1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
DPI Packets (TCP): 78 (8.67 pkts/flow)
Confidence DPI : 9 (flows)
Num dissector calls: 9 (1.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)
LRU cache tls_cert: 0/0/0 (insert/search/found)
LRU cache mining: 0/0/0 (insert/search/found)
LRU cache msteams: 0/0/0 (insert/search/found)
LRU cache fpc_dns: 0/9/0 (insert/search/found)
Automa host: 9/9 (search/found)
Automa domain: 9/0 (search/found)
Automa tls cert: 0/0 (search/found)
Automa risk mask: 4/0 (search/found)
Automa common alpns: 18/18 (search/found)
Patricia risk mask: 8/0 (search/found)
Patricia risk mask IPv6: 0/0 (search/found)
Patricia risk: 0/0 (search/found)
Patricia risk IPv6: 0/0 (search/found)
Patricia protocols: 9/9 (search/found)
Patricia protocols IPv6: 0/0 (search/found)
Yandex 20 3709 2
YandexMail 11 3137 1
YandexMusic 18 8243 1
YandexMarket 11 3888 1
YandexDisk 18 9337 1
YandexCloud 18 11310 1
YandexMetrika 16 9241 1
YandexDirect 18 8718 1
Safe 94 40622 7
Fun 18 8243 1
Tracker/Ads 18 8718 1
JA3 Host Stats:
IP Address # JA3C
1 192.168.1.249 1
1 TCP 192.168.1.249:57322 <-> 87.250.250.108:443 [proto: 91.62/TLS.YandexCloud][IP: 25/Yandex][Encrypted][Confidence: DPI][FPC: 25/Yandex, Confidence: IP address][DPI packets: 6][cat: Cloud/13][9 pkts/2271 bytes <-> 9 pkts/9039 bytes][Goodput ratio: 73/93][0.21 sec][Hostname/SNI: cloud.yandex.ru][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.598 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 29/21 86/121 32/41][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 252/1004 1138/2862 351/1122][TLSv1.3][JA3C: cd08e31494f9531f560d64c695473da9][JA4: t13d1516h2_8daaf6152771_e5627efa2ab1][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,25,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,37]
2 TCP 192.168.1.249:42954 <-> 77.88.21.127:443 [proto: 91.57/TLS.YandexDisk][IP: 25/Yandex][Encrypted][Confidence: DPI][FPC: 25/Yandex, Confidence: IP address][DPI packets: 8][cat: Cloud/13][11 pkts/3088 bytes <-> 7 pkts/6249 bytes][Goodput ratio: 76/92][< 1 sec][Hostname/SNI: 1.downloader.disk.yandex.kz][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.339 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/3 13/13 5/5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 281/893 1464/4162 402/1405][Risk: ** TLS Cert About To Expire **][Risk Score: 50][Risk Info: 16/Aug/2022 14:06:19 - 13/Feb/2023 20:59:59][TLSv1.2][JA3C: cd08e31494f9531f560d64c695473da9][JA4: t13d1516h2_8daaf6152771_e5627efa2ab1][ServerNames: *.downloader.disk.yandex.uz,downloader.disk.yandex.ru,*.disk.yandex.net,*.downloader.disk.yandex.az,*.downloader.disk.yandex.by,*.downloader.disk.yandex.co.il,*.downloader.disk.yandex.com,*.downloader.disk.yandex.com.am,*.downloader.disk.yandex.com.ge,*.downloader.disk.yandex.com.tr,*.downloader.disk.yandex.ee,*.downloader.disk.yandex.fr,*.downloader.disk.yandex.kg,*.downloader.disk.yandex.kz,*.downloader.disk.yandex.lt,*.downloader.disk.yandex.lv,*.downloader.disk.yandex.md,*.downloader.disk.yandex.net,*.downloader.disk.yandex.ru,*.downloader.disk.yandex.tj,*.downloader.disk.yandex.tm,downloader.disk.yandex.az,downloader.disk.yandex.by,downloader.disk.yandex.co.il,downloader.disk.yandex.com,downloader.disk.yandex.com.am,downloader.disk.yandex.com.ge,downloader.disk.yandex.com.tr,downloader.disk.yandex.ee,downloader.disk.yandex.fr,downloader.disk.yandex.kg,downloader.disk.yandex.kz,downloader.disk.yandex.lt,downloader.disk.yandex.lv,downloader.disk.yandex.md,downloader.disk.yandex.net,downloader.disk.yandex.tj,downloader.disk.yandex.tm,downloader.disk.yandex.uz][JA3S: 00447ab319e9d94ba2b4c1248e155917][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018][Subject: C=RU, ST=Moscow, L=Moscow, O=Yandex LLC, CN=*.downloader.disk.yandex.uz][Certificate SHA-1: 5F:90:0E:31:DE:D3:1E:B0:D7:D0:03:03:C0:2E:6B:5D:53:A4:D3:77][Chrome][Validity: 2022-08-16 14:06:19 - 2023-02-13 20:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,10,20,10,0,0,10,0,0,10,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,10,0,0,0,10]
3 TCP 192.168.1.249:51462 <-> 87.250.251.77:443 [proto: 91.98/TLS.YandexMetrika][IP: 25/Yandex][Encrypted][Confidence: DPI][FPC: 25/Yandex, Confidence: IP address][DPI packets: 6][cat: Web/5][10 pkts/3371 bytes <-> 6 pkts/5870 bytes][Goodput ratio: 80/93][< 1 sec][Hostname/SNI: metrika.yandex.kz][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.270 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 162/3 1262/10 416/4][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 337/978 1464/2862 433/1129][TLSv1.3][JA3C: cd08e31494f9531f560d64c695473da9][JA4: t13d1516h2_8daaf6152771_e5627efa2ab1][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,12,12,0,0,0,0,0,0,0,0,0,0,0,0,25,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,25]
