aboutsummaryrefslogtreecommitdiff
path: root/tests/cfgs/default/result/waze.pcap.out
diff options
context:
space:
mode:
Diffstat (limited to 'tests/cfgs/default/result/waze.pcap.out')
-rw-r--r--tests/cfgs/default/result/waze.pcap.out44
1 files changed, 22 insertions, 22 deletions
diff --git a/tests/cfgs/default/result/waze.pcap.out b/tests/cfgs/default/result/waze.pcap.out
index 44131ccb4..ea559e7c9 100644
--- a/tests/cfgs/default/result/waze.pcap.out
+++ b/tests/cfgs/default/result/waze.pcap.out
@@ -41,28 +41,28 @@ JA3 Host Stats:
1 10.8.0.1 2
- 1 TCP 10.8.0.1:36100 <-> 46.51.173.182:443 [proto: 91.135/TLS.Waze][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 6][cat: Web/5][52 pkts/10860 bytes <-> 55 pkts/74852 bytes][Goodput ratio: 74/96][19.68 sec][bytes ratio: -0.747 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 288/329 3806/5018 686/820][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 209/1361 590/17258 183/3378][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 40962_64_65535_41a9d5af7dd3/Unknown][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][JA4: t10d320300_771403ec58f7_a875e5012fde][ServerNames: *.world.waze.com][JA3S: 714ac86d50db68420429ca897688f5f3 (WEAK)][Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2][Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com][Certificate SHA-1: 30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B][Validity: 2014-11-06 16:09:20 - 2015-11-06 16:09:20][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,5,0,0,21,1,5,3,3,1,10,1,0,0,0,0,14,0,0,0,0,0,1,0,1,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23]
- 2 TCP 10.8.0.1:54915 <-> 65.39.128.135:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Download/7][19 pkts/1309 bytes <-> 18 pkts/61896 bytes][Goodput ratio: 20/98][5.27 sec][Hostname/SNI: xtra1.gpsonextra.net][bytes ratio: -0.959 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 321/373 3680/3677 903/960][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 69/3439 317/11833 59/3468][URL: xtra1.gpsonextra.net/xtra2.bin][StatusCode: 200][Content-Type: application/octet-stream][Server: Cherokee][User-Agent: Android][Risk: ** Binary File/Data Transfer (Attempt) **][Risk Score: 50][Risk Info: Found binary mime octet-stream][TCP Fingerprint: 40962_64_65535_41a9d5af7dd3/Unknown][PLAIN TEXT (GET /xtra)][Plen Bins: 0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,0,71]
- 3 TCP 10.8.0.1:39021 <-> 52.17.114.219:443 [proto: 91.135/TLS.Waze][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 8][cat: Web/5][17 pkts/1962 bytes <-> 16 pkts/56934 bytes][Goodput ratio: 52/98][2.64 sec][bytes ratio: -0.933 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 155/189 387/415 137/131][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 115/3558 590/21942 132/6125][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 40962_64_65535_41a9d5af7dd3/Unknown][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][JA4: t10d320300_771403ec58f7_a875e5012fde][ServerNames: *.world.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2][Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com][Certificate SHA-1: 30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B][Validity: 2014-11-06 16:09:20 - 2015-11-06 16:09:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 7,0,0,0,15,7,0,7,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0,0,0,39]
- 4 TCP 10.8.0.1:36312 <-> 176.34.186.180:443 [proto: 91.135/TLS.Waze][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 8][cat: Web/5][17 pkts/2176 bytes <-> 15 pkts/42443 bytes][Goodput ratio: 57/98][3.70 sec][bytes ratio: -0.902 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 218/126 1449/293 383/116][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 128/2830 590/11186 147/3901][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 40962_64_65535_41a9d5af7dd3/Unknown][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][JA4: t10d320300_771403ec58f7_a875e5012fde][ServerNames: *.world.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2][Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com][Certificate SHA-1: 30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B][Validity: 2014-11-06 16:09:20 - 2015-11-06 16:09:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,7,0,0,7,7,0,7,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,35]
- 5 TCP 10.8.0.1:36316 <-> 176.34.186.180:443 [proto: 91.135/TLS.Waze][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 6][cat: Web/5][15 pkts/1540 bytes <-> 13 pkts/26346 bytes][Goodput ratio: 46/97][3.22 sec][bytes ratio: -0.890 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 237/155 1289/609 359/182][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 103/2027 411/8150 98/2612][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 40962_64_65535_41a9d5af7dd3/Unknown][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][JA4: t10d320300_771403ec58f7_a875e5012fde][ServerNames: *.world.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2][Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com][Certificate SHA-1: 30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B][Validity: 2014-11-06 16:09:20 - 2015-11-06 16:09:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,8,0,0,8,8,0,8,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33]
