1032 bytes <-> 8 pkts/3711 bytes][Goodput ratio: 35/85][27.78 sec][Hostname/SNI: web.wechat.com][ALPN: h2;http/1.1][bytes ratio: -0.565 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 3428/1426 19999/5411 6454/2304][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103/464 304/1754 77/673][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: e330bca99c8a5256ae126a55c4c725c5][TLSv1.2][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,20,0,20,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,20] - 26 TCP 192.168.1.103:58041 <-> 203.205.147.171:443 [proto: 91.197/TLS.WeChat][IP: 285/Tencent][Encrypted][Confidence: DPI][cat: Chat/9][10 pkts/1032 bytes <-> 8 pkts/3711 bytes][Goodput ratio: 35/85][30.78 sec][Hostname/SNI: web.wechat.com][ALPN: h2;http/1.1][bytes ratio: -0.565 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 3813/2235 20004/5405 6348/2331][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103/464 304/1754 77/673][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: e330bca99c8a5256ae126a55c4c725c5][TLSv1.2][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,20,0,20,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,20] - 27 TCP 192.168.1.103:54118 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Chat/9][10 pkts/1032 bytes <-> 8 pkts/3703 bytes][Goodput ratio: 35/86][24.98 sec][Hostname/SNI: web.wechat.com][ALPN: h2;http/1.1][bytes ratio: -0.564 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3076/848 20000/3092 6448/1207][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103/463 304/1494 77/601][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: e330bca99c8a5256ae126a55c4c725c5][TLSv1.2][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,16,0,16,0,0,0,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0] - 28 TCP 192.168.1.103:54090 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Chat/9][10 pkts/1032 bytes <-> 7 pkts/3637 bytes][Goodput ratio: 35/87][13.33 sec][Hostname/SNI: web.wechat.com][ALPN: h2;http/1.1][bytes ratio: -0.558 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1665/362 10763/1441 3453/623][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103/520 304/1494 77/622][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: e330bca99c8a5256ae126a55c4c725c5][TLSv1.2][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,16,0,16,0,0,0,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0] - 29 TCP 192.168.1.103:54096 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Chat/9][10 pkts/1032 bytes <-> 7 pkts/3637 bytes][Goodput ratio: 35/87][20.54 sec][Hostname/SNI: web.wechat.com][ALPN: h2;http/1.1][bytes ratio: -0.558 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2567/80 19243/317 6305/137][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103/520 304/1494 77/622][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: e330bca99c8a5256ae126a55c4c725c5][TLSv1.2][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,16,0,16,0,0,0,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0] - 30 TCP 192.168.1.103:54104 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Chat/9][10 pkts/1032 bytes <-> 7 pkts/3637 bytes][Goodput ratio: 35/87][11.97 sec][Hostname/SNI: web.wechat.com][ALPN: h2;http/1.1][bytes ratio: -0.558 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1496/90 10477/358 3399/155][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103/520 304/1494 77/622][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: e330bca99c8a5256ae126a55c4c725c5][TLSv1.2][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,16,0,16,0,0,0,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0] - 31 TCP 192.168.1.103:54091 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Chat/9][9 pkts/966 bytes <-> 6 pkts/3571 bytes][Goodput ratio: 38/89][11.54 sec][Hostname/SNI: web.wechat.com][ALPN: h2;http/1.1][bytes ratio: -0.574 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1592/137 10023/410 3446/193][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 107/595 304/1754 80/732][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: e330bca99c8a5256ae126a55c4c725c5][TLSv1.2][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,20,0,20,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,20] + 25 TCP 192.168.1.103:54120 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Chat/9][10 pkts/1032 bytes <-> 8 pkts/3711 bytes][Goodput ratio: 35/85][27.78 sec][Hostname/SNI: web.wechat.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.565 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 3428/1426 19999/5411 6454/2304][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103/464 304/1754 77/673][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: e330bca99c8a5256ae126a55c4c725c5][TLSv1.2][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,20,0,20,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,20] + 26 TCP 192.168.1.103:58041 <-> 203.205.147.171:443 [proto: 91.197/TLS.WeChat][IP: 285/Tencent][Encrypted][Confidence: DPI][cat: Chat/9][10 pkts/1032 bytes <-> 8 pkts/3711 bytes][Goodput ratio: 35/85][30.78 sec][Hostname/SNI: web.wechat.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.565 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 3813/2235 20004/5405 6348/2331][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103/464 304/1754 77/673][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: e330bca99c8a5256ae126a55c4c725c5][TLSv1.2][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,20,0,20,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,20] + 27 TCP 192.168.1.103:54118 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Chat/9][10 pkts/1032 bytes <-> 8 pkts/3703 bytes][Goodput ratio: 35/86][24.98 sec][Hostname/SNI: web.wechat.