1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
DAEMON-EVENT: init
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..udp] [..192.168.0.123][55566] -> [...192.168.0.16][...53]
detected: [.....1] [ip4][..udp] [..192.168.0.123][55566] -> [...192.168.0.16][...53] [DNS][Unknown][Network][Acceptable][checkappexec.microsoft.com]
detection-update: [.....1] [ip4][..udp] [..192.168.0.123][55566] -> [...192.168.0.16][...53] [DNS][Unknown][Network][Acceptable][checkappexec.microsoft.com]
new: [.....2] [ip4][..tcp] [..192.168.0.123][64613] -> [172.211.159.152][..443]
detected: [.....2] [ip4][..tcp] [..192.168.0.123][64613] -> [172.211.159.152][..443] [TLS.Microsoft365][Azure][Web][Acceptable][checkappexec.microsoft.com]
detection-update: [.....2] [ip4][..tcp] [..192.168.0.123][64613] -> [172.211.159.152][..443] [TLS.Microsoft365][Azure][Web][Acceptable][checkappexec.microsoft.com]
detection-update: [.....2] [ip4][..tcp] [..192.168.0.123][64613] -> [172.211.159.152][..443] [TLS.Microsoft365][Azure][Web][Acceptable][checkappexec.microsoft.com]
new: [.....3] [ip4][..tcp] [..192.168.0.123][64621] -> [....86.3.18.251][..443]
new: [.....4] [ip4][..tcp] [..192.168.0.123][64622] -> [.178.17.170.254][..443]
detected: [.....4] [ip4][..tcp] [..192.168.0.123][64622] -> [.178.17.170.254][..443] [TLS.Tor][Tor][VPN][Potentially Dangerous][www.v2trefdg62xsck3upw2iad5y.com]
RISK: TLS (probably) Not Carrying HTTPS, Susp DGA Domain name, Unsafe Protocol
new: [.....5] [ip4][.icmp] [...192.168.0.16] -> [..192.168.0.123]
detected: [.....5] [ip4][.icmp] [...192.168.0.16] -> [..192.168.0.123] [ICMP][Unknown][Network][Acceptable]
RISK: Susp Entropy
detected: [.....3] [ip4][..tcp] [..192.168.0.123][64621] -> [....86.3.18.251][..443] [TLS.Tor][Tor][VPN][Potentially Dangerous][www.w2f34byk6sroic.com]
RISK: TLS (probably) Not Carrying HTTPS, Susp DGA Domain name, Unsafe Protocol
new: [.....6] [ip4][..tcp] [..192.168.0.123][64282] -> [.155.133.248.43][..443] [MIDSTREAM]
detected: [.....6] [ip4][..tcp] [..192.168.0.123][64282] -> [.155.133.248.43][..443] [TLS][Steam][Web][Safe]
new: [.....7] [ip4][..tcp] [..192.168.0.123][64623] -> [....86.3.18.251][..443]
detected: [.....7] [ip4][..tcp] [..192.168.0.123][64623] -> [....86.3.18.251][..443] [TLS.Tor][Tor][VPN][Potentially Dangerous][www.sodinn6.com]
RISK: TLS (probably) Not Carrying HTTPS, Unsafe Protocol
detection-update: [.....7] [ip4][..tcp] [..192.168.0.123][64623] -> [....86.3.18.251][..443] [TLS.Tor][Tor][VPN][Potentially Dangerous][www.sodinn6.com]
RISK: TLS (probably) Not Carrying HTTPS, Unsafe Protocol
analyse: [.....7] [ip4][..tcp] [..192.168.0.123][64623] -> [....86.3.18.251][..443] [TLS.Tor][Tor][VPN][Potentially Dangerous]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.184| 0.085| 0.047| 2172.756| 4.600]
[PKTLEN......: 40.000| 2118.000| 563.500| 530.800| 281728.400| 4.400]
[BINS(c->s)..: 4,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2]
[BINS(s->c)..: 4,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,5,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,2,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,0,1,0,1,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0]
[IATS(ms)....: 112.1,118.6,0.3,135.9,0.1,141.3,123.9,112.0,103.9,0.1,104.0,75.9,83.2,84.0,0.1,0.0,91.9,3.3,103.9,76.1,184.3,131.9,110.7,92.1,92.2,100.0,100.6,96.0,94.5,83.9,83.8]
[PKTLENS.....: 52,52,40,557,46,1213,120,119,73,119,1400,40,742,2118,46,1400,244,40,1604,46,576,576,1112,1090,576,576,576,576,576,576,576,576]
