diff options
| author | Luca Deri <deri@ntop.org> | 2024-08-07 11:35:17 +0200 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2024-08-07 11:38:41 +0200 |
| commit | fc4fb4d409c43af8b9bdbd9d0cf8d9b742408f26 (patch) | |
| tree | c13a9e82256804cd9fad2d9fb5816e1c0f549081 /tests/cfgs/default/result/webex.pcap.out | |
| parent | 653175e72421822aeb7a60af14c07004dc6368e4 (diff) | |
Fixed probing attempt risk that was creating false positives
Diffstat (limited to 'tests/cfgs/default/result/webex.pcap.out')
| -rw-r--r-- | tests/cfgs/default/result/webex.pcap.out | 46 |
1 files changed, 23 insertions, 23 deletions
diff --git a/tests/cfgs/default/result/webex.pcap.out b/tests/cfgs/default/result/webex.pcap.out index 68150c335..5443a7047 100644 --- a/tests/cfgs/default/result/webex.pcap.out +++ b/tests/cfgs/default/result/webex.pcap.out @@ -18,7 +18,7 @@ Automa domain: 44/0 (search/found) Automa tls cert: 1/0 (search/found) Automa risk mask: 1/0 (search/found) Automa common alpns: 0/0 (search/found) -Patricia risk mask: 98/0 (search/found) +Patricia risk mask: 94/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 0/0 (search/found) @@ -69,30 +69,30 @@ JA3 Host Stats: 28 TCP 10.8.0.1:49048 <-> 23.44.253.243:443 [proto: 91.141/TLS.Webex][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: VoIP/10][7 pkts/1181 bytes <-> 7 pkts/4021 bytes][Goodput ratio: 66/91][0.77 sec][bytes ratio: -0.546 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/9 125/129 463/394 174/138][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 169/574 448/2957 158/989][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: www.webex.com.au,www.webex.ca,www.webex.de,www.webex.com.hk,www.webex.co.in,www.webex.co.it,www.webex.co.jp,www.webex.com.mx,www.webex.co.uk,m.webex.com,signup.webex.com,signup.webex.co.uk,signup.webex.de,mytrial.webex.com,mytrial.webex.com.mx,mytrial.webex.co.in,mytrial.webex.com.au,mytrial.webex.co.jp,support.webex.com,howdoi.webex.com,kb.webex.com,myresources.webex.com,invoices.webex.com,try.webex.com,buyonline.webex.com,buyonline.webex.de,buyonline.webex.co.uk,tempbol.webex.com,tempsupport.webex.com,www.webex.com,webex.com][JA3S: 714ac86d50db68420429ca897688f5f3 (WEAK)][Issuer: C=US, O=GeoTrust, Inc., CN=GeoTrust SSL CA][Subject: C=US, ST=California, L=San Jose, O=Cisco Systems, OU=IT, CN=www.webex.com][Certificate SHA-1: EE:CE:24:B7:67:4D:F0:3F:16:80:F8:DC:E3:53:45:5F:3E:41:25:CD][Validity: 2014-12-18 08:27:59 - 2016-02-19 21:32:06][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,16,0,0,0,0,0,16,0,0,16,0,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16] 29 TCP 10.8.0.1:47116 <-> 114.29.202.139:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: VoIP/10][7 pkts/461 bytes <-> 6 pkts/4231 bytes][Goodput ratio: 14/92][4.09 sec][bytes ratio: -0.803 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/14 596/745 1927/1038 776/424][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 66/705 117/2896 22/1054][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,33] 30 TCP 10.8.0.1:47841 <-> 114.29.200.11:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][6 pkts/407 bytes <-> 5 pkts/4177 bytes][Goodput ratio: 15/94][4.08 sec][bytes ratio: -0.822 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 1018/992 2975/1922 1214/785][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 68/835 117/3961 23/1563][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50] - 31 TCP 10.8.0.1:33551 <-> 80.74.110.68:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][10 pkts/1465 bytes <-> 11 pkts/1065 bytes][Goodput ratio: 62/44][0.54 sec][bytes ratio: 0.158 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 77/77 283/252 98/86][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 146/97 590/396 161/102][Risk: ** Obsolete TLS (v1.1 or older) **** Malicious JA3 Fingerp. **** Probing attempt **][Risk Score: 200][Risk Info: TLSv1 / dff8a0aa1c904aaea76c5bf624e88333 / TLS/QUIC Probing][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA4: t10d350200_1f24bcc5f17d_33a13ba74d1c][JA3S: 6dfe5eb347aa509fc445e5628d467a2b (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 14,14,14,0,14,0,14,0,0,0,14,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 32 TCP 10.8.0.1:33553 <-> 