1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
|
Guessed flow protos: 13
DPI Packets (TCP): 165 (4.34 pkts/flow)
DPI Packets (UDP): 36 (2.77 pkts/flow)
DPI Packets (other): 1 (1.00 pkts/flow)
Confidence Match by port : 12 (flows)
Confidence DPI : 39 (flows)
Confidence Match by IP : 1 (flows)
Num dissector calls: 1664 (32.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/39/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)
LRU cache tls_cert: 0/0/0 (insert/search/found)
LRU cache mining: 0/13/0 (insert/search/found)
LRU cache msteams: 0/0/0 (insert/search/found)
LRU cache stun_zoom: 0/5/0 (insert/search/found)
Automa host: 41/2 (search/found)
Automa domain: 41/0 (search/found)
Automa tls cert: 0/0 (search/found)
Automa risk mask: 7/1 (search/found)
Automa common alpns: 0/0 (search/found)
Patricia risk mask: 32/0 (search/found)
Patricia risk mask IPv6: 0/0 (search/found)
Patricia risk: 0/0 (search/found)
Patricia risk IPv6: 0/0 (search/found)
Patricia protocols: 98/6 (search/found)
Patricia protocols IPv6: 0/0 (search/found)
DNS 26 2848 7
HTTP 450 294880 19
SSDP 11 4984 1
WorldOfWarcraft 9 880 1
IGMP 2 120 1
TLS 46 3071 14
Google 11 1420 2
QUIC 6 475 1
Starcraft 236 51494 6
Safe 46 3071 14
Acceptable 506 304727 31
Fun 245 52374 7
1 TCP 192.168.1.100:3508 <-> 87.248.221.254:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Download/7][90 pkts/5059 bytes <-> 89 pkts/129145 bytes][Goodput ratio: 4/96][3.22 sec][Hostname/SNI: llnw.blizzard.com][bytes ratio: -0.925 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 45/3 2914/58 341/11][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 56/1451 241/1514 20/291][URL: llnw.blizzard.com/sc2-pod-retail/AF11CD00/EU/24621.direct/s2-36281-BA356DD57557728843CAF63A12C79AA3.mfil][StatusCode: 200][Content-Type: application/octet-stream][Server: Apache][User-Agent: Blizzard Web Client][Risk: ** Susp DGA Domain name **** Binary file/data transfer (attempt) **][Risk Score: 150][Risk Info: llnw.blizzard.com / Found binary mime octet-stream][PLAIN TEXT (GET /sc)][Plen Bins: 0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,97,0,0]
2 TCP 192.168.1.100:3517 <-> 213.248.127.130:1119 [proto: 213/Starcraft][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Game/8][126 pkts/9157 bytes <-> 89 pkts/41021 bytes][Goodput ratio: 26/88][3.83 sec][bytes ratio: -0.635 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 30/37 1016/1086 104/133][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 73/461 249/1514 28/593][Risk: ** Probing attempt **][Risk Score: 50][Risk Info: TCP connection with unidirectional traffic][PLAIN TEXT (matteobracci1@gmail.com)][Plen Bins: 76,2,2,2,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,13,0,0]
3 TCP 192.168.1.100:3527 <-> 2.228.46.112:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][15 pkts/971 bytes <-> 26 pkts/36462 bytes][Goodput ratio: 15/96][0.10 sec][Hostname/SNI: bnetcmsus-a.akamaihd.net][bytes ratio: -0.948 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/3 33/34 13/9][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 65/1402 203/1514 37/387][URL: bnetcmsus-a.akamaihd.net/cms/bnet_thumbnail/gc/GCF1DHMH8FDY1434670037434.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: Apache][User-Agent: Battle.net Web Client][PLAIN TEXT (GET /cms/bnet)][Plen Bins: 0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,96,0,0]
4 TCP 192.168.1.100:3528 <-> 2.228.46.112:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][11 pkts/755 bytes <-> 18 pkts/24350 bytes][Goodput ratio: 20/96][0.10 sec][Hostname/SNI: bnetcmsus-a.akamaihd.net][bytes ratio: -0.940 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 12/4 37/64 16/16][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 69/1353 203/1514 43/456][URL: bnetcmsus-a.akamaihd.net/cms/bnet_thumbnail/4j/4J7OUIISCLTQ1436943629210.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: Apache][User-Agent: Battle.net Web Client][PLAIN TEXT (GET /cms/bnet)][Plen Bins: 0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,94,0,0]
