DAEMON-EVENT: init DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [.......10.8.0.1][50178] -> [.104.17.154.236][..443] detected: [.....1] [ip4][..tcp] [.......10.8.0.1][50178] -> [.104.17.154.236][..443] [TLS.TunnelBear][VPN][Acceptable] new: [.....2] [ip4][..tcp] [.......10.8.0.1][45104] -> [..104.17.115.40][..443] new: [.....3] [ip4][..tcp] [.......10.8.0.1][45106] -> [..104.17.115.40][..443] new: [.....4] [ip4][..tcp] [.......10.8.0.1][45108] -> [..104.17.115.40][..443] detected: [.....2] [ip4][..tcp] [.......10.8.0.1][45104] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable] new: [.....5] [ip4][..tcp] [.......10.8.0.1][45114] -> [..104.17.115.40][..443] detected: [.....3] [ip4][..tcp] [.......10.8.0.1][45106] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable] detected: [.....4] [ip4][..tcp] [.......10.8.0.1][45108] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable] detected: [.....5] [ip4][..tcp] [.......10.8.0.1][45114] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable] detection-update: [.....2] [ip4][..tcp] [.......10.8.0.1][45104] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable] detection-update: [.....1] [ip4][..tcp] [.......10.8.0.1][50178] -> [.104.17.154.236][..443] [TLS.TunnelBear][VPN][Acceptable] detection-update: [.....3] [ip4][..tcp] [.......10.8.0.1][45106] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable] detection-update: [.....4] [ip4][..tcp] [.......10.8.0.1][45108] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable] detection-update: [.....5] [ip4][..tcp] [.......10.8.0.1][45114] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable] new: [.....6] [ip4][..tcp] [.......10.8.0.1][47496] -> [162.247.243.188][..443] detected: [.....6] [ip4][..tcp] [.......10.8.0.1][47496] -> [162.247.243.188][..443] [TLS][Web][Safe] detection-update: [.....6] [ip4][..tcp] [.......10.8.0.1][47496] -> [162.247.243.188][..443] [TLS][Web][Safe] analyse: [.....2] [ip4][..tcp] [.......10.8.0.1][45104] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.266| 0.037| 0.060| 3626.297| 0.000] [PKTLEN......: 54.000| 3711.000| 440.000| 812.300|659832.900| 3.600] [BINS(c->s)..: 7,1,1,1,0,0,0,0,1,0,1,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 10,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1] [IATS(ms)....: 4.8,10.8,0.0,6.0,71.1,71.7,62.5,63.1,0.2,0.1,0.1,0.1,2.3,2.2,58.3,58.8,0.5,0.2,0.2,0.1,0.2,0.1,0.6,0.8,214.5,265.9,52.4,51.4,53.8,54.6,51.8,0.0] [PKTLENS.....: 74,54,54,571,54,3711,54,147,54,590,54,590,54,319,54,390,375,54,590,54,164,54,54,92,54,1646,54,705,54,366,54,2885] new: [.....7] [ip4][..tcp] [.......10.8.0.1][45124] -> [..104.17.115.40][..443] new: [.....8] [ip4][..tcp] [.......10.8.0.1][45126] -> [..104.17.115.40][..443] detected: [.....7] [ip4][..tcp] [.......10.8.0.1][45124] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable] detected: [.....8] [ip4][..tcp] [.......10.8.0.1][45126] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable] detection-update: [.....8] [ip4][..tcp] [.......10.8.0.1][45126] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable] detection-update: [.....7] [ip4][..tcp] [.......10.8.0.1][45124] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable] analyse: [.....8] [ip4][..tcp] [.......10.8.0.1][45126] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.234| 0.036| 0.055| 3015.001| 0.000] [PKTLEN......: 54.000| 803.000| 163.700| 198.300|39337.400| 4.200] [BINS(c->s)..: 9,2,0,0,0,0,0,0,1,0,1,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 11,1,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,0,0,1,0,1,1,0] [IATS(ms)....: 