4 TCP 192.168.1.249:58832 <-> 87.250.250.134:443 [proto: 91.99/TLS.YandexDirect][IP: 25/Yandex][Encrypted][Confidence: DPI][FPC: 25/Yandex, Confidence: IP address][DPI packets: 6][cat: Advertisement/101][9 pkts/2679 bytes <-> 9 pkts/6039 bytes][Goodput ratio: 77/90][0.03 sec][Hostname/SNI: direct.yandex.kz][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.385 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/1 7/4 3/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 298/671 1454/2862 438/893][TLSv1.3][JA3C: cd08e31494f9531f560d64c695473da9][JA4: t13d1516h2_8daaf6152771_e5627efa2ab1][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,11]
5 TCP 192.168.1.249:40218 <-> 213.180.204.186:443 [proto: 91.34/TLS.YandexMusic][IP: 25/Yandex][Encrypted][Confidence: DPI][FPC: 25/Yandex, Confidence: IP address][DPI packets: 10][cat: Music/25][10 pkts/3025 bytes <-> 8 pkts/5218 bytes][Goodput ratio: 78/90][0.59 sec][Hostname/SNI: music.yandex.kz][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.266 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 70/92 465/521 150/192][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 302/652 1464/1710 423/700][TLSv1.2][JA3C: cd08e31494f9531f560d64c695473da9][JA4: t13d1516h2_8daaf6152771_e5627efa2ab1][ServerNames: *.music.yandex.ru,music-partner.yandex.ru,music.yandex,music.yandex.by,music.yandex.uz,music.ya.ru,music.yandex.kz,music.yandex.com,music.yandex.ru][JA3S: 4ef1b297bb817d8212165a86308bac5f][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018][Subject: C=RU, ST=Moscow, L=Moscow, O=Yandex LLC, CN=*.music.yandex.ru][Certificate SHA-1: 84:6E:A1:68:E5:3B:10:C1:87:75:43:D8:F2:39:C3:4D:E9:9F:DC:88][Chrome][Validity: 2023-01-10 21:05:02 - 2023-07-11 20:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,12,0,0,0,0,12,0,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,38,0,0,0,12]
6 TCP 192.168.1.249:40870 -> 87.250.251.22:443 [proto: 91.56/TLS.YandexMarket][IP: 25/Yandex][Encrypted][Confidence: DPI][FPC: 25/Yandex, Confidence: IP address][DPI packets: 11][cat: Shopping/27][11 pkts/3888 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][0.05 sec][Hostname/SNI: fenek.market.yandex.ru][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/0 23/0 8/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 353/0 1464/0 473/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.2][JA3C: cd08e31494f9531f560d64c695473da9][JA4: t13d1516h2_8daaf6152771_e5627efa2ab1][Chrome][Plen Bins: 0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,20,0,0,0,0]
7 TCP 192.168.1.249:45224 -> 77.88.21.37:443 [proto: 91.33/TLS.YandexMail][IP: 25/Yandex][Encrypted][Confidence: DPI][FPC: 25/Yandex, Confidence: IP address][DPI packets: 11][cat: Email/3][11 pkts/3137 bytes -> 0 pkts/0 bytes][Goodput ratio: 77/0][< 1 sec][Hostname/SNI: mail.yandex.kz][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/0 51/0 16/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 285/0 1464/0 412/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.2][JA3C: cd08e31494f9531f560d64c695473da9][JA4: t13d1516h2_8daaf6152771_e5627efa2ab1][Chrome][Plen Bins: 0,0,25,0,0,0,0,0,0,0,0,0,25,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0]
8 TCP 192.168.1.249:42102 -> 178.154.131.216:443 [proto: 91.25/TLS.Yandex][IP: 25/Yandex][Encrypted][Confidence: DPI][FPC: 25/Yandex, Confidence: IP address][DPI packets: 11][cat: Web/5][11 pkts/1890 bytes -> 0 pkts/0 bytes][Goodput ratio: 61/0][0.09 sec][Hostname/SNI: yastatic.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/0 31/0 10/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 172/0 583/0 178/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.2][JA3C: cd08e31494f9531f560d64c695473da9][JA4: t13d1516h2_8daaf6152771_e5627efa2ab1][Chrome][Plen Bins: 20,0,40,0,0,0,0,0,0,0,0,0,0,20,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
9 TCP 192.168.1.249:57126 -> 178.154.131.216:443 [proto: 91.25/TLS.Yandex][IP: 25/Yandex][Encrypted][Confidence: DPI][FPC: 25/Yandex, Confidence: IP address][DPI packets: 9][cat: Web/5][9 pkts/1819 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][3.52 sec][Hostname/SNI: yastatic.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 440/0 3495/0 1155/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 202/0 594/0 209/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.2][JA3C: cd08e31494f9531f560d64c695473da9][JA4: t13d1516h2_8daaf6152771_e5627efa2ab1][Chrome][Plen Bins: 0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|