80.74.110.68:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][10 pkts/1388 bytes <-> 10 pkts/1087 bytes][Goodput ratio: 60/50][13.16 sec][bytes ratio: 0.122 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1644/1879 10453/11491 3421/3952][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 139/109 590/472 163/127][Risk: ** Obsolete TLS (v1.1 or older) **** Malicious JA3 Fingerp. **** Probing attempt **][Risk Score: 200][Risk Info: TLSv1 / dff8a0aa1c904aaea76c5bf624e88333 / TLS/QUIC Probing][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA4: t10d350200_1f24bcc5f17d_33a13ba74d1c][JA3S: 6dfe5eb347aa509fc445e5628d467a2b (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 28,14,0,0,14,0,14,0,0,0,0,0,0,14,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 33 TCP 10.8.0.1:33512 <-> 80.74.110.68:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][9 pkts/1357 bytes <-> 9 pkts/615 bytes][Goodput ratio: 63/21][59.53 sec][bytes ratio: 0.376 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8504/9920 59268/59268 20725/22069][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 151/68 590/183 168/41][Risk: ** Obsolete TLS (v1.1 or older) **** Malicious JA3 Fingerp. **** Probing attempt **][Risk Score: 200][Risk Info: TLSv1 / dff8a0aa1c904aaea76c5bf624e88333 / TLS/QUIC Probing][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA4: t10d350200_1f24bcc5f17d_33a13ba74d1c][JA3S: 6dfe5eb347aa509fc445e5628d467a2b (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 16,34,0,0,16,0,16,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 34 TCP 10.8.0.1:33554 <-> 80.74.110.68:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][9 pkts/1357 bytes <-> 9 pkts/615 bytes][Goodput ratio: 63/21][13.15 sec][bytes ratio: 0.376 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/1 1877/2190 12884/12885 4494/4783][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 151/68 590/183 168/41][Risk: ** Obsolete TLS (v1.1 or older) **** Malicious JA3 Fingerp. **** Probing attempt **][Risk Score: 200][Risk Info: TLSv1 / dff8a0aa1c904aaea76c5bf624e88333 / TLS/QUIC Probing][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA4: t10d350200_1f24bcc5f17d_33a13ba74d1c][JA3S: 6dfe5eb347aa509fc445e5628d467a2b (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 16,34,0,0,16,0,16,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 31 TCP 10.8.0.1:33551 <-> 80.74.110.68:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][10 pkts/1465 bytes <-> 11 pkts/1065 bytes][Goodput ratio: 62/44][0.54 sec][bytes ratio: 0.158 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 77/77 283/252 98/86][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 146/97 590/396 161/102][Risk: ** Obsolete TLS (v1.1 or older) **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: TLSv1 / dff8a0aa1c904aaea76c5bf624e88333][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA4: t10d350200_1f24bcc5f17d_33a13ba74d1c][JA3S: 6dfe5eb347aa509fc445e5628d467a2b (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 14,14,14,0,14,0,14,0,0,0,14,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 32 TCP 10.8.0.1:33553 <-> 80.74.110.68:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][10 pkts/1388 bytes <-> 10 pkts/1087 bytes][Goodput ratio: 60/50][13.16 sec][bytes ratio: 0.122 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1644/1879 10453/11491 3421/3952][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 139/109 590/472 163/127][Risk: ** Obsolete TLS (v1.1 or older) **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: TLSv1 / dff8a0aa1c904aaea76c5bf624e88333][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA4: t10d350200_1f24bcc5f17d_33a13ba74d1c][JA3S: 6dfe5eb347aa509fc445e5628d467a2b (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 28,14,0,0,14,0,14,0,0,0,0,0,0,14,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 33 TCP 10.8.0.1:33512 <-> 80.74.110.68:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][9 pkts/1357 bytes <-> 9 pkts/615 bytes][Goodput ratio: 63/21][59.53 sec][bytes ratio: 0.376 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8504/9920 59268/59268 20725/22069][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 151/68 590/183 168/41][Risk: ** Obsolete TLS (v1.1 or