- 6 TCP 10.8.0.1:36102 <-> 46.51.173.182:443 [proto: 91.135/TLS.Waze][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 8][cat: Web/5][19 pkts/2646 bytes <-> 18 pkts/9338 bytes][Goodput ratio: 60/90][15.91 sec][bytes ratio: -0.558 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 578/1210 5838/5890 1445/1892][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 139/519 555/3660 141/939][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 40962_64_65535_41a9d5af7dd3/Unknown][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][JA4: t10d320300_771403ec58f7_a875e5012fde][ServerNames: *.world.waze.com][JA3S: 714ac86d50db68420429ca897688f5f3 (WEAK)][Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2][Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com][Certificate SHA-1: 30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B][Validity: 2014-11-06 16:09:20 - 2015-11-06 16:09:20][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,14,0,0,7,14,0,7,14,0,7,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14]
- 7 TCP 10.8.0.1:39010 <-> 52.17.114.219:443 [proto: 91.135/TLS.Waze][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 6][cat: Web/5][8 pkts/1034 bytes <-> 8 pkts/8151 bytes][Goodput ratio: 56/95][1.29 sec][bytes ratio: -0.775 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/1 162/196 343/348 153/133][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 129/1019 283/4048 87/1610][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 40962_64_65535_41a9d5af7dd3/Unknown][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][JA4: t10d320300_771403ec58f7_a875e5012fde][ServerNames: *.world.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2][Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com][Certificate SHA-1: 30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B][Validity: 2014-11-06 16:09:20 - 2015-11-06 16:09:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,14,0,0,14,14,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28]
- 8 TCP 10.8.0.1:51049 <-> 176.34.103.105:443 [proto: 91.135/TLS.Waze][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 10][cat: Web/5][12 pkts/1282 bytes <-> 11 pkts/6541 bytes][Goodput ratio: 48/91][3.03 sec][bytes ratio: -0.672 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/5 298/361 1175/1175 372/355][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 107/595 315/1422 85/584][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 40962_64_65535_41a9d5af7dd3/Unknown][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][JA4: t10d320300_771403ec58f7_a875e5012fde][ServerNames: *.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2][Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.waze.com][Certificate SHA-1: A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57][Validity: 2015-01-12 13:36:11 - 2015-12-31 00:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,10,0,0,10,10,0,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0,0,0,0]
- 9 TCP 10.8.0.1:51051 <-> 176.34.103.105:443 [proto: 91.135/TLS.Waze][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 8][cat: Web/5][11 pkts/1228 bytes <-> 10 pkts/6487 bytes][Goodput ratio: 50/92][2.56 sec][bytes ratio: -0.682 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 283/306 1174/1173 370/349][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 112/649 315/2165 88/739][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 40962_64_65535_41a9d5af7dd3/Unknown][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][JA4: t10d320300_771403ec58f7_a875e5012fde][ServerNames: *.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2][Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.waze.com][Certificate SHA-1: A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57][Validity: 2015-01-12 13:36:11 - 2015-12-31 00:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,11,0,0,11,11,0,11,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,11]
