From 2eca7c8c9ac407cec2be924425e62ebbb8a436f1 Mon Sep 17 00:00:00 2001 From: Toni Uhlig Date: Thu, 11 Apr 2024 13:36:26 +0200 Subject: [PATCH] Add extra entropy checks and more precise(?) analysis. Signed-off-by: Toni Uhlig --- src/include/ndpi_main.h | 11 +- src/include/ndpi_typedefs.h | 2 +- src/lib/ndpi_main.c | 37 +- src/lib/ndpi_utils.c | 92 + src/lib/protocols/http.c | 5 + tests/cfgs/caches_cfg/result/teams.pcap.out | 2 +- .../cfgs/caches_global/result/teams.pcap.out | 2 +- .../caches_global/result/zoom_p2p.pcapng.out | 4 +- tests/cfgs/default/result/1kxun.pcap.out | 64 +- tests/cfgs/default/result/443-chrome.pcap.out | 2 +- .../default/result/KakaoTalk_chat.pcap.out | 4 +- .../default/result/KakaoTalk_talk.pcap.out | 2 +- .../cfgs/default/result/WebattackRCE.pcap.out | 1592 ++++++++--------- .../cfgs/default/result/WebattackXSS.pcap.out | 10 +- .../cfgs/default/result/alexa-app.pcapng.out | 26 +- tests/cfgs/default/result/android.pcap.out | 4 +- .../default/result/anyconnect-vpn.pcap.out | 6 +- tests/cfgs/default/result/bot.pcap.out | 2 +- tests/cfgs/default/result/bt-http.pcapng.out | 2 +- tests/cfgs/default/result/collectd.pcap.out | 4 +- .../default/result/discord_mid_flow.pcap.out | 2 +- tests/cfgs/default/result/dns-exf.pcap.out | 2 +- .../dtls_certificate_fragments.pcap.out | 2 +- .../result/dtls_mid_sessions.pcapng.out | 8 +- .../result/dtls_old_version.pcapng.out | 2 +- .../dtls_session_id_and_coockie_both.pcap.out | 2 +- tests/cfgs/default/result/edonkey.pcap.out | 2 +- tests/cfgs/default/result/emotet.pcap.out | 4 +- .../cfgs/default/result/exe_download.pcap.out | 2 +- .../result/exe_download_as_png.pcap.out | 2 +- .../result/fuzz-2006-06-26-2594.pcap.out | 12 +- .../result/fuzz-2006-09-29-28586.pcap.out | 16 +- .../result/fuzz-2020-02-16-11740.pcap.out | 14 +- tests/cfgs/default/result/gnutella.pcap.out | 30 +- .../result/googledns_android10.pcap.out | 2 +- .../result/gtp_false_positive.pcapng.out | 2 +- tests/cfgs/default/result/haproxy.pcap.out | 2 +- .../cfgs/default/result/http-proxy.pcapng.out | 2 +- .../default/result/http_asymmetric.pcapng.out | 4 +- .../cfgs/default/result/http_connect.pcap.out | 2 +- .../http_guessed_host_and_guessed.pcapng.out | 2 +- tests/cfgs/default/result/http_ipv6.pcap.out | 4 +- .../http_origin_different_than_host.pcap.out | 2 +- .../http_ua_splitted_in_two_pkts.pcapng.out | 2 +- .../cfgs/default/result/icmp-tunnel.pcap.out | 2 +- tests/cfgs/default/result/imo.pcap.out | 2 +- tests/cfgs/default/result/instagram.pcap.out | 10 +- .../default/result/ipsec_isakmp_esp.pcap.out | 2 +- .../cfgs/default/result/ipv6_in_gtp.pcap.out | 2 +- tests/cfgs/default/result/jabber.pcap.out | 2 +- tests/cfgs/default/result/kerberos.pcap.out | 52 +- tests/cfgs/default/result/kontiki.pcap.out | 4 +- .../result/linecall_falsepositve.pcap.out | 2 +- .../result/log4j-webapp-exploit.pcap.out | 4 +- .../default/result/lol_wild_rift_udp.pcap.out | 2 +- tests/cfgs/default/result/malware.pcap.out | 2 +- .../default/result/mullvad_wireguard.pcap.out | 2 +- .../default/result/nest_log_sink.pcap.out | 2 +- tests/cfgs/default/result/netflix.pcap.out | 36 +- tests/cfgs/default/result/nintendo.pcap.out | 4 +- tests/cfgs/default/result/ocs.pcap.out | 2 +- tests/cfgs/default/result/ocsp.pcapng.out | 6 +- .../ossfuzz_seed_fake_traces_2.pcapng.out | 2 +- .../result/portable_executable.pcap.out | 4 +- tests/cfgs/default/result/pps.pcap.out | 38 +- tests/cfgs/default/result/protonvpn.pcap.out | 2 +- tests/cfgs/default/result/quic.pcap.out | 4 +- .../default/result/quic_interop_V.pcapng.out | 12 +- tests/cfgs/default/result/quickplay.pcap.out | 4 +- .../result/reasm_crash_anon.pcapng.out | 2 +- .../default/result/reasm_segv_anon.pcapng.out | 2 +- tests/cfgs/default/result/riot.pcapng.out | 2 +- tests/cfgs/default/result/shell.pcap.out | 4 +- tests/cfgs/default/result/smb_frags.pcap.out | 2 +- tests/cfgs/default/result/soap.pcap.out | 2 +- .../default/result/starcraft_battle.pcap.out | 20 +- tests/cfgs/default/result/stun.pcap.out | 2 +- .../default/result/stun_signal.pcapng.out | 4 +- .../default/result/stun_wa_call.pcapng.out | 2 +- tests/cfgs/default/result/teams.pcap.out | 2 +- tests/cfgs/default/result/telegram.pcap.out | 6 +- .../result/telegram_videocall.pcapng.out | 20 +- tests/cfgs/default/result/tftp.pcap.out | 2 +- .../result/tls_certificate_too_long.pcap.out | 2 +- tests/cfgs/default/result/toca-boca.pcap.out | 6 +- tests/cfgs/default/result/viber.pcap.out | 6 +- tests/cfgs/default/result/wa_video.pcap.out | 2 +- tests/cfgs/default/result/waze.pcap.out | 16 +- tests/cfgs/default/result/wechat.pcap.out | 4 +- tests/cfgs/default/result/weibo.pcap.out | 6 +- tests/cfgs/default/result/wireguard.pcap.out | 2 +- tests/cfgs/default/result/xiaomi.pcap.out | 12 +- tests/cfgs/default/result/zoom.pcap.out | 2 +- tests/cfgs/default/result/zoom_p2p.pcapng.out | 4 +- .../result/quic-mvfst-27.pcapng.out | 2 +- .../disable_protocols/result/soap.pcap.out | 4 +- .../enable_payload_stat/result/1kxun.pcap.out | 64 +- .../result/protonvpn.pcap.out | 2 +- .../result/http_asymmetric.pcapng.out | 2 +- .../ip_lists_disable/result/1kxun.pcap.out | 64 +- .../result/teams.pcap.out | 2 +- .../result/stun_wa_call.pcapng.out | 2 +- .../result/telegram_videocall.pcapng.out | 20 +- 103 files changed, 1294 insertions(+), 1203 deletions(-) diff --git a/src/include/ndpi_main.h b/src/include/ndpi_main.h index 7012fd8ec3e..a95bf03c2cb 100644 --- a/src/include/ndpi_main.h +++ b/src/include/ndpi_main.h @@ -113,8 +113,15 @@ extern "C" { int ndpi_is_printable_buffer(u_int8_t const * const buf, size_t len); int ndpi_normalize_printable_string(char * const str, size_t len); int ndpi_is_valid_hostname(char * const str, size_t len); -#define NDPI_ENTROPY_ENCRYPTED_OR_RANDOM(entropy) (entropy > 7.0f) - float ndpi_entropy(u_int8_t const * const buf, size_t len); + +#define NDPI_ENTROPY_PLAINTEXT(entropy) (entropy < 4.941f) +#define NDPI_ENTROPY_EXECUTABLE(entropy) (entropy >= 4.941f) +#define NDPI_ENTROPY_EXECUTABLE_PACKED(entropy) (entropy >= 6.677f) +#define NDPI_ENTROPY_EXECUTABLE_ENCRYPTED(entropy) (entropy >= 7.174f) +#define NDPI_ENTROPY_ENCRYPTED_OR_RANDOM(entropy) (entropy >= 7.312f) + float ndpi_entropy(u_int8_t const * const buf, size_t len); + char *ndpi_entropy2str(float entropy, char *buf, size_t len); + void ndpi_entropy2risk(struct ndpi_flow_struct *flow); #ifdef __cplusplus } diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 9dc3fdc9871..060b50a999c 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -1207,7 +1207,7 @@ struct ndpi_flow_struct { /* init parameter, internal used to set up timestamp,... */ u_int16_t guessed_protocol_id, guessed_protocol_id_by_ip, guessed_category, guessed_header_category; u_int8_t l4_proto, protocol_id_already_guessed:1, fail_with_unknown:1, - init_finished:1, client_packet_direction:1, packet_direction:1, is_ipv6:1, first_pkt_fully_encrypted:1, _pad1: 1; + init_finished:1, client_packet_direction:1, packet_direction:1, is_ipv6:1, first_pkt_fully_encrypted:1, skip_entropy_check: 1; u_int16_t num_dissector_calls; ndpi_confidence_t confidence; /* ndpi_confidence_t */ diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 9b04727bb36..dcba3191537 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -4360,14 +4360,10 @@ static u_int16_t guess_protocol_id(struct ndpi_detection_module_struct *ndpi_str ndpi_set_risk(flow, NDPI_MALFORMED_PACKET, NULL); if(packet->payload_packet_len > sizeof(struct ndpi_icmphdr)) { - flow->entropy = ndpi_entropy(packet->payload + sizeof(struct ndpi_icmphdr), - packet->payload_packet_len - sizeof(struct ndpi_icmphdr)); - - if(NDPI_ENTROPY_ENCRYPTED_OR_RANDOM(flow->entropy) != 0) { - char str[32]; - - snprintf(str, sizeof(str), "Entropy %.2f", flow->entropy); - ndpi_set_risk(flow, NDPI_SUSPICIOUS_ENTROPY, str); + if (flow->skip_entropy_check == 0) { + flow->entropy = ndpi_entropy(packet->payload + sizeof(struct ndpi_icmphdr), + packet->payload_packet_len - sizeof(struct ndpi_icmphdr)); + ndpi_entropy2risk(flow); } u_int16_t chksm = icmp4_checksum(packet->payload, packet->payload_packet_len); @@ -8649,25 +8645,16 @@ static ndpi_protocol ndpi_internal_detection_process_packet(struct ndpi_detectio ndpi_search_shellscript(ndpi_str, flow); } - if(flow->first_pkt_fully_encrypted == 0 && - ret.app_protocol == NDPI_PROTOCOL_UNKNOWN && - NDPI_ENTROPY_ENCRYPTED_OR_RANDOM(flow->entropy) == 0 && - flow->packet_counter < 3) - { - flow->entropy = ndpi_entropy(packet->payload, packet->payload_packet_len); - if(NDPI_ENTROPY_ENCRYPTED_OR_RANDOM(flow->entropy) != 0) { - char str[32]; - - snprintf(str, sizeof(str), "Entropy %.2f", flow->entropy); - ndpi_set_risk(flow, NDPI_SUSPICIOUS_ENTROPY, str); - } - } - if(ret.app_protocol != NDPI_PROTOCOL_UNKNOWN && + if(flow->skip_entropy_check == 0 && + flow->first_pkt_fully_encrypted == 0 && + flow->packet_counter < 5 && + /* The following protocols do their own entropy calculation/classification. */ ret.app_protocol != NDPI_PROTOCOL_IP_ICMP && - flow->entropy > 0.0f) + (flow->l4.tcp.http_stage <= 1 || + ret.app_protocol != NDPI_PROTOCOL_HTTP)) { - flow->entropy = 0.0f; - ndpi_unset_risk(flow, NDPI_SUSPICIOUS_ENTROPY); + flow->entropy = ndpi_entropy(packet->payload, packet->payload_packet_len); + ndpi_entropy2risk(flow); } return(ret); diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c index 7795f59d56b..d09e235594d 100644 --- a/src/lib/ndpi_utils.c +++ b/src/lib/ndpi_utils.c @@ -2711,6 +2711,98 @@ float ndpi_entropy(u_int8_t const * const buf, size_t len) { return entropy; } +/* ******************************************************************** */ + +/* Losely implemented by: https://redirect.cs.umbc.edu/courses/graduate/CMSC691am/student%20talks/CMSC%20691%20Malware%20-%20Entropy%20Analysis%20Presentation.pdf */ +char *ndpi_entropy2str(float entropy, char *buf, size_t len) { + if (buf == NULL) { + return NULL; + } + + static const char entropy_fmtstr[] = "Entropy: %.3f (%s)"; + if (NDPI_ENTROPY_ENCRYPTED_OR_RANDOM(entropy)) { + snprintf(buf, len, entropy_fmtstr, entropy, "Encrypted or Random"); + } else if (NDPI_ENTROPY_EXECUTABLE_ENCRYPTED(entropy)) { + snprintf(buf, len, entropy_fmtstr, entropy, "Encrypted Executable"); + } else if (NDPI_ENTROPY_EXECUTABLE_PACKED(entropy)) { + snprintf(buf, len, entropy_fmtstr, entropy, "Compressed Executable"); + } else if (NDPI_ENTROPY_EXECUTABLE(entropy)) { + snprintf(buf, len, entropy_fmtstr, entropy, "Executable"); + } else { + snprintf(buf, len, entropy_fmtstr, entropy, "Unknown"); + } + + return buf; +} + +/* ******************************************************************** */ + +void ndpi_entropy2risk(struct ndpi_flow_struct *flow) { + char str[64]; + + if (NDPI_ENTROPY_PLAINTEXT(flow->entropy)) + goto reset_risk; + + if (flow->detected_protocol_stack[0] == NDPI_PROTOCOL_TLS || + flow->detected_protocol_stack[1] == NDPI_PROTOCOL_TLS || + flow->detected_protocol_stack[0] == NDPI_PROTOCOL_QUIC || + flow->detected_protocol_stack[1] == NDPI_PROTOCOL_QUIC) + { + flow->skip_entropy_check = 1; + goto reset_risk; + } + + if ((flow->detected_protocol_stack[0] == NDPI_PROTOCOL_HTTP || + flow->detected_protocol_stack[1] == NDPI_PROTOCOL_HTTP) && + ((flow->http.content_type != NULL && + (strncmp(flow->http.content_type, "image/", + NDPI_STATICSTRING_LEN("image/")) == 0 || + strncmp(flow->http.content_type, "video/", + NDPI_STATICSTRING_LEN("video/")) == 0 || + strncmp(flow->http.content_type, "text/", + NDPI_STATICSTRING_LEN("text/")) == 0)) || + (flow->http.request_content_type != NULL && + (strncmp(flow->http.request_content_type, "image/", + NDPI_STATICSTRING_LEN("image/")) == 0 || + strncmp(flow->http.request_content_type, "video/", + NDPI_STATICSTRING_LEN("video/")) == 0 || + strncmp(flow->http.request_content_type, "text/", + NDPI_STATICSTRING_LEN("text/")) == 0)))) + { + flow->skip_entropy_check = 1; + goto reset_risk; + } + + if (flow->confidence != NDPI_CONFIDENCE_DPI && + flow->confidence != NDPI_CONFIDENCE_DPI_CACHE) { + ndpi_set_risk(flow, NDPI_SUSPICIOUS_ENTROPY, + ndpi_entropy2str(flow->entropy, str, sizeof(str))); + return; + } + + if (ndpi_isset_risk(flow, NDPI_MALWARE_HOST_CONTACTED) || + ndpi_isset_risk(flow, NDPI_BINARY_DATA_TRANSFER) || + ndpi_isset_risk(flow, NDPI_BINARY_APPLICATION_TRANSFER) || + ndpi_isset_risk(flow, NDPI_POSSIBLE_EXPLOIT) || + ndpi_isset_risk(flow, NDPI_HTTP_SUSPICIOUS_CONTENT) || + ndpi_isset_risk(flow, NDPI_DNS_SUSPICIOUS_TRAFFIC) || + ndpi_isset_risk(flow, NDPI_MALFORMED_PACKET) || + (flow->category == NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT && + (flow->detected_protocol_stack[0] == NDPI_PROTOCOL_HTTP || + flow->detected_protocol_stack[1] == NDPI_PROTOCOL_HTTP)) || + flow->category == NDPI_PROTOCOL_CATEGORY_DATA_TRANSFER || + flow->category == NDPI_PROTOCOL_CATEGORY_UNSPECIFIED || + flow->category == NDPI_PROTOCOL_CATEGORY_WEB) + { + ndpi_set_risk(flow, NDPI_SUSPICIOUS_ENTROPY, + ndpi_entropy2str(flow->entropy, str, sizeof(str))); + return; + } + +reset_risk: + ndpi_unset_risk(flow, NDPI_SUSPICIOUS_ENTROPY); +} + /* ******************************************************************** */ static inline uint16_t get_n16bit(uint8_t const * cbuf) { uint16_t r = ((uint16_t)cbuf[0]) | (((uint16_t)cbuf[1]) << 8); diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index a85f1c44c96..c0fe2b35785 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -222,8 +222,13 @@ static void ndpi_validate_http_content(struct ndpi_detection_module_struct *ndpi if(len >= 8 /* 4 chars for \r\n\r\n and at least 4 charts for content guess */) { double_ret += 4; + len -= 4; ndpi_http_check_human_redeable_content(ndpi_struct, flow, double_ret, len); + if (flow->skip_entropy_check == 0) { + flow->entropy = ndpi_entropy(double_ret, len); + ndpi_entropy2risk(flow); + } } } diff --git a/tests/cfgs/caches_cfg/result/teams.pcap.out b/tests/cfgs/caches_cfg/result/teams.pcap.out index e2e30079a96..1a2b81ede31 100644 --- a/tests/cfgs/caches_cfg/result/teams.pcap.out +++ b/tests/cfgs/caches_cfg/result/teams.pcap.out @@ -68,7 +68,7 @@ JA3 Host Stats: 11 TCP 192.168.1.6:60540 <-> 52.114.75.70:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][DPI packets: 5][cat: Collaborative/15][14 pkts/5711 bytes <-> 10 pkts/8093 bytes][Goodput ratio: 83/92][0.13 sec][Hostname/SNI: eu-prod.asyncgw.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.173 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/9 32/32 13/14][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 408/809 1494/1506 517/688][TLSv1.2][JA3C: 74d5fa154a7fc0a7c655d8eaa34b89bf][JA4: t12d1312h2_8b80da21ef18_b00751acaffa][Plen Bins: 0,7,0,7,0,0,0,15,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,15,31,0,0] 12 TCP 192.168.1.6:60537 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][DPI packets: 8][cat: Cloud/13][16 pkts/8418 bytes <-> 10 pkts/5367 bytes][Goodput ratio: 87/88][0.27 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.221 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/27 46/46 20/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 526/537 1494/1506 639/623][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: a1674500365bdd882188db63730e69a2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 7,7,7,0,0,0,7,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,7,0,0,31,15,0,0] 13 TCP 192.168.1.6:60555 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][DPI packets: 11][cat: Cloud/13][18 pkts/5861 bytes <-> 13 pkts/7901 bytes][Goodput ratio: 80/89][2.79 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: -0.148 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 192/269 2443/2490 625/741][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 326/608 1494/1506 448/617][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Firefox][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,16,11,0,0,5,0,0,0,5,5,0,0,11,0,5,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,22,0,0] - 14 UDP 192.168.1.6:51681 <-> 52.114.77.136:3478 [proto: 38/Skype_TeamsCall][IP: 276/Azure][Encrypted][Confidence: Match by port][DPI packets: 12][cat: VoIP/10][14 pkts/5838 bytes <-> 17 pkts/7907 bytes][Goodput ratio: 90/91][4.57 sec][bytes ratio: -0.151 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 347/256 2336/2336 693/595][Pkt Len c2s/s2c min/avg/max/stddev: 79/79 417/465 1243/1227 434/401][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy 7.83][PLAIN TEXT (TBHSWF)][Plen Bins: 0,36,0,0,0,12,6,0,3,6,0,0,0,3,0,0,0,0,0,0,0,0,0,6,6,0,0,0,0,0,3,0,3,3,0,0,0,9,0,0,0,0,0,0,0,0,0,0] + 14 UDP 192.168.1.6:51681 <-> 52.114.77.136:3478 [proto: 38/Skype_TeamsCall][IP: 276/Azure][Encrypted][Confidence: Match by port][DPI packets: 12][cat: VoIP/10][14 pkts/5838 bytes <-> 17 pkts/7907 bytes][Goodput ratio: 90/91][4.57 sec][bytes ratio: -0.151 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 347/256 2336/2336 693/595][Pkt Len c2s/s2c min/avg/max/stddev: 79/79 417/465 1243/1227 434/401][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 6.927 (Compressed Executable)][PLAIN TEXT (TBHSWF)][Plen Bins: 0,36,0,0,0,12,6,0,3,6,0,0,0,3,0,0,0,0,0,0,0,0,0,6,6,0,0,0,0,0,3,0,3,3,0,0,0,9,0,0,0,0,0,0,0,0,0,0] 15 TCP 192.168.1.6:60547 <-> 52.114.88.59:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][DPI packets: 14][cat: Collaborative/15][20 pkts/3926 bytes <-> 15 pkts/8828 bytes][Goodput ratio: 66/89][0.32 sec][Hostname/SNI: chatsvcagg.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.384 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/25 91/80 23/31][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 196/589 1494/1506 320/612][TLSv1.2][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,21,10,5,0,5,10,5,0,0,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,5,21,0,0] 16 TCP 192.168.1.6:60565 <-> 52.114.108.8:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][DPI packets: 5][cat: Collaborative/15][19 pkts/3306 bytes <-> 14 pkts/9053 bytes][Goodput ratio: 61/90][0.43 sec][Hostname/SNI: emea.ng.msg.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.465 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27/12 276/54 68/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 174/647 1060/1506 238/633][TLSv1.2][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,22,16,5,0,0,5,0,0,0,0,0,0,5,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,22,0,0] 17 TCP 192.168.1.6:60541 <-> 52.114.75.69:443 [proto: 91.125/TLS.Skype_Teams][IP: 276/Azure][Encrypted][Confidence: DPI][DPI packets: 10][cat: VoIP/10][13 pkts/4051 bytes <-> 9 pkts/7973 bytes][Goodput ratio: 79/92][0.14 sec][Hostname/SNI: eu-api.asm.skype.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.326 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/11 31/36 14/16][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 312/886 1494/1506 422/676][TLSv1.2][JA3C: 74d5fa154a7fc0a7c655d8eaa34b89bf][JA4: t12d1312h2_8b80da21ef18_b00751acaffa][ServerNames: *.asm.skype.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=*.asm.skype.com][Certificate SHA-1: B9:41:1D:AE:56:09:68:D2:07:D0:69:E1:68:00:08:2B:EF:63:1E:48][Validity: 2019-05-07 12:50:03 - 2021-05-07 12:50:03][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,8,0,8,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8,34,0,0] diff --git a/tests/cfgs/caches_global/result/teams.pcap.out b/tests/cfgs/caches_global/result/teams.pcap.out index 0832f0de1f2..27cabbb4c97 100644 --- a/tests/cfgs/caches_global/result/teams.pcap.out +++ b/tests/cfgs/caches_global/result/teams.pcap.out @@ -68,7 +68,7 @@ JA3 Host Stats: 11 TCP 192.168.1.6:60540 <-> 52.114.75.70:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][DPI packets: 5][cat: Collaborative/15][14 pkts/5711 bytes <-> 10 pkts/8093 bytes][Goodput ratio: 83/92][0.13 sec][Hostname/SNI: eu-prod.asyncgw.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.173 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/9 32/32 13/14][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 408/809 1494/1506 517/688][TLSv1.2][JA3C: 74d5fa154a7fc0a7c655d8eaa34b89bf][JA4: t12d1312h2_8b80da21ef18_b00751acaffa][Plen Bins: 0,7,0,7,0,0,0,15,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,15,31,0,0] 12 TCP 192.168.1.6:60537 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][DPI packets: 8][cat: Cloud/13][16 pkts/8418 bytes <-> 10 pkts/5367 bytes][Goodput ratio: 87/88][0.27 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.221 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/27 46/46 20/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 526/537 1494/1506 639/623][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: a1674500365bdd882188db63730e69a2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 7,7,7,0,0,0,7,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,7,0,0,31,15,0,0] 13 TCP 192.168.1.6:60555 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][DPI packets: 11][cat: Cloud/13][18 pkts/5861 bytes <-> 13 pkts/7901 bytes][Goodput ratio: 80/89][2.79 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: -0.148 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 192/269 2443/2490 625/741][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 326/608 1494/1506 448/617][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Firefox][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,16,11,0,0,5,0,0,0,5,5,0,0,11,0,5,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,22,0,0] - 14 UDP 192.168.1.6:51681 <-> 52.114.77.136:3478 [proto: 38/Skype_TeamsCall][IP: 276/Azure][Encrypted][Confidence: Match by port][DPI packets: 12][cat: VoIP/10][14 pkts/5838 bytes <-> 17 pkts/7907 bytes][Goodput ratio: 90/91][4.57 sec][bytes ratio: -0.151 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 347/256 2336/2336 693/595][Pkt Len c2s/s2c min/avg/max/stddev: 79/79 417/465 1243/1227 434/401][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy 7.83][PLAIN TEXT (TBHSWF)][Plen Bins: 0,36,0,0,0,12,6,0,3,6,0,0,0,3,0,0,0,0,0,0,0,0,0,6,6,0,0,0,0,0,3,0,3,3,0,0,0,9,0,0,0,0,0,0,0,0,0,0] + 14 UDP 192.168.1.6:51681 <-> 52.114.77.136:3478 [proto: 38/Skype_TeamsCall][IP: 276/Azure][Encrypted][Confidence: Match by port][DPI packets: 12][cat: VoIP/10][14 pkts/5838 bytes <-> 17 pkts/7907 bytes][Goodput ratio: 90/91][4.57 sec][bytes ratio: -0.151 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 347/256 2336/2336 693/595][Pkt Len c2s/s2c min/avg/max/stddev: 79/79 417/465 1243/1227 434/401][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 6.927 (Compressed Executable)][PLAIN TEXT (TBHSWF)][Plen Bins: 0,36,0,0,0,12,6,0,3,6,0,0,0,3,0,0,0,0,0,0,0,0,0,6,6,0,0,0,0,0,3,0,3,3,0,0,0,9,0,0,0,0,0,0,0,0,0,0] 15 TCP 192.168.1.6:60547 <-> 52.114.88.59:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][DPI packets: 14][cat: Collaborative/15][20 pkts/3926 bytes <-> 15 pkts/8828 bytes][Goodput ratio: 66/89][0.32 sec][Hostname/SNI: chatsvcagg.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.384 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/25 91/80 23/31][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 196/589 1494/1506 320/612][TLSv1.2][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,21,10,5,0,5,10,5,0,0,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,5,21,0,0] 16 TCP 192.168.1.6:60565 <-> 52.114.108.8:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][DPI packets: 5][cat: Collaborative/15][19 pkts/3306 bytes <-> 14 pkts/9053 bytes][Goodput ratio: 61/90][0.43 sec][Hostname/SNI: emea.ng.msg.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.465 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27/12 276/54 68/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 174/647 1060/1506 238/633][TLSv1.2][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,22,16,5,0,0,5,0,0,0,0,0,0,5,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,22,0,0] 17 TCP 192.168.1.6:60541 <-> 52.114.75.69:443 [proto: 91.125/TLS.Skype_Teams][IP: 276/Azure][Encrypted][Confidence: DPI][DPI packets: 10][cat: VoIP/10][13 pkts/4051 bytes <-> 9 pkts/7973 bytes][Goodput ratio: 79/92][0.14 sec][Hostname/SNI: eu-api.asm.skype.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.326 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/11 31/36 14/16][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 312/886 1494/1506 422/676][TLSv1.2][JA3C: 74d5fa154a7fc0a7c655d8eaa34b89bf][JA4: t12d1312h2_8b80da21ef18_b00751acaffa][ServerNames: *.asm.skype.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=*.asm.skype.com][Certificate SHA-1: B9:41:1D:AE:56:09:68:D2:07:D0:69:E1:68:00:08:2B:EF:63:1E:48][Validity: 2019-05-07 12:50:03 - 2021-05-07 12:50:03][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,8,0,8,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8,34,0,0] diff --git a/tests/cfgs/caches_global/result/zoom_p2p.pcapng.out b/tests/cfgs/caches_global/result/zoom_p2p.pcapng.out index 21c2b02c984..1efc36c1f47 100644 --- a/tests/cfgs/caches_global/result/zoom_p2p.pcapng.out +++ b/tests/cfgs/caches_global/result/zoom_p2p.pcapng.out @@ -35,12 +35,12 @@ Acceptable 763 271804 12 1 UDP 192.168.12.156:39065 <-> 192.168.1.226:46757 [proto: 189/Zoom][IP: 0/Unknown][Encrypted][Confidence: DPI (partial cache)][DPI packets: 12][cat: Video/26][148 pkts/108673 bytes <-> 174 pkts/110457 bytes][Goodput ratio: 94/93][1.67 sec][bytes ratio: -0.008 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/8 88/71 15/12][Pkt Len c2s/s2c min/avg/max/stddev: 127/98 734/635 1269/1302 277/371][PLAIN TEXT (192.168.1.226)][Plen Bins: 0,0,9,1,0,0,0,6,1,0,0,0,0,2,5,11,10,5,4,4,2,0,0,1,2,2,0,0,0,0,0,1,16,0,0,0,3,1,5,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.12.156:49579 -> 10.78.14.178:49586 [proto: 189/Zoom][IP: 0/Unknown][Encrypted][Confidence: DPI (partial cache)][DPI packets: 12][cat: Video/26][154 pkts/19404 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][4.51 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 28/0 82/0 14/0][Pkt Len c2s/s2c min/avg/max/stddev: 126/0 126/0 126/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (10.78.14.178)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.12.156:42208 -> 10.78.14.178:47312 [proto: 189/Zoom][IP: 0/Unknown][Encrypted][Confidence: DPI (partial cache)][DPI packets: 12][cat: Video/26][130 pkts/16380 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][2.24 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/0 82/0 18/0][Pkt Len c2s/s2c min/avg/max/stddev: 126/0 126/0 126/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (10.78.14.178)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 4 ICMP 206.247.10.253:0 -> 192.168.12.156:0 [proto: 81/ICMP][IP: 189/Zoom][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][40 pkts/4560 bytes -> 0 pkts/0 bytes][Goodput ratio: 63/0][38.24 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 895/0 2027/0 1000/0][Pkt Len c2s/s2c min/avg/max/stddev: 114/0 114/0 114/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 4 ICMP 206.247.10.253:0 -> 192.168.12.156:0 [proto: 81/ICMP][IP: 189/Zoom][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][40 pkts/4560 bytes -> 0 pkts/0 bytes][Goodput ratio: 63/0][38.24 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 895/0 2027/0 1000/0][Pkt Len c2s/s2c min/avg/max/stddev: 114/0 114/0 114/0 0/0][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy: 5.319 (Executable)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 5 UDP 192.168.12.1:17500 -> 192.168.12.255:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Cloud/13][16 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][450.15 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 30007/0 30010/0 30013/0 9/0][Pkt Len c2s/s2c min/avg/max/stddev: 174/0 174/0 174/0 0/0][PLAIN TEXT (version)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 6 UDP 192.168.12.156:38453 -> 206.247.87.213:3478 [proto: 78.189/STUN.Zoom][IP: 189/Zoom][ClearText][Confidence: DPI][DPI packets: 1][cat: Video/26][20 pkts/1720 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][38.30 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1974/0 2015/0 2040/0 19/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/0 86/0 86/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 7 UDP 192.168.12.156:39065 -> 206.247.87.213:3478 [proto: 78.189/STUN.Zoom][IP: 189/Zoom][ClearText][Confidence: DPI][DPI packets: 1][cat: Video/26][20 pkts/1720 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][38.30 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1976/0 2015/0 2040/0 18/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/0 86/0 86/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 8 UDP 192.168.12.156:42208 -> 206.247.10.253:3478 [proto: 78.189/STUN.Zoom][IP: 189/Zoom][ClearText][Confidence: DPI][DPI packets: 1][cat: Video/26][20 pkts/1720 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][38.24 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1990/0 2013/0 2032/0 13/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/0 86/0 86/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 9 UDP 192.168.12.156:49579 -> 206.247.10.253:3478 [proto: 78.189/STUN.Zoom][IP: 189/Zoom][ClearText][Confidence: DPI][DPI packets: 1][cat: Video/26][20 pkts/1720 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][38.24 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1990/0 2013/0 2030/0 12/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/0 86/0 86/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 10 ICMP 206.247.87.213:0 -> 192.168.12.156:0 [proto: 81/ICMP][IP: 189/Zoom][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][13 pkts/1482 bytes -> 0 pkts/0 bytes][Goodput ratio: 63/0][38.30 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 3298/0 22119/0 6017/0][Pkt Len c2s/s2c min/avg/max/stddev: 114/0 114/0 114/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 10 ICMP 206.247.87.213:0 -> 192.168.12.156:0 [proto: 81/ICMP][IP: 189/Zoom][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][13 pkts/1482 bytes -> 0 pkts/0 bytes][Goodput ratio: 63/0][38.30 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 3298/0 22119/0 6017/0][Pkt Len c2s/s2c min/avg/max/stddev: 114/0 114/0 114/0 0/0][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy: 5.315 (Executable)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 11 UDP 192.168.12.156:38453 -> 192.168.1.226:41036 [proto: 189/Zoom][IP: 0/Unknown][Encrypted][Confidence: DPI (partial cache)][DPI packets: 5][cat: Video/26][5 pkts/635 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][0.06 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (192.168.1.226)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 12 UDP 192.168.12.1:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][3 pkts/549 bytes -> 0 pkts/0 bytes][Goodput ratio: 77/0][384.13 sec][Hostname/SNI: _ipps._tcp.local][_ipps._tcp.local][PLAIN TEXT (webdav)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/1kxun.pcap.out b/tests/cfgs/default/result/1kxun.pcap.out index cd542bc9335..b3acf577f4b 100644 --- a/tests/cfgs/default/result/1kxun.pcap.out +++ b/tests/cfgs/default/result/1kxun.pcap.out @@ -19,7 +19,7 @@ Automa domain: 156/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 16/0 (search/found) Automa common alpns: 0/0 (search/found) -Patricia risk mask: 176/0 (search/found) +Patricia risk mask: 174/0 (search/found) Patricia risk mask IPv6: 6/0 (search/found) Patricia risk: 3/0 (search/found) Patricia risk IPv6: 25/0 (search/found) @@ -63,13 +63,13 @@ JA3 Host Stats: 6 TCP 192.168.2.126:46212 <-> 172.105.121.82:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][2 pkts/555 bytes <-> 12 pkts/124834 bytes][Goodput ratio: 76/99][1.58 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.991 (Download)][IAT c2s/s2c min/avg/max/stddev: 871/0 871/122 871/373 0/155][Pkt Len c2s/s2c min/avg/max/stddev: 277/386 278/10403 278/37506 0/10887][URL: pic.1kxun.com/video_kankan/images/releases/300/5183-51fb99a2391e774037ba21cbca307be4.