DAEMON-EVENT: init new: [.....1] [ip4][..udp] [..192.168.1.204][53465] -> [.138.199.54.231][51820] detected: [.....1] [ip4][..udp] [..192.168.1.204][53465] -> [.138.199.54.231][51820] [WireGuard.NordVPN][NordVPN][VPN][Acceptable] new: [.....2] [ip4][..udp] [..192.168.1.204][63670] -> [.192.145.125.35][.1198] analyse: [.....2] [ip4][..udp] [..192.168.1.204][63670] -> [.192.145.125.35][.1198] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 1.083| 0.099| 0.265| 70319.784| 2.400] [PKTLEN......: 101.000| 1144.000| 328.800| 349.500| 122181.900| 4.400] [BINS(c->s)..: 0,0,4,12,2,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,2,1,0,0,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,1,1,1,1,1,0,0,0,0,1,0,1,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0] [IATS(ms)....: 36.5,37.2,34.8,0.1,0.0,0.0,0.0,34.7,0.1,0.0,0.0,30.5,31.1,31.8,0.1,31.1,0.3,1045.9,1082.7,0.1,218.3,0.1,0.0,0.0,34.8,1.2,13.9,0.1,0.0,0.0,398.1] [PKTLENS.....: 114,126,409,122,1144,1144,1144,1144,126,130,134,138,834,707,284,362,146,150,173,122,392,150,159,129,129,129,128,117,117,101,189,128] [ENTROPIES...: 6.3,6.6,6.9,6.4,7.9,7.8,7.8,7.8,6.3,6.5,6.5,6.5,7.8,7.7,7.2,7.5,6.5,6.4,6.8,6.4,7.4,6.6,6.6,6.5,6.4,6.5,6.5,6.3,6.3,6.2,6.9,6.4] guessed: [.....2] [ip4][..udp] [..192.168.1.204][63670] -> [.192.145.125.35][.1198] [NordVPN][NordVPN][VPN][Acceptable] RISK: Susp Entropy new: [.....3] [ip4][..tcp] [..192.168.1.204][49766] -> [.212.129.45.224][..995] analyse: [.....3] [ip4][..tcp] [..192.168.1.204][49766] -> [.212.129.45.224][..995] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.562| 0.072| 0.121| 14556.123| 3.700] [PKTLEN......: 40.000| 1500.000| 350.900| 470.200| 221099.300| 4.000] [BINS(c->s)..: 4,0,1,6,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] [BINS(s->c)..: 7,0,1,2,0,0,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,1,1,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,0,0,1,0,1,0,1] [IATS(ms)....: 37.9,38.1,1.8,34.4,0.1,32.8,37.6,0.0,0.0,0.0,37.4,1.0,32.1,31.1,32.4,32.4,76.0,75.9,32.6,0.1,34.6,35.0,33.6,34.1,82.8,428.0,562.3,84.9,33.6,185.1,183.7] [PKTLENS.....: 52,52,40,128,46,140,423,136,1500,1500,1500,40,140,116,252,863,152,46,728,46,298,160,383,164,405,40,1457,46,142,46,143,46] [ENTROPIES...: 4.6,4.9,4.8,6.5,4.5,6.6,7.0,6.6,7.9,7.9,7.9,4.9,6.5,6.3,7.0,7.7,6.6,4.9,7.7,4.9,7.2,6.5,7.4,6.5,7.5,4.9,7.8,5.0,6.6,4.8,6.6,4.9] guessed: [.....3] [ip4][..tcp] [..192.168.1.204][49766] -> [.212.129.45.224][..995] [POPS][NordVPN][Email][Safe] RISK: Fully Encrypted Flow new: [.....4] [ip4][..tcp] [..192.168.1.204][49788] -> [...45.80.28.142][.8443] detected: [.....4] [ip4][..tcp] [..192.168.1.204][49788] -> [...45.80.28.142][.8443] [TLS.NordVPN][NordVPN][VPN][Acceptable][it315.nordvpn.com] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS detection-update: [.....4] [ip4][..tcp] [..192.168.1.204][49788] -> [...45.80.28.142][.8443] [TLS.NordVPN][NordVPN][VPN][Acceptable][it315.nordvpn.com] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS idle: [.....1] [ip4][..udp] [..192.168.1.204][53465] -> [.138.199.54.231][51820] [WireGuard.NordVPN][NordVPN][VPN][Acceptable] idle: [.....2] [ip4][..udp] [..192.168.1.204][63670] -> [.192.145.125.35][.1198] [NordVPN][NordVPN][VPN][Acceptable] RISK: Susp Entropy idle: [.....4] [ip4][..tcp] [..192.168.1.204][49788] -> [...45.80.28.142][.8443] [TLS.NordVPN][NordVPN][VPN][Acceptable] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS idle: [.....3] [ip4][..tcp] [..192.168.1.204][49766] -> [.212.129.45.224][..995] [POPS][NordVPN][Email][Safe] RISK: Fully Encrypted Flow DAEMON-EVENT: shutdown