older) **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: TLSv1 / dff8a0aa1c904aaea76c5bf624e88333][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA4: t10d350200_1f24bcc5f17d_33a13ba74d1c][JA3S: 6dfe5eb347aa509fc445e5628d467a2b (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 16,34,0,0,16,0,16,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 34 TCP 10.8.0.1:33554 <-> 80.74.110.68:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][9 pkts/1357 bytes <-> 9 pkts/615 bytes][Goodput ratio: 63/21][13.15 sec][bytes ratio: 0.376 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/1 1877/2190 12884/12885 4494/4783][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 151/68 590/183 168/41][Risk: ** Obsolete TLS (v1.1 or older) **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: TLSv1 / dff8a0aa1c904aaea76c5bf624e88333][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA4: t10d350200_1f24bcc5f17d_33a13ba74d1c][JA3S: 6dfe5eb347aa509fc445e5628d467a2b (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 16,34,0,0,16,0,16,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 35 TCP 10.8.0.1:59756 <-> 78.46.237.91:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Web/5][6 pkts/970 bytes <-> 6 pkts/821 bytes][Goodput ratio: 64/60][41.15 sec][Hostname/SNI: cp.pushwoosh.com][bytes ratio: 0.083 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 8230/114 40802/243 16286/100][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 162/137 590/551 194/185][URL: cp.pushwoosh.com/json/1.3/registerDevice][StatusCode: 200][Req Content-Type: application/json][Content-Type: application/json][Server: nginx/1.6.3][User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.2; LG-D855 Build/KVT49L.A1412087656)][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete nginx server 1.6.3][PLAIN TEXT (POST /j)][Plen Bins: 0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 36 TCP 10.8.0.1:33559 <-> 80.74.110.68:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][7 pkts/1280 bytes <-> 6 pkts/453 bytes][Goodput ratio: 69/28][1.57 sec][bytes ratio: 0.477 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 314/390 1555/1504 621/643][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 183/76 590/183 180/48][Risk: ** Obsolete TLS (v1.1 or older) **** Malicious JA3 Fingerp. **** Probing attempt **][Risk Score: 200][Risk Info: TLSv1 / dff8a0aa1c904aaea76c5bf624e88333 / TLS/QUIC Probing][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA4: t10d350200_1f24bcc5f17d_33a13ba74d1c][JA3S: 6dfe5eb347aa509fc445e5628d467a2b (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 0,20,20,0,20,0,20,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 36 TCP 10.8.0.1:33559 <-> 80.74.110.68:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][7 pkts/1280 bytes <-> 6 pkts/453 bytes][Goodput ratio: 69/28][1.57 sec][bytes ratio: 0.477 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 314/390 1555/1504 621/643][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 183/76 590/183 180/48][Risk: ** Obsolete TLS (v1.1 or older) **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: TLSv1 / dff8a0aa1c904aaea76c5bf624e88333][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA4: t10d350200_1f24bcc5f17d_33a13ba74d1c][JA3S: 6dfe5eb347aa509fc445e5628d467a2b (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 0,20,20,0,20,0,20,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 37 TCP 10.8.0.1:59757 <-> 78.46.237.91:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][5 pkts/624 bytes <-> 5 pkts/767 bytes][Goodput ratio: 53/65][41.15 sec][Hostname/SNI: cp.pushwoosh.com][bytes ratio: -0.103 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 5/105 10286/13713 40778/40779 17605/19138][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 125/153 388/551 132/199][URL: cp.pushwoosh.com/json/1.3/applicationOpen][StatusCode: 200][Req Content-Type: application/json][Content-Type: application/json][Server: nginx/1.6.3][User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.2; LG-D855 Build/KVT49L.A1412087656)][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete nginx server 1.6.3][PLAIN TEXT (POST /j)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 38 UDP 10.8.0.1:51772 <-> 62.109.229.158:9000 [proto: 141/Webex][IP: 141/Webex][Encrypted][Confidence: Match by IP][FPC: 141/Webex, Confidence: IP address][DPI packets: 7][cat: VoIP/10][14 pkts/1071 bytes <-> 2 pkts/100 bytes][Goodput ratio: 45/16][20.24 sec][bytes ratio: 0.829 (Upload)][IAT c2s/s2c min/avg/max/stddev: 122/117 1602/117 8966/117 2266/0][Pkt Len c2s/s2c min/avg/max/stddev: 47/50 76/50 84/50 14/0][Plen Bins: 31,68,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 39 TCP 10.8.0.1:41350 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: VoIP/10][6 pkts/614 bytes <-> 5 pkts/399 bytes][Goodput ratio: 44/32][0.51 sec][Hostname/SNI: radcom.webex.com][bytes ratio: 0.212 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/4 101/149 442/392 172/173][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 102/80 281/146 81/36][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: f9010d8c34749bdf7659b52227e6f91b][JA4: t12d280600_519b4837d290_570a46b37db9][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Firefox][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 0,50,25,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 40 TCP 10.8.0.1:41351 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][5 pkts/560 bytes <-> 4 pkts/345 bytes][Goodput ratio: 48/37][0.45 sec][Hostname/SNI: radcom.webex.com][bytes ratio: 0.238 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 112/148 444/442 192/208][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 112/86 281/183 86/56][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: f9010d8c34749bdf7659b52227e6f91b][JA4: t12d280600_519b4837d290_570a46b37db9][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Firefox][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 0,33,0,0,33,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 41 TCP 10.8.0.1:51190 <-> 62.109.224.120:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 11][cat: Web/5][7 pkts/501 bytes <-> 4 pkts/216 bytes][Goodput ratio: 13/0][2.03 sec][bytes ratio: 0.397 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 405/1 1009/1 490/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 72/54 117/54 21/0][Risk: ** Obsolete TLS (v1.1 or older) **** Probing attempt **][Risk Score: 150][Risk Info: TLSv1 / TCP connection with unidirectional traffic][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 42 TCP 10.8.0.1:37139 <-> 64.68.105.98:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 11][cat: Web/5][6 pkts/427 bytes <-> 5 pkts/270 bytes][Goodput ratio: 15/0][5.40 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/24 1079/2662 5297/5301 2109/2638][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/54 117/54 22/0][Risk: ** Obsolete TLS (v1.1 or older) **** Probing attempt **][Risk Score: 150][Risk Info: TLSv1 / TCP connection with unidirectional traffic][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 43 TCP 10.8.0.1:41394 <-> 64.68.105.103:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 11][cat: Web/5][6 pkts/427 bytes <-> 5 pkts/270 bytes][Goodput ratio: 15/0][12.04 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/11 2407/5982 11950/11953 4771/5971][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/54 117/54 22/0][Risk: ** Obsolete TLS (v1.1 or older) **** Probing attempt **][Risk Score: 150][Risk Info: TLSv1 / TCP connection with unidirectional traffic][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 44 TCP 10.8.0.1:41757 <-> 114.29.213.212:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 11][cat: Web/5][6 pkts/427 bytes <-> 5 pkts/270 bytes][Goodput ratio: 15/0][5.42 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/39 1083/2667 5292/5295 2105/2628][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/54 117/54 22/0][Risk: ** Obsolete TLS (v1.1 or older) **** Probing attempt **][Risk Score: 150][Risk Info: TLSv1 / TCP connection with unidirectional traffic][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 45 TCP 10.8.0.1:47135 <-> 114.29.202.139:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 11][cat: Web/5][6 pkts/427 bytes <-> 5 pkts/270 bytes][Goodput ratio: 15/0][5.43 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/48 1085/2670 5289/5293 2102/2622][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/54 117/54 22/0][Risk: ** Obsolete