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.564 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3076/848 20000/3092 6448/1207][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103/463 304/1494 77/601][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: e330bca99c8a5256ae126a55c4c725c5][TLSv1.2][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,16,0,16,0,0,0,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0] + 28 TCP 192.168.1.103:54090 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Chat/9][10 pkts/1032 bytes <-> 7 pkts/3637 bytes][Goodput ratio: 35/87][13.33 sec][Hostname/SNI: web.wechat.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.558 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1665/362 10763/1441 3453/623][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103/520 304/1494 77/622][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: e330bca99c8a5256ae126a55c4c725c5][TLSv1.2][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,16,0,16,0,0,0,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0] + 29 TCP 192.168.1.103:54096 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Chat/9][10 pkts/1032 bytes <-> 7 pkts/3637 bytes][Goodput ratio: 35/87][20.54 sec][Hostname/SNI: web.wechat.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.558 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2567/80 19243/317 6305/137][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103/520 304/1494 77/622][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: e330bca99c8a5256ae126a55c4c725c5][TLSv1.2][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,16,0,16,0,0,0,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0] + 30 TCP 192.168.1.103:54104 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Chat/9][10 pkts/1032 bytes <-> 7 pkts/3637 bytes][Goodput ratio: 35/87][11.97 sec][Hostname/SNI: web.wechat.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.558 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1496/90 10477/358 3399/155][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103/520 304/1494 77/622][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: e330bca99c8a5256ae126a55c4c725c5][TLSv1.2][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,16,0,16,0,0,0,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0] + 31 TCP 192.168.1.103:54091 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Chat/9][9 pkts/966 bytes <-> 6 pkts/3571 bytes][Goodput ratio: 38/89][11.54 sec][Hostname/SNI: web.wechat.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.574 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1592/137 10023/410 3446/193][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 107/595 304/1754 80/732][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: e330bca99c8a5256ae126a55c4c725c5][TLSv1.2][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,20,0,20,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,20] 32 UDP [fe80::7a92:9cff:fe0f:a88e]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][44 pkts/4488 bytes -> 0 pkts/0 bytes][Goodput ratio: 39/0][3914.88 sec][Hostname/SNI: _googlecast._tcp.local][_googlecast._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 6684/0 41917/0 11732/0][Pkt Len c2s/s2c min/avg/max/stddev: 102/0 102/0 102/0 0/0][PLAIN TEXT (googlecast)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 33 UDP 192.168.1.103:35601 <-> 172.217.23.67:443 [proto: 188.126/QUIC.Google][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][5 pkts/2035 bytes <-> 5 pkts/1937 bytes][Goodput ratio: 90/89][0.12 sec][Hostname/SNI: ssl.gstatic.com][bytes ratio: 0.025 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/17 24/16 53/47 24/19][Pkt Len c2s/s2c min/avg/max/stddev: 80/72 407/387 1392/1392 508/512][User-Agent: Chrome/57.0.2987.133 Linux x86_64][PLAIN TEXT (ssl.gstatic.com)][Plen Bins: 30,30,0,0,0,0,0,0,10,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0] 34 UDP 192.168.1.103:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][44 pkts/3608 bytes -> 0 pkts/0 bytes][Goodput ratio: 49/0][3914.88 sec][Hostname/SNI: _googlecast._tcp.local][_googlecast._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 6684/0 41917/0 11732/0][Pkt Len c2s/s2c min/avg/max/stddev: 82/0 82/0 82/0 0/0][PLAIN TEXT (googlecast)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/weibo.pcap.out b/tests/result/weibo.pcap.out index d40ca0c29..112179647 100644 --- a/tests/result/weibo.pcap.out +++ b/tests/result/weibo.pcap.out @@ -17,7 +17,7 @@ Automa host: 32/25 (search/found) Automa domain: 32/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 2/0 (search/found) -Automa common alpns: 0/0 (search/found) +Automa common alpns: 3/3 (search/found) Patricia risk mask: 88/0 (search/found) Patricia risk: 0/0 (search/found) Patricia protocols: 83/10 (search/found) @@ -44,7 +44,7 @@ JA3 Host Stats: 8 TCP 192.168.1.105:59119 <-> 114.134.80.162:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][5 pkts/736 bytes <-> 4 pkts/863 bytes][Goodput ratio: 61/73][1.05 sec][Hostname/SNI: weibo.com][bytes ratio: -0.079 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/347 176/348 353/348 174/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 147/216 500/689 177/273][URL: weibo.com/login.php?lang=en-us][StatusCode: 301][Content-Type: text/html][User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36][PLAIN TEXT (GET /login.