diff options
| author | Luca Deri <deri@ntop.org> | 2021-05-19 21:28:13 +0200 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2021-05-19 21:28:33 +0200 |
| commit | d485c1cecb74ee8e797b28e6c9c39c9731281535 (patch) | |
| tree | 757db8436c69d90842b3ac65623ebb6e964e8cf3 | |
| parent | 71b81d3799a9bc8fa43f7037fb78423e0b11e7ca (diff) | |
Improved TLS browser detection heuristics
| -rw-r--r-- | src/lib/ndpi_utils.c | 2 | ||||
| -rw-r--r-- | src/lib/protocols/tls.c | 111 | ||||
| -rw-r--r-- | tests/result/alexa-app.pcapng.out | 152 | ||||
| -rw-r--r-- | tests/result/android.pcap.out | 10 | ||||
| -rw-r--r-- | tests/result/anyconnect-vpn.pcap.out | 2 | ||||
| -rw-r--r-- | tests/result/iphone.pcap.out | 28 | ||||
| -rw-r--r-- | tests/result/signal.pcap.out | 20 | ||||
| -rw-r--r-- | tests/result/simple-dnscrypt.pcap.out | 8 | ||||
| -rw-r--r-- | tests/result/teams.pcap.out | 28 | ||||
| -rw-r--r-- | tests/result/wa_voice.pcap.out | 4 | ||||
| -rw-r--r-- | tests/result/wechat.pcap.out | 56 | ||||
| -rw-r--r-- | tests/result/youtubeupload.pcap.out | 2 |
12 files changed, 250 insertions, 173 deletions
diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c index 0f784bb7e..f553b5436 100644 --- a/src/lib/ndpi_utils.c +++ b/src/lib/ndpi_utils.c @@ -1807,6 +1807,8 @@ u_int16_t ndpi_risk2score(ndpi_risk risk) { u_int16_t score = 0; u_int32_t i; + if(risk == 0) return(0); + for(i = 0; i < NDPI_MAX_RISK; i++) { ndpi_risk_enum r = (ndpi_risk_enum)i; diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index 6f30400f7..f4fb66540 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -1383,7 +1383,7 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, ","); if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc; } - + /* ********** */ for(i=0; (i<ja3.server.num_tls_extension) && (JA3_STR_LEN > ja3_str_len); i++) { @@ -1456,21 +1456,22 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, #endif if((cipher_offset+cipher_len) <= total_len) { - u_int8_t safari_ciphers = 0, chrome_ciphers = 0; + u_int8_t safari_ciphers = 0, chrome_ciphers = 0, this_is_not_safari = 0, looks_like_safari_on_big_sur = 0; for(i=0; i<cipher_len;) { u_int16_t *id = (u_int16_t*)&packet->payload[cipher_offset+i]; - -#ifdef DEBUG_TLS - printf("Client TLS [cipher suite: %u/0x%04X] [%d/%u]\n", ntohs(*id), ntohs(*id), i, cipher_len); -#endif - if((*id == 0) || (packet->payload[cipher_offset+i] != packet->payload[cipher_offset+i+1])) { - u_int16_t cipher_id = ntohs(*id); + u_int16_t cipher_id = ntohs(*id); + + if(packet->payload[cipher_offset+i] != packet->payload[cipher_offset+i+1] /* Skip Grease */) { /* Skip GREASE [https://tools.ietf.org/id/draft-ietf-tls-grease-01.html] https://engineering.salesforce.com/tls-fingerprinting-with-ja3-and-ja3s-247362855967 */ +#if defined(DEBUG_TLS) || defined(DEBUG_HEURISTIC) + printf("Client TLS [non-GREASE cipher suite: %u/0x%04X] [%d/%u]\n", cipher_id, cipher_id, i, cipher_len); +#endif + if(ja3.client.num_cipher < MAX_NUM_JA3) ja3.client.cipher[ja3.client.num_cipher++] = cipher_id; else { @@ -1480,13 +1481,16 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, #endif } +#if defined(DEBUG_TLS) || defined(DEBUG_HEURISTIC) + printf("Client TLS [cipher suite: %u/0x%04X] [%d/%u]\n", cipher_id, cipher_id, i, cipher_len); +#endif + switch(cipher_id) { case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: safari_ciphers++; break; - case TLS_CIPHER_GREASE_RESERVED_0: case TLS_AES_128_GCM_SHA256: case TLS_AES_256_GCM_SHA384: case TLS_CHACHA20_POLY1305_SHA256: @@ -1505,21 +1509,42 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, case TLS_RSA_WITH_AES_256_GCM_SHA384: safari_ciphers++, chrome_ciphers++; break; + + case TLS_RSA_WITH_3DES_EDE_CBC_SHA: + looks_like_safari_on_big_sur = 1; + break; } + } else { +#if defined(DEBUG_TLS) || defined(DEBUG_HEURISTIC) + printf("Client TLS [GREASE cipher suite: %u/0x%04X] [%d/%u]\n", cipher_id, cipher_id, i, cipher_len); +#endif + + this_is_not_safari = 1; /* NOTE: BugSur and up have grease support */ } i += 2; } /* for */ + /* NOTE: + we do not check for duplicates as with signatures because + this is time consuming and we want to avoid overhead whem possible + */ + if(this_is_not_safari) + flow->protos.tls_quic_stun.tls_quic.browser_euristics.is_safari_tls = 0; + else if((safari_ciphers == 12) || (this_is_not_safari && looks_like_safari_on_big_sur)) + flow->protos.tls_quic_stun.tls_quic.browser_euristics.is_safari_tls = 1; + if(chrome_ciphers == 13) flow->protos.tls_quic_stun.tls_quic.browser_euristics.is_chrome_tls = 1; - else if(safari_ciphers == 12) - flow->protos.tls_quic_stun.tls_quic.browser_euristics.is_safari_tls = 1; + /* Note that both Safari and Chrome can overlap */ #ifdef DEBUG_HEURISTIC - printf("[is_chrome_tls: %u][is_safari_tls: %u]\n", + printf("[CIPHERS] [is_chrome_tls: %u (%u)][is_safari_tls: %u (%u)][this_is_not_safari: %u]\n", flow->protos.tls_quic_stun.tls_quic.browser_euristics.is_chrome_tls, - flow->protos.tls_quic_stun.tls_quic.browser_euristics.is_safari_tls); + chrome_ciphers, + flow->protos.tls_quic_stun.tls_quic.browser_euristics.is_safari_tls, + safari_ciphers, + this_is_not_safari); #endif } else { invalid_ja3 = 1; @@ -1709,7 +1734,8 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, #endif } } else if(extension_id == 13 /* signature algorithms */) { - u_int16_t s_offset = offset+extension_offset, safari_signature_algorithms = 0, chrome_signature_algorithms = 0; + u_int16_t s_offset = offset+extension_offset, safari_signature_algorithms = 0, chrome_signature_algorithms = 0, + duplicate_found = 0, last_signature = 0; u_int16_t tot_signature_algorithms_len = ntohs(*((u_int16_t*)&packet->payload[s_offset])); #ifdef DEBUG_TLS @@ -1735,8 +1761,38 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, for(i=0; i<tot_signature_algorithms_len; i+=2) { u_int16_t signature_algo = (u_int16_t)ntohs(*((u_int16_t*)&packet->payload[s_offset+i])); + if(last_signature == signature_algo) { + /* Consecutive duplication */ + duplicate_found = 1; + continue; + } else { + /* Check for other duplications */ + u_int j, all_ok = 1; + + for(j=0; j<tot_signature_algorithms_len; j+=2) { + if(j != i) { + u_int16_t j_signature_algo = (u_int16_t)ntohs(*((u_int16_t*)&packet->payload[s_offset+j])); + + if((signature_algo == j_signature_algo) + && (i < j) /* Don't skip both of them */) { #ifdef DEBUG_HEURISTIC - printf("[TLS Signature Algorithm] 0x%04X\n", signature_algo); + printf("[SIGNATURE] [TLS Signature Algorithm] Skipping duplicate 0x%04X\n", signature_algo); +#endif + + duplicate_found = 1, all_ok = 0; + break; + } + } + } + + if(!all_ok) + continue; + } + + last_signature = signature_algo; + +#ifdef DEBUG_HEURISTIC + printf("[SIGNATURE] [TLS Signature Algorithm] 0x%04X\n", signature_algo); #endif switch(signature_algo) { case ECDSA_SECP521R1_SHA512: @@ -1752,10 +1808,20 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, case RSA_PSS_RSAE_SHA384: case RSA_PSS_RSAE_SHA512: chrome_signature_algorithms++, safari_signature_algorithms++; +#ifdef DEBUG_HEURISTIC + printf("[SIGNATURE] [Chrome/Safari] Found 0x%04X [chrome: %u][safari: %u]\n", + signature_algo, chrome_signature_algorithms, safari_signature_algorithms); +#endif + break; } } +#ifdef DEBUG_HEURISTIC + printf("[SIGNATURE] [safari_signature_algorithms: %u][chrome_signature_algorithms: %u]\n", + safari_signature_algorithms, chrome_signature_algorithms); +#endif + if(flow->protos.tls_quic_stun.tls_quic.browser_euristics.is_firefox_tls) flow->protos.tls_quic_stun.tls_quic.browser_euristics.is_safari_tls = 0, flow->protos.tls_quic_stun.tls_quic.browser_euristics.is_chrome_tls = 0; @@ -1763,14 +1829,23 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, if(safari_signature_algorithms != 8) flow->protos.tls_quic_stun.tls_quic.browser_euristics.is_safari_tls = 0; - if(chrome_signature_algorithms != 8) + if((chrome_signature_algorithms != 8) || duplicate_found) flow->protos.tls_quic_stun.tls_quic.browser_euristics.is_chrome_tls = 0; + /* Avoid Chrome and Safari overlaps, thing that cannot happen with Firefox */ + if(flow->protos.tls_quic_stun.tls_quic.browser_euristics.is_safari_tls) + flow->protos.tls_quic_stun.tls_quic.browser_euristics.is_chrome_tls = 0; + + if((flow->protos.tls_quic_stun.tls_quic.browser_euristics.is_chrome_tls == 0) + && duplicate_found) + flow->protos.tls_quic_stun.tls_quic.browser_euristics.is_safari_tls = 1; /* Safari */ + #ifdef DEBUG_HEURISTIC - printf("[is_firefox_tls: %u][is_chrome_tls: %u][is_safari_tls: %u]\n", + printf("[SIGNATURE] [is_firefox_tls: %u][is_chrome_tls: %u][is_safari_tls: %u][duplicate_found: %u]\n", flow->protos.tls_quic_stun.tls_quic.browser_euristics.is_firefox_tls, flow->protos.tls_quic_stun.tls_quic.browser_euristics.is_chrome_tls, - flow->protos.tls_quic_stun.tls_quic.browser_euristics.is_safari_tls); + flow->protos.tls_quic_stun.tls_quic.browser_euristics.is_safari_tls, + duplicate_found); #endif ja3.client.signature_algorithms[i*2] = '\0'; diff --git a/tests/result/alexa-app.pcapng.out b/tests/result/alexa-app.pcapng.out index ef4ef30b4..56b7056a0 100644 --- a/tests/result/alexa-app.pcapng.out +++ b/tests/result/alexa-app.pcapng.out @@ -16,99 +16,99 @@ JA3 Host Stats: 1 172.16.42.216 8 - 1 TCP 172.16.42.216:41913 <-> 52.84.62.115:443 [proto: 91.240/TLS.AmazonVideo][cat: Video/26][174 pkts/22371 bytes <-> 176 pkts/251141 bytes][Goodput ratio: 41/95][2.06 sec][ALPN: h2;http/1.1][bytes ratio: -0.836 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/2 843/74 74/9][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 129/1427 1356/1514 247/317][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: images-na.ssl-images-amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com][Certificate SHA-1: 39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52][Safari][Validity: 2016-09-23 00:00:00 - 2017-10-26 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,95,0,0] - 2 TCP 172.16.42.216:54411 <-> 52.85.209.216:443 [proto: 91.178/TLS.Amazon][cat: Web/5][40 pkts/9869 bytes <-> 38 pkts/36764 bytes][Goodput ratio: 73/93][4.46 sec][ALPN: h2;http/1.1][bytes ratio: -0.577 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 89/33 1629/317 305/68][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 247/967 1514/1514 433/642][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: www.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com][Certificate SHA-1: EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E][Safari][Validity: 2016-10-31 00:00:00 - 2017-12-31 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,2,0,2,0,0,2,2,0,0,0,2,2,0,0,0,0,0,0,0,0,0,2,2,0,0,0,0,0,0,0,0,8,2,0,2,0,0,0,0,0,0,0,0,0,69,0,0] - 3 TCP 172.16.42.216:41828 <-> 52.85.209.143:443 [proto: 91.178/TLS.Amazon][cat: Web/5][31 pkts/13163 bytes <-> 34 pkts/25939 bytes][Goodput ratio: 84/91][3.25 sec][ALPN: h2;http/1.1][bytes ratio: -0.327 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 111/38 1832/535 365/102][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 425/763 1514/1514 587/629][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: www.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com][Certificate SHA-1: EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E][Safari][Validity: 2016-10-31 00:00:00 - 2017-12-31 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 2,2,2,8,0,0,2,2,2,0,2,0,0,2,0,0,2,0,0,2,0,2,5,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,53,0,0] - 4 TCP 172.16.42.216:40856 <-> 54.239.29.253:443 [proto: 91.178/TLS.Amazon][cat: Web/5][47 pkts/4785 bytes <-> 51 pkts/31984 bytes][Goodput ratio: 47/91][2.59 sec][ALPN: h2;http/1.1][bytes ratio: -0.740 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 65/13 1811/246 293/44][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 102/627 1514/1514 218/316][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: skills-store.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: skills-store.amazon.com][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=skills-store.amazon.com][Certificate SHA-1: 2A:40:0E:E9:9A:EC:7C:0D:40:AA:C9:C5:66:67:00:B8:3E:90:DC:B2][Safari][Validity: 2016-05-14 00:00:00 - 2017-05-15 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,3,0,0,0,0,1,1,0,0,1,0,0,1,0,0,0,80,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,7,0,0] + 1 TCP 172.16.42.216:41913 <-> 52.84.62.115:443 [proto: 91.240/TLS.AmazonVideo][cat: Video/26][174 pkts/22371 bytes <-> 176 pkts/251141 bytes][Goodput ratio: 41/95][2.06 sec][ALPN: h2;http/1.1][bytes ratio: -0.836 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/2 843/74 74/9][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 129/1427 1356/1514 247/317][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: images-na.ssl-images-amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com][Certificate SHA-1: 39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52][Validity: 2016-09-23 00:00:00 - 2017-10-26 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,95,0,0] + 2 TCP 172.16.42.216:54411 <-> 52.85.209.216:443 [proto: 91.178/TLS.Amazon][cat: Web/5][40 pkts/9869 bytes <-> 38 pkts/36764 bytes][Goodput ratio: 73/93][4.46 sec][ALPN: h2;http/1.1][bytes ratio: -0.577 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 89/33 1629/317 305/68][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 247/967 1514/1514 433/642][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: www.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com][Certificate SHA-1: EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E][Validity: 2016-10-31 00:00:00 - 2017-12-31 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,2,0,2,0,0,2,2,0,0,0,2,2,0,0,0,0,0,0,0,0,0,2,2,0,0,0,0,0,0,0,0,8,2,0,2,0,0,0,0,0,0,0,0,0,69,0,0] + 3 TCP 172.16.42.216:41828 <-> 52.85.209.143:443 [proto: 91.178/TLS.Amazon][cat: Web/5][31 pkts/13163 bytes <-> 34 pkts/25939 bytes][Goodput ratio: 84/91][3.25 sec][ALPN: h2;http/1.1][bytes ratio: -0.327 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 111/38 1832/535 365/102][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 425/763 1514/1514 587/629][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: www.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com][Certificate SHA-1: EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E][Validity: 2016-10-31 00:00:00 - 2017-12-31 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 2,2,2,8,0,0,2,2,2,0,2,0,0,2,0,0,2,0,0,2,0,2,5,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,53,0,0] + 4 TCP 172.16.42.216:40856 <-> 54.239.29.253:443 [proto: 91.178/TLS.Amazon][cat: Web/5][47 pkts/4785 bytes <-> 51 pkts/31984 bytes][Goodput ratio: 47/91][2.59 sec][ALPN: h2;http/1.1][bytes ratio: -0.740 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 65/13 1811/246 293/44][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 102/627 1514/1514 218/316][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: skills-store.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: skills-store.amazon.com][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=skills-store.amazon.com][Certificate SHA-1: 2A:40:0E:E9:9A:EC:7C:0D:40:AA:C9:C5:66:67:00:B8:3E:90:DC:B2][Validity: 2016-05-14 00:00:00 - 2017-05-15 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,3,0,0,0,0,1,1,0,0,1,0,0,1,0,0,0,80,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,7,0,0] 5 TCP 172.16.42.216:51986 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][cat: Web/5][31 pkts/3707 bytes <-> 28 pkts/31731 bytes][Goodput ratio: 44/94][1.26 sec][Host: ecx.images-amazon.com][bytes ratio: -0.791 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/21 364/286 86/68][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 120/1133 613/1514 162/585][URL: ecx.images-amazon.com/images/I/81diFQyVjHL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.292][PLAIN TEXT (GET /images/I/81diF)][Plen Bins: 3,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,3,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,3,68,0,0] 6 TCP 172.16.42.216:51995 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][cat: Web/5][22 pkts/2590 bytes <-> 25 pkts/31047 bytes][Goodput ratio: 42/95][1.13 sec][Host: ecx.images-amazon.com][bytes ratio: -0.846 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 54/42 536/536 126/120][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 118/1242 613/1514 157/474][URL: ecx.images-amazon.com/images/I/5100jxqrQhL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.292][PLAIN TEXT (GET /images/I/5100j)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,8,0,0,0,4,0,0,0,0,67,0,0] 7 TCP 172.16.42.216:51992 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][cat: Web/5][27 pkts/3443 bytes <-> 24 pkts/29237 bytes][Goodput ratio: 48/95][1.13 sec][Host: ecx.images-amazon.com][bytes ratio: -0.789 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 36/6 368/110 98/25][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 128/1218 613/1514 172/546][URL: ecx.images-amazon.com/images/I/71nqwmwmRlL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.292][PLAIN TEXT (GET /images/I/71nqwmwmRlL.)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,74,0,0] 8 TCP 172.16.42.216:41691 <-> 54.239.29.146:443 [proto: 91.178/TLS.Amazon][cat: Web/5][28 pkts/5292 bytes <-> 28 pkts/24601 bytes][Goodput ratio: 71/94][100.86 sec][bytes ratio: -0.646 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 37/78 293/443 72/134][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 189/879 1514/1514 381/687][Risk: ** TLS (probably) not carrying HTTPS **][Risk Score: 10][TLSv1.2][Client: api.amazon.com][JA3C: bdf21e38e1f69776df407235625e75e2][ServerNames: api.amazon.com,wsync.us-east-1.amazon.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=api.amazon.com][Certificate SHA-1: 1D:A3:CD:C3:06:9E:9B:A0:61:1E:1A:75:55:C1:A8:B0:DC:F8:75:2D][Firefox][Validity: 2016-09-05 00:00:00 - 2017-09-23 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,3,0,3,0,15,3,0,0,0,0,0,3,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,68,0,0] 9 TCP 172.16.42.216:38483 <-> 52.85.209.143:443 [proto: 91.178/TLS.Amazon][cat: Web/5][32 pkts/3796 bytes <-> 30 pkts/25146 bytes][Goodput ratio: 44/92][0.66 sec][bytes ratio: -0.738 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/19 227/241 45/48][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 119/838 732/1514 163/608][Risk: ** TLS (probably) not carrying HTTPS **** SNI TLS extension was missing **][Risk Score: 60][TLSv1.2][JA3C: 36e9ceaa96dd810482573844f78a063f][ServerNames: amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com][Certificate SHA-1: EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E][Firefox][Validity: 2016-10-31 00:00:00 - 2017-12-31 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,12,3,6,0,0,6,0,0,0,0,3,3,0,0,3,0,3,0,0,6,3,0,3,0,0,3,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0] - 10 TCP 172.16.42.216:34034 <-> 54.239.24.186:443 [proto: 91.178/TLS.Amazon][cat: Web/5][24 pkts/22786 bytes <-> 19 pkts/2185 bytes][Goodput ratio: 94/49][1.87 sec][ALPN: h2;http/1.1][bytes ratio: 0.825 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 65/76 511/512 132/142][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 949/115 1514/564 678/140][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: mobileanalytics.us-east-1.amazonaws.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 4,4,0,0,4,0,0,0,4,0,0,0,4,0,0,4,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,65,0,0] - 11 TCP 172.16.42.216:45703 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][32 pkts/18086 bytes <-> 24 pkts/6391 bytes][Goodput ratio: 90/78][13.18 sec][ALPN: h2;http/1.1][bytes ratio: 0.478 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 478/297 3544/1485 870/399][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 565/266 1514/731 644/259][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,6,3,0,6,9,6,3,3,0,0,0,0,0,0,12,6,3,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0] - 12 TCP 172.16.42.216:45710 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][26 pkts/13063 bytes <-> 23 pkts/8561 bytes][Goodput ratio: 89/85][10.20 sec][ALPN: h2;http/1.1][bytes ratio: 0.208 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 464/535 3346/6303 892/1474][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 502/372 1514/1514 619/511][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 3,7,3,3,7,3,3,11,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,41,0,0] - 13 TCP 172.16.42.216:54434 <-> 52.85.209.216:443 [proto: 91.178/TLS.Amazon][cat: Web/5][18 pkts/9106 bytes <-> 15 pkts/10708 bytes][Goodput ratio: 86/91][3.73 sec][ALPN: h2;http/1.1][bytes ratio: -0.081 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/241 96/1116 31/336][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 506/714 1514/1514 633/678][TLSv1.2][Client: www.amazon.com][JA3C: 5ee142340adf02ded757447e2ff78986][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,6,6,0,6,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,6,57,0,0] - 14 TCP 172.16.42.216:41914 <-> 52.84.62.115:443 [proto: 91.240/TLS.AmazonVideo][cat: Video/26][20 pkts/6834 bytes <-> 15 pkts/11310 bytes][Goodput ratio: 80/91][0.96 sec][ALPN: h2;http/1.1][bytes ratio: -0.247 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 51/50 222/242 77/88][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 342/754 1351/1514 506/588][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: images-na.ssl-images-amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com][Certificate SHA-1: 39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52][Safari][Validity: 2016-09-23 00:00:00 - 2017-10-26 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,10,0,5,0,0,5,0,10,0,0,0,0,0,10,0,0,0,0,0,0,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,5,15,0,0,0,0,27,0,0] + 10 TCP 172.16.42.216:34034 <-> 54.239.24.186:443 [proto: 91.178/TLS.Amazon][cat: Web/5][24 pkts/22786 bytes <-> 19 pkts/2185 bytes][Goodput ratio: 94/49][1.87 sec][ALPN: h2;http/1.1][bytes ratio: 0.825 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 65/76 511/512 132/142][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 949/115 1514/564 678/140][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: mobileanalytics.us-east-1.amazonaws.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 4,4,0,0,4,0,0,0,4,0,0,0,4,0,0,4,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,65,0,0] + 11 TCP 172.16.42.216:45703 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][32 pkts/18086 bytes <-> 24 pkts/6391 bytes][Goodput ratio: 90/78][13.18 sec][ALPN: h2;http/1.1][bytes ratio: 0.478 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 478/297 3544/1485 870/399][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 565/266 1514/731 644/259][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,6,3,0,6,9,6,3,3,0,0,0,0,0,0,12,6,3,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0] + 12 TCP 172.16.42.216:45710 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][26 pkts/13063 bytes <-> 23 pkts/8561 bytes][Goodput ratio: 89/85][10.20 sec][ALPN: h2;http/1.1][bytes ratio: 0.208 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 464/535 3346/6303 892/1474][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 502/372 1514/1514 619/511][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 3,7,3,3,7,3,3,11,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,41,0,0] + 13 TCP 172.16.42.216:54434 <-> 52.85.209.216:443 [proto: 91.178/TLS.Amazon][cat: Web/5][18 pkts/9106 bytes <-> 15 pkts/10708 bytes][Goodput ratio: 86/91][3.73 sec][ALPN: h2;http/1.1][bytes ratio: -0.081 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/241 96/1116 31/336][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 506/714 1514/1514 633/678][TLSv1.2][Client: www.amazon.com][JA3C: 5ee142340adf02ded757447e2ff78986][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,6,6,0,6,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,6,57,0,0] + 14 TCP 172.16.42.216:41914 <-> 52.84.62.115:443 [proto: 91.240/TLS.AmazonVideo][cat: Video/26][20 pkts/6834 bytes <-> 15 pkts/11310 bytes][Goodput ratio: 80/91][0.96 sec][ALPN: h2;http/1.1][bytes ratio: -0.247 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 51/50 222/242 77/88][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 342/754 1351/1514 506/588][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: images-na.ssl-images-amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com][Certificate SHA-1: 39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52][Validity: 2016-09-23 00:00:00 - 2017-10-26 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,10,0,5,0,0,5,0,10,0,0,0,0,0,10,0,0,0,0,0,0,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,5,15,0,0,0,0,27,0,0] 15 TCP 172.16.42.216:51997 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][cat: Web/5][16 pkts/1611 bytes <-> 14 pkts/16206 bytes][Goodput ratio: 34/94][1.14 sec][Host: ecx.images-amazon.com][bytes ratio: -0.819 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 68/24 628/205 165/61][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 101/1158 613/1514 132/593][URL: ecx.images-amazon.com/images/I/61Tfp7ZVcoL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.292][PLAIN TEXT (GET /images/I/61Tfp)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,83,0,0] 16 TCP 172.16.42.216:51989 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][cat: Web/5][17 pkts/2771 bytes <-> 14 pkts/14992 bytes][Goodput ratio: 59/94][1.36 sec][Host: ecx.images-amazon.com][bytes ratio: -0.688 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 71/69 377/743 125/213][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 163/1071 613/1514 208/642][URL: ecx.images-amazon.com/images/I/71pwMKDRQIL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.292][PLAIN TEXT (zTGET /images/I/71pwMKDRQIL.)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,69,0,0] - 17 TCP 172.16.42.216:44912 <-> 54.239.23.94:443 [proto: 91.178/TLS.Amazon][cat: Web/5][19 pkts/11483 bytes <-> 14 pkts/5858 bytes][Goodput ratio: 91/86][10.46 sec][ALPN: h2;http/1.1][bytes ratio: 0.324 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 552/875 3665/7470 1005/2334][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 604/418 1514/1514 650/593][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: mobileanalytics.us-east-1.amazonaws.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: mobileanalytics.us-east-1.amazonaws.com][JA3S: 159d46e54a2c066ef95e656fdf034e1d][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=mobileanalytics.us-east-1.amazonaws.com][Certificate SHA-1: 87:AD:E9:2D:E8:42:F0:5C:3A:09:13:00:12:93:59:04:84:C3:E2:2D][Safari][Validity: 2016-05-31 00:00:00 - 2017-06-26 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,6,0,6,0,0,0,6,0,0,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,41,0,27,0,0] + 17 TCP 172.16.42.216:44912 <-> 54.239.23.94:443 [proto: 91.178/TLS.Amazon][cat: Web/5][19 pkts/11483 bytes <-> 14 pkts/5858 bytes][Goodput ratio: 91/86][10.46 sec][ALPN: h2;http/1.1][bytes ratio: 0.324 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 552/875 3665/7470 1005/2334][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 604/418 1514/1514 650/593][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: mobileanalytics.us-east-1.amazonaws.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: mobileanalytics.us-east-1.amazonaws.com][JA3S: 159d46e54a2c066ef95e656fdf034e1d][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=mobileanalytics.us-east-1.amazonaws.com][Certificate SHA-1: 87:AD:E9:2D:E8:42:F0:5C:3A:09:13:00:12:93:59:04:84:C3:E2:2D][Validity: 2016-05-31 00:00:00 - 2017-06-26 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,6,0,6,0,0,0,6,0,0,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,41,0,27,0,0] 18 TCP 172.16.42.216:51990 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][cat: Web/5][15 pkts/1557 bytes <-> 13 pkts/15104 bytes][Goodput ratio: 35/94][1.25 sec][Host: ecx.images-amazon.com][bytes ratio: -0.813 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 88/21 682/138 190/45][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 104/1162 613/1514 136/600][URL: ecx.images-amazon.com/images/I/612xlaOI2NL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.292][PLAIN TEXT (tyGET /images/I/612)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,72,0,0] 19 TCP 172.16.42.216:51988 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][cat: Web/5][15 pkts/1557 bytes <-> 13 pkts/14454 bytes][Goodput ratio: 35/94][1.26 sec][Host: ecx.images-amazon.com][bytes ratio: -0.806 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 77/27 681/154 186/53][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 104/1112 613/1514 136/592][URL: ecx.images-amazon.com/images/I/61oBTb+jZvL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.292][PLAIN TEXT (GET /images/I/61oBTb)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,72,0,0] - 20 TCP 172.16.42.216:40871 <-> 54.239.29.253:443 [proto: 91.178/TLS.Amazon][cat: Web/5][20 pkts/7766 bytes <-> 21 pkts/8198 bytes][Goodput ratio: 86/86][3.82 sec][ALPN: h2;http/1.1][bytes ratio: -0.027 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 182/130 1403/1107 358/296][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 388/390 1514/1514 570/458][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: skills-store.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,18,9,4,0,0,0,9,4,0,0,0,4,0,0,0,0,13,0,0,0,4,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0] - 21 TCP 172.16.42.216:41912 <-> 52.84.62.115:443 [proto: 91.240/TLS.AmazonVideo][cat: Video/26][16 pkts/3960 bytes <-> 14 pkts/11986 bytes][Goodput ratio: 73/92][0.96 sec][ALPN: h2;http/1.1][bytes ratio: -0.503 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 71/14 669/71 174/23][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 248/856 1340/1514 415/644][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: images-na.ssl-images-amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com][Certificate SHA-1: 39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52][Safari][Validity: 2016-09-23 00:00:00 - 2017-10-26 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,6,0,18,0,0,6,0,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,12,0,0,0,0,0,38,0,0] + 20 TCP 172.16.42.216:40871 <-> 54.239.29.253:443 [proto: 91.178/TLS.Amazon][cat: Web/5][20 pkts/7766 bytes <-> 21 pkts/8198 bytes][Goodput ratio: 86/86][3.82 sec][ALPN: h2;http/1.1][bytes ratio: -0.027 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 182/130 1403/1107 358/296][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 388/390 1514/1514 570/458][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: skills-store.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,18,9,4,0,0,0,9,4,0,0,0,4,0,0,0,0,13,0,0,0,4,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0] + 21 TCP 172.16.42.216:41912 <-> 52.84.62.115:443 [proto: 91.240/TLS.AmazonVideo][cat: Video/26][16 pkts/3960 bytes <-> 14 pkts/11986 bytes][Goodput ratio: 73/92][0.96 sec][ALPN: h2;http/1.1][bytes ratio: -0.503 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 71/14 669/71 174/23][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 248/856 1340/1514 415/644][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: images-na.ssl-images-amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com][Certificate SHA-1: 39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52][Validity: 2016-09-23 00:00:00 - 2017-10-26 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,6,0,18,0,0,6,0,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,12,0,0,0,0,0,38,0,0] 22 TCP 172.16.42.216:51985 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][cat: Web/5][16 pkts/1623 bytes <-> 14 pkts/14282 bytes][Goodput ratio: 34/93][1.26 sec][Host: ecx.images-amazon.com][bytes ratio: -0.796 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 84/45 682/281 185/91][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 101/1020 613/1514 132/664][URL: ecx.images-amazon.com/images/I/51woiL9kgkL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.292][PLAIN TEXT (GET /images/I/51woiL9)][Plen Bins: 0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,75,0,0] 23 TCP 172.16.42.216:51996 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][cat: Web/5][15 pkts/1545 bytes <-> 13 pkts/14178 bytes][Goodput ratio: 35/94][1.13 sec][Host: ecx.images-amazon.com][bytes ratio: -0.803 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 75/22 764/207 210/62][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103/1091 613/1514 136/639][URL: ecx.images-amazon.com/images/I/81Ni5COup-L._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.292][PLAIN TEXT (GET /images/I/81Ni5)][Plen Bins: 0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,81,0,0] 24 TCP 172.16.42.216:53682 <-> 54.239.22.185:443 [proto: 91.178/TLS.Amazon][cat: Web/5][16 pkts/10167 bytes <-> 13 pkts/5328 bytes][Goodput ratio: 91/86][163.85 sec][bytes ratio: 0.312 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 12603/417 159135/3907 42305/1164][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 635/410 1514/1514 644/520][Risk: ** TLS (probably) not carrying HTTPS **][Risk Score: 10][TLSv1.2][Client: firs-ta-g7g.amazon.com][JA3C: bdf21e38e1f69776df407235625e75e2][ServerNames: firs-ta-g7g.amazon.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=firs-ta-g7g.amazon.com][Certificate SHA-1: A0:32:45:00:21:A0:00:56:62:BA:FE:E7:68:81:40:5F:68:7E:A6:86][Firefox][Validity: 2016-11-25 00:00:00 - 2017-12-31 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,6,0,6,0,0,0,6,0,0,0,0,6,0,0,0,0,0,13,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,47,0,0] - 25 TCP 172.16.42.216:45712 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][24 pkts/11240 bytes <-> 18 pkts/3909 bytes][Goodput ratio: 88/73][5.97 sec][ALPN: h2;http/1.1][bytes ratio: 0.484 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 271/206 1239/905 390/325][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 468/217 1514/715 608/241][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,10,5,5,0,10,10,5,0,0,0,0,0,0,5,5,5,0,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0] - 26 TCP 172.16.42.216:40854 <-> 54.239.29.253:443 [proto: 91.178/TLS.Amazon][cat: Web/5][21 pkts/6285 bytes <-> 16 pkts/8842 bytes][Goodput ratio: 82/90][2.68 sec][ALPN: h2;http/1.1][bytes ratio: -0.169 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 146/106 1158/932 299/253][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 299/553 1514/1514 504/512][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: skills-store.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: skills-store.amazon.com][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=skills-store.amazon.com][Certificate SHA-1: 2A:40:0E:E9:9A:EC:7C:0D:40:AA:C9:C5:66:67:00:B8:3E:90:DC:B2][Safari][Validity: 2016-05-14 00:00:00 - 2017-05-15 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,11,0,0,0,0,11,0,0,0,5,0,0,0,0,0,0,30,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,5,0,0,0,0,0,5,24,0,0] + 25 TCP 172.16.42.216:45712 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][24 pkts/11240 bytes <-> 18 pkts/3909 bytes][Goodput ratio: 88/73][5.97 sec][ALPN: h2;http/1.1][bytes ratio: 0.484 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 271/206 1239/905 390/325][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 468/217 1514/715 608/241][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,10,5,5,0,10,10,5,0,0,0,0,0,0,5,5,5,0,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0] + 26 TCP 172.16.42.216:40854 <-> 54.239.29.253:443 [proto: 91.178/TLS.Amazon][cat: Web/5][21 pkts/6285 bytes <-> 16 pkts/8842 bytes][Goodput ratio: 82/90][2.68 sec][ALPN: h2;http/1.1][bytes ratio: -0.169 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 146/106 1158/932 299/253][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 299/553 1514/1514 504/512][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: skills-store.