- 10 TCP 10.8.0.1:36134 <-> 46.51.173.182:443 [proto: 91.135/TLS.Waze][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 6][cat: Web/5][12 pkts/1650 bytes <-> 12 pkts/4935 bytes][Goodput ratio: 59/87][6.85 sec][bytes ratio: -0.499 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 729/963 4966/4966 1534/1663][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 138/411 380/3201 124/875][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 40962_64_65535_41a9d5af7dd3/Unknown][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][JA4: t10d320300_771403ec58f7_a875e5012fde][ServerNames: *.world.waze.com][JA3S: 714ac86d50db68420429ca897688f5f3 (WEAK)][Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2][Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com][Certificate SHA-1: 30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B][Validity: 2014-11-06 16:09:20 - 2015-11-06 16:09:20][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,12,0,0,12,12,0,12,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12]
- 11 TCP 10.8.0.1:36137 <-> 46.51.173.182:443 [proto: 91.135/TLS.Waze][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 8][cat: Web/5][12 pkts/1522 bytes <-> 11 pkts/4220 bytes][Goodput ratio: 56/86][2.36 sec][bytes ratio: -0.470 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 196/195 883/537 286/190][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 127/384 380/2189 107/640][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 40962_64_65535_41a9d5af7dd3/Unknown][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][JA4: t10d320300_771403ec58f7_a875e5012fde][ServerNames: *.world.waze.com][JA3S: 714ac86d50db68420429ca897688f5f3 (WEAK)][Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2][Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com][Certificate SHA-1: 30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B][Validity: 2014-11-06 16:09:20 - 2015-11-06 16:09:20][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,0,0,0,12,12,12,25,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12]
- 12 TCP 10.8.0.1:36314 <-> 176.34.186.180:443 [proto: 91.135/TLS.Waze][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 8][cat: Web/5][11 pkts/1260 bytes <-> 9 pkts/4413 bytes][Goodput ratio: 51/89][3.32 sec][bytes ratio: -0.556 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 335/261 1332/645 428/236][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 115/490 347/2533 95/785][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 40962_64_65535_41a9d5af7dd3/Unknown][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][JA4: t10d320300_771403ec58f7_a875e5012fde][ServerNames: *.world.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2][Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com][Certificate SHA-1: 30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B][Validity: 2014-11-06 16:09:20 - 2015-11-06 16:09:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,12,0,0,12,12,12,12,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12]
- 13 TCP 10.8.0.1:51050 <-> 176.34.103.105:443 [proto: 91.135/TLS.Waze][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 8][cat: Web/5][9 pkts/1184 bytes <-> 9 pkts/4369 bytes][Goodput ratio: 57/89][2.45 sec][bytes ratio: -0.574 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 300/341 1397/1346 459/421][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 132/485 379/2165 108/725][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 40962_64_65535_41a9d5af7dd3/Unknown][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][JA4: t10d320300_771403ec58f7_a875e5012fde][ServerNames: *.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2][Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.waze.com][Certificate SHA-1: A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57][Validity: 2015-01-12 13:36:11 - 2015-12-31 00:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,12,0,0,12,25,0,12,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,12]
- 14 TCP 10.8.0.1:45529 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 8][cat: Web/5][9 pkts/591 bytes <-> 8 pkts/3424 bytes][Goodput ratio: 14/87][0.53 sec][Hostname/SNI: roadshields.waze.com][bytes ratio: -0.706 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/3 75/105 261/274 89/92][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 66/428 137/1678 26/651][URL: roadshields.waze.com/images/HD/CH2.png][StatusCode: 200][Content-Type: image/png][Server: AmazonS3][User-Agent: /3.9.4.0][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 4.989 (Executable?)][TCP Fingerprint: 40962_64_65535_41a9d5af7dd3/Unknown][PLAIN TEXT (GET /images/HD/CH)][Plen Bins: 25,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,25]