5 TCP 192.168.1.100:3529 <-> 2.228.46.112:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][11 pkts/752 bytes <-> 18 pkts/24350 bytes][Goodput ratio: 19/96][0.07 sec][Hostname/SNI: bnetcmsus-a.akamaihd.net][bytes ratio: -0.940 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/2 34/35 14/9][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 68/1353 200/1514 42/456][URL: bnetcmsus-a.akamaihd.net/cms/bnet_header/yf/YF9PRCZXJVPZ1428591254317.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: Apache][User-Agent: Battle.net Web Client][PLAIN TEXT (GET /cms/bnet)][Plen Bins: 0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,94,0,0]
6 TCP 192.168.1.100:3530 <-> 2.228.46.112:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][11 pkts/752 bytes <-> 18 pkts/24350 bytes][Goodput ratio: 19/96][0.08 sec][Hostname/SNI: bnetcmsus-a.akamaihd.net][bytes ratio: -0.940 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/3 34/47 14/12][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 68/1353 200/1514 42/456][URL: bnetcmsus-a.akamaihd.net/cms/bnet_header/0x/0XQ1VXR8ZR271434128527471.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: Apache][User-Agent: Battle.net Web Client][PLAIN TEXT (GET /cms/bnet)][Plen Bins: 0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,94,0,0]
7 TCP 192.168.1.100:3531 <-> 2.228.46.112:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][11 pkts/752 bytes <-> 18 pkts/24350 bytes][Goodput ratio: 19/96][0.07 sec][Hostname/SNI: bnetcmsus-a.akamaihd.net][bytes ratio: -0.940 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/2 34/32 14/8][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 68/1353 200/1514 42/456][URL: bnetcmsus-a.akamaihd.net/cms/bnet_header/fa/FA512IPUN0SE1436979936388.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: Apache][User-Agent: Battle.net Web Client][PLAIN TEXT (GET /cms/bnet)][Plen Bins: 0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,94,0,0]
8 UDP 192.168.1.254:38605 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][11 pkts/4984 bytes -> 0 pkts/0 bytes][Goodput ratio: 91/0][0.00 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 414/0 453/0 494/0 30/0][PLAIN TEXT (osNOTIFY )][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,45,0,45,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
9 TCP 192.168.1.100:3525 <-> 80.239.186.40:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][6 pkts/545 bytes <-> 6 pkts/3388 bytes][Goodput ratio: 38/90][0.18 sec][Hostname/SNI: eu.battle.net][bytes ratio: -0.723 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 31/18 64/60 27/25][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 91/565 263/1514 77/673][URL: eu.battle.net/sc2/en-gb/data/live-events.xml][StatusCode: 200][Content-Type: application/xml][Server: Apache][User-Agent: Battle.net Web Client][PLAIN TEXT (GET /sc)][Plen Bins: 0,0,0,25,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
10 TCP 192.168.1.100:3526 <-> 80.239.186.40:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][6 pkts/547 bytes <-> 5 pkts/3139 bytes][Goodput ratio: 39/91][0.19 sec][Hostname/SNI: eu.battle.net][bytes ratio: -0.703 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 33/26 70/61 29/26][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 91/628 265/1514 78/696][URL: eu.battle.net/sc2/en-gb/data/client-homepage.xml][StatusCode: 200][Content-Type: application/xml][Server: Apache][User-Agent: Battle.net Web Client][PLAIN TEXT (GET /sc)][Plen Bins: 0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,33,0,0]
11 TCP 192.168.1.100:3516 <-> 80.239.186.21:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][6 pkts/549 bytes <-> 6 pkts/3131 bytes][Goodput ratio: 39/89][0.17 sec][Hostname/SNI: eu.launcher.battle.net][bytes ratio: -0.702 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 28/18 56/55 28/26][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 92/522 267/1514 79/654][URL: eu.launcher.battle.net/service/s2/regionsxml/regions.xml][StatusCode: 200][Content-Type: application/xml][Server: Apache][User-Agent: Battle.net Web Client][PLAIN TEXT (GET /service/s2/regions)][Plen Bins: 0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,33,0,0]