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: skills-store.amazon.com][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=skills-store.amazon.com][Certificate SHA-1: 2A:40:0E:E9:9A:EC:7C:0D:40:AA:C9:C5:66:67:00:B8:3E:90:DC:B2][Validity: 2016-05-14 00:00:00 - 2017-05-15 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,11,0,0,0,0,11,0,0,0,5,0,0,0,0,0,0,30,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,5,0,0,0,0,0,5,24,0,0] 27 TCP 172.16.42.216:55242 <-> 52.85.209.197:443 [proto: 91.178/TLS.Amazon][cat: Web/5][18 pkts/6706 bytes <-> 20 pkts/8204 bytes][Goodput ratio: 82/84][123.38 sec][bytes ratio: -0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 87/100 290/445 108/155][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 373/410 1514/1514 532/546][Risk: ** TLS (probably) not carrying HTTPS **][Risk Score: 10][TLSv1.2][Client: www.amazon.com][JA3C: bdf21e38e1f69776df407235625e75e2][ServerNames: amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com][JA3S: 389ed42c02ebecc32e73aa31def07e14][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com][Certificate SHA-1: EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E][Firefox][Validity: 2016-10-31 00:00:00 - 2017-12-31 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 15,15,0,5,0,0,5,10,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,5,0,0,10,0,0,21,0,0] - 28 TCP 172.16.42.216:50799 <-> 54.239.28.178:443 [proto: 91.178/TLS.Amazon][cat: Web/5][20 pkts/9329 bytes <-> 17 pkts/5540 bytes][Goodput ratio: 88/82][10.48 sec][ALPN: h2;http/1.1][bytes ratio: 0.255 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 636/760 7767/8001 1851/2099][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 466/326 1514/1514 612/473][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com][Certificate SHA-1: 13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24][Safari][Validity: 2017-01-12 00:00:00 - 2018-01-13 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,18,0,0,5,0,5,5,0,0,11,0,0,0,0,0,5,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,43,0,0] + 28 TCP 172.16.42.216:50799 <-> 54.239.28.178:443 [proto: 91.178/TLS.Amazon][cat: Web/5][20 pkts/9329 bytes <-> 17 pkts/5540 bytes][Goodput ratio: 88/82][10.48 sec][ALPN: h2;http/1.1][bytes ratio: 0.255 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 636/760 7767/8001 1851/2099][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 466/326 1514/1514 612/473][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com][Certificate SHA-1: 13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24][Validity: 2017-01-12 00:00:00 - 2018-01-13 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,18,0,0,5,0,5,5,0,0,11,0,0,0,0,0,5,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,43,0,0] 29 TCP 172.16.42.216:51993 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][cat: Web/5][14 pkts/1479 bytes <-> 12 pkts/13075 bytes][Goodput ratio: 37/94][1.13 sec][Host: ecx.images-amazon.com][bytes ratio: -0.797 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 102/23 765/207 218/65][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 106/1090 613/1514 141/624][URL: ecx.images-amazon.com/images/I/61SZU-lPFNL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.292][PLAIN TEXT (GET /images/I/61S)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,80,0,0] 30 TCP 172.16.42.216:51987 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][cat: Web/5][14 pkts/1491 bytes <-> 12 pkts/12826 bytes][Goodput ratio: 37/94][1.26 sec][Host: ecx.images-amazon.com][bytes ratio: -0.792 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 96/22 682/154 199/50][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 106/1069 613/1514 141/605][URL: ecx.images-amazon.com/images/I/71GcCNTb6kL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.292][PLAIN TEXT (GET /images/I/71GcCNTb6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,70,0,0] - 31 TCP 172.16.42.216:34069 <-> 54.239.24.186:443 [proto: 91.178/TLS.Amazon][cat: Web/5][16 pkts/12799 bytes <-> 14 pkts/1381 bytes][Goodput ratio: 93/40][4.36 sec][ALPN: h2;http/1.1][bytes ratio: 0.805 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 256/126 2464/986 644/293][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 800/99 1514/449 707/105][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: mobileanalytics.us-east-1.amazonaws.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,8,0,0,8,0,0,0,8,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,59,0,0] - 32 TCP 172.16.42.216:45711 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][22 pkts/11642 bytes <-> 11 pkts/2484 bytes][Goodput ratio: 89/74][21.11 sec][ALPN: h2;http/1.1][bytes ratio: 0.648 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/64 1023/2459 6019/9247 1749/3564][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 529/226 1514/955 611/323][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,12,6,0,0,6,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,6,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,31,0,0] - 33 TCP 172.16.42.216:42130 <-> 72.21.206.135:443 [proto: 91.178/TLS.Amazon][cat: Web/5][18 pkts/6237 bytes <-> 14 pkts/6594 bytes][Goodput ratio: 84/88][2.59 sec][ALPN: h2;http/1.1][bytes ratio: -0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 164/169 783/785 225/244][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 346/471 1514/1514 494/576][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: fls-na.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx][JA3S: 159d46e54a2c066ef95e656fdf034e1d][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com][Certificate SHA-1: 2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A][Safari][Validity: 2017-01-07 00:00:00 - 2018-01-30 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,6,0,6,0,0,20,0,0,6,0,0,0,13,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,34,0,0] - 34 TCP 172.16.42.216:37551 <-> 54.239.24.180:443 [proto: 91.178/TLS.Amazon][cat: Web/5][17 pkts/10780 bytes <-> 14 pkts/1770 bytes][Goodput ratio: 91/53][5.05 sec][ALPN: h2;http/1.1][bytes ratio: 0.718 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 330/332 1326/1927 449/591][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 634/126 1514/449 657/137][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: mobileanalytics.us-east-1.amazonaws.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,7,0,0,7,0,0,7,21,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,42,0,0] - 35 TCP 172.16.42.216:47605 <-> 72.21.206.121:443 [proto: 91.178/TLS.Amazon][cat: Web/5][14 pkts/6459 bytes <-> 10 pkts/5934 bytes][Goodput ratio: 88/90][1.23 sec][ALPN: h2;http/1.1][bytes ratio: 0.042 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 99/73 444/289 147/105][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 461/593 1514/1514 580/631][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: fls-na.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx][JA3S: 159d46e54a2c066ef95e656fdf034e1d][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com][Certificate SHA-1: 2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A][Safari][Validity: 2017-01-07 00:00:00 - 2018-01-30 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,7,0,7,0,0,15,0,0,7,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,40,0,0] - 36 TCP 172.16.42.216:45661 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][18 pkts/5853 bytes <-> 14 pkts/6315 bytes][Goodput ratio: 83/87][2.50 sec][ALPN: h2;http/1.1][bytes ratio: -0.038 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 168/40 1015/176 274/60][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 325/451 1168/1514 442/528][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com][Certificate SHA-1: 13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24][Safari][Validity: 2017-01-12 00:00:00 - 2018-01-13 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,7,0,0,0,0,7,0,0,0,15,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,7,0,7,0,0,0,0,24,7,0,0,0,0,0,0,0,0,0,0,15,0,0] - 37 TCP 172.16.42.216:45715 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][18 pkts/10366 bytes <-> 11 pkts/1730 bytes][Goodput ratio: 90/63][22.60 sec][ALPN: h2;http/1.1][bytes ratio: 0.714 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1160/2749 10810/15911 2672/5468][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 576/157 1514/555 667/178][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,14,7,7,0,0,7,7,0,0,0,0,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,42,0,0] - 38 TCP 172.16.42.216:42129 <-> 72.21.206.135:443 [proto: 91.178/TLS.Amazon][cat: Web/5][16 pkts/5899 bytes <-> 13 pkts/6114 bytes][Goodput ratio: 85/88][2.59 sec][ALPN: h2;http/1.1][bytes ratio: -0.018 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 177/19 1347/104 365/37][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 369/470 1514/1514 557/597][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: fls-na.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx][JA3S: 159d46e54a2c066ef95e656fdf034e1d][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com][Certificate SHA-1: 2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A][Safari][Validity: 2017-01-07 00:00:00 - 2018-01-30 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,8,0,8,0,0,8,0,0,16,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,51,0,0] - 39 TCP 172.16.42.216:45680 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][15 pkts/7129 bytes <-> 14 pkts/4292 bytes][Goodput ratio: 88/81][2.51 sec][ALPN: h2;http/1.1][bytes ratio: 0.248 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 202/95 1324/374 353/142][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 475/307 1248/891 523/370][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,14,7,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,21,7,7,0,0,0,0,0,0,0,0,0,0] - 40 TCP 172.16.42.216:50797 <-> 54.239.28.178:443 [proto: 91.178/TLS.Amazon][cat: Web/5][14 pkts/5989 bytes <-> 11 pkts/4920 bytes][Goodput ratio: 87/87][10.17 sec][ALPN: h2;http/1.1][bytes ratio: 0.098 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 92/114 346/441 105/161][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 428/447 1514/1514 576/536][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com][Certificate SHA-1: 13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24][Safari][Validity: 2017-01-12 00:00:00 - 2018-01-13 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,7,0,7,0,0,15,0,0,0,15,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,39,0,0] - 41 TCP 172.16.42.216:47606 <-> 72.21.206.121:443 [proto: 91.178/TLS.Amazon][cat: Web/5][14 pkts/4321 bytes <-> 14 pkts/6297 bytes][Goodput ratio: 82/87][0.75 sec][ALPN: h2;http/1.1][bytes ratio: -0.186 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/27 255/176 73/52][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 309/450 1514/1514 496/585][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: fls-na.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx][JA3S: 159d46e54a2c066ef95e656fdf034e1d][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com][Certificate SHA-1: 2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A][Safari][Validity: 2017-01-07 00:00:00 - 2018-01-30 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,7,15,15,0,0,7,0,0,0,0,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,39,0,0] + 31 TCP 172.16.42.216:34069 <-> 54.239.24.186:443 [proto: 91.178/TLS.Amazon][cat: Web/5][16 pkts/12799 bytes <-> 14 pkts/1381 bytes][Goodput ratio: 93/40][4.36 sec][ALPN: h2;http/1.1][bytes ratio: 0.805 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 256/126 2464/986 644/293][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 800/99 1514/449 707/105][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: mobileanalytics.us-east-1.amazonaws.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,8,0,0,8,0,0,0,8,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,59,0,0] + 32 TCP 172.16.42.216:45711 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][22 pkts/11642 bytes <-> 11 pkts/2484 bytes][Goodput ratio: 89/74][21.11 sec][ALPN: h2;http/1.1][bytes ratio: 0.648 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/64 1023/2459 6019/9247 1749/3564][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 529/226 1514/955 611/323][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,12,6,0,0,6,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,6,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,31,0,0] + 33 TCP 172.16.42.216:42130 <-> 72.21.206.135:443 [proto: 91.178/TLS.Amazon][cat: Web/5][18 pkts/6237 bytes <-> 14 pkts/6594 bytes][Goodput ratio: 84/88][2.59 sec][ALPN: h2;http/1.1][bytes ratio: -0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 164/169 783/785 225/244][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 346/471 1514/1514 494/576][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: fls-na.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx][JA3S: 159d46e54a2c066ef95e656fdf034e1d][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com][Certificate SHA-1: 2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A][Validity: 2017-01-07 00:00:00 - 2018-01-30 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,6,0,6,0,0,20,0,0,6,0,0,0,13,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,34,0,0] + 34 TCP 172.16.42.216:37551 <-> 54.239.24.180:443 [proto: 91.178/TLS.Amazon][cat: Web/5][17 pkts/10780 bytes <-> 14 pkts/1770 bytes][Goodput ratio: 91/53][5.05 sec][ALPN: h2;http/1.1][bytes ratio: 0.718 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 330/332 1326/1927 449/591][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 634/126 1514/449 657/137][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: mobileanalytics.us-east-1.amazonaws.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,7,0,0,7,0,0,7,21,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,42,0,0] + 35 TCP 172.16.42.216:47605 <-> 72.21.206.121:443 [proto: 91.178/TLS.Amazon][cat: Web/5][14 pkts/6459 bytes <-> 10 pkts/5934 bytes][Goodput ratio: 88/90][1.23 sec][ALPN: h2;http/1.1][bytes ratio: 0.042 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 99/73 444/289 147/105][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 461/593 1514/1514 580/631][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: fls-na.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx][JA3S: 159d46e54a2c066ef95e656fdf034e1d][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com][Certificate SHA-1: 2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A][Validity: 2017-01-07 00:00:00 - 2018-01-30 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,7,0,7,0,0,15,0,0,7,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,40,0,0] + 36 TCP 172.16.42.216:45661 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][18 pkts/5853 bytes <-> 14 pkts/6315 bytes][Goodput ratio: 83/87][2.50 sec][ALPN: h2;http/1.1][bytes ratio: -0.038 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 168/40 1015/176 274/60][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 325/451 1168/1514 442/528][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com][Certificate SHA-1: 13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24][Validity: 2017-01-12 00:00:00 - 2018-01-13 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,7,0,0,0,0,7,0,0,0,15,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,7,0,7,0,0,0,0,24,7,0,0,0,0,0,0,0,0,0,0,15,0,0] + 37 TCP 172.16.42.216:45715 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][18 pkts/10366 bytes <-> 11 pkts/1730 bytes][Goodput ratio: 90/63][22.60 sec][ALPN: h2;http/1.1][bytes ratio: 0.714 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1160/2749 10810/15911 2672/5468][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 576/157 1514/555 667/178][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,14,7,7,0,0,7,7,0,0,0,0,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,42,0,0] + 38 TCP 172.16.42.216:42129 <-> 72.21.206.135:443 [proto: 91.178/TLS.Amazon][cat: Web/5][16 pkts/5899 bytes <-> 13 pkts/6114 bytes][Goodput ratio: 85/88][2.59 sec][ALPN: h2;http/1.1][bytes ratio: -0.018 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 177/19 1347/104 365/37][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 369/470 1514/1514 557/597][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: fls-na.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx][JA3S: 159d46e54a2c066ef95e656fdf034e1d][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com][Certificate SHA-1: 2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A][Validity: 2017-01-07 00:00:00 - 2018-01-30 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,8,0,8,0,0,8,0,0,16,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,51,0,0] + 39 TCP 172.16.42.216:45680 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][15 pkts/7129 bytes <-> 14 pkts/4292 bytes][Goodput ratio: 88/81][2.51 sec][ALPN: h2;http/1.1][bytes ratio: 0.248 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 202/95 1324/374 353/142][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 475/307 1248/891 523/370][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,14,7,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,21,7,7,0,0,0,0,0,0,0,0,0,0] + 40 TCP 172.16.42.216:50797 <-> 54.239.28.178:443 [proto: 91.178/TLS.Amazon][cat: Web/5][14 pkts/5989 bytes <-> 11 pkts/4920 bytes][Goodput ratio: 87/87][10.17 sec][ALPN: h2;http/1.1][bytes ratio: 0.098 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 92/114 346/441 105/161][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 428/447 1514/1514 576/536][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com][Certificate SHA-1: 13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24][Validity: 2017-01-12 00:00:00 - 2018-01-13 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,7,0,7,0,0,15,0,0,0,15,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,39,0,0] + 41 TCP 172.16.42.216:47606 <-> 72.21.206.121:443 [proto: 91.178/TLS.Amazon][cat: Web/5][14 pkts/4321 bytes <-> 14 pkts/6297 bytes][Goodput ratio: 82/87][0.75 sec][ALPN: h2;http/1.1][bytes ratio: -0.186 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/27 255/176 73/52][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 309/450 1514/1514 496/585][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: fls-na.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx][JA3S: 159d46e54a2c066ef95e656fdf034e1d][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com][Certificate SHA-1: 2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A][Validity: 2017-01-07 00:00:00 - 2018-01-30 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,7,15,15,0,0,7,0,0,0,0,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,39,0,0] 42 TCP 172.16.42.216:38757 <-> 54.239.28.178:443 [proto: 91.178/TLS.Amazon][cat: Web/5][13 pkts/6382 bytes <-> 8 pkts/3973 bytes][Goodput ratio: 89/89][2.80 sec][bytes ratio: 0.233 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 254/411 1240/2328 378/858][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 491/497 1344/1514 576/598][Risk: ** Obsolete TLS version (< 1.1) **** Weak TLS cipher **][Risk Score: 100][TLSv1][JA3C: f8f5b71e02603b283e55b50d17ede861][ServerNames: pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com][Certificate SHA-1: 13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24][Validity: 2017-01-12 00:00:00 - 2018-01-13 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,9,0,0,0,9,9,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,36,0,0,0,0,18,0,0] - 43 TCP 172.16.42.216:40864 <-> 54.239.29.253:443 [proto: 91.178/TLS.Amazon][cat: Web/5][15 pkts/2838 bytes <-> 16 pkts/7478 bytes][Goodput ratio: 71/88][4.06 sec][ALPN: h2;http/1.1][bytes ratio: -0.450 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 66/267 259/1771 98/509][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 189/467 1514/1514 363/499][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: skills-store.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,20,6,0,0,0,6,13,0,0,0,0,0,0,0,0,0,26,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,20,0,0] - 44 TCP 172.16.42.216:45693 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][15 pkts/4412 bytes <-> 13 pkts/5784 bytes][Goodput ratio: 81/87][4.69 sec][ALPN: h2;http/1.1][bytes ratio: -0.135 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 390/24 4145/80 1133/32][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 294/445 1514/1514 485/599][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 7,15,7,0,7,0,7,7,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0] - 45 TCP 172.16.42.216:54427 <-> 52.85.209.216:443 [proto: 91.178/TLS.Amazon][cat: Web/5][13 pkts/8467 bytes <-> 8 pkts/1403 bytes][Goodput ratio: 90/62][1.35 sec][ALPN: h2;http/1.1][bytes ratio: 0.716 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/12 109/125 514/453 157/165][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 651/175 1514/777 663/233][TLSv1.2][Client: www.amazon.com][JA3C: 5ee142340adf02ded757447e2ff78986][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,11,0,0,11,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,22,0,0] + 43 TCP 172.16.42.216:40864 <-> 54.239.29.253:443 [proto: 91.178/TLS.Amazon][cat: Web/5][15 pkts/2838 bytes <-> 16 pkts/7478 bytes][Goodput ratio: 71/88][4.06 sec][ALPN: h2;http/1.1][bytes ratio: -0.450 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 66/267 259/1771 98/509][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 189/467 1514/1514 363/499][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: skills-store.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,20,6,0,0,0,6,13,0,0,0,0,0,0,0,0,0,26,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,20,0,0] + 44 TCP 172.16.42.216:45693 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][15 pkts/4412 bytes <-> 13 pkts/5784 bytes][Goodput ratio: 81/87][4.69 sec][ALPN: h2;http/1.1][bytes ratio: -0.135 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 390/24 4145/80 1133/32][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 294/445 1514/1514 485/599][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 7,15,7,0,7,0,7,7,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0] + 45 TCP 172.16.42.216:54427 <-> 52.85.209.216:443 [proto: 91.178/TLS.Amazon][cat: Web/5][13 pkts/8467 bytes <-> 8 pkts/1403 bytes][Goodput ratio: 90/62][1.35 sec][ALPN: h2;http/1.1][bytes ratio: 0.716 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/12 109/125 514/453 157/165][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 651/175 1514/777 663/233][TLSv1.2][Client: www.amazon.com][JA3C: 5ee142340adf02ded757447e2ff78986][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,11,0,0,11,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,22,0,0] 46 TCP 172.16.42.216:51994 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][cat: Web/5][11 pkts/1293 bytes <-> 10 pkts/8334 bytes][Goodput ratio: 42/92][1.10 sec][Host: ecx.images-amazon.com][bytes ratio: -0.731 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 106/24 808/113 266/39][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 118/833 613/1514 157/652][URL: ecx.images-amazon.com/images/I/315y9IEXZSL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.292][PLAIN TEXT (GET /images/I/315)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,57,0,0] - 47 TCP 172.16.42.216:44001 <-> 176.32.101.52:443 [proto: 91.178/TLS.Amazon][cat: Web/5][22 pkts/4394 bytes <-> 19 pkts/5213 bytes][Goodput ratio: 72/79][101.63 sec][bytes ratio: -0.085 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 5968/5788 80048/79926 19049/20563][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 200/274 1514/1514 303/442][Risk: ** TLS (probably) not carrying HTTPS **][Risk Score: 10][TLSv1.2][Client: dp-gw-na-js.amazon.com][JA3C: 731bcada65b0a6f850bada3bdcd716d1][ServerNames: dp-gw-na.amazon.com,dp-gw-na-js.amazon.com,dp-gw-na.amazon.co.uk,dp-gw-na.amazon.de,dp-gw-na.amazon.co.jp,dp-gw-na.amazon.in][JA3S: fbe78c619e7ea20046131294ad087f05][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=dp-gw-na.amazon.com][Certificate SHA-1: 27:E5:06:34:82:69:BC:97:5E:28:A3:C1:5A:23:81:C7:E3:28:95:8C][Safari][Validity: 2016-09-24 00:00:00 - 2017-09-13 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 9,14,4,4,4,0,29,9,0,4,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0] - 48 TCP 172.16.42.216:45714 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][17 pkts/7542 bytes <-> 10 pkts/1990 bytes][Goodput ratio: 88/71][18.45 sec][ALPN: h2;http/1.1][bytes ratio: 0.582 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1317/1449 6762/8309 2110/3069][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 444/199 1514/699 598/247][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,15,7,0,15,7,0,7,0,0,0,0,0,0,0,0,0,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,0,0] - 49 TCP 172.16.42.216:38404 <-> 34.199.52.240:443 [proto: 91.178/TLS.Amazon][cat: Web/5][15 pkts/3140 bytes <-> 12 pkts/6286 bytes][Goodput ratio: 69/87][1.00 sec][ALPN: h2;http/1.1][bytes ratio: -0.334 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 74/55 364/256 109/84][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 209/524 950/1514 299/598][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: cognito-identity.us-east-1.amazonaws.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: cognito-identity.amazonaws.com,cognito-identity.us-east-1.amazonaws.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=cognito-identity.us-east-1.amazonaws.com][Certificate SHA-1: 56:17:8F:E9:45:10:32:78:FF:FD:E3:09:60:5A:B5:3B:8D:8C:F8:34][Safari][Validity: 2016-05-25 00:00:00 - 2017-06-22 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 8,16,0,8,0,0,0,0,8,0,0,0,0,0,0,8,8,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] - 50 TCP 172.16.42.216:34074 <-> 54.239.24.186:443 [proto: 91.178/TLS.Amazon][cat: Web/5][13 pkts/7594 bytes <-> 9 pkts/1081 bytes][Goodput ratio: 90/51][6.86 sec][ALPN: h2;http/1.1][bytes ratio: 0.751 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 679/185 5262/894 1550/320][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 584/120 1514/449 627/125][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: mobileanalytics.us-east-1.amazonaws.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,11,0,0,11,0,0,0,11,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,0,0,22,0,11,0,0] - 51 TCP 172.16.42.216:34019 <-> 54.239.24.186:443 [proto: 91.178/TLS.Amazon][cat: Web/5][14 pkts/2122 bytes <-> 11 pkts/6182 bytes][Goodput ratio: 63/90][0.64 sec][ALPN: h2;http/1.1][bytes ratio: -0.489 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 50/71 277/343 78/116][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 152/562 820/1514 202/618][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: mobileanalytics.us-east-1.amazonaws.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: mobileanalytics.us-east-1.amazonaws.com][JA3S: 159d46e54a2c066ef95e656fdf034e1d][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=mobileanalytics.us-east-1.amazonaws.com][Certificate SHA-1: 87:AD:E9:2D:E8:42:F0:5C:3A:09:13:00:12:93:59:04:84:C3:E2:2D][Safari][Validity: 2016-05-31 00:00:00 - 2017-06-26 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,10,0,10,0,0,0,20,0,0,0,0,0,0,0,10,0,0,0,10,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0] - 52 TCP 172.16.42.216:34033 <-> 54.239.24.186:443 [proto: 91.178/TLS.Amazon][cat: Web/5][14 pkts/6517 bytes <-> 11 pkts/1705 bytes][Goodput ratio: 88/62][1.91 sec][ALPN: h2;http/1.1][bytes ratio: 0.585 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 144/57 1221/225 342/79][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 466/155 1514/564 535/173][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: mobileanalytics.us-east-1.amazonaws.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,10,0,0,10,0,0,0,10,0,0,0,10,0,0,10,0,0,0,0,0,0,0,10,0,10,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,10,0,10,0,0] - 53 TCP 172.16.42.216:40853 <-> 54.239.29.253:443 [proto: 91.178/TLS.Amazon][cat: Web/5][12 pkts/2895 bytes <-> 11 pkts/5277 bytes][Goodput ratio: 77/88][2.68 sec][ALPN: h2;http/1.1][bytes ratio: -0.291 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 54/37 137/137 61/49][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 241/480 1514/1514 399/596][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: skills-store.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: skills-store.amazon.com][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=skills-store.amazon.com][Certificate SHA-1: 2A:40:0E:E9:9A:EC:7C:0D:40:AA:C9:C5:66:67:00:B8:3E:90:DC:B2][Safari][Validity: 2016-05-14 00:00:00 - 2017-05-15 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,18,0,9,0,0,9,9,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,27,0,0] - 54 TCP 172.16.42.216:45696 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][14 pkts/7016 bytes <-> 9 pkts/1115 bytes][Goodput ratio: 89/53][4.57 sec][ALPN: h2;http/1.1][bytes ratio: 0.726 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 124/196 591/1077 175/395][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 501/124 1514/507 644/138][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,20,10,10,0,0,0,10,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0] - 55 TCP 172.16.42.216:45673 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][14 pkts/4512 bytes <-> 12 pkts/3341 bytes][Goodput ratio: 83/79][2.23 sec][ALPN: h2;http/1.1][bytes ratio: 0.149 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 187/31 1612/164 452/54][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 322/278 1232/891 463/354][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,20,10,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0,0,0,0,0,0,0,20,10,0,0,0,0,0,0,0,0,0,0,0] + 47 TCP 172.16.42.216:44001 <-> 176.32.101.52:443 [proto: 91.178/TLS.Amazon][cat: Web/5][22 pkts/4394 bytes <-> 19 pkts/5213 bytes][Goodput ratio: 72/79][101.63 sec][bytes ratio: -0.085 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 5968/5788 80048/79926 19049/20563][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 200/274 1514/1514 303/442][Risk: ** TLS (probably) not carrying HTTPS **][Risk Score: 10][TLSv1.2][Client: dp-gw-na-js.amazon.com][JA3C: 731bcada65b0a6f850bada3bdcd716d1][ServerNames: dp-gw-na.amazon.com,dp-gw-na-js.amazon.com,dp-gw-na.amazon.co.uk,dp-gw-na.amazon.de,dp-gw-na.amazon.co.jp,dp-gw-na.amazon.in][JA3S: fbe78c619e7ea20046131294ad087f05][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=dp-gw-na.amazon.com][Certificate SHA-1: 27:E5:06:34:82:69:BC:97:5E:28:A3:C1:5A:23:81:C7:E3:28:95:8C][Validity: 2016-09-24 00:00:00 - 2017-09-13 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 9,14,4,4,4,0,29,9,0,4,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0] + 48 TCP 172.16.42.216:45714 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][17 pkts/7542 bytes <-> 10 pkts/1990 bytes][Goodput ratio: 88/71][18.45 sec][ALPN: h2;http/1.1][bytes ratio: 0.582 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1317/1449 6762/8309 2110/3069][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 444/199 1514/699 598/247][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,15,7,0,15,7,0,7,0,0,0,0,0,0,0,0,0,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,0,0] + 49 TCP 172.16.42.216:38404 <-> 34.199.52.240:443 [proto: 91.178/TLS.Amazon][cat: Web/5][15 pkts/3140 bytes <-> 12 pkts/6286 bytes][Goodput ratio: 69/87][1.00 sec][ALPN: h2;http/1.1][bytes ratio: -0.334 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 74/55 364/256 109/84][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 209/524 950/1514 299/598][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: cognito-identity.us-east-1.amazonaws.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: cognito-identity.amazonaws.com,cognito-identity.us-east-1.amazonaws.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=cognito-identity.us-east-1.amazonaws.com][Certificate SHA-1: 56:17:8F:E9:45:10:32:78:FF:FD:E3:09:60:5A:B5:3B:8D:8C:F8:34][Validity: 2016-05-25 00:00:00 - 2017-06-22 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 8,16,0,8,0,0,0,0,8,0,0,0,0,0,0,8,8,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] + 50 TCP 172.16.42.216:34074 <-> 54.239.24.186:443 [proto: 91.178/TLS.Amazon][cat: Web/5][13 pkts/7594 bytes <-> 9 pkts/1081 bytes][Goodput ratio: 90/51][6.86 sec][ALPN: h2;http/1.1][bytes ratio: 0.751 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 679/185 5262/894 1550/320][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 584/120 1514/449 627/125][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: mobileanalytics.us-east-1.amazonaws.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,11,0,0,11,0,0,0,11,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,0,0,22,0,11,0,0] + 51 TCP 172.16.42.216:34019 <-> 54.239.24.186:443 [proto: 91.178/TLS.Amazon][cat: Web/5][14 pkts/2122 bytes <-> 11 pkts/6182 bytes][Goodput ratio: 63/90][0.64 sec][ALPN: h2;http/1.1][bytes ratio: -0.489 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 50/71 277/343 78/116][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 152/562 820/1514 202/618][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: mobileanalytics.us-east-1.amazonaws.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: mobileanalytics.us-east-1.amazonaws.com][JA3S: 159d46e54a2c066ef95e656fdf034e1d][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=mobileanalytics.us-east-1.amazonaws.com][Certificate SHA-1: 87:AD:E9:2D:E8:42:F0:5C:3A:09:13:00:12:93:59:04:84:C3:E2:2D][Validity: 2016-05-31 00:00:00 - 2017-06-26 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,10,0,10,0,0,0,20,0,0,0,0,0,0,0,10,0,0,0,10,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0] + 52 TCP 172.16.42.216:34033 <-> 54.239.24.186:443 [proto: 91.178/TLS.Amazon][cat: Web/5][14 pkts/6517 bytes <-> 11 pkts/1705 bytes][Goodput ratio: 88/62][1.91 sec][ALPN: h2;http/1.1][bytes ratio: 0.585 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 144/57 1221/225 342/79][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 466/155 1514/564 535/173][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: mobileanalytics.us-east-1.amazonaws.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,10,0,0,10,0,0,0,10,0,0,0,10,0,0,10,0,0,0,0,0,0,0,10,0,10,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,10,0,10,0,0] + 53 TCP 172.16.42.216:40853 <-> 54.239.29.253:443 [proto: 91.178/TLS.Amazon][cat: Web/5][12 pkts/2895 bytes <-> 11 pkts/5277 bytes][Goodput ratio: 77/88][2.68 sec][ALPN: h2;http/1.1][bytes ratio: -0.291 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 54/37 137/137 61/49][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 241/480 1514/1514 399/596][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: skills-store.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: skills-store.amazon.com][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=skills-store.amazon.com][Certificate SHA-1: 2A:40:0E:E9:9A:EC:7C:0D:40:AA:C9:C5:66:67:00:B8:3E:90:DC:B2][Validity: 2016-05-14 00:00:00 - 2017-05-15 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,18,0,9,0,0,9,9,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,27,0,0] + 54 TCP 172.16.42.216:45696 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][14 pkts/7016 bytes <-> 9 pkts/1115 bytes][Goodput ratio: 89/53][4.57 sec][ALPN: h2;http/1.1][bytes ratio: 0.726 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 124/196 591/1077 175/395][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 501/124 1514/507 644/138][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,20,10,10,0,0,0,10,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0] + 55 TCP 172.16.42.216:45673 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][14 pkts/4512 bytes <-> 12 pkts/3341 bytes][Goodput ratio: 83/79][2.23 sec][ALPN: h2;http/1.1][bytes ratio: 0.149 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 187/31 1612/164 452/54][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 322/278 1232/891 463/354][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,20,10,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0,0,0,0,0,0,0,20,10,0,0,0,0,0,0,0,0,0,0,0] 56 TCP 172.16.42.216:49067 <-> 216.58.194.78:443 [proto: 91.228/TLS.PlayStore][cat: SoftwareUpdate/19][10 pkts/2508 bytes <-> 9 pkts/5344 bytes][Goodput ratio: 73/89][0.36 sec][bytes ratio: -0.361 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 44/34 137/93 40/41][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 251/594 1434/1484 402/587][Risk: ** TLS (probably) not carrying HTTPS **][Risk Score: 10][TLSv1.2][Client: android.clients.google.com][JA3C: 5bf38a5cbf896cd31eeef4d6ad1503e1][ServerNames: *.