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,14,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,57] 7 TCP 192.168.2.126:38316 <-> 172.105.121.82:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/273 bytes <-> 23 pkts/118294 bytes][Goodput ratio: 76/99][1.43 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.995 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/46 0/393 0/113][Pkt Len c2s/s2c min/avg/max/stddev: 273/388 273/5143 273/24546 0/5526][URL: pic.1kxun.com/video_kankan/images/videos/40701-8fa7d916c55e31f90fa55f450b716505.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,4,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,20,0,67] 8 TCP 192.168.2.126:49380 <-> 14.136.136.108:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Streaming/17][2 pkts/1172 bytes <-> 30 pkts/99876 bytes][Goodput ratio: 89/98][1.31 sec][Hostname/SNI: hkbn.content.1kxun.com][bytes ratio: -0.977 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/32 0/209 0/74][Pkt Len c2s/s2c min/avg/max/stddev: 580/351 586/3329 592/18786 6/3784][URL: hkbn.content.1kxun.com/manga-hant/images/project/cartoons/f05074256b39572ad852c1c95eb5f8a7.jpg][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (LGET /manga)][Plen Bins: 0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,53,0,34] - 9 TCP 192.168.2.126:36636 <-> 18.64.103.30:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 9][cat: Web/5][1 pkts/411 bytes <-> 29 pkts/98991 bytes][Goodput ratio: 84/98][0.08 sec][Hostname/SNI: hybird.rayjump.com][bytes ratio: -0.992 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/2 0/20 0/4][Pkt Len c2s/s2c min/avg/max/stddev: 411/1467 411/3413 411/5778 0/1722][URL: hybird.rayjump.com/rv-zip-2022/0428/tpl4-4209ad845e61d9ad67b6f04187d00be0.zip?md5filename=4209ad845e61d9ad67b6f04187d00be0&foldername=tpl4&layout=1&tpl=4&wfr=1&to=9999&alecfc=1&whs_chn=m][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][PLAIN TEXT (GET /rv)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,30,0,0,63] - 10 TCP 192.168.2.126:36654 <-> 18.64.103.30:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 9][cat: Web/5][1 pkts/363 bytes <-> 25 pkts/90800 bytes][Goodput ratio: 82/98][0.10 sec][Hostname/SNI: hybird.rayjump.com][bytes ratio: -0.992 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/3 0/18 0/5][Pkt Len c2s/s2c min/avg/max/stddev: 363/1494 363/3632 363/4350 0/1035][URL: hybird.rayjump.com/rv-zip-2019/1113/mini-260291c208bf3376b5111db855e89451.zip?md5filename=260291c208bf3376b5111db855e89451&foldername=mini][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][PLAIN TEXT (GET /rv)][Plen Bins: 0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,85] + 9 TCP 192.168.2.126:36636 <-> 18.64.103.30:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 9][cat: Web/5][1 pkts/411 bytes <-> 29 pkts/98991 bytes][Goodput ratio: 84/98][0.08 sec][Hostname/SNI: hybird.rayjump.com][bytes ratio: -0.992 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/2 0/20 0/4][Pkt Len c2s/s2c min/avg/max/stddev: 411/1467 411/3413 411/5778 0/1722][URL: hybird.rayjump.com/rv-zip-2022/0428/tpl4-4209ad845e61d9ad67b6f04187d00be0.zip?md5filename=4209ad845e61d9ad67b6f04187d00be0&foldername=tpl4&layout=1&tpl=4&wfr=1&to=9999&alecfc=1&whs_chn=m][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.552 (Executable)][PLAIN TEXT (GET /rv)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,30,0,0,63] + 10 TCP 192.168.2.126:36654 <-> 18.64.103.30:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 9][cat: Web/5][1 pkts/363 bytes <-> 25 pkts/90800 bytes][Goodput ratio: 82/98][0.10 sec][Hostname/SNI: hybird.rayjump.com][bytes ratio: -0.992 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/3 0/18 0/5][Pkt Len c2s/s2c min/avg/max/stddev: 363/1494 363/3632 363/4350 0/1035][URL: hybird.rayjump.com/rv-zip-2019/1113/mini-260291c208bf3376b5111db855e89451.zip?md5filename=260291c208bf3376b5111db855e89451&foldername=mini][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.485 (Executable)][PLAIN TEXT (GET /rv)][Plen Bins: 0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,85] 11 TCP 192.168.2.126:45416 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][8 pkts/7202 bytes <-> 24 pkts/83277 bytes][Goodput ratio: 93/98][16.31 sec][Hostname/SNI: mangaweb.1kxun.mobi][bytes ratio: -0.841 (Download)][IAT c2s/s2c min/avg/max/stddev: 186/0 2919/772 6045/5959 2744/1789][Pkt Len c2s/s2c min/avg/max/stddev: 500/709 900/3470 1180/14466 215/3207][URL: mangaweb.1kxun.mobi/js/vendor.bundle.js?1644807874][StatusCode: 200][Content-Type: application/javascript][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/vendor.bundle.j)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,3,0,0,12,0,0,0,0,0,0,0,3,3,3,6,0,0,0,0,0,0,0,3,0,0,21,0,41] 12 TCP 192.168.2.126:38326 <-> 172.105.121.82:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/273 bytes <-> 21 pkts/89010 bytes][Goodput ratio: 76/98][1.25 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.994 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/50 0/412 0/118][Pkt Len c2s/s2c min/avg/max/stddev: 273/387 273/4239 273/12489 0/2950][URL: pic.1kxun.com/video_kankan/images/videos/40730-48fd657abd5a1d3e45d03403ddcb0663.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,4,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,73] 13 TCP 192.168.2.126:46200 <-> 172.105.121.82:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][2 pkts/556 bytes <-> 18 pkts/82689 bytes][Goodput ratio: 76/99][1.24 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.987 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/56 0/375 0/119][Pkt Len c2s/s2c min/avg/max/stddev: 278/386 278/4594 278/21666 0/5421][URL: pic.1kxun.com/video_kankan/images/releases/301/5027-d707192bfa2dabf22771a4d56454ab88.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,10,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,35,0,45] 14 TCP 192.168.2.126:46184 <-> 172.105.121.82:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][3 pkts/829 bytes <-> 13 pkts/73655 bytes][Goodput ratio: 76/99][1.27 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.978 (Download)][IAT c2s/s2c min/avg/max/stddev: 392/0 392/81 392/368 0/134][Pkt Len c2s/s2c min/avg/max/stddev: 273/386 276/5666 278/23106 2/7129][URL: pic.1kxun.com/video_kankan/images/releases/299/4704-5017bcdcacc02cc3af4833cd1ed72a8f.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,18,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,25,0,37] - 15 TCP 192.168.2.126:36640 <-> 18.64.103.30:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 9][cat: Web/5][1 pkts/563 bytes <-> 20 pkts/65580 bytes][Goodput ratio: 88/98][0.06 sec][Hostname/SNI: hybird.rayjump.com][bytes ratio: -0.983 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/1 0/3 0/1][Pkt Len c2s/s2c min/avg/max/stddev: 563/1494 563/3279 563/5778 0/1489][URL: hybird.rayjump.com/rv-zip-2022/0428/endcard-dsp-1302-f2714a34f6661a70fedea1667fb7a9e4.zip?md5filename=f2714a34f6661a70fedea1667fb7a9e4&foldername=endcard-dsp-1302&mof=1&mof_uid=91199&n_imp=1&mof_pkg=com.sceneway.kankan&n_region=fk&alecfc=1&bait_click=1&mo][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][PLAIN TEXT (GET /rv)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,62] + 15 TCP 192.168.2.126:36640 <-> 18.64.103.30:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 9][cat: Web/5][1 pkts/563 bytes <-> 20 pkts/65580 bytes][Goodput ratio: 88/98][0.06 sec][Hostname/SNI: hybird.rayjump.com][bytes ratio: -0.983 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/1 0/3 0/1][Pkt Len c2s/s2c min/avg/max/stddev: 563/1494 563/3279 563/5778 0/1489][URL: hybird.rayjump.com/rv-zip-2022/0428/endcard-dsp-1302-f2714a34f6661a70fedea1667fb7a9e4.zip?md5filename=f2714a34f6661a70fedea1667fb7a9e4&foldername=endcard-dsp-1302&mof=1&mof_uid=91199&n_imp=1&mof_pkg=com.sceneway.kankan&n_region=fk&alecfc=1&bait_click=1&mo][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.428 (Executable)][PLAIN TEXT (GET /rv)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,62] 16 TCP 192.168.115.8:49600 <-> 106.187.35.246:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Streaming/17][18 pkts/1722 bytes <-> 51 pkts/61707 bytes][Goodput ratio: 42/95][45.37 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.946 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3472/1029 44994/45054 11986/6714][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 96/1210 416/1314 113/325][URL: pic.1kxun.com/video_kankan/images/videos/18283-jfyj3.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.9.7.1][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][PLAIN TEXT (GET /video)][Plen Bins: 3,0,0,0,0,0,0,0,0,1,0,3,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,91,0,0,0,0,0,0,0,0] 17 TCP 192.168.2.126:45398 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][3 pkts/2127 bytes <-> 18 pkts/58725 bytes][Goodput ratio: 91/98][4.35 sec][Hostname/SNI: mangaweb.1kxun.mobi][bytes ratio: -0.930 (Download)][IAT c2s/s2c min/avg/max/stddev: 229/0 229/262 229/3434 0/852][Pkt Len c2s/s2c min/avg/max/stddev: 490/551 709/3262 821/7266 155/2191][URL: mangaweb.1kxun.mobi/js/dependency-all.js][StatusCode: 200][Content-Type: application/javascript][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/dependency)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,4,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,39,0,43] 18 TCP 192.168.2.126:49354 <-> 14.136.136.108:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][2 pkts/1184 bytes <-> 19 pkts/53234 bytes][Goodput ratio: 89/98][1.04 sec][Hostname/SNI: hkbn.content.1kxun.com][bytes ratio: -0.956 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/26 0/204 0/67][Pkt Len c2s/s2c min/avg/max/stddev: 592/351 592/2802 592/8706 0/2084][URL: hkbn.content.1kxun.com/manga-hant/images/project/cartoons/7e07d4417e0edc98d327d0ddfd3e227a.jpg?format=webp][StatusCode: 200][Content-Type: image/webp][Server: openresty/1.9.7.4][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (/GET /manga)][Plen Bins: 0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,38,0,42] @@ -80,12 +80,12 @@ JA3 Host Stats: 23 TCP 192.168.115.8:49599 <-> 106.187.35.246:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Streaming/17][16 pkts/1612 bytes <-> 27 pkts/29579 bytes][Goodput ratio: 45/95][45.24 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.897 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 12/6 66/65 23/18][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 101/1096 415/1314 119/461][URL: pic.1kxun.com/video_kankan/images/videos/13480-alps.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.9.7.1][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][PLAIN TEXT (GET /video)][Plen Bins: 7,3,0,0,0,0,0,0,0,3,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,79,0,0,0,0,0,0,0,0] 24 TCP 192.168.2.126:44368 <-> 172.217.18.98:80 [proto: 7.239/HTTP.GoogleServices][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/489 bytes <-> 16 pkts/29841 bytes][Goodput ratio: 86/96][0.06 sec][Hostname/SNI: www.googletagservices.com][bytes ratio: -0.968 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/2 0/22 0/6][Pkt Len c2s/s2c min/avg/max/stddev: 489/491 489/1865 489/2902 0/738][URL: www.googletagservices.com/tag/js/gpt.js][StatusCode: 200][Content-Type: text/javascript][Server: sffe][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /tag/js/gpt.j)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,59,0,0,29] 25 TCP 192.168.2.126:38354 <-> 142.250.186.34:80 [proto: 7.126/HTTP.Google][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 9][cat: Advertisement/101][1 pkts/586 bytes <-> 12 pkts/28355 bytes][Goodput ratio: 89/97][0.08 sec][Hostname/SNI: pagead2.googlesyndication.com][bytes ratio: -0.960 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/3 0/23 0/7][Pkt Len c2s/s2c min/avg/max/stddev: 586/687 586/2363 586/2902 0/788][URL: pagead2.googlesyndication.com/pagead/show_ads.js][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /pagead/show)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0,62] - 26 TCP 192.168.2.126:35664 <-> 18.66.2.90:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/249 bytes <-> 9 pkts/27029 bytes][Goodput ratio: 73/98][0.02 sec][Hostname/SNI: cdn.liftoff.io][bytes ratio: -0.982 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/1 0/3 0/1][Pkt Len c2s/s2c min/avg/max/stddev: 249/797 249/3003 249/4350 0/1362][URL: cdn.liftoff.io/customers/45d4b09eba/image/lambda_jpg_89/398101234e6cf5b3a8d8.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: AmazonS3][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (GET /customers/45)][Plen Bins: 0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,60] + 26 TCP 192.168.2.126:35664 <-> 18.66.2.90:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/249 bytes <-> 9 pkts/27029 bytes][Goodput ratio: 73/98][0.02 sec][Hostname/SNI: cdn.liftoff.io][bytes ratio: -0.982 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/1 0/3 0/1][Pkt Len c2s/s2c min/avg/max/stddev: 249/797 249/3003 249/4350 0/1362][URL: cdn.liftoff.io/customers/45d4b09eba/image/lambda_jpg_89/398101234e6cf5b3a8d8.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: AmazonS3][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.428 (Executable)][PLAIN TEXT (GET /customers/45)][Plen Bins: 0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,60] 27 TCP 192.168.115.8:49603 <-> 106.187.35.246:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Streaming/17][12 pkts/1396 bytes <-> 22 pkts/24184 bytes][Goodput ratio: 52/95][45.24 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.891 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5632/4 45001/65 14880/15][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 116/1099 415/1314 134/455][URL: pic.1kxun.com/video_kankan/images/videos/16649-ljdz.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.9.7.1][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][PLAIN TEXT (GET /video)][Plen Bins: 8,0,0,0,0,0,0,0,0,4,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,75,0,0,0,0,0,0,0,0] 28 TCP 192.168.2.126:36732 <-> 142.250.186.174:80 [proto: 7.126/HTTP.Google][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 2][cat: Advertisement/101][1 pkts/487 bytes <-> 10 pkts/21123 bytes][Goodput ratio: 86/97][0.05 sec][Hostname/SNI: www.google-analytics.com][bytes ratio: -0.955 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/3 0/21 0/7][Pkt Len c2s/s2c min/avg/max/stddev: 487/677 487/2112 487/2902 0/822][URL: www.google-analytics.com/analytics.js][StatusCode: 200][Content-Type: text/javascript][Server: Golfe2][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /analytics.js HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,36,0,0,45] 29 TCP 192.168.2.126:45388 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][2 pkts/1315 bytes <-> 8 pkts/18984 bytes][Goodput ratio: 90/97][4.33 sec][Hostname/SNI: mangaweb.1kxun.mobi][bytes ratio: -0.870 (Download)][IAT c2s/s2c min/avg/max/stddev: 3965/0 3965/593 3965/3966 0/1379][Pkt Len c2s/s2c min/avg/max/stddev: 509/1287 658/2373 806/8258 148/2234][URL: mangaweb.1kxun.mobi/js/swiper/swiper.min.css][StatusCode: 200][Content-Type: text/css][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/swiper/swiper.min.css H)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,10,0,0,0,0,40,0,20] - 30 TCP 192.168.115.8:49609 <-> 42.120.51.152:8080 [proto: 7/HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 9][cat: Web/5][20 pkts/4716 bytes <-> 13 pkts/7005 bytes][Goodput ratio: 77/90][1.19 sec][Hostname/SNI: 42.120.51.152][bytes ratio: -0.195 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 49/52 298/178 81/57][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 236/539 499/1314 193/556][URL: 42.120.51.152:8080/api/proxy?url=http%3A%2F%2Fvv.video.qq.com%2Fgetvinfo][StatusCode: 100][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.0][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 42.120.51.152 / Expected on port 80][PLAIN TEXT (POST /api/proxy)][Plen Bins: 11,0,0,0,0,0,0,22,0,0,0,0,0,33,0,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,0,0,0,0] - 31 TCP 192.168.2.126:37100 <-> 52.29.177.177:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 4][cat: Web/5][12 pkts/8973 bytes <-> 4 pkts/687 bytes][Goodput ratio: 91/61][7.04 sec][Hostname/SNI: adx-tk.rayjump.com][bytes ratio: 0.858 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/185 697/1192 4610/2198 1454/1006][Pkt Len c2s/s2c min/avg/max/stddev: 86/169 748/172 1506/180 594/5][StatusCode: 204][Server: nginx][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /track)][Plen Bins: 25,0,0,25,0,0,0,0,0,0,0,0,0,0,12,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] + 30 TCP 192.168.115.8:49609 <-> 42.120.51.152:8080 [proto: 7/HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 9][cat: Web/5][20 pkts/4716 bytes <-> 13 pkts/7005 bytes][Goodput ratio: 77/90][1.19 sec][Hostname/SNI: 42.120.51.152][bytes ratio: -0.195 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 49/52 298/178 81/57][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 236/539 499/1314 193/556][URL: 42.120.51.152:8080/api/proxy?url=http%3A%2F%2Fvv.video.qq.com%2Fgetvinfo][StatusCode: 100][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.0][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **][Risk Score: 110][Risk Info: Found host 42.120.51.152 / Expected on port 80 / Entropy: 5.310 (Executable)][PLAIN TEXT (POST /api/proxy)][Plen Bins: 11,0,0,0,0,0,0,22,0,0,0,0,0,33,0,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,0,0,0,0] + 31 TCP 192.168.2.126:37100 <-> 52.29.177.177:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 4][cat: Web/5][12 pkts/8973 bytes <-> 4 pkts/687 bytes][Goodput ratio: 91/61][7.04 sec][Hostname/SNI: adx-tk.rayjump.com][bytes ratio: 0.858 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/185 697/1192 4610/2198 1454/1006][Pkt Len c2s/s2c min/avg/max/stddev: 86/169 748/172 1506/180 594/5][StatusCode: 204][Server: nginx][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.814 (Executable)][PLAIN TEXT (GET /track)][Plen Bins: 25,0,0,25,0,0,0,0,0,0,0,0,0,0,12,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] 32 TCP 192.168.5.16:53627 <-> 203.69.81.73:80 [proto: 7.315/HTTP.Line][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Chat/9][6 pkts/676 bytes <-> 8 pkts/8822 bytes][Goodput ratio: 40/94][0.02 sec][Hostname/SNI: dl-obs.official.line.naver.jp][bytes ratio: -0.858 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 4/2 10/8 4/3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 113/1103 334/1514 99/610][URL: dl-obs.official.line.naver.jp/r/talk/m/4697716954688/preview][StatusCode: 200][Content-Type: image/jpeg][User-Agent: DESKTOP:MAC:10.10.5-YOSEMITE(4.7.2)][PLAIN TEXT (FGET /r/talk/m/4697716954688/pr)][Plen Bins: 0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,71,0,0] 33 TCP 192.168.5.16:53628 <-> 203.69.81.73:80 [proto: 7.315/HTTP.Line][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Chat/9][6 pkts/676 bytes <-> 8 pkts/8482 bytes][Goodput ratio: 40/94][0.01 sec][Hostname/SNI: dl-obs.official.line.naver.jp][bytes ratio: -0.852 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/2 10/6 4/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 113/1060 334/1514 99/620][URL: dl-obs.official.line.naver.jp/r/talk/m/4697716971500/preview][StatusCode: 200][Content-Type: image/jpeg][User-Agent: DESKTOP:MAC:10.10.5-YOSEMITE(4.7.2)][PLAIN TEXT (GGET /r/talk/m/4697716971500/pr)][Plen Bins: 0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,71,0,0] 34 UDP [fe80::9bd:81dd:2fdc:5750]:1900 -> [ff02::c]:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][16 pkts/8921 bytes -> 0 pkts/0 bytes][Goodput ratio: 89/0][8.40 sec][Hostname/SNI: [ff02::c]:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 103/0 512/0 2044/0 527/0][Pkt Len c2s/s2c min/avg/max/stddev: 510/0 558/0 590/0 30/0][PLAIN TEXT (NOTIFY )][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,12,56,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -93,37 +93,37 @@ JA3 Host Stats: 36 TCP 192.168.2.126:49370 <-> 14.136.136.108:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/580 bytes <-> 4 pkts/7749 bytes][Goodput ratio: 88/97][0.22 sec][Hostname/SNI: hkbn.content.1kxun.com][URL: hkbn.content.1kxun.com/manga-hant/images/project/cartoons/b057f5cd8fe013d2299b57f14faa5fa9.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.9.7.4][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (AGET /manga)][Plen Bins: 0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,20] 37 TCP 192.168.2.126:45422 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 5][cat: Streaming/17][3 pkts/2139 bytes <-> 4 pkts/6060 bytes][Goodput ratio: 91/96][4.31 sec][Hostname/SNI: mangaweb.1kxun.mobi][bytes ratio: -0.478 (Download)][IAT c2s/s2c min/avg/max/stddev: 221/224 2062/1374 3902/3898 1841/1787][Pkt Len c2s/s2c min/avg/max/stddev: 502/1413 713/1515 819/1720 149/124][URL: mangaweb.1kxun.mobi/images/detail_revision/go_homepage.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/application.min.j)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,14,0,14] 38 TCP 192.168.2.126:60148 <-> 172.105.121.82:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][2 pkts/536 bytes <-> 3 pkts/7066 bytes][Goodput ratio: 75/97][0.56 sec][Hostname/SNI: pic.1kxun.com][URL: pic.1kxun.com/video_kankan/images/icons/5-328e3cdf244c003df08754cca05fbc2f.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,40,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20] - 39 TCP 119.235.235.84:443 <-> 192.168.5.16:53406 [proto: 91/TLS][IP: 315/Line][Encrypted][Confidence: Match by port][DPI packets: 20][cat: Web/5][13 pkts/6269 bytes <-> 10 pkts/1165 bytes][Goodput ratio: 88/51][18.02 sec][bytes ratio: 0.687 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/31 352/2546 3289/14274 980/4917][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 482/116 1514/386 582/101][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy 7.83][Plen Bins: 23,7,0,0,0,15,7,0,7,0,7,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0] + 39 TCP 119.235.235.84:443 <-> 192.168.5.16:53406 [proto: 91/TLS][IP: 315/Line][Encrypted][Confidence: Match by port][DPI packets: 20][cat: Web/5][13 pkts/6269 bytes <-> 10 pkts/1165 bytes][Goodput ratio: 88/51][18.02 sec][bytes ratio: 0.687 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/31 352/2546 3289/14274 980/4917][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 482/116 1514/386 582/101][Plen Bins: 23,7,0,0,0,15,7,0,7,0,7,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0] 40 TCP 192.168.2.126:38314 <-> 172.105.121.82:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/273 bytes <-> 4 pkts/6346 bytes][Goodput ratio: 76/96][0.33 sec][Hostname/SNI: pic.1kxun.com][URL: pic.1kxun.com/video_kankan/images/videos/40750-585645353a7a47615755b7714c611835.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,20,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,20] 41 TCP 192.168.2.126:45414 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][3 pkts/2118 bytes <-> 3 pkts/3518 bytes][Goodput ratio: 91/94][4.32 sec][Hostname/SNI: mangaweb.1kxun.mobi][bytes ratio: -0.248 (Download)][IAT c2s/s2c min/avg/max/stddev: 215/216 2066/2066 3917/3916 1851/1850][Pkt Len c2s/s2c min/avg/max/stddev: 482/758 706/1173 819/1456 158/300][URL: mangaweb.1kxun.mobi/js/fb-sdk.js][StatusCode: 200][Content-Type: application/javascript][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/fb)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,16,0,34,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,16,0,0,0,0] 42 TCP 192.168.2.126:47246 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][2 pkts/1872 bytes <-> 2 pkts/3374 bytes][Goodput ratio: 93/96][1.30 sec][Hostname/SNI: kankan.1kxun.com][URL: kankan.1kxun.com/video_kankan_tags/v2/api/homePageVideoCollections/HomePageBanners?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28][StatusCode: 200][Content-Type: application/json][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25] - 43 TCP 192.168.2.126:36660 <-> 18.64.103.30:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 4][cat: Web/5][1 pkts/328 bytes <-> 3 pkts/4733 bytes][Goodput ratio: 80/96][0.03 sec][Hostname/SNI: hybird.rayjump.com][URL: hybird.rayjump.com/rv/endv4.html?mof=1&ec_id=4&mof_uid=91199&n_imp=1&unit_id=8881&sdk_version=mal_8.7.4][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][PLAIN TEXT (GET /rv/endv4.html)][Plen Bins: 0,0,0,0,0,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,25] + 43 TCP 192.168.2.126:36660 <-> 18.64.103.30:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 4][cat: Web/5][1 pkts/328 bytes <-> 3 pkts/4733 bytes][Goodput ratio: 80/96][0.03 sec][Hostname/SNI: hybird.rayjump.com][URL: hybird.rayjump.com/rv/endv4.html?mof=1&ec_id=4&mof_uid=91199&n_imp=1&unit_id=8881&sdk_version=mal_8.7.4][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.481 (Executable)][PLAIN TEXT (GET /rv/endv4.html)][Plen Bins: 0,0,0,0,0,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,25] 44 TCP 192.168.115.8:49608 <-> 203.205.151.234:80 [proto: 7.48/HTTP.QQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Chat/9][18 pkts/3550 bytes <-> 7 pkts/1400 bytes][Goodput ratio: 71/72][1.09 sec][Hostname/SNI: vv.video.qq.com][bytes ratio: 0.434 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 70/191 476/506 136/201][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 197/200 499/372 176/149][URL: vv.video.qq.com/getvinfo][StatusCode: 100][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.0][PLAIN TEXT (POST /getvinfo HTTP/1.1)][Plen Bins: 15,0,0,0,0,15,15,0,0,23,0,0,0,30,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 45 UDP 192.168.119.1:67 -> 255.255.255.255:68 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][14 pkts/4788 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][43.01 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 412/0 3106/0 12289/0 3176/0][Pkt Len c2s/s2c min/avg/max/stddev: 342/0 342/0 342/0 0/0][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 46 TCP 192.168.5.16:53580 <-> 31.13.87.36:443 [proto: 91/TLS][IP: 119/Facebook][Encrypted][Confidence: DPI][DPI packets: 4][cat: Web/5][4 pkts/2050 bytes <-> 5 pkts/2297 bytes][Goodput ratio: 87/86][0.18 sec][bytes ratio: -0.057 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 4/0 60/44 176/133 82/54][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 512/459 1159/1464 468/536][Plen Bins: 0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,20,0,0,0,0] - 47 TCP 192.168.115.8:49613 <-> 183.131.48.144:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Media/1][7 pkts/1408 bytes <-> 5 pkts/2611 bytes][Goodput ratio: 71/89][0.15 sec][Hostname/SNI: 183.131.48.144][bytes ratio: -0.299 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 14/25 69/67 28/30][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 201/522 557/1078 225/465][URL: 183.131.48.144/vlive.qqvideo.tc.qq.com/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE656][StatusCode: 206][Content-Type: video/mp4][Risk: ** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 110][Risk Info: Found host 183.131.48.144 / Empty or missing User-Agent][PLAIN TEXT (GET /vlive.qq)][Plen Bins: 0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 47 TCP 192.168.115.8:49613 <-> 183.131.48.144:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Media/1][7 pkts/1408 bytes <-> 5 pkts/2611 bytes][Goodput ratio: 71/89][0.15 sec][Hostname/SNI: 183.131.48.144][bytes ratio: -0.299 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 14/25 69/67 28/30][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 201/522 557/1078 225/465][URL: 183.131.48.144/vlive.qqvideo.tc.qq.com/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE656][StatusCode: 206][Content-Type: video/mp4][Risk: ** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **][Risk Score: 160][Risk Info: Found host 183.131.48.144 / Empty or missing User-Agent / Entropy: 5.207 (Executable)][PLAIN TEXT (GET /vlive.qq)][Plen Bins: 0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 48 TCP 192.168.5.16:53623 <-> 192.168.115.75:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][11 pkts/1959 bytes <-> 8 pkts/1683 bytes][Goodput ratio: 67/72][20.95 sec][Hostname/SNI: 192.168.115.75][bytes ratio: 0.076 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 2323/4176 15252/15254 4895/5951][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 178/210 1067/1055 288/323][Risk: ** Weak TLS Cipher **** HTTP/TLS/QUIC Numeric Hostname/SNI **** TLS (probably) Not Carrying HTTPS **][Risk Score: 120][Risk Info: 192.168.115.75 / No ALPN / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: 799135475da362592a4be9199d258726][JA4: t12i370500_07a749158664_d075105c1994][JA3S: 573a9f3f80037fb40d481e2054def5bb (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 14,14,14,0,0,14,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 49 TCP 192.168.5.16:53625 <-> 192.168.115.75:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][11 pkts/1955 bytes <-> 8 pkts/1683 bytes][Goodput ratio: 67/72][6.76 sec][Hostname/SNI: 192.168.115.75][bytes ratio: 0.075 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 746/1336 5987/5987 1865/2341][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 178/210 1067/1055 287/323][Risk: ** Weak TLS Cipher **** HTTP/TLS/QUIC Numeric Hostname/SNI **** TLS (probably) Not Carrying HTTPS **][Risk Score: 120][Risk Info: 192.168.115.75 / No ALPN / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: 618ee2509ef52bf0b8216e1564eea909][JA4: t12i370400_07a749158664_e64f6000bf4d][JA3S: 573a9f3f80037fb40d481e2054def5bb (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 14,14,14,0,0,14,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 50 TCP 192.168.2.126:42554 <-> 35.156.44.13:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][4 pkts/3091 bytes <-> 2 pkts/444 bytes][Goodput ratio: 91/70][2.57 sec][Hostname/SNI: de01.rayjump.com][bytes ratio: 0.749 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/2543 847/2543 2537/2543 1195/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/222 773/222 1506/222 647/0][URL: de01.rayjump.com/onlyImpression?k=629bea20a4e5410001f01c7x&mp=fURPDr5tiUStf7V2fajMiaveHUveDAJ96aiPfU5IiARTfnHIGal9i%2BMefbMM6jxc6aRAGaxIi%2BMPfdMei%2BewDke6Go9bWUxIi099WUR%2Fi%2BegYFKgY75IhFx8%2BFJML7K%2FH5K9GaHIinhPfdleialM6azIHkPIG%2BeIGnR%2FiUjPWUNMWUR][StatusCode: 200][Content-Type: text/plain][Server: nginx][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (FGET /onlyImpression)][Plen Bins: 16,0,0,16,34,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,16,0,0] + 50 TCP 192.168.2.126:42554 <-> 35.156.44.13:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][4 pkts/3091 bytes <-> 2 pkts/444 bytes][Goodput ratio: 91/70][2.57 sec][Hostname/SNI: de01.rayjump.com][bytes ratio: 0.749 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/2543 847/2543 2537/2543 1195/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/222 773/222 1506/222 647/0][URL: de01.rayjump.com/onlyImpression?k=629bea20a4e5410001f01c7x&mp=fURPDr5tiUStf7V2fajMiaveHUveDAJ96aiPfU5IiARTfnHIGal9i%2BMefbMM6jxc6aRAGaxIi%2BMPfdMei%2BewDke6Go9bWUxIi099WUR%2Fi%2BegYFKgY75IhFx8%2BFJML7K%2FH5K9GaHIinhPfdleialM6azIHkPIG%2BeIGnR%2FiUjPWUNMWUR][StatusCode: 200][Content-Type: text/plain][Server: nginx][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.839 (Executable)][PLAIN TEXT (FGET /onlyImpression)][Plen Bins: 16,0,0,16,34,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,16,0,0] 51 TCP 192.168.5.16:53629 <-> 192.168.115.75:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][10 pkts/1895 bytes <-> 7 pkts/1623 bytes][Goodput ratio: 69/75][6.08 sec][Hostname/SNI: 192.168.115.75][bytes ratio: 0.077 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 753/1500 5998/5998 1982/2597][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 190/232 1067/1055 299/340][Risk: ** Weak TLS Cipher **** HTTP/TLS/QUIC Numeric Hostname/SNI **** TLS (probably) Not Carrying HTTPS **][Risk Score: 120][Risk Info: 192.168.115.75 / No ALPN / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: 618ee2509ef52bf0b8216e1564eea909][JA4: t12i370400_07a749158664_e64f6000bf4d][JA3S: 573a9f3f80037fb40d481e2054def5bb (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 14,14,14,0,0,14,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 52 TCP 192.168.115.8:49605 <-> 106.185.35.110:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Streaming/17][8 pkts/1128 bytes <-> 5 pkts/2282 bytes][Goodput ratio: 60/87][0.09 sec][Hostname/SNI: jp.kankan.1kxun.mobi][bytes ratio: -0.338 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/16 36/43 13/19][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 141/456 390/1314 144/512][URL: jp.kankan.1kxun.mobi/api/videos/10410.json][StatusCode: 200][Content-Type: application/json][Server: openresty/1.9.7.1][Risk: ** HTTP Susp User-Agent **][Risk Score: 100][Risk Info: Empty or missing User-Agent][PLAIN TEXT (GET /api/videos/10410.j)][Plen Bins: 20,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0] - 53 TCP 192.168.2.126:33042 <-> 3.122.190.70:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/1986 bytes <-> 2 pkts/1328 bytes][Goodput ratio: 93/90][2.20 sec][Hostname/SNI: click.liftoff.io][URL: click.liftoff.io/v1/campaign_click/ddfWbX-c_ZpIF_3wE-XgJSwRJPn_5OpS9IR6X4XG91XQL6ssRLV4QPLSEQgWyRbP_OAHXGp-3z8zKxdRjL-BT6h7z46z4qmAWxR5DboEhr1DytY4W5gfQLUcV6yE3POR7PrQlrVbVtH-7uW1oie-jkR4naGHTVVHKv5kFXBJ9yTIX-JngaE2MMTER1HuBx9qTlyLhiZCtWSUSv4Ze5z4QuGqjWij][StatusCode: 200][Content-Type: image/png][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /v1/campaign)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 53 TCP 192.168.2.126:33042 <-> 3.122.190.70:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/1986 bytes <-> 2 pkts/1328 bytes][Goodput ratio: 93/90][2.20 sec][Hostname/SNI: click.liftoff.io][URL: click.liftoff.io/v1/campaign_click/ddfWbX-c_ZpIF_3wE-XgJSwRJPn_5OpS9IR6X4XG91XQL6ssRLV4QPLSEQgWyRbP_OAHXGp-3z8zKxdRjL-BT6h7z46z4qmAWxR5DboEhr1DytY4W5gfQLUcV6yE3POR7PrQlrVbVtH-7uW1oie-jkR4naGHTVVHKv5kFXBJ9yTIX-JngaE2MMTER1HuBx9qTlyLhiZCtWSUSv4Ze5z4QuGqjWij][StatusCode: 200][Content-Type: image/png][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 6.072 (Executable)][PLAIN TEXT (GET /v1/campaign)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 54 TCP 192.168.2.126:50176 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/1185 bytes <-> 2 pkts/2082 bytes][Goodput ratio: 94/94][0.19 sec][Hostname/SNI: mangaweb.1kxun.mobi][URL: mangaweb.1kxun.mobi/images/list_default.