TLS (v1.1 or older) **** Probing attempt **][Risk Score: 150][Risk Info: TLSv1 / TCP connection with unidirectional traffic][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 46 TCP 10.8.0.1:51134 <-> 62.109.224.120:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 11][cat: Web/5][6 pkts/427 bytes <-> 5 pkts/270 bytes][Goodput ratio: 15/0][30.04 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/7 6007/14985 29960/29963 11976/14978][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/54 117/54 22/0][Risk: ** Obsolete TLS (v1.1 or older) **** Probing attempt **][Risk Score: 150][Risk Info: TLSv1 / TCP connection with unidirectional traffic][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 47 TCP 10.8.0.1:51135 <-> 62.109.224.120:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 11][cat: Web/5][6 pkts/427 bytes <-> 5 pkts/270 bytes][Goodput ratio: 15/0][30.03 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/3 6007/14984 29964/29966 11979/14982][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/54 117/54 22/0][Risk: ** Obsolete TLS (v1.1 or older) **** Probing attempt **][Risk Score: 150][Risk Info: TLSv1 / TCP connection with unidirectional traffic][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 48 TCP 10.8.0.1:51676 <-> 114.29.204.49:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 11][cat: Web/5][6 pkts/427 bytes <-> 5 pkts/270 bytes][Goodput ratio: 15/0][5.41 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/32 1080/2665 5295/5298 2107/2633][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/54 117/54 22/0][Risk: ** Obsolete TLS (v1.1 or older) **** Probing attempt **][Risk Score: 150][Risk Info: TLSv1 / TCP connection with unidirectional traffic][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 49 TCP 10.8.0.1:33511 <-> 80.74.110.68:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Web/5][4 pkts/452 bytes <-> 4 pkts/216 bytes][Goodput ratio: 48/0][59.48 sec][bytes ratio: 0.353 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/22 19827/29739 59456/59456 28022/29717][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 113/54 270/54 91/0][Risk: ** Obsolete TLS (v1.1 or older) **** Malicious JA3 Fingerp. **** Probing attempt **][Risk Score: 200][Risk Info: TLSv1 / dff8a0aa1c904aaea76c5bf624e88333 / TCP connection with unidirectional traffic][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA4: t10d350200_1f24bcc5f17d_33a13ba74d1c][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 50 TCP 10.8.0.1:51833 <-> 62.109.229.158:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: Web/5][4 pkts/423 bytes <-> 4 pkts/216 bytes][Goodput ratio: 44/0][15.00 sec][bytes ratio: 0.324 (Upload)][IAT c2s/s2c min/avg/max/stddev: 5/51 4998/7496 14940/14942 7030/7446][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 106/54 241/54 79/0][Risk: ** Obsolete TLS (v1.1 or older) **** Probing attempt **][Risk Score: 150][Risk Info: TLSv1 / TCP connection with unidirectional traffic][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][JA4: t10d440400_e56d601e95ee_282f11336259][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 51 TCP 10.8.0.1:51839 <-> 62.109.229.158:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: Web/5][4 pkts/423 bytes <-> 4 pkts/216 bytes][Goodput ratio: 44/0][15.14 sec][bytes ratio: 0.324 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/50 5044/7566 15081/15081 7097/7515][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 106/54 241/54 79/0][Risk: ** Obsolete TLS (v1.1 or older) **** Probing attempt **][Risk Score: 150][Risk Info: TLSv1 / TCP connection with unidirectional traffic][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][JA4: t10d440400_e56d601e95ee_282f11336259][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 52 TCP 10.8.0.1:41726 <-> 114.29.213.212:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: Web/5][4 pkts/299 bytes <-> 4 pkts/216 bytes][Goodput ratio: 21/0][2.09 sec][bytes ratio: 0.161 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 3/3 695/1040 2078/2078 978/1038][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 75/54 117/54 26/0][Risk: ** Obsolete TLS (v1.1 or older) **** Probing attempt **][Risk Score: 150][Risk Info: TLSv1 / TCP connection with unidirectional