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.gcp.gvt2.com,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,g.co,goo.gl,google-analytics.com,google.com,googlecommerce.com,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com][JA3S: 9b1466fd60cadccb848e09c86e284265][Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2][Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.google.com][Certificate SHA-1: 54:A0:1E:03:FF:CB:33:BC:9D:65:DC:D7:BF:6B:04:2B:F9:F3:D5:42][Safari][Validity: 2017-03-22 17:02:50 - 2017-06-14 16:17:00][Cipher: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256][Plen Bins: 0,10,10,0,0,10,10,0,0,10,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,10,0,20,0,0,0] - 57 TCP 172.16.42.216:45674 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][12 pkts/4436 bytes <-> 12 pkts/3341 bytes][Goodput ratio: 85/79][2.20 sec][ALPN: h2;http/1.1][bytes ratio: 0.141 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 226/36 1612/118 492/51][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 370/278 1248/891 490/354][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,20,10,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0,0,0,0,0,0,0,20,0,10,0,0,0,0,0,0,0,0,0,0] - 58 TCP 172.16.42.216:50796 <-> 54.239.28.178:443 [proto: 91.178/TLS.Amazon][cat: Web/5][10 pkts/2719 bytes <-> 8 pkts/4869 bytes][Goodput ratio: 79/91][0.73 sec][ALPN: h2;http/1.1][bytes ratio: -0.283 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 91/73 260/241 97/100][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 272/609 1514/1514 428/624][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com][Certificate SHA-1: 13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24][Safari][Validity: 2017-01-12 00:00:00 - 2018-01-13 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,11,0,0,0,11,11,0,0,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,33,0,0] - 59 TCP 172.16.42.216:38363 <-> 34.199.52.240:443 [proto: 91.178/TLS.Amazon][cat: Web/5][14 pkts/2676 bytes <-> 10 pkts/4624 bytes][Goodput ratio: 66/85][0.81 sec][ALPN: h2;http/1.1][bytes ratio: -0.267 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 68/88 265/375 77/136][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 191/462 773/1514 246/556][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: cognito-identity.us-east-1.amazonaws.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: cognito-identity.amazonaws.com,cognito-identity.us-east-1.amazonaws.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=cognito-identity.us-east-1.amazonaws.com][Certificate SHA-1: 56:17:8F:E9:45:10:32:78:FF:FD:E3:09:60:5A:B5:3B:8D:8C:F8:34][Safari][Validity: 2016-05-25 00:00:00 - 2017-06-22 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 10,10,0,10,0,0,0,10,0,0,0,0,0,0,10,10,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0] + 57 TCP 172.16.42.216:45674 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][12 pkts/4436 bytes <-> 12 pkts/3341 bytes][Goodput ratio: 85/79][2.20 sec][ALPN: h2;http/1.1][bytes ratio: 0.141 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 226/36 1612/118 492/51][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 370/278 1248/891 490/354][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,20,10,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0,0,0,0,0,0,0,20,0,10,0,0,0,0,0,0,0,0,0,0] + 58 TCP 172.16.42.216:50796 <-> 54.239.28.178:443 [proto: 91.178/TLS.Amazon][cat: Web/5][10 pkts/2719 bytes <-> 8 pkts/4869 bytes][Goodput ratio: 79/91][0.73 sec][ALPN: h2;http/1.1][bytes ratio: -0.283 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 91/73 260/241 97/100][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 272/609 1514/1514 428/624][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com][Certificate SHA-1: 13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24][Validity: 2017-01-12 00:00:00 - 2018-01-13 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,11,0,0,0,11,11,0,0,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,33,0,0] + 59 TCP 172.16.42.216:38363 <-> 34.199.52.240:443 [proto: 91.178/TLS.Amazon][cat: Web/5][14 pkts/2676 bytes <-> 10 pkts/4624 bytes][Goodput ratio: 66/85][0.81 sec][ALPN: h2;http/1.1][bytes ratio: -0.267 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 68/88 265/375 77/136][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 191/462 773/1514 246/556][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: cognito-identity.us-east-1.amazonaws.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: cognito-identity.amazonaws.com,cognito-identity.us-east-1.amazonaws.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=cognito-identity.us-east-1.amazonaws.com][Certificate SHA-1: 56:17:8F:E9:45:10:32:78:FF:FD:E3:09:60:5A:B5:3B:8D:8C:F8:34][Validity: 2016-05-25 00:00:00 - 2017-06-22 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 10,10,0,10,0,0,0,10,0,0,0,0,0,0,10,10,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0] 60 TCP 172.16.42.216:59698 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][13 pkts/2372 bytes <-> 10 pkts/4572 bytes][Goodput ratio: 70/88][105.04 sec][bytes ratio: -0.317 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10450/383 99710/1530 29779/579][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 182/457 1184/1514 305/547][Risk: ** Weak TLS cipher **** TLS (probably) not carrying HTTPS **** SNI TLS extension was missing **][Risk Score: 110][TLSv1.2][JA3C: 36e9ceaa96dd810482573844f78a063f][ServerNames: pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com][Certificate SHA-1: 13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24][Firefox][Validity: 2017-01-12 00:00:00 - 2018-01-13 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,11,0,0,0,0,11,0,0,0,44,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,22,0,0] - 61 TCP 172.16.42.216:41825 <-> 54.231.72.88:443 [proto: 91.178/TLS.Amazon][cat: Web/5][15 pkts/1901 bytes <-> 14 pkts/5033 bytes][Goodput ratio: 56/84][6.82 sec][ALPN: h2;http/1.1][bytes ratio: -0.452 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 533/614 5996/5956 1648/1782][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 127/360 752/1486 180/458][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: s3-external-2.amazonaws.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: s3-external-1.amazonaws.com,*.s3-external-1.amazonaws.com,s3-external-2.amazonaws.com,*.s3-external-2.amazonaws.com,*.s3.amazonaws.com][JA3S: ea615e28cb25adfb2f261151eab3314f][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Baltimore CA-2 G2][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com Inc., CN=*.s3-external-1.amazonaws.com][Certificate SHA-1: C0:51:D8:FA:6B:58:94:F2:3E:4E:7D:B2:36:5F:02:E4:F0:3F:54:FF][Safari][Validity: 2016-07-18 00:00:00 - 2017-10-26 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 24,7,7,7,0,0,0,7,0,0,7,0,0,7,0,0,0,0,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,7,0,0,0] - 62 TCP 172.16.42.216:42143 <-> 72.21.206.135:443 [proto: 91.178/TLS.Amazon][cat: Web/5][12 pkts/5873 bytes <-> 10 pkts/1049 bytes][Goodput ratio: 89/44][1.37 sec][ALPN: h2;http/1.1][bytes ratio: 0.697 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 144/88 483/524 177/179][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 489/105 1514/357 610/95][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: fls-na.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,12,0,0,12,0,0,12,0,12,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,38,0,0] - 63 TCP 172.16.42.216:42148 <-> 72.21.206.135:443 [proto: 91.178/TLS.Amazon][cat: Web/5][13 pkts/5805 bytes <-> 8 pkts/1017 bytes][Goodput ratio: 88/54][0.57 sec][ALPN: h2;http/1.1][bytes ratio: 0.702 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 50/13 245/65 75/26][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 447/127 1514/445 591/130][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: fls-na.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,11,0,0,22,0,0,11,11,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0] - 64 TCP 172.16.42.216:54412 <-> 52.85.209.216:443 [proto: 91.178/TLS.Amazon][cat: Web/5][10 pkts/996 bytes <-> 7 pkts/5823 bytes][Goodput ratio: 33/92][0.38 sec][ALPN: h2;http/1.1][bytes ratio: -0.708 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 47/18 101/86 45/34][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 100/832 268/1514 67/636][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: www.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com][Certificate SHA-1: EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E][Safari][Validity: 2016-10-31 00:00:00 - 2017-12-31 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,14,0,0,14,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,42,0,0] - 65 TCP 172.16.42.216:41820 <-> 54.231.72.88:443 [proto: 91.178/TLS.Amazon][cat: Web/5][14 pkts/1817 bytes <-> 13 pkts/4948 bytes][Goodput ratio: 57/85][3.94 sec][ALPN: h2;http/1.1][bytes ratio: -0.463 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 314/42 2864/196 810/79][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 130/381 754/1486 184/469][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: s3-external-2.amazonaws.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: s3-external-1.amazonaws.com,*.s3-external-1.amazonaws.com,s3-external-2.amazonaws.com,*.s3-external-2.amazonaws.com,*.s3.amazonaws.com][JA3S: ea615e28cb25adfb2f261151eab3314f][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Baltimore CA-2 G2][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com Inc., CN=*.s3-external-1.amazonaws.com][Certificate SHA-1: C0:51:D8:FA:6B:58:94:F2:3E:4E:7D:B2:36:5F:02:E4:F0:3F:54:FF][Safari][Validity: 2016-07-18 00:00:00 - 2017-10-26 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 16,8,8,8,0,0,8,0,0,0,8,0,0,8,0,0,0,0,0,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,8,0,0,0] - 66 TCP 172.16.42.216:45732 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][13 pkts/5614 bytes <-> 8 pkts/1103 bytes][Goodput ratio: 87/58][6.02 sec][ALPN: h2;http/1.1][bytes ratio: 0.672 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 591/663 2868/3089 977/1214][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 432/138 1514/555 598/160][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,22,11,0,0,0,11,11,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0] - 67 TCP 172.16.42.216:45694 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][11 pkts/1845 bytes <-> 9 pkts/4385 bytes][Goodput ratio: 67/88][4.64 sec][ALPN: h2;http/1.1][bytes ratio: -0.408 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 515/26 4284/78 1333/34][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 168/487 752/1514 212/577][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com][Certificate SHA-1: 13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24][Safari][Validity: 2017-01-12 00:00:00 - 2018-01-13 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,12,0,0,0,0,12,0,0,0,25,0,0,0,0,0,0,12,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] - 68 TCP 172.16.42.216:34053 <-> 54.239.24.186:443 [proto: 91.178/TLS.Amazon][cat: Web/5][11 pkts/4927 bytes <-> 9 pkts/1231 bytes][Goodput ratio: 88/57][2.15 sec][ALPN: h2;http/1.1][bytes ratio: 0.600 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 236/131 950/512 322/198][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 448/137 1514/449 584/126][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: mobileanalytics.us-east-1.amazonaws.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,12,0,0,25,0,0,0,12,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,12,0,12,0,0] - 69 TCP 172.16.42.216:50800 <-> 54.239.28.178:443 [proto: 91.178/TLS.Amazon][cat: Web/5][9 pkts/1769 bytes <-> 8 pkts/4341 bytes][Goodput ratio: 71/90][0.63 sec][ALPN: h2;http/1.1][bytes ratio: -0.421 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 89/41 233/155 85/58][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 197/543 784/1514 236/591][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com][Certificate SHA-1: 13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24][Safari][Validity: 2017-01-12 00:00:00 - 2018-01-13 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,12,0,0,0,0,12,0,0,0,25,0,0,0,0,0,0,12,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] + 61 TCP 172.16.42.216:41825 <-> 54.231.72.88:443 [proto: 91.178/TLS.Amazon][cat: Web/5][15 pkts/1901 bytes <-> 14 pkts/5033 bytes][Goodput ratio: 56/84][6.82 sec][ALPN: h2;http/1.1][bytes ratio: -0.452 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 533/614 5996/5956 1648/1782][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 127/360 752/1486 180/458][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: s3-external-2.amazonaws.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: s3-external-1.amazonaws.com,*.s3-external-1.amazonaws.com,s3-external-2.amazonaws.com,*.s3-external-2.amazonaws.com,*.s3.amazonaws.com][JA3S: ea615e28cb25adfb2f261151eab3314f][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Baltimore CA-2 G2][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com Inc., CN=*.s3-external-1.amazonaws.com][Certificate SHA-1: C0:51:D8:FA:6B:58:94:F2:3E:4E:7D:B2:36:5F:02:E4:F0:3F:54:FF][Validity: 2016-07-18 00:00:00 - 2017-10-26 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 24,7,7,7,0,0,0,7,0,0,7,0,0,7,0,0,0,0,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,7,0,0,0] + 62 TCP 172.16.42.216:42143 <-> 72.21.206.135:443 [proto: 91.178/TLS.Amazon][cat: Web/5][12 pkts/5873 bytes <-> 10 pkts/1049 bytes][Goodput ratio: 89/44][1.37 sec][ALPN: h2;http/1.1][bytes ratio: 0.697 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 144/88 483/524 177/179][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 489/105 1514/357 610/95][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: fls-na.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,12,0,0,12,0,0,12,0,12,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,38,0,0] + 63 TCP 172.16.42.216:42148 <-> 72.21.206.135:443 [proto: 91.178/TLS.Amazon][cat: Web/5][13 pkts/5805 bytes <-> 8 pkts/1017 bytes][Goodput ratio: 88/54][0.57 sec][ALPN: h2;http/1.1][bytes ratio: 0.702 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 50/13 245/65 75/26][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 447/127 1514/445 591/130][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: fls-na.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,11,0,0,22,0,0,11,11,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0] + 64 TCP 172.16.42.216:54412 <-> 52.85.209.216:443 [proto: 91.178/TLS.Amazon][cat: Web/5][10 pkts/996 bytes <-> 7 pkts/5823 bytes][Goodput ratio: 33/92][0.38 sec][ALPN: h2;http/1.1][bytes ratio: -0.708 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 47/18 101/86 45/34][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 100/832 268/1514 67/636][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: www.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com][Certificate SHA-1: EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E][Validity: 2016-10-31 00:00:00 - 2017-12-31 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,14,0,0,14,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,42,0,0] + 65 TCP 172.16.42.216:41820 <-> 54.231.72.88:443 [proto: 91.178/TLS.Amazon][cat: Web/5][14 pkts/1817 bytes <-> 13 pkts/4948 bytes][Goodput ratio: 57/85][3.94 sec][ALPN: h2;http/1.1][bytes ratio: -0.463 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 314/42 2864/196 810/79][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 130/381 754/1486 184/469][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: s3-external-2.amazonaws.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: s3-external-1.amazonaws.com,*.s3-external-1.amazonaws.com,s3-external-2.amazonaws.com,*.s3-external-2.amazonaws.com,*.s3.amazonaws.com][JA3S: ea615e28cb25adfb2f261151eab3314f][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Baltimore CA-2 G2][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com Inc., CN=*.s3-external-1.amazonaws.com][Certificate SHA-1: C0:51:D8:FA:6B:58:94:F2:3E:4E:7D:B2:36:5F:02:E4:F0:3F:54:FF][Validity: 2016-07-18 00:00:00 - 2017-10-26 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 16,8,8,8,0,0,8,0,0,0,8,0,0,8,0,0,0,0,0,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,8,0,0,0] + 66 TCP 172.16.42.216:45732 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][13 pkts/5614 bytes <-> 8 pkts/1103 bytes][Goodput ratio: 87/58][6.02 sec][ALPN: h2;http/1.1][bytes ratio: 0.672 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 591/663 2868/3089 977/1214][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 432/138 1514/555 598/160][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,22,11,0,0,0,11,11,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0] + 67 TCP 172.16.42.216:45694 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][11 pkts/1845 bytes <-> 9 pkts/4385 bytes][Goodput ratio: 67/88][4.64 sec][ALPN: h2;http/1.1][bytes ratio: -0.408 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 515/26 4284/78 1333/34][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 168/487 752/1514 212/577][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com][Certificate SHA-1: 13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24][Validity: 2017-01-12 00:00:00 - 2018-01-13 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,12,0,0,0,0,12,0,0,0,25,0,0,0,0,0,0,12,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] + 68 TCP 172.16.42.216:34053 <-> 54.239.24.186:443 [proto: 91.178/TLS.Amazon][cat: Web/5][11 pkts/4927 bytes <-> 9 pkts/1231 bytes][Goodput ratio: 88/57][2.15 sec][ALPN: h2;http/1.1][bytes ratio: 0.600 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 236/131 950/512 322/198][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 448/137 1514/449 584/126][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: mobileanalytics.us-east-1.amazonaws.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,12,0,0,25,0,0,0,12,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,12,0,12,0,0] + 69 TCP 172.16.42.216:50800 <-> 54.239.28.178:443 [proto: 91.178/TLS.Amazon][cat: Web/5][9 pkts/1769 bytes <-> 8 pkts/4341 bytes][Goodput ratio: 71/90][0.63 sec][ALPN: h2;http/1.1][bytes ratio: -0.421 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 89/41 233/155 85/58][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 197/543 784/1514 236/591][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com][Certificate SHA-1: 13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24][Validity: 2017-01-12 00:00:00 - 2018-01-13 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,12,0,0,0,0,12,0,0,0,25,0,0,0,0,0,0,12,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] 70 TCP 172.16.42.216:33556 <-> 52.94.232.0:443 [proto: 91.178/TLS.Amazon][cat: Web/5][10 pkts/1505 bytes <-> 9 pkts/4591 bytes][Goodput ratio: 63/89][141.56 sec][bytes ratio: -0.506 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 76/52 174/172 68/74][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 150/510 642/1514 180/582][Risk: ** TLS (probably) not carrying HTTPS **][Risk Score: 10][TLSv1.2][Client: mads.amazon-adsystem.com][JA3C: bdf21e38e1f69776df407235625e75e2][ServerNames: mads.amazon-adsystem.com,mads.amazon.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=mads.amazon.com][Certificate SHA-1: E0:2E:BD:D6:46:9B:05:03:93:CC:A7:28:7A:F4:57:9C:EB:40:8F:AB][Firefox][Validity: 2016-09-23 00:00:00 - 2017-10-22 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,12,0,12,0,0,0,12,0,0,0,0,12,0,0,0,0,0,12,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] - 71 TCP 172.16.42.216:45695 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][13 pkts/4352 bytes <-> 10 pkts/1702 bytes][Goodput ratio: 83/66][4.61 sec][ALPN: h2;http/1.1][bytes ratio: 0.438 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 51/36 165/70 55/29][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 335/170 1514/555 510/190][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,20,10,0,0,0,20,10,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0] - 72 TCP 172.16.42.216:45688 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][12 pkts/4484 bytes <-> 8 pkts/1439 bytes][Goodput ratio: 85/68][0.83 sec][ALPN: h2;http/1.1][bytes ratio: 0.514 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 82/34 462/65 131/27][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 374/180 1514/891 537/270][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,25,12,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] - 73 TCP 172.16.42.216:42144 <-> 72.21.206.135:443 [proto: 91.178/TLS.Amazon][cat: Web/5][12 pkts/4652 bytes <-> 11 pkts/1197 bytes][Goodput ratio: 86/46][1.06 sec][ALPN: h2;http/1.1][bytes ratio: 0.591 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 40/17 110/64 38/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 388/109 1514/445 525/115][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: fls-na.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,12,0,0,12,0,0,12,12,0,0,0,12,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] - 74 TCP 172.16.42.216:34041 <-> 54.239.24.186:443 [proto: 91.178/TLS.Amazon][cat: Web/5][11 pkts/4772 bytes <-> 8 pkts/1021 bytes][Goodput ratio: 87/54][0.71 sec][ALPN: h2;http/1.1][bytes ratio: 0.648 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 78/15 402/57 120/22][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 434/128 1514/449 567/131][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: mobileanalytics.us-east-1.amazonaws.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,14,0,0,14,0,0,0,14,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,14,0,14,0,0] - 75 TCP 172.16.42.216:45730 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][12 pkts/4052 bytes <-> 8 pkts/1695 bytes][Goodput ratio: 83/73][2.11 sec][ALPN: h2;http/1.1][bytes ratio: 0.410 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 211/94 922/264 266/97][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 338/212 1514/1147 531/355][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,25,12,0,0,12,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,25,0,0] - 76 TCP 172.16.42.216:45676 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][12 pkts/3258 bytes <-> 10 pkts/2390 bytes][Goodput ratio: 79/76][1.93 sec][ALPN: h2;http/1.1][bytes ratio: 0.154 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 199/75 1078/275 321/99][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 272/239 1200/891 420/327][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,25,12,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0] - 77 TCP 172.16.42.216:45704 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][14 pkts/4417 bytes <-> 9 pkts/1227 bytes][Goodput ratio: 82/57][2.65 sec][ALPN: h2;http/1.1][bytes ratio: 0.565 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 100/113 506/431 150/168][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 316/136 1514/619 495/173][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,30,10,0,0,20,0,10,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0] - 78 TCP 172.16.42.216:45728 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][12 pkts/4052 bytes <-> 8 pkts/1119 bytes][Goodput ratio: 83/58][2.13 sec][ALPN: h2;http/1.1][bytes ratio: 0.567 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 213/90 941/264 271/100][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 338/140 1514/571 531/165][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,25,12,0,0,12,0,12,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] - 79 TCP 172.16.42.216:40878 <-> 54.239.29.253:443 [proto: 91.178/TLS.Amazon][cat: Web/5][13 pkts/2948 bytes <-> 10 pkts/1947 bytes][Goodput ratio: 75/70][6.35 sec][ALPN: h2;http/1.1][bytes ratio: 0.204 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 406/60 3799/294 1132/105][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 227/195 1514/1147 385/320][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: skills-store.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,22,11,0,22,0,0,11,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,11,0,0] + 71 TCP 172.16.42.216:45695 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][13 pkts/4352 bytes <-> 10 pkts/1702 bytes][Goodput ratio: 83/66][4.61 sec][ALPN: h2;http/1.1][bytes ratio: 0.438 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 51/36 165/70 55/29][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 335/170 1514/555 510/190][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,20,10,0,0,0,20,10,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0] + 72 TCP 172.16.42.216:45688 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][12 pkts/4484 bytes <-> 8 pkts/1439 bytes][Goodput ratio: 85/68][0.83 sec][ALPN: h2;http/1.1][bytes ratio: 0.514 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 82/34 462/65 131/27][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 374/180 1514/891 537/270][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,25,12,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] + 73 TCP 172.16.42.216:42144 <-> 72.21.206.135:443 [proto: 91.178/TLS.Amazon][cat: Web/5][12 pkts/4652 bytes <-> 11 pkts/1197 bytes][Goodput ratio: 86/46][1.06 sec][ALPN: h2;http/1.1][bytes ratio: 0.591 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 40/17 110/64 38/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 388/109 1514/445 525/115][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: fls-na.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,12,0,0,12,0,0,12,12,0,0,0,12,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] + 74 TCP 172.16.42.216:34041 <-> 54.239.24.186:443 [proto: 91.178/TLS.Amazon][cat: Web/5][11 pkts/4772 bytes <-> 8 pkts/1021 bytes][Goodput ratio: 87/54][0.71 sec][ALPN: h2;http/1.1][bytes ratio: 0.648 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 78/15 402/57 120/22][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 434/128 1514/449 567/131][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: mobileanalytics.us-east-1.amazonaws.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,14,0,0,14,0,0,0,14,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,14,0,14,0,0] + 75 TCP 172.16.42.216:45730 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][12 pkts/4052 bytes <-> 8 pkts/1695 bytes][Goodput ratio: 83/73][2.11 sec][ALPN: h2;http/1.1][bytes ratio: 0.410 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 211/94 922/264 266/97][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 338/212 1514/1147 531/355][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,25,12,0,0,12,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,25,0,0] + 76 TCP 172.16.42.216:45676 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][12 pkts/3258 bytes <-> 10 pkts/2390 bytes][Goodput ratio: 79/76][1.93 sec][ALPN: h2;http/1.1][bytes ratio: 0.154 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 199/75 1078/275 321/99][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 272/239 1200/891 420/327][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,25,12,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0] + 77 TCP 172.16.42.216:45704 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][14 pkts/4417 bytes <-> 9 pkts/1227 bytes][Goodput ratio: 82/57][2.65 sec][ALPN: h2;http/1.1][bytes ratio: 0.565 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 100/113 506/431 150/168][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 316/136 1514/619 495/173][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,30,10,0,0,20,0,10,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0] + 78 TCP 172.16.42.216:45728 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][12 pkts/4052 bytes <-> 8 pkts/1119 bytes][Goodput ratio: 83/58][2.13 sec][ALPN: h2;http/1.1][bytes ratio: 0.567 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 213/90 941/264 271/100][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 338/140 1514/571 531/165][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,25,12,0,0,12,0,12,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] + 79 TCP 172.16.42.216:40878 <-> 54.239.29.253:443 [proto: 91.178/TLS.Amazon][cat: Web/5][13 pkts/2948 bytes <-> 10 pkts/1947 bytes][Goodput ratio: 75/70][6.35 sec][ALPN: h2;http/1.1][bytes ratio: 0.204 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 406/60 3799/294 1132/105][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 227/195 1514/1147 385/320][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: skills-store.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,22,11,0,22,0,0,11,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,11,0,0] 80 TCP 172.16.42.216:37113 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][13 pkts/3881 bytes <-> 11 pkts/979 bytes][Goodput ratio: 81/34][101.19 sec][bytes ratio: 0.597 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 9975/51 99124/160 29716/50][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 299/89 1514/251 520/57][Risk: ** Obsolete TLS version (< 1.1) **** Weak TLS cipher **][Risk Score: 100][TLSv1][JA3C: f8f5b71e02603b283e55b50d17ede861][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 12,25,12,0,0,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] - 81 TCP 172.16.42.216:45687 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][11 pkts/3204 bytes <-> 8 pkts/1439 bytes][Goodput ratio: 81/68][1.60 sec][ALPN: h2;http/1.1][bytes ratio: 0.380 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 175/92 839/363 256/141][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 291/180 1200/891 434/270][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,28,14,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0] - 82 TCP 172.16.42.216:38364 <-> 34.199.52.240:443 [proto: 91.178/TLS.Amazon][cat: Web/5][10 pkts/1839 bytes <-> 8 pkts/2676 bytes][Goodput ratio: 65/80][4.64 sec][ALPN: h2;http/1.1][bytes ratio: -0.185 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 568/909 4291/4349 1408/1720][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 184/334 950/1514 267/475][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: cognito-identity.us-east-1.amazonaws.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 303951d4c50efb2e991652225a6f02b1][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 14,14,0,0,14,0,0,0,14,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0] + 81 TCP 172.16.42.216:45687 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][11 pkts/3204 bytes <-> 8 pkts/1439 bytes][Goodput ratio: 81/68][1.60 sec][ALPN: h2;http/1.1][bytes ratio: 0.380 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 175/92 839/363 256/141][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 291/180 1200/891 434/270][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,28,14,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0] + 82 TCP 172.16.42.216:38364 <-> 34.199.52.240:443 [proto: 91.178/TLS.Amazon][cat: Web/5][10 pkts/1839 bytes <-> 8 pkts/2676 bytes][Goodput ratio: 65/80][4.64 sec][ALPN: h2;http/1.1][bytes ratio: -0.185 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 568/909 4291/4349 1408/1720][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 184/334 950/1514 267/475][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: cognito-identity.us-east-1.amazonaws.