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 9 TCP 192.168.1.105:35811 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][IP: 0/Unknown][ClearText][Confidence: DPI][cat: SocialNetwork/6][3 pkts/604 bytes <-> 2 pkts/140 bytes][Goodput ratio: 66/0][0.46 sec][Hostname/SNI: js.t.sinajs.cn][URL: js.t.sinajs.cn/t5/register/js/v6/pl/base.js?version=201605130537][StatusCode: 0][User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36][PLAIN TEXT (KGET /t)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 10 TCP 192.168.1.105:42275 <-> 222.73.28.96:80 [proto: 7.200/HTTP.Sina(Weibo)][IP: 0/Unknown][ClearText][Confidence: DPI][cat: SocialNetwork/6][3 pkts/610 bytes <-> 1 pkts/66 bytes][Goodput ratio: 70/0][0.38 sec][Hostname/SNI: u1.img.mobile.sina.cn][URL: u1.img.mobile.sina.cn/public/files/image/620x300_img5653d57c6dab2.png][StatusCode: 0][User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36][PLAIN TEXT (GET /public/files/image/620)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 11 TCP 192.168.1.105:50827 <-> 47.89.65.229:443 [proto: 91.274/TLS.Alibaba][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][3 pkts/382 bytes <-> 1 pkts/66 bytes][Goodput ratio: 52/0][0.16 sec][Hostname/SNI: g.alicdn.com][ALPN: h2;spdy/3.1;http/1.1][TLSv1.2][JA3C: 58e7f64db6e4fe4941dd9691d421196c][Firefox][PLAIN TEXT (g.alicdn.com)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 11 TCP 192.168.1.105:50827 <-> 47.89.65.229:443 [proto: 91.274/TLS.Alibaba][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][3 pkts/382 bytes <-> 1 pkts/66 bytes][Goodput ratio: 52/0][0.16 sec][Hostname/SNI: g.alicdn.com][(Advertised) ALPNs: h2;spdy/3.1;http/1.1][TLSv1.2][JA3C: 58e7f64db6e4fe4941dd9691d421196c][Firefox][PLAIN TEXT (g.alicdn.com)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 12 UDP 192.168.1.105:53543 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/75 bytes <-> 1 pkts/191 bytes][Goodput ratio: 43/78][0.11 sec][Hostname/SNI: img.t.sinajs.cn][93.188.134.246][Risk: ** Suspicious DNS Traffic **][Risk Score: 100][Risk Info: DNS Record with zero TTL][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 13 UDP 192.168.1.105:41352 <-> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/74 bytes <-> 1 pkts/190 bytes][Goodput ratio: 43/77][0.54 sec][Hostname/SNI: js.t.sinajs.cn][93.188.134.246][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 14 UDP 192.168.1.105:51440 <-> 192.168.1.1:53 [proto: 5.274/DNS.Alibaba][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/72 bytes <-> 1 pkts/171 bytes][Goodput ratio: 41/75][0.19 sec][Hostname/SNI: g.alicdn.com][47.89.65.229][PLAIN TEXT (alicdn)][Plen Bins: 50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/whatsappfiles.pcap.out b/tests/result/whatsappfiles.pcap.out index 100d3bdf8..d207f35a2 100644 --- a/tests/result/whatsappfiles.pcap.out +++ b/tests/result/whatsappfiles.pcap.out @@ -26,5 +26,5 @@ JA3 Host Stats: 1 192.168.2.29 2 - 1 TCP 192.168.2.29:49698 <-> 185.60.216.53:443 [proto: 91.242/TLS.WhatsAppFiles][IP: 142/WhatsApp][Encrypted][Confidence: DPI][cat: Download/7][132 pkts/9906 bytes <-> 178 pkts/237405 bytes][Goodput ratio: 12/95][7.27 sec][Hostname/SNI: mmg-fna.whatsapp.net][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.920 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 62/47 5775/5834 571/481][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 75/1334 583/1464 51/392][TLSv1.2][JA3C: 4e1a414c4f4c99097edd2a9a98e336c8][JA3S: 96681175a9547081bf3d417f1a572091][Safari][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,94,0,0,0,0] - 2 TCP 192.168.2.29:49674 <-> 185.60.216.53:443 [proto: 91.242/TLS.WhatsAppFiles][IP: 142/WhatsApp][Encrypted][Confidence: DPI][cat: Download/7][161 pkts/189194 bytes <-> 149 pkts/15728 bytes][Goodput ratio: 94/32][110.02 sec][Hostname/SNI: mmg-fna.whatsapp.net][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: 0.846 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 322/659 24639/64743 2278/6019][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 1175/106 1464/1464 540/167][TLSv1.2][JA3C: 107144b88827da5da9ed42d8776ccdc5][ServerNames: *.cdn.whatsapp.net,*.snr.whatsapp.net,*.whatsapp.com,*.whatsapp.net,whatsapp.com,whatsapp.net][JA3S: 2d1eb5817ece335c24904f516ad5da12][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA][Subject: C=US, ST=California, L=Menlo Park, O=Facebook, Inc., CN=*.whatsapp.net][Certificate SHA-1: 10:54:EB:4A:A2:2A:42:2F:A6:1C:E7:9C:F4:84:10:7E:30:2E:56:BB][Safari][Validity: 2017-04-26 00:00:00 - 2018-05-01 12:00:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,5,0,1,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,87,0,0,0,0] + 1 TCP 192.168.2.29:49698 <-> 185.60.216.53:443 [proto: 91.242/TLS.WhatsAppFiles][IP: 142/WhatsApp][Encrypted][Confidence: DPI][cat: Download/7][132 pkts/9906 bytes <-> 178 pkts/237405 bytes][Goodput ratio: 12/95][7.27 sec][Hostname/SNI: mmg-fna.whatsapp.net][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.920 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 62/47 5775/5834 571/481][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 75/1334 583/1464 51/392][TLSv1.2][JA3C: 4e1a414c4f4c99097edd2a9a98e336c8][JA3S: 96681175a9547081bf3d417f1a572091][Safari][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,94,0,0,0,0] + 2 TCP 192.168.2.29:49674 <-> 185.60.216.53:443 [proto: 91.242/TLS.WhatsAppFiles][IP: 142/WhatsApp][Encrypted][Confidence: DPI][cat: Download/7][161 pkts/189194 bytes <-> 149 pkts/15728 bytes][Goodput ratio: 94/32][110.02 sec][Hostname/SNI: mmg-fna.whatsapp.net][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][(Negotiated) ALPN: h2][bytes ratio: 0.846 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 322/659 24639/64743 2278/6019][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 1175/106 1464/1464 540/167][TLSv1.2][JA3C: 107144b88827da5da9ed42d8776ccdc5][ServerNames: *.cdn.whatsapp.net,*.snr.whatsapp.net,*.whatsapp.com,*.whatsapp.net,whatsapp.com,whatsapp.net][JA3S: 2d1eb5817ece335c24904f516ad5da12][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA][Subject: C=US, ST=California, L=Menlo Park, O=Facebook, Inc., CN=*.whatsapp.net][Certificate SHA-1: 10:54:EB:4A:A2:2A:42:2F:A6:1C:E7:9C:F4:84:10:7E:30:2E:56:BB][Safari][Validity: 2017-04-26 00:00:00 - 2018-05-01 12:00:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,5,0,1,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,87,0,0,0,0] diff --git a/tests/result/whois.pcapng.out b/tests/result/whois.pcapng.out index 381a3e207..8bca9dd31 100644 --- a/tests/result/whois.pcapng.out +++ b/tests/result/whois.pcapng.out @@ -15,7 +15,7 @@ Automa host: 0/0 (search/found) Automa domain: 0/0 (search/found) Automa tls cert: 1/0 (search/found) Automa risk mask: 0/0 (search/found) -Automa common alpns: 0/0 (search/found) +Automa common alpns: 2/2 (search/found) Patricia risk mask: 8/0 (search/found) Patricia risk: 0/0 (search/found) Patricia protocols: 10/0 (search/found) @@ -29,5 +29,5 @@ JA3 Host Stats: 1 TCP 192.30.45.30:43 -> 10.160.63.128:53217 [VLAN: 1908][proto: 170/Whois-DAS][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: Network/14][5 pkts/3410 bytes -> 0 pkts/0 bytes][Goodput ratio: 91/0][0.33 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][PLAIN TEXT ( Domain Name)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0,0,0,0,0,0] - 2 TCP 10.17.34.139:64016 <-> 10.17.51.8:4343 [VLAN: 1603][proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][4 pkts/628 bytes <-> 3 pkts/1418 bytes][Goodput ratio: 54/86][0.24 sec][ALPN: h2;http/1.1][bytes ratio: -0.386 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/229 74/229 222/229 105/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/70 157/473 228/1278 71/569][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **][Risk Score: 100][Risk Info: Expected on port 443][TLSv1.2][JA3C: 5f48063f9f3a827056ccdabadcc3886a][JA3S: 649d6810e8392f63dc311eecb6b7098b][Issuer: CN=10.17.51.7][Subject: CN=10.17.51.7, CN=10.17.51.7][Certificate SHA-1: DD:4E:28:9B:08:C1:D5:63:D1:B6:FC:DD:FD:91:A9:D4:E3:A8:7F:D5][Firefox][Validity: 2017-11-14 08:00:00 - 2022-11-13 08:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384][Plen Bins: 0,0,0,0,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0] + 2 TCP 10.17.34.139:64016 <-> 10.17.51.8:4343 [VLAN: 1603][proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][4 pkts/628 bytes <-> 3 pkts/1418 bytes][Goodput ratio: 54/86][0.24 sec][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.386 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/229 74/229 222/229 105/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/70 157/473 228/1278 71/569][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **][Risk Score: 100][Risk Info: Expected on port 443][TLSv1.2][JA3C: 5f48063f9f3a827056ccdabadcc3886a][JA3S: 649d6810e8392f63dc311eecb6b7098b][Issuer: CN=10.17.51.7][Subject: CN=10.17.51.7, CN=10.17.51.7][Certificate SHA-1: DD:4E:28:9B:08:C1:D5:63:D1:B6:FC:DD:FD:91:A9:D4:E3:A8:7F:D5][Firefox][Validity: 2017-11-14 08:00:00 - 2022-11-13 08:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384][Plen Bins: 0,0,0,0,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0] 3 TCP 10.0.2.15:44188 <-> 192.0.47.59:43 [proto: 170/Whois-DAS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][6 pkts/357 bytes <-> 5 pkts/527 bytes][Goodput ratio: 4/44][0.30 sec][Hostname/SNI: example.com][bytes ratio: -0.192 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/119 60/60 120/119 50/60][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 60/105 74/287 8/91][PLAIN TEXT (example.com)][Plen Bins: 50,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/youtubeupload.pcap.out b/tests/result/youtubeupload.pcap.out index 056842d26..6fb1478a8 100644 --- a/tests/result/youtubeupload.pcap.out +++ b/tests/result/youtubeupload.pcap.out @@ -29,4 +29,4 @@ JA3 Host Stats: 1 UDP 192.168.2.27:51925 <-> 172.217.23.111:443 [proto: 188.136/QUIC.YouTubeUpload][IP: 126/Google][Encrypted][Confidence: DPI][cat: Media/1][80 pkts/100473 bytes <-> 20 pkts/6003 bytes][Goodput ratio: 97/86][3.49 sec][Hostname/SNI: upload.youtube.com][bytes ratio: 0.887 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 33/249 1825/1883 217/551][Pkt Len c2s/s2c min/avg/max/stddev: 77/58 1256/300 1392/1392 385/473][User-Agent: Chrome/62.0.3202.94 Windows NT 10.0; Win64; x64][PLAIN TEXT (upload.youtube.comQ)][Plen Bins: 13,8,0,1,0,0,0,0,0,1,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,74,0,0,0,0,0] 2 UDP 192.168.2.27:62232 <-> 172.217.23.111:443 [proto: 188.136/QUIC.YouTubeUpload][IP: 126/Google][Encrypted][Confidence: DPI][cat: Media/1][13 pkts/8651 bytes <-> 11 pkts/6463 bytes][Goodput ratio: 94/93][16.89 sec][Hostname/SNI: upload.youtube.com][bytes ratio: 0.145 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1667/2090 14942/15097 4450/4941][Pkt