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /images/list)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,33,0,0] 55 TCP 192.168.5.16:53626 <-> 192.168.115.75:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][11 pkts/1943 bytes <-> 8 pkts/1267 bytes][Goodput ratio: 66/63][8.90 sec][Hostname/SNI: 192.168.115.75][bytes ratio: 0.211 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 982/1763 6000/6000 1978/2381][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 177/158 1051/639 283/188][Risk: ** Weak TLS Cipher **** HTTP/TLS/QUIC Numeric Hostname/SNI **** TLS (probably) Not Carrying HTTPS **][Risk Score: 120][Risk Info: 192.168.115.75 / No ALPN / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: 799135475da362592a4be9199d258726][JA4: t12i370500_07a749158664_d075105c1994][JA3S: 573a9f3f80037fb40d481e2054def5bb (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 14,14,14,0,0,14,14,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 56 TCP 192.168.115.8:49597 <-> 106.185.35.110:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Streaming/17][10 pkts/1394 bytes <-> 4 pkts/1464 bytes][Goodput ratio: 59/83][45.16 sec][Hostname/SNI: jp.kankan.1kxun.mobi][bytes ratio: -0.024 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/4 5639/28 44799/53 14801/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 139/366 468/1272 164/523][URL: jp.kankan.1kxun.mobi/api/videos/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377698][StatusCode: 200][Content-Type: application/x-javascript][Server: openresty/1.9.7.1][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][PLAIN TEXT (GET /api/videos/10410.j)][Plen Bins: 40,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0] - 57 TCP 192.168.2.126:35426 <-> 8.209.112.118:80 [proto: 7/HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 5][cat: Web/5][4 pkts/2668 bytes <-> 1 pkts/142 bytes][Goodput ratio: 92/62][0.02 sec][Hostname/SNI: analytics.rayjump.com][URL: analytics.rayjump.com/][StatusCode: 204][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (POST / HTTP/1.1)][Plen Bins: 20,0,20,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0] - 58 TCP 192.168.2.126:41390 <-> 18.64.79.37:80 [proto: 7.126/HTTP.Google][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/492 bytes <-> 3 pkts/2123 bytes][Goodput ratio: 86/91][0.03 sec][Hostname/SNI: google.open-js.com][URL: google.open-js.com/doubleclick/ca0ecde2.js][StatusCode: 200][Content-Type: application/javascript][Server: AmazonS3][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (SGET /doubleclick/ca0)][Plen Bins: 0,25,0,0,0,0,0,0,0,0,0,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0] + 57 TCP 192.168.2.126:35426 <-> 8.209.112.118:80 [proto: 7/HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 5][cat: Web/5][4 pkts/2668 bytes <-> 1 pkts/142 bytes][Goodput ratio: 92/62][0.02 sec][Hostname/SNI: analytics.rayjump.com][URL: analytics.rayjump.com/][StatusCode: 204][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.261 (Executable)][PLAIN TEXT (POST / HTTP/1.1)][Plen Bins: 20,0,20,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0] + 58 TCP 192.168.2.126:41390 <-> 18.64.79.37:80 [proto: 7.126/HTTP.Google][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/492 bytes <-> 3 pkts/2123 bytes][Goodput ratio: 86/91][0.03 sec][Hostname/SNI: google.open-js.com][URL: google.open-js.com/doubleclick/ca0ecde2.js][StatusCode: 200][Content-Type: application/javascript][Server: AmazonS3][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.486 (Executable)][PLAIN TEXT (SGET /doubleclick/ca0)][Plen Bins: 0,25,0,0,0,0,0,0,0,0,0,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0] 59 TCP 192.168.2.126:56096 <-> 3.72.69.158:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/857 bytes <-> 1 pkts/1706 bytes][Goodput ratio: 92/96][0.02 sec][Hostname/SNI: setting.rayjump.com][URL: setting.rayjump.com/setting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=][StatusCode: 200][Content-Type: text/plain][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (GET /setting)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50] 60 TCP 31.13.87.1:443 <-> 192.168.5.16:53578 [proto: 91/TLS][IP: 119/Facebook][Encrypted][Confidence: DPI][DPI packets: 3][cat: Web/5][5 pkts/1006 bytes <-> 5 pkts/1487 bytes][Goodput ratio: 67/78][0.26 sec][bytes ratio: -0.193 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 64/64 205/212 84/87][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 201/297 471/1223 139/463][Plen Bins: 0,0,40,20,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0] 61 UDP 192.168.5.57:55809 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][14 pkts/2450 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][56.94 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2968/0 4488/0 17921/0 4136/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 62 TCP 192.168.115.8:49598 <-> 222.73.254.167:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Streaming/17][10 pkts/1406 bytes <-> 4 pkts/980 bytes][Goodput ratio: 60/75][45.21 sec][Hostname/SNI: kankan.1kxun.com][bytes ratio: 0.179 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/9 5643/40 44798/70 14800/30][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 141/245 474/788 167/314][URL: kankan.1kxun.com/api/videos/alsolikes/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377899][StatusCode: 200][Content-Type: application/json][Server: openresty/1.9.3.2][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][PLAIN TEXT (GET /api/videos/alsolikes/10410)][Plen Bins: 40,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 63 TCP 192.168.115.8:49612 <-> 183.131.48.145:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Web/5][10 pkts/1428 bytes <-> 4 pkts/867 bytes][Goodput ratio: 60/73][0.23 sec][Hostname/SNI: 183.131.48.145][bytes ratio: 0.244 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 28/42 74/83 34/42][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 143/217 486/687 172/271][URL: 183.131.48.145/vlive.qqvideo.tc.qq.com/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE656][StatusCode: 302][Server: httpserver][Risk: ** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 110][Risk Info: Found host 183.131.48.145 / Empty or missing User-Agent][PLAIN TEXT (GET /vlive.qq)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 63 TCP 192.168.115.8:49612 <-> 183.131.48.145:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Web/5][10 pkts/1428 bytes <-> 4 pkts/867 bytes][Goodput ratio: 60/73][0.23 sec][Hostname/SNI: 183.131.48.145][bytes ratio: 0.244 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 28/42 74/83 34/42][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 143/217 486/687 172/271][URL: 183.131.48.145/vlive.qqvideo.tc.qq.com/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE656][StatusCode: 302][Server: httpserver][Risk: ** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **][Risk Score: 160][Risk Info: Found host 183.131.48.145 / Empty or missing User-Agent / Entropy: 5.112 (Executable)][PLAIN TEXT (GET /vlive.qq)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 64 UDP 192.168.5.44:51389 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][13 pkts/2275 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][59.19 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2967/0 5110/0 15056/0 4451/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 65 TCP 192.168.2.126:45424 <-> 161.117.13.29:80 [proto: 7/HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/480 bytes <-> 1 pkts/1787 bytes][Goodput ratio: 86/96][0.19 sec][Hostname/SNI: tcad.wedolook.com][URL: tcad.wedolook.com/js/websdk.js][StatusCode: 200][Content-Type: application/javascript][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/websdk.js HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50] 66 UDP 192.168.3.95:59468 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][12 pkts/2100 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][45.06 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2967/0 4198/0 14952/0 3585/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 67 UDP 192.168.5.9:55484 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][12 pkts/2100 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][49.87 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2968/0 4680/0 19869/0 5063/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 68 TCP 192.168.2.126:50148 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/1180 bytes <-> 1 pkts/832 bytes][Goodput ratio: 94/92][0.18 sec][Hostname/SNI: mangaweb.1kxun.mobi][URL: mangaweb.1kxun.mobi/images/readpage_revision/like_1.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /images/readpage)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0] - 69 TCP 192.168.2.126:42566 <-> 35.156.44.13:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 4][cat: Web/5][3 pkts/1770 bytes <-> 1 pkts/222 bytes][Goodput ratio: 89/70][0.03 sec][Hostname/SNI: de01.rayjump.com][StatusCode: 200][Content-Type: text/plain][Server: nginx][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gec][PLAIN TEXT (GGET /impression)][Plen Bins: 25,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] + 69 TCP 192.168.2.126:42566 <-> 35.156.44.13:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 4][cat: Web/5][3 pkts/1770 bytes <-> 1 pkts/222 bytes][Goodput ratio: 89/70][0.03 sec][Hostname/SNI: de01.rayjump.com][StatusCode: 200][Content-Type: text/plain][Server: nginx][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.706 (Executable)][PLAIN TEXT (GGET /impression)][Plen Bins: 25,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] 70 TCP 192.168.5.16:53624 <-> 68.233.253.133:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][7 pkts/996 bytes <-> 5 pkts/986 bytes][Goodput ratio: 52/66][31.95 sec][Hostname/SNI: api.magicansoft.com][bytes ratio: 0.005 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/8 2391/3919 11352/11551 4481/5397][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 142/197 331/390 117/157][URL: api.magicansoft.com/comMagicanApi/composite/app.php/Global/Index/ip][StatusCode: 502][Content-Type: text/html][Server: MServer 1.2.2][User-Agent: Magican (unknown version) CFNetwork/720.5.7 Darwin/14.5.0 (x86_64)][Risk: ** Error Code **][Risk Score: 10][Risk Info: HTTP Error Code 502][PLAIN TEXT (GET /comMagicanApi/composite/ap)][Plen Bins: 0,0,0,0,0,0,0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 71 TCP 192.168.2.126:50140 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/1178 bytes <-> 1 pkts/748 bytes][Goodput ratio: 94/91][0.18 sec][Hostname/SNI: mangaweb.1kxun.mobi][URL: mangaweb.1kxun.mobi/images/readpage_revision/left.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /images/readpage)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0] 72 TCP 192.168.2.126:50166 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/1179 bytes <-> 1 pkts/746 bytes][Goodput ratio: 94/91][0.18 sec][Hostname/SNI: mangaweb.1kxun.mobi][URL: mangaweb.1kxun.mobi/images/readpage_revision/right.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /images/readpage)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -131,39 +131,39 @@ JA3 Host Stats: 74 TCP 192.168.2.126:51686 <-> 18.64.79.64:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1295 bytes <-> 1 pkts/500 bytes][Goodput ratio: 95/87][0.60 sec][Hostname/SNI: net.rayjump.com][URL: net.rayjump.com/openapi/ad/v3?app_id=32456&unit_id=8881&sign=3c28ded04e0f4090229968618244b583&req_type=3&ad_num=20&tnum=1&only_impression=1&ping_mode=1&ttc_ids=%5B%5D&display_cids=%5B19944365299%5D&exclude_ids=%5B19944365299%5D&ad_source_id=1&session_id=6][StatusCode: 200][Content-Type: application/json][Server: nginx][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (GET /openapi/ad/v)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] 75 TCP 192.168.2.126:50164 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/1184 bytes <-> 1 pkts/574 bytes][Goodput ratio: 94/88][0.18 sec][Hostname/SNI: mangaweb.1kxun.mobi][URL: mangaweb.1kxun.mobi/images/readpage_revision/more_white.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /images/readpage)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0] 76 UDP 192.168.101.33:55485 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][10 pkts/1750 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][49.87 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2969/0 5541/0 19870/0 5205/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 77 TCP 192.168.2.126:41940 <-> 18.64.79.50:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1315 bytes <-> 1 pkts/419 bytes][Goodput ratio: 95/84][0.04 sec][Hostname/SNI: tknet-cdn.rayjump.com][URL: tknet-cdn.rayjump.com/ad/log/play?k=629bea20a4e5410001f01c7x&mp=fURPDr5tiUStf7V2fajMiaveHUveDAJ96aiPfU5IiARTfnHIGal9i%2BMefbMefAEeGn3TfaiFfnRPGnEe6jxc6aRAGaxIi%2BMPfdMei%2BewDke6Go9bWUxIi099WUR%2Fi%2BegYFKgY75IhFx8%2BFJML7K%2FH5K9GaHIinhPfdleialM6azIHkPIG][StatusCode: 200][Content-Type: text/plain][Server: nginx][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /ad/log/play)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0] + 77 TCP 192.168.2.126:41940 <-> 18.64.79.50:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1315 bytes <-> 1 pkts/419 bytes][Goodput ratio: 95/84][0.04 sec][Hostname/SNI: tknet-cdn.rayjump.com][URL: tknet-cdn.rayjump.com/ad/log/play?k=629bea20a4e5410001f01c7x&mp=fURPDr5tiUStf7V2fajMiaveHUveDAJ96aiPfU5IiARTfnHIGal9i%2BMefbMefAEeGn3TfaiFfnRPGnEe6jxc6aRAGaxIi%2BMPfdMei%2BewDke6Go9bWUxIi099WUR%2Fi%2BegYFKgY75IhFx8%2BFJML7K%2FH5K9GaHIinhPfdleialM6azIHkPIG][StatusCode: 200][Content-Type: text/plain][Server: nginx][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.868 (Executable)][PLAIN TEXT (GET /ad/log/play)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0] 78 TCP 192.168.2.126:49242 <-> 172.104.119.80:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][2 pkts/1129 bytes <-> 2 pkts/582 bytes][Goodput ratio: 88/77][2.16 sec][Hostname/SNI: android.yingshi.tcclick.1kxun.com][URL: android.yingshi.tcclick.1kxun.com/api/upload.php][StatusCode: 500][Req Content-Type: application/octet-stream][Content-Type: text/html][Server: openresty/1.11.2.5][User-Agent: okhttp/3.10.0][Risk: ** Error Code **][Risk Score: 10][Risk Info: HTTP Error Code 500][PLAIN TEXT (aPOST /api/upload.php HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 79 TCP 192.168.2.126:56104 <-> 3.72.69.158:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/896 bytes <-> 1 pkts/721 bytes][Goodput ratio: 93/91][0.02 sec][Hostname/SNI: setting.rayjump.com][URL: setting.rayjump.com/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&unit_ids=%5B8881%5D&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&br][StatusCode: 200][Content-Type: text/plain][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (GET /rewardsetting)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 80 UDP 192.168.5.49:51704 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][9 pkts/1611 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][45.06 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2965/0 5631/0 15155/0 3855/0][Pkt Len c2s/s2c min/avg/max/stddev: 179/0 179/0 179/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 81 UDP 192.168.5.50:64674 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][9 pkts/1611 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][57.02 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2949/0 7126/0 24065/0 7503/0][Pkt Len c2s/s2c min/avg/max/stddev: 179/0 179/0 179/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 82 UDP 192.168.5.37:57325 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][9 pkts/1575 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][45.06 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2969/0 5632/0 18024/0 4843/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 83 TCP 192.168.2.126:59324 <-> 104.117.221.10:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/475 bytes <-> 1 pkts/1049 bytes][Goodput ratio: 86/94][0.04 sec][Hostname/SNI: m.vpon.com][URL: m.vpon.com/sdk/vpadn-sdk-core-v1.js][StatusCode: 200][Content-Type: application/x-javascript][Server: AkamaiNetStorage][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36(Mobile; vpadn-sdk-a-v4.6.4)][PLAIN TEXT (GET /sdk/vpadn)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 83 TCP 192.168.2.126:59324 <-> 104.117.221.10:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/475 bytes <-> 1 pkts/1049 bytes][Goodput ratio: 86/94][0.04 sec][Hostname/SNI: m.vpon.com][URL: m.vpon.com/sdk/vpadn-sdk-core-v1.js][StatusCode: 200][Content-Type: application/x-javascript][Server: AkamaiNetStorage][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36(Mobile; vpadn-sdk-a-v4.6.4)][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.517 (Executable)][PLAIN TEXT (GET /sdk/vpadn)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 84 TCP 192.168.2.126:35200 <-> 103.29.71.30:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/953 bytes <-> 1 pkts/563 bytes][Goodput ratio: 93/88][0.36 sec][Hostname/SNI: release.bigdata.1kxun.com][URL: release.bigdata.1kxun.com/c/35/13277?&_in_app=kankan&_udid=e6dbd30b-3b84-44b4-9751-631148a3ede9&_v=2.8.2.1&_package=com.sceneway.kankan&_model=sdk_gphone_x86&_ov=11&_brand=Google&_android_id=b9e28776354d259e&_gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&t=16][StatusCode: 302][Content-Type: text/html][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /c/35/13277)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 85 TCP 192.168.2.126:43272 <-> 18.64.79.58:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1006 bytes <-> 1 pkts/500 bytes][Goodput ratio: 93/87][0.11 sec][Hostname/SNI: net.rayjump.com][URL: net.rayjump.com/openapi/ads?app_id=32456&unit_id=52498&sign=3c28ded04e0f4090229968618244b583&is_vast=1&ad_num=1&http_req=1&client_ip=92.219.40.235&useragent=Dalvik%2F2.1.0+%28Linux%3B+U%3B+Android+11%3B+sdk_gphone_x86+Build%2FRSR1.201013.001%29&os_version][StatusCode: 200][Content-Type: application/json][Server: nginx][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][PLAIN TEXT (GET /openapi/ads)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 86 TCP 192.168.115.8:49607 <-> 218.244.135.170:9099 [proto: 7/HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 8][cat: Web/5][10 pkts/880 bytes <-> 3 pkts/572 bytes][Goodput ratio: 36/69][0.74 sec][Hostname/SNI: 218.244.135.170][bytes ratio: 0.212 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/119 54/119 318/119 106/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 88/191 212/446 62/181][URL: 218.244.135.170:9099/api/qqlive_ckey/get?vid=y0013xaeeyo&platform=10902][StatusCode: 200][User-Agent: Mozilla/5.0][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 218.244.135.170][PLAIN TEXT (GET /api/qq)][Plen Bins: 25,0,0,0,50,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 86 TCP 192.168.115.8:49607 <-> 218.244.135.170:9099 [proto: 7/HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 8][cat: Web/5][10 pkts/880 bytes <-> 3 pkts/572 bytes][Goodput ratio: 36/69][0.74 sec][Hostname/SNI: 218.244.135.170][bytes ratio: 0.212 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/119 54/119 318/119 106/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 88/191 212/446 62/181][URL: 218.244.135.170:9099/api/qqlive_ckey/get?vid=y0013xaeeyo&platform=10902][StatusCode: 200][User-Agent: Mozilla/5.0][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **][Risk Score: 110][Risk Info: Found host 218.244.135.170 / Entropy: 5.332 (Executable)][PLAIN TEXT (GET /api/qq)][Plen Bins: 25,0,0,0,50,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 87 UDP 192.168.5.47:60267 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][8 pkts/1432 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][38.10 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2968/0 5442/0 17101/0 4875/0][Pkt Len c2s/s2c min/avg/max/stddev: 179/0 179/0 179/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 88 UDP 192.168.5.41:55312 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][8 pkts/1400 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][57.22 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2949/0 8174/0 27242/0 8848/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 89 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][4 pkts/1368 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][46.39 sec][Hostname/SNI: shen][DHCP Fingerprint: 1,121,3,6,15,119,252][PLAIN TEXT (android)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 90 UDP 192.168.5.16:68 <-> 192.168.119.1:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/684 bytes <-> 2 pkts/684 bytes][Goodput ratio: 88/88][30.01 sec][Hostname/SNI: macbook-air][DHCP Fingerprint: 1,3,6,15,119,95,252,44,46][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 91 TCP 192.168.2.126:53416 <-> 172.217.16.142:80 [proto: 7.126/HTTP.Google][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/625 bytes <-> 1 pkts/734 bytes][Goodput ratio: 89/91][0.05 sec][Hostname/SNI: play.google.com][URL: play.google.com/store/apps/details?id=com.azarlive.android&referrer=adjust_external_click_id%3Dv.2_g.143845_a.f84f54bf-31cd-43ff-bd27-526ccc6457da_c.117_t.ua_u.e7df87247cbcea13%26utm_campaign%3DTest%2BCampaign%26utm_content%3DTest%2BSource%2BApp_123456789][StatusCode: 301][Content-Type: application/binary][Server: ESF][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /store/apps/details)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 92 TCP 192.168.2.126:58758 <-> 202.153.196.53:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1110 bytes <-> 1 pkts/236 bytes][Goodput ratio: 94/72][0.32 sec][Hostname/SNI: tw.api.vpon.com][URL: tw.api.vpon.com/api/webviewAdReq?s_w=411&s_h=731&u_w=411&u_h=683&u_sd=2.625&lang=en_US&ni=0&sdk=vpadn-sdk-a-v4.6.4&u_o=1&os_v=30&n_mnc=260&n_mcc=310&mnc=260&mcc=310&format=320x50_mb&msid=com.sceneway.kankan&app_name=30.android.com.sceneway.kankan&simulato][StatusCode: 200][Server: Apache-Coyote/1.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36(Mobile; vpadn-sdk-a-v4.6.4)][PLAIN TEXT (NGET /api/webviewAdReq)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 93 TCP 192.168.2.126:58760 <-> 202.153.196.53:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1110 bytes <-> 1 pkts/236 bytes][Goodput ratio: 94/72][1.09 sec][Hostname/SNI: tw.api.vpon.com][URL: tw.api.vpon.com/api/webviewAdReq?s_w=731&s_h=411&u_w=683&u_h=411&u_sd=2.625&lang=en_US&ni=0&sdk=vpadn-sdk-a-v4.6.4&u_o=2&os_v=30&n_mnc=260&n_mcc=310&mnc=260&mcc=310&format=320x50_mb&msid=com.sceneway.kankan&app_name=30.android.com.sceneway.kankan&simulato][StatusCode: 200][Server: Apache-Coyote/1.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36(Mobile; vpadn-sdk-a-v4.6.4)][PLAIN TEXT (GET /api/webviewAdReq)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 91 TCP 192.168.2.126:53416 <-> 172.217.16.142:80 [proto: 7.126/HTTP.Google][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/625 bytes <-> 1 pkts/734 bytes][Goodput ratio: 89/91][0.05 sec][Hostname/SNI: play.google.com][URL: play.google.com/store/apps/details?id=com.azarlive.android&referrer=adjust_external_click_id%3Dv.2_g.143845_a.f84f54bf-31cd-43ff-bd27-526ccc6457da_c.117_t.ua_u.e7df87247cbcea13%26utm_campaign%3DTest%2BCampaign%26utm_content%3DTest%2BSource%2BApp_123456789][StatusCode: 301][Content-Type: application/binary][Server: ESF][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.564 (Executable)][PLAIN TEXT (GET /store/apps/details)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 92 TCP 192.168.2.126:58758 <-> 202.153.196.53:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1110 bytes <-> 1 pkts/236 bytes][Goodput ratio: 94/72][0.32 sec][Hostname/SNI: tw.api.vpon.com][URL: tw.api.vpon.com/api/webviewAdReq?s_w=411&s_h=731&u_w=411&u_h=683&u_sd=2.625&lang=en_US&ni=0&sdk=vpadn-sdk-a-v4.6.4&u_o=1&os_v=30&n_mnc=260&n_mcc=310&mnc=260&mcc=310&format=320x50_mb&msid=com.sceneway.kankan&app_name=30.android.com.sceneway.kankan&simulato][StatusCode: 200][Server: Apache-Coyote/1.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36(Mobile; vpadn-sdk-a-v4.6.4)][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.864 (Executable)][PLAIN TEXT (NGET /api/webviewAdReq)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 93 TCP 192.168.2.126:58760 <-> 202.153.196.53:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1110 bytes <-> 1 pkts/236 bytes][Goodput ratio: 94/72][1.09 sec][Hostname/SNI: tw.api.vpon.com][URL: tw.api.vpon.com/api/webviewAdReq?s_w=731&s_h=411&u_w=683&u_h=411&u_sd=2.625&lang=en_US&ni=0&sdk=vpadn-sdk-a-v4.6.4&u_o=2&os_v=30&n_mnc=260&n_mcc=310&mnc=260&mcc=310&format=320x50_mb&msid=com.sceneway.kankan&app_name=30.android.com.sceneway.kankan&simulato][StatusCode: 200][Server: Apache-Coyote/1.