12 TCP 192.168.1.100:3522 <-> 80.239.186.21:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][6 pkts/549 bytes <-> 5 pkts/3071 bytes][Goodput ratio: 39/91][0.17 sec][Hostname/SNI: eu.launcher.battle.net][bytes ratio: -0.697 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 29/19 58/58 29/27][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 92/614 267/1514 79/680][URL: eu.launcher.battle.net/service/s2/regionsxml/regions.xml][StatusCode: 200][Content-Type: application/xml][Server: Apache][User-Agent: Battle.net Web Client][PLAIN TEXT (GET /service/s2/regions)][Plen Bins: 0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,33,0,0]
13 TCP 192.168.1.100:3506 <-> 173.194.113.224:80 [proto: 7.126/HTTP.Google][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 6][cat: Advertisement/101][5 pkts/632 bytes <-> 4 pkts/667 bytes][Goodput ratio: 55/64][0.12 sec][Hostname/SNI: www.google-analytics.com][bytes ratio: -0.027 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/17 29/25 50/33 18/8][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 126/167 404/481 139/181][URL: www.google-analytics.com/collect][StatusCode: 200][Req Content-Type: text/plain][Content-Type: image/gif][Server: Golfe2][User-Agent: Battle.net/1.3.0.5952][PLAIN TEXT (POST /collect HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
14 TCP 192.168.1.100:3518 <-> 80.239.186.26:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][6 pkts/473 bytes <-> 4 pkts/753 bytes][Goodput ratio: 29/69][0.30 sec][Hostname/SNI: nydus.battle.net][bytes ratio: -0.228 (Download)][IAT c2s/s2c min/avg/max/stddev: 10/0 60/33 100/66 30/33][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 79/188 191/573 50/222][URL: nydus.battle.net/S2/enGB/client/alert?build=enGB&targetRegion=EU][StatusCode: 302][Content-Type: text/html][Server: Apache][User-Agent: Battle.net Web Client][PLAIN TEXT (GET /S2/enGB/client/alert)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
15 TCP 192.168.1.100:3515 <-> 80.239.186.26:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][6 pkts/475 bytes <-> 4 pkts/749 bytes][Goodput ratio: 29/69][0.30 sec][Hostname/SNI: nydus.battle.net][bytes ratio: -0.224 (Download)][IAT c2s/s2c min/avg/max/stddev: 9/0 60/34 96/68 29/34][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 79/187 193/569 51/220][URL: nydus.battle.net/S2/enGB/client/regions?build=enGB&targetRegion=EU][StatusCode: 302][Content-Type: text/html][Server: Apache][User-Agent: Battle.net Web Client][PLAIN TEXT (GET /S2/enGB/client/regions)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
16 TCP 192.168.1.100:3521 <-> 80.239.186.26:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][6 pkts/475 bytes <-> 4 pkts/749 bytes][Goodput ratio: 29/69][0.30 sec][Hostname/SNI: nydus.battle.net][bytes ratio: -0.224 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 60/30 102/59 34/30][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 79/187 193/569 51/220][URL: nydus.battle.net/S2/enGB/client/regions?build=enGB&targetRegion=EU][StatusCode: 302][Content-Type: text/html][Server: Apache][User-Agent: Battle.net Web Client][PLAIN TEXT (GET /S2/enGB/client/regions)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
17 TCP 192.168.1.100:3524 <-> 80.239.186.26:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][6 pkts/481 bytes <-> 4 pkts/733 bytes][Goodput ratio: 30/68][0.31 sec][Hostname/SNI: nydus.battle.net][bytes ratio: -0.208 (Download)][IAT c2s/s2c min/avg/max/stddev: 9/0 63/32 113/65 34/32][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 80/183 199/553 53/213][URL: nydus.battle.net/S2/enGB/client/feed/homepage?build=enGB&targetRegion=EU][StatusCode: 302][Content-Type: text/html][Server: Apache][User-Agent: Battle.net Web Client][PLAIN TEXT (GET /S2/enGB/client/feed/homepa)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
18 TCP 192.168.1.100:3523 <-> 80.239.186.26:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][6 pkts/483 bytes <-> 4 pkts/725 bytes][Goodput ratio: 30/68][0.31 sec][Hostname/SNI: nydus.battle.net][bytes ratio: -0.200 (Download)][IAT c2s/s2c min/avg/max/stddev: 9/0 61/32 111/65 33/32][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 80/181 201/545 54/210][URL: nydus.battle.net/S2/enGB/client/feed/live-event?build=enGB&targetRegion=EU][StatusCode: 302][Content-Type: text/html][Server: Apache][User-Agent: Battle.net Web Client][PLAIN TEXT (GET /S2/enGB/client/feed/live)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