Len c2s/s2c min/avg/max/stddev: 65/60 665/588 1392/1392 634/618][User-Agent: Chrome/62.0.3202.94 Windows NT 10.0; Win64; x64][PLAIN TEXT (upload.youtube.comQ)][Plen Bins: 20,33,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,37,0,0,0,0,0] - 3 TCP 192.168.2.27:57452 <-> 172.217.23.111:443 [proto: 91.136/TLS.YouTubeUpload][IP: 126/Google][Encrypted][Confidence: DPI][cat: Media/1][6 pkts/649 bytes <-> 7 pkts/4799 bytes][Goodput ratio: 45/92][0.12 sec][Hostname/SNI: upload.youtube.com][ALPN: h2;http/1.1][bytes ratio: -0.762 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 22/12 57/39 23/15][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 108/686 256/1484 73/634][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: bc6c386f480ee97b9d9e52d472b772d8][TLSv1.2][JA3C: bc6c386f480ee97b9d9e52d472b772d8][ServerNames: upload.video.google.com,*.clients.google.com,*.docs.google.com,*.drive.google.com,*.gdata.youtube.com,*.googleapis.com,*.photos.google.com,*.upload.google.com,*.upload.youtube.com,*.youtube-3rd-party.com,upload.google.com,upload.youtube.com,uploads.stage.gdata.youtube.com][JA3S: b26c652e0a402a24b5ca2a660e84f9d5][Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2][Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=upload.video.google.com][Certificate SHA-1: EE:3E:32:FB:B1:2E:82:EE:DF:FF:C0:1B:27:CD:BF:D8:8A:CB:BD:63][Validity: 2017-11-01 13:50:15 - 2018-01-24 13:31:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,28,0,0,0,14,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,28,0,0,0] + 3 TCP 192.168.2.27:57452 <-> 172.217.23.111:443 [proto: 91.136/TLS.YouTubeUpload][IP: 126/Google][Encrypted][Confidence: DPI][cat: Media/1][6 pkts/649 bytes <-> 7 pkts/4799 bytes][Goodput ratio: 45/92][0.12 sec][Hostname/SNI: upload.youtube.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.762 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 22/12 57/39 23/15][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 108/686 256/1484 73/634][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: bc6c386f480ee97b9d9e52d472b772d8][TLSv1.2][JA3C: bc6c386f480ee97b9d9e52d472b772d8][ServerNames: upload.video.google.com,*.clients.google.com,*.docs.google.com,*.drive.google.com,*.gdata.youtube.com,*.googleapis.com,*.photos.google.com,*.upload.google.com,*.upload.youtube.com,*.youtube-3rd-party.com,upload.google.com,upload.youtube.com,uploads.stage.gdata.youtube.com][JA3S: b26c652e0a402a24b5ca2a660e84f9d5][Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2][Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=upload.video.google.com][Certificate SHA-1: EE:3E:32:FB:B1:2E:82:EE:DF:FF:C0:1B:27:CD:BF:D8:8A:CB:BD:63][Validity: 2017-11-01 13:50:15 - 2018-01-24 13:31:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,28,0,0,0,14,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,28,0,0,0] diff --git a/tests/result/zoom.pcap.out b/tests/result/zoom.pcap.out index e62845517..0886f3099 100644 --- a/tests/result/zoom.pcap.out +++ b/tests/result/zoom.pcap.out @@ -17,7 +17,7 @@ Automa host: 25/20 (search/found) Automa domain: 24/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 7/0 (search/found) -Automa common alpns: 0/0 (search/found) +Automa common alpns: 10/10 (search/found) Patricia risk mask: 56/0 (search/found) Patricia risk: 0/0 (search/found) Patricia protocols: 67/20 (search/found) @@ -44,16 +44,16 @@ JA3 Host Stats: 1 UDP 192.168.1.117:58327 <-> 109.94.160.99:8801 [proto: 189/Zoom][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Video/26][10 pkts/7806 bytes <-> 175 pkts/184434 bytes][Goodput ratio: 95/96][1.44 sec][bytes ratio: -0.919 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/8 32/35 11/5][Pkt Len c2s/s2c min/avg/max/stddev: 55/60 781/1054 1071/1071 444/129][PLAIN TEXT (replace)][Plen Bins: 1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,97,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 192.168.1.117:54871 <-> 109.94.160.99:443 [proto: 91.189/TLS.Zoom][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Video/26][127 pkts/54118 bytes <-> 83 pkts/17526 bytes][Goodput ratio: 84/69][2.00 sec][Hostname/SNI: zoomfrn99mmr.zoom.us][bytes ratio: 0.511 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/9 950/156 93/24][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 426/211 1506/1506 458/364][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: c51de225944b7d58d48c0f99f86ba8e6][ServerNames: *.zoom.us,zoom.us][JA3S: ada793d0f02b028a6c840504edccb652][Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2][Subject: OU=Domain Control Validated, CN=*.zoom.us][Certificate SHA-1: F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8][Firefox][Validity: 2019-03-25 19:38:42 - 2021-03-25 19:38:42][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,20,12,4,2,6,3,2,2,2,4,5,10,1,0,0,1,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0] - 3 TCP 192.168.1.117:54866 <-> 52.202.62.236:443 [proto: 91.189/TLS.Zoom][IP: 189/Zoom][Encrypted][Confidence: DPI][cat: Video/26][16 pkts/3097 bytes <-> 17 pkts/18622 bytes][Goodput ratio: 71/95][0.61 sec][Hostname/SNI: www3.zoom.us][ALPN: http/1.1][bytes ratio: -0.715 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/28 114/143 47/51][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 194/1095 864/1506 265/618][TLSv1.2][JA3C: 535aca3d99fc247509cd50933cd71d37][ServerNames: *.zoom.us,zoom.us][JA3S: 3c30f2c064a3aed8cd95de8d68c726a6][Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2][Subject: OU=Domain Control