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36(Mobile; vpadn-sdk-a-v4.6.4)][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.865 (Executable)][PLAIN TEXT (GET /api/webviewAdReq)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 94 TCP 192.168.2.126:56094 <-> 3.72.69.158:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/876 bytes <-> 1 pkts/460 bytes][Goodput ratio: 92/85][0.02 sec][Hostname/SNI: setting.rayjump.com][URL: setting.rayjump.com/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc][StatusCode: 200][Content-Type: text/plain][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (GET /rewardsetting)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 95 TCP 192.168.2.126:56098 <-> 3.72.69.158:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/863 bytes <-> 1 pkts/460 bytes][Goodput ratio: 92/85][0.02 sec][Hostname/SNI: setting.rayjump.com][URL: setting.rayjump.com/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc][StatusCode: 200][Content-Type: text/plain][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (GET /rewardsetting)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 96 TCP 192.168.2.126:47272 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/982 bytes <-> 1 pkts/331 bytes][Goodput ratio: 93/80][0.35 sec][Hostname/SNI: messages.1kxun.mobi][URL: messages.1kxun.mobi/api/messages/listForYingshi?client-uid=e6dbd30b-3b84-44b4-9751-631148a3ede9&min_id=0&access_token=&_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kx][StatusCode: 200][Content-Type: text/xml][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /api/messages/listForYingsh)][Plen Bins: 0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 97 TCP 192.168.2.126:56826 <-> 8.209.97.107:80 [proto: 7/HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 3][cat: Web/5][2 pkts/1156 bytes <-> 1 pkts/142 bytes][Goodput ratio: 91/62][0.02 sec][Hostname/SNI: analytics.rayjump.com][URL: analytics.rayjump.com/][StatusCode: 204][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (POST / HTTP/1.1)][Plen Bins: 0,0,33,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 97 TCP 192.168.2.126:56826 <-> 8.209.97.107:80 [proto: 7/HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 3][cat: Web/5][2 pkts/1156 bytes <-> 1 pkts/142 bytes][Goodput ratio: 91/62][0.02 sec][Hostname/SNI: analytics.rayjump.com][URL: analytics.rayjump.com/][StatusCode: 204][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.265 (Executable)][PLAIN TEXT (POST / HTTP/1.1)][Plen Bins: 0,0,33,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 98 UDP 192.168.5.48:49701 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][7 pkts/1253 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][16.80 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1227/0 2799/0 5942/0 1567/0][Pkt Len c2s/s2c min/avg/max/stddev: 179/0 179/0 179/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 99 TCP 192.168.2.126:43266 -> 18.64.79.58:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1198 bytes -> 0 pkts/0 bytes][Goodput ratio: 94/0][< 1 sec][Hostname/SNI: net.rayjump.com][URL: net.rayjump.com/openapi/ad/v3?app_id=32456&unit_id=8881&sign=3c28ded04e0f4090229968618244b583&req_type=2&ad_num=20&tnum=1&only_impression=1&ping_mode=1&ttc_ids=%5B%5D&ad_source_id=1&ad_type=94&offset=0&channel=&platform=1&os_version=11&package_name=com.sc][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (GET /openapi/ad/v)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0] + 99 TCP 192.168.2.126:43266 -> 18.64.79.58:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1198 bytes -> 0 pkts/0 bytes][Goodput ratio: 94/0][< 1 sec][Hostname/SNI: net.rayjump.com][URL: net.rayjump.com/openapi/ad/v3?app_id=32456&unit_id=8881&sign=3c28ded04e0f4090229968618244b583&req_type=2&ad_num=20&tnum=1&only_impression=1&ping_mode=1&ttc_ids=%5B%5D&ad_source_id=1&ad_type=94&offset=0&channel=&platform=1&os_version=11&package_name=com.sc][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy: 5.560 (Executable)][PLAIN TEXT (GET /openapi/ad/v)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0] 100 UDP 192.168.3.236:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][13 pkts/1196 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][30.61 sec][Hostname/SNI: isatap][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 715/0 2708/0 9111/0 2902/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/0 92/0 92/0 0/0][PLAIN TEXT (FDEBFEEBFACACACACACACACACACAAA)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 101 TCP 192.168.2.126:40204 <-> 18.235.204.9:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/760 bytes <-> 1 pkts/237 bytes][Goodput ratio: 91/72][0.11 sec][Hostname/SNI: adexp.liftoff.io][URL: adexp.liftoff.io/event/vast/start/57aa80COXjCBIkZjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhGICaqoiTMCB1KMi9DzCiEDobY29tLnNjZW5ld2F5Lmthbmthbi5tYXJrZXQzQhhoYXdrZXItcmVuZGVyaW5nLWNvbnRyb2xKCmQ4MTI5YmY1ZTRQAloDREVVYAJoBHIJdXMtZWFzdC0x4AEBgAF1kgECZW6YAQK][StatusCode: 200][Content-Type: image/png][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /event/vast/start/57aa80COX)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 101 TCP 192.168.2.126:40204 <-> 18.235.204.9:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/760 bytes <-> 1 pkts/237 bytes][Goodput ratio: 91/72][0.11 sec][Hostname/SNI: adexp.liftoff.io][URL: adexp.liftoff.io/event/vast/start/57aa80COXjCBIkZjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhGICaqoiTMCB1KMi9DzCiEDobY29tLnNjZW5ld2F5Lmthbmthbi5tYXJrZXQzQhhoYXdrZXItcmVuZGVyaW5nLWNvbnRyb2xKCmQ4MTI5YmY1ZTRQAloDREVVYAJoBHIJdXMtZWFzdC0x4AEBgAF1kgECZW6YAQK][StatusCode: 200][Content-Type: image/png][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.991 (Executable)][PLAIN TEXT (GET /event/vast/start/57aa80COX)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 102 TCP 192.168.2.126:60962 <-> 172.104.93.92:1234 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/255 bytes][Goodput ratio: 89/74][0.31 sec][Hostname/SNI: ws.1kxun.mobi][URL: ws.1kxun.mobi:1234/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c][StatusCode: 101][Server: swoole-websocket-server][User-Agent: okhttp/3.10.0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (Google)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 103 TCP 192.168.2.126:60972 <-> 172.104.93.92:1234 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/255 bytes][Goodput ratio: 89/74][0.24 sec][Hostname/SNI: ws.1kxun.mobi][URL: ws.1kxun.mobi:1234/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c][StatusCode: 101][Server: swoole-websocket-server][User-Agent: okhttp/3.10.0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (Google)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 104 TCP 192.168.2.126:60984 <-> 172.104.93.92:1234 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/255 bytes][Goodput ratio: 89/74][0.27 sec][Hostname/SNI: ws.1kxun.mobi][URL: ws.1kxun.mobi:1234/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c][StatusCode: 101][Server: swoole-websocket-server][User-Agent: okhttp/3.10.0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (Google)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 105 TCP 192.168.2.126:41134 <-> 129.226.107.77:80 [proto: 7.48/HTTP.QQ][IP: 285/Tencent][ClearText][Confidence: DPI][DPI packets: 2][cat: Chat/9][1 pkts/324 bytes <-> 1 pkts/518 bytes][Goodput ratio: 83/89][0.19 sec][Hostname/SNI: cgi.connect.qq.com][URL: cgi.connect.qq.com/qqconnectopen/openapi/policy_conf?status_os=11&status_version=30&status_machine=sdk_gphone_x86&sdkp=a&sdkv=3.1.0.lite&appid=100258135][StatusCode: 302][Content-Type: text/html][Server: stgw][User-Agent: AndroidSDK_30_generic_x86_arm_11][PLAIN TEXT (GET /qq)][Plen Bins: 0,0,0,0,0,0,0,0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 106 TCP 192.168.2.126:38834 <-> 119.45.78.184:80 [proto: 7.48/HTTP.QQ][IP: 285/Tencent][ClearText][Confidence: DPI][DPI packets: 3][cat: Chat/9][2 pkts/655 bytes <-> 1 pkts/170 bytes][Goodput ratio: 80/61][0.31 sec][Hostname/SNI: pingma.qq.com][URL: pingma.qq.com:80/mstat/report][StatusCode: 404][Risk: ** HTTP Susp User-Agent **** Error Code **][Risk Score: 110][Risk Info: Empty or missing User-Agent / HTTP Error Code 404][PLAIN TEXT (POST /mstat/report HTTP/1.1)][Plen Bins: 0,0,0,33,33,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 107 UDP 192.168.5.45:138 -> 192.168.255.255:138 [proto: 10.16/NetBIOS.SMBv1][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][3 pkts/648 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][0.00 sec][Hostname/SNI: macbookair-e1d0][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT ( ENEBEDECEPEPELEBEJ)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 108 TCP 192.168.2.126:54810 <-> 18.233.123.55:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/490 bytes <-> 1 pkts/141 bytes][Goodput ratio: 86/53][0.11 sec][Hostname/SNI: impression-east.liftoff.io][URL: impression-east.liftoff.io/mintegral/beacon?ad_group_id=143845&channel_id=117&creative_id=253640&auction_id=f84f54bf-31cd-43ff-bd27-526ccc6457da&origin=haggler-mintegral021][StatusCode: 200][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /mintegral/beacon)][Plen Bins: 0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 109 TCP 192.168.2.126:51888 -> 119.28.164.143:80 [proto: 7/HTTP][IP: 285/Tencent][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/571 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Hostname/SNI: qzonestyle.gtimg.cn][URL: qzonestyle.gtimg.cn/qzone/openapi/qc-1.0.1.js][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (GET /qzone/openapi/qc)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 108 TCP 192.168.2.126:54810 <-> 18.233.123.55:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/490 bytes <-> 1 pkts/141 bytes][Goodput ratio: 86/53][0.11 sec][Hostname/SNI: impression-east.liftoff.io][URL: impression-east.liftoff.io/mintegral/beacon?ad_group_id=143845&channel_id=117&creative_id=253640&auction_id=f84f54bf-31cd-43ff-bd27-526ccc6457da&origin=haggler-mintegral021][StatusCode: 200][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.499 (Executable)][PLAIN TEXT (GET /mintegral/beacon)][Plen Bins: 0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 109 TCP 192.168.2.126:51888 -> 119.28.164.143:80 [proto: 7/HTTP][IP: 285/Tencent][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/571 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Hostname/SNI: qzonestyle.gtimg.cn][URL: qzonestyle.gtimg.cn/qzone/openapi/qc-1.0.1.js][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy: 5.539 (Executable)][PLAIN TEXT (GET /qzone/openapi/qc)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 110 TCP 192.168.2.126:47230 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Download/7][1 pkts/223 bytes <-> 1 pkts/330 bytes][Goodput ratio: 70/80][0.18 sec][Hostname/SNI: kankan.1kxun.mobi][URL: kankan.1kxun.mobi/api.domain.conf][StatusCode: 200][Content-Type: application/octet-stream][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][Risk: ** Binary file/data transfer (attempt) **][Risk Score: 50][Risk Info: Found binary mime octet-stream][PLAIN TEXT (GET /api.domain.conf HTTP/1.1)][Plen Bins: 0,0,0,0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 111 UDP 192.168.115.8:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][6 pkts/552 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][1.50 sec][Hostname/SNI: wpad][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 300/0 749/0 367/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/0 92/0 92/0 0/0][PLAIN TEXT ( FHFAEBEECACACACACACACACACACACA)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 112 UDP 192.168.5.67:138 -> 192.168.255.255:138 [proto: 10.16/NetBIOS.SMBv1][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][2 pkts/549 bytes -> 0 pkts/0 bytes][Goodput ratio: 85/0][< 1 sec][Hostname/SNI: sanji-lifebook-][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT ( FDEBEOEKEJ)][Plen Bins: 0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -247,11 +247,11 @@ Undetected flows: 4 UDP 192.168.10.7:62976 -> 255.255.255.255:62976 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 2][2 pkts/718 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][30.11 sec][PLAIN TEXT (Switch)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 5 UDP 192.168.125.30:62976 -> 255.255.255.255:62976 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 2][2 pkts/718 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][30.10 sec][PLAIN TEXT (Switch)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 6 UDP 192.168.140.140:62976 -> 255.255.255.255:62976 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/359 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][< 1 sec][PLAIN TEXT (Switch)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 7 UDP [fe80::4e5e:cff:feea:365]:5678 -> [ff02::1]:5678 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/197 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][PLAIN TEXT (6.35.1 )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 8 UDP [fe80::4e5e:cff:fe9a:ec54]:5678 -> [ff02::1]:5678 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/185 bytes -> 0 pkts/0 bytes][Goodput ratio: 66/0][< 1 sec][PLAIN TEXT (6.35.1 )][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 9 UDP 192.168.119.1:56861 -> 255.255.255.255:5678 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/177 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][PLAIN TEXT (6.35.1 )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 7 UDP [fe80::4e5e:cff:feea:365]:5678 -> [ff02::1]:5678 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/197 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.188 (Executable)][PLAIN TEXT (6.35.1 )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 8 UDP [fe80::4e5e:cff:fe9a:ec54]:5678 -> [ff02::1]:5678 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/185 bytes -> 0 pkts/0 bytes][Goodput ratio: 66/0][< 1 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.214 (Executable)][PLAIN TEXT (6.35.1 )][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 9 UDP 192.168.119.1:56861 -> 255.255.255.255:5678 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/177 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.168 (Executable)][PLAIN TEXT (6.35.1 )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 10 UDP 59.120.208.218:50151 -> 255.255.255.255:1947 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 2][2 pkts/164 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][34.71 sec][PLAIN TEXT (AABHZW50cmljZV9)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 11 UDP 192.168.2.186:32768 -> 255.255.255.255:1947 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 2][2 pkts/164 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][34.72 sec][PLAIN TEXT (icRVSoU)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 12 UDP 192.168.119.2:43786 -> 255.255.255.255:5678 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/163 bytes -> 0 pkts/0 bytes][Goodput ratio: 74/0][< 1 sec][PLAIN TEXT (6.35.4 )][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 13 UDP 192.168.0.100:50925 -> 255.255.255.255:5678 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/142 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][PLAIN TEXT (6.35.1 )][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 12 UDP 192.168.119.2:43786 -> 255.255.255.255:5678 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/163 bytes -> 0 pkts/0 bytes][Goodput ratio: 74/0][< 1 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.052 (Executable)][PLAIN TEXT (6.35.4 )][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 13 UDP 192.168.0.100:50925 -> 255.255.255.255:5678 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/142 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.173 (Executable)][PLAIN TEXT (6.35.1 )][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 14 UDP 59.120.208.212:32768 -> 255.255.255.255:1947 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][PLAIN TEXT (dDYcTc4)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/443-chrome.pcap.out b/tests/cfgs/default/result/443-chrome.pcap.out index 6d0d56c4b30..6731d13c8ff 100644 --- a/tests/cfgs/default/result/443-chrome.pcap.out +++ b/tests/cfgs/default/result/443-chrome.pcap.out @@ -27,4 +27,4 @@ TLS 1 1506 1 Safe 1 1506 1 - 1 TCP 178.62.197.130:443 -> 192.168.1.13:53059 [proto: 91/TLS][IP: 26/ntop][Encrypted][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/1506 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No client to server traffic / Entropy 7.86][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0] + 1 TCP 178.62.197.130:443 -> 192.168.1.13:53059 [proto: 91/TLS][IP: 26/ntop][Encrypted][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/1506 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No client to server traffic / Entropy: 7.855 (Encrypted or Random)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0] diff --git a/tests/cfgs/default/result/KakaoTalk_chat.pcap.out b/tests/cfgs/default/result/KakaoTalk_chat.pcap.out index c112309d1bf..478d46c02f2 100644 --- a/tests/cfgs/default/result/KakaoTalk_chat.pcap.out +++ b/tests/cfgs/default/result/KakaoTalk_chat.pcap.out @@ -19,7 +19,7 @@ Automa domain: 45/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 18/0 (search/found) Automa common alpns: 0/0 (search/found) -Patricia risk mask: 62/0 (search/found) +Patricia risk mask: 60/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 0/0 (search/found) @@ -51,7 +51,7 @@ JA3 Host Stats: 6 TCP 10.24.82.188:35511 <-> 173.252.97.2:443 [proto: 91.119/TLS.Facebook][IP: 119/Facebook][Encrypted][Confidence: DPI][DPI packets: 9][cat: SocialNetwork/6][18 pkts/2390 bytes <-> 18 pkts/4762 bytes][Goodput ratio: 57/79][28.98 sec][bytes ratio: -0.332 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2050/118 26937/448 6904/127][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 133/265 578/1336 134/439][Risk: ** Obsolete TLS (v1.1 or older) **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: TLSv1 / dff8a0aa1c904aaea76c5bf624e88333][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA4: t10d350200_1f24bcc5f17d_33a13ba74d1c][ServerNames: *.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion][JA3S: 6c13ac74a6f75099ef2480748e5d94d2][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3][Subject: C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com][Certificate SHA-1: A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4][Validity: 2014-08-28 00:00:00 - 2015-10-28 12:00:00][Cipher: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA][Plen Bins: 31,12,6,6,6,6,0,0,6,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0] 7 TCP 10.24.82.188:37821 <-> 210.103.240.15:443 [proto: 91.193/TLS.KakaoTalk][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 13][cat: Chat/9][13 pkts/2036 bytes <-> 14 pkts/5090 bytes][Goodput ratio: 63/84][11.34 sec][bytes ratio: -0.429 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1114/74 10357/172 3082/62][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 157/364 429/1336 152/451][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 250][Risk Info: TLSv1 / dff8a0aa1c904aaea76c5bf624e88333 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA4: t10d350200_1f24bcc5f17d_33a13ba74d1c][ServerNames: *.kakao.com][JA3S: 4192c0a946c5bd9b544b4656d9f624a4 (WEAK)][Issuer: C=US, O=Thawte, Inc., CN=Thawte SSL CA][Subject: C=KR, ST=Gyeonggi-do, L=Seongnam-si, O=Kakao Corp., CN=*.kakao.com][Certificate SHA-1: 0D:14:6D:8D:5E:EB:F5:F5:42:87:CD:AB:AE:A1:DC:AA:5A:76:6F:E4][Validity: 2014-04-18 00:00:00 - 2016-04-17 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,16,0,0,0,8,8,0,0,0,16,25,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0] 8 TCP 10.24.82.188:51021 <-> 103.246.57.251:8080 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 21][cat: Web/5][17 pkts/2231 bytes <-> 9 pkts/1695 bytes][Goodput ratio: 48/63][46.77 sec][bytes ratio: 0.137 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 50/36 2833/4340 12590/13131 4126/4407][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 131/188 657/274 136/75][Risk: ** Fully encrypted flow **][Risk Score: 50][Plen Bins: 13,13,27,0,27,6,6,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 9 TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][DPI packets: 18][cat: Web/5][9 pkts/1737 bytes <-> 9 pkts/672 bytes][Goodput ratio: 71/25][24.52 sec][bytes ratio: 0.442 (Upload)][IAT c2s/s2c min/avg/max/stddev: 40/104 3456/3426 12765/12806 4427/4480][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 193/75 303/98 123/21][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy 7.21][Plen Bins: 0,44,0,0,0,0,0,55,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 9 TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][DPI packets: 18][cat: Web/5][9 pkts/1737 bytes <-> 9 pkts/672 bytes][Goodput ratio: 71/25][24.52 sec][bytes ratio: 0.442 (Upload)][IAT c2s/s2c min/avg/max/stddev: 40/104 3456/3426 12765/12806 4427/4480][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 193/75 303/98 123/21][Plen Bins: 0,44,0,0,0,0,0,55,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 10 TCP 10.24.82.188:58964 <-> 54.255.253.199:5223 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][3 pkts/290 bytes <-> 3 pkts/1600 bytes][Goodput ratio: 27/87][0.31 sec][bytes ratio: -0.693 (Download)][IAT c2s/s2c min/avg/max/stddev: 15/5 107/56 199/108 92/52][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 97/533 146/1456 35/652][Risk: ** Known Proto on Non Std Port **** Obsolete TLS (v1.1 or older) **][Risk Score: 150][Risk Info: TLSv1][TLSv1][JA3C: d9ce50c62ab1fd5932da3c6b6d406c65][JA4: t10d150000_e2ff6cb279ee_e3b0c44298fc][Plen Bins: 0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0] 11 TCP 10.24.82.188:37557 <-> 31.13.68.84:80 [proto: 7.119/HTTP.Facebook][IP: 119/Facebook][ClearText][Confidence: DPI][DPI packets: 7][cat: SocialNetwork/6][5 pkts/487 bytes <-> 6 pkts/627 bytes][Goodput ratio: 38/45][21.97 sec][Hostname/SNI: www.facebook.com][bytes ratio: -0.126 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 40/40 115/102 264/210 106/77][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 97/104 243/339 73/105][URL: www.facebook.com/mobile/status.php][StatusCode: 204][User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI/V6.4.3.0.KXDMICB)][PLAIN TEXT (GET /mobile/status.php HTTP/1.1)][Plen Bins: 0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 12 TCP 10.24.82.188:37553 <-> 31.13.68.84:80 [proto: 7.119/HTTP.Facebook][IP: 119/Facebook][ClearText][Confidence: DPI][DPI packets: 7][cat: SocialNetwork/6][5 pkts/487 bytes <-> 5 pkts/571 bytes][Goodput ratio: 38/49][21.81 sec][Hostname/SNI: www.facebook.com][bytes ratio: -0.079 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 43/38 5452/101 21457/215 9241/81][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 97/114 243/339 73/112][URL: www.facebook.com/mobile/status.php][StatusCode: 204][User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI/V6.4.3.0.KXDMICB)][PLAIN TEXT (GET /mobile/status.php HTTP/1.1)][Plen Bins: 0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/KakaoTalk_talk.pcap.out b/tests/cfgs/default/result/KakaoTalk_talk.pcap.out index 164a256c6ca..f5778f3fe22 100644 --- a/tests/cfgs/default/result/KakaoTalk_talk.pcap.out +++ b/tests/cfgs/default/result/KakaoTalk_talk.pcap.out @@ -54,7 +54,7 @@ JA3 Host Stats: 7 UDP 10.24.82.188:11321 <-> 1.201.1.174:23045 [proto: 194/KakaoTalk_Voice][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][11 pkts/1542 bytes <-> 11 pkts/1542 bytes][Goodput ratio: 69/69][43.84 sec][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1105/1052 4266/3766 4903/4991 1245/1144][Pkt Len c2s/s2c min/avg/max/stddev: 122/122 140/140 142/142 6/6][Plen Bins: 0,0,9,90,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 8 TCP 10.24.82.188:48489 <-> 203.205.147.215:80 [proto: 131.48/HTTP_Proxy.QQ][IP: 285/Tencent][ClearText][Confidence: DPI][DPI packets: 15][cat: Chat/9][8 pkts/1117 bytes <-> 7 pkts/610 bytes][Goodput ratio: 54/34][3.79 sec][Hostname/SNI: hkminorshort.weixin.qq.com][bytes ratio: 0.294 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/51 406/439 2019/1166 732/515][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 140/87 665/262 199/71][URL: http://hkminorshort.weixin.qq.com/cgi-bin/micromsg-bin/rtkvreport][Req Content-Type: application/octet-stream][User-Agent: MicroMessenger Client][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 8080,3128][PLAIN TEXT (POST http)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 9 TCP 10.24.82.188:51021 <-> 103.246.57.251:8080 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 11][cat: Web/5][6 pkts/543 bytes <-> 5 pkts/945 bytes][Goodput ratio: 25/64][24.77 sec][bytes ratio: -0.270 (Download)][IAT c2s/s2c min/avg/max/stddev: 77/47 4920/8061 17431/17434 6679/7163][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 90/189 130/504 24/164][Plen Bins: 16,51,0,16,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 10 TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][DPI packets: 5][cat: Web/5][3 pkts/1044 bytes <-> 2 pkts/154 bytes][Goodput ratio: 84/27][51.90 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy 7.49][Plen Bins: 0,33,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 10 TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][DPI packets: 5][cat: Web/5][3 pkts/1044 bytes <-> 2 pkts/154 bytes][Goodput ratio: 84/27][51.90 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 7.514 (Encrypted or Random)][Plen Bins: 0,33,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 11 TCP 10.24.82.188:58916 <-> 54.255.185.236:5222 [proto: 265/AmazonAWS][IP: 265/AmazonAWS][Encrypted][Confidence: Match by IP][DPI packets: 4][cat: Cloud/13][2 pkts/225 bytes <-> 2 pkts/171 bytes][Goodput ratio: 39/20][0.46 sec][PLAIN TEXT (xiaomi.com)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 12 TCP 10.24.82.188:53974 -> 203.205.151.233:8080 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 5][cat: Web/5][5 pkts/350 bytes -> 0 pkts/0 bytes][Goodput ratio: 3/0][11.12 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 13 TCP 120.28.26.242:80 <-> 10.24.82.188:34533 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 5][cat: Web/5][3 pkts/168 bytes <-> 2 pkts/112 bytes][Goodput ratio: 0/0][0.48 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/WebattackRCE.pcap.out b/tests/cfgs/default/result/WebattackRCE.pcap.out index 2a9b29a69ee..6e53dd317a8 100644 --- a/tests/cfgs/default/result/WebattackRCE.pcap.out +++ b/tests/cfgs/default/result/WebattackRCE.pcap.out @@ -25,800 +25,800 @@ HTTP 797 191003 797 Acceptable 797 191003 797 - 1 TCP 127.0.0.1:51184 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/651 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/vbulletin/ajax/api/hook/decodeArguments?arguments=O%3A12%3A%22vB_dB_Result%22%3A2%3A%7Bs%3A5%3A%22%00%2A%00db%22%3BO%3A17%3A%22vB_Database_MySQL%22%3A1%3A%7Bs%3A9%3A%22functions%22%3Ba%3A1%3A%7Bs%3A11%3A%22free_result%22%3Bs%3A6%3A%22assert%22%3][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007058)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /vbulletin/ajax/api/hook/de)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 2 TCP 127.0.0.1:51182 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/644 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/vb/ajax/api/hook/decodeArguments?arguments=O%3A12%3A%22vB_dB_Result%22%3A2%3A%7Bs%3A5%3A%22%00%2A%00db%22%3BO%3A17%3A%22vB_Database_MySQL%22%3A1%3A%7Bs%3A9%3A%22functions%22%3Ba%3A1%3A%7Bs%3A11%3A%22free_result%22%3Bs%3A6%3A%22assert%22%3B%7D%7D][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007058)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /vb/ajax/api/hook/decodeArg)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 3 TCP 127.0.0.1:50946 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/387 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/html/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001397)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /postnuke/html/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 4 TCP 127.0.0.1:50970 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/387 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/html/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001398)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /postnuke/html/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 5 TCP 127.0.0.1:50934 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/386 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/html/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001397)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /postnuke/html/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 6 TCP 127.0.0.1:50958 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/386 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/html/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001398)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (bGET /postnuke/html/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 7 TCP 127.0.0.1:50944 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/382 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001397)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (YGET /postnuke/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 8 TCP 127.0.0.1:50968 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/382 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001398)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (lGET /postnuke/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 9 TCP 127.0.0.1:50932 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/381 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001397)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (PGET /postnuke/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 10 TCP 127.0.0.1:50948 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/381 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/modules/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001397)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /modules/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 11 TCP 127.0.0.1:50956 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/381 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001398)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (aGET /postnuke/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 12 TCP 127.0.0.1:50972 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/381 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/modules/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001398)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (oGET /modules/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 13 TCP 127.0.0.1:50936 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/380 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/modules/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001397)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (SGET /modules/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 14 TCP 127.0.0.1:50960 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/380 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/modules/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001398)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (eGET /modules/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 15 TCP 127.0.0.1:50950 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/379 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/phpBB/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001397)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /phpBB/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 16 TCP 127.0.0.1:50952 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/379 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/forum/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001397)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /forum/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 17 TCP 127.0.0.1:50974 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/379 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/phpBB/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001398)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (pGET /phpBB/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 18 TCP 127.0.0.1:50976 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/379 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/forum/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001398)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (rGET /forum/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 19 TCP 127.0.0.1:50878 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/378 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/html/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001390)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /postnuke/html/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 20 TCP 127.0.0.1:50902 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/378 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/html/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001391)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /postnuke/html/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 21 TCP 127.0.0.1:50938 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/378 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/phpBB/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001397)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (TGET /phpBB/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 22 TCP 127.0.0.1:50940 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/378 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/forum/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001397)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (WGET /forum/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 23 TCP 127.0.0.1:50962 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/378 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/phpBB/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001398)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (fGET /phpBB/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 24 TCP 127.0.0.1:50964 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/378 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/forum/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001398)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (hGET /forum/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 25 TCP 127.0.0.1:50866 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/377 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/html/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001390)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /postnuke/html/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 26 TCP 127.0.0.1:50890 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/377 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/html/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001391)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (/GET /postnuke/html/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 27 TCP 127.0.0.1:51158 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/376 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/phpmoadmin/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007011)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /phpmoadmin/wu)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 28 TCP 127.0.0.1:51160 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/376 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/wu-moadmin/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007011)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /wu)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 29 TCP 127.0.0.1:51170 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/376 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/phpmoadmin/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007011)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /phpmoadmin/wu)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 30 TCP 127.0.0.1:51174 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/376 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/wu-moadmin/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007011)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /wu)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 31 TCP 127.0.0.1:50990 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/374 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.php?name=PNphpBB2&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001400)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 32 TCP 127.0.0.1:50876 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/373 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001390)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /postnuke/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 33 TCP 127.0.0.1:50900 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/373 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001391)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /postnuke/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 34 TCP 127.0.0.1:50942 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/373 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001397)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 35 TCP 127.0.0.1:50966 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/373 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001398)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 36 TCP 127.0.0.1:51150 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/373 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/phpmoadmin/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007011)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /phpmoadmin/moadmin.