1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
Guessed flow protos: 2
DPI Packets (TCP): 13 (4.33 pkts/flow)
DPI Packets (UDP): 2 (2.00 pkts/flow)
DPI Packets (other): 1 (1.00 pkts/flow)
Confidence Match by port : 1 (flows)
Confidence DPI : 4 (flows)
DNS 2 216 1
HTTP 1 66 1
ICMP 1 98 1
OpenDNS 22 7621 2
JA3 Host Stats:
IP Address # JA3C
1 192.168.7.7 1
1 TCP 192.168.7.7:35236 <-> 67.215.92.210:443 [proto: 91.225/TLS.OpenDNS][Encrypted][Confidence: DPI][cat: Malware/100][11 pkts/1280 bytes <-> 9 pkts/5860 bytes][Goodput ratio: 53/91][0.64 sec][Hostname/SNI: www.internetbadguys.com][ALPN: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.641 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 71/75 240/249 99/103][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 116/651 571/1514 148/644][Risk: ** TLS Certificate Mismatch **][Risk Score: 100][TLSv1.2][JA3C: b20b44b18b853ef29ab773e921b03422][ServerNames: api.opendns.com,branded-login.opendns.com,cachecheck.opendns.com,community.opendns.com,dashboard2.opendns.com,dashboard.opendns.com,dashboard-ipv4.opendns.com,msp-login.opendns.com,api-ipv4.opendns.com,api-ipv6.opendns.com,authz.api.opendns.com,domain.opendns.com,help.vpn.opendns.com,ideabank.opendns.com,login.opendns.com,netgear.opendns.com,reseller-login.opendns.com,images.opendns.com,images-using.opendns.com,store.opendns.com,signup.opendns.com,twilio.opendns.com,updates.opendns.com,shared.opendns.com,tools.opendns.com,cache.opendns.com,api.umbrella.com,branded-login.umbrella.com,cachecheck.umbrella.com,community.umbrella.com,dashboard2.umbrella.com,dashboard.umbrella.com,dashboard-ipv4.umbrella.com,msp-login.umbrella.com,api-ipv4.umbrella.com,api-ipv6.umbrella.com,authz.api.umbrella.com,domain.umbrella.com,help.vpn.umbrella.com,ideabank.umbrella.com,login.umbrella.com,netgear.umbrella.com,reseller-login.umbrella.com,images.umbrella.com,images-using.umbrella.com,store.umbrella.com,signup.umbrella.com,twilio.umbrella.com,updates.umbrella.com,shared.umbrella.com,tools.umbrella.com,cache.umbrella.com][JA3S: 0c0aff9ccea5e7e1de5c3a0069d103f3][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=OpenDNS, Inc., CN=api.opendns.com][Certificate SHA-1: 21:B4:CF:84:13:3A:21:A4:B0:02:63:76:39:84:EA:ED:27:EE:51:7C][Firefox][Validity: 2018-04-26 00:00:00 - 2020-07-29 00:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,0,0,12,0,0,0,0,12,0,0,0,0,0,0,0,12,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,38,0,0]
2 TCP 192.168.7.7:48394 <-> 67.215.92.210:80 [proto: 7.225/HTTP.OpenDNS][ClearText][Confidence: DPI][cat: Malware/100][1 pkts/383 bytes <-> 1 pkts/98 bytes][Goodput ratio: 86/44][0.21 sec][Hostname/SNI: www.internetbadguys.com][URL: www.internetbadguys.com/][StatusCode: 0][User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
3 UDP 192.168.7.7:42370 <-> 1.1.1.1:53 [proto: 5/DNS][ClearText][Confidence: DPI][cat: Malware/100][1 pkts/106 bytes <-> 1 pkts/110 bytes][Goodput ratio: 60/61][0.02 sec][Hostname/SNI: www.internetbadguys.com][67.215.92.210][PLAIN TEXT (internetbadguys)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
4 ICMP 192.168.7.7:0 -> 144.139.247.220:0 [proto: 81/ICMP][ClearText][Confidence: DPI][cat: Malware/100][1 pkts/98 bytes -> 0 pkts/0 bytes][Goodput ratio: 57/0][< 1 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
5 TCP 192.168.7.7:33706 -> 144.139.247.220:80 [proto: 7/HTTP][ClearText][Confidence: Match by port][cat: Malware/100][1 pkts/66 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|