Validated, CN=*.zoom.us][Certificate SHA-1: F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8][Firefox][Validity: 2019-03-25 19:38:42 - 2021-03-25 19:38:42][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,5,0,0,0,5,0,0,0,0,0,0,5,0,0,0,5,0,0,0,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,63,0,0] - 4 TCP 192.168.1.117:54865 <-> 52.202.62.196:443 [proto: 91.189/TLS.Zoom][IP: 189/Zoom][Encrypted][Confidence: DPI][cat: Video/26][15 pkts/2448 bytes <-> 15 pkts/16505 bytes][Goodput ratio: 66/95][0.50 sec][Hostname/SNI: zoom.us][ALPN: http/1.1][bytes ratio: -0.742 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 31/22 112/136 46/46][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 163/1100 687/1506 200/623][TLSv1.2][JA3C: 535aca3d99fc247509cd50933cd71d37][ServerNames: *.zoom.us,zoom.us][JA3S: 3c30f2c064a3aed8cd95de8d68c726a6][Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2][Subject: OU=Domain Control Validated, CN=*.zoom.us][Certificate SHA-1: F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8][Firefox][Validity: 2019-03-25 19:38:42 - 2021-03-25 19:38:42][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,6,0,0,0,6,0,0,6,0,0,0,0,0,0,0,6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,6,0,0,0,0,57,0,0] + 3 TCP 192.168.1.117:54866 <-> 52.202.62.236:443 [proto: 91.189/TLS.Zoom][IP: 189/Zoom][Encrypted][Confidence: DPI][cat: Video/26][16 pkts/3097 bytes <-> 17 pkts/18622 bytes][Goodput ratio: 71/95][0.61 sec][Hostname/SNI: www3.zoom.us][(Advertised) ALPNs: http/1.1][bytes ratio: -0.715 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/28 114/143 47/51][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 194/1095 864/1506 265/618][TLSv1.2][JA3C: 535aca3d99fc247509cd50933cd71d37][ServerNames: *.zoom.us,zoom.us][JA3S: 3c30f2c064a3aed8cd95de8d68c726a6][Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2][Subject: OU=Domain Control Validated, CN=*.zoom.us][Certificate SHA-1: F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8][Firefox][Validity: 2019-03-25 19:38:42 - 2021-03-25 19:38:42][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,5,0,0,0,5,0,0,0,0,0,0,5,0,0,0,5,0,0,0,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,63,0,0] + 4 TCP 192.168.1.117:54865 <-> 52.202.62.196:443 [proto: 91.189/TLS.Zoom][IP: 189/Zoom][Encrypted][Confidence: DPI][cat: Video/26][15 pkts/2448 bytes <-> 15 pkts/16505 bytes][Goodput ratio: 66/95][0.50 sec][Hostname/SNI: zoom.us][(Advertised) ALPNs: http/1.1][bytes ratio: -0.742 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 31/22 112/136 46/46][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 163/1100 687/1506 200/623][TLSv1.2][JA3C: 535aca3d99fc247509cd50933cd71d37][ServerNames: *.zoom.us,zoom.us][JA3S: 3c30f2c064a3aed8cd95de8d68c726a6][Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2][Subject: OU=Domain Control Validated, CN=*.zoom.us][Certificate SHA-1: F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8][Firefox][Validity: 2019-03-25 19:38:42 - 2021-03-25 19:38:42][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,6,0,0,0,6,0,0,6,0,0,0,0,0,0,0,6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,6,0,0,0,0,57,0,0] 5 TCP 192.168.1.117:54868 <-> 213.19.144.104:443 [proto: 91.189/TLS.Zoom][IP: 189/Zoom][Encrypted][Confidence: DPI][cat: Video/26][17 pkts/2534 bytes <-> 13 pkts/7180 bytes][Goodput ratio: 56/88][0.41 sec][Hostname/SNI: zoomam104zc.zoom.us][bytes ratio: -0.478 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 28/41 87/168 27/61][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 149/552 642/1506 175/612][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: c51de225944b7d58d48c0f99f86ba8e6][ServerNames: *.zoom.us,zoom.us][JA3S: ada793d0f02b028a6c840504edccb652][Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2][Subject: OU=Domain Control Validated, CN=*.zoom.us][Certificate SHA-1: F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8][Firefox][Validity: 2019-03-25 19:38:42 - 2021-03-25 19:38:42][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 21,6,6,6,6,0,0,6,0,0,0,0,0,6,0,0,6,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,21,0,0] 6 TCP 192.168.1.117:54869 <-> 213.244.140.85:443 [proto: 91.189/TLS.Zoom][IP: 189/Zoom][Encrypted][Confidence: DPI][cat: Video/26][16 pkts/2480 bytes <-> 13 pkts/7182 bytes][Goodput ratio: 57/88][0.39 sec][Hostname/SNI: zoomfr85zc.zoom.us][bytes ratio: -0.487 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27/41 202/224 52/72][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 155/552 642/1506 178/612][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: c51de225944b7d58d48c0f99f86ba8e6][ServerNames: *.zoom.us,zoom.us][JA3S: ada793d0f02b028a6c840504edccb652][Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2][Subject: OU=Domain Control Validated, CN=*.zoom.us][Certificate SHA-1: F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8][Firefox][Validity: 2019-03-25 19:38:42 - 2021-03-25 19:38:42][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 21,6,6,6,6,0,0,6,0,0,0,0,0,6,0,0,6,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,21,0,0] 7 TCP 192.168.1.117:54867 <-> 213.19.144.105:443 [proto: 91.189/TLS.Zoom][IP: 189/Zoom][Encrypted][Confidence: DPI][cat: Video/26][16 pkts/2468 bytes <-> 13 pkts/7188 bytes][Goodput ratio: 58/88][0.42 sec][Hostname/SNI: zoomam105zc.zoom.us][bytes ratio: -0.489 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 30/43 147/178 40/63][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 