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 37 TCP 127.0.0.1:51152 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/373 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/wu-moadmin/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007011)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /wu)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 38 TCP 127.0.0.1:51162 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/373 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/moadmin/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007011)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /moadmin/wu)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 39 TCP 127.0.0.1:51168 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/373 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/phpmoadmin/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007011)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /phpmoadmin/moadmin.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 40 TCP 127.0.0.1:51172 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/373 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/wu-moadmin/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007011)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /wu)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 41 TCP 127.0.0.1:51178 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/373 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/moadmin/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007011)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /moadmin/wu)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 42 TCP 127.0.0.1:50864 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/372 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001390)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /postnuke/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 43 TCP 127.0.0.1:50880 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/372 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/modules/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001390)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /modules/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 44 TCP 127.0.0.1:50888 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/372 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001391)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /postnuke/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 45 TCP 127.0.0.1:50904 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/372 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/modules/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001391)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /modules/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 46 TCP 127.0.0.1:50924 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/372 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001394)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 47 TCP 127.0.0.1:50926 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/372 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001395)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (KGET /index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 48 TCP 127.0.0.1:50930 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/372 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001397)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (OGET /index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 49 TCP 127.0.0.1:50954 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/372 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001398)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 50 TCP 127.0.0.1:50868 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/371 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/modules/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001390)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /modules/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 51 TCP 127.0.0.1:50892 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/371 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/modules/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001391)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /modules/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 52 TCP 127.0.0.1:50882 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/370 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/phpBB/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001390)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /phpBB/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 53 TCP 127.0.0.1:50884 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/370 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/forum/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001390)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /forum/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 54 TCP 127.0.0.1:50906 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/370 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/phpBB/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001391)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /phpBB/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 55 TCP 127.0.0.1:50908 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/370 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/forum/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001391)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /forum/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 56 TCP 127.0.0.1:51154 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/370 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/moadmin/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007011)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /moadmin/moadmin.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 57 TCP 127.0.0.1:51176 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/370 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/moadmin/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007011)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /moadmin/moadmin.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 58 TCP 127.0.0.1:50870 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/369 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/phpBB/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001390)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /phpBB/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 59 TCP 127.0.0.1:50872 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/369 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/forum/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001390)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT ( GET /forum/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 60 TCP 127.0.0.1:50894 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/369 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/phpBB/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001391)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /phpBB/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 61 TCP 127.0.0.1:50896 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/369 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/forum/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001391)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /forum/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 62 TCP 127.0.0.1:50922 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/365 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.php?name=PNphpBB2&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001393)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GGET /index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 63 TCP 127.0.0.1:51156 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/365 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007011)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /wu)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 64 TCP 127.0.0.1:51166 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/365 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007011)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /wu)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 65 TCP 127.0.0.1:50874 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/364 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001390)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 66 TCP 127.0.0.1:50898 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/364 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001391)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 67 TCP 127.0.0.1:50858 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/363 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001388)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 68 TCP 127.0.0.1:50862 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/363 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001390)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 69 TCP 127.0.0.1:50886 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/363 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001391)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 70 TCP 127.0.0.1:50982 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/363 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/html/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001399)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (wGET /postnuke/html/viewtopic.p)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 71 TCP 127.0.0.1:51148 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/362 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007011)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /moadmin.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 72 TCP 127.0.0.1:51164 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/362 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007011)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /moadmin.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 73 TCP 127.0.0.1:50566 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/359 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.action][Req Content-Type: %{#context['com.opensymphony.xwork2.dispatcher.HttpServletRespo][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:strutshock)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /index.action HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 74 TCP 127.0.0.1:50568 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/359 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/login.action][Req Content-Type: %{#context['com.opensymphony.xwork2.dispatcher.HttpServletRespo][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:strutshock)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /login.action HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 75 TCP 127.0.0.1:50980 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/358 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001399)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /postnuke/viewtopic.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 76 TCP 127.0.0.1:50984 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/357 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/modules/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001399)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (yGET /modules/viewtopic.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 77 TCP 127.0.0.1:50986 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/355 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/phpBB/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001399)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /phpBB/viewtopic.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 78 TCP 127.0.0.1:50988 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/355 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/forum/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001399)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /forum/viewtopic.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 79 TCP 127.0.0.1:50914 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/354 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/html/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001392)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (AGET /postnuke/html/viewtopic.p)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 80 TCP 127.0.0.1:50912 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/349 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001392)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /postnuke/viewtopic.php)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 81 TCP 127.0.0.1:50928 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/349 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001396)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /viewtopic.php)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 82 TCP 127.0.0.1:50978 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/349 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001399)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (sGET /viewtopic.php)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 83 TCP 127.0.0.1:50916 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/348 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/modules/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001392)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (BGET /modules/viewtopic.php)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 84 TCP 127.0.0.1:50564 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/347 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/][Req Content-Type: %{#context['com.opensymphony.xwork2.dispatcher.HttpServletRespo][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:strutshock)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 85 TCP 127.0.0.1:50918 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/346 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/phpBB/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001392)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /phpBB/viewtopic.php)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 86 TCP 127.0.0.1:50920 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/346 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/forum/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001392)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (FGET /forum/viewtopic.php)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 87 TCP 127.0.0.1:51202 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/343 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/login.cgi?cli=aa%20aa%27cat%20/etc/hosts][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007234)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /login.cgi)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 88 TCP 127.0.0.1:51194 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/341 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/wls-wsat/RegistrationRequesterPortType][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007185)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /wls)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 89 TCP 127.0.0.1:50860 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/340 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001389)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /viewtopic.php)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 90 TCP 127.0.0.1:50910 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/340 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001392)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /viewtopic.php)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 91 TCP 127.0.0.1:51198 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/337 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/wls-wsat/RegistrationPortTypeRPC11][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007187)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /wls)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 92 TCP 127.0.0.1:51190 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/335 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/wls-wsat/RegistrationPortTypeRPC][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007183)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /wls)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 93 TCP 127.0.0.1:51196 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/333 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/wls-wsat/CoordinatorPortType11][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007186)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /wls)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 94 TCP 127.0.0.1:51200 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/333 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/wls-wsat/ParticipantPortType11][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007188)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /wls)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 95 TCP 127.0.0.1:51188 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/331 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/wls-wsat/CoordinatorPortType][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007182)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /wls)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 96 TCP 127.0.0.1:51192 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/331 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/wls-wsat/ParticipantPortType][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007184)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /wls)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 97 TCP 127.0.0.1:51186 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/326 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/shell?cat%20/etc/passwd][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007084)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Possible WebShell detected / Expected on port 80][PLAIN TEXT (GET /shell)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 98 TCP 127.0.0.1:51204 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/323 bytes -> 0 pkts/0 bytes][Goodput ratio: 79/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/shell?cat+/etc/hosts][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007235)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Possible WebShell detected / Expected on port 80][PLAIN TEXT (GET /shell)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 99 TCP 127.0.0.1:51008 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/316 bytes -> 0 pkts/0 bytes][Goodput ratio: 79/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/community/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003039)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /community/calendar.php)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 100 TCP 127.0.0.1:51012 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/316 bytes -> 0 pkts/0 bytes][Goodput ratio: 79/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/vbulletin/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003040)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /vbulletin/calendar.php)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 101 TCP 127.0.0.1:51004 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/314 bytes -> 0 pkts/0 bytes][Goodput ratio: 79/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/htforum/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003039)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /htforum/calendar.php)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 102 TCP 127.0.0.1:51000 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/313 bytes -> 0 pkts/0 bytes][Goodput ratio: 79/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/forums/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003039)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /forums/calendar.php)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 103 TCP 127.0.0.1:51002 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/313 bytes -> 0 pkts/0 bytes][Goodput ratio: 79/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/forumz/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003039)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /forumz/calendar.php)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 104 TCP 127.0.0.1:50998 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/312 bytes -> 0 pkts/0 bytes][Goodput ratio: 79/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/forum/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003039)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /forum/calendar.php)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 105 TCP 127.0.0.1:51006 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/312 bytes -> 0 pkts/0 bytes][Goodput ratio: 79/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/board/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003039)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /board/calendar.php)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 106 TCP 127.0.0.1:51010 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/309 bytes -> 0 pkts/0 bytes][Goodput ratio: 78/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/vb/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003040)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /vb/calendar.php)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 107 TCP 127.0.0.1:50996 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/306 bytes -> 0 pkts/0 bytes][Goodput ratio: 78/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003039)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /calendar.php)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 108 TCP 127.0.0.1:49774 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/304 bytes -> 0 pkts/0 bytes][Goodput ratio: 78/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/typo3/dev/translations.php?ONLY=%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/HASH(0x5559e84fbc40)%00][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:Directory traversal check)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /typo)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 109 TCP 127.0.0.1:49778 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/299 bytes -> 0 pkts/0 bytes][Goodput ratio: 78/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/typo3/dev/translations.php?ONLY=%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/windows/win.ini%00][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:Directory traversal check)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /typo)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 110 TCP 127.0.0.1:49776 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/297 bytes -> 0 pkts/0 bytes][Goodput ratio: 78/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/typo3/dev/translations.php?ONLY=%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/winnt/win.ini%00][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:Directory traversal check)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /typo)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 111 TCP 127.0.0.1:49780 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/294 bytes -> 0 pkts/0 bytes][Goodput ratio: 77/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/typo3/dev/translations.php?ONLY=%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd%00][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:Directory traversal check)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /typo)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 112 TCP 127.0.0.1:49772 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/293 bytes -> 0 pkts/0 bytes][Goodput ratio: 77/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/typo3/dev/translations.php?ONLY=%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/hosts%00][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:Directory traversal check)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /typo)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 113 TCP 127.0.0.1:49770 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/292 bytes -> 0 pkts/0 bytes][Goodput ratio: 77/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/typo3/dev/translations.php?ONLY=%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/boot.ini%00][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:Directory traversal check)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /typo)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 114 TCP 127.0.0.1:50464 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/289 bytes -> 0 pkts/0 bytes][Goodput ratio: 77/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/defaultwebpage.cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /defaultwebpage.c)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 115 TCP 127.0.0.1:50478 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/289 bytes -> 0 pkts/0 bytes][Goodput ratio: 77/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/FormMail-clone.cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /FormMail)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 116 TCP 127.0.0.1:50518 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/289 bytes -> 0 pkts/0 bytes][Goodput ratio: 77/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/restore_config.cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /restore)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 117 TCP 127.0.0.1:50444 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/288 bytes -> 0 pkts/0 bytes][Goodput ratio: 77/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/administrator.cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /administrator.cgi HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 118 TCP 127.0.0.1:50468 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/288 bytes -> 0 pkts/0 bytes][Goodput ratio: 77/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/entropysearch.cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /entropysearch.cgi HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 119 TCP 127.0.0.1:50472 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/286 bytes -> 0 pkts/0 bytes][Goodput ratio: 77/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/environment.cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /environment.cgi HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 120 TCP 127.0.0.1:50446 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/284 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/authLogin.cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /authLogin.cgi HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 121 TCP 127.0.0.1:50480 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/284 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/guestbook.cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /guestbook.cgi HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 122 TCP 127.0.0.1:50550 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/284 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/tmUnblock.cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /tmUnblock.cgi HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 123 TCP 127.0.0.1:50466 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/283 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/download.cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /download.c)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 124 TCP 127.0.0.1:50474 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/283 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/ezmlm-browse][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /ezmlm)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 125 TCP 127.0.0.1:50476 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/283 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/formmail.cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /formmail.c)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 126 TCP 127.0.0.1:50482 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/283 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/helpdesk.cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /helpdesk.c)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 127 TCP 127.0.0.1:50494 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/283 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/loadpage.cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /loadpage.c)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 128 TCP 127.0.0.1:50538 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/283 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/test_cgi.php][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /test)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 