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 303951d4c50efb2e991652225a6f02b1][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 14,14,0,0,14,0,0,0,14,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0] 83 TCP 172.16.42.216:39750 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][11 pkts/3427 bytes <-> 8 pkts/990 bytes][Goodput ratio: 82/54][10.86 sec][bytes ratio: 0.552 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1171/307 7806/676 2441/248][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 312/124 1344/251 489/78][Risk: ** Obsolete TLS version (< 1.1) **** Weak TLS cipher **][Risk Score: 100][TLSv1][JA3C: f8f5b71e02603b283e55b50d17ede861][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,25,12,0,0,12,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0] - 84 TCP 172.16.42.216:45750 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][11 pkts/2308 bytes <-> 9 pkts/1786 bytes][Goodput ratio: 73/71][14.18 sec][ALPN: h2;http/1.1][bytes ratio: 0.128 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1574/1261 6636/6789 2408/2485][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 210/198 752/619 264/226][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,25,12,0,0,0,0,12,0,0,0,0,0,0,0,0,0,25,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 85 TCP 172.16.42.216:45751 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][12 pkts/2858 bytes <-> 9 pkts/1147 bytes][Goodput ratio: 77/54][5.53 sec][ALPN: h2;http/1.1][bytes ratio: 0.427 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 576/51 3507/307 1076/114][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 238/127 1514/539 396/148][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,25,12,0,0,0,25,12,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0] - 86 TCP 172.16.42.216:45752 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][11 pkts/2554 bytes <-> 7 pkts/1347 bytes][Goodput ratio: 76/70][6.39 sec][ALPN: h2;http/1.1][bytes ratio: 0.309 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 710/47 5318/161 1636/67][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 232/192 1514/859 413/274][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,28,14,0,0,14,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0] - 87 TCP 172.16.42.216:45729 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][11 pkts/2634 bytes <-> 8 pkts/1167 bytes][Goodput ratio: 77/60][2.03 sec][ALPN: h2;http/1.1][bytes ratio: 0.386 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 225/87 1171/213 351/79][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 239/146 1514/619 414/181][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,28,14,0,0,0,0,14,14,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0] - 88 TCP 172.16.42.216:45731 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][11 pkts/2586 bytes <-> 8 pkts/1103 bytes][Goodput ratio: 76/58][2.10 sec][ALPN: h2;http/1.1][bytes ratio: 0.402 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 232/44 1171/139 350/57][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 235/138 1514/555 413/160][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,28,14,0,0,0,14,14,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0] - 89 TCP 172.16.42.216:45705 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][11 pkts/2522 bytes <-> 8 pkts/1151 bytes][Goodput ratio: 76/60][2.65 sec][ALPN: h2;http/1.1][bytes ratio: 0.373 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 294/123 899/429 317/169][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 229/144 1514/603 413/176][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,28,14,0,14,0,0,14,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0] - 90 TCP 172.16.42.216:45663 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][10 pkts/1988 bytes <-> 8 pkts/1439 bytes][Goodput ratio: 72/68][1.00 sec][ALPN: h2;http/1.1][bytes ratio: 0.160 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 120/18 711/52 226/22][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 199/180 1184/891 336/270][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,34,16,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0] - 91 TCP 172.16.42.216:45662 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][10 pkts/1956 bytes <-> 8 pkts/1439 bytes][Goodput ratio: 71/68][1.02 sec][ALPN: h2;http/1.1][bytes ratio: 0.152 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 125/16 711/63 224/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 196/180 1152/891 327/270][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,34,16,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0] - 92 TCP 172.16.42.216:45677 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][10 pkts/1988 bytes <-> 7 pkts/1379 bytes][Goodput ratio: 72/71][1.91 sec][ALPN: h2;http/1.1][bytes ratio: 0.181 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 202/62 1313/148 421/64][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 199/197 1184/891 336/285][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,34,16,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0] - 93 TCP 172.16.42.216:45709 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][11 pkts/1849 bytes <-> 9 pkts/1227 bytes][Goodput ratio: 67/57][6.32 sec][ALPN: h2;http/1.1][bytes ratio: 0.202 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/0 702/216 4375/1192 1340/437][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 168/136 752/619 205/173][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,28,14,0,0,0,0,28,0,0,0,0,0,0,0,0,0,14,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 84 TCP 172.16.42.216:45750 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][11 pkts/2308 bytes <-> 9 pkts/1786 bytes][Goodput ratio: 73/71][14.18 sec][ALPN: h2;http/1.1][bytes ratio: 0.128 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1574/1261 6636/6789 2408/2485][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 210/198 752/619 264/226][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,25,12,0,0,0,0,12,0,0,0,0,0,0,0,0,0,25,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 85 TCP 172.16.42.216:45751 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][12 pkts/2858 bytes <-> 9 pkts/1147 bytes][Goodput ratio: 77/54][5.53 sec][ALPN: h2;http/1.1][bytes ratio: 0.427 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 576/51 3507/307 1076/114][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 238/127 1514/539 396/148][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,25,12,0,0,0,25,12,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0] + 86 TCP 172.16.42.216:45752 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][11 pkts/2554 bytes <-> 7 pkts/1347 bytes][Goodput ratio: 76/70][6.39 sec][ALPN: h2;http/1.1][bytes ratio: 0.309 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 710/47 5318/161 1636/67][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 232/192 1514/859 413/274][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,28,14,0,0,14,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0] + 87 TCP 172.16.42.216:45729 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][11 pkts/2634 bytes <-> 8 pkts/1167 bytes][Goodput ratio: 77/60][2.03 sec][ALPN: h2;http/1.1][bytes ratio: 0.386 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 225/87 1171/213 351/79][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 239/146 1514/619 414/181][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,28,14,0,0,0,0,14,14,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0] + 88 TCP 172.16.42.216:45731 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][11 pkts/2586 bytes <-> 8 pkts/1103 bytes][Goodput ratio: 76/58][2.10 sec][ALPN: h2;http/1.1][bytes ratio: 0.402 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 232/44 1171/139 350/57][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 235/138 1514/555 413/160][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,28,14,0,0,0,14,14,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0] + 89 TCP 172.16.42.216:45705 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][11 pkts/2522 bytes <-> 8 pkts/1151 bytes][Goodput ratio: 76/60][2.65 sec][ALPN: h2;http/1.1][bytes ratio: 0.373 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 294/123 899/429 317/169][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 229/144 1514/603 413/176][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,28,14,0,14,0,0,14,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0] + 90 TCP 172.16.42.216:45663 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][10 pkts/1988 bytes <-> 8 pkts/1439 bytes][Goodput ratio: 72/68][1.00 sec][ALPN: h2;http/1.1][bytes ratio: 0.160 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 120/18 711/52 226/22][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 199/180 1184/891 336/270][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,34,16,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0] + 91 TCP 172.16.42.216:45662 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][10 pkts/1956 bytes <-> 8 pkts/1439 bytes][Goodput ratio: 71/68][1.02 sec][ALPN: h2;http/1.1][bytes ratio: 0.152 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 125/16 711/63 224/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 196/180 1152/891 327/270][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,34,16,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0] + 92 TCP 172.16.42.216:45677 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][10 pkts/1988 bytes <-> 7 pkts/1379 bytes][Goodput ratio: 72/71][1.91 sec][ALPN: h2;http/1.1][bytes ratio: 0.181 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 202/62 1313/148 421/64][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 199/197 1184/891 336/285][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,34,16,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0] + 93 TCP 172.16.42.216:45709 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][11 pkts/1849 bytes <-> 9 pkts/1227 bytes][Goodput ratio: 67/57][6.32 sec][ALPN: h2;http/1.1][bytes ratio: 0.202 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/0 702/216 4375/1192 1340/437][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 168/136 752/619 205/173][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,28,14,0,0,0,0,28,0,0,0,0,0,0,0,0,0,14,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 94 TCP 172.16.42.216:49589 <-> 52.94.232.134:80 [proto: 7.110/HTTP.AmazonAlexa][cat: VirtualAssistant/32][7 pkts/2390 bytes <-> 4 pkts/419 bytes][Goodput ratio: 83/44][1.98 sec][Host: alexa.amazon.com][bytes ratio: 0.702 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 383/224 1350/449 498/224][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 341/105 1050/237 448/76][URL: alexa.amazon.com/lib/bootstrap/img/glyphicons-halflings.png][StatusCode: 404][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.292][PLAIN TEXT (GET /lib/bootstrap/im)][Plen Bins: 0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 95 TCP 172.16.42.216:49572 <-> 52.94.232.134:80 [proto: 7.110/HTTP.AmazonAlexa][cat: VirtualAssistant/32][6 pkts/1152 bytes <-> 4 pkts/1582 bytes][Goodput ratio: 70/85][1.16 sec][Host: alexa.amazon.com][bytes ratio: -0.157 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/15 232/42 901/70 336/28][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 192/396 862/1400 300/580][URL: alexa.amazon.com/manifest/pitangui.appcache][StatusCode: 200][Content-Type: text/cache-manifest][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.292][PLAIN TEXT (GET /manifest/pitangui.appcache)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0] 96 TCP 172.16.42.216:49606 <-> 52.94.232.134:80 [proto: 7.110/HTTP.AmazonAlexa][cat: VirtualAssistant/32][6 pkts/1124 bytes <-> 4 pkts/1582 bytes][Goodput ratio: 69/85][4.72 sec][Host: alexa.amazon.com][bytes ratio: -0.169 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/17 943/66 4438/116 1748/50][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 187/396 834/1400 289/580][URL: alexa.amazon.com/manifest/pitangui.appcache][StatusCode: 200][Content-Type: text/cache-manifest][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.292][PLAIN TEXT (GET /manifest/pitangui.appcache)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0] @@ -116,11 +116,11 @@ JA3 Host Stats: 98 TCP 172.16.42.216:42878 <-> 173.194.223.188:5228 [proto: 91.239/TLS.GoogleServices][cat: Web/5][8 pkts/1484 bytes <-> 9 pkts/1103 bytes][Goodput ratio: 63/45][0.44 sec][bytes ratio: 0.147 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 46/36 119/119 39/43][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 186/123 583/205 193/57][Risk: ** Known protocol on non standard port **** TLS (probably) not carrying HTTPS **][Risk Score: 20][TLSv1.2][Client: mtalk.google.com][JA3C: a5a59633017c3d696d2c69350e5fc004][JA3S: 9b1466fd60cadccb848e09c86e284265][Safari][Cipher: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256][Plen Bins: 12,12,0,38,12,0,0,0,0,0,0,12,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 99 TCP 172.16.42.216:58048 <-> 54.239.28.178:443 [proto: 91.178/TLS.Amazon][cat: Web/5][10 pkts/1320 bytes <-> 9 pkts/1259 bytes][Goodput ratio: 58/58][0.27 sec][bytes ratio: 0.024 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/23 69/70 31/32][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 132/140 544/651 147/183][Risk: ** Obsolete TLS version (< 1.1) **** Weak TLS cipher **][Risk Score: 100][TLSv1][JA3C: f8f5b71e02603b283e55b50d17ede861][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,42,14,0,0,14,0,0,0,0,0,0,0,0,0,14,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 100 TCP 172.16.42.216:49630 <-> 52.94.232.134:80 [proto: 7.110/HTTP.AmazonAlexa][cat: VirtualAssistant/32][6 pkts/1340 bytes <-> 4 pkts/419 bytes][Goodput ratio: 74/44][5.51 sec][Host: alexa.amazon.com][bytes ratio: 0.524 (Upload)][IAT c2s/s2c min/avg/max/stddev: 23/0 1100/138 4406/275 1672/138][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 223/105 1050/237 370/76][URL: alexa.amazon.com/lib/bootstrap/img/glyphicons-halflings.png][StatusCode: 404][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.292][PLAIN TEXT (GET /lib/bootstrap/im)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 101 TCP 172.16.42.216:45697 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][9 pkts/1043 bytes <-> 5 pkts/428 bytes][Goodput ratio: 51/32][4.57 sec][ALPN: h2;http/1.1][bytes ratio: 0.418 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 68/182 298/364 98/182][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 116/86 293/139 96/32][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,40,20,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 102 TCP 172.16.42.216:45683 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][9 pkts/804 bytes <-> 6 pkts/620 bytes][Goodput ratio: 37/44][1.83 sec][ALPN: h2;http/1.1][bytes ratio: 0.129 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 261/21 1643/62 565/29][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 89/103 293/192 74/49][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,40,20,0,20,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 103 TCP 172.16.42.216:45698 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][9 pkts/804 bytes <-> 6 pkts/620 bytes][Goodput ratio: 37/44][4.37 sec][ALPN: h2;http/1.1][bytes ratio: 0.129 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 624/21 4189/59 1456/27][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 89/103 293/192 74/49][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,40,20,0,20,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 104 TCP 172.16.42.216:45678 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][8 pkts/750 bytes <-> 6 pkts/488 bytes][Goodput ratio: 40/28][1.91 sec][ALPN: h2;http/1.1][bytes ratio: 0.212 (Upload)][IAT c2s/s2c min/avg/max/stddev: 3/0 48/38 103/102 37/45][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 94/81 293/139 78/31][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,50,25,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 105 TCP 172.16.42.216:45679 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][8 pkts/750 bytes <-> 5 pkts/428 bytes][Goodput ratio: 40/32][1.90 sec][ALPN: h2;http/1.1][bytes ratio: 0.273 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 44/87 101/159 37/66][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 94/86 293/139 78/32][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,50,25,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 101 TCP 172.16.42.216:45697 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][9 pkts/1043 bytes <-> 5 pkts/428 bytes][Goodput ratio: 51/32][4.57 sec][ALPN: h2;http/1.1][bytes ratio: 0.418 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 68/182 298/364 98/182][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 116/86 293/139 96/32][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,40,20,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 102 TCP 172.16.42.216:45683 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][9 pkts/804 bytes <-> 6 pkts/620 bytes][Goodput ratio: 37/44][1.83 sec][ALPN: h2;http/1.1][bytes ratio: 0.129 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 261/21 1643/62 565/29][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 89/103 293/192 74/49][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,40,20,0,20,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 103 TCP 172.16.42.216:45698 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][9 pkts/804 bytes <-> 6 pkts/620 bytes][Goodput ratio: 37/44][4.37 sec][ALPN: h2;http/1.1][bytes ratio: 0.129 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 624/21 4189/59 1456/27][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 89/103 293/192 74/49][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,40,20,0,20,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 104 TCP 172.16.42.216:45678 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][8 pkts/750 bytes <-> 6 pkts/488 bytes][Goodput ratio: 40/28][1.91 sec][ALPN: h2;http/1.1][bytes ratio: 0.212 (Upload)][IAT c2s/s2c min/avg/max/stddev: 3/0 48/38 103/102 37/45][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 94/81 293/139 78/31][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,50,25,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 105 TCP 172.16.42.216:45679 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][8 pkts/750 bytes <-> 5 pkts/428 bytes][Goodput ratio: 40/32][1.90 sec][ALPN: h2;http/1.1][bytes ratio: 0.273 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 44/87 101/159 37/66][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 94/86 293/139 78/32][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,50,25,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 106 TCP 172.16.42.216:35540 <-> 172.217.9.142:80 [proto: 7.126/HTTP.Google][cat: ConnectivityCheck/30][4 pkts/460 bytes <-> 3 pkts/289 bytes][Goodput ratio: 41/29][0.09 sec][Host: connectivitycheck.android.com][bytes ratio: 0.228 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/0 30/24 45/48 20/24][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 115/96 254/149 80/37][URL: connectivitycheck.android.com/generate_204][StatusCode: 204][User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1.1; LGLS751 Build/LMY47V)][PLAIN TEXT (GET /generate)][Plen Bins: 0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 107 TCP 172.16.42.216:60246 <-> 172.217.9.142:80 [proto: 7.126/HTTP.Google][cat: ConnectivityCheck/30][4 pkts/460 bytes <-> 3 pkts/289 bytes][Goodput ratio: 41/29][0.14 sec][Host: connectivitycheck.android.com][bytes ratio: 0.228 (Upload)][IAT c2s/s2c min/avg/max/stddev: 3/8 45/48 94/89 37/40][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 115/96 254/149 80/37][URL: connectivitycheck.android.com/generate_204][StatusCode: 204][User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1.1; LGLS751 Build/LMY47V)][PLAIN TEXT (GET /generate)][Plen Bins: 0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 108 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][cat: Network/14][2 pkts/714 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][< 1 sec][Host: android-1c1335ec95a27318][DHCP Fingerprint: 1,33,3,6,15,26,28][PLAIN TEXT (android)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/android.pcap.out b/tests/result/android.pcap.out index 2109cac1b..fea25e374 100644 --- a/tests/result/android.pcap.out +++ b/tests/result/android.pcap.out @@ -20,13 +20,13 @@ JA3 Host Stats: 1 TCP 192.168.2.16:32996 <-> 216.239.38.120:443 [proto: 91.126/TLS.Google][cat: Web/5][17 pkts/1949 bytes <-> 15 pkts/11826 bytes][Goodput ratio: 42/92][0.75 sec][ALPN: http/1.1][bytes ratio: -0.717 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 56/27 386/221 108/60][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 115/788 578/1484 125/627][TLSv1.2][Client: www.google.com][JA3C: 6ec2896feff5746955f700c0023f5804][ServerNames: www.google.com][JA3S: eca9b8f0f3eae50309eaf901cb822d9b][Issuer: C=US, O=Google Trust Services, CN=GTS CA 1O1][Subject: C=US, ST=California, L=Mountain View, O=Google LLC, CN=www.google.com][Certificate SHA-1: 32:07:6C:9F:96:7D:CE:82:15:C6:C5:7B:49:90:53:A1:CF:80:4F:B0][Safari][Validity: 2020-02-12 11:47:41 - 2020-05-06 11:47:41][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,13,6,0,0,6,0,0,0,6,6,0,0,0,0,0,6,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,6,0,35,0,0,0] 2 TCP 192.168.2.16:33002 <-> 216.239.38.120:443 [proto: 91.126/TLS.Google][cat: Web/5][15 pkts/2371 bytes <-> 15 pkts/6005 bytes][Goodput ratio: 58/83][0.35 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.434 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 24/10 184/48 49/16][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 158/400 670/1484 186/477][TLSv1.3][Client: accounts.google.com][JA3C: 66918128f1b9b03303d77c6f2eefd128][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 11,18,18,0,0,0,11,0,5,0,0,0,0,0,0,0,5,0,11,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0] - 3 TCP 192.168.2.16:32990 <-> 216.239.38.120:443 [proto: 91.228/TLS.PlayStore][cat: SoftwareUpdate/19][11 pkts/2272 bytes <-> 10 pkts/5932 bytes][Goodput ratio: 68/89][0.35 sec][bytes ratio: -0.446 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 44/23 128/77 45/30][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 207/593 1023/1484 297/582][Risk: ** TLS (probably) not carrying HTTPS **][Risk Score: 10][TLSv1.3][Client: android.clients.google.com][JA3C: 9c815150ea821166faecf80757d8826a][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 11,0,11,0,0,0,0,0,0,0,0,0,0,11,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,11,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0] - 4 TCP 192.168.2.16:32986 <-> 216.239.38.120:443 [proto: 91.228/TLS.PlayStore][cat: SoftwareUpdate/19][11 pkts/2233 bytes <-> 10 pkts/5793 bytes][Goodput ratio: 67/88][0.49 sec][bytes ratio: -0.444 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 60/39 185/181 63/59][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 203/579 984/1484 287/585][Risk: ** TLS (probably) not carrying HTTPS **][Risk Score: 10][TLSv1.3][Client: android.clients.google.com][JA3C: 9c815150ea821166faecf80757d8826a][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 11,0,11,0,0,0,0,0,11,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,11,11,0,0,11,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0] + 3 TCP 192.168.2.16:32990 <-> 216.239.38.120:443 [proto: 91.228/TLS.PlayStore][cat: SoftwareUpdate/19][11 pkts/2272 bytes <-> 10 pkts/5932 bytes][Goodput ratio: 68/89][0.35 sec][bytes ratio: -0.446 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 44/23 128/77 45/30][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 207/593 1023/1484 297/582][Risk: ** TLS (probably) not carrying HTTPS **][Risk Score: 10][TLSv1.3][Client: android.clients.google.com][JA3C: 9c815150ea821166faecf80757d8826a][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Safari][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 11,0,11,0,0,0,0,0,0,0,0,0,0,11,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,11,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0] + 4 TCP 192.168.2.16:32986 <-> 216.239.38.120:443 [proto: 91.228/TLS.PlayStore][cat: SoftwareUpdate/19][11 pkts/2233 bytes <-> 10 pkts/5793 bytes][Goodput ratio: 67/88][0.49 sec][bytes ratio: -0.444 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 60/39 185/181 63/59][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 203/579 984/1484 287/585][Risk: ** TLS (probably) not carrying HTTPS **][Risk Score: 10][TLSv1.3][Client: android.clients.google.com][JA3C: 9c815150ea821166faecf80757d8826a][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Safari][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 11,0,11,0,0,0,0,0,11,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,11,11,0,0,11,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0] 5 TCP 192.168.2.16:51928 <-> 172.217.21.202:443 [proto: 91.46/TLS.DataSaver][cat: Web/5][14 pkts/2051 bytes <-> 13 pkts/5408 bytes][Goodput ratio: 55/84][0.35 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.450 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 24/14 132/77 37/24][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 146/416 583/1484 145/494][TLSv1.3][Client: datasaver.googleapis.com][JA3C: 66918128f1b9b03303d77c6f2eefd128][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 13,13,21,0,0,0,0,6,0,6,6,0,0,0,0,6,6,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0] 6 TCP 192.168.2.16:32974 <-> 216.239.38.120:443 [proto: 91.126/TLS.Google][cat: Web/5][13 pkts/1439 bytes <-> 10 pkts/5592 bytes][Goodput ratio: 40/88][0.52 sec][bytes ratio: -0.591 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 48/34 202/137 60/48][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 111/559 380/1484 92/576][Risk: ** TLS (probably) not carrying HTTPS **][Risk Score: 10][TLSv1.2][Client: clients1.google.com][JA3C: c60d01d600aacc2c04844595ce224279][ServerNames: *.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.crowdsource.google.com,*.g.co,*.gcp.gvt2.com,*.gcpcdn.gvt1.com,*.ggpht.cn,*.gkecnapps.cn,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecnapps.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gstaticcnapps.cn,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.wear.gkecnapps.cn,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.youtubekids.com,*.yt.be,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,developers.android.google.cn,g.co,ggpht.cn,gkecnapps.cn,goo.gl,google-analytics.com,google.com,googlecnapps.cn,googlecommerce.com,source.android.google.cn,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com,youtubekids.com,yt.be][JA3S: b31c0b82752ea0e2c48b8ce46e9263e5][Issuer: C=US, O=Google Trust Services, CN=GTS CA 1O1][Subject: C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google.com][Certificate SHA-1: 80:50:28:F4:84:F5:C4:C6:41:DE:75:67:38:C4:A6:E2:59:FF:75:42][Safari][Validity: 2020-02-12 11:47:11 - 2020-05-06 11:47:11][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,11,11,0,0,11,11,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0] 7 TCP 192.168.2.16:50384 <-> 172.217.168.206:443 [proto: 91.126/TLS.Google][cat: Web/5][11 pkts/1365 bytes <-> 9 pkts/5365 bytes][Goodput ratio: 45/89][2.49 sec][ALPN: http/1.1][bytes ratio: -0.594 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 277/69 1716/301 516/102][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 124/596 407/1484 105/544][TLSv1.2][Client: app-measurement.com][JA3C: 6ec2896feff5746955f700c0023f5804][ServerNames: *.google-analytics.com,*.fps.goog,app-measurement.com,fps.goog,google-analytics.com,googleoptimize.com,googletagmanager.com,service.urchin.com,ssl.google-analytics.com,urchin.com,www.google-analytics.com,www.googleoptimize.com,www.googletagmanager.com][JA3S: 9d9ce860f1b1cbef07b019450cb368d8][Issuer: C=US, O=Google Trust Services, CN=GTS CA 1O1][Subject: C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google-analytics.com][Certificate SHA-1: B0:D9:D3:57:C2:34:87:2C:FB:F5:E6:BD:7F:9F:54:65:08:61:AF:01][Safari][Validity: 2020-02-12 11:37:03 - 2020-05-06 11:37:03][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,11,0,0,11,0,0,0,11,11,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0] 8 TCP 192.168.2.16:52486 <-> 172.217.20.74:443 [proto: 91.239/TLS.GoogleServices][cat: Web/5][12 pkts/1298 bytes <-> 10 pkts/5186 bytes][Goodput ratio: 38/87][1.75 sec][ALPN: http/1.1][bytes ratio: -0.600 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 194/37 1374/212 422/70][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 108/519 286/1484 76/570][TLSv1.2][Client: play.googleapis.com][JA3C: d8c87b9bfde38897979e41242626c2f3][ServerNames: *.storage.googleapis.com,*.appspot.com.storage.googleapis.com,*.commondatastorage.googleapis.com,*.content-storage-download.googleapis.com,*.content-storage-upload.googleapis.com,*.content-storage.googleapis.com,*.googleapis.com,*.storage-download.googleapis.com,*.storage-upload.googleapis.com,*.storage.select.googleapis.com,commondatastorage.googleapis.com,storage.googleapis.com,storage.select.googleapis.com,unfiltered.news][JA3S: eca9b8f0f3eae50309eaf901cb822d9b][Issuer: C=US, O=Google Trust Services, CN=GTS CA 1O1][Subject: C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.storage.googleapis.com][Certificate SHA-1: BA:BA:BA:55:69:9F:E0:BD:48:80:23:A4:B3:AD:C1:FF:EA:4E:17:C9][Safari][Validity: 2020-02-12 11:45:22 - 2020-05-06 11:45:22][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,10,10,0,20,10,10,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,20,0,0,0] - 9 TCP 192.168.2.16:32988 <-> 216.239.38.120:443 [proto: 91.228/TLS.PlayStore][cat: SoftwareUpdate/19][8 pkts/2089 bytes <-> 7 pkts/4242 bytes][Goodput ratio: 74/89][0.97 sec][bytes ratio: -0.340 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 158/80 530/246 186/98][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 261/606 1038/1484 338/639][Risk: ** TLS (probably) not carrying HTTPS **][Risk Score: 10][TLSv1.3][Client: android.clients.google.com][JA3C: 9c815150ea821166faecf80757d8826a][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0] + 9 TCP 192.168.2.16:32988 <-> 216.239.38.120:443 [proto: 91.228/TLS.PlayStore][cat: SoftwareUpdate/19][8 pkts/2089 bytes <-> 7 pkts/4242 bytes][Goodput ratio: 74/89][0.97 sec][bytes ratio: -0.340 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 158/80 530/246 186/98][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 261/606 1038/1484 338/639][Risk: ** TLS (probably) not carrying HTTPS **][Risk Score: 10][TLSv1.3][Client: android.clients.google.com][JA3C: 9c815150ea821166faecf80757d8826a][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Safari][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0] 10 TCP 192.168.2.16:36888 <-> 172.217.18.3:443 [proto: 91.126/TLS.Google][cat: ConnectivityCheck/30][9 pkts/1175 bytes <-> 7 pkts/4762 bytes][Goodput ratio: 47/90][1.62 sec][ALPN: http/1.1][bytes ratio: -0.604 (Download)][IAT c2s/s2c min/avg/max/stddev: 27/28 203/104 522/277 176/93][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 131/680 327/1484 93/575][TLSv1.2][Client: connectivitycheck.gstatic.com][JA3C: d8c87b9bfde38897979e41242626c2f3][Safari][Plen Bins: 0,0,12,0,0,0,12,0,12,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0] 11 TCP 192.168.2.16:36890 <-> 172.217.18.3:443 [proto: 91.126/TLS.Google][cat: ConnectivityCheck/30][9 pkts/1151 bytes <-> 7 pkts/4762 bytes][Goodput ratio: 48/90][0.84 sec][ALPN: http/1.1][bytes ratio: -0.611 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 120/15 647/36 217/16][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 128/680 327/1484 95/575][TLSv1.2][Client: connectivitycheck.gstatic.com][JA3C: d8c87b9bfde38897979e41242626c2f3][ServerNames: *.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.crowdsource.google.com,*.g.co,*.gcp.gvt2.com,*.gcpcdn.gvt1.com,*.ggpht.cn,*.gkecnapps.cn,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecnapps.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gstaticcnapps.cn,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.wear.gkecnapps.cn,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.youtubekids.com,*.yt.be,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,developers.android.google.cn,g.co,ggpht.cn,gkecnapps.cn,goo.gl,google-analytics.com,google.com,googlecnapps.cn,googlecommerce.com,source.android.google.cn,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com,youtubekids.com,yt.be][JA3S: eca9b8f0f3eae50309eaf901cb822d9b][Issuer: C=US, O=Google Trust Services, CN=GTS CA 1O1][Subject: C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google.com][Certificate SHA-1: 80:50:28:F4:84:F5:C4:C6:41:DE:75:67:38:C4:A6:E2:59:FF:75:42][Safari][Validity: 2020-02-12 11:47:11 - 2020-05-06 11:47:11][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,12,0,0,0,12,0,12,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0] 12 TCP 192.168.2.16:33014 <-> 216.239.38.120:443 [proto: 91.126/TLS.Google][cat: Web/5][11 pkts/1877 bytes <-> 7 pkts/3708 bytes][Goodput ratio: 61/87][0.20 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.328 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 21/11 96/40 29/16][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 171/530 583/1484 180/574][TLSv1.3][Client: www.google.com][JA3C: 66918128f1b9b03303d77c6f2eefd128][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 22,0,22,0,0,0,0,0,0,0,0,0,0,11,0,0,11,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,11,0,0,0] @@ -36,13 +36,13 @@ JA3 Host Stats: 16 TCP 192.168.2.16:32998 <-> 216.239.38.120:443 [proto: 91.126/TLS.Google][cat: Web/5][8 pkts/1005 bytes <-> 6 pkts/3449 bytes][Goodput ratio: 51/88][0.05 sec][ALPN: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.549 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/9 20/17 8/8][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 126/575 583/1484 173/647][TLSv1.3][Client: accounts.google.com][JA3C: 66918128f1b9b03303d77c6f2eefd128][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] 17 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][cat: Network/14][12 pkts/4088 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][82.22 sec][Host: lucas-imac][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 130/0 6001/0 8764/0 3124/0][Pkt Len c2s/s2c min/avg/max/stddev: 328/0 341/0 342/0 4/0][DHCP Fingerprint: 1,121,3,6,15,119,252,95,44,46][PLAIN TEXT (android)][Plen Bins: 0,0,0,0,0,0,0,0,8,91,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 18 TCP 192.168.2.16:36834 <-> 173.194.79.114:80 [proto: 7.46/HTTP.DataSaver][cat: Web/5][8 pkts/1130 bytes <-> 5 pkts/1254 bytes][Goodput ratio: 53/73][0.30 sec][Host: check.googlezip.net][bytes ratio: -0.052 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/1 41/59 105/141 31/59][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 141/251 363/524 128/223][URL: check.googlezip.net/connect][StatusCode: 200][Content-Type: text/html][User-Agent: Mozilla/5.0 (Linux; Android 9; Nokia 2.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.93 Mobile Safari/537.36][PLAIN TEXT (GET /connect HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 19 TCP 192.168.2.16:44374 <-> 172.217.22.10:443 [proto: 91.239/TLS.GoogleServices][cat: Web/5][3 pkts/723 bytes <-> 3 pkts/1624 bytes][Goodput ratio: 71/87][0.10 sec][bytes ratio: -0.384 (Download)][IAT c2s/s2c min/avg/max/stddev: 26/9 33/38 40/66 7/28][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 241/541 583/1484 242/667][Risk: ** TLS (probably) not carrying HTTPS **][Risk Score: 10][TLSv1.3][Client: android.googleapis.com][JA3C: 629b587f706aee60430ec3879c6edb66][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] + 19 TCP 192.168.2.16:44374 <-> 172.217.22.10:443 [proto: 91.239/TLS.GoogleServices][cat: Web/5][3 pkts/723 bytes <-> 3 pkts/1624 bytes][Goodput ratio: 71/87][0.10 sec][bytes ratio: -0.384 (Download)][IAT c2s/s2c min/avg/max/stddev: 26/9 33/38 40/66 7/28][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 241/541 583/1484 242/667][Risk: ** TLS (probably) not carrying HTTPS **][Risk Score: 10][TLSv1.3][Client: android.googleapis.com][JA3C: 629b587f706aee60430ec3879c6edb66][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Safari][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] 20 TCP 192.168.2.16:58338 <-> 17.253.53.201:80 [proto: 7.140/HTTP.Apple][cat: ConnectivityCheck/30][6 pkts/607 bytes <-> 5 pkts/1053 bytes][Goodput ratio: 33/68][0.16 sec][Host: captive.apple.com][bytes ratio: -0.269 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/0 25/23 42/46 15/23][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 101/211 269/781 75/285][URL: captive.apple.com/][StatusCode: 200][Content-Type: text/html][User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.32 Safari/537.36][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 21 UDP 192.168.2.1:17500 -> 192.168.2.255:17500 [proto: 121/Dropbox][cat: Cloud/13][3 pkts/1656 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][60.10 sec][PLAIN TEXT (version)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 22 TCP 192.168.2.16:36848 <-> 173.194.79.114:80 [proto: 7.46/HTTP.DataSaver][cat: Web/5][4 pkts/569 bytes <-> 3 pkts/664 bytes][Goodput ratio: 52/69][0.11 sec][Host: check.googlezip.net][bytes ratio: -0.077 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 31/1 37/36 41/72 4/36][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 142/221 363/524 127/214][URL: check.googlezip.net/connect][StatusCode: 200][Content-Type: text/html][User-Agent: Mozilla/5.0 (Linux; Android 9; Nokia 2.