154/553 642/1506 179/612][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: c51de225944b7d58d48c0f99f86ba8e6][ServerNames: *.zoom.us,zoom.us][JA3S: ada793d0f02b028a6c840504edccb652][Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2][Subject: OU=Domain Control Validated, CN=*.zoom.us][Certificate SHA-1: F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8][Firefox][Validity: 2019-03-25 19:38:42 - 2021-03-25 19:38:42][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 21,6,6,6,6,0,0,6,0,0,0,0,0,6,0,0,6,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,21,0,0] 8 TCP 192.168.1.117:54870 <-> 213.244.140.84:443 [proto: 91.189/TLS.Zoom][IP: 189/Zoom][Encrypted][Confidence: DPI][cat: Video/26][16 pkts/1832 bytes <-> 12 pkts/6702 bytes][Goodput ratio: 44/88][0.38 sec][Hostname/SNI: zoomfr84zc.zoom.us][bytes ratio: -0.571 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 28/40 187/280 49/91][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 114/558 583/1506 129/636][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: c51de225944b7d58d48c0f99f86ba8e6][ServerNames: *.zoom.us,zoom.us][JA3S: ada793d0f02b028a6c840504edccb652][Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2][Subject: OU=Domain Control Validated, CN=*.zoom.us][Certificate SHA-1: F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8][Firefox][Validity: 2019-03-25 19:38:42 - 2021-03-25 19:38:42][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 25,0,8,8,8,0,0,8,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,25,0,0] - 9 TCP 192.168.1.117:54864 <-> 52.202.62.238:443 [proto: 91.189/TLS.Zoom][IP: 189/Zoom][Encrypted][Confidence: DPI][cat: Video/26][10 pkts/2030 bytes <-> 8 pkts/6283 bytes][Goodput ratio: 72/93][0.47 sec][Hostname/SNI: log.zoom.us][ALPN: http/1.1][bytes ratio: -0.512 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 58/40 110/131 50/57][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 203/785 812/1506 256/675][TLSv1.2][JA3C: 535aca3d99fc247509cd50933cd71d37][ServerNames: *.zoom.us,zoom.us][JA3S: 3c30f2c064a3aed8cd95de8d68c726a6][Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2][Subject: OU=Domain Control Validated, CN=*.zoom.us][Certificate SHA-1: F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8][Firefox][Validity: 2019-03-25 19:38:42 - 2021-03-25 19:38:42][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,11,0,0,0,22,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,33,0,0] + 9 TCP 192.168.1.117:54864 <-> 52.202.62.238:443 [proto: 91.189/TLS.Zoom][IP: 189/Zoom][Encrypted][Confidence: DPI][cat: Video/26][10 pkts/2030 bytes <-> 8 pkts/6283 bytes][Goodput ratio: 72/93][0.47 sec][Hostname/SNI: log.zoom.us][(Advertised) ALPNs: http/1.1][bytes ratio: -0.512 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 58/40 110/131 50/57][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 203/785 812/1506 256/675][TLSv1.2][JA3C: 535aca3d99fc247509cd50933cd71d37][ServerNames: *.zoom.us,zoom.us][JA3S: 3c30f2c064a3aed8cd95de8d68c726a6][Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2][Subject: OU=Domain Control Validated, CN=*.zoom.us][Certificate SHA-1: F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8][Firefox][Validity: 2019-03-25 19:38:42 - 2021-03-25 19:38:42][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,11,0,0,0,22,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,33,0,0] 10 TCP 192.168.1.117:53872 <-> 35.186.224.53:443 [proto: 91/TLS][IP: 284/GoogleCloud][Encrypted][Confidence: DPI][cat: Web/5][8 pkts/2017 bytes <-> 8 pkts/4822 bytes][Goodput ratio: 74/89][0.07 sec][bytes ratio: -0.410 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/10 58/45 22/16][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 252/603 1434/1484 447/585][Plen Bins: 0,12,25,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,25,0,0,0] 11 TCP 192.168.1.117:54863 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][10 pkts/2198 bytes <-> 10 pkts/2067 bytes][Goodput ratio: 69/68][5.26 sec][Hostname/SNI: dati.ntop.org][bytes ratio: 0.031 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 645/740 5003/5003 1647/1741][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 220/207 932/1292 283/364][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **][Risk Score: 60][Risk Info: No ALPN][TLSv1.2][JA3C: a795593605a13211941d44505b4d1e39][JA3S: dd4b012f7a008e741554bd0a4ed12920][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 16,0,0,0,34,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0] - 12 TCP 192.168.1.117:54854 -> 172.217.21.72:443 [proto: 91.239/TLS.GoogleServices][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][4 pkts/1060 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][6.46 sec][Hostname/SNI: www.googletagmanager.com][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][Risk: ** Obsolete TLS (v1.1 or older) **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / TLSv1][TLSv1][JA3C: d78489b860c8bf7838a6ff0b4d131541][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 12 TCP 192.168.1.117:54854 -> 172.217.21.72:443 [proto: 91.239/TLS.GoogleServices][IP: 126/Google][Encrypted][Confidence: DPI][cat: Web/5][4 pkts/1060 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][6.46 sec][Hostname/SNI: www.googletagmanager.