129 TCP 127.0.0.1:50540 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/283 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/test.cgi.php][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /test.c)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 130 TCP 127.0.0.1:50454 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/282 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cgiinfo.cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /cgiinfo.cgi HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 131 TCP 127.0.0.1:50458 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/282 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cgi_wrapper][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /cgi)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 132 TCP 127.0.0.1:50460 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/282 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/contact.cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /contact.cgi HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 133 TCP 127.0.0.1:50502 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/282 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/pathtest.pl][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /pathtest.pl HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 134 TCP 127.0.0.1:50542 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/282 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/test_cgi.pl][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /test)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 135 TCP 127.0.0.1:50544 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/282 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/test-cgi.pl][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /test)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 136 TCP 127.0.0.1:50554 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/282 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/viewcvs.cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /viewcvs.cgi HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 137 TCP 127.0.0.1:50448 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/281 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/bb-hist.sh][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /bb)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 138 TCP 127.0.0.1:50450 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/281 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/banner.cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /banner.c)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 139 TCP 127.0.0.1:50456 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/281 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cgitest.py][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /cgitest.py HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 140 TCP 127.0.0.1:50524 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/281 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/search.cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /search.c)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 141 TCP 127.0.0.1:50526 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/281 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/server.php][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /server.php HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 142 TCP 127.0.0.1:50530 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/281 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/sysinfo.pl][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /sysinfo.pl HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 143 TCP 127.0.0.1:50442 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/280 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/admin.cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /admin.cgi HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 144 TCP 127.0.0.1:50462 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/280 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/count.cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /count.cgi HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 145 TCP 127.0.0.1:50484 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/280 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /index.cgi HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 146 TCP 127.0.0.1:50486 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/280 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.php][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /index.php HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 147 TCP 127.0.0.1:50496 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/280 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/login.cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /login.cgi HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 148 TCP 127.0.0.1:50498 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/280 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/login.php][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /login.php HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 149 TCP 127.0.0.1:50552 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/280 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/uname.cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /uname.cgi HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 150 TCP 127.0.0.1:50558 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/280 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/whois.cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /whois.cgi HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 151 TCP 127.0.0.1:50452 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/279 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/book.cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /book.c)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 152 TCP 127.0.0.1:50488 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/279 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.pl][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /index.pl HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 153 TCP 127.0.0.1:50490 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/279 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/info.cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /info.c)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 154 TCP 127.0.0.1:50500 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/279 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/login.pl][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /login.pl HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 155 TCP 127.0.0.1:50514 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/279 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/php.fcgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /php.fc)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 156 TCP 127.0.0.1:50516 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/279 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/printenv][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /printenv HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 157 TCP 127.0.0.1:50534 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/279 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/test-cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /test)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 158 TCP 127.0.0.1:50536 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/279 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/test.cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /test.c)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 159 TCP 127.0.0.1:50470 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/278 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/env.cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /env.cgi HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 160 TCP 127.0.0.1:50492 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/278 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/info.sh][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /info.sh HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 161 TCP 127.0.0.1:50510 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/278 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/php-cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /php)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 162 TCP 127.0.0.1:50512 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/278 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/php.cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /php.cgi HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 163 TCP 127.0.0.1:50520 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/278 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/ruby.rb][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /ruby.rb HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 164 TCP 127.0.0.1:50546 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/278 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/test.py][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /test.py HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 165 TCP 127.0.0.1:50548 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/278 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/test.sh][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /test.sh HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 166 TCP 127.0.0.1:50556 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/278 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/welcome][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /welcome HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 167 TCP 127.0.0.1:51070 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/278 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/reports/rwservlet?server=repserv+report=/tmp/hacker.rdf+destype=cache+desformat=PDF][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003437)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /reports/rwservlet)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 168 TCP 127.0.0.1:50522 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/277 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/search][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /search HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 169 TCP 127.0.0.1:50528 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/277 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/status][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /status HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 170 TCP 127.0.0.1:50506 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/275 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/php4][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /php4 HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 171 TCP 127.0.0.1:50508 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/275 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/php5][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /php5 HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 172 TCP 127.0.0.1:50532 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/275 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/test][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /test HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 173 TCP 127.0.0.1:51064 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/275 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/_vti_bin/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003302)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp URL **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (bin/..)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 174 TCP 127.0.0.1:50504 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/274 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/php][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET /php HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 175 TCP 127.0.0.1:50662 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/272 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/phpnuke/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001164)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /phpnuke/modules.php)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 176 TCP 127.0.0.1:50438 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/271 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 177 TCP 127.0.0.1:50440 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/271 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 178 TCP 127.0.0.1:50560 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/271 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 179 TCP 127.0.0.1:50660 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/270 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/phpnuke/html/.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001163)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /phpnuke/html/.php)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 180 TCP 127.0.0.1:50656 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/269 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/nuke/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001161)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /nuke/modules.php)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 181 TCP 127.0.0.1:50620 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/266 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/msadc/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir+c:%5c][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000494)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp URL **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /msadc/..)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 182 TCP 127.0.0.1:50622 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/266 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/msadc/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir+c:%5c][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000495)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp URL **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /msadc/..)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 183 TCP 127.0.0.1:51036 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/266 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/_vti_bin/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003199)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp URL **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (bin/..)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 184 TCP 127.0.0.1:51094 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/265 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/awcuser/cgi-bin/vcs?xsl=/vcs/vcs_home.xsl%26cat%20%22/etc/passwd%22%26][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:006994)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /awcuser/cgi)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 185 TCP 127.0.0.1:50654 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/264 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001160)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (YGET /modules.php)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 186 TCP 127.0.0.1:50688 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/261 bytes -> 0 pkts/0 bytes][Goodput ratio: 74/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/16/level/16/exec//show/running-config/interface/FastEthernet][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001262)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (rGET /level/16/level/16/exec//s)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 187 TCP 127.0.0.1:51054 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 74/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/msadc/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003297)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp URL **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /msadc/..)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 188 TCP 127.0.0.1:50594 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/257 bytes -> 0 pkts/0 bytes][Goodput ratio: 74/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/forumdisplay.php?GLOBALS\[\]=1&f=2&comma=\".system\('id'\)\.\"][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000070)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /forumdisplay.php)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 189 TCP 127.0.0.1:51026 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/255 bytes -> 0 pkts/0 bytes][Goodput ratio: 74/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/pbserver/..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003194)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp URL **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /pbserver/..)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 190 TCP 127.0.0.1:51020 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/254 bytes -> 0 pkts/0 bytes][Goodput ratio: 74/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cgi-bin/..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003191)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp URL **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /cgi)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 191 TCP 127.0.0.1:51056 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/254 bytes -> 0 pkts/0 bytes][Goodput ratio: 74/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/pbserver/..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003298)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp URL **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /pbserver/..)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 192 TCP 127.0.0.1:51050 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/253 bytes -> 0 pkts/0 bytes][Goodput ratio: 74/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cgi-bin/..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003295)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp URL **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /cgi)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 193 TCP 127.0.0.1:51024 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/252 bytes -> 0 pkts/0 bytes][Goodput ratio: 74/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/msadc/..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003193)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp URL **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /msadc/..)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 194 TCP 127.0.0.1:50632 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/250 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cgi-bin/handler/netsonar;cat /etc/passwd|?data=Download][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001070)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (HGET /c)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 195 TCP 127.0.0.1:51028 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/250 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/rpc/..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003195)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp URL **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /rpc/..)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 196 TCP 127.0.0.1:51034 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/248 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir+c:\"][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003198)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp URL **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /scripts/..)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 197 TCP 127.0.0.1:51052 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/248 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/iisadmpwd/..%255c..%255cwinnt/system32/cmd.exe?/c+dir][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003296)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp URL **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /iisadmpwd/..)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 198 TCP 127.0.0.1:51060 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/246 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+dir][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003300)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp URL **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /scripts/..)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 199 TCP 127.0.0.1:51062 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/246 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+ver][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003301)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp URL **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /scripts/..)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 TCP 127.0.0.1:51184 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/651 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/vbulletin/ajax/api/hook/decodeArguments?arguments=O%3A12%3A%22vB_dB_Result%22%3A2%3A%7Bs%3A5%3A%22%00%2A%00db%22%3BO%3A17%3A%22vB_Database_MySQL%22%3A1%3A%7Bs%3A9%3A%22functions%22%3Ba%3A1%3A%7Bs%3A11%3A%22free_result%22%3Bs%3A6%3A%22assert%22%3][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007058)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.250 (Executable)][PLAIN TEXT (GET /vbulletin/ajax/api/hook/de)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 TCP 127.0.0.1:51182 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/644 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/vb/ajax/api/hook/decodeArguments?arguments=O%3A12%3A%22vB_dB_Result%22%3A2%3A%7Bs%3A5%3A%22%00%2A%00db%22%3BO%3A17%3A%22vB_Database_MySQL%22%3A1%3A%7Bs%3A9%3A%22functions%22%3Ba%3A1%3A%7Bs%3A11%3A%22free_result%22%3Bs%3A6%3A%22assert%22%3B%7D%7D][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007058)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.248 (Executable)][PLAIN TEXT (GET /vb/ajax/api/hook/decodeArg)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 TCP 127.0.0.1:50946 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/387 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/html/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001397)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 270][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.284 (Executable)][PLAIN TEXT (GET /postnuke/html/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 4 TCP 127.0.0.1:50970 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/387 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/html/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001398)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 270][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.279 (Executable)][PLAIN TEXT (GET /postnuke/html/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 5 TCP 127.0.0.1:50934 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/386 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/html/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001397)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 270][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.285 (Executable)][PLAIN TEXT (GET /postnuke/html/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 6 TCP 127.0.0.1:50958 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/386 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/html/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001398)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 270][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.281 (Executable)][PLAIN TEXT (bGET /postnuke/html/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 7 TCP 127.0.0.1:50944 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/382 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001397)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 270][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.272 (Executable)][PLAIN TEXT (YGET /postnuke/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 8 TCP 127.0.0.1:50968 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/382 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001398)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 270][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.267 (Executable)][PLAIN TEXT (lGET /postnuke/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 9 TCP 127.0.0.1:50932 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/381 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001397)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 270][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.275 (Executable)][PLAIN TEXT (PGET /postnuke/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 10 TCP 127.0.0.1:50948 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/381 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/modules/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001397)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 270][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.277 (Executable)][PLAIN TEXT (GET /modules/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 11 TCP 127.0.0.1:50956 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/381 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001398)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 270][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.270 (Executable)][PLAIN TEXT (aGET /postnuke/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 12 TCP 127.0.0.1:50972 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/381 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/modules/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001398)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 270][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.272 (Executable)][PLAIN TEXT (oGET /modules/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 13 TCP 127.0.0.1:50936 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/380 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/modules/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001397)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 270][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.276 (Executable)][PLAIN TEXT (SGET /modules/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 14 TCP 127.0.0.1:50960 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/380 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/modules/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001398)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 270][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.271 (Executable)][PLAIN TEXT (eGET /modules/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 15 TCP 127.0.0.1:50950 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/379 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/phpBB/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001397)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 270][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.289 (Executable)][PLAIN TEXT (GET /phpBB/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 16 TCP 127.0.0.1:50952 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/379 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/forum/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001397)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 270][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.281 (Executable)][PLAIN TEXT (GET /forum/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 17 TCP 127.0.0.1:50974 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/379 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/phpBB/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001398)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 270][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.284 (Executable)][PLAIN TEXT (pGET /phpBB/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 18 TCP 127.0.0.1:50976 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/379 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/forum/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001398)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 270][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.274 (Executable)][PLAIN TEXT (rGET /forum/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 19 TCP 127.0.0.1:50878 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/378 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/html/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001390)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.298 (Executable)][PLAIN TEXT (GET /postnuke/html/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 20 TCP 127.0.0.1:50902 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/378 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/html/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001391)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.287 (Executable)][PLAIN TEXT (GET /postnuke/html/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 21 TCP 127.0.0.1:50938 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/378 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/phpBB/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001397)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 270][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.291 (Executable)][PLAIN TEXT (TGET /phpBB/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 22 TCP 127.0.0.1:50940 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/378 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/forum/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001397)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 270][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.280 (Executable)][PLAIN TEXT (WGET /forum/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 23 TCP 127.0.0.1:50962 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/378 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/phpBB/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001398)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 270][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.286 (Executable)][PLAIN TEXT (fGET /phpBB/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 24 TCP 127.0.0.1:50964 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/378 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/forum/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001398)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 270][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.274 (Executable)][PLAIN TEXT (hGET /forum/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 25 TCP 127.0.0.1:50866 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/377 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/html/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001390)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.300 (Executable)][PLAIN TEXT (GET /postnuke/html/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 26 TCP 127.0.0.1:50890 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/377 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/html/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001391)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.289 (Executable)][PLAIN TEXT (/GET /postnuke/html/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 27 TCP 127.0.0.1:51158 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/376 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/phpmoadmin/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007011)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.324 (Executable)][PLAIN TEXT (GET /phpmoadmin/wu)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 28 TCP 127.0.0.1:51160 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/376 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/wu-moadmin/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007011)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.328 (Executable)][PLAIN TEXT (GET /wu)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 29 TCP 127.0.0.1:51170 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/376 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/phpmoadmin/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007011)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.324 (Executable)][PLAIN TEXT (GET /phpmoadmin/wu)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 30 TCP 127.0.0.1:51174 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/376 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/wu-moadmin/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007011)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.328 (Executable)][PLAIN TEXT (GET /wu)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 31 TCP 127.0.0.1:50990 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/374 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.php?name=PNphpBB2&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001400)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 270][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.252 (Executable)][PLAIN TEXT (GET /index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 32 TCP 127.0.0.1:50876 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/373 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001390)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.286 (Executable)][PLAIN TEXT (GET /postnuke/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 33 TCP 127.0.0.1:50900 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/373 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001391)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.276 (Executable)][PLAIN TEXT (GET /postnuke/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 34 TCP 127.0.0.1:50942 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/373 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001397)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 270][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.258 (Executable)][PLAIN TEXT (GET /index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 35 TCP 127.0.0.1:50966 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/373 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001398)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 270][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.253 (Executable)][PLAIN TEXT (GET /index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 36 TCP 127.0.0.1:51150 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/373 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/phpmoadmin/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007011)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.316 (Executable)][PLAIN TEXT (GET /phpmoadmin/moadmin.