DAEMON-EVENT: init DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] ERROR-EVENT: Unknown packet type [1/16] new: [.....1] [ip4][..tcp] [....172.20.3.13][...80] -> [.....172.20.3.5][.2600] [MIDSTREAM] ERROR-EVENT: Unknown packet type [2/16] new: [.....2] [ip4][..tcp] [....172.20.3.13][...80] -> [.....172.20.3.5][.2601] detected: [.....2] [ip4][..tcp] [....172.20.3.13][...80] -> [.....172.20.3.5][.2601] [HTTP][Unknown][Web][Acceptable][] new: [.....3] [ip4][..tcp] [....172.20.3.13][...81] -> [.....172.20.3.5][.2601] [MIDSTREAM] new: [.....4] [ip4][..tcp] [......0.20.3.13][...80] -> [.....172.20.3.5][.2601] [MIDSTREAM] ERROR-EVENT: Unknown packet type [3/16] new: [.....5] [ip4][..tcp] [....172.20.3.13][53132] -> [.....172.20.3.5][...80] new: [.....6] [ip4][..tcp] [.....172.20.3.1][...80] -> [....172.20.3.13][53132] [MIDSTREAM] detected: [.....6] [ip4][..tcp] [.....172.20.3.1][...80] -> [....172.20.3.13][53132] [HTTP][Unknown][Web][Acceptable][] RISK: HTTP Susp User-Agent, Unidirectional Traffic new: [.....7] [ip4][..tcp] [.....172.20.3.5][...80] -> [....172.57.3.13][53132] [MIDSTREAM] new: [.....8] [ip4][..tcp] [......172.6.3.5][...80] -> [....172.20.3.13][53132] [MIDSTREAM] new: [.....9] [ip4][..tcp] [.....172.20.3.5][.2602] -> [....172.21.3.13][...80] ERROR-EVENT: Unknown packet type [4/16] new: [....10] [ip4][..170] [170.170.170.170] -> [170.170.170.170] new: [....11] [ip4][..tcp] [.....172.20.3.5][.2602] -> [....172.20.3.13][...80] [MIDSTREAM] detected: [....11] [ip4][..tcp] [.....172.20.3.5][.2602] -> [....172.20.3.13][...80] [HTTP][Unknown][Web][Acceptable][172.20.3.13] RISK: HTTP Susp User-Agent, HTTP/TLS/QUIC Numeric Hostname/SNI, Unidirectional Traffic new: [....12] [ip4][..tcp] [....172.20.3.88][...80] -> [....172.20.3.82][.2601] [MIDSTREAM] new: [....13] [ip4][..tcp] [.....172.20.3.5][.2603] -> [....172.20.3.13][...80] new: [....14] [ip4][..tcp] [.....172.20.3.5][.2603] -> [....172.20.3.77][...80] [MIDSTREAM] new: [....15] [ip4][..tcp] [.....172.20.3.5][.2603] -> [.....72.20.3.13][...80] [MIDSTREAM] new: [....16] [ip4][..tcp] [....172.20.3.13][...80] -> [....172.20.82.5][.2603] [MIDSTREAM] new: [....17] [ip4][..tcp] [.....172.20.3.5][.2603] -> [....68.37.115.0][...80] [MIDSTREAM] new: [....18] [ip4][..tcp] [.....172.20.3.5][.2604] -> [....172.20.3.13][...80] detected: [....18] [ip4][..tcp] [.....172.20.3.5][.2604] -> [....172.20.3.13][...80] [HTTP][Unknown][Web][Acceptable][172.20.3.13] RISK: HTTP/TLS/QUIC Numeric Hostname/SNI ERROR-EVENT: Unknown packet type [1/16] new: [....19] [ip4][..tcp] [....172.20.3.13][...80] -> [....172.20.68.5][.2604] [MIDSTREAM] new: [....20] [ip4][..tcp] [.....172.20.3.5][.2605] -> [....172.20.3.13][...80] detected: [....20] [ip4][..tcp] [.....172.20.3.5][.2605] -> [....172.20.3.13][...80] [HTTP][Unknown][Web][Acceptable][172.20.3.13] RISK: HTTP/TLS/QUIC Numeric Hostname/SNI new: [....21] [ip4][..tcp] [......51.20.3.5][.2605] -> [....172.20.3.13][...80] [MIDSTREAM] new: [....22] [ip4][..tcp] [....172.20.3.13][...80] -> [....172.20.76.5][65069] [MIDSTREAM] new: [....23] [ip4][..tcp] [....172.20.3.13][...80] -> [......44.20.3.5][.2605] [MIDSTREAM] detected: [....23] [ip4][..tcp] [....172.20.3.13][...80] -> [......44.20.3.5][.2605] [HTTP][Unknown][Web][Acceptable][] RISK: HTTP Susp User-Agent, Unidirectional Traffic ERROR-EVENT: Unknown L3 protocol [2/16] new: [....24] [ip4][..tcp] [170.170.170.170][43690] -> [170.170.170.170][43690] new: [....25] [ip4][..tcp] [....172.20.3.13][...80] -> [.....172.20.3.5][.2639] [MIDSTREAM] new: [....26] [ip4][..tcp] [....172.52.3.13][...80] -> [.....172.20.3.5][.2093] [MIDSTREAM] new: [....27] [ip4][..tcp] [.....172.20.3.5][.2606] -> [....172.20.3.13][...80] detected: [....27] [ip4][..tcp] [.....172.20.3.5][.2606] -> [....172.20.3.13][...80] [HTTP][Unknown][Web][Acceptable][172.20.3.13] RISK: HTTP Susp User-Agent, HTTP/TLS/QUIC Numeric Hostname/SNI ERROR-EVENT: Unknown L3 protocol [1/16] new: [....28] [ip4][..tcp] [....172.20.3.13][...80] -> [....172.20.72.5][.2606] [MIDSTREAM] detected: [....28] [ip4][..tcp] [....172.20.3.13][...80] -> [....172.20.72.5][.2606] [HTTP][Unknown][Web][Acceptable][] RISK: HTTP Susp User-Agent, Unidirectional Traffic new: [....29] [ip4][..tcp] [.....172.20.3.5][.2607] -> [....172.20.3.13][...80] new: [....30] [ip4][..tcp] [.....172.20.3.5][.9587] -> [....172.20.3.13][...80] [MIDSTREAM] detected: [....30] [ip4][..tcp] [.....172.20.3.5][.9587] -> [....172.20.3.13][...80] [HTTP][Unknown][Web][Acceptable][] RISK: HTTP Susp User-Agent, Unidirectional Traffic new: [....31] [ip4][..tcp] [....172.20.2.13][...80] -> [.....172.20.3.5][.2607] [MIDSTREAM] detected: [....31] [ip4][..tcp] [....172.20.2.13][...80] -> [.....172.20.3.5][.2607] [HTTP][Unknown][Web][Acceptable][] RISK: HTTP Susp User-Agent, Unidirectional Traffic new: [....32] [ip4][..tcp] [....172.20.3.13][53193] -> [.....172.20.3.5][...80] new: [....33] [ip4][..tcp] [.....172.20.3.5][...80] -> [...172.20.35.13][53136] new: [....34] [ip4][..tcp] [....172.20.3.13][53136] -> [.....172.20.3.5][...80] [MIDSTREAM] detected: [....34] [ip4][..tcp] [....172.20.3.13][53136] -> [.....172.20.3.5][...80] [HTTP][Unknown][Web][Acceptable][172.20.3.5] RISK: Unidirectional Traffic new: [....35] [ip4][..tcp] [....172.20.3.13][53136] -> [.....172.70.3.5][...80] [MIDSTREAM] new: [....36] [ip4][..tcp] [...172.20.67.13][53136] -> [.....172.20.3.5][...80] [MIDSTREAM] ERROR-EVENT: Unknown packet type [2/16] new: [....37] [ip4][..tcp] [....172.20.3.13][...80] -> [.....172.20.3.5][.2608] detected: [....37] [ip4][..tcp] [....172.20.3.13][...80] -> [.....172.20.3.5][.2608] [HTTP][Unknown][Web][Acceptable][] RISK: HTTP Susp User-Agent new: [....38] [ip4][..tcp] [....172.20.3.13][...80] -> [...172.20.148.5][.2608] [MIDSTREAM] new: [....39] [ip4][..115] [....172.20.3.13] -> [.....172.20.3.5] idle: [.....6] [ip4][..tcp] [.....172.20.3.1][...80] -> [....172.20.3.13][53132] guessed: [.....5] [ip4][..tcp] [....172.20.3.13][53132] -> [.....172.20.3.5][...80] [HTTP][Unknown][Web][Acceptable][] end: [.....5] [ip4][..tcp] [....172.20.3.13][53132] -> [.....172.20.3.5][...80] guessed: [....36] [ip4][..tcp] [...172.20.67.13][53136] -> [.....172.20.3.5][...80] [HTTP][Unknown][Web][Acceptable][] RISK: Unidirectional Traffic idle: [....36] [ip4][..tcp] [...172.20.67.13][53136] -> [.....172.20.3.5][...80] end: [....34] [ip4][..tcp] [....172.20.3.13][53136] -> [.....172.20.3.5][...80] [HTTP][Unknown][Web][Acceptable] guessed: [....33] [ip4][..tcp] [.....172.20.3.5][...80] -> [...172.20.35.13][53136] [HTTP][Unknown][Web][Acceptable][] RISK: Unidirectional Traffic idle: [....33] [ip4][..tcp] [.....172.20.3.5][...80] -> [...172.20.35.13][53136] guessed: [....32] [ip4][..tcp] [....172.20.3.13][53193] -> [.....172.20.3.5][...80] [HTTP][Unknown][Web][Acceptable][] RISK: Unidirectional Traffic idle: [....32] [ip4][..tcp] [....172.20.3.13][53193] -> [.....172.20.3.5][...80] not-detected: [....39] [ip4][..115] [....172.20.3.13] -> [.....172.20.3.5] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [....39] [ip4][..115] [....172.20.3.13] -> [.....172.20.3.5] guessed: [....26] [ip4][..tcp] [....172.52.3.13][...80] -> [.....172.20.3.5][.2093] [HTTP][Unknown][Web][Acceptable][] RISK: Unidirectional Traffic end: [....26] [ip4][..tcp] [....172.52.3.13][...80] -> [.....172.20.3.5][.2093] not-detected: [....24] [ip4][..tcp] [170.170.170.170][43690] -> [170.170.170.170][43690] [Unknown][Unknown][Unrated] idle: [....24] [ip4][..tcp] [170.170.170.170][43690] -> [170.170.170.170][43690] guessed: [.....4] [ip4][..tcp] [......0.20.3.13][...80] -> [.....172.20.3.5][.2601] [HTTP][Unknown][Web][Acceptable][] RISK: Unidirectional Traffic idle: [.....4] [ip4][..tcp] [......0.20.3.13][...80] -> [.....172.20.3.5][.2601] guessed: [.....8] [ip4][..tcp] [......172.6.3.5][...80] -> [....172.20.3.13][53132] [HTTP][Unknown][Web][Acceptable][] RISK: Unidirectional Traffic idle: [.....8] [ip4][..tcp] [......172.6.3.5][...80] -> [....172.20.3.13][53132] guessed: [....35] [ip4][..tcp] [....172.20.3.13][53136] -> [.....172.70.3.5][...80] [HTTP][Cloudflare][Web][Acceptable][] RISK: Unidirectional Traffic idle: [....35] [ip4][..tcp] [....172.20.3.13][53136] -> [.....172.70.3.5][...80] idle: [....23] [ip4][..tcp] [....172.20.3.13][...80] -> [......44.20.3.5][.2605] guessed: [....21] [ip4][..tcp] [......51.20.3.5][.2605] -> [....172.20.3.13][...80] [HTTP][AmazonAWS][Web][Acceptable][] RISK: Unidirectional Traffic idle: [....21] [ip4][..tcp] [......51.20.3.5][.2605] -> [....172.20.3.13][...80] guessed: [....15] [ip4][..tcp] [.....172.20.3.5][.2603] -> [.....72.20.3.13][...80] [HTTP][Unknown][Web][Acceptable][] RISK: Unidirectional Traffic end: [....15] [ip4][..tcp] [.....172.20.3.5][.2603] -> [.....72.20.3.13][...80] guessed: [.....1] [ip4][..tcp] [....172.20.3.13][...80] -> [.....172.20.3.5][.2600] [HTTP][Unknown][Web][Acceptable][] end: [.....1] [ip4][..tcp] [....172.20.3.13][...80] -> [.....172.20.3.5][.2600] guessed: [....12] [ip4][..tcp] [....172.20.3.88][...80] -> [....172.20.3.82][.2601] [HTTP][Unknown][Web][Acceptable][] RISK: Unidirectional Traffic idle: [....12] [ip4][..tcp] [....172.20.3.88][...80] -> [....172.20.3.82][.2601] end: [.....2] [ip4][..tcp] [....172.20.3.13][...80] -> [.....172.20.3.5][.2601] end: [....11] [ip4][..tcp] [.....172.20.3.5][.2602] -> [....172.20.3.13][...80] [HTTP][Unknown][Web][Acceptable] RISK: HTTP Susp User-Agent, HTTP/TLS/QUIC Numeric Hostname/SNI not-detected: [.....3] [ip4][..tcp] [....172.20.3.13][...81] -> [.....172.20.3.5][.2601] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [.....3] [ip4][..tcp] [....172.20.3.13][...81] -> [.....172.20.3.5][.2601] guessed: [....16] [ip4][..tcp] [....172.20.3.13][...80] -> [....172.20.82.5][.2603] [HTTP][Unknown][Web][Acceptable][] RISK: Unidirectional