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.93 Mobile Safari/537.36][PLAIN TEXT (GET /connect HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 23 TCP 17.248.176.75:443 -> 192.168.2.17:50580 [proto: 91.140/TLS.Apple][cat: Web/5][8 pkts/1067 bytes -> 0 pkts/0 bytes][Goodput ratio: 50/0][18.90 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 294/0 2700/0 9727/0 3229/0][Pkt Len c2s/s2c min/avg/max/stddev: 97/0 133/0 143/0 17/0][Plen Bins: 12,12,75,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 24 TCP 17.248.176.75:443 -> 192.168.2.17:50584 [proto: 91.140/TLS.Apple][cat: Web/5][8 pkts/1067 bytes -> 0 pkts/0 bytes][Goodput ratio: 50/0][19.37 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 300/0 2767/0 9727/0 3262/0][Pkt Len c2s/s2c min/avg/max/stddev: 97/0 133/0 143/0 17/0][Plen Bins: 12,12,75,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 25 TCP 192.168.2.16:52514 <-> 172.217.20.74:443 [proto: 91.239/TLS.GoogleServices][cat: Web/5][3 pkts/723 bytes <-> 1 pkts/74 bytes][Goodput ratio: 71/0][0.27 sec][ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][TLSv1.2][Client: semanticlocation-pa.googleapis.com][JA3C: 33490b1d5377580b19f7f9b5849d7991][Chrome][PLAIN TEXT (semanticlocation)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 25 TCP 192.168.2.16:52514 <-> 172.217.20.74:443 [proto: 91.239/TLS.GoogleServices][cat: Web/5][3 pkts/723 bytes <-> 1 pkts/74 bytes][Goodput ratio: 71/0][0.27 sec][ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][TLSv1.2][Client: semanticlocation-pa.googleapis.com][JA3C: 33490b1d5377580b19f7f9b5849d7991][Safari][PLAIN TEXT (semanticlocation)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 26 UDP 192.168.2.1:67 -> 192.168.2.16:68 [proto: 18/DHCP][cat: Network/14][2 pkts/684 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][0.13 sec][PLAIN TEXT (iMac.local)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 27 TCP 17.248.185.10:443 -> 192.168.2.17:50702 [proto: 91.140/TLS.Apple][cat: Web/5][7 pkts/648 bytes -> 0 pkts/0 bytes][Goodput ratio: 29/0][13.42 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 427/0 2236/0 6975/0 2385/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 93/0 97/0 11/0][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 28 UDP 192.168.2.16:52953 <-> 192.168.2.1:53 [proto: 5.140/DNS.Apple][cat: ConnectivityCheck/30][1 pkts/77 bytes <-> 1 pkts/221 bytes][Goodput ratio: 45/81][0.04 sec][Host: captive.apple.com][17.253.53.201][PLAIN TEXT (captive)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/anyconnect-vpn.pcap.out b/tests/result/anyconnect-vpn.pcap.out index 586a74271..703331df5 100644 --- a/tests/result/anyconnect-vpn.pcap.out +++ b/tests/result/anyconnect-vpn.pcap.out @@ -26,7 +26,7 @@ JA3 Host Stats: 3 TCP 10.0.0.227:56919 <-> 8.37.102.91:443 [proto: 91/TLS][cat: Web/5][28 pkts/9088 bytes <-> 26 pkts/16944 bytes][Goodput ratio: 80/90][23.14 sec][ALPN: http/1.1][bytes ratio: -0.302 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1048/487 11570/9008 2987/2009][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 325/652 1514/1514 494/646][Risk: ** Weak TLS cipher **** SNI TLS extension was missing **][Risk Score: 100][TLSv1.2][JA3C: 9f1a41f932f274fe47a992310a26a23a][ServerNames: *.pandion.viasat.com,pandion.viasat.com][JA3S: 82f0d8a75fa483d1cfe4b7085b784d7e (WEAK)][Issuer: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K][Subject: C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com][Certificate SHA-1: 92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA][Firefox][Validity: 2019-02-05 21:43:58 - 2021-02-05 22:13:57][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,12,4,0,0,4,0,0,0,8,0,0,0,0,0,0,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,8,4,0,0,0,4,0,4,0,16,0,25,0,0] 4 TCP 10.0.0.227:56921 <-> 8.37.96.194:4287 [proto: 91/TLS][cat: Web/5][29 pkts/5373 bytes <-> 28 pkts/7580 bytes][Goodput ratio: 64/75][2.30 sec][bytes ratio: -0.170 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 91/63 593/619 145/135][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 185/271 1261/1434 259/387][Risk: ** Self-signed Certificate **** TLS (probably) not carrying HTTPS **** SNI TLS extension was missing **][Risk Score: 110][TLSv1.2][JA3C: e3adec914f3893f18136762f1c0d7d81][JA3S: e54965894d6b45ecb4323c7ea3d6c115][Issuer: CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US][Subject: CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US][Certificate SHA-1: 86:2A:47:EF:00:68:79:60:7F:94:E2:91:6F:E0:38:82:37:8A:8E:2E][Firefox][Validity: 2019-08-29 00:12:40 - 2019-10-08 00:12:40][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,44,3,3,3,3,3,0,3,3,3,0,3,7,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,3,0,3,0,0,0,0,0] 5 TCP 10.0.0.227:56918 <-> 8.37.102.91:443 [proto: 91/TLS][cat: Web/5][16 pkts/2739 bytes <-> 14 pkts/7315 bytes][Goodput ratio: 61/87][0.35 sec][ALPN: http/1.1][bytes ratio: -0.455 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 23/26 48/88 21/29][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 171/522 1175/1514 274/624][Risk: ** Weak TLS cipher **** SNI TLS extension was missing **][Risk Score: 100][TLSv1.2][JA3C: 9f1a41f932f274fe47a992310a26a23a][ServerNames: *.pandion.viasat.com,pandion.viasat.com][JA3S: 82f0d8a75fa483d1cfe4b7085b784d7e (WEAK)][Issuer: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K][Subject: C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com][Certificate SHA-1: 92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA][Firefox][Validity: 2019-02-05 21:43:58 - 2021-02-05 22:13:57][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,16,8,0,0,8,0,8,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,8,0,25,0,0] - 6 TCP 10.0.0.227:56920 <-> 99.86.34.156:443 [proto: 91.118/TLS.Slack][cat: Collaborative/15][16 pkts/2949 bytes <-> 11 pkts/1876 bytes][Goodput ratio: 64/61][11.47 sec][ALPN: h2;http/1.1][bytes ratio: 0.222 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 866/28 11074/80 2947/34][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 184/171 853/487 228/155][TLSv1.2][Client: slack.com][JA3C: d8dc5f8940df366b3a58b935569143e8][JA3S: 7bee5c1d424b7e5f943b06983bb11422][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,34,16,0,8,0,0,0,0,0,0,0,8,16,0,0,8,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 6 TCP 10.0.0.227:56920 <-> 99.86.34.156:443 [proto: 91.118/TLS.Slack][cat: Collaborative/15][16 pkts/2949 bytes <-> 11 pkts/1876 bytes][Goodput ratio: 64/61][11.47 sec][ALPN: h2;http/1.1][bytes ratio: 0.222 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 866/28 11074/80 2947/34][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 184/171 853/487 228/155][TLSv1.2][Client: slack.com][JA3C: d8dc5f8940df366b3a58b935569143e8][JA3S: 7bee5c1d424b7e5f943b06983bb11422][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,34,16,0,8,0,0,0,0,0,0,0,8,16,0,0,8,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 7 TCP 10.0.0.227:56884 <-> 184.25.56.77:80 [proto: 7/HTTP][cat: ConnectivityCheck/30][12 pkts/2303 bytes <-> 7 pkts/2382 bytes][Goodput ratio: 67/81][18.51 sec][Host: detectportal.firefox.com][bytes ratio: -0.017 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 7/31 1824/3642 10081/10083 3593/4385][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 192/340 373/450 153/173][URL: detectportal.firefox.com/success.txt?ipv4][StatusCode: 200][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko/20100101 Firefox/69.0][PLAIN TEXT (GET /success.txt)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 8 TCP 10.0.0.227:56320 <-> 10.0.0.149:8009 [proto: 161/CiscoVPN][cat: VPN/2][20 pkts/2420 bytes <-> 10 pkts/1760 bytes][Goodput ratio: 45/62][45.04 sec][bytes ratio: 0.158 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2/5003 2648/5004 5001/5006 2495/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/176 121/176 176/176 55/0][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 9 ICMPV6 [fe80::2e7e:81ff:feb0:4aa1]:0 -> [ff02::1]:0 [proto: 102/ICMPV6][cat: Network/14][16 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 64/0][45.47 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2867/0 3028/0 3072/0 84/0][Pkt Len c2s/s2c min/avg/max/stddev: 174/0 174/0 174/0 0/0][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/iphone.pcap.out b/tests/result/iphone.pcap.out index f9bf23da5..1341dde0c 100644 --- a/tests/result/iphone.pcap.out +++ b/tests/result/iphone.pcap.out @@ -16,20 +16,20 @@ JA3 Host Stats: 1 192.168.2.17 2 - 1 TCP 192.168.2.17:50581 <-> 17.248.185.87:443 [proto: 91.143/TLS.AppleiCloud][cat: Web/5][56 pkts/68759 bytes <-> 21 pkts/9571 bytes][Goodput ratio: 95/85][2.03 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.756 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 34/111 655/803 103/219][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1228/456 1506/1506 541/618][TLSv1.2][Client: p26-keyvalueservice.icloud.com][JA3C: 6fa3244afc6bb6f9fad207b6b52af26b][ServerNames: p62-keyvalueservice.icloud.com,p41-keyvalueservice.icloud.com,p97-keyvalueservice.icloud.com,p28-keyvalueservice.icloud.com,p32-keyvalueservice.icloud.com,p56-keyvalueservice.icloud.com,p33-keyvalueservice.icloud.com,p37-keyvalueservice.icloud.com,p67-keyvalueservice.icloud.com,p70-keyvalueservice.icloud.com,p63-keyvalueservice.icloud.com,p07-keyvalueservice.icloud.com,p52-keyvalueservice.icloud.com,p18-keyvalueservice.icloud.com,p21-keyvalueservice.icloud.com,p17-keyvalueservice.icloud.com,p36-keyvalueservice.icloud.com,p19-keyvalueservice.icloud.com,p26-keyvalueservice.icloud.com,p55-keyvalueservice.icloud.com,p06-keyvalueservice.icloud.com,p23-keyvalueservice.icloud.com,p65-keyvalueservice.icloud.com,p58-keyvalueservice.icloud.com,p35-keyvalueservice.icloud.com,p42-keyvalueservice.icloud.com,p12-keyvalueservice.icloud.com,p15-keyvalueservice.icloud.com,p16-keyvalueservice.icloud.com,p29-keyvalueservice.icloud.com,p39-keyvalueservice.icloud.com,p71-keyvalueservice.icloud.com,p22-keyvalueservice.icloud.com,p40-keyvalueservice.icloud.com,p11-keyvalueservice.icloud.com,p66-keyvalueservice.icloud.com,p68-keyvalueservice.icloud.com,p201-keyvalueservice.icloud.com,p10-keyvalueservice.icloud.com,p61-keyvalueservice.icloud.com,p30-keyvalueservice.icloud.com,p01-keyvalueservice.icloud.com,p14-keyvalueservice.icloud.com,p50-keyvalueservice.icloud.com,p31-keyvalueservice.icloud.com,p47-keyvalueservice.icloud.com,p48-keyvalueservice.icloud.com,p20-keyvalueservice.icloud.com,p51-keyvalueservice.icloud.com,p27-keyvalueservice.icloud.com,p49-keyvalueservice.icloud.com,p03-keyvalueservice.icloud.com,p24-keyvalueservice.icloud.com,p25-keyvalueservice.icloud.com,p08-keyvalueservice.icloud.com,p13-keyvalueservice.icloud.com,p04-keyvalueservice.icloud.com,p05-keyvalueservice.icloud.com,p02-keyvalueservice.icloud.com,p09-keyvalueservice.icloud.com,p57-keyvalueservice.icloud.com,p59-keyvalueservice.icloud.com,p64-keyvalueservice.icloud.com,p38-keyvalueservice.icloud.com,p54-keyvalueservice.icloud.com,p72-keyvalueservice.icloud.com,keyvalueservice.icloud.com,p69-keyvalueservice.icloud.com,p43-keyvalueservice.icloud.com,p45-keyvalueservice.icloud.com,p202-keyvalueservice.icloud.com,p98-keyvalueservice.icloud.com,p34-keyvalueservice.icloud.com,p44-keyvalueservice.icloud.com,p46-keyvalueservice.icloud.com,p53-keyvalueservice.icloud.com,p60-keyvalueservice.icloud.com][JA3S: 1e60202b4001a190621caa963fb76697][Issuer: CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=keyvalueservice.icloud.com, O=Apple Inc., ST=California, C=US][Certificate SHA-1: D8:84:3B:15:06:49:1C:72:C4:05:C0:F0:82:3B:43:4A:D1:8F:D5:9F][Validity: 2019-12-09 19:35:05 - 2021-01-07 19:45:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,1,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,3,0,0,0,0,0,0,0,0,0,1,90,0,0] - 2 TCP 192.168.2.17:50575 <-> 17.248.185.140:443 [proto: 91.143/TLS.AppleiCloud][cat: Web/5][13 pkts/3193 bytes <-> 12 pkts/11035 bytes][Goodput ratio: 73/93][0.81 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.551 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 49/63 154/164 68/71][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 246/920 1224/1506 340/643][TLSv1.2][Client: p26-fmfmobile.icloud.com][JA3C: 6fa3244afc6bb6f9fad207b6b52af26b][ServerNames: p67-fmfmobile.icloud.com,p48-fmfmobile.icloud.com,p53-fmfmobile.icloud.com,p34-fmfmobile.icloud.com,p72-fmfmobile.icloud.com,fmfmobile.icloud.com,p08-fmfmobile.icloud.com,p12-fmfmobile.icloud.com,p02-fmfmobile.icloud.com,p29-fmfmobile.icloud.com,p52-fmfmobile.icloud.com,p26-fmfmobile.icloud.com,p06-fmfmobile.icloud.com,p97-fmfmobile.icloud.com,p41-fmfmobile.icloud.com,p40-fmfmobile.icloud.com,p18-fmfmobile.icloud.com,p55-fmfmobile.icloud.com,p70-fmfmobile.icloud.com,p32-fmfmobile.icloud.com,p69-fmfmobile.icloud.com,p17-fmfmobile.icloud.com,p13-fmfmobile.icloud.com,p38-fmfmobile.icloud.com,p11-fmfmobile.icloud.com,p21-fmfmobile.icloud.com,p27-fmfmobile.icloud.com,p42-fmfmobile.icloud.com,p37-fmfmobile.icloud.com,p56-fmfmobile.icloud.com,p50-fmfmobile.icloud.com,p58-fmfmobile.icloud.com,p39-fmfmobile.icloud.com,p45-fmfmobile.icloud.com,p49-fmfmobile.icloud.com,p68-fmfmobile.icloud.com,p10-fmfmobile.icloud.com,p22-fmfmobile.icloud.com,p07-fmfmobile.icloud.com,p25-fmfmobile.icloud.com,p20-fmfmobile.icloud.com,p71-fmfmobile.icloud.com,p05-fmfmobile.icloud.com,p98-fmfmobile.icloud.com,p66-fmfmobile.icloud.com,p15-fmfmobile.icloud.com,p16-fmfmobile.icloud.com,p44-fmfmobile.icloud.com,p04-fmfmobile.icloud.com,p09-fmfmobile.icloud.com,p23-fmfmobile.icloud.com,p61-fmfmobile.icloud.com,p30-fmfmobile.icloud.com,p46-fmfmobile.icloud.com,p60-fmfmobile.icloud.com,p43-fmfmobile.icloud.com,p57-fmfmobile.icloud.com,p14-fmfmobile.icloud.com,p03-fmfmobile.icloud.com,p36-fmfmobile.icloud.com,p64-fmfmobile.icloud.com,p28-fmfmobile.icloud.com,p24-fmfmobile.icloud.com,p202-fmfmobile.icloud.com,p01-fmfmobile.icloud.com,p62-fmfmobile.icloud.com,p47-fmfmobile.icloud.com,p35-fmfmobile.icloud.com,p65-fmfmobile.icloud.com,p31-fmfmobile.icloud.com,p63-fmfmobile.icloud.com,p19-fmfmobile.icloud.com,p33-fmfmobile.icloud.com,p51-fmfmobile.icloud.com,p54-fmfmobile.icloud.com,p59-fmfmobile.icloud.com,p201-fmfmobile.icloud.com][JA3S: 1e60202b4001a190621caa963fb76697][Issuer: CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=fmfmobile.icloud.com, O=Apple Inc., ST=California, C=US][Certificate SHA-1: FF:C3:9F:1A:A1:3C:D2:3C:06:96:EC:49:B4:97:A9:D3:DA:05:A3:E2][Validity: 2019-12-09 19:44:02 - 2021-01-07 19:54:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,7,7,7,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,48,0,0] - 3 TCP 192.168.2.17:50580 <-> 17.248.176.75:443 [proto: 91.143/TLS.AppleiCloud][cat: Web/5][25 pkts/5755 bytes <-> 20 pkts/8110 bytes][Goodput ratio: 71/84][2.03 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.170 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 86/55 651/521 172/132][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 230/406 1128/1506 292/508][TLSv1.2][Client: gateway.icloud.com][JA3C: 6fa3244afc6bb6f9fad207b6b52af26b][ServerNames: gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com][JA3S: 1e60202b4001a190621caa963fb76697][Issuer: CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US][Certificate SHA-1: D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE][Validity: 2019-10-08 18:46:14 - 2020-11-06 18:56:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,32,8,0,8,4,0,0,0,0,0,8,0,0,0,0,8,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,12,0,0] - 4 TCP 192.168.2.17:50587 <-> 92.123.77.26:443 [proto: 91.145/TLS.AppleiTunes][cat: Streaming/17][19 pkts/4724 bytes <-> 15 pkts/7108 bytes][Goodput ratio: 73/86][0.49 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.201 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/17 146/147 52/42][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 249/474 1506/1506 367/538][TLSv1.3][Client: play.itunes.apple.com][JA3C: 6fa3244afc6bb6f9fad207b6b52af26b][JA3S: 15af977ce25de452b96affa2addb1036][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 5,23,11,0,0,0,0,0,11,0,0,0,5,0,0,5,5,0,0,0,0,0,0,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,16,0,0] - 5 TCP 192.168.2.17:50588 <-> 95.101.24.53:443 [proto: 91.145/TLS.AppleiTunes][cat: Streaming/17][16 pkts/3753 bytes <-> 12 pkts/7714 bytes][Goodput ratio: 72/90][0.17 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.345 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/10 37/56 15/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 235/643 1506/1506 366/607][TLSv1.3][Client: sync.itunes.apple.com][JA3C: 6fa3244afc6bb6f9fad207b6b52af26b][JA3S: 15af977ce25de452b96affa2addb1036][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 6,18,12,0,0,0,0,0,12,0,0,0,0,0,0,6,6,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,25,0,0] - 6 TCP 192.168.2.17:50576 <-> 95.101.25.53:443 [proto: 91.140/TLS.Apple][cat: Web/5][15 pkts/2056 bytes <-> 12 pkts/8828 bytes][Goodput ratio: 49/91][0.38 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.622 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/22 36/80 13/32][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 137/736 583/1506 158/574][TLSv1.3][Client: gspe35-ssl.ls.apple.com][JA3C: 55271a105172d5f225e4704755b9b250][JA3S: 15af977ce25de452b96affa2addb1036][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,7,0,0,0,7,0,31,0,0,0,0,7,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,15,0,0,0,0,15,0,0] - 7 TCP 192.168.2.17:50584 <-> 17.248.176.75:443 [proto: 91.143/TLS.AppleiCloud][cat: Web/5][18 pkts/3421 bytes <-> 14 pkts/6608 bytes][Goodput ratio: 65/86][1.06 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.318 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 37/19 167/155 58/46][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 190/472 1084/1506 257/577][TLSv1.2][Client: gateway.icloud.com][JA3C: 6fa3244afc6bb6f9fad207b6b52af26b][ServerNames: gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com][JA3S: 1e60202b4001a190621caa963fb76697][Issuer: CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US][Certificate SHA-1: D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE][Validity: 2019-10-08 18:46:14 - 2020-11-06 18:56:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,43,11,0,0,0,0,0,0,0,0,0,5,0,0,0,11,0,0,0,0,5,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0] - 8 TCP 192.168.2.17:50586 <-> 17.248.176.75:443 [proto: 91.143/TLS.AppleiCloud][cat: Web/5][17 pkts/3443 bytes <-> 13 pkts/6470 bytes][Goodput ratio: 67/87][0.54 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.305 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 38/20 162/160 58/48][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 203/498 1084/1506 268/585][TLSv1.2][Client: gateway.icloud.com][JA3C: 6fa3244afc6bb6f9fad207b6b52af26b][ServerNames: gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com][JA3S: 1e60202b4001a190621caa963fb76697][Issuer: CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US][Certificate SHA-1: D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE][Validity: 2019-10-08 18:46:14 - 2020-11-06 18:56:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,43,11,0,0,0,0,0,0,0,0,0,0,0,5,0,11,0,0,5,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0] - 9 TCP 192.168.2.17:50583 <-> 104.73.61.30:443 [proto: 91.140/TLS.Apple][cat: Web/5][7 pkts/1003 bytes <-> 7 pkts/6968 bytes][Goodput ratio: 51/93][0.19 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.748 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 38/9 123/46 46/18][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 143/995 583/1506 180/593][TLSv1.3][Client: cl4.apple.com][JA3C: 6fa3244afc6bb6f9fad207b6b52af26b][JA3S: 15af977ce25de452b96affa2addb1036][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,16,0,0,0,0,0,0,33,0,0] - 10 TCP 192.168.2.17:50579 <-> 17.253.105.202:443 [proto: 91.140/TLS.Apple][cat: Web/5][12 pkts/1803 bytes <-> 8 pkts/5395 bytes][Goodput ratio: 55/90][2.30 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.499 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 217/22 1961/130 583/48][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 150/674 583/1506 169/571][TLSv1.3][Client: mesu.apple.com][JA3C: 6fa3244afc6bb6f9fad207b6b52af26b][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 10,0,10,0,0,0,0,0,20,0,10,0,10,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,20,0,0] - 11 TCP 192.168.2.17:50578 <-> 17.253.105.202:443 [proto: 91.140/TLS.Apple][cat: Web/5][12 pkts/1781 bytes <-> 8 pkts/5395 bytes][Goodput ratio: 55/90][2.30 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.504 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 227/22 1825/131 537/49][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 148/674 583/1506 166/571][TLSv1.3][Client: mesu.apple.com][JA3C: 6fa3244afc6bb6f9fad207b6b52af26b][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 10,0,10,0,0,0,0,0,20,0,10,10,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,20,0,0] - 12 TCP 192.168.2.17:50582 <-> 92.122.252.82:443 [proto: 91.140/TLS.Apple][cat: Web/5][6 pkts/925 bytes <-> 6 pkts/5702 bytes][Goodput ratio: 56/93][0.17 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.721 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 42/25 122/123 49/49][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 154/950 583/1506 192/630][TLSv1.3][Client: iphone-ld.apple.com][JA3C: 6fa3244afc6bb6f9fad207b6b52af26b][JA3S: 15af977ce25de452b96affa2addb1036][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,20,0,0,0,0,0,0,40,0,0] - 13 TCP 192.168.2.17:50577 <-> 17.130.2.46:443 [proto: 91.140/TLS.Apple][cat: Web/5][10 pkts/1721 bytes <-> 8 pkts/4801 bytes][Goodput ratio: 61/89][0.67 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.472 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 81/52 171/161 80/73][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 172/600 583/1506 165/572][TLSv1.2][Client: gsp85-ssl.ls.apple.com][JA3C: 55271a105172d5f225e4704755b9b250][ServerNames: *.ls.apple.com][JA3S: 4ef1b297bb817d8212165a86308bac5f][Issuer: CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=*.ls.apple.com, OU=management:idms.group.576486, O=Apple Inc., ST=California, C=US][Certificate SHA-1: E4:85:25:4C:99:F8:FB:66:49:4B:80:64:5E:63:2A:75:9B:8F:C3:51][Validity: 2019-03-15 23:17:29 - 2021-04-13 23:17:29][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,11,0,11,0,0,0,11,11,0,0,11,0,0,0,11,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0] - 14 TCP 192.168.2.17:50585 <-> 17.137.166.35:443 [proto: 91.140/TLS.Apple][cat: Web/5][6 pkts/1051 bytes <-> 6 pkts/4246 bytes][Goodput ratio: 61/90][1.05 sec][ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.603 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 132/52 322/206 138/89][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 175/708 583/1506 188/647][TLSv1.2][Client: gsa.apple.com][JA3C: 6fa3244afc6bb6f9fad207b6b52af26b][ServerNames: gsas.apple.com,gsa.apple.com][JA3S: c4b2785a87896e19d37eee932070cb22][Issuer: CN=Apple Server Authentication CA, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=gsa.apple.com, O=Apple Inc., ST=California, C=US][Certificate SHA-1: D4:EF:5E:AD:7F:D5:13:5B:9F:B2:B9:84:19:75:BB:ED:53:FB:18:D6][Validity: 2019-03-07 00:55:40 - 2020-04-05 00:55:40][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0] + 1 TCP 192.168.2.17:50581 <-> 17.248.185.87:443 [proto: 91.143/TLS.AppleiCloud][cat: Web/5][56 pkts/68759 bytes <-> 21 pkts/9571 bytes][Goodput ratio: 95/85][2.03 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.756 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 34/111 655/803 103/219][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1228/456 1506/1506 541/618][TLSv1.2][Client: p26-keyvalueservice.icloud.com][JA3C: 6fa3244afc6bb6f9fad207b6b52af26b][ServerNames: p62-keyvalueservice.icloud.com,p41-keyvalueservice.icloud.com,p97-keyvalueservice.icloud.com,p28-keyvalueservice.icloud.com,p32-keyvalueservice.icloud.com,p56-keyvalueservice.icloud.com,p33-keyvalueservice.icloud.com,p37-keyvalueservice.icloud.com,p67-keyvalueservice.icloud.com,p70-keyvalueservice.icloud.com,p63-keyvalueservice.icloud.com,p07-keyvalueservice.icloud.com,p52-keyvalueservice.icloud.com,p18-keyvalueservice.icloud.com,p21-keyvalueservice.icloud.com,p17-keyvalueservice.icloud.com,p36-keyvalueservice.icloud.com,p19-keyvalueservice.icloud.com,p26-keyvalueservice.icloud.com,p55-keyvalueservice.icloud.com,p06-keyvalueservice.icloud.com,p23-keyvalueservice.icloud.com,p65-keyvalueservice.icloud.com,p58-keyvalueservice.icloud.com,p35-keyvalueservice.icloud.com,p42-keyvalueservice.icloud.com,p12-keyvalueservice.icloud.com,p15-keyvalueservice.icloud.com,p16-keyvalueservice.icloud.com,p29-keyvalueservice.icloud.com,p39-keyvalueservice.icloud.com,p71-keyvalueservice.icloud.com,p22-keyvalueservice.icloud.com,p40-keyvalueservice.icloud.com,p11-keyvalueservice.icloud.com,p66-keyvalueservice.icloud.com,p68-keyvalueservice.icloud.com,p201-keyvalueservice.icloud.com,p10-keyvalueservice.icloud.com,p61-keyvalueservice.icloud.com,p30-keyvalueservice.icloud.com,p01-keyvalueservice.icloud.com,p14-keyvalueservice.icloud.com,p50-keyvalueservice.icloud.com,p31-keyvalueservice.icloud.com,p47-keyvalueservice.icloud.com,p48-keyvalueservice.icloud.com,p20-keyvalueservice.icloud.com,p51-keyvalueservice.icloud.com,p27-keyvalueservice.icloud.com,p49-keyvalueservice.icloud.com,p03-keyvalueservice.icloud.com,p24-keyvalueservice.icloud.com,p25-keyvalueservice.icloud.com,p08-keyvalueservice.icloud.com,p13-keyvalueservice.icloud.com,p04-keyvalueservice.icloud.com,p05-keyvalueservice.icloud.com,p02-keyvalueservice.icloud.com,p09-keyvalueservice.icloud.com,p57-keyvalueservice.icloud.com,p59-keyvalueservice.icloud.com,p64-keyvalueservice.icloud.com,p38-keyvalueservice.icloud.com,p54-keyvalueservice.icloud.com,p72-keyvalueservice.icloud.com,keyvalueservice.icloud.com,p69-keyvalueservice.icloud.com,p43-keyvalueservice.icloud.com,p45-keyvalueservice.icloud.com,p202-keyvalueservice.icloud.com,p98-keyvalueservice.icloud.com,p34-keyvalueservice.icloud.com,p44-keyvalueservice.icloud.com,p46-keyvalueservice.icloud.com,p53-keyvalueservice.icloud.com,p60-keyvalueservice.icloud.com][JA3S: 1e60202b4001a190621caa963fb76697][Issuer: CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=keyvalueservice.icloud.com, O=Apple Inc., ST=California, C=US][Certificate SHA-1: D8:84:3B:15:06:49:1C:72:C4:05:C0:F0:82:3B:43:4A:D1:8F:D5:9F][Safari][Validity: 2019-12-09 19:35:05 - 2021-01-07 19:45:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,1,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,3,0,0,0,0,0,0,0,0,0,1,90,0,0] + 2 TCP 192.168.2.17:50575 <-> 17.248.185.140:443 [proto: 91.143/TLS.AppleiCloud][cat: Web/5][13 pkts/3193 bytes <-> 12 pkts/11035 bytes][Goodput ratio: 73/93][0.81 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.551 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 49/63 154/164 68/71][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 246/920 1224/1506 340/643][TLSv1.2][Client: p26-fmfmobile.icloud.com][JA3C: 6fa3244afc6bb6f9fad207b6b52af26b][ServerNames: p67-fmfmobile.icloud.com,p48-fmfmobile.icloud.com,p53-fmfmobile.icloud.com,p34-fmfmobile.icloud.com,p72-fmfmobile.icloud.com,fmfmobile.icloud.com,p08-fmfmobile.icloud.com,p12-fmfmobile.icloud.com,p02-fmfmobile.icloud.com,p29-fmfmobile.icloud.com,p52-fmfmobile.icloud.com,p26-fmfmobile.icloud.com,p06-fmfmobile.icloud.com,p97-fmfmobile.icloud.com,p41-fmfmobile.icloud.com,p40-fmfmobile.icloud.com,p18-fmfmobile.icloud.com,p55-fmfmobile.icloud.com,p70-fmfmobile.icloud.com,p32-fmfmobile.icloud.com,p69-fmfmobile.icloud.com,p17-fmfmobile.icloud.com,p13-fmfmobile.icloud.com,p38-fmfmobile.icloud.com,p11-fmfmobile.icloud.com,p21-fmfmobile.icloud.com,p27-fmfmobile.icloud.com,p42-fmfmobile.icloud.com,p37-fmfmobile.icloud.com,p56-fmfmobile.icloud.com,p50-fmfmobile.icloud.com,p58-fmfmobile.icloud.com,p39-fmfmobile.icloud.com,p45-fmfmobile.icloud.com,p49-fmfmobile.icloud.com,p68-fmfmobile.icloud.com,p10-fmfmobile.icloud.com,p22-fmfmobile.icloud.com,p07-fmfmobile.icloud.com,p25-fmfmobile.icloud.com,p20-fmfmobile.icloud.com,p71-fmfmobile.icloud.com,p05-fmfmobile.icloud.com,p98-fmfmobile.icloud.com,p66-fmfmobile.icloud.com,p15-fmfmobile.icloud.com,p16-fmfmobile.icloud.com,p44-fmfmobile.icloud.com,p04-fmfmobile.icloud.com,p09-fmfmobile.icloud.com,p23-fmfmobile.icloud.com,p61-fmfmobile.icloud.com,p30-fmfmobile.icloud.com,p46-fmfmobile.icloud.com,p60-fmfmobile.icloud.com,p43-fmfmobile.icloud.com,p57-fmfmobile.icloud.com,p14-fmfmobile.icloud.com,p03-fmfmobile.icloud.com,p36-fmfmobile.icloud.com,p64-fmfmobile.icloud.com,p28-fmfmobile.icloud.com,p24-fmfmobile.icloud.com,p202-fmfmobile.icloud.com,p01-fmfmobile.icloud.com,p62-fmfmobile.icloud.com,p47-fmfmobile.icloud.com,p35-fmfmobile.icloud.com,p65-fmfmobile.icloud.com,p31-fmfmobile.icloud.com,p63-fmfmobile.icloud.com,p19-fmfmobile.icloud.com,p33-fmfmobile.icloud.com,p51-fmfmobile.icloud.com,p54-fmfmobile.icloud.com,p59-fmfmobile.icloud.com,p201-fmfmobile.icloud.com][JA3S: 1e60202b4001a190621caa963fb76697][Issuer: CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=fmfmobile.icloud.com, O=Apple Inc., ST=California, C=US][Certificate SHA-1: FF:C3:9F:1A:A1:3C:D2:3C:06:96:EC:49:B4:97:A9:D3:DA:05:A3:E2][Safari][Validity: 2019-12-09 19:44:02 - 2021-01-07 19:54:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,7,7,7,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,48,0,0] + 3 TCP 192.168.2.17:50580 <-> 17.248.176.75:443 [proto: 91.143/TLS.AppleiCloud][cat: Web/5][25 pkts/5755 bytes <-> 20 pkts/8110 bytes][Goodput ratio: 71/84][2.03 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.170 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 86/55 651/521 172/132][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 230/406 1128/1506 292/508][TLSv1.2][Client: gateway.icloud.com][JA3C: 6fa3244afc6bb6f9fad207b6b52af26b][ServerNames: gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com][JA3S: 1e60202b4001a190621caa963fb76697][Issuer: CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US][Certificate SHA-1: D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE][Safari][Validity: 2019-10-08 18:46:14 - 2020-11-06 18:56:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,32,8,0,8,4,0,0,0,0,0,8,0,0,0,0,8,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,12,0,0] + 4 TCP 192.168.2.17:50587 <-> 92.123.77.26:443 [proto: 91.145/TLS.AppleiTunes][cat: Streaming/17][19 pkts/4724 bytes <-> 15 pkts/7108 bytes][Goodput ratio: 73/86][0.49 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.201 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/17 146/147 52/42][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 249/474 1506/1506 367/538][TLSv1.3][Client: play.itunes.apple.com][JA3C: 6fa3244afc6bb6f9fad207b6b52af26b][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 5,23,11,0,0,0,0,0,11,0,0,0,5,0,0,5,5,0,0,0,0,0,0,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,16,0,0] + 5 TCP 192.168.2.17:50588 <-> 95.101.24.53:443 [proto: 91.145/TLS.AppleiTunes][cat: Streaming/17][16 pkts/3753 bytes <-> 12 pkts/7714 bytes][Goodput ratio: 72/90][0.17 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.345 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/10 37/56 15/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 235/643 1506/1506 366/607][TLSv1.3][Client: sync.itunes.apple.com][JA3C: 6fa3244afc6bb6f9fad207b6b52af26b][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 6,18,12,0,0,0,0,0,12,0,0,0,0,0,0,6,6,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,25,0,0] + 6 TCP 192.168.2.17:50576 <-> 95.101.25.53:443 [proto: 91.140/TLS.Apple][cat: Web/5][15 pkts/2056 bytes <-> 12 pkts/8828 bytes][Goodput ratio: 49/91][0.38 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.622 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/22 36/80 13/32][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 137/736 583/1506 158/574][TLSv1.3][Client: gspe35-ssl.ls.apple.com][JA3C: 55271a105172d5f225e4704755b9b250][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,7,0,0,0,7,0,31,0,0,0,0,7,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,15,0,0,0,0,15,0,0] + 7 TCP 192.168.2.17:50584 <-> 17.248.176.75:443 [proto: 91.143/TLS.AppleiCloud][cat: Web/5][18 pkts/3421 bytes <-> 14 pkts/6608 bytes][Goodput ratio: 65/86][1.06 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.318 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 37/19 167/155 58/46][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 190/472 1084/1506 257/577][TLSv1.2][Client: gateway.icloud.com][JA3C: 6fa3244afc6bb6f9fad207b6b52af26b][ServerNames: gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com][JA3S: 1e60202b4001a190621caa963fb76697][Issuer: CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US][Certificate SHA-1: D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE][Safari][Validity: 2019-10-08 18:46:14 - 2020-11-06 18:56:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,43,11,0,0,0,0,0,0,0,0,0,5,0,0,0,11,0,0,0,0,5,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0] + 8 TCP 192.168.2.17:50586 <-> 17.248.176.75:443 [proto: 91.143/TLS.AppleiCloud][cat: Web/5][17 pkts/3443 bytes <-> 13 pkts/6470 bytes][Goodput ratio: 67/87][0.54 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.305 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 38/20 162/160 58/48][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 203/498 1084/1506 268/585][TLSv1.2][Client: gateway.icloud.com][JA3C: 6fa3244afc6bb6f9fad207b6b52af26b][ServerNames: gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com][JA3S: 1e60202b4001a190621caa963fb76697][Issuer: CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US][Certificate SHA-1: D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE][Safari][Validity: 2019-10-08 18:46:14 - 2020-11-06 18:56:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,43,11,0,0,0,0,0,0,0,0,0,0,0,5,0,11,0,0,5,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0] + 9 TCP 192.168.2.17:50583 <-> 104.73.61.30:443 [proto: 91.140/TLS.Apple][cat: Web/5][7 pkts/1003 bytes <-> 7 pkts/6968 bytes][Goodput ratio: 51/93][0.19 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.748 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 38/9 123/46 46/18][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 143/995 583/1506 180/593][TLSv1.3][Client: cl4.apple.com][JA3C: 6fa3244afc6bb6f9fad207b6b52af26b][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,16,0,0,0,0,0,0,33,0,0] + 10 TCP 192.168.2.17:50579 <-> 17.253.105.202:443 [proto: 91.140/TLS.Apple][cat: Web/5][12 pkts/1803 bytes <-> 8 pkts/5395 bytes][Goodput ratio: 55/90][2.30 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.499 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 217/22 1961/130 583/48][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 150/674 583/1506 169/571][TLSv1.3][Client: mesu.apple.com][JA3C: 6fa3244afc6bb6f9fad207b6b52af26b][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Safari][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 10,0,10,0,0,0,0,0,20,0,10,0,10,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,20,0,0] + 11 TCP 192.168.2.17:50578 <-> 17.253.105.202:443 [proto: 91.140/TLS.Apple][cat: Web/5][12 pkts/1781 bytes <-> 8 pkts/5395 bytes][Goodput ratio: 55/90][2.30 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.504 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 227/22 1825/131 537/49][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 148/674 583/1506 166/571][TLSv1.3][Client: mesu.apple.com][JA3C: 6fa3244afc6bb6f9fad207b6b52af26b][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Safari][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 10,0,10,0,0,0,0,0,20,0,10,10,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,20,0,0] + 12 TCP 192.168.2.17:50582 <-> 92.122.252.82:443 [proto: 91.140/TLS.Apple][cat: Web/5][6 pkts/925 bytes <-> 6 pkts/5702 bytes][Goodput ratio: 56/93][0.17 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.721 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 42/25 122/123 49/49][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 154/950 583/1506 192/630][TLSv1.3][Client: iphone-ld.apple.com][JA3C: 6fa3244afc6bb6f9fad207b6b52af26b][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,20,0,0,0,0,0,0,40,0,0] + 13 TCP 192.168.2.17:50577 <-> 17.130.2.46:443 [proto: 91.140/TLS.Apple][cat: Web/5][10 pkts/1721 bytes <-> 8 pkts/4801 bytes][Goodput ratio: 61/89][0.67 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.472 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 81/52 171/161 80/73][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 172/600 583/1506 165/572][TLSv1.2][Client: gsp85-ssl.ls.apple.com][JA3C: 55271a105172d5f225e4704755b9b250][ServerNames: *.ls.apple.com][JA3S: 4ef1b297bb817d8212165a86308bac5f][Issuer: CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=*.ls.apple.com, OU=management:idms.group.576486, O=Apple Inc., ST=California, C=US][Certificate SHA-1: E4:85:25:4C:99:F8:FB:66:49:4B:80:64:5E:63:2A:75:9B:8F:C3:51][Safari][Validity: 2019-03-15 23:17:29 - 2021-04-13 23:17:29][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,11,0,11,0,0,0,11,11,0,0,11,0,0,0,11,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0] + 14 TCP 192.168.2.17:50585 <-> 17.137.166.35:443 [proto: 91.140/TLS.Apple][cat: Web/5][6 pkts/1051 bytes <-> 6 pkts/4246 bytes][Goodput ratio: 61/90][1.05 sec][ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.603 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 132/52 322/206 138/89][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 175/708 583/1506 188/647][TLSv1.2][Client: gsa.apple.com][JA3C: 6fa3244afc6bb6f9fad207b6b52af26b][ServerNames: gsas.apple.com,gsa.apple.com][JA3S: c4b2785a87896e19d37eee932070cb22][Issuer: CN=Apple Server Authentication CA, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=gsa.apple.com, O=Apple Inc., ST=California, C=US][Certificate SHA-1: D4:EF:5E:AD:7F:D5:13:5B:9F:B2:B9:84:19:75:BB:ED:53:FB:18:D6][Safari][Validity: 2019-03-07 00:55:40 - 2020-04-05 00:55:40][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0] 15 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][cat: Network/14][7 pkts/2394 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][43.15 sec][Host: lucas-imac][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1022/0 7191/0 8962/0 2834/0][Pkt Len c2s/s2c min/avg/max/stddev: 342/0 342/0 342/0 0/0][DHCP Fingerprint: 1,121,3,6,15,119,252,95,44,46][PLAIN TEXT (iPhone)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 16 UDP 169.254.225.216:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][4 pkts/2123 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][33.08 sec][Host: luca___s_imac._odisk._tcp.local][luca___s_imac._odisk._tcp.local][PLAIN TEXT (s iMac)][Plen Bins: 0,25,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0] 17 UDP 192.168.2.1:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][4 pkts/2094 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][33.08 sec][Host: luca___s_imac._odisk._tcp.local][luca___s_imac._odisk._tcp.local][PLAIN TEXT (s iMac)][Plen Bins: 0,25,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/signal.pcap.out b/tests/result/signal.pcap.out index 4b688d82c..0485a5986 100644 --- a/tests/result/signal.pcap.out +++ b/tests/result/signal.pcap.out @@ -11,17 +11,17 @@ JA3 Host Stats: 1 192.168.2.17 3 - 1 TCP 192.168.2.17:57027 <-> 13.35.253.42:443 [proto: 91.39/TLS.Signal][cat: Chat/9][170 pkts/206962 bytes <-> 95 pkts/9293 bytes][Goodput ratio: 