- 15 TCP 10.8.0.1:36585 <-> 173.194.118.48:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Web/5][7 pkts/1137 bytes <-> 6 pkts/1005 bytes][Goodput ratio: 65/68][0.40 sec][bytes ratio: 0.062 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/2 32/74 53/188 24/69][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 162/168 572/602 177/200][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 40962_64_65535_41a9d5af7dd3/Unknown][TLSv1][JA3C: f8f5b71e02603b283e55b50d17ede861][JA4: t10d140200_37d7d24289bf_33a13ba74d1c][JA3S: 23f1f6e2f0015c166df49fdab4280370 (INSECURE)][Cipher: TLS_ECDHE_RSA_WITH_RC4_128_SHA][Plen Bins: 0,20,0,0,20,20,0,0,0,0,0,0,0,0,0,0,20,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 16 TCP 10.8.0.1:45536 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 8][cat: Web/5][8 pkts/594 bytes <-> 7 pkts/771 bytes][Goodput ratio: 24/51][0.14 sec][Hostname/SNI: cres.waze.com][bytes ratio: -0.130 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 23/29 134/84 50/39][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 74/110 194/447 46/138][URL: cres.waze.com/lang_asr/lang.portuguese_br_asr][StatusCode: 304][Server: AmazonS3][User-Agent: /3.9.4.0][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 5.214 (Executable?)][TCP Fingerprint: 40962_64_65535_41a9d5af7dd3/Unknown][PLAIN TEXT (GET /lang)][Plen Bins: 33,0,0,0,33,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 17 TCP 10.8.0.1:50828 <-> 108.168.176.228:443 [proto: 142/WhatsApp][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Chat/9][8 pkts/673 bytes <-> 7 pkts/668 bytes][Goodput ratio: 33/43][0.55 sec][bytes ratio: 0.004 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/9 80/98 289/238 106/83][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 84/95 222/245 53/67][TCP Fingerprint: 40962_64_65535_41a9d5af7dd3/Unknown][PLAIN TEXT (Android)][Plen Bins: 50,0,16,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 18 TCP 10.8.0.1:45546 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 8][cat: Web/5][7 pkts/557 bytes <-> 7 pkts/771 bytes][Goodput ratio: 28/51][0.54 sec][Hostname/SNI: cres.waze.com][bytes ratio: -0.161 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 105/174 394/397 152/166][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 80/110 211/447 54/138][URL: cres.waze.com/newVconfig/1.0/3/prompts_conf.buf?rtserver-id=15][StatusCode: 304][Server: AmazonS3][User-Agent: /3.9.4.0][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 5.243 (Executable?)][TCP Fingerprint: 40962_64_65535_41a9d5af7dd3/Unknown][PLAIN TEXT (GET /newV)][Plen Bins: 33,0,0,0,33,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 19 TCP 10.8.0.1:45538 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 8][cat: Web/5][7 pkts/555 bytes <-> 7 pkts/771 bytes][Goodput ratio: 28/51][0.29 sec][Hostname/SNI: cres.waze.com][bytes ratio: -0.163 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 42/70 177/177 68/77][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 79/110 209/447 53/138][URL: cres.waze.com/lang_tts/lang.portuguese_br_tts?rtserver-id=15][StatusCode: 304][Server: AmazonS3][User-Agent: /3.9.4.0][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 5.276 (Executable?)][TCP Fingerprint: 40962_64_65535_41a9d5af7dd3/Unknown][PLAIN TEXT (GET /lang)][Plen Bins: 33,0,0,0,33,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 20 TCP 10.8.0.1:45552 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 8][cat: Web/5][7 pkts/552 bytes <-> 7 pkts/771 bytes][Goodput ratio: 28/51][0.23 sec][Hostname/SNI: cres.waze.com][bytes ratio: -0.166 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 34/56 169/168 67/79][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 79/110 206/447 52/138][URL: cres.waze.com/langs/1.0/lang.portuguese_br?rtserver-id=15][StatusCode: 304][Server: AmazonS3][User-Agent: /3.9.4.0][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 5.296 (Executable?)][TCP Fingerprint: 40962_64_65535_41a9d5af7dd3/Unknown][PLAIN TEXT (GET /langs/1.0/lang.portuguese)][Plen Bins: 33,0,0,0,33,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 21 TCP 10.8.0.1:45554 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 8][cat: Web/5][7 pkts/550 bytes <-> 7 pkts/769 bytes][Goodput ratio: 28/51][0.14 sec][Hostname/SNI: cres.waze.com][bytes ratio: -0.166 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 26/42 126/125 50/58][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 79/110 204/445 52/137][URL: cres.waze.com/newVconfig/1.0/3/lang.conf?rtserver-id=15][StatusCode: 304][Server: AmazonS3][User-Agent: /3.9.4.0][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 5.250 (Executable?)][TCP Fingerprint: 40962_64_65535_41a9d5af7dd3/Unknown][PLAIN TEXT (GET /newV)][Plen Bins: 33,0,0,0,33,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 22 TCP 10.8.0.1:45540 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 8][cat: Web/5][7 pkts/553 bytes <-> 7 pkts/733 bytes][Goodput ratio: 28/48][0.29 sec][Hostname/SNI: roadshields.waze.com][bytes ratio: -0.140 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 42/68 176/174 68/76][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 79/105 207/409 53/124][URL: roadshields.waze.com/shields_conf_new_latam?rtserver-id=15][StatusCode: 304][Server: AmazonS3][User-Agent: /3.9.4.0][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 5.234 (Executable?)][TCP Fingerprint: 