19 TCP 192.168.1.100:3519 <-> 80.239.186.21:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][5 pkts/482 bytes <-> 4 pkts/497 bytes][Goodput ratio: 41/53][0.17 sec][Hostname/SNI: eu.launcher.battle.net][bytes ratio: -0.015 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 43/29 58/58 25/29][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 96/124 254/317 79/111][URL: eu.launcher.battle.net/service/s2/alert/en-gb][StatusCode: 200][Content-Type: text/plain][Server: Apache][User-Agent: Battle.net Web Client][PLAIN TEXT (GET /service/s2/alert/en)][Plen Bins: 0,0,0,0,0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
20 TCP 192.168.1.100:3427 <-> 80.239.208.193:1119 [proto: 213/Starcraft][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 13][cat: Game/8][6 pkts/376 bytes <-> 7 pkts/526 bytes][Goodput ratio: 14/22][10.56 sec][bytes ratio: -0.166 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2624/2614 6381/6342 2711/2730][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 63/75 74/155 9/33][Plen Bins: 80,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
21 TCP 192.168.1.100:3512 <-> 12.129.222.54:80 [proto: 7.76/HTTP.WorldOfWarcraft][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Game/8][5 pkts/367 bytes <-> 4 pkts/513 bytes][Goodput ratio: 23/53][0.60 sec][Hostname/SNI: us.scan.worldofwarcraft.com][bytes ratio: -0.166 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 9/0 148/102 198/203 80/102][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 73/128 139/327 33/115][URL: us.scan.worldofwarcraft.com/update/Launcher.txt][StatusCode: 200][Content-Type: text/plain][Server: Apache/2.2.3 (CentOS)][Risk: ** HTTP Susp User-Agent **** HTTP Obsolete Server **][Risk Score: 150][Risk Info: Empty or missing User-Agent / Obsolete Apache server 2.2.3][PLAIN TEXT (GET /update/Launcher.txt HTTP/1)][Plen Bins: 0,0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
22 UDP 192.168.1.100:55468 <-> 192.168.1.254:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/168 bytes <-> 2 pkts/388 bytes][Goodput ratio: 50/78][0.09 sec][Hostname/SNI: bnetcmsus-a.akamaihd.net][2.228.46.112][PLAIN TEXT (bnetcmsus)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
23 UDP 173.194.40.22:443 <-> 192.168.1.100:53568 [proto: 188/QUIC][IP: 126/Google][Encrypted][Confidence: Match by port][DPI packets: 6][cat: Web/5][3 pkts/243 bytes <-> 3 pkts/232 bytes][Goodput ratio: 48/45][28.94 sec][bytes ratio: 0.023 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 13855/13940 14457/14457 15059/14974 602/517][Pkt Len c2s/s2c min/avg/max/stddev: 77/66 81/77 83/83 3/8][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 5.072 (Executable?)][Plen Bins: 16,83,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
24 UDP 192.168.1.100:58851 <-> 192.168.1.254:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/173 bytes <-> 2 pkts/282 bytes][Goodput ratio: 51/70][0.05 sec][Hostname/SNI: 110.212.58.216.in-addr.arpa][::][Plen Bins: 0,50,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
25 UDP 192.168.1.100:60026 <-> 192.168.1.254:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/154 bytes <-> 2 pkts/288 bytes][Goodput ratio: 45/71][0.08 sec][Hostname/SNI: llnw.blizzard.com][87.248.221.254][Risk: ** Susp DGA Domain name **** Risky Domain Name **][Risk Score: 150][Risk Info: llnw.blizzard.com / DGA Name Query with no Error Code][PLAIN TEXT (blizzard)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
26 UDP 192.168.1.100:58818 <-> 192.168.1.254:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/172 bytes <-> 2 pkts/260 bytes][Goodput ratio: 51/67][0.06 sec][Hostname/SNI: 100.1.168.192.in-addr.arpa][::][Risk: ** Minor Issues **][Risk Score: 10][Risk Info: DNS Record with zero TTL][PLAIN TEXT (dynect)][Plen Bins: 0,50,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