traffic][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 53 TCP 10.8.0.1:51195 <-> 62.109.224.120:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 5][cat: Web/5][3 pkts/245 bytes <-> 2 pkts/108 bytes][Goodput ratio: 26/0][0.01 sec][Risk: ** Obsolete TLS (v1.1 or older) **** Probing attempt **][Risk Score: 150][Risk Info: TLSv1 / TCP connection with unidirectional traffic][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 54 TCP 10.133.206.47:33459 <-> 80.74.110.68:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 1][cat: Web/5][3 pkts/209 bytes <-> 2 pkts/108 bytes][Goodput ratio: 11/0][0.06 sec][Risk: ** Probing attempt **][Risk Score: 50][Risk Info: No server to client traffic / TCP connection with unidirectional traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 55 TCP 10.8.0.1:51859 <-> 62.109.229.158:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: Match by port][FPC: 141/Webex, Confidence: IP address][DPI packets: 3][cat: Web/5][2 pkts/128 bytes <-> 1 pkts/54 bytes][Goodput ratio: 0/0][1.00 sec][Risk: ** TCP Connection Issues **** Probing attempt **][Risk Score: 100][Risk Info: Connection refused (client) / TCP connection with unidirectional traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 56 TCP 10.133.206.47:54651 <-> 185.63.147.10:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Web/5][1 pkts/66 bytes <-> 2 pkts/108 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Probing attempt **][Risk Score: 50][Risk Info: TCP connection with unidirectional traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 57 TCP 10.133.206.47:59447 <-> 107.20.242.44:443 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: Match by port][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 3][cat: Web/5][1 pkts/66 bytes <-> 2 pkts/108 bytes][Goodput ratio: 0/0][0.00 sec][Risk: ** Probing attempt **][Risk Score: 50][Risk Info: TCP connection with unidirectional traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 41 TCP 10.8.0.1:51190 <-> 62.109.224.120:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 11][cat: Web/5][7 pkts/501 bytes <-> 4 pkts/216 bytes][Goodput ratio: 13/0][2.03 sec][bytes ratio: 0.397 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 405/1 1009/1 490/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 72/54 117/54 21/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 42 TCP 10.8.0.1:37139 <-> 64.68.105.98:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 11][cat: Web/5][6 pkts/427 bytes <-> 5 pkts/270 bytes][Goodput ratio: 15/0][5.40 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/24 1079/2662 5297/5301 2109/2638][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/54 117/54 22/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 43 TCP 10.8.0.1:41394 <-> 64.68.105.103:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 11][cat: Web/5][6 pkts/427 bytes <-> 5 pkts/270 bytes][Goodput ratio: 15/0][12.04 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/11 2407/5982 11950/11953 4771/5971][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/54 117/54 22/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 44 TCP 10.8.0.1:41757 <-> 114.29.213.212:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 11][cat: Web/5][6 pkts/427 bytes <-> 5 pkts/270 bytes][Goodput ratio: 15/0][5.42 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/39 1083/2667 5292/5295 2105/2628][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/54 117/54 22/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 45 TCP 10.8.0.1:47135 <-> 114.29.202.139:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 11][cat: Web/5][6 pkts/427 bytes <-> 5 pkts/270 bytes][Goodput ratio: 15/0][5.43 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/48 1085/2670 5289/5293 2102/2622][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/54 117/54 22/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 46 TCP 10.8.0.1:51134 <-> 62.109.224.120:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 11][cat: Web/5][6 pkts/427 bytes <-> 5 pkts/270 bytes][Goodput ratio: 15/0][30.04 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/7 6007/14985 29960/29963 11976/14978][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/54 117/54 