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 37 TCP 127.0.0.1:51152 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/373 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/wu-moadmin/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007011)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.323 (Executable)][PLAIN TEXT (GET /wu)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 38 TCP 127.0.0.1:51162 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/373 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/moadmin/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007011)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.323 (Executable)][PLAIN TEXT (GET /moadmin/wu)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 39 TCP 127.0.0.1:51168 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/373 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/phpmoadmin/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007011)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.316 (Executable)][PLAIN TEXT (GET /phpmoadmin/moadmin.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 40 TCP 127.0.0.1:51172 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/373 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/wu-moadmin/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007011)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.323 (Executable)][PLAIN TEXT (GET /wu)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 41 TCP 127.0.0.1:51178 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/373 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/moadmin/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007011)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.323 (Executable)][PLAIN TEXT (GET /moadmin/wu)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 42 TCP 127.0.0.1:50864 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/372 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001390)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.290 (Executable)][PLAIN TEXT (GET /postnuke/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 43 TCP 127.0.0.1:50880 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/372 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/modules/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001390)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.294 (Executable)][PLAIN TEXT (GET /modules/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 44 TCP 127.0.0.1:50888 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/372 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001391)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.280 (Executable)][PLAIN TEXT (GET /postnuke/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 45 TCP 127.0.0.1:50904 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/372 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/modules/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001391)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.283 (Executable)][PLAIN TEXT (GET /modules/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 46 TCP 127.0.0.1:50924 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/372 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001394)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 270][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.261 (Executable)][PLAIN TEXT (GET /index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 47 TCP 127.0.0.1:50926 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/372 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001395)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 270][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.248 (Executable)][PLAIN TEXT (KGET /index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 48 TCP 127.0.0.1:50930 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/372 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001397)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 270][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.259 (Executable)][PLAIN TEXT (OGET /index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 49 TCP 127.0.0.1:50954 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/372 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001398)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 270][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.254 (Executable)][PLAIN TEXT (GET /index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 50 TCP 127.0.0.1:50868 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/371 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/modules/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001390)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.293 (Executable)][PLAIN TEXT (GET /modules/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 51 TCP 127.0.0.1:50892 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/371 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/modules/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001391)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.282 (Executable)][PLAIN TEXT (GET /modules/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 52 TCP 127.0.0.1:50882 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/370 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/phpBB/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001390)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.305 (Executable)][PLAIN TEXT (GET /phpBB/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 53 TCP 127.0.0.1:50884 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/370 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/forum/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001390)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.296 (Executable)][PLAIN TEXT (GET /forum/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 54 TCP 127.0.0.1:50906 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/370 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/phpBB/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001391)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.294 (Executable)][PLAIN TEXT (GET /phpBB/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 55 TCP 127.0.0.1:50908 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/370 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/forum/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001391)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.284 (Executable)][PLAIN TEXT (GET /forum/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 56 TCP 127.0.0.1:51154 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/370 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/moadmin/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007011)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.315 (Executable)][PLAIN TEXT (GET /moadmin/moadmin.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 57 TCP 127.0.0.1:51176 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/370 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/moadmin/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007011)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.315 (Executable)][PLAIN TEXT (GET /moadmin/moadmin.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 58 TCP 127.0.0.1:50870 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/369 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/phpBB/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001390)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.306 (Executable)][PLAIN TEXT (GET /phpBB/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 59 TCP 127.0.0.1:50872 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/369 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/forum/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001390)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.296 (Executable)][PLAIN TEXT ( GET /forum/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 60 TCP 127.0.0.1:50894 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/369 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/phpBB/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001391)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.296 (Executable)][PLAIN TEXT (GET /phpBB/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 61 TCP 127.0.0.1:50896 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/369 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/forum/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001391)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.284 (Executable)][PLAIN TEXT (GET /forum/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 62 TCP 127.0.0.1:50922 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/365 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.php?name=PNphpBB2&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001393)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.280 (Executable)][PLAIN TEXT (GGET /index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 63 TCP 127.0.0.1:51156 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/365 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007011)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.329 (Executable)][PLAIN TEXT (GET /wu)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 64 TCP 127.0.0.1:51166 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/365 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007011)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.329 (Executable)][PLAIN TEXT (GET /wu)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 65 TCP 127.0.0.1:50874 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/364 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001390)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.274 (Executable)][PLAIN TEXT (GET /index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 66 TCP 127.0.0.1:50898 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/364 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001391)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.263 (Executable)][PLAIN TEXT (GET /index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 67 TCP 127.0.0.1:50858 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/363 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001388)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.275 (Executable)][PLAIN TEXT (GET /index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 68 TCP 127.0.0.1:50862 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/363 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001390)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.276 (Executable)][PLAIN TEXT (GET /index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 69 TCP 127.0.0.1:50886 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/363 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001391)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.265 (Executable)][PLAIN TEXT (GET /index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 70 TCP 127.0.0.1:50982 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/363 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/html/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001399)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 270][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.213 (Executable)][PLAIN TEXT (wGET /postnuke/html/viewtopic.p)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 71 TCP 127.0.0.1:51148 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/362 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007011)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.321 (Executable)][PLAIN TEXT (GET /moadmin.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 72 TCP 127.0.0.1:51164 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/362 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007011)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.321 (Executable)][PLAIN TEXT (GET /moadmin.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 73 TCP 127.0.0.1:50566 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/359 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.action][Req Content-Type: %{#context['com.opensymphony.xwork2.dispatcher.HttpServletRespo][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:strutshock)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.394 (Executable)][PLAIN TEXT (GET /index.action HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 74 TCP 127.0.0.1:50568 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/359 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/login.action][Req Content-Type: %{#context['com.opensymphony.xwork2.dispatcher.HttpServletRespo][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:strutshock)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.399 (Executable)][PLAIN TEXT (GET /login.action HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 75 TCP 127.0.0.1:50980 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/358 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001399)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 270][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.192 (Executable)][PLAIN TEXT (GET /postnuke/viewtopic.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 76 TCP 127.0.0.1:50984 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/357 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/modules/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001399)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 270][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.204 (Executable)][PLAIN TEXT (yGET /modules/viewtopic.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 77 TCP 127.0.0.1:50986 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/355 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/phpBB/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001399)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 270][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.202 (Executable)][PLAIN TEXT (GET /phpBB/viewtopic.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 78 TCP 127.0.0.1:50988 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/355 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/forum/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001399)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 270][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.207 (Executable)][PLAIN TEXT (GET /forum/viewtopic.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 79 TCP 127.0.0.1:50914 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/354 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/html/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001392)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.215 (Executable)][PLAIN TEXT (AGET /postnuke/html/viewtopic.p)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 80 TCP 127.0.0.1:50912 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/349 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001392)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.194 (Executable)][PLAIN TEXT (GET /postnuke/viewtopic.php)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 81 TCP 127.0.0.1:50928 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/349 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001396)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 270][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.162 (Executable)][PLAIN TEXT (GET /viewtopic.php)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 82 TCP 127.0.0.1:50978 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/349 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001399)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 270][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.169 (Executable)][PLAIN TEXT (sGET /viewtopic.php)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 83 TCP 127.0.0.1:50916 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/348 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/modules/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001392)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.210 (Executable)][PLAIN TEXT (BGET /modules/viewtopic.php)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 84 TCP 127.0.0.1:50564 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/347 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/][Req Content-Type: %{#context['com.opensymphony.xwork2.dispatcher.HttpServletRespo][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:strutshock)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.418 (Executable)][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 85 TCP 127.0.0.1:50918 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/346 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/phpBB/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001392)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.205 (Executable)][PLAIN TEXT (GET /phpBB/viewtopic.php)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 86 TCP 127.0.0.1:50920 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/346 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/forum/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001392)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.210 (Executable)][PLAIN TEXT (FGET /forum/viewtopic.php)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 87 TCP 127.0.0.1:51202 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/343 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/login.cgi?cli=aa%20aa%27cat%20/etc/hosts][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007234)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.333 (Executable)][PLAIN TEXT (GET /login.cgi)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 88 TCP 127.0.0.1:51194 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/341 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/wls-wsat/RegistrationRequesterPortType][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007185)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.321 (Executable)][PLAIN TEXT (GET /wls)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 89 TCP 127.0.0.1:50860 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/340 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001389)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.178 (Executable)][PLAIN TEXT (GET /viewtopic.php)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 90 TCP 127.0.0.1:50910 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/340 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001392)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.172 (Executable)][PLAIN TEXT (GET /viewtopic.php)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 91 TCP 127.0.0.1:51198 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/337 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/wls-wsat/RegistrationPortTypeRPC11][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007187)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.328 (Executable)][PLAIN TEXT (GET /wls)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 92 TCP 127.0.0.1:51190 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/335 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/wls-wsat/RegistrationPortTypeRPC][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007183)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.330 (Executable)][PLAIN TEXT (GET /wls)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 93 TCP 127.0.0.1:51196 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/333 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/wls-wsat/CoordinatorPortType11][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007186)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.303 (Executable)][PLAIN TEXT (GET /wls)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 94 TCP 127.0.0.1:51200 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/333 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/wls-wsat/ParticipantPortType11][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007188)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.310 (Executable)][PLAIN TEXT (GET /wls)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 95 TCP 127.0.0.1:51188 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/331 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/wls-wsat/CoordinatorPortType][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007182)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.302 (Executable)][PLAIN TEXT (GET /wls)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 96 TCP 127.0.0.1:51192 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/331 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/wls-wsat/ParticipantPortType][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007184)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.320 (Executable)][PLAIN TEXT (GET /wls)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 97 TCP 127.0.0.1:51186 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/326 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/shell?cat%20/etc/passwd][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007084)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 270][Risk Info: No server to client traffic / Found host 127.0.0.1 / Possible WebShell detected / Expected on port 80 / Entropy: 5.349 (Execut][PLAIN TEXT (GET /shell)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 98 TCP 127.0.0.1:51204 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/323 bytes -> 0 pkts/0 bytes][Goodput ratio: 79/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/shell?cat+/etc/hosts][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007235)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 270][Risk Info: No server to client traffic / Found host 127.0.0.1 / Possible WebShell detected / Expected on port 80 / Entropy: 5.323 (Execut][PLAIN TEXT (GET /shell)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 99 TCP 127.0.0.1:51008 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/316 bytes -> 0 pkts/0 bytes][Goodput ratio: 79/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/community/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003039)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 270][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.375 (Executable)][PLAIN TEXT (GET /community/calendar.php)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 100 TCP 127.0.0.1:51012 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/316 bytes -> 0 pkts/0 bytes][Goodput ratio: 79/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/vbulletin/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003040)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 270][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.364 (Executable)][PLAIN TEXT (GET /vbulletin/calendar.php)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 101 TCP 127.0.0.1:51004 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/314 bytes -> 0 pkts/0 bytes][Goodput ratio: 79/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/htforum/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003039)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 270][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.395 (Executable)][PLAIN TEXT (GET /htforum/calendar.php)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 102 TCP 127.0.0.1:51000 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/313 bytes -> 0 pkts/0 bytes][Goodput ratio: 79/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/forums/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003039)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 270][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.396 (Executable)][PLAIN TEXT (GET /forums/calendar.php)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 103 TCP 127.0.0.1:51002 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/313 bytes -> 0 pkts/0 bytes][Goodput ratio: 79/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/forumz/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003039)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 270][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.405 (Executable)][PLAIN TEXT (GET /forumz/calendar.php)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 104 TCP 127.0.0.1:50998 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/312 bytes -> 0 pkts/0 bytes][Goodput ratio: 79/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/forum/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003039)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 270][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.397 (Executable)][PLAIN TEXT (GET /forum/calendar.php)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 105 TCP 127.0.0.1:51006 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/312 bytes -> 0 pkts/0 bytes][Goodput ratio: 79/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/board/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003039)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 270][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.363 (Executable)][PLAIN TEXT (GET /board/calendar.php)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 106 TCP 127.0.0.1:51010 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/309 bytes -> 0 pkts/0 bytes][Goodput ratio: 78/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/vb/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003040)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 270][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.360 (Executable)][PLAIN TEXT (GET /vb/calendar.php)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 107 TCP 127.0.0.1:50996 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/306 bytes -> 0 pkts/0 bytes][Goodput ratio: 78/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003039)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 270][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.359 (Executable)][PLAIN TEXT (GET /calendar.php)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 108 TCP 127.0.0.1:49774 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/304 bytes -> 0 pkts/0 bytes][Goodput ratio: 78/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/typo3/dev/translations.php?ONLY=%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/HASH(0x5559e84fbc40)%00][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:Directory traversal check)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.304 (Executable)][PLAIN TEXT (GET /typo)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 109 TCP 127.0.0.1:49778 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/299 bytes -> 0 pkts/0 bytes][Goodput ratio: 78/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/typo3/dev/translations.php?ONLY=%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/windows/win.ini%00][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:Directory traversal check)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.154 (Executable)][PLAIN TEXT (GET /typo)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 110 TCP 127.0.0.1:49776 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/297 bytes -> 0 pkts/0 bytes][Goodput ratio: 78/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/typo3/dev/translations.php?ONLY=%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/winnt/win.ini%00][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:Directory traversal check)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.137 (Executable)][PLAIN TEXT (GET /typo)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 111 TCP 127.0.0.1:49780 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/294 bytes -> 0 pkts/0 bytes][Goodput ratio: 77/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/typo3/dev/translations.php?ONLY=%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd%00][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:Directory