Traffic idle: [....16] [ip4][..tcp] [....172.20.3.13][...80] -> [....172.20.82.5][.2603] guessed: [....14] [ip4][..tcp] [.....172.20.3.5][.2603] -> [....172.20.3.77][...80] [HTTP][Unknown][Web][Acceptable][] RISK: Unidirectional Traffic idle: [....14] [ip4][..tcp] [.....172.20.3.5][.2603] -> [....172.20.3.77][...80] guessed: [....13] [ip4][..tcp] [.....172.20.3.5][.2603] -> [....172.20.3.13][...80] [HTTP][Unknown][Web][Acceptable][] end: [....13] [ip4][..tcp] [.....172.20.3.5][.2603] -> [....172.20.3.13][...80] guessed: [....19] [ip4][..tcp] [....172.20.3.13][...80] -> [....172.20.68.5][.2604] [HTTP][Unknown][Web][Acceptable][] RISK: Unidirectional Traffic, TCP Connection Issues end: [....19] [ip4][..tcp] [....172.20.3.13][...80] -> [....172.20.68.5][.2604] end: [....18] [ip4][..tcp] [.....172.20.3.5][.2604] -> [....172.20.3.13][...80] [HTTP][Unknown][Web][Acceptable] RISK: HTTP/TLS/QUIC Numeric Hostname/SNI end: [....20] [ip4][..tcp] [.....172.20.3.5][.2605] -> [....172.20.3.13][...80] idle: [....28] [ip4][..tcp] [....172.20.3.13][...80] -> [....172.20.72.5][.2606] end: [....27] [ip4][..tcp] [.....172.20.3.5][.2606] -> [....172.20.3.13][...80] [HTTP][Unknown][Web][Acceptable] RISK: HTTP Susp User-Agent, HTTP/TLS/QUIC Numeric Hostname/SNI idle: [....31] [ip4][..tcp] [....172.20.2.13][...80] -> [.....172.20.3.5][.2607] guessed: [....29] [ip4][..tcp] [.....172.20.3.5][.2607] -> [....172.20.3.13][...80] [HTTP][Unknown][Web][Acceptable][] idle: [....29] [ip4][..tcp] [.....172.20.3.5][.2607] -> [....172.20.3.13][...80] guessed: [....38] [ip4][..tcp] [....172.20.3.13][...80] -> [...172.20.148.5][.2608] [HTTP][Unknown][Web][Acceptable][] RISK: Unidirectional Traffic idle: [....38] [ip4][..tcp] [....172.20.3.13][...80] -> [...172.20.148.5][.2608] idle: [....37] [ip4][..tcp] [....172.20.3.13][...80] -> [.....172.20.3.5][.2608] guessed: [....25] [ip4][..tcp] [....172.20.3.13][...80] -> [.....172.20.3.5][.2639] [HTTP][Unknown][Web][Acceptable][] RISK: Unidirectional Traffic idle: [....25] [ip4][..tcp] [....172.20.3.13][...80] -> [.....172.20.3.5][.2639] guessed: [....17] [ip4][..tcp] [.....172.20.3.5][.2603] -> [....68.37.115.0][...80] [HTTP][Unknown][Web][Acceptable][] idle: [....17] [ip4][..tcp] [.....172.20.3.5][.2603] -> [....68.37.115.0][...80] guessed: [.....9] [ip4][..tcp] [.....172.20.3.5][.2602] -> [....172.21.3.13][...80] [HTTP][Unknown][Web][Acceptable][] RISK: Unidirectional Traffic idle: [.....9] [ip4][..tcp] [.....172.20.3.5][.2602] -> [....172.21.3.13][...80] not-detected: [....10] [ip4][..170] [170.170.170.170] -> [170.170.170.170] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [....10] [ip4][..170] [170.170.170.170] -> [170.170.170.170] guessed: [.....7] [ip4][..tcp] [.....172.20.3.5][...80] -> [....172.57.3.13][53132] [HTTP][Unknown][Web][Acceptable][] RISK: Unidirectional Traffic idle: [.....7] [ip4][..tcp] [.....172.20.3.5][...80] -> [....172.57.3.13][53132] idle: [....30] [ip4][..tcp] [.....172.20.3.5][.9587] -> [....172.20.3.13][...80] guessed: [....22] [ip4][..tcp] [....172.20.3.13][...80] -> [....172.20.76.5][65069] [HTTP][Unknown][Web][Acceptable][] RISK: Unidirectional Traffic idle: [....22] [ip4][..tcp] [....172.20.3.13][...80] -> [....172.20.76.5][65069] DAEMON-EVENT: shutdown