22/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 47 TCP 10.8.0.1:51135 <-> 62.109.224.120:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 11][cat: Web/5][6 pkts/427 bytes <-> 5 pkts/270 bytes][Goodput ratio: 15/0][30.03 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/3 6007/14984 29964/29966 11979/14982][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/54 117/54 22/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 48 TCP 10.8.0.1:51676 <-> 114.29.204.49:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 11][cat: Web/5][6 pkts/427 bytes <-> 5 pkts/270 bytes][Goodput ratio: 15/0][5.41 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/32 1080/2665 5295/5298 2107/2633][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/54 117/54 22/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 49 TCP 10.8.0.1:33511 <-> 80.74.110.68:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Web/5][4 pkts/452 bytes <-> 4 pkts/216 bytes][Goodput ratio: 48/0][59.48 sec][bytes ratio: 0.353 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/22 19827/29739 59456/59456 28022/29717][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 113/54 270/54 91/0][Risk: ** Obsolete TLS (v1.1 or older) **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: TLSv1 / dff8a0aa1c904aaea76c5bf624e88333][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA4: t10d350200_1f24bcc5f17d_33a13ba74d1c][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 50 TCP 10.8.0.1:51833 <-> 62.109.229.158:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: Web/5][4 pkts/423 bytes <-> 4 pkts/216 bytes][Goodput ratio: 44/0][15.00 sec][bytes ratio: 0.324 (Upload)][IAT c2s/s2c min/avg/max/stddev: 5/51 4998/7496 14940/14942 7030/7446][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 106/54 241/54 79/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][JA4: t10d440400_e56d601e95ee_282f11336259][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 51 TCP 10.8.0.1:51839 <-> 62.109.229.158:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: Web/5][4 pkts/423 bytes <-> 4 pkts/216 bytes][Goodput ratio: 44/0][15.14 sec][bytes ratio: 0.324 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/50 5044/7566 15081/15081 7097/7515][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 106/54 241/54 79/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][JA4: t10d440400_e56d601e95ee_282f11336259][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 52 TCP 10.8.0.1:41726 <-> 114.29.213.212:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: Web/5][4 pkts/299 bytes <-> 4 pkts/216 bytes][Goodput ratio: 21/0][2.09 sec][bytes ratio: 0.161 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 3/3 695/1040 2078/2078 978/1038][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 75/54 117/54 26/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 53 TCP 10.8.0.1:51195 <-> 62.109.224.120:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 5][cat: Web/5][3 pkts/245 bytes <-> 2 pkts/108 bytes][Goodput ratio: 26/0][0.01 sec][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][JA4: t10d020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 54 TCP 10.133.206.47:33459 <-> 80.74.110.68:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 1][cat: Web/5][3 pkts/209 bytes <-> 2 pkts/108 bytes][Goodput ratio: 11/0][0.06 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 55 TCP 10.8.0.1:51859 <-> 62.109.229.158:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: Match by port][FPC: 141/Webex, Confidence: IP address][DPI packets: 3][cat: Web/5][2 pkts/128 bytes <-> 1 pkts/54 bytes][Goodput ratio: 0/0][1.00 sec][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused (client)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 56 TCP 10.133.206.47:54651 <-> 185.63.147.10:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Web/5][1 pkts/66 bytes <-> 2 pkts/108 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 57 TCP 10.133.206.47:59447 <-> 107.20.242.44:443 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: Match by port][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 3][cat: Web/5][1 pkts/66 bytes <-> 2 pkts/108 bytes][Goodput ratio: 0/0][0.00 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] |