40962_64_65535_41a9d5af7dd3/Unknown][PLAIN TEXT (GET /shields)][Plen Bins: 33,0,0,0,33,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 TCP 10.8.0.1:36100 <-> 46.51.173.182:443 [proto: 91.135/TLS.Waze][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 6][cat: Web/5][52 pkts/10860 bytes <-> 55 pkts/74852 bytes][Goodput ratio: 74/96][19.68 sec][bytes ratio: -0.747 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 288/329 3806/5018 686/820][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 209/1361 590/17258 183/3378][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Unknown][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][JA4: t10d320300_771403ec58f7_a875e5012fde][ServerNames: *.world.waze.com][JA3S: 714ac86d50db68420429ca897688f5f3 (WEAK)][Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2][Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com][Certificate SHA-1: 30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B][Validity: 2014-11-06 16:09:20 - 2015-11-06 16:09:20][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,5,0,0,21,1,5,3,3,1,10,1,0,0,0,0,14,0,0,0,0,0,1,0,1,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23]
+ 2 TCP 10.8.0.1:54915 <-> 65.39.128.135:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Download/7][19 pkts/1309 bytes <-> 18 pkts/61896 bytes][Goodput ratio: 20/98][5.27 sec][Hostname/SNI: xtra1.gpsonextra.net][bytes ratio: -0.959 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 321/373 3680/3677 903/960][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 69/3439 317/11833 59/3468][URL: xtra1.gpsonextra.net/xtra2.bin][StatusCode: 200][Content-Type: application/octet-stream][Server: Cherokee][User-Agent: Android][Risk: ** Binary File/Data Transfer (Attempt) **][Risk Score: 50][Risk Info: Found binary mime octet-stream][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Unknown][PLAIN TEXT (GET /xtra)][Plen Bins: 0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,0,71]
+ 3 TCP 10.8.0.1:39021 <-> 52.17.114.219:443 [proto: 91.135/TLS.Waze][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 8][cat: Web/5][17 pkts/1962 bytes <-> 16 pkts/56934 bytes][Goodput ratio: 52/98][2.64 sec][bytes ratio: -0.933 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 155/189 387/415 137/131][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 115/3558 590/21942 132/6125][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Unknown][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][JA4: t10d320300_771403ec58f7_a875e5012fde][ServerNames: *.world.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2][Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com][Certificate SHA-1: 30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B][Validity: 2014-11-06 16:09:20 - 2015-11-06 16:09:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 7,0,0,0,15,7,0,7,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0,0,0,39]
+ 4 TCP 10.8.0.1:36312 <-> 176.34.186.180:443 [proto: 91.135/TLS.Waze][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 8][cat: Web/5][17 pkts/2176 bytes <-> 15 pkts/42443 bytes][Goodput ratio: 57/98][3.70 sec][bytes ratio: -0.902 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 218/126 1449/293 383/116][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 128/2830 590/11186 147/3901][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Unknown][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][JA4: t10d320300_771403ec58f7_a875e5012fde][ServerNames: *.world.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2][Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com][Certificate SHA-1: 30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B][Validity: 2014-11-06 16:09:20 - 2015-11-06 16:09:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,7,0,0,7,7,0,7,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,35]
+ 5 TCP 10.8.0.1:36316 <-> 176.34.186.180:443 [proto: 91.135/TLS.Waze][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 6][cat: Web/5][15 pkts/1540 bytes <-> 13 pkts/26346 bytes][Goodput ratio: 46/97][3.22 sec][bytes ratio: -0.890 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 237/155 1289/609 359/182][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 103/2027 411/8150 98/2612][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Unknown][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][JA4: t10d320300_771403ec58f7_a875e5012fde][ServerNames: *.world.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2][Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com][Certificate SHA-1: 30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B][Validity: 2014-11-06 16:09:20 - 2015-11-06 16:09:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,8,0,0,8,8,0,8,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33]