95/32][0.48 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: 0.914 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/3 39/47 6/10][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1217/98 1506/1506 548/175][TLSv1.2][Client: cdn.signal.org][JA3C: 6725ca90906e1036febcbfd464e2e326][ServerNames: cdn.signal.org][JA3S: c4b2785a87896e19d37eee932070cb22][Issuer: C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure][Subject: C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=cdn.signal.org][Certificate SHA-1: 81:3D:8A:2E:EE:B2:E1:F4:1C:2B:6D:20:16:54:B2:C1:87:D0:1E:12][Validity: 2019-02-15 17:38:17 - 2029-03-12 18:19:50][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 1,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,84,0,0] - 2 TCP 192.168.2.17:57026 <-> 35.169.3.40:443 [proto: 91.39/TLS.Signal][cat: Chat/9][22 pkts/13757 bytes <-> 16 pkts/6493 bytes][Goodput ratio: 89/84][0.57 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: 0.359 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/20 112/114 35/41][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 625/406 1506/1506 629/565][TLSv1.2][Client: textsecure-service.whispersystems.org][JA3C: 6725ca90906e1036febcbfd464e2e326][ServerNames: textsecure-service.whispersystems.org,service.signal.org][JA3S: 1089ea6f0461a29006cc96dfe7a11d80][Issuer: C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure][Subject: C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org][Certificate SHA-1: 5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B][Validity: 2019-02-15 17:38:17 - 2029-03-12 18:20:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,25,8,4,0,0,0,4,0,4,0,0,0,0,0,0,4,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,4,0,0,0,37,0,0] - 3 TCP 192.168.2.17:57022 <-> 23.57.24.16:443 [proto: 91.145/TLS.AppleiTunes][cat: Streaming/17][24 pkts/2540 bytes <-> 21 pkts/12673 bytes][Goodput ratio: 38/89][0.40 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.666 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/14 124/83 35/28][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 106/603 583/1506 105/574][TLSv1.3][Client: itunes.apple.com][JA3C: 17305a56a62a10f6b0ee8edcc3b1769c][JA3S: 15af977ce25de452b96affa2addb1036][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 13,17,8,0,4,0,0,0,8,0,0,4,0,0,0,0,4,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,4,0,0,0,0,0,0,17,0,0] - 4 TCP 192.168.2.17:57018 <-> 23.57.24.16:443 [proto: 91.145/TLS.AppleiTunes][cat: Streaming/17][25 pkts/2582 bytes <-> 20 pkts/12000 bytes][Goodput ratio: 37/89][0.24 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.646 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/10 47/52 16/19][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 103/600 583/1506 103/588][TLSv1.3][Client: itunes.apple.com][JA3C: 17305a56a62a10f6b0ee8edcc3b1769c][JA3S: 15af977ce25de452b96affa2addb1036][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 13,18,9,0,4,0,0,0,9,0,0,4,0,0,0,0,4,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,4,0,0,0,0,0,0,18,0,0] + 1 TCP 192.168.2.17:57027 <-> 13.35.253.42:443 [proto: 91.39/TLS.Signal][cat: Chat/9][170 pkts/206962 bytes <-> 95 pkts/9293 bytes][Goodput ratio: 95/32][0.48 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: 0.914 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/3 39/47 6/10][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1217/98 1506/1506 548/175][TLSv1.2][Client: cdn.signal.org][JA3C: 6725ca90906e1036febcbfd464e2e326][ServerNames: cdn.signal.org][JA3S: c4b2785a87896e19d37eee932070cb22][Issuer: C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure][Subject: C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=cdn.signal.org][Certificate SHA-1: 81:3D:8A:2E:EE:B2:E1:F4:1C:2B:6D:20:16:54:B2:C1:87:D0:1E:12][Safari][Validity: 2019-02-15 17:38:17 - 2029-03-12 18:19:50][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 1,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,84,0,0] + 2 TCP 192.168.2.17:57026 <-> 35.169.3.40:443 [proto: 91.39/TLS.Signal][cat: Chat/9][22 pkts/13757 bytes <-> 16 pkts/6493 bytes][Goodput ratio: 89/84][0.57 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: 0.359 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/20 112/114 35/41][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 625/406 1506/1506 629/565][TLSv1.2][Client: textsecure-service.whispersystems.org][JA3C: 6725ca90906e1036febcbfd464e2e326][ServerNames: textsecure-service.whispersystems.org,service.signal.org][JA3S: 1089ea6f0461a29006cc96dfe7a11d80][Issuer: C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure][Subject: C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org][Certificate SHA-1: 5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B][Safari][Validity: 2019-02-15 17:38:17 - 2029-03-12 18:20:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,25,8,4,0,0,0,4,0,4,0,0,0,0,0,0,4,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,4,0,0,0,37,0,0] + 3 TCP 192.168.2.17:57022 <-> 23.57.24.16:443 [proto: 91.145/TLS.AppleiTunes][cat: Streaming/17][24 pkts/2540 bytes <-> 21 pkts/12673 bytes][Goodput ratio: 38/89][0.40 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.666 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/14 124/83 35/28][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 106/603 583/1506 105/574][TLSv1.3][Client: itunes.apple.com][JA3C: 17305a56a62a10f6b0ee8edcc3b1769c][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 13,17,8,0,4,0,0,0,8,0,0,4,0,0,0,0,4,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,4,0,0,0,0,0,0,17,0,0] + 4 TCP 192.168.2.17:57018 <-> 23.57.24.16:443 [proto: 91.145/TLS.AppleiTunes][cat: Streaming/17][25 pkts/2582 bytes <-> 20 pkts/12000 bytes][Goodput ratio: 37/89][0.24 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.646 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/10 47/52 16/19][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 103/600 583/1506 103/588][TLSv1.3][Client: itunes.apple.com][JA3C: 17305a56a62a10f6b0ee8edcc3b1769c][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 13,18,9,0,4,0,0,0,9,0,0,4,0,0,0,0,4,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,4,0,0,0,0,0,0,18,0,0] 5 TCP 192.168.2.17:49227 <-> 35.169.3.40:443 [proto: 91.39/TLS.Signal][cat: Chat/9][13 pkts/1808 bytes <-> 12 pkts/4355 bytes][Goodput ratio: 52/82][3.03 sec][bytes ratio: -0.413 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 62/293 115/2199 52/677][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 139/363 502/1506 120/471][Risk: ** TLS (probably) not carrying HTTPS **][Risk Score: 10][TLSv1.2][Client: textsecure-service.whispersystems.org][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][ServerNames: textsecure-service.whispersystems.org,service.signal.org][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure][Subject: C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org][Certificate SHA-1: 5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B][Firefox][Validity: 2019-02-15 17:38:17 - 2029-03-12 18:20:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,25,16,8,0,0,8,8,0,0,0,0,0,8,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0] - 6 TCP 192.168.2.17:57024 <-> 35.169.3.40:443 [proto: 91.39/TLS.Signal][cat: Chat/9][15 pkts/2054 bytes <-> 11 pkts/3775 bytes][Goodput ratio: 51/81][0.59 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.295 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 30/59 167/186 55/77][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 137/343 583/1506 134/472][TLSv1.2][Client: textsecure-service.whispersystems.org][JA3C: 6725ca90906e1036febcbfd464e2e326][ServerNames: textsecure-service.whispersystems.org,service.signal.org][JA3S: 1089ea6f0461a29006cc96dfe7a11d80][Issuer: C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure][Subject: C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org][Certificate SHA-1: 5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B][Validity: 2019-02-15 17:38:17 - 2029-03-12 18:20:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,50,7,7,0,0,0,7,0,0,0,7,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0] - 7 TCP 192.168.2.17:57021 <-> 34.225.240.173:443 [proto: 91.39/TLS.Signal][cat: Chat/9][16 pkts/2108 bytes <-> 10 pkts/3709 bytes][Goodput ratio: 50/82][13.48 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.275 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1020/50 13018/120 3464/57][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 132/371 583/1506 131/486][TLSv1.2][Client: textsecure-service.whispersystems.org][JA3C: 6725ca90906e1036febcbfd464e2e326][ServerNames: textsecure-service.whispersystems.org,service.signal.org][JA3S: 1089ea6f0461a29006cc96dfe7a11d80][Issuer: C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure][Subject: C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org][Certificate SHA-1: 5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B][Validity: 2019-02-15 17:38:17 - 2029-03-12 18:20:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,50,7,7,0,0,0,7,0,0,0,7,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0] - 8 TCP 192.168.2.17:57020 <-> 34.225.240.173:443 [proto: 91.39/TLS.Signal][cat: Chat/9][16 pkts/2103 bytes <-> 11 pkts/3562 bytes][Goodput ratio: 50/79][13.49 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.258 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1019/44 13011/122 3462/57][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 131/324 583/1506 130/472][TLSv1.2][Client: textsecure-service.whispersystems.org][JA3C: 6725ca90906e1036febcbfd464e2e326][ServerNames: textsecure-service.whispersystems.org,service.signal.org][JA3S: 1089ea6f0461a29006cc96dfe7a11d80][Issuer: C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure][Subject: C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org][Certificate SHA-1: 5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B][Validity: 2019-02-15 17:38:17 - 2029-03-12 18:20:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,50,7,7,7,0,7,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0] - 9 TCP 192.168.2.17:57019 <-> 34.225.240.173:443 [proto: 91.39/TLS.Signal][cat: Chat/9][16 pkts/2095 bytes <-> 11 pkts/3527 bytes][Goodput ratio: 50/79][13.49 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.255 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1020/43 13026/120 3466/55][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 131/321 583/1506 130/473][TLSv1.2][Client: textsecure-service.whispersystems.org][JA3C: 6725ca90906e1036febcbfd464e2e326][ServerNames: textsecure-service.whispersystems.org,service.signal.org][JA3S: 1089ea6f0461a29006cc96dfe7a11d80][Issuer: C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure][Subject: C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org][Certificate SHA-1: 5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B][Validity: 2019-02-15 17:38:17 - 2029-03-12 18:20:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,50,7,14,0,0,7,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0] - 10 TCP 192.168.2.17:57023 <-> 35.169.3.40:443 [proto: 91.39/TLS.Signal][cat: Chat/9][15 pkts/2049 bytes <-> 11 pkts/3562 bytes][Goodput ratio: 51/79][0.58 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.270 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 30/58 168/181 54/76][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 137/324 583/1506 133/472][TLSv1.2][Client: textsecure-service.whispersystems.org][JA3C: 6725ca90906e1036febcbfd464e2e326][ServerNames: textsecure-service.whispersystems.org,service.signal.org][JA3S: 1089ea6f0461a29006cc96dfe7a11d80][Issuer: C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure][Subject: C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org][Certificate SHA-1: 5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B][Validity: 2019-02-15 17:38:17 - 2029-03-12 18:20:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,50,7,7,7,0,7,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0] - 11 TCP 192.168.2.17:57025 <-> 35.169.3.40:443 [proto: 91.39/TLS.Signal][cat: Chat/9][15 pkts/2041 bytes <-> 11 pkts/3527 bytes][Goodput ratio: 51/79][0.58 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.267 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 30/58 166/184 54/77][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 136/321 583/1506 133/473][TLSv1.2][Client: textsecure-service.whispersystems.org][JA3C: 6725ca90906e1036febcbfd464e2e326][ServerNames: textsecure-service.whispersystems.org,service.signal.org][JA3S: 1089ea6f0461a29006cc96dfe7a11d80][Issuer: C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure][Subject: C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org][Certificate SHA-1: 5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B][Validity: 2019-02-15 17:38:17 - 2029-03-12 18:20:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,50,7,14,0,0,7,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0] + 6 TCP 192.168.2.17:57024 <-> 35.169.3.40:443 [proto: 91.39/TLS.Signal][cat: Chat/9][15 pkts/2054 bytes <-> 11 pkts/3775 bytes][Goodput ratio: 51/81][0.59 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.295 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 30/59 167/186 55/77][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 137/343 583/1506 134/472][TLSv1.2][Client: textsecure-service.whispersystems.org][JA3C: 6725ca90906e1036febcbfd464e2e326][ServerNames: textsecure-service.whispersystems.org,service.signal.org][JA3S: 1089ea6f0461a29006cc96dfe7a11d80][Issuer: C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure][Subject: C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org][Certificate SHA-1: 5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B][Safari][Validity: 2019-02-15 17:38:17 - 2029-03-12 18:20:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,50,7,7,0,0,0,7,0,0,0,7,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0] + 7 TCP 192.168.2.17:57021 <-> 34.225.240.173:443 [proto: 91.39/TLS.Signal][cat: Chat/9][16 pkts/2108 bytes <-> 10 pkts/3709 bytes][Goodput ratio: 50/82][13.48 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.275 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1020/50 13018/120 3464/57][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 132/371 583/1506 131/486][TLSv1.2][Client: textsecure-service.whispersystems.org][JA3C: 6725ca90906e1036febcbfd464e2e326][ServerNames: textsecure-service.whispersystems.org,service.signal.org][JA3S: 1089ea6f0461a29006cc96dfe7a11d80][Issuer: C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure][Subject: C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org][Certificate SHA-1: 5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B][Safari][Validity: 2019-02-15 17:38:17 - 2029-03-12 18:20:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,50,7,7,0,0,0,7,0,0,0,7,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0] + 8 TCP 192.168.2.17:57020 <-> 34.225.240.173:443 [proto: 91.39/TLS.Signal][cat: Chat/9][16 pkts/2103 bytes <-> 11 pkts/3562 bytes][Goodput ratio: 50/79][13.49 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.258 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1019/44 13011/122 3462/57][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 131/324 583/1506 130/472][TLSv1.2][Client: textsecure-service.whispersystems.org][JA3C: 6725ca90906e1036febcbfd464e2e326][ServerNames: textsecure-service.whispersystems.org,service.signal.org][JA3S: 1089ea6f0461a29006cc96dfe7a11d80][Issuer: C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure][Subject: C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org][Certificate SHA-1: 5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B][Safari][Validity: 2019-02-15 17:38:17 - 2029-03-12 18:20:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,50,7,7,7,0,7,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0] + 9 TCP 192.168.2.17:57019 <-> 34.225.240.173:443 [proto: 91.39/TLS.Signal][cat: Chat/9][16 pkts/2095 bytes <-> 11 pkts/3527 bytes][Goodput ratio: 50/79][13.49 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.255 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1020/43 13026/120 3466/55][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 131/321 583/1506 130/473][TLSv1.2][Client: textsecure-service.whispersystems.org][JA3C: 6725ca90906e1036febcbfd464e2e326][ServerNames: textsecure-service.whispersystems.org,service.signal.org][JA3S: 1089ea6f0461a29006cc96dfe7a11d80][Issuer: C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure][Subject: C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org][Certificate SHA-1: 5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B][Safari][Validity: 2019-02-15 17:38:17 - 2029-03-12 18:20:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,50,7,14,0,0,7,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0] + 10 TCP 192.168.2.17:57023 <-> 35.169.3.40:443 [proto: 91.39/TLS.Signal][cat: Chat/9][15 pkts/2049 bytes <-> 11 pkts/3562 bytes][Goodput ratio: 51/79][0.58 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.270 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 30/58 168/181 54/76][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 137/324 583/1506 133/472][TLSv1.2][Client: textsecure-service.whispersystems.org][JA3C: 6725ca90906e1036febcbfd464e2e326][ServerNames: textsecure-service.whispersystems.org,service.signal.org][JA3S: 1089ea6f0461a29006cc96dfe7a11d80][Issuer: C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure][Subject: C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org][Certificate SHA-1: 5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B][Safari][Validity: 2019-02-15 17:38:17 - 2029-03-12 18:20:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,50,7,7,7,0,7,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0] + 11 TCP 192.168.2.17:57025 <-> 35.169.3.40:443 [proto: 91.39/TLS.Signal][cat: Chat/9][15 pkts/2041 bytes <-> 11 pkts/3527 bytes][Goodput ratio: 51/79][0.58 sec][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.267 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 30/58 166/184 54/77][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 136/321 583/1506 133/473][TLSv1.2][Client: textsecure-service.whispersystems.org][JA3C: 6725ca90906e1036febcbfd464e2e326][ServerNames: textsecure-service.whispersystems.org,service.signal.org][JA3S: 1089ea6f0461a29006cc96dfe7a11d80][Issuer: C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure][Subject: C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org][Certificate SHA-1: 5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B][Safari][Validity: 2019-02-15 17:38:17 - 2029-03-12 18:20:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,50,7,14,0,0,7,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0] 12 TCP 192.168.2.17:49226 <-> 34.225.240.173:443 [proto: 91.39/TLS.Signal][cat: Chat/9][13 pkts/1688 bytes <-> 11 pkts/3569 bytes][Goodput ratio: 48/79][9.90 sec][bytes ratio: -0.358 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 58/57 113/154 53/66][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 130/324 502/1506 120/473][Risk: ** TLS (probably) not carrying HTTPS **][Risk Score: 10][TLSv1.2][Client: textsecure-service.whispersystems.org][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][ServerNames: textsecure-service.whispersystems.org,service.signal.org][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure][Subject: C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org][Certificate SHA-1: 5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B][Firefox][Validity: 2019-02-15 17:38:17 - 2029-03-12 18:20:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,30,20,0,0,0,10,10,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0] 13 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][cat: Network/14][4 pkts/1368 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][15.76 sec][Host: lucas-imac][DHCP Fingerprint: 1,121,3,6,15,119,252,95,44,46][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 14 TCP 23.57.24.16:443 <-> 192.168.2.17:57016 [proto: 91/TLS][cat: Web/5][6 pkts/408 bytes <-> 6 pkts/471 bytes][Goodput ratio: 12/13][0.65 sec][bytes ratio: -0.072 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 7/16 158/4 347/16 157/7][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 68/78 90/105 16/15][Plen Bins: 75,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/simple-dnscrypt.pcap.out b/tests/result/simple-dnscrypt.pcap.out index 466fcdc28..d21178425 100644 --- a/tests/result/simple-dnscrypt.pcap.out +++ b/tests/result/simple-dnscrypt.pcap.out @@ -5,7 +5,7 @@ JA3 Host Stats: 1 192.168.43.167 2 - 1 TCP 192.168.43.167:50233 <-> 134.119.26.24:443 [proto: 91.208/TLS.DNScrypt][cat: Network/14][18 pkts/1788 bytes <-> 21 pkts/14580 bytes][Goodput ratio: 45/92][0.71 sec][ALPN: h2;http/1.1][bytes ratio: -0.782 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 36/20 114/119 43/34][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 99/694 272/1364 68/594][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: simplednscrypt.org][JA3C: b8f81673c0e1d29908346f3bab892b9b][ServerNames: simplednscrypt.org,www.simplednscrypt.org][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA][Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org][Certificate SHA-1: 3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41][Safari][Validity: 2015-09-21 00:00:00 - 2017-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,25,8,4,0,0,8,0,4,4,0,4,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,33,0,0,0,0,0,0,0] - 2 TCP 192.168.43.167:50259 <-> 134.119.26.24:443 [proto: 91.208/TLS.DNScrypt][cat: Network/14][18 pkts/1988 bytes <-> 18 pkts/9290 bytes][Goodput ratio: 50/89][0.52 sec][ALPN: h2;http/1.1][bytes ratio: -0.647 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/25 105/106 34/35][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 110/516 334/1364 76/542][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: simplednscrypt.org][JA3C: 83e04bc58d402f9633983cbf22724b02][ServerNames: simplednscrypt.org,www.simplednscrypt.org][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA][Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org][Certificate SHA-1: 3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41][Safari][Validity: 2015-09-21 00:00:00 - 2017-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,28,13,4,0,0,4,0,9,4,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,0,0,0] - 3 TCP 192.168.43.167:50253 <-> 134.119.26.24:443 [proto: 91.208/TLS.DNScrypt][cat: Network/14][8 pkts/780 bytes <-> 10 pkts/7735 bytes][Goodput ratio: 43/93][0.44 sec][ALPN: h2;http/1.1][bytes ratio: -0.817 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 72/32 188/124 74/51][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 98/774 264/1364 75/597][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: simplednscrypt.org][JA3C: 83e04bc58d402f9633983cbf22724b02][ServerNames: simplednscrypt.org,www.simplednscrypt.org][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA][Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org][Certificate SHA-1: 3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41][Safari][Validity: 2015-09-21 00:00:00 - 2017-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,10,10,0,0,10,0,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0] - 4 TCP 192.168.43.167:50258 <-> 134.119.26.24:443 [proto: 91.208/TLS.DNScrypt][cat: Network/14][8 pkts/780 bytes <-> 10 pkts/7735 bytes][Goodput ratio: 43/93][0.36 sec][ALPN: h2;http/1.1][bytes ratio: -0.817 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 60/32 136/140 59/53][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 98/774 264/1364 75/597][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: simplednscrypt.org][JA3C: 83e04bc58d402f9633983cbf22724b02][ServerNames: simplednscrypt.org,www.simplednscrypt.org][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA][Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org][Certificate SHA-1: 3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41][Safari][Validity: 2015-09-21 00:00:00 - 2017-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,10,10,0,0,10,0,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0] + 1 TCP 192.168.43.167:50233 <-> 134.119.26.24:443 [proto: 91.208/TLS.DNScrypt][cat: Network/14][18 pkts/1788 bytes <-> 21 pkts/14580 bytes][Goodput ratio: 45/92][0.71 sec][ALPN: h2;http/1.1][bytes ratio: -0.782 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 36/20 114/119 43/34][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 99/694 272/1364 68/594][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: simplednscrypt.org][JA3C: b8f81673c0e1d29908346f3bab892b9b][ServerNames: simplednscrypt.org,www.simplednscrypt.org][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA][Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org][Certificate SHA-1: 3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41][Validity: 2015-09-21 00:00:00 - 2017-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,25,8,4,0,0,8,0,4,4,0,4,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,33,0,0,0,0,0,0,0] + 2 TCP 192.168.43.167:50259 <-> 134.119.26.24:443 [proto: 91.208/TLS.DNScrypt][cat: Network/14][18 pkts/1988 bytes <-> 18 pkts/9290 bytes][Goodput ratio: 50/89][0.52 sec][ALPN: h2;http/1.1][bytes ratio: -0.647 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/25 105/106 34/35][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 110/516 334/1364 76/542][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: simplednscrypt.org][JA3C: 83e04bc58d402f9633983cbf22724b02][ServerNames: simplednscrypt.org,www.simplednscrypt.org][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA][Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org][Certificate SHA-1: 3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41][Validity: 2015-09-21 00:00:00 - 2017-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,28,13,4,0,0,4,0,9,4,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,0,0,0] + 3 TCP 192.168.43.167:50253 <-> 134.119.26.24:443 [proto: 91.208/TLS.DNScrypt][cat: Network/14][8 pkts/780 bytes <-> 10 pkts/7735 bytes][Goodput ratio: 43/93][0.44 sec][ALPN: h2;http/1.1][bytes ratio: -0.817 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 72/32 188/124 74/51][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 98/774 264/1364 75/597][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: simplednscrypt.org][JA3C: 83e04bc58d402f9633983cbf22724b02][ServerNames: simplednscrypt.org,www.simplednscrypt.org][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA][Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org][Certificate SHA-1: 3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41][Validity: 2015-09-21 00:00:00 - 2017-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,10,10,0,0,10,0,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0] + 4 TCP 192.168.43.167:50258 <-> 134.119.26.24:443 [proto: 91.208/TLS.DNScrypt][cat: Network/14][8 pkts/780 bytes <-> 10 pkts/7735 bytes][Goodput ratio: 43/93][0.36 sec][ALPN: h2;http/1.1][bytes ratio: -0.817 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 60/32 136/140 59/53][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 98/774 264/1364 75/597][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: simplednscrypt.org][JA3C: 83e04bc58d402f9633983cbf22724b02][ServerNames: simplednscrypt.org,www.simplednscrypt.org][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA][Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org][Certificate SHA-1: 3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41][Validity: 2015-09-21 00:00:00 - 2017-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,10,10,0,0,10,0,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0] diff --git a/tests/result/teams.pcap.out b/tests/result/teams.pcap.out index a842c76f3..8738f48e0 100644 --- a/tests/result/teams.pcap.out +++ b/tests/result/teams.pcap.out @@ -18,31 +18,31 @@ JA3 Host Stats: 1 192.168.1.6 6 - 1 TCP 192.168.1.6:60536 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][614 pkts/242051 bytes <-> 686 pkts/579301 bytes][Goodput ratio: 86/93][19.89 sec][ALPN: h2;http/1.1][bytes ratio: -0.411 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 38/23 3909/3921 278/223][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 394/844 1494/1506 582/685][TLSv1.2][Client: teams.microsoft.com][JA3C: 74d5fa154a7fc0a7c655d8eaa34b89bf][ServerNames: teams.microsoft.com][JA3S: 0f14538e1c9070becdad7739c67d6363][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=teams.microsoft.com][Certificate SHA-1: 68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E][Safari][Validity: 2019-09-12 18:16:45 - 2021-09-12 18:16:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,1,2,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,91,0,0] + 1 TCP 192.168.1.6:60536 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][614 pkts/242051 bytes <-> 686 pkts/579301 bytes][Goodput ratio: 86/93][19.89 sec][ALPN: h2;http/1.1][bytes ratio: -0.411 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 38/23 3909/3921 278/223][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 394/844 1494/1506 582/685][TLSv1.2][Client: teams.microsoft.com][JA3C: 74d5fa154a7fc0a7c655d8eaa34b89bf][ServerNames: teams.microsoft.com][JA3S: 0f14538e1c9070becdad7739c67d6363][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=teams.microsoft.com][Certificate SHA-1: 68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E][Validity: 2019-09-12 18:16:45 - 2021-09-12 18:16:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,1,2,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,91,0,0] 2 TCP 192.168.1.6:60543 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][cat: Cloud/13][67 pkts/86089 bytes <-> 40 pkts/7347 bytes][Goodput ratio: 95/64][0.72 sec][bytes ratio: 0.843 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/16 152/86 28/26][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1285/184 1494/1506 497/372][Risk: ** TLS (probably) not carrying HTTPS **][Risk Score: 10][TLSv1.2][Client: mobile.pipe.aria.microsoft.com][JA3C: a1674500365bdd882188db63730e69a2][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 1,1,1,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,89,3,0,0] 3 TCP 192.168.1.6:60532 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][cat: Cloud/13][49 pkts/58592 bytes <-> 28 pkts/6555 bytes][Goodput ratio: 94/72][0.71 sec][bytes ratio: 0.799 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/29 177/221 32/57][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1196/234 1494/1506 564/435][Risk: ** TLS (probably) not carrying HTTPS **][Risk Score: 10][TLSv1.2][Client: mobile.pipe.aria.microsoft.com][JA3C: a1674500365bdd882188db63730e69a2][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 2,2,2,0,0,2,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,81,4,0,0] 4 TCP 192.168.1.6:60554 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][24 pkts/2746 bytes <-> 28 pkts/30546 bytes][Goodput ratio: 52/95][0.23 sec][bytes ratio: -0.835 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/9 21/140 7/29][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 114/1091 1136/1506 217/607][Risk: ** TLS (probably) not carrying HTTPS **][Risk Score: 10][TLSv1.2][Client: config.teams.microsoft.com][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][ServerNames: *.config.teams.microsoft.com,config.teams.microsoft.com][JA3S: 7d8fd34fdb13a7fff30d5a52846b6c4c][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=config.teams.microsoft.com][Certificate SHA-1: B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA][Firefox][Validity: 2019-12-11 02:04:20 - 2021-12-11 02:04:20][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,7,0,3,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,0,0,0,7,0,0,0,0,0,65,0,0] 5 TCP 192.168.1.6:60561 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][cat: Cloud/13][23 pkts/19184 bytes <-> 14 pkts/5643 bytes][Goodput ratio: 92/83][0.82 sec][bytes ratio: 0.545 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/44 161/136 43/48][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 834/403 1494/1506 690/567][Risk: ** TLS (probably) not carrying HTTPS **][Risk Score: 10][TLSv1.2][Client: mobile.pipe.aria.microsoft.com][JA3C: a1674500365bdd882188db63730e69a2][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 4,4,4,0,0,0,9,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,60,9,0,0] 6 TCP 192.168.1.6:60535 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][cat: Cloud/13][21 pkts/16793 bytes <-> 13 pkts/5565 bytes][Goodput ratio: 92/84][0.33 sec][bytes ratio: 0.502 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/18 48/49 17/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 800/428 1494/1506 681/581][Risk: ** TLS (probably) not carrying HTTPS **][Risk Score: 10][TLSv1.2][Client: mobile.pipe.aria.microsoft.com][JA3C: a1674500365bdd882188db63730e69a2][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 5,5,5,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,53,10,0,0] 7 TCP 192.168.1.6:60559 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][cat: Cloud/13][21 pkts/15525 bytes <-> 12 pkts/5499 bytes][Goodput ratio: 91/85][0.35 sec][bytes ratio: 0.477 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/21 52/51 22/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 739/458 1494/1506 682/595][Risk: ** TLS (probably) not carrying HTTPS **][Risk Score: 10][TLSv1.2][Client: mobile.pipe.aria.microsoft.com][JA3C: a1674500365bdd882188db63730e69a2][Safari][Plen Bins: 5,5,5,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,5,0,0,52,11,0,0] - 8 TCP 192.168.1.6:60545 <-> 52.114.77.58:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][49 pkts/7568 bytes <-> 34 pkts/11426 bytes][Goodput ratio: 65/83][9.23 sec][ALPN: h2;http/1.1][bytes ratio: -0.203 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 226/294 4927/4971 803/983][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 154/336 1494/1506 217/458][TLSv1.2][Client: presence.teams.microsoft.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][Safari][Plen Bins: 0,21,17,10,8,6,4,0,6,2,0,0,2,6,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0] - 9 TCP 192.168.1.6:60549 <-> 13.107.18.11:443 [proto: 91.219/TLS.Microsoft365][cat: Collaborative/15][28 pkts/7696 bytes <-> 26 pkts/9797 bytes][Goodput ratio: 80/85][1.16 sec][ALPN: h2;http/1.1][bytes ratio: -0.120 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 47/23 539/167 115/43][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 275/377 1494/1506 397/471][TLSv1.2][Client: substrate.office.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][ServerNames: outlook.office.com,attachment.outlook.office.net,attachment.outlook.officeppe.net,bookings.office.com,delve.office.com,edge.outlook.office365.com,edgesdf.outlook.com,img.delve.office.com,outlook.live.com,outlook-sdf.live.com,outlook-sdf.office.com,sdfedge-pilot.outlook.com,substrate.office.com,substrate-sdf.office.com,afd-k-acdc-direct.office.com,beta-sdf.yammer.com,teams-sdf.yammer.com,beta.yammer.com,teams.yammer.com,attachments.office.net,attachments-sdf.office.net,afd-k.office.com,afd-k-sdf.office.com][JA3S: a66ea560599a2f5c89eec8c3a0d69cee][Issuer: C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Outlook.office.com][Certificate SHA-1: AA:D3:F5:66:06:48:AA:F8:8E:9B:79:D6:7F:1D:53:EA:3F:97:03:A2][Safari][Validity: 2019-07-12 00:00:00 - 2021-07-12 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,22,7,0,7,0,7,0,0,3,3,0,0,0,3,0,7,0,3,0,10,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0] + 8 TCP 192.168.1.6:60545 <-> 52.114.77.58:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][49 pkts/7568 bytes <-> 34 pkts/11426 bytes][Goodput ratio: 65/83][9.23 sec][ALPN: h2;http/1.1][bytes ratio: -0.203 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 226/294 4927/4971 803/983][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 154/336 1494/1506 217/458][TLSv1.2][Client: presence.teams.microsoft.