27 UDP 192.168.1.100:58831 <-> 192.168.1.254:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][2 pkts/172 bytes <-> 2 pkts/245 bytes][Goodput ratio: 51/65][0.17 sec][Hostname/SNI: 26.186.239.80.in-addr.arpa][::][Risk: ** Error Code **][Risk Score: 10][Risk Info: DNS Error Code NXDOMAIN][PLAIN TEXT (signup)][Plen Bins: 0,75,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
28 TCP 192.168.1.100:3532 <-> 2.228.46.112:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Web/5][3 pkts/320 bytes <-> 1 pkts/66 bytes][Goodput ratio: 45/0][0.04 sec][Hostname/SNI: bnetcmsus-a.akamaihd.net][URL: bnetcmsus-a.akamaihd.net/cms/bnet_header/78/78XH2UNU4JYK1434560551687.jpg][User-Agent: Battle.net Web Client][Risk: ** Probing attempt **][Risk Score: 50][Risk Info: TCP connection with unidirectional traffic][PLAIN TEXT (GET /cms/bnet)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
29 TCP 192.168.1.100:3533 <-> 2.228.46.112:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Web/5][3 pkts/320 bytes <-> 1 pkts/66 bytes][Goodput ratio: 45/0][0.04 sec][Hostname/SNI: bnetcmsus-a.akamaihd.net][URL: bnetcmsus-a.akamaihd.net/cms/bnet_header/mf/MFTH8TS42HKX1430183778319.jpg][User-Agent: Battle.net Web Client][Risk: ** Probing attempt **][Risk Score: 50][Risk Info: TCP connection with unidirectional traffic][PLAIN TEXT (GET /cms/bnet)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
30 UDP 192.168.1.100:53145 <-> 192.168.1.254:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/152 bytes <-> 2 pkts/184 bytes][Goodput ratio: 44/54][0.08 sec][Hostname/SNI: nydus.battle.net][80.239.186.26][PLAIN TEXT (battle)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
31 TCP 192.168.1.100:3479 <-> 2.228.46.114:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes][Goodput ratio: 0/32][0.03 sec][Risk: ** Probing attempt **][Risk Score: 50][Risk Info: TCP connection with unidirectional traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
32 TCP 192.168.1.100:3480 <-> 2.228.46.114:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes][Goodput ratio: 0/32][0.04 sec][Risk: ** Probing attempt **][Risk Score: 50][Risk Info: TCP connection with unidirectional traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
33 TCP 192.168.1.100:3481 <-> 2.228.46.114:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes][Goodput ratio: 0/32][0.03 sec][Risk: ** Probing attempt **][Risk Score: 50][Risk Info: TCP connection with unidirectional traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
34 TCP 192.168.1.100:3482 <-> 2.228.46.114:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes][Goodput ratio: 0/32][0.03 sec][Risk: ** Probing attempt **][Risk Score: 50][Risk Info: TCP connection with unidirectional traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
35 TCP 192.168.1.100:3489 <-> 2.228.46.104:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes][Goodput ratio: 0/32][0.05 sec][Risk: ** Probing attempt **][Risk Score: 50][Risk Info: TCP connection with unidirectional traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
36 TCP 192.168.1.100:3490 <-> 2.228.46.104:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes][Goodput ratio: 0/32][0.03 sec][Risk: ** Probing attempt **][Risk Score: 50][Risk Info: TCP connection with unidirectional traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
37 TCP 192.168.1.100:3491 <-> 2.228.46.104:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes][Goodput ratio: 0/32][0.04 sec][Risk: ** Probing attempt **][Risk Score: 50][Risk Info: TCP connection with unidirectional traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
38 TCP 192.168.1.100:3492 <-> 2.228.46.104:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes][Goodput ratio: 0/32][0.03 sec][Risk: ** Probing attempt **][Risk Score: 50][Risk Info: TCP connection with unidirectional traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
39 TCP 192.30.252.91:443 <-> 192.168.1.100:3213 [proto: 91/TLS][IP: 203/Github][Encrypted][Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/145 bytes <-> 1 pkts/89 bytes][Goodput ratio: 21/39][0.13 sec][Risk: ** Probing attempt **][Risk Score: 50][Risk Info: TLS/QUIC Probing][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