+ 6 TCP 10.8.0.1:36102 <-> 46.51.173.182:443 [proto: 91.135/TLS.Waze][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 8][cat: Web/5][19 pkts/2646 bytes <-> 18 pkts/9338 bytes][Goodput ratio: 60/90][15.91 sec][bytes ratio: -0.558 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 578/1210 5838/5890 1445/1892][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 139/519 555/3660 141/939][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Unknown][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][JA4: t10d320300_771403ec58f7_a875e5012fde][ServerNames: *.world.waze.com][JA3S: 714ac86d50db68420429ca897688f5f3 (WEAK)][Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2][Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com][Certificate SHA-1: 30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B][Validity: 2014-11-06 16:09:20 - 2015-11-06 16:09:20][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,14,0,0,7,14,0,7,14,0,7,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14]
+ 7 TCP 10.8.0.1:39010 <-> 52.17.114.219:443 [proto: 91.135/TLS.Waze][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 6][cat: Web/5][8 pkts/1034 bytes <-> 8 pkts/8151 bytes][Goodput ratio: 56/95][1.29 sec][bytes ratio: -0.775 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/1 162/196 343/348 153/133][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 129/1019 283/4048 87/1610][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Unknown][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][JA4: t10d320300_771403ec58f7_a875e5012fde][ServerNames: *.world.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2][Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com][Certificate SHA-1: 30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B][Validity: 2014-11-06 16:09:20 - 2015-11-06 16:09:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,14,0,0,14,14,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28]
+ 8 TCP 10.8.0.1:51049 <-> 176.34.103.105:443 [proto: 91.135/TLS.Waze][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 10][cat: Web/5][12 pkts/1282 bytes <-> 11 pkts/6541 bytes][Goodput ratio: 48/91][3.03 sec][bytes ratio: -0.672 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/5 298/361 1175/1175 372/355][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 107/595 315/1422 85/584][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Unknown][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][JA4: t10d320300_771403ec58f7_a875e5012fde][ServerNames: *.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2][Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.waze.com][Certificate SHA-1: A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57][Validity: 2015-01-12 13:36:11 - 2015-12-31 00:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,10,0,0,10,10,0,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0,0,0,0]
+ 9 TCP 10.8.0.1:51051 <-> 176.34.103.105:443 [proto: 91.135/TLS.Waze][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 8][cat: Web/5][11 pkts/1228 bytes <-> 10 pkts/6487 bytes][Goodput ratio: 50/92][2.56 sec][bytes ratio: -0.682 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 283/306 1174/1173 370/349][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 112/649 315/2165 88/739][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Unknown][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][JA4: t10d320300_771403ec58f7_a875e5012fde][ServerNames: *.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2][Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.waze.com][Certificate SHA-1: A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57][Validity: 2015-01-12 13:36:11 - 2015-12-31 00:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,11,0,0,11,11,0,11,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,11]
+ 10 TCP 10.8.0.1:36134 <-> 46.51.173.182:443 [proto: 91.135/TLS.Waze][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 6][cat: Web/5][12 pkts/1650 bytes <-> 12 pkts/4935 bytes][Goodput ratio: 59/87][6.85 sec][bytes ratio: -0.499 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 729/963 4966/4966 1534/1663][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 138/411 380/3201 124/875][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Unknown][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][JA4: t10d320300_771403ec58f7_a875e5012fde][ServerNames: *.world.waze.com][JA3S: 714ac86d50db68420429ca897688f5f3 (WEAK)][Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2][Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com][Certificate SHA-1: 30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B][Validity: 2014-11-06 16:09:20 - 2015-11-06 16:09:20][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,12,0,0,12,12,0,12,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12]