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][Plen Bins: 0,21,17,10,8,6,4,0,6,2,0,0,2,6,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0] + 9 TCP 192.168.1.6:60549 <-> 13.107.18.11:443 [proto: 91.219/TLS.Microsoft365][cat: Collaborative/15][28 pkts/7696 bytes <-> 26 pkts/9797 bytes][Goodput ratio: 80/85][1.16 sec][ALPN: h2;http/1.1][bytes ratio: -0.120 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 47/23 539/167 115/43][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 275/377 1494/1506 397/471][TLSv1.2][Client: substrate.office.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][ServerNames: outlook.office.com,attachment.outlook.office.net,attachment.outlook.officeppe.net,bookings.office.com,delve.office.com,edge.outlook.office365.com,edgesdf.outlook.com,img.delve.office.com,outlook.live.com,outlook-sdf.live.com,outlook-sdf.office.com,sdfedge-pilot.outlook.com,substrate.office.com,substrate-sdf.office.com,afd-k-acdc-direct.office.com,beta-sdf.yammer.com,teams-sdf.yammer.com,beta.yammer.com,teams.yammer.com,attachments.office.net,attachments-sdf.office.net,afd-k.office.com,afd-k-sdf.office.com][JA3S: a66ea560599a2f5c89eec8c3a0d69cee][Issuer: C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Outlook.office.com][Certificate SHA-1: AA:D3:F5:66:06:48:AA:F8:8E:9B:79:D6:7F:1D:53:EA:3F:97:03:A2][Validity: 2019-07-12 00:00:00 - 2021-07-12 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,22,7,0,7,0,7,0,0,3,3,0,0,0,3,0,7,0,3,0,10,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0] 10 TCP 192.168.1.6:60548 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][cat: Cloud/13][18 pkts/12047 bytes <-> 11 pkts/5433 bytes][Goodput ratio: 90/86][0.32 sec][bytes ratio: 0.378 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/23 51/51 21/23][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 669/494 1494/1506 669/609][Risk: ** TLS (probably) not carrying HTTPS **][Risk Score: 10][TLSv1.2][Client: mobile.pipe.aria.microsoft.com][JA3C: a1674500365bdd882188db63730e69a2][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 6,6,6,0,0,0,6,0,0,0,0,0,0,6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,44,12,0,0] - 11 TCP 192.168.1.6:60533 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][20 pkts/1861 bytes <-> 20 pkts/12980 bytes][Goodput ratio: 41/91][0.10 sec][ALPN: h2;http/1.1][bytes ratio: -0.749 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/4 29/29 8/8][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 93/649 312/1506 76/603][TLSv1.2][Client: teams.microsoft.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][ServerNames: teams.microsoft.com][JA3S: 0f14538e1c9070becdad7739c67d6363][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=teams.microsoft.com][Certificate SHA-1: 68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E][Safari][Validity: 2019-09-12 18:16:45 - 2021-09-12 18:16:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,15,10,0,5,0,10,0,5,0,5,0,0,0,0,0,5,0,0,10,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0] - 12 TCP 192.168.1.6:60540 <-> 52.114.75.70:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][14 pkts/5711 bytes <-> 10 pkts/8093 bytes][Goodput ratio: 83/92][0.13 sec][ALPN: h2;http/1.1][bytes ratio: -0.173 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/9 32/32 13/14][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 408/809 1494/1506 517/688][TLSv1.2][Client: eu-prod.asyncgw.teams.microsoft.com][JA3C: 74d5fa154a7fc0a7c655d8eaa34b89bf][Safari][Plen Bins: 0,7,0,7,0,0,0,15,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,15,31,0,0] + 11 TCP 192.168.1.6:60533 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][20 pkts/1861 bytes <-> 20 pkts/12980 bytes][Goodput ratio: 41/91][0.10 sec][ALPN: h2;http/1.1][bytes ratio: -0.749 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/4 29/29 8/8][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 93/649 312/1506 76/603][TLSv1.2][Client: teams.microsoft.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][ServerNames: teams.microsoft.com][JA3S: 0f14538e1c9070becdad7739c67d6363][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=teams.microsoft.com][Certificate SHA-1: 68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E][Validity: 2019-09-12 18:16:45 - 2021-09-12 18:16:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,15,10,0,5,0,10,0,5,0,5,0,0,0,0,0,5,0,0,10,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0] + 12 TCP 192.168.1.6:60540 <-> 52.114.75.70:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][14 pkts/5711 bytes <-> 10 pkts/8093 bytes][Goodput ratio: 83/92][0.13 sec][ALPN: h2;http/1.1][bytes ratio: -0.173 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/9 32/32 13/14][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 408/809 1494/1506 517/688][TLSv1.2][Client: eu-prod.asyncgw.teams.microsoft.com][JA3C: 74d5fa154a7fc0a7c655d8eaa34b89bf][Plen Bins: 0,7,0,7,0,0,0,15,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,15,31,0,0] 13 TCP 192.168.1.6:60537 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][cat: Cloud/13][16 pkts/8418 bytes <-> 10 pkts/5367 bytes][Goodput ratio: 87/88][0.27 sec][bytes ratio: 0.221 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/27 46/46 20/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 526/537 1494/1506 639/623][Risk: ** TLS (probably) not carrying HTTPS **][Risk Score: 10][TLSv1.2][Client: mobile.pipe.aria.microsoft.com][JA3C: a1674500365bdd882188db63730e69a2][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 7,7,7,0,0,0,7,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,7,0,0,31,15,0,0] 14 TCP 192.168.1.6:60555 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][cat: Cloud/13][18 pkts/5861 bytes <-> 13 pkts/7901 bytes][Goodput ratio: 80/89][2.79 sec][bytes ratio: -0.148 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 192/269 2443/2490 625/741][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 326/608 1494/1506 448/617][Risk: ** TLS (probably) not carrying HTTPS **][Risk Score: 10][TLSv1.2][Client: mobile.pipe.aria.microsoft.com][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Firefox][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,16,11,0,0,5,0,0,0,5,5,0,0,11,0,5,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,22,0,0] 15 UDP 192.168.1.6:51681 <-> 52.114.77.136:3478 [proto: 78.125/STUN.Skype][cat: VoIP/10][14 pkts/5838 bytes <-> 17 pkts/7907 bytes][Goodput ratio: 90/91][4.57 sec][bytes ratio: -0.151 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 347/256 2336/2336 693/595][Pkt Len c2s/s2c min/avg/max/stddev: 79/79 417/465 1243/1227 434/401][PLAIN TEXT (TBHSWF)][Plen Bins: 0,36,0,0,0,12,6,0,3,6,0,0,0,3,0,0,0,0,0,0,0,0,0,6,6,0,0,0,0,0,3,0,3,3,0,0,0,9,0,0,0,0,0,0,0,0,0,0] - 16 TCP 192.168.1.6:60547 <-> 52.114.88.59:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][20 pkts/3926 bytes <-> 15 pkts/8828 bytes][Goodput ratio: 66/89][0.32 sec][ALPN: h2;http/1.1][bytes ratio: -0.384 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/25 91/80 23/31][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 196/589 1494/1506 320/612][TLSv1.2][Client: chatsvcagg.teams.microsoft.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][Safari][Plen Bins: 0,21,10,5,0,5,10,5,0,0,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,5,21,0,0] - 17 TCP 192.168.1.6:60565 <-> 52.114.108.8:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][19 pkts/3306 bytes <-> 14 pkts/9053 bytes][Goodput ratio: 61/90][0.43 sec][ALPN: h2;http/1.1][bytes ratio: -0.465 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27/12 276/54 68/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 174/647 1060/1506 238/633][TLSv1.2][Client: emea.ng.msg.teams.microsoft.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][Safari][Plen Bins: 0,22,16,5,0,0,5,0,0,0,0,0,0,5,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,22,0,0] - 18 TCP 192.168.1.6:60541 <-> 52.114.75.69:443 [proto: 91.125/TLS.Skype][cat: VoIP/10][13 pkts/4051 bytes <-> 9 pkts/7973 bytes][Goodput ratio: 79/92][0.14 sec][ALPN: h2;http/1.1][bytes ratio: -0.326 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/11 31/36 14/16][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 312/886 1494/1506 422/676][TLSv1.2][Client: eu-api.asm.skype.com][JA3C: 74d5fa154a7fc0a7c655d8eaa34b89bf][ServerNames: *.asm.skype.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=*.asm.skype.com][Certificate SHA-1: B9:41:1D:AE:56:09:68:D2:07:D0:69:E1:68:00:08:2B:EF:63:1E:48][Safari][Validity: 2019-05-07 12:50:03 - 2021-05-07 12:50:03][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,8,0,8,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8,34,0,0] + 16 TCP 192.168.1.6:60547 <-> 52.114.88.59:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][20 pkts/3926 bytes <-> 15 pkts/8828 bytes][Goodput ratio: 66/89][0.32 sec][ALPN: h2;http/1.1][bytes ratio: -0.384 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/25 91/80 23/31][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 196/589 1494/1506 320/612][TLSv1.2][Client: chatsvcagg.teams.microsoft.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][Plen Bins: 0,21,10,5,0,5,10,5,0,0,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,5,21,0,0] + 17 TCP 192.168.1.6:60565 <-> 52.114.108.8:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][19 pkts/3306 bytes <-> 14 pkts/9053 bytes][Goodput ratio: 61/90][0.43 sec][ALPN: h2;http/1.1][bytes ratio: -0.465 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27/12 276/54 68/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 174/647 1060/1506 238/633][TLSv1.2][Client: emea.ng.msg.teams.microsoft.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][Plen Bins: 0,22,16,5,0,0,5,0,0,0,0,0,0,5,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,22,0,0] + 18 TCP 192.168.1.6:60541 <-> 52.114.75.69:443 [proto: 91.125/TLS.Skype][cat: VoIP/10][13 pkts/4051 bytes <-> 9 pkts/7973 bytes][Goodput ratio: 79/92][0.14 sec][ALPN: h2;http/1.1][bytes ratio: -0.326 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/11 31/36 14/16][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 312/886 1494/1506 422/676][TLSv1.2][Client: eu-api.asm.skype.com][JA3C: 74d5fa154a7fc0a7c655d8eaa34b89bf][ServerNames: *.asm.skype.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=*.asm.skype.com][Certificate SHA-1: B9:41:1D:AE:56:09:68:D2:07:D0:69:E1:68:00:08:2B:EF:63:1E:48][Validity: 2019-05-07 12:50:03 - 2021-05-07 12:50:03][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,8,0,8,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8,34,0,0] 19 TCP 192.168.1.6:60556 <-> 40.126.9.7:443 [proto: 91.219/TLS.Microsoft365][cat: Collaborative/15][15 pkts/4178 bytes <-> 12 pkts/7795 bytes][Goodput ratio: 76/90][0.43 sec][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.302 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/45 105/135 29/49][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 279/650 1494/1506 415/671][TLSv1.2][Client: login.microsoftonline.com][JA3C: a69708a64f853c3bcc214c2c5faf84f3][Safari][Plen Bins: 7,7,0,15,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,7,31,0,0] 20 TCP 192.168.1.6:60560 <-> 40.126.9.67:443 [proto: 91.219/TLS.Microsoft365][cat: Collaborative/15][14 pkts/4099 bytes <-> 12 pkts/7812 bytes][Goodput ratio: 77/90][0.36 sec][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.312 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/20 107/54 31/21][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 293/651 1494/1506 427/672][TLSv1.2][Client: login.microsoftonline.com][JA3C: a69708a64f853c3bcc214c2c5faf84f3][ServerNames: login.microsoftonline.com,login.microsoftonline-p.com,loginex.microsoftonline.com,login2.microsoftonline.com,stamp2.login.microsoftonline-int.com,login.microsoftonline-int.com,loginex.microsoftonline-int.com,login2.microsoftonline-int.com,stamp2.login.microsoftonline.com][JA3S: 678aeaf909676262acfb913ccb78a126][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=stamp2.login.microsoftonline.com][Certificate SHA-1: 7E:0F:A2:51:8F:FB:49:30:C3:34:07:5E:F8:7C:FD:34:20:A2:96:63][Safari][Validity: 2018-09-24 21:49:30 - 2020-09-24 21:49:30][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 7,7,0,15,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,7,31,0,0] - 21 TCP 192.168.1.6:60544 <-> 52.114.76.48:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][21 pkts/3510 bytes <-> 17 pkts/8350 bytes][Goodput ratio: 67/89][9.73 sec][ALPN: h2;http/1.1][bytes ratio: -0.408 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 34/743 403/8978 94/2380][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 167/491 1114/1506 247/578][TLSv1.2][Client: northeurope.notifications.teams.microsoft.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][Safari][Plen Bins: 0,21,10,0,5,0,0,10,5,0,0,15,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,21,0,0] - 22 TCP 192.168.1.6:60562 <-> 104.40.187.151:443 [proto: 91/TLS][cat: Web/5][19 pkts/3484 bytes <-> 13 pkts/8009 bytes][Goodput ratio: 63/89][0.29 sec][ALPN: h2;http/1.1][bytes ratio: -0.394 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/12 45/45 15/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 183/616 1379/1506 297/613][TLSv1.2][Client: api.microsoftstream.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][Safari][Plen Bins: 0,22,22,0,0,0,5,5,0,0,0,5,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,22,0,0] - 23 TCP 192.168.1.6:60563 <-> 52.169.186.119:443 [proto: 91/TLS][cat: Web/5][17 pkts/3244 bytes <-> 12 pkts/8152 bytes][Goodput ratio: 65/90][0.22 sec][ALPN: h2;http/1.1][bytes ratio: -0.431 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/13 69/48 22/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 191/679 1352/1506 306/618][TLSv1.2][Client: euno-1.api.microsoftstream.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][Safari][Plen Bins: 0,18,18,0,0,0,6,6,0,0,0,6,0,0,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,25,0,0] + 21 TCP 192.168.1.6:60544 <-> 52.114.76.48:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][21 pkts/3510 bytes <-> 17 pkts/8350 bytes][Goodput ratio: 67/89][9.73 sec][ALPN: h2;http/1.1][bytes ratio: -0.408 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 34/743 403/8978 94/2380][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 167/491 1114/1506 247/578][TLSv1.2][Client: northeurope.notifications.teams.microsoft.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][Plen Bins: 0,21,10,0,5,0,0,10,5,0,0,15,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,21,0,0] + 22 TCP 192.168.1.6:60562 <-> 104.40.187.151:443 [proto: 91/TLS][cat: Web/5][19 pkts/3484 bytes <-> 13 pkts/8009 bytes][Goodput ratio: 63/89][0.29 sec][ALPN: h2;http/1.1][bytes ratio: -0.394 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/12 45/45 15/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 183/616 1379/1506 297/613][TLSv1.2][Client: api.microsoftstream.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][Plen Bins: 0,22,22,0,0,0,5,5,0,0,0,5,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,22,0,0] + 23 TCP 192.168.1.6:60563 <-> 52.169.186.119:443 [proto: 91/TLS][cat: Web/5][17 pkts/3244 bytes <-> 12 pkts/8152 bytes][Goodput ratio: 65/90][0.22 sec][ALPN: h2;http/1.1][bytes ratio: -0.431 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/13 69/48 22/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 191/679 1352/1506 306/618][TLSv1.2][Client: euno-1.api.microsoftstream.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][Plen Bins: 0,18,18,0,0,0,6,6,0,0,0,6,0,0,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,25,0,0] 24 TCP 192.168.1.6:60552 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][cat: Cloud/13][14 pkts/5842 bytes <-> 11 pkts/5445 bytes][Goodput ratio: 84/86][0.66 sec][bytes ratio: 0.035 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 22/71 143/237 42/77][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 417/495 1494/1506 527/609][Risk: ** TLS (probably) not carrying HTTPS **][Risk Score: 10][TLSv1.2][Client: mobile.pipe.aria.microsoft.com][JA3C: a1674500365bdd882188db63730e69a2][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 8,8,8,0,0,0,8,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,16,16,0,0] - 25 TCP 192.168.1.6:60542 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][18 pkts/2750 bytes <-> 19 pkts/8360 bytes][Goodput ratio: 64/87][2.95 sec][ALPN: h2;http/1.1][bytes ratio: -0.505 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 197/61 1998/468 513/122][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 153/440 575/1506 158/563][TLSv1.2][Client: config.teams.microsoft.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][ServerNames: *.config.teams.microsoft.com,config.teams.microsoft.com][JA3S: 0f14538e1c9070becdad7739c67d6363][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=config.teams.microsoft.com][Certificate SHA-1: B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA][Safari][Validity: 2019-12-11 02:04:20 - 2021-12-11 02:04:20][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,11,11,0,11,0,11,0,0,11,5,0,5,5,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0] + 25 TCP 192.168.1.6:60542 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][18 pkts/2750 bytes <-> 19 pkts/8360 bytes][Goodput ratio: 64/87][2.95 sec][ALPN: h2;http/1.1][bytes ratio: -0.505 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 197/61 1998/468 513/122][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 153/440 575/1506 158/563][TLSv1.2][Client: config.teams.microsoft.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][ServerNames: *.config.teams.microsoft.com,config.teams.microsoft.com][JA3S: 0f14538e1c9070becdad7739c67d6363][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=config.teams.microsoft.com][Certificate SHA-1: B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA][Validity: 2019-12-11 02:04:20 - 2021-12-11 02:04:20][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,11,11,0,11,0,11,0,0,11,5,0,5,5,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0] 26 TCP 192.168.1.6:60568 <-> 40.79.138.41:443 [proto: 91/TLS][cat: Web/5][12 pkts/2175 bytes <-> 9 pkts/8211 bytes][Goodput ratio: 62/93][0.18 sec][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.581 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/22 37/68 16/23][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 181/912 599/1506 178/631][TLSv1.2][Client: gate.hockeyapp.net][JA3C: a69708a64f853c3bcc214c2c5faf84f3][Safari][Plen Bins: 0,0,0,9,0,9,0,9,0,0,0,0,9,0,0,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,36,0,0] 27 TCP 192.168.1.6:60564 <-> 40.79.138.41:443 [proto: 91/TLS][cat: Web/5][12 pkts/2159 bytes <-> 9 pkts/8211 bytes][Goodput ratio: 62/93][0.17 sec][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.584 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 12/20 33/42 14/18][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 180/912 599/1506 176/631][TLSv1.2][Client: gate.hockeyapp.net][JA3C: a69708a64f853c3bcc214c2c5faf84f3][Safari][Plen Bins: 0,0,0,9,0,9,0,9,0,0,0,0,9,0,0,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,36,0,0] 28 TCP 192.168.1.6:60551 <-> 52.114.15.45:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][13 pkts/2426 bytes <-> 11 pkts/7772 bytes][Goodput ratio: 70/92][0.88 sec][bytes ratio: -0.524 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 70/90 207/235 82/92][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 187/707 1393/1506 353/636][Risk: ** TLS (probably) not carrying HTTPS **][Risk Score: 10][TLSv1.2][Client: trouter2-asse-a.trouter.teams.microsoft.com][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][ServerNames: *.trouter.teams.microsoft.com,go.trouter.io,*.drip.trouter.io,*.dc.trouter.io][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2][Subject: CN=*.trouter.teams.microsoft.com][Certificate SHA-1: DD:24:DF:0E:F3:63:CC:10:B5:03:CF:34:EB:A5:14:8B:97:90:9B:D4][Firefox][Validity: 2019-11-29 17:57:58 - 2021-11-29 17:57:58][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,24,0,7,7,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,31,0,0] @@ -52,8 +52,8 @@ JA3 Host Stats: 32 TCP 192.168.1.6:60557 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][12 pkts/2422 bytes <-> 13 pkts/7118 bytes][Goodput ratio: 72/90][0.17 sec][bytes ratio: -0.492 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/14 91/79 27/23][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 202/548 954/1506 267/645][Risk: ** TLS (probably) not carrying HTTPS **][Risk Score: 10][TLSv1.2][Client: teams.microsoft.com][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][ServerNames: teams.microsoft.com][JA3S: 7d8fd34fdb13a7fff30d5a52846b6c4c][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=teams.microsoft.com][Certificate SHA-1: 68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E][Firefox][Validity: 2019-09-12 18:16:45 - 2021-09-12 18:16:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,16,0,8,0,8,8,0,0,8,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0] 33 UDP 93.71.110.205:16332 <-> 192.168.1.6:50016 [proto: 78.38/STUN.SkypeCall][cat: VoIP/10][30 pkts/5952 bytes <-> 7 pkts/3184 bytes][Goodput ratio: 79/91][2.72 sec][bytes ratio: 0.303 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 99/467 1167/1168 282/553][Pkt Len c2s/s2c min/avg/max/stddev: 80/80 198/455 1256/1256 284/507][Risk: ** Known protocol on non standard port **][Risk Score: 10][PLAIN TEXT (SMnzNK)][Plen Bins: 0,8,60,18,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0] 34 TCP 192.168.1.6:50036 <-> 52.114.250.153:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][17 pkts/1759 bytes <-> 13 pkts/7267 bytes][Goodput ratio: 46/90][3.92 sec][bytes ratio: -0.610 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 273/381 3619/3662 928/1094][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 103/559 289/1506 79/554][Risk: ** TLS Certificate Mismatch **** TLS (probably) not carrying HTTPS **][Risk Score: 110][TLSv1.2][Client: 52.114.250.153][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][ServerNames: tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5][Subject: CN=tr.teams.microsoft.com][Certificate SHA-1: A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75][Firefox][Validity: 2019-05-24 14:10:26 - 2021-05-24 14:10:26][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 11,11,0,11,0,18,5,5,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0] - 35 TCP 192.168.1.6:60538 <-> 52.114.75.70:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][12 pkts/1791 bytes <-> 8 pkts/7215 bytes][Goodput ratio: 54/93][0.15 sec][ALPN: h2;http/1.1][bytes ratio: -0.602 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/16 37/65 15/24][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 149/902 689/1506 176/629][TLSv1.2][Client: eu-prod.asyncgw.teams.microsoft.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][Safari][Plen Bins: 0,10,0,10,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0] - 36 TCP 192.168.1.6:60539 <-> 52.114.75.69:443 [proto: 91.125/TLS.Skype][cat: VoIP/10][12 pkts/1773 bytes <-> 8 pkts/7189 bytes][Goodput ratio: 53/93][0.15 sec][ALPN: h2;http/1.1][bytes ratio: -0.604 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/20 32/58 15/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 148/899 674/1506 171/632][TLSv1.2][Client: eu-api.asm.skype.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][Safari][Plen Bins: 0,10,0,10,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0] + 35 TCP 192.168.1.6:60538 <-> 52.114.75.70:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][12 pkts/1791 bytes <-> 8 pkts/7215 bytes][Goodput ratio: 54/93][0.15 sec][ALPN: h2;http/1.1][bytes ratio: -0.602 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/16 37/65 15/24][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 149/902 689/1506 176/629][TLSv1.2][Client: eu-prod.asyncgw.teams.microsoft.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][Plen Bins: 0,10,0,10,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0] + 36 TCP 192.168.1.6:60539 <-> 52.114.75.69:443 [proto: 91.125/TLS.Skype][cat: VoIP/10][12 pkts/1773 bytes <-> 8 pkts/7189 bytes][Goodput ratio: 53/93][0.15 sec][ALPN: h2;http/1.1][bytes ratio: -0.604 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/20 32/58 15/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 148/899 674/1506 171/632][TLSv1.2][Client: eu-api.asm.skype.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][Plen Bins: 0,10,0,10,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0] 37 TCP 192.168.1.6:50018 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][20 pkts/1629 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 29/90][1.92 sec][bytes ratio: -0.626 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/18 69/92 24/32][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 81/546 241/1506 48/564][Risk: ** TLS (probably) not carrying HTTPS **][Risk Score: 10][TLSv1.2][Client: euaz.tr.teams.microsoft.com][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][Firefox][Plen Bins: 13,13,0,20,0,13,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0] 38 TCP 192.168.1.6:50021 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][18 pkts/1509 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 32/90][0.66 sec][bytes ratio: -0.649 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/23 46/85 20/34][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 84/546 241/1506 50/564][Risk: ** TLS (probably) not carrying HTTPS **][Risk Score: 10][TLSv1.2][Client: euaz.tr.teams.microsoft.com][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][Firefox][Plen Bins: 13,13,0,20,0,13,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0] 39 TCP 192.168.1.6:50014 <-> 52.114.250.152:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][14 pkts/1347 bytes <-> 11 pkts/6975 bytes][Goodput ratio: 42/91][0.22 sec][bytes ratio: -0.676 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/22 43/84 20/30][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 96/634 289/1506 73/570][Risk: ** TLS Certificate Mismatch **** TLS (probably) not carrying HTTPS **][Risk Score: 110][TLSv1.2][Client: 52.114.250.152][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][ServerNames: tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5][Subject: CN=tr.teams.microsoft.com][Certificate SHA-1: A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75][Firefox][Validity: 2019-05-24 14:10:26 - 2021-05-24 14:10:26][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 7,14,0,14,0,14,0,7,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0] diff --git a/tests/result/wa_voice.pcap.out b/tests/result/wa_voice.pcap.out index 0c8788871..a387dd5fd 100644 --- a/tests/result/wa_voice.pcap.out +++ b/tests/result/wa_voice.pcap.out @@ -15,10 +15,10 @@ JA3 Host Stats: 1 192.168.2.12 2 - 1 TCP 192.168.2.12:50504 <-> 157.240.20.52:443 [proto: 91.142/TLS.WhatsApp][cat: Chat/9][41 pkts/3669 bytes <-> 44 pkts/43871 bytes][Goodput ratio: 27/93][0.41 sec][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.846 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/8 129/77 24/19][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 89/997 583/1454 85/624][TLSv1.3][Client: pps.whatsapp.net][JA3C: 7a7a639628f0fe5c7e057628a5bbec5a][JA3S: 475c9302dc42b2751db9edcac3b74891][Cipher: TLS_CHACHA20_POLY1305_SHA256][Plen Bins: 8,11,4,0,0,2,2,0,2,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,61,0,0,0,0] + 1 TCP 192.168.2.12:50504 <-> 157.240.20.52:443 [proto: 91.142/TLS.WhatsApp][cat: Chat/9][41 pkts/3669 bytes <-> 44 pkts/43871 bytes][Goodput ratio: 27/93][0.41 sec][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.846 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/8 129/77 24/19][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 89/997 583/1454 85/624][TLSv1.3][Client: pps.whatsapp.net][JA3C: 7a7a639628f0fe5c7e057628a5bbec5a][JA3S: 475c9302dc42b2751db9edcac3b74891][Safari][Cipher: TLS_CHACHA20_POLY1305_SHA256][Plen Bins: 8,11,4,0,0,2,2,0,2,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,61,0,0,0,0] 2 TCP 192.168.2.12:49355 <-> 157.240.20.53:5222 [proto: 142/WhatsApp][cat: Chat/9][132 pkts/14116 bytes <-> 131 pkts/24439 bytes][Goodput ratio: 38/65][54.73 sec][bytes ratio: -0.268 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 342/421 9349/9387 1279/1420][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 107/187 393/1454 62/283][PLAIN TEXT (fd.9LTIP9)][Plen Bins: 1,63,2,3,10,10,0,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0] 3 UDP 91.252.56.51:32704 <-> 192.168.2.12:56328 [proto: 78.45/STUN.WhatsAppCall][cat: VoIP/10][87 pkts/14598 bytes <-> 77 pkts/17336 bytes][Goodput ratio: 75/81][11.91 sec][bytes ratio: -0.086 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 136/121 921/265 137/64][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 168/225 318/331 61/68][Risk: ** Known protocol on non standard port **][Risk Score: 10][PLAIN TEXT (KEXQD/)][Plen Bins: 6,4,7,27,16,4,11,12,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 4 TCP 192.168.2.12:50503 <-> 31.13.86.51:443 [proto: 91.142/TLS.WhatsApp][cat: Chat/9][25 pkts/2993 bytes <-> 25 pkts/21759 bytes][Goodput ratio: 44/92][0.39 sec][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.758 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/10 127/126 28/30][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 120/870 583/1454 124/639][TLSv1.3][Client: media-mxp1-1.cdn.whatsapp.net][JA3C: b92a79ed03c3ff5611abb2305370d3e3][JA3S: 475c9302dc42b2751db9edcac3b74891][Cipher: TLS_CHACHA20_POLY1305_SHA256][Plen Bins: 7,14,7,0,0,3,0,0,7,0,3,0,0,3,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,47,0,0,0,0] + 4 TCP 192.168.2.12:50503 <-> 31.13.86.51:443 [proto: 91.142/TLS.WhatsApp][cat: Chat/9][25 pkts/2993 bytes <-> 25 pkts/21759 bytes][Goodput ratio: 44/92][0.39 sec][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.758 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/10 127/126 28/30][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 120/870 583/1454 124/639][TLSv1.3][Client: media-mxp1-1.cdn.whatsapp.net][JA3C: b92a79ed03c3ff5611abb2305370d3e3][JA3S: 475c9302dc42b2751db9edcac3b74891][Safari][Cipher: TLS_CHACHA20_POLY1305_SHA256][Plen Bins: 7,14,7,0,0,3,0,0,7,0,3,0,0,3,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,47,0,0,0,0] 5 TCP 192.168.2.12:49354 <-> 17.242.60.84:5223 [proto: 238.140/ApplePush.Apple][cat: Cloud/13][14 pkts/6933 bytes <-> 10 pkts/1074 bytes][Goodput ratio: 87/39][54.11 sec][bytes ratio: 0.732 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 4462/757 43773/5113 12515/1779][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 495/107 1506/215 607/44][Plen Bins: 0,42,14,0,7,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,21,0,0] 6 UDP 192.168.2.12:56328 <-> 31.13.86.48:3478 [proto: 78.45/STUN.WhatsAppCall][cat: VoIP/10][21 pkts/2349 bytes <-> 28 pkts/3668 bytes][Goodput ratio: 62/68][34.51 sec][bytes ratio: -0.219 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1959/1447 12194/12196 2978/2626][Pkt Len c2s/s2c min/avg/max/stddev: 48/44 112/131 249/326 64/101][Plen Bins: 40,20,0,20,0,0,8,4,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 7 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][cat: Network/14][5 pkts/1710 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][17.30 sec][Host: lucas-imac][DHCP Fingerprint: 1,121,3,6,15,119,252,95,44,46][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/wechat.pcap.out b/tests/result/wechat.pcap.out index ca61d7496..f95c6527f 100644 --- a/tests/result/wechat.pcap.out +++ b/tests/result/wechat.pcap.out @@ -20,36 +20,36 @@ JA3 Host Stats: 1 TCP 203.205.151.162:443 <-> 192.168.1.103:54058 [proto: 91.197/TLS.WeChat][cat: Chat/9][88 pkts/15114 bytes <-> 91 pkts/61842 bytes][Goodput ratio: 62/90][553.47 sec][bytes ratio: -0.607 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/11 6995/5837 150373/150695 18892/18424][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 172/680 264/1254 99/594][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0] - 2 TCP 192.168.1.103:54101 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: Chat/9][46 pkts/12575 bytes <-> 40 pkts/53424 bytes][Goodput ratio: 76/95][15.73 sec][ALPN: h2;http/1.1][bytes ratio: -0.619 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 403/151 10035/951 1616/288][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 273/1336 1306/4350 407/922][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Safari][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,2,0,2,0,2,4,2,0,0,0,4,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,4,0,2,0,0,0,2,0,54,0,0,10] - 3 TCP 192.168.1.103:54103 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: Chat/9][50 pkts/23958 bytes <-> 46 pkts/39684 bytes][Goodput ratio: 86/92][23.11 sec][ALPN: h2;http/1.1][bytes ratio: -0.247 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 538/312 9999/7018 1833/1162][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 479/863 1306/4059 492/922][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Safari][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,1,0,1,0,6,6,3,1,0,0,6,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,3,0,8,0,10,0,0,0,0,0,29,0,0,5] - 4 TCP 192.168.1.103:54113 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: Chat/9][38 pkts/8933 bytes <-> 35 pkts/35112 bytes][Goodput ratio: 72/93][27.77 sec][ALPN: h2;http/1.1][bytes ratio: -0.594 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 559/54 8107/380 1792/116][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 235/1003 1306/1494 368/649][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Safari][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,5,0,2,0,0,2,2,2,0,0,2,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,2,0,0,2,0,5,0,2,0,0,0,63,0,0,0] - 5 TCP 192.168.1.103:54099 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: Chat/9][25 pkts/9013 bytes <-> 29 pkts/27440 bytes][Goodput ratio: 82/93][14.74 sec][ALPN: h2;http/1.1][bytes ratio: -0.506 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 168/172 1085/1495 276/329][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 361/946 1306/1754 450/673][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Safari][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,3,0,3,0,0,6,3,3,3,0,6,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,6,0,3,0,0,0,0,3,47,0,0,3] - 6 TCP 192.168.1.103:54119 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: Chat/9][26 pkts/8129 bytes <-> 24 pkts/22836 bytes][Goodput ratio: 79/93][28.03 sec][ALPN: h2;http/1.1][bytes ratio: -0.475 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1291/951 9696/8423 2840/2427][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 313/952 1306/2922 423/964][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Safari][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,8,0,4,0,0,4,4,4,0,0,4,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,4,0,0,8,0,8,0,0,0,0,0,28,0,0,12] - 7 TCP 192.168.1.103:58038 <-> 203.205.147.171:443 [proto: 91.197/TLS.WeChat][cat: Chat/9][34 pkts/17556 bytes <-> 25 pkts/12172 bytes][Goodput ratio: 87/86][38.16 sec][ALPN: h2;http/1.1][bytes ratio: 0.181 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1114/1110 15327/15635 3311/3567][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 516/487 1306/1754 494/579][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Safari][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,3,0,3,0,0,9,3,0,0,0,9,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,9,0,18,0,3,6,0,0,3,0,0,3] - 8 TCP 192.168.1.103:54089 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: Chat/9][21 pkts/7826 bytes <-> 20 pkts/18761 bytes][Goodput ratio: 82/93][13.58 sec][ALPN: h2;http/1.1][bytes ratio: -0.411 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 777/120 9999/394 2313/166][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 373/938 1306/5892 454/1304][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Safari][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,4,0,4,0,4,4,4,4,0,0,4,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,4,0,4,0,9,0,0,0,0,0,33,0,0,4] - 9 TCP 192.168.1.103:54095 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: Chat/9][21 pkts/7825 bytes <-> 18 pkts/17898 bytes][Goodput ratio: 82/93][22.24 sec][ALPN: h2;http/1.1][bytes ratio: -0.392 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1174/416 10039/3644 