40 TCP 192.168.1.100:3486 <-> 199.38.164.156:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][DPI packets: 4][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/120 bytes][Goodput ratio: 0/0][0.12 sec][Risk: ** Probing attempt **][Risk Score: 50][Risk Info: TCP connection with unidirectional traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
41 UDP 192.168.1.100:58844 <-> 192.168.1.254:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/86 bytes <-> 1 pkts/124 bytes][Goodput ratio: 51/66][0.05 sec][Hostname/SNI: 40.186.239.80.in-addr.arpa][::][PLAIN TEXT (attens)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
42 TCP 192.168.1.100:3484 <-> 173.194.113.224:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: Match by port][DPI packets: 3][cat: Web/5][2 pkts/108 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.03 sec][Risk: ** Probing attempt **][Risk Score: 50][Risk Info: TCP connection with unidirectional traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
43 TCP 192.168.1.100:2759 <-> 64.233.184.188:5228 [proto: 126/Google][IP: 126/Google][Encrypted][Confidence: Match by IP][DPI packets: 2][cat: Web/5][1 pkts/55 bytes <-> 1 pkts/66 bytes][Goodput ratio: 2/0][0.05 sec][Risk: ** Probing attempt **][Risk Score: 50][Risk Info: TCP connection with unidirectional traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
44 TCP 192.168.1.100:3052 <-> 216.58.212.110:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: Match by port][DPI packets: 2][cat: Web/5][1 pkts/55 bytes <-> 1 pkts/66 bytes][Goodput ratio: 2/0][0.04 sec][Risk: ** Probing attempt **][Risk Score: 50][Risk Info: TCP connection with unidirectional traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
45 IGMP 192.168.1.107:0 -> 224.0.0.22:0 [proto: 82/IGMP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/120 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.18 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
46 UDP 192.168.1.100:53146 <-> 5.42.180.154:1119 [proto: 213/Starcraft][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Game/8][1 pkts/44 bytes <-> 1 pkts/60 bytes][Goodput ratio: 4/3][0.05 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
47 UDP 192.168.1.100:53146 <-> 62.115.246.51:1119 [proto: 213/Starcraft][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Game/8][1 pkts/44 bytes <-> 1 pkts/60 bytes][Goodput ratio: 4/3][0.06 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
48 UDP 192.168.1.100:6113 <-> 213.248.127.166:1119 [proto: 213/Starcraft][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Game/8][1 pkts/43 bytes <-> 1 pkts/60 bytes][Goodput ratio: 2/11][0.05 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
49 UDP 192.168.1.100:6113 <-> 213.248.127.212:1119 [proto: 213/Starcraft][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Game/8][1 pkts/43 bytes <-> 1 pkts/60 bytes][Goodput ratio: 2/11][0.05 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
50 TCP 192.168.1.100:3534 -> 2.228.46.112:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/66 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **** Probing attempt **][Risk Score: 60][Risk Info: No server to client traffic / TCP connection with unidirectional traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
51 TCP 80.239.186.26:443 -> 192.168.1.100:3476 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/60 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **** TCP Connection Issues **** Probing attempt **][Risk Score: 110][Risk Info: No client to server traffic / TCP probing attempt / TCP connection with unidirectional traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
52 TCP 80.239.186.40:443 -> 192.168.1.100:3478 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/60 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **** TCP Connection Issues **** Probing attempt **][Risk Score: 110][Risk Info: No client to server traffic / TCP probing attempt / TCP connection with unidirectional traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|