+ 11 TCP 10.8.0.1:36137 <-> 46.51.173.182:443 [proto: 91.135/TLS.Waze][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 8][cat: Web/5][12 pkts/1522 bytes <-> 11 pkts/4220 bytes][Goodput ratio: 56/86][2.36 sec][bytes ratio: -0.470 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 196/195 883/537 286/190][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 127/384 380/2189 107/640][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Unknown][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][JA4: t10d320300_771403ec58f7_a875e5012fde][ServerNames: *.world.waze.com][JA3S: 714ac86d50db68420429ca897688f5f3 (WEAK)][Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2][Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com][Certificate SHA-1: 30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B][Validity: 2014-11-06 16:09:20 - 2015-11-06 16:09:20][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,0,0,0,12,12,12,25,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12]
+ 12 TCP 10.8.0.1:36314 <-> 176.34.186.180:443 [proto: 91.135/TLS.Waze][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 8][cat: Web/5][11 pkts/1260 bytes <-> 9 pkts/4413 bytes][Goodput ratio: 51/89][3.32 sec][bytes ratio: -0.556 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 335/261 1332/645 428/236][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 115/490 347/2533 95/785][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Unknown][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][JA4: t10d320300_771403ec58f7_a875e5012fde][ServerNames: *.world.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2][Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com][Certificate SHA-1: 30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B][Validity: 2014-11-06 16:09:20 - 2015-11-06 16:09:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,12,0,0,12,12,12,12,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12]
+ 13 TCP 10.8.0.1:51050 <-> 176.34.103.105:443 [proto: 91.135/TLS.Waze][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 8][cat: Web/5][9 pkts/1184 bytes <-> 9 pkts/4369 bytes][Goodput ratio: 57/89][2.45 sec][bytes ratio: -0.574 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 300/341 1397/1346 459/421][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 132/485 379/2165 108/725][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Unknown][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][JA4: t10d320300_771403ec58f7_a875e5012fde][ServerNames: *.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2][Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.waze.com][Certificate SHA-1: A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57][Validity: 2015-01-12 13:36:11 - 2015-12-31 00:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,12,0,0,12,25,0,12,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,12]
+ 14 TCP 10.8.0.1:45529 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 8][cat: Web/5][9 pkts/591 bytes <-> 8 pkts/3424 bytes][Goodput ratio: 14/87][0.53 sec][Hostname/SNI: roadshields.waze.com][bytes ratio: -0.706 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/3 75/105 261/274 89/92][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 66/428 137/1678 26/651][URL: roadshields.waze.com/images/HD/CH2.png][StatusCode: 200][Content-Type: image/png][Server: AmazonS3][User-Agent: /3.9.4.0][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 4.989 (Executable?)][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Unknown][PLAIN TEXT (GET /images/HD/CH)][Plen Bins: 25,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,25]
+ 15 TCP 10.8.0.1:36585 <-> 173.194.118.48:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Web/5][7 pkts/1137 bytes <-> 6 pkts/1005 bytes][Goodput ratio: 65/68][0.40 sec][bytes ratio: 0.062 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/2 32/74 53/188 24/69][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 162/168 572/602 177/200][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Unknown][TLSv1][JA3C: f8f5b71e02603b283e55b50d17ede861][JA4: t10d140200_37d7d24289bf_33a13ba74d1c][JA3S: 23f1f6e2f0015c166df49fdab4280370 (INSECURE)][Cipher: TLS_ECDHE_RSA_WITH_RC4_128_SHA][Plen Bins: 0,20,0,0,20,20,0,0,0,0,0,0,0,0,0,0,20,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 16 TCP 10.8.0.1:45536 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 8][cat: Web/5][8 pkts/594 bytes <-> 7 pkts/771 bytes][Goodput ratio: 24/51][0.14 sec][Hostname/SNI: cres.waze.com][bytes ratio: -0.130 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 23/29 134/84 50/39][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 74/110 194/447 46/138][URL: cres.waze.com/lang_asr/lang.portuguese_br_asr][StatusCode: 304][Server: AmazonS3][User-Agent: /3.9.4.0][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 5.214 (Executable?)][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Unknown][PLAIN