2412/985][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 373/994 1306/8291 454/1871][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Safari][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,5,0,5,0,0,5,5,5,0,0,5,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,5,0,0,5,0,10,0,5,0,0,0,21,0,0,5] - 10 TCP 192.168.1.103:58040 <-> 203.205.147.171:443 [proto: 91.197/TLS.WeChat][cat: Chat/9][29 pkts/17545 bytes <-> 20 pkts/6923 bytes][Goodput ratio: 89/81][31.02 sec][ALPN: h2;http/1.1][bytes ratio: 0.434 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1265/1401 15319/15624 3541/3988][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 605/346 1494/1494 586/472][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Safari][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,3,3,3,0,0,0,11,7,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,11,0,7,0,0,0,0,0,27,0,0,0] - 11 TCP 192.168.1.103:54097 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: Chat/9][25 pkts/12063 bytes <-> 19 pkts/7932 bytes][Goodput ratio: 86/84][47.29 sec][ALPN: h2;http/1.1][bytes ratio: 0.207 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1388/1930 15313/15715 3511/4240][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 483/417 1306/1754 480/530][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Safari][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,4,0,4,0,0,0,17,0,0,0,0,0,0,26,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,13,0,13,0,0,0,0,0,4,0,0,4] - 12 TCP 192.168.1.103:54094 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: Chat/9][22 pkts/10193 bytes <-> 18 pkts/8262 bytes][Goodput ratio: 86/86][22.50 sec][ALPN: h2;http/1.1][bytes ratio: 0.105 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1165/786 10037/4544 2455/1496][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 463/459 1306/1754 478/579][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Safari][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,4,0,4,0,4,4,9,0,0,0,4,0,0,15,4,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,9,0,15,0,0,0,0,0,9,0,0,4] - 13 TCP 192.168.1.103:54102 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: Chat/9][13 pkts/2317 bytes <-> 15 pkts/15724 bytes][Goodput ratio: 63/94][13.04 sec][ALPN: h2;http/1.1][bytes ratio: -0.743 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1232/213 9996/1647 2944/472][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 178/1048 1153/3182 290/878][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Safari][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,7,0,7,7,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,57,0,0,7] - 14 TCP 192.168.1.103:54098 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: Chat/9][22 pkts/8507 bytes <-> 16 pkts/6575 bytes][Goodput ratio: 83/84][47.03 sec][ALPN: h2;http/1.1][bytes ratio: 0.128 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2/0 2592/2688 15693/16086 4163/4916][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 387/411 1306/1754 452/551][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Safari][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,5,0,5,0,0,0,18,0,0,0,0,0,0,24,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,11,0,11,0,0,0,0,0,5,0,0,5] - 15 TCP 192.168.1.103:54117 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: Chat/9][20 pkts/8397 bytes <-> 16 pkts/6566 bytes][Goodput ratio: 84/84][25.19 sec][ALPN: h2;http/1.1][bytes ratio: 0.122 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1503/1316 9999/7806 2987/2505][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 420/410 1306/1494 462/507][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Safari][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,5,0,5,0,0,0,16,5,0,0,0,0,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,11,0,11,0,0,0,0,0,11,0,0,0] - 16 TCP 192.168.1.103:58036 <-> 203.205.147.171:443 [proto: 91.197/TLS.WeChat][cat: Chat/9][15 pkts/6450 bytes <-> 11 pkts/5068 bytes][Goodput ratio: 85/86][11.52 sec][ALPN: h2;http/1.1][bytes ratio: 0.120 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 931/134 9811/287 2681/130][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 430/461 1306/1494 463/553][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Safari][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,7,0,7,0,0,0,14,7,0,0,0,0,0,14,7,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,7,0,14,0,0,0,0,0,14,0,0,0] - 17 TCP 192.168.1.103:54092 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: Chat/9][15 pkts/6438 bytes <-> 11 pkts/5068 bytes][Goodput ratio: 84/86][11.77 sec][ALPN: h2;http/1.1][bytes ratio: 0.119 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 947/155 9639/333 2626/154][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 429/461 1306/1494 463/553][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Safari][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,7,0,7,0,0,0,14,7,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,7,0,14,0,0,0,0,0,14,0,0,0] - 18 TCP 192.168.1.103:54100 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: Chat/9][15 pkts/4627 bytes <-> 12 pkts/5905 bytes][Goodput ratio: 78/86][14.48 sec][ALPN: h2;http/1.1][bytes ratio: -0.121 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 1140/318 10004/1570 2698/530][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 308/492 1306/1798 406/692][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Safari][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,9,0,9,0,0,9,9,0,0,0,9,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,9,0,0,0,0,0,9,0,0,18] - 19 TCP 192.168.1.103:54111 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: Chat/9][14 pkts/4626 bytes <-> 12 pkts/5135 bytes][Goodput ratio: 80/84][22.95 sec][ALPN: h2;http/1.1][bytes ratio: -0.052 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2021/1536 10879/11228 3976/3666][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 330/428 1306/1494 416/541][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Safari][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,8,0,8,0,0,0,16,8,0,0,0,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,8,0,8,0,0,0,0,0,16,0,0,0] - 20 TCP 192.168.1.103:58042 <-> 203.205.147.171:443 [proto: 91.197/TLS.WeChat][cat: Chat/9][12 pkts/4516 bytes <-> 10 pkts/5004 bytes][Goodput ratio: 82/87][11.54 sec][ALPN: h2;http/1.1][bytes ratio: -0.051 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 140/136 356/292 157/130][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 376/500 1306/1754 434/627][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Safari][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,9,0,9,0,0,0,18,0,0,0,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,9,0,9,0,0,0,0,0,9,0,0,9] - 21 TCP 192.168.1.103:43850 <-> 203.205.158.34:443 [proto: 91.48/TLS.QQ][cat: Chat/9][12 pkts/2005 bytes <-> 12 pkts/6787 bytes][Goodput ratio: 67/90][72.13 sec][ALPN: h2;http/1.1][bytes ratio: -0.544 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7939/7944 44960/45306 14472/14557][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 167/566 571/3484 197/987][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: res.wx.qq.com][JA3C: 550dce18de1bb143e69d6dd9413b8355][ServerNames: wx1.qq.com,webpush.wx.qq.com,webpush1.weixin.qq.com,loginpoll.weixin.qq.com,login.wx.qq.com,file.wx2.qq.com,wx2.qq.com,login.wx2.qq.com,wxitil.qq.com,file.wx.qq.com,login.weixin.qq.com,webpush2.weixin.qq.com,webpush.wx2.qq.com,webpush.weixin.qq.com,web.weixin.qq.com,res.wx.qq.com,wx.qq.com][JA3S: 290adf098a54ade688d1df074dbecbf2 (WEAK)][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, OU=R&D, CN=wx.qq.com][Certificate SHA-1: 67:53:57:7F:22:BB:D0:A6:D4:5F:A6:D4:B3:0A:13:73:29:23:D0:C9][Safari][Validity: 2016-05-10 00:00:00 - 2018-08-09 23:59:59][Cipher: TLS_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 12,0,0,0,0,0,0,0,12,12,0,0,0,0,0,12,12,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,12] - 22 TCP 192.168.1.103:38657 <-> 172.217.22.14:443 [proto: 91.126/TLS.Google][cat: Web/5][17 pkts/2413 bytes <-> 17 pkts/6268 bytes][Goodput ratio: 53/82][135.40 sec][ALPN: h2;http/1.1][bytes ratio: -0.444 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6942/6942 45055/45055 16249/16250][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 142/369 895/1484 196/525][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: safebrowsing.googleusercontent.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: *.googleusercontent.com,*.apps.googleusercontent.com,*.appspot.com.storage.googleapis.com,*.blogspot.com,*.bp.blogspot.com,*.commondatastorage.googleapis.com,*.content-storage-download.googleapis.com,*.content-storage-upload.googleapis.com,*.content-storage.googleapis.com,*.doubleclickusercontent.com,*.ggpht.com,*.googledrive.com,*.googlesyndication.com,*.googleweblight.com,*.safenup.googleusercontent.com,*.sandbox.googleusercontent.com,*.storage-download.googleapis.com,*.storage-upload.googleapis.com,*.storage.googleapis.com,*.storage.select.googleapis.com,blogspot.com,bp.blogspot.com,commondatastorage.googleapis.com,doubleclickusercontent.com,ggpht.com,googledrive.com,googleusercontent.com,googleweblight.com,static.panoramio.com.storage.googleapis.com,storage.googleapis.com,storage.select.googleapis.com,unfiltered.news][JA3S: d655f7cd00e93ea8969c3c6e06f0156f][Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2][Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.googleusercontent.com][Certificate SHA-1: 8B:36:AF:31:A2:4C:EE:50:CC:6F:34:F7:2C:A3:C5:B6:4B:02:AC:53][Safari][Validity: 2017-04-05 17:14:46 - 2017-06-28 16:57:00][Cipher: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256][Plen Bins: 12,38,6,0,0,0,6,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,12,0,0,0] + 2 TCP 192.168.1.103:54101 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: Chat/9][46 pkts/12575 bytes <-> 40 pkts/53424 bytes][Goodput ratio: 76/95][15.73 sec][ALPN: h2;http/1.1][bytes ratio: -0.619 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 403/151 10035/951 1616/288][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 273/1336 1306/4350 407/922][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,2,0,2,0,2,4,2,0,0,0,4,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,4,0,2,0,0,0,2,0,54,0,0,10] + 3 TCP 192.168.1.103:54103 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: Chat/9][50 pkts/23958 bytes <-> 46 pkts/39684 bytes][Goodput ratio: 86/92][23.11 sec][ALPN: h2;http/1.1][bytes ratio: -0.247 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 538/312 9999/7018 1833/1162][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 479/863 1306/4059 492/922][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,1,0,1,0,6,6,3,1,0,0,6,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,3,0,8,0,10,0,0,0,0,0,29,0,0,5] + 4 TCP 192.168.1.103:54113 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: Chat/9][38 pkts/8933 bytes <-> 35 pkts/35112 bytes][Goodput ratio: 72/93][27.77 sec][ALPN: h2;http/1.1][bytes ratio: -0.594 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 559/54 8107/380 1792/116][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 235/1003 1306/1494 368/649][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,5,0,2,0,0,2,2,2,0,0,2,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,2,0,0,2,0,5,0,2,0,0,0,63,0,0,0] + 5 TCP 192.168.1.103:54099 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: Chat/9][25 pkts/9013 bytes <-> 29 pkts/27440 bytes][Goodput ratio: 82/93][14.74 sec][ALPN: h2;http/1.1][bytes ratio: -0.506 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 168/172 1085/1495 276/329][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 361/946 1306/1754 450/673][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,3,0,3,0,0,6,3,3,3,0,6,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,6,0,3,0,0,0,0,3,47,0,0,3] + 6 TCP 192.168.1.103:54119 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: Chat/9][26 pkts/8129 bytes <-> 24 pkts/22836 bytes][Goodput ratio: 79/93][28.03 sec][ALPN: h2;http/1.1][bytes ratio: -0.475 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1291/951 9696/8423 2840/2427][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 313/952 1306/2922 423/964][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,8,0,4,0,0,4,4,4,0,0,4,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,4,0,0,8,0,8,0,0,0,0,0,28,0,0,12] + 7 TCP 192.168.1.103:58038 <-> 203.205.147.171:443 [proto: 91.197/TLS.WeChat][cat: Chat/9][34 pkts/17556 bytes <-> 25 pkts/12172 bytes][Goodput ratio: 87/86][38.16 sec][ALPN: h2;http/1.1][bytes ratio: 0.181 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1114/1110 15327/15635 3311/3567][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 516/487 1306/1754 494/579][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,3,0,3,0,0,9,3,0,0,0,9,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,9,0,18,0,3,6,0,0,3,0,0,3] + 8 TCP 192.168.1.103:54089 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: Chat/9][21 pkts/7826 bytes <-> 20 pkts/18761 bytes][Goodput ratio: 82/93][13.58 sec][ALPN: h2;http/1.1][bytes ratio: -0.411 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 777/120 9999/394 2313/166][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 373/938 1306/5892 454/1304][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,4,0,4,0,4,4,4,4,0,0,4,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,4,0,4,0,9,0,0,0,0,0,33,0,0,4] + 9 TCP 192.168.1.103:54095 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: Chat/9][21 pkts/7825 bytes <-> 18 pkts/17898 bytes][Goodput ratio: 82/93][22.24 sec][ALPN: h2;http/1.1][bytes ratio: -0.392 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1174/416 10039/3644 2412/985][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 373/994 1306/8291 454/1871][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,5,0,5,0,0,5,5,5,0,0,5,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,5,0,0,5,0,10,0,5,0,0,0,21,0,0,5] + 10 TCP 192.168.1.103:58040 <-> 203.205.147.171:443 [proto: 91.197/TLS.WeChat][cat: Chat/9][29 pkts/17545 bytes <-> 20 pkts/6923 bytes][Goodput ratio: 89/81][31.02 sec][ALPN: h2;http/1.1][bytes ratio: 0.434 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1265/1401 15319/15624 3541/3988][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 605/346 1494/1494 586/472][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,3,3,3,0,0,0,11,7,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,11,0,7,0,0,0,0,0,27,0,0,0] + 11 TCP 192.168.1.103:54097 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: Chat/9][25 pkts/12063 bytes <-> 19 pkts/7932 bytes][Goodput ratio: 86/84][47.29 sec][ALPN: h2;http/1.1][bytes ratio: 0.207 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1388/1930 15313/15715 3511/4240][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 483/417 1306/1754 480/530][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,4,0,4,0,0,0,17,0,0,0,0,0,0,26,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,13,0,13,0,0,0,0,0,4,0,0,4] + 12 TCP 192.168.1.103:54094 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: Chat/9][22 pkts/10193 bytes <-> 18 pkts/8262 bytes][Goodput ratio: 86/86][22.50 sec][ALPN: h2;http/1.1][bytes ratio: 0.105 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1165/786 10037/4544 2455/1496][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 463/459 1306/1754 478/579][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,4,0,4,0,4,4,9,0,0,0,4,0,0,15,4,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,9,0,15,0,0,0,0,0,9,0,0,4] + 13 TCP 192.168.1.103:54102 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: Chat/9][13 pkts/2317 bytes <-> 15 pkts/15724 bytes][Goodput ratio: 63/94][13.04 sec][ALPN: h2;http/1.1][bytes ratio: -0.743 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1232/213 9996/1647 2944/472][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 178/1048 1153/3182 290/878][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,7,0,7,7,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,57,0,0,7] + 14 TCP 192.168.1.103:54098 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: Chat/9][22 pkts/8507 bytes <-> 16 pkts/6575 bytes][Goodput ratio: 83/84][47.03 sec][ALPN: h2;http/1.1][bytes ratio: 0.128 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2/0 2592/2688 15693/16086 4163/4916][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 387/411 1306/1754 452/551][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,5,0,5,0,0,0,18,0,0,0,0,0,0,24,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,11,0,11,0,0,0,0,0,5,0,0,5] + 15 TCP 192.168.1.103:54117 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: Chat/9][20 pkts/8397 bytes <-> 16 pkts/6566 bytes][Goodput ratio: 84/84][25.19 sec][ALPN: h2;http/1.1][bytes ratio: 0.122 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1503/1316 9999/7806 2987/2505][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 420/410 1306/1494 462/507][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,5,0,5,0,0,0,16,5,0,0,0,0,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,11,0,11,0,0,0,0,0,11,0,0,0] + 16 TCP 192.168.1.103:58036 <-> 203.205.147.171:443 [proto: 91.197/TLS.WeChat][cat: Chat/9][15 pkts/6450 bytes <-> 11 pkts/5068 bytes][Goodput ratio: 85/86][11.52 sec][ALPN: h2;http/1.1][bytes ratio: 0.120 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 931/134 9811/287 2681/130][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 430/461 1306/1494 463/553][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,7,0,7,0,0,0,14,7,0,0,0,0,0,14,7,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,7,0,14,0,0,0,0,0,14,0,0,0] + 17 TCP 192.168.1.103:54092 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: Chat/9][15 pkts/6438 bytes <-> 11 pkts/5068 bytes][Goodput ratio: 84/86][11.77 sec][ALPN: h2;http/1.1][bytes ratio: 0.119 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 947/155 9639/333 2626/154][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 429/461 1306/1494 463/553][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,7,0,7,0,0,0,14,7,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,7,0,14,0,0,0,0,0,14,0,0,0] + 18 TCP 192.168.1.103:54100 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: Chat/9][15 pkts/4627 bytes <-> 12 pkts/5905 bytes][Goodput ratio: 78/86][14.48 sec][ALPN: h2;http/1.1][bytes ratio: -0.121 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 1140/318 10004/1570 2698/530][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 308/492 1306/1798 406/692][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,9,0,9,0,0,9,9,0,0,0,9,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,9,0,0,0,0,0,9,0,0,18] + 19 TCP 192.168.1.103:54111 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: Chat/9][14 pkts/4626 bytes <-> 12 pkts/5135 bytes][Goodput ratio: 80/84][22.95 sec][ALPN: h2;http/1.1][bytes ratio: -0.052 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2021/1536 10879/11228 3976/3666][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 330/428 1306/1494 416/541][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,8,0,8,0,0,0,16,8,0,0,0,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,8,0,8,0,0,0,0,0,16,0,0,0] + 20 TCP 192.168.1.103:58042 <-> 203.205.147.171:443 [proto: 91.197/TLS.WeChat][cat: Chat/9][12 pkts/4516 bytes <-> 10 pkts/5004 bytes][Goodput ratio: 82/87][11.54 sec][ALPN: h2;http/1.1][bytes ratio: -0.051 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 140/136 356/292 157/130][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 376/500 1306/1754 434/627][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,9,0,9,0,0,0,18,0,0,0,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,9,0,9,0,0,0,0,0,9,0,0,9] + 21 TCP 192.168.1.103:43850 <-> 203.205.158.34:443 [proto: 91.48/TLS.QQ][cat: Chat/9][12 pkts/2005 bytes <-> 12 pkts/6787 bytes][Goodput ratio: 67/90][72.13 sec][ALPN: h2;http/1.1][bytes ratio: -0.544 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7939/7944 44960/45306 14472/14557][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 167/566 571/3484 197/987][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][Risk Score: 100][TLSv1.2][Client: res.wx.qq.com][JA3C: 550dce18de1bb143e69d6dd9413b8355][ServerNames: wx1.qq.com,webpush.wx.qq.com,webpush1.weixin.qq.com,loginpoll.weixin.qq.com,login.wx.qq.com,file.wx2.qq.com,wx2.qq.com,login.wx2.qq.com,wxitil.qq.com,file.wx.qq.com,login.weixin.qq.com,webpush2.weixin.qq.com,webpush.wx2.qq.com,webpush.weixin.qq.com,web.weixin.qq.com,res.wx.qq.com,wx.qq.com][JA3S: 290adf098a54ade688d1df074dbecbf2 (WEAK)][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, OU=R&D, CN=wx.qq.com][Certificate SHA-1: 67:53:57:7F:22:BB:D0:A6:D4:5F:A6:D4:B3:0A:13:73:29:23:D0:C9][Validity: 2016-05-10 00:00:00 - 2018-08-09 23:59:59][Cipher: TLS_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 12,0,0,0,0,0,0,0,12,12,0,0,0,0,0,12,12,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,12] + 22 TCP 192.168.1.103:38657 <-> 172.217.22.14:443 [proto: 91.126/TLS.Google][cat: Web/5][17 pkts/2413 bytes <-> 17 pkts/6268 bytes][Goodput ratio: 53/82][135.40 sec][ALPN: h2;http/1.1][bytes ratio: -0.444 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6942/6942 45055/45055 16249/16250][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 142/369 895/1484 196/525][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: safebrowsing.googleusercontent.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: *.googleusercontent.com,*.apps.googleusercontent.com,*.appspot.com.storage.googleapis.com,*.blogspot.com,*.bp.blogspot.com,*.commondatastorage.googleapis.com,*.content-storage-download.googleapis.com,*.content-storage-upload.googleapis.com,*.content-storage.googleapis.com,*.doubleclickusercontent.com,*.ggpht.com,*.googledrive.com,*.googlesyndication.com,*.googleweblight.com,*.safenup.googleusercontent.com,*.sandbox.googleusercontent.com,*.storage-download.googleapis.com,*.storage-upload.googleapis.com,*.storage.googleapis.com,*.storage.select.googleapis.com,blogspot.com,bp.blogspot.com,commondatastorage.googleapis.com,doubleclickusercontent.com,ggpht.com,googledrive.com,googleusercontent.com,googleweblight.com,static.panoramio.com.storage.googleapis.com,storage.googleapis.com,storage.select.googleapis.com,unfiltered.news][JA3S: d655f7cd00e93ea8969c3c6e06f0156f][Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2][Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.googleusercontent.com][Certificate SHA-1: 8B:36:AF:31:A2:4C:EE:50:CC:6F:34:F7:2C:A3:C5:B6:4B:02:AC:53][Validity: 2017-04-05 17:14:46 - 2017-06-28 16:57:00][Cipher: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256][Plen Bins: 12,38,6,0,0,0,6,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,12,0,0,0] 23 UDP 192.168.1.103:51507 <-> 172.217.23.67:443 [proto: 188.126/QUIC.Google][cat: Web/5][7 pkts/3507 bytes <-> 6 pkts/3329 bytes][Goodput ratio: 92/92][0.18 sec][bytes ratio: 0.026 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 3/0 27/2 76/4 27/1][Pkt Len c2s/s2c min/avg/max/stddev: 80/72 501/555 1392/1392 574/599][User-Agent: Chrome/57.0.2987.133 Linux x86_64][Client: ssl.gstatic.com][PLAIN TEXT (ssl.gstatic.com)][Plen Bins: 23,30,0,0,0,0,0,0,7,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0,0,0,0] 24 UDP 192.168.1.103:57591 <-> 216.58.198.46:443 [proto: 188.241/QUIC.GoogleDocs][cat: Collaborative/15][6 pkts/2687 bytes <-> 7 pkts/2125 bytes][Goodput ratio: 91/86][1.33 sec][bytes ratio: 0.117 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 21/248 55/1178 23/465][Pkt Len c2s/s2c min/avg/max/stddev: 77/70 448/304 1392/1392 532/455][User-Agent: Chrome/57.0.2987.133 Linux x86_64][Client: docs.google.com][PLAIN TEXT (docs.google.comr)][Plen Bins: 30,39,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0,0,0,0] - 25 TCP 192.168.1.103:54120 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: Chat/9][10 pkts/1032 bytes <-> 8 pkts/3711 bytes][Goodput ratio: 35/85][27.78 sec][ALPN: h2;http/1.1][bytes ratio: -0.565 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 3428/1426 19999/5411 6454/2304][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103/464 304/1754 77/673][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Safari][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,20,0,20,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,20] - 26 TCP 192.168.1.103:58041 <-> 203.205.147.171:443 [proto: 91.197/TLS.WeChat][cat: Chat/9][10 pkts/1032 bytes <-> 8 pkts/3711 bytes][Goodput ratio: 35/85][30.78 sec][ALPN: h2;http/1.1][bytes ratio: -0.565 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 3813/2235 20004/5405 6348/2331][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103/464 304/1754 77/673][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Safari][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,20,0,20,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,20] - 27 TCP 192.168.1.103:54118 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: Chat/9][10 pkts/1032 bytes <-> 8 pkts/3703 bytes][Goodput ratio: 35/86][24.98 sec][ALPN: h2;http/1.1][bytes ratio: -0.564 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3076/848 20000/3092 6448/1207][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103/463 304/1494 77/601][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Safari][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,16,0,16,0,0,0,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0] - 28 TCP 192.168.1.103:54090 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: Chat/9][10 pkts/1032 bytes <-> 7 pkts/3637 bytes][Goodput ratio: 35/87][13.33 sec][ALPN: h2;http/1.1][bytes ratio: -0.558 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1665/362 10763/1441 3453/623][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103/520 304/1494 77/622][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Safari][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,16,0,16,0,0,0,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0] - 29 TCP 192.168.1.103:54096 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: Chat/9][10 pkts/1032 bytes <-> 7 pkts/3637 bytes][Goodput ratio: 35/87][20.54 sec][ALPN: h2;http/1.1][bytes ratio: -0.558 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2567/80 19243/317 6305/137][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103/520 304/1494 77/622][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Safari][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,16,0,16,0,0,0,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0] - 30 TCP 192.168.1.103:54104 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: Chat/9][10 pkts/1032 bytes <-> 7 pkts/3637 bytes][Goodput ratio: 35/87][11.97 sec][ALPN: h2;http/1.1][bytes ratio: -0.558 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1496/90 10477/358 3399/155][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103/520 304/1494 77/622][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Safari][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,16,0,16,0,0,0,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0] - 31 TCP 192.168.1.103:54091 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: Chat/9][9 pkts/966 bytes <-> 6 pkts/3571 bytes][Goodput ratio: 38/89][11.54 sec][ALPN: h2;http/1.1][bytes ratio: -0.574 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1592/137 10023/410 3446/193][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 107/595 304/1754 80/732][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Safari][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,20,0,20,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,20] + 25 TCP 192.168.1.103:54120 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: Chat/9][10 pkts/1032 bytes <-> 8 pkts/3711 bytes][Goodput ratio: 35/85][27.78 sec][ALPN: h2;http/1.1][bytes ratio: -0.565 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 3428/1426 19999/5411 6454/2304][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103/464 304/1754 77/673][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,20,0,20,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,20] + 26 TCP 192.168.1.103:58041 <-> 203.205.147.171:443 [proto: 91.197/TLS.WeChat][cat: Chat/9][10 pkts/1032 bytes <-> 8 pkts/3711 bytes][Goodput ratio: 35/85][30.78 sec][ALPN: h2;http/1.1][bytes ratio: -0.565 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 3813/2235 20004/5405 6348/2331][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103/464 304/1754 77/673][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,20,0,20,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,20] + 27 TCP 192.168.1.103:54118 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: Chat/9][10 pkts/1032 bytes <-> 8 pkts/3703 bytes][Goodput ratio: 35/86][24.98 sec][ALPN: h2;http/1.1][bytes ratio: -0.564 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3076/848 20000/3092 6448/1207][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103/463 304/1494 77/601][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,16,0,16,0,0,0,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0] + 28 TCP 192.168.1.103:54090 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: Chat/9][10 pkts/1032 bytes <-> 7 pkts/3637 bytes][Goodput ratio: 35/87][13.33 sec][ALPN: h2;http/1.1][bytes ratio: -0.558 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1665/362 10763/1441 3453/623][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103/520 304/1494 77/622][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,16,0,16,0,0,0,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0] + 29 TCP 192.168.1.103:54096 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: Chat/9][10 pkts/1032 bytes <-> 7 pkts/3637 bytes][Goodput ratio: 35/87][20.54 sec][ALPN: h2;http/1.1][bytes ratio: -0.558 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2567/80 19243/317 6305/137][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103/520 304/1494 77/622][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,16,0,16,0,0,0,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0] + 30 TCP 192.168.1.103:54104 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: Chat/9][10 pkts/1032 bytes <-> 7 pkts/3637 bytes][Goodput ratio: 35/87][11.97 sec][ALPN: h2;http/1.1][bytes ratio: -0.558 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1496/90 10477/358 3399/155][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103/520 304/1494 77/622][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,16,0,16,0,0,0,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0] + 31 TCP 192.168.1.103:54091 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][cat: Chat/9][9 pkts/966 bytes <-> 6 pkts/3571 bytes][Goodput ratio: 38/89][11.54 sec][ALPN: h2;http/1.1][bytes ratio: -0.574 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1592/137 10023/410 3446/193][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 107/595 304/1754 80/732][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: web.wechat.com][JA3C: e330bca99c8a5256ae126a55c4c725c5][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,20,0,20,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,20] 32 UDP [fe80::7a92:9cff:fe0f:a88e]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][cat: Network/14][44 pkts/4488 bytes -> 0 pkts/0 bytes][Goodput ratio: 39/0][3914.88 sec][Host: _googlecast._tcp.local][_googlecast._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 6684/0 41917/0 11732/0][Pkt Len c2s/s2c min/avg/max/stddev: 102/0 102/0 102/0 0/0][PLAIN TEXT (googlecast)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 33 UDP 192.168.1.103:35601 <-> 172.217.23.67:443 [proto: 188.126/QUIC.Google][cat: Web/5][5 pkts/2035 bytes <-> 5 pkts/1937 bytes][Goodput ratio: 90/89][0.12 sec][bytes ratio: 0.025 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/17 24/16 53/47 24/19][Pkt Len c2s/s2c min/avg/max/stddev: 80/72 407/387 1392/1392 508/512][User-Agent: Chrome/57.0.2987.133 Linux x86_64][Client: ssl.gstatic.com][PLAIN TEXT (ssl.gstatic.com)][Plen Bins: 30,30,0,0,0,0,0,0,10,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0] 34 UDP 192.168.1.103:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][44 pkts/3608 bytes -> 0 pkts/0 bytes][Goodput ratio: 49/0][3914.88 sec][Host: _googlecast._tcp.local][_googlecast._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 6684/0 41917/0 11732/0][Pkt Len c2s/s2c min/avg/max/stddev: 82/0 82/0 82/0 0/0][PLAIN TEXT (googlecast)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/youtubeupload.pcap.out b/tests/result/youtubeupload.pcap.out index 2c0769ce5..9786bf454 100644 --- a/tests/result/youtubeupload.pcap.out +++ b/tests/result/youtubeupload.pcap.out @@ -7,4 +7,4 @@ JA3 Host Stats: 1 UDP 192.168.2.27:51925 <-> 172.217.23.111:443 [proto: 188.136/QUIC.YouTubeUpload][cat: Media/1][80 pkts/100473 bytes <-> 20 pkts/6003 bytes][Goodput ratio: 97/86][3.49 sec][bytes ratio: 0.887 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 33/249 1825/1883 217/551][Pkt Len c2s/s2c min/avg/max/stddev: 77/58 1256/300 1392/1392 385/473][User-Agent: Chrome/62.0.3202.94 Windows NT 10.0; Win64; x64][Client: upload.youtube.com][PLAIN TEXT (upload.youtube.comQ)][Plen Bins: 13,8,0,1,0,0,0,0,0,1,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,74,0,0,0,0,0] 2 UDP 192.168.2.27:62232 <-> 172.217.23.111:443 [proto: 188.136/QUIC.YouTubeUpload][cat: Media/1][13 pkts/8651 bytes <-> 11 pkts/6463 bytes][Goodput ratio: 94/93][16.89 sec][bytes ratio: 0.145 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1667/2090 14942/15097 4450/4941][Pkt Len c2s/s2c min/avg/max/stddev: 65/60 665/588 1392/1392 634/618][User-Agent: Chrome/62.0.3202.94 Windows NT 10.0; Win64; x64][Client: upload.youtube.com][PLAIN TEXT (upload.youtube.comQ)][Plen Bins: 20,33,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,37,0,0,0,0,0] - 3 TCP 192.168.2.27:57452 <-> 172.217.23.111:443 [proto: 91.136/TLS.YouTubeUpload][cat: Media/1][6 pkts/649 bytes <-> 7 pkts/4799 bytes][Goodput ratio: 45/92][0.12 sec][ALPN: h2;http/1.1][bytes ratio: -0.762 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 22/12 57/39 23/15][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 108/686 256/1484 73/634][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: upload.youtube.com][JA3C: bc6c386f480ee97b9d9e52d472b772d8][ServerNames: upload.video.google.com,*.clients.google.com,*.docs.google.com,*.drive.google.com,*.gdata.youtube.com,*.googleapis.com,*.photos.google.com,*.upload.google.com,*.upload.youtube.com,*.youtube-3rd-party.com,upload.google.com,upload.youtube.com,uploads.stage.gdata.youtube.com][JA3S: b26c652e0a402a24b5ca2a660e84f9d5][Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2][Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=upload.video.google.com][Certificate SHA-1: EE:3E:32:FB:B1:2E:82:EE:DF:FF:C0:1B:27:CD:BF:D8:8A:CB:BD:63][Safari][Validity: 2017-11-01 13:50:15 - 2018-01-24 13:31:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,28,0,0,0,14,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,28,0,0,0] + 3 TCP 192.168.2.27:57452 <-> 172.217.23.111:443 [proto: 91.136/TLS.YouTubeUpload][cat: Media/1][6 pkts/649 bytes <-> 7 pkts/4799 bytes][Goodput ratio: 45/92][0.12 sec][ALPN: h2;http/1.1][bytes ratio: -0.762 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 22/12 57/39 23/15][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 108/686 256/1484 73/634][Risk: ** Possibly Malicious JA3 Fingerprint **][Risk Score: 50][TLSv1.2][Client: upload.youtube.com][JA3C: bc6c386f480ee97b9d9e52d472b772d8][ServerNames: upload.video.google.com,*.clients.google.com,*.docs.google.com,*.drive.google.com,*.gdata.youtube.com,*.googleapis.com,*.photos.google.com,*.upload.google.com,*.upload.youtube.com,*.youtube-3rd-party.com,upload.google.com,upload.youtube.com,uploads.stage.gdata.youtube.com][JA3S: b26c652e0a402a24b5ca2a660e84f9d5][Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2][Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=upload.video.google.com][Certificate SHA-1: EE:3E:32:FB:B1:2E:82:EE:DF:FF:C0:1B:27:CD:BF:D8:8A:CB:BD:63][Validity: 2017-11-01 13:50:15 - 2018-01-24 13:31:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,28,0,0,0,14,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,28,0,0,0] |