[ENTROPIES...: 4.4,4.7,4.6,4.6,4.4,7.8,6.2,6.4,5.5,6.4,7.9,4.6,7.7,7.9,4.5,7.8,7.1,4.6,7.9,4.5,7.7,7.6,7.8,7.8,7.6,7.6,7.6,7.6,7.6,7.6,7.6,7.6]
new: [.....8] [ip4][..tcp] [..192.168.0.123][64624] -> [.178.17.170.254][..443]
detected: [.....8] [ip4][..tcp] [..192.168.0.123][64624] -> [.178.17.170.254][..443] [TLS.Tor][Tor][VPN][Potentially Dangerous][www.2xik.com]
RISK: TLS (probably) Not Carrying HTTPS, Unsafe Protocol
detection-update: [.....8] [ip4][..tcp] [..192.168.0.123][64624] -> [.178.17.170.254][..443] [TLS.Tor][Tor][VPN][Potentially Dangerous][www.2xik.com]
RISK: TLS (probably) Not Carrying HTTPS, Unsafe Protocol
new: [.....9] [ip4][..tcp] [..192.168.0.123][64625] -> [.194.164.197.45][..443]
detected: [.....9] [ip4][..tcp] [..192.168.0.123][64625] -> [.194.164.197.45][..443] [TLS.Tor][Tor][VPN][Potentially Dangerous][www.raww4onzy3tam7cip372snd.com]
RISK: TLS (probably) Not Carrying HTTPS, Susp DGA Domain name, Unsafe Protocol
analyse: [.....8] [ip4][..tcp] [..192.168.0.123][64624] -> [.178.17.170.254][..443] [TLS.Tor][Tor][VPN][Potentially Dangerous]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.102| 0.057| 0.029| 830.465| 4.700]
[PKTLEN......: 40.000| 2118.000| 595.800| 546.500| 298628.700| 4.400]
[BINS(c->s)..: 4,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2]
[BINS(s->c)..: 4,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,4,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1,0,0,0,0,0,2,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,0,1,0,1,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0]
[IATS(ms)....: 60.6,60.7,0.3,60.9,10.9,72.3,62.0,61.2,60.4,0.5,64.6,64.0,61.4,86.2,11.0,0.0,96.1,1.4,62.4,39.7,101.6,61.2,61.7,86.7,85.9,85.4,85.4,61.4,61.6,67.3,66.7]
[PKTLENS.....: 52,48,40,557,46,1210,120,119,73,119,1400,40,731,2118,46,1400,244,40,1604,46,576,576,1112,1090,576,576,576,576,1112,1090,576,576]
[ENTROPIES...: 4.5,4.9,4.6,4.5,4.4,7.8,6.3,6.4,5.6,6.4,7.9,4.5,7.7,7.9,4.4,7.9,7.0,4.7,7.9,4.5,7.6,7.6,7.8,7.8,7.6,7.6,7.6,7.7,7.8,7.8,7.6,7.7]
end: [.....3] [ip4][..tcp] [..192.168.0.123][64621] -> [....86.3.18.251][..443] [TLS.Tor][Tor][VPN][Potentially Dangerous]
RISK: TLS (probably) Not Carrying HTTPS, Susp DGA Domain name, Unsafe Protocol
idle: [.....7] [ip4][..tcp] [..192.168.0.123][64623] -> [....86.3.18.251][..443] [TLS.Tor][Tor][VPN][Potentially Dangerous][www.sodinn6.com]
RISK: TLS (probably) Not Carrying HTTPS, Unsafe Protocol
idle: [.....1] [ip4][..udp] [..192.168.0.123][55566] -> [...192.168.0.16][...53] [DNS][Unknown][Network][Acceptable][checkappexec.microsoft.com]
idle: [.....6] [ip4][..tcp] [..192.168.0.123][64282] -> [.155.133.248.43][..443] [TLS][Steam][Web][Safe]
end: [.....4] [ip4][..tcp] [..192.168.0.123][64622] -> [.178.17.170.254][..443] [TLS.Tor][Tor][VPN][Potentially Dangerous]
RISK: TLS (probably) Not Carrying HTTPS, Susp DGA Domain name, Unsafe Protocol
idle: [.....8] [ip4][..tcp] [..192.168.0.123][64624] -> [.178.17.170.254][..443] [TLS.Tor][Tor][VPN][Potentially Dangerous][www.2xik.com]
RISK: TLS (probably) Not Carrying HTTPS, Unsafe Protocol
idle: [.....9] [ip4][..tcp] [..192.168.0.123][64625] -> [.194.164.197.45][..443] [TLS.Tor][Tor][VPN][Potentially Dangerous]
RISK: TLS (probably) Not Carrying HTTPS, Susp DGA Domain name, Unsafe Protocol
idle: [.....5] [ip4][.icmp] [...192.168.0.16] -> [..192.168.0.123] [ICMP][Unknown][Network][Acceptable]
RISK: Susp Entropy
idle: [.....2] [ip4][..tcp] [..192.168.0.123][64613] -> [172.211.159.152][..443] [TLS.Microsoft365][Azure][Web][Acceptable]
DAEMON-EVENT: shutdown
|