3.4,3.9,2.0,2.9,57.3,108.0,0.8,51.4,0.3,0.1,0.1,0.1,0.1,0.1,50.9,51.9,1.0,50.4,50.8,196.8,233.7,37.7,51.5,50.9,51.1,0.1,51.0,0.5,0.2,0.4,1.0,0.0] [PKTLENS.....: 74,54,54,571,54,210,54,105,54,590,54,590,54,317,54,132,377,54,92,54,803,54,227,54,92,54,85,54,54,54,54,54] new: [.....9] [ip4][..tcp] [..10.158.132.91][38398] -> [..104.17.114.40][..443] [MIDSTREAM] detected: [.....9] [ip4][..tcp] [..10.158.132.91][38398] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable] new: [....10] [ip4][..tcp] [..10.158.132.91][51120] -> [........8.8.8.8][...53] [MIDSTREAM] new: [....11] [ip4][..tcp] [.......10.8.0.1][60224] -> [...157.240.7.32][..443] detected: [....11] [ip4][..tcp] [.......10.8.0.1][60224] -> [...157.240.7.32][..443] [TLS.Messenger][Chat][Acceptable] RISK: TLS (probably) Not Carrying HTTPS detection-update: [....11] [ip4][..tcp] [.......10.8.0.1][60224] -> [...157.240.7.32][..443] [TLS.Messenger][Chat][Acceptable] RISK: TLS (probably) Not Carrying HTTPS new: [....12] [ip4][..tcp] [.......10.8.0.1][47594] -> [..99.83.135.170][..443] detected: [....12] [ip4][..tcp] [.......10.8.0.1][47594] -> [..99.83.135.170][..443] [TLS.AmazonAWS][Cloud][Acceptable] RISK: TLS (probably) Not Carrying HTTPS detection-update: [....12] [ip4][..tcp] [.......10.8.0.1][47594] -> [..99.83.135.170][..443] [TLS.AmazonAWS][Cloud][Acceptable] RISK: TLS (probably) Not Carrying HTTPS detection-update: [....12] [ip4][..tcp] [.......10.8.0.1][47594] -> [..99.83.135.170][..443] [TLS.AmazonAWS][Cloud][Acceptable] RISK: TLS (probably) Not Carrying HTTPS new: [....13] [ip4][..tcp] [.......10.8.0.1][47046] -> [.74.125.200.188][.5228] detected: [....13] [ip4][..tcp] [.......10.8.0.1][47046] -> [.74.125.200.188][.5228] [TLS.GoogleServices][Web][Acceptable] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS end: [.....2] [ip4][..tcp] [.......10.8.0.1][45104] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable] end: [.....3] [ip4][..tcp] [.......10.8.0.1][45106] -> [..104.17.115.40][..443] end: [.....4] [ip4][..tcp] [.......10.8.0.1][45108] -> [..104.17.115.40][..443] end: [.....5] [ip4][..tcp] [.......10.8.0.1][45114] -> [..104.17.115.40][..443] end: [.....7] [ip4][..tcp] [.......10.8.0.1][45124] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable] end: [.....8] [ip4][..tcp] [.......10.8.0.1][45126] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable] detection-update: [....13] [ip4][..tcp] [.......10.8.0.1][47046] -> [.74.125.200.188][.5228] [TLS.GoogleServices][Web][Acceptable] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS new: [....14] [ip4][..tcp] [.......10.8.0.1][33830] -> [..104.17.114.40][..443] detected: [....14] [ip4][..tcp] [.......10.8.0.1][33830] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable] new: [....15] [ip4][..tcp] [.......10.8.0.1][50904] -> [.104.17.154.236][..443] new: [....16] [ip4][..tcp] [.......10.8.0.1][33838] -> [..104.17.114.40][..443] detected: [....16] [ip4][..tcp] [.......10.8.0.1][33838] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable] new: [....17] [ip4][..tcp] [.......10.8.0.1][33842] -> [..104.17.114.40][..443] new: [....18] [ip4][..tcp] [.......10.8.0.1][33846] -> [..104.17.114.40][..443] detected: [....15] [ip4][..tcp] [.......10.8.0.1][50904] -> [.104.17.154.236][..443] [TLS.TunnelBear][VPN][Acceptable] new: [....19] [ip4][..tcp] [.......10.8.0.1][33848] -> [..104.17.114.40][..443] detected: [....17] [ip4][..tcp] [.......10.8.0.1][33842] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable] detected: [....18] [ip4][..tcp] [.......10.8.0.1][33846] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable] detected: [....19] [ip4][..tcp] [.......10.8.0.1][33848] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable] detection-update: [....14] [ip4][..tcp] [.......10.8.0.1][33830] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable] new: [....20] [ip4][..tcp] [.......10.8.0.1][48222] -> [162.247.243.188][..443] detected: [....20] [ip4][..tcp] [.......10.8.0.1][48222] -> [162.247.243.188][..443] [TLS][Web][Safe] detection-update: [....18] [ip4][..tcp] [.......10.8.0.1][33846] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable] detection-update: [....17] [ip4][..tcp] [.......10.8.0.1][33842] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable] detection-update: [....16] [ip4][..tcp] [.......10.8.0.1][33838] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable] detection-update: [....19] [ip4][..tcp] [.......10.8.0.1][33848] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable] detection-update: [....15] [ip4][..tcp] [.......10.8.0.1][50904] -> [.104.17.154.236][..443] [TLS.TunnelBear][VPN][Acceptable] detection-update: [....20] [ip4][..tcp] [.......10.8.0.1][48222] -> [162.247.243.188][..443] [TLS][Web][Safe] analyse: [....14] [ip4][..tcp] [.......10.8.0.1][33830] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.340| 0.040| 0.084| 7024.527| 0.000] [PKTLEN......: 54.000| 2954.000| 254.400| 516.400|266681.900| 3.700] [BINS(c->s)..: 3,3,1,2,0,0,0,0,0,0,2,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 13,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,1,0,1,1,0,1,0,1,0,1,0,1,1] [IATS(ms)....: 4.1,5.3,2.0,3.4,237.7,240.1,0.0,2.4,9.3,9.4,0.2,0.1,1.4,1.5,0.1,0.1,0.1,0.1,100.5,152.6,52.3,7.0,20.6,16.0,10.0,8.0,0.8,1.3,7.0,6.2,340.4,0.0] [PKTLENS.....: 74,54,54,571,54,210,54,105,54,107,54,140,54,590,54,590,54,179,54,123,92,54,92,375,54,590,54,162,54,377,54,2954] new: [....21] [ip4][..tcp] [.......10.8.0.1][33858] -> [..104.17.114.40][..443] detected: [....21] [ip4][..tcp] [.......10.8.0.1][33858] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable] idle: [....13] [ip4][..tcp] [.......10.8.0.1][47046] -> [.74.125.200.188][.5228] idle: [....15] [ip4][..tcp] [.......10.8.0.1][50904] -> [.104.17.154.236][..443] idle: [.....6] [ip4][..tcp] [.......10.8.0.1][47496] -> [162.247.243.188][..443] idle: [....11] [ip4][..tcp] [.......10.8.0.1][60224] -> [...157.240.7.32][..443] idle: [....20] [ip4][..tcp] [.......10.8.0.1][48222] -> [162.247.243.188][..443] guessed: [....10] [ip4][..tcp] [..10.158.132.91][51120] -> [........8.8.8.8][...53] [DNS.Google][Web][Acceptable] end: [....10] [ip4][..tcp] [..10.158.132.91][51120] -> [........8.8.8.8][...53] idle: [....12] [ip4][..tcp] [.......10.8.0.1][47594] -> [..99.83.135.170][..443] end: [.....9] [ip4][..tcp] [..10.158.132.91][38398] -> [..104.17.114.40][..443] idle: [.....1] [ip4][..tcp] [.......10.8.0.1][50178] -> [.104.17.154.236][..443] [TLS.TunnelBear][VPN][Acceptable] end: [....14] [ip4][..tcp] [.......10.8.0.1][33830] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable] end: [....16] [ip4][..tcp] [.......10.8.0.1][33838] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable] end: [....17] [ip4][..tcp] [.......10.8.0.1][33842] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable] end: [....18] [ip4][..tcp] [.......10.8.0.1][33846] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable] end: [....19] [ip4][..tcp] [.......10.8.0.1][33848] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable] idle: [....21] [ip4][..tcp] [.......10.8.0.1][33858] -> [..104.17.114.40][..443] DAEMON-EVENT: shutdown