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][Risk: ** Obsolete TLS (v1.1 or older) **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / TLSv1][TLSv1][JA3C: d78489b860c8bf7838a6ff0b4d131541][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 13 TCP 192.168.1.117:53867 <-> 104.199.65.42:80 [proto: 7/HTTP][IP: 126/Google][ClearText][Confidence: Match by port][cat: Web/5][4 pkts/710 bytes <-> 2 pkts/242 bytes][Goodput ratio: 63/45][0.09 sec][bytes ratio: 0.492 (Upload)][IAT c2s/s2c min/avg/max/stddev: 30/64 31/64 32/64 1/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/121 178/121 329/121 115/0][Plen Bins: 0,50,0,0,0,25,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 14 UDP 192.168.1.117:61731 <-> 109.94.160.99:8801 [proto: 189/Zoom][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Video/26][4 pkts/372 bytes <-> 4 pkts/290 bytes][Goodput ratio: 55/39][0.11 sec][bytes ratio: 0.124 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 4/35 28/27 49/47 18/20][Pkt Len c2s/s2c min/avg/max/stddev: 55/60 93/72 151/93 40/14][PLAIN TEXT (replace)][Plen Bins: 50,25,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 15 UDP 192.168.1.117:60620 <-> 109.94.160.99:8801 [proto: 189/Zoom][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Video/26][4 pkts/408 bytes <-> 3 pkts/222 bytes][Goodput ratio: 59/41][1.24 sec][bytes ratio: 0.295 (Upload)][IAT c2s/s2c min/avg/max/stddev: 7/31 413/16 1209/31 563/16][Pkt Len c2s/s2c min/avg/max/stddev: 55/60 102/74 149/85 33/10][PLAIN TEXT (replace)][Plen Bins: 28,57,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/zoom2.pcap.out b/tests/result/zoom2.pcap.out index 9fa64d393..2c5996810 100644 --- a/tests/result/zoom2.pcap.out +++ b/tests/result/zoom2.pcap.out @@ -32,6 +32,6 @@ JA3 Host Stats: 1 UDP 192.168.1.178:60653 <-> 144.195.73.154:8801 [proto: 189/Zoom][IP: 189/Zoom][Encrypted][Confidence: DPI (partial cache)][cat: Video/26][3824 pkts/4162390 bytes <-> 4907 pkts/4203451 bytes][Goodput ratio: 96/95][40.59 sec][bytes ratio: -0.005 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/6 101/100 10/10][Pkt Len c2s/s2c min/avg/max/stddev: 94/60 1088/857 1339/1339 242/271][PLAIN TEXT (replace)][Plen Bins: 0,2,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,1,1,74,3,1,0,1,9,1,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.1.178:58117 <-> 144.195.73.154:8801 [proto: 189/Zoom][IP: 189/Zoom][Encrypted][Confidence: DPI (partial cache)][cat: Video/26][1283 pkts/302584 bytes <-> 947 pkts/159626 bytes][Goodput ratio: 82/75][39.98 sec][bytes ratio: 0.309 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 28/36 141/131 26/34][Pkt Len c2s/s2c min/avg/max/stddev: 106/60 236/169 376/369 87/64][PLAIN TEXT (replace)][Plen Bins: 0,1,64,18,7,0,0,4,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 3 TCP 192.168.1.178:50076 <-> 144.195.73.154:443 [proto: 91.189/TLS.Zoom][IP: 189/Zoom][Encrypted][Confidence: DPI][cat: Video/26][491 pkts/108525 bytes <-> 411 pkts/58625 bytes][Goodput ratio: 70/54][44.41 sec][Hostname/SNI: zoomsjccv154mmr.sjc.zoom.us][bytes ratio: 0.299 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 75/109 1466/1467 185/193][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 221/143 1506/1506 285/210][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: 832952db10f1453442636675bed2702b][ServerNames: *.sjc.zoom.us][JA3S: 8aca82d60194883e764ab2743e60c380][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=US, ST=California, L=San Jose, O=Zoom Video Communications, Inc., CN=*.sjc.zoom.us][Certificate SHA-1: 43:42:0A:34:FD:F6:7A:FC:E9:C1:95:D8:E0:79:7E:17:B9:65:B0:A7][Firefox][Validity: 2021-04-13 00:00:00 - 2022-04-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,15,17,13,5,3,8,2,1,0,1,0,1,1,3,1,2,4,2,0,0,1,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,10,0,0] + 3 TCP 192.168.1.178:50076 <-> 144.195.73.154:443 [proto: 91.189/TLS.Zoom][IP: 189/Zoom][Encrypted][Confidence: DPI][cat: Video/26][491 pkts/108525 bytes <-> 411 pkts/58625 bytes][Goodput ratio: 70/54][44.41 sec][Hostname/SNI: zoomsjccv154mmr.sjc.zoom.us][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.299 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 75/109 1466/1467 185/193][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 221/143 1506/1506 285/210][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: 832952db10f1453442636675bed2702b][ServerNames: *.sjc.zoom.us][JA3S: 8aca82d60194883e764ab2743e60c380][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=US, ST=California, L=San Jose, O=Zoom Video Communications, Inc., CN=*.sjc.zoom.us][Certificate SHA-1: 43:42:0A:34:FD:F6:7A:FC:E9:C1:95:D8:E0:79:7E:17:B9:65:B0:A7][Firefox][Validity: 2021-04-13 00:00:00 - 2022-04-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,15,17,13,5,3,8,2,1,0,1,0,1,1,3,1,2,4,2,0,0,1,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,10,0,0] 4 UDP 192.168.1.178:57953 <-> 144.195.73.154:8801 [proto: 189/Zoom][IP: 189/Zoom][Encrypted][Confidence: DPI (partial cache)][cat: Video/26][43 pkts/5229 bytes <-> 44 pkts/4520 bytes][Goodput ratio: 65/59][39.68 sec][bytes ratio: 0.073 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 941/849 3580/3749 1440/1522][Pkt Len c2s/s2c min/avg/max/stddev: 69/60 122/103 185/133 41/28][PLAIN TEXT (replace)][Plen Bins: 35,2,43,13,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 5 ICMP 192.168.1.178:0 -> 144.195.73.154:0 [proto: 81/ICMP][IP: 189/Zoom][ClearText][Confidence: DPI][cat: Network/14][27 pkts/1890 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][0.15 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/0 20/0 6/0][Pkt Len c2s/s2c min/avg/max/stddev: 70/0 70/0 70/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] |