TEXT (GET /lang)][Plen Bins: 33,0,0,0,33,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 17 TCP 10.8.0.1:50828 <-> 108.168.176.228:443 [proto: 142/WhatsApp][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Chat/9][8 pkts/673 bytes <-> 7 pkts/668 bytes][Goodput ratio: 33/43][0.55 sec][bytes ratio: 0.004 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/9 80/98 289/238 106/83][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 84/95 222/245 53/67][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Unknown][PLAIN TEXT (Android)][Plen Bins: 50,0,16,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 18 TCP 10.8.0.1:45546 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 8][cat: Web/5][7 pkts/557 bytes <-> 7 pkts/771 bytes][Goodput ratio: 28/51][0.54 sec][Hostname/SNI: cres.waze.com][bytes ratio: -0.161 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 105/174 394/397 152/166][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 80/110 211/447 54/138][URL: cres.waze.com/newVconfig/1.0/3/prompts_conf.buf?rtserver-id=15][StatusCode: 304][Server: AmazonS3][User-Agent: /3.9.4.0][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 5.243 (Executable?)][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Unknown][PLAIN TEXT (GET /newV)][Plen Bins: 33,0,0,0,33,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 19 TCP 10.8.0.1:45538 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 8][cat: Web/5][7 pkts/555 bytes <-> 7 pkts/771 bytes][Goodput ratio: 28/51][0.29 sec][Hostname/SNI: cres.waze.com][bytes ratio: -0.163 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 42/70 177/177 68/77][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 79/110 209/447 53/138][URL: cres.waze.com/lang_tts/lang.portuguese_br_tts?rtserver-id=15][StatusCode: 304][Server: AmazonS3][User-Agent: /3.9.4.0][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 5.276 (Executable?)][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Unknown][PLAIN TEXT (GET /lang)][Plen Bins: 33,0,0,0,33,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 20 TCP 10.8.0.1:45552 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 8][cat: Web/5][7 pkts/552 bytes <-> 7 pkts/771 bytes][Goodput ratio: 28/51][0.23 sec][Hostname/SNI: cres.waze.com][bytes ratio: -0.166 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 34/56 169/168 67/79][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 79/110 206/447 52/138][URL: cres.waze.com/langs/1.0/lang.portuguese_br?rtserver-id=15][StatusCode: 304][Server: AmazonS3][User-Agent: /3.9.4.0][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 5.296 (Executable?)][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Unknown][PLAIN TEXT (GET /langs/1.0/lang.portuguese)][Plen Bins: 33,0,0,0,33,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 21 TCP 10.8.0.1:45554 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 8][cat: Web/5][7 pkts/550 bytes <-> 7 pkts/769 bytes][Goodput ratio: 28/51][0.14 sec][Hostname/SNI: cres.waze.com][bytes ratio: -0.166 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 26/42 126/125 50/58][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 79/110 204/445 52/137][URL: cres.waze.com/newVconfig/1.0/3/lang.conf?rtserver-id=15][StatusCode: 304][Server: AmazonS3][User-Agent: /3.9.4.0][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 5.250 (Executable?)][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Unknown][PLAIN TEXT (GET /newV)][Plen Bins: 33,0,0,0,33,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 22 TCP 10.8.0.1:45540 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 8][cat: Web/5][7 pkts/553 bytes <-> 7 pkts/733 bytes][Goodput ratio: 28/48][0.29 sec][Hostname/SNI: roadshields.waze.com][bytes ratio: -0.140 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 42/68 176/174 68/76][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 79/105 207/409 53/124][URL: roadshields.waze.com/shields_conf_new_latam?rtserver-id=15][StatusCode: 304][Server: AmazonS3][User-Agent: /3.9.4.0][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 5.234 (Executable?)][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Unknown][PLAIN TEXT (GET /shields)][Plen Bins: 33,0,0,0,33,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
23 TCP 10.16.37.157:41823 <-> 200.160.4.49:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes][Goodput ratio: 0/0][0.00 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
24 TCP 10.16.37.157:43991 <-> 200.160.4.31:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes][Goodput ratio: 0/0][0.01 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
25 TCP 10.16.37.157:46473 <-> 200.160.4.49:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes][Goodput ratio: 0/0][0.01 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
Powered by cgit, Themed by Ted Yin.