traversal check)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 270][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.150 (Executable)][PLAIN TEXT (GET /typo)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 112 TCP 127.0.0.1:49772 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/293 bytes -> 0 pkts/0 bytes][Goodput ratio: 77/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/typo3/dev/translations.php?ONLY=%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/hosts%00][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:Directory traversal check)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.119 (Executable)][PLAIN TEXT (GET /typo)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 113 TCP 127.0.0.1:49770 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/292 bytes -> 0 pkts/0 bytes][Goodput ratio: 77/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/typo3/dev/translations.php?ONLY=%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/boot.ini%00][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:Directory traversal check)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.139 (Executable)][PLAIN TEXT (GET /typo)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 114 TCP 127.0.0.1:50464 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/289 bytes -> 0 pkts/0 bytes][Goodput ratio: 77/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/defaultwebpage.cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.273 (Executable)][PLAIN TEXT (GET /defaultwebpage.c)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 115 TCP 127.0.0.1:50478 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/289 bytes -> 0 pkts/0 bytes][Goodput ratio: 77/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/FormMail-clone.cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.248 (Executable)][PLAIN TEXT (GET /FormMail)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 116 TCP 127.0.0.1:50518 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/289 bytes -> 0 pkts/0 bytes][Goodput ratio: 77/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/restore_config.cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.180 (Executable)][PLAIN TEXT (GET /restore)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 117 TCP 127.0.0.1:50444 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/288 bytes -> 0 pkts/0 bytes][Goodput ratio: 77/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/administrator.cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.246 (Executable)][PLAIN TEXT (GET /administrator.cgi HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 118 TCP 127.0.0.1:50468 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/288 bytes -> 0 pkts/0 bytes][Goodput ratio: 77/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/entropysearch.cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.204 (Executable)][PLAIN TEXT (GET /entropysearch.cgi HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 119 TCP 127.0.0.1:50472 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/286 bytes -> 0 pkts/0 bytes][Goodput ratio: 77/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/environment.cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.189 (Executable)][PLAIN TEXT (GET /environment.cgi HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 120 TCP 127.0.0.1:50446 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/284 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/authLogin.cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.227 (Executable)][PLAIN TEXT (GET /authLogin.cgi HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 121 TCP 127.0.0.1:50480 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/284 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/guestbook.cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.216 (Executable)][PLAIN TEXT (GET /guestbook.cgi HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 122 TCP 127.0.0.1:50550 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/284 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/tmUnblock.cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.247 (Executable)][PLAIN TEXT (GET /tmUnblock.cgi HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 123 TCP 127.0.0.1:50466 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/283 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/download.cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.245 (Executable)][PLAIN TEXT (GET /download.c)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 124 TCP 127.0.0.1:50474 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/283 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/ezmlm-browse][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.236 (Executable)][PLAIN TEXT (GET /ezmlm)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 125 TCP 127.0.0.1:50476 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/283 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/formmail.cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.240 (Executable)][PLAIN TEXT (GET /formmail.c)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 126 TCP 127.0.0.1:50482 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/283 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/helpdesk.cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.220 (Executable)][PLAIN TEXT (GET /helpdesk.c)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 127 TCP 127.0.0.1:50494 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/283 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/loadpage.cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.235 (Executable)][PLAIN TEXT (GET /loadpage.c)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 128 TCP 127.0.0.1:50538 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/283 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/test_cgi.php][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.194 (Executable)][PLAIN TEXT (GET /test)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 129 TCP 127.0.0.1:50540 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/283 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/test.cgi.php][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.189 (Executable)][PLAIN TEXT (GET /test.c)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 130 TCP 127.0.0.1:50454 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/282 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cgiinfo.cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.193 (Executable)][PLAIN TEXT (GET /cgiinfo.cgi HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 131 TCP 127.0.0.1:50458 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/282 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cgi_wrapper][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.220 (Executable)][PLAIN TEXT (GET /cgi)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 132 TCP 127.0.0.1:50460 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/282 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/contact.cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.188 (Executable)][PLAIN TEXT (GET /contact.cgi HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 133 TCP 127.0.0.1:50502 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/282 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/pathtest.pl][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.201 (Executable)][PLAIN TEXT (GET /pathtest.pl HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 134 TCP 127.0.0.1:50542 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/282 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/test_cgi.pl][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.198 (Executable)][PLAIN TEXT (GET /test)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 135 TCP 127.0.0.1:50544 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/282 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/test-cgi.pl][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.190 (Executable)][PLAIN TEXT (GET /test)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 136 TCP 127.0.0.1:50554 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/282 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/viewcvs.cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.209 (Executable)][PLAIN TEXT (GET /viewcvs.cgi HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 137 TCP 127.0.0.1:50448 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/281 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/bb-hist.sh][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.201 (Executable)][PLAIN TEXT (GET /bb)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 138 TCP 127.0.0.1:50450 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/281 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/banner.cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.206 (Executable)][PLAIN TEXT (GET /banner.c)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 139 TCP 127.0.0.1:50456 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/281 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cgitest.py][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.202 (Executable)][PLAIN TEXT (GET /cgitest.py HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 140 TCP 127.0.0.1:50524 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/281 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/search.cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.188 (Executable)][PLAIN TEXT (GET /search.c)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 141 TCP 127.0.0.1:50526 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/281 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/server.php][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.172 (Executable)][PLAIN TEXT (GET /server.php HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 142 TCP 127.0.0.1:50530 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/281 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/sysinfo.pl][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.223 (Executable)][PLAIN TEXT (GET /sysinfo.pl HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 143 TCP 127.0.0.1:50442 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/280 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/admin.cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.238 (Executable)][PLAIN TEXT (GET /admin.cgi HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 144 TCP 127.0.0.1:50462 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/280 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/count.cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.179 (Executable)][PLAIN TEXT (GET /count.cgi HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 145 TCP 127.0.0.1:50484 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/280 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.211 (Executable)][PLAIN TEXT (GET /index.cgi HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 146 TCP 127.0.0.1:50486 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/280 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.php][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.214 (Executable)][PLAIN TEXT (GET /index.php HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 147 TCP 127.0.0.1:50496 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/280 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/login.cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.193 (Executable)][PLAIN TEXT (GET /login.cgi HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 148 TCP 127.0.0.1:50498 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/280 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/login.php][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.200 (Executable)][PLAIN TEXT (GET /login.php HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 149 TCP 127.0.0.1:50552 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/280 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/uname.cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.213 (Executable)][PLAIN TEXT (GET /uname.cgi HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 150 TCP 127.0.0.1:50558 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/280 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/whois.cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.200 (Executable)][PLAIN TEXT (GET /whois.cgi HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 151 TCP 127.0.0.1:50452 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/279 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/book.cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.207 (Executable)][PLAIN TEXT (GET /book.c)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 152 TCP 127.0.0.1:50488 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/279 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.pl][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.218 (Executable)][PLAIN TEXT (GET /index.pl HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 153 TCP 127.0.0.1:50490 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/279 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/info.cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.188 (Executable)][PLAIN TEXT (GET /info.c)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 154 TCP 127.0.0.1:50500 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/279 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/login.pl][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.201 (Executable)][PLAIN TEXT (GET /login.pl HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 155 TCP 127.0.0.1:50514 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/279 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/php.fcgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.200 (Executable)][PLAIN TEXT (GET /php.fc)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 156 TCP 127.0.0.1:50516 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/279 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/printenv][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.178 (Executable)][PLAIN TEXT (GET /printenv HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 157 TCP 127.0.0.1:50534 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/279 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/test-cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.169 (Executable)][PLAIN TEXT (GET /test)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 158 TCP 127.0.0.1:50536 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/279 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/test.cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.174 (Executable)][PLAIN TEXT (GET /test.c)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 159 TCP 127.0.0.1:50470 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/278 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/env.cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.179 (Executable)][PLAIN TEXT (GET /env.cgi HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 160 TCP 127.0.0.1:50492 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/278 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/info.sh][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.182 (Executable)][PLAIN TEXT (GET /info.sh HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 161 TCP 127.0.0.1:50510 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/278 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/php-cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.186 (Executable)][PLAIN TEXT (GET /php)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 162 TCP 127.0.0.1:50512 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/278 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/php.cgi][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.191 (Executable)][PLAIN TEXT (GET /php.cgi HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 163 TCP 127.0.0.1:50520 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/278 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/ruby.rb][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.211 (Executable)][PLAIN TEXT (GET /ruby.rb HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 164 TCP 127.0.0.1:50546 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/278 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/test.py][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.188 (Executable)][PLAIN TEXT (GET /test.py HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 165 TCP 127.0.0.1:50548 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/278 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/test.sh][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.163 (Executable)][PLAIN TEXT (GET /test.sh HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 166 TCP 127.0.0.1:50556 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/278 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/welcome][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.186 (Executable)][PLAIN TEXT (GET /welcome HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 167 TCP 127.0.0.1:51070 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/278 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/reports/rwservlet?server=repserv+report=/tmp/hacker.rdf+destype=cache+desformat=PDF][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003437)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.240 (Executable)][PLAIN TEXT (GET /reports/rwservlet)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 168 TCP 127.0.0.1:50522 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/277 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/search][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.173 (Executable)][PLAIN TEXT (GET /search HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 169 TCP 127.0.0.1:50528 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/277 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/status][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.195 (Executable)][PLAIN TEXT (GET /status HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 170 TCP 127.0.0.1:50506 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/275 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/php4][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.177 (Executable)][PLAIN TEXT (GET /php4 HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 171 TCP 127.0.0.1:50508 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/275 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/php5][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.195 (Executable)][PLAIN TEXT (GET /php5 HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 172 TCP 127.0.0.1:50532 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/275 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/test][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.158 (Executable)][PLAIN TEXT (GET /test HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 173 TCP 127.0.0.1:51064 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/275 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/_vti_bin/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003302)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp URL **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.142 (Executable)][PLAIN TEXT (bin/..)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 174 TCP 127.0.0.1:50504 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/274 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/php][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.176 (Executable)][PLAIN TEXT (GET /php HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 175 TCP 127.0.0.1:50662 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/272 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/phpnuke/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001164)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.355 (Executable)][PLAIN TEXT (GET /phpnuke/modules.php)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 176 TCP 127.0.0.1:50438 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/271 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.161 (Executable)][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 177 TCP 127.0.0.1:50440 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/271 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.161 (Executable)][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 178 TCP 127.0.0.1:50560 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/271 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/][User-Agent: () { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Suspicious Log4J / Expected on port 80 / Entropy: 5.161 (Executable)][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 179 TCP 127.0.0.1:50660 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/270 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/phpnuke/html/.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001163)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.350 (Executable)][PLAIN TEXT (GET /phpnuke/html/.php)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 180 TCP 127.0.0.1:50656 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/269 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/nuke/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001161)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.334 (Executable)][PLAIN TEXT (GET /nuke/modules.php)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 181 TCP 127.0.0.1:50620 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/266 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/msadc/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir+c:%5c][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000494)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp URL **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.174 (Executable)][PLAIN TEXT (GET /msadc/..)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 182 TCP 127.0.0.1:50622 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/266 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/msadc/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir+c:%5c][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000495)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp URL **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.161 (Executable)][PLAIN TEXT (GET /msadc/..)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 183 TCP 127.0.0.1:51036 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/266 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/_vti_bin/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003199)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp URL **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.209 (Executable)][PLAIN TEXT (bin/..)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 184 TCP 127.0.0.1:51094 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/265 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/awcuser/cgi-bin/vcs?xsl=/vcs/vcs_home.xsl%26cat%20%22/etc/passwd%22%26][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:006994)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 270][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.297 (Executable)][PLAIN TEXT (GET /awcuser/cgi)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 185 TCP 127.0.0.1:50654 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/264 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001160)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.340 (Executable)][PLAIN TEXT (YGET /modules.php)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 186 TCP 127.0.0.1:50688 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/261 bytes -> 0 pkts/0 bytes][Goodput ratio: 74/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/16/level/16/exec//show/running-config/interface/FastEthernet][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001262)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.072 (Executable)][PLAIN TEXT (rGET /level/16/level/16/exec//s)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 187 TCP 127.0.0.1:51054 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/258 bytes -> 0 pkts/0 bytes][Goodput ratio: 74/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/msadc/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003297)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp URL **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.199 (Executable)][PLAIN TEXT (GET /msadc/..)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 188 TCP 127.0.0.1:50594 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/257 bytes -> 0 pkts/0 bytes][Goodput ratio: 74/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/forumdisplay.php?GLOBALS\[\]=1&f=2&comma=\".system\('id'\)\.\"][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000070)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.495 (Executable)][PLAIN TEXT (GET /forumdisplay.php)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 189 TCP 127.0.0.1:51026 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/255 bytes -> 0 pkts/0 bytes][Goodput ratio: 74/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/pbserver/..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003194)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp URL **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.245 (Executable)][PLAIN TEXT (GET /pbserver/..)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 190 TCP 127.0.0.1:51020 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/254 bytes -> 0 pkts/0 bytes][Goodput ratio: 74/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cgi-bin/..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003191)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp URL **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.219 (Executable)][PLAIN TEXT (GET /cgi)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 191 TCP 127.0.0.1:51056 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/254 bytes -> 0 pkts/0 bytes][Goodput ratio: 74/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/pbserver/..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003298)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp URL **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.252 (Executable)][PLAIN TEXT (GET /pbserver/..)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 192 TCP 127.0.0.1:51050 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/253 bytes -> 0 pkts/0 bytes][Goodput ratio: 74/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cgi-bin/..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003295)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp URL **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.224 (Executable)][PLAIN TEXT (GET /cgi)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 193 TCP 127.0.0.1:51024 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/252 bytes -> 0 pkts/0 bytes][Goodput ratio: 74/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/msadc/..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003193)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp URL **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.211 (Executable)][PLAIN TEXT (GET /msadc/..)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 194 TCP 127.0.0.1:50632 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/250 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cgi-bin/handler/netsonar;cat /etc/passwd|?data=Download][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001070)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.180 (Executable)][PLAIN TEXT (HGET /c)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 195 TCP 127.0.0.1:51028 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/250 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/rpc/..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003195)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp URL **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.222 (Executable)][PLAIN TEXT (GET /rpc/..)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 196 TCP 127.0.0.1:51034 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/248 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir+c:\"][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003198)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp URL **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.258 (Executable)][PLAIN TEXT (GET /scripts/..)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 197 TCP 127.0.0.1:51052 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/248 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/iisadmpwd/..%255c..%255cwinnt/system32/cmd.exe?/c+dir][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003296)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp URL **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.259 (Executable)][PLAIN TEXT (GET /iisadmpwd/..)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 198 TCP 127.0.0.1:51060 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/246 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+dir][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003300)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp URL **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.202 (Executable)][PLAIN TEXT (GET /scripts/..)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 199 TCP 127.0.0.1:51062 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/246 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+ver][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003301)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp URL **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.197 (Executable)][PLAIN TEXT (GET /scripts/..)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 200 TCP 127.0.0.1:50562 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/245 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/../../../../../../../../../../../../etc/shadow][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:dishwasher)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp URL **** Possible Exploit Attempt **** Unidirectional Traffic **][Risk Score: 320][Risk Info: No server to client traffic / Found host 127.0.0.1 / URL starting with dot / Expected on port 80][PLAIN TEXT (GET /../../../../../../../../..)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 201 TCP 127.0.0.1:51022 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/245 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/iisadmpwd/..%c0%af../winnt/system32/cmd.exe?/c+dir][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003192)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp URL **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /iisadmpwd/..)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 202 TCP 127.0.0.1:49768 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/243 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:apache_expect_xss)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 203 TCP 127.0.0.1:51018 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/243 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/certsrv/..%c0%af../winnt/system32/cmd.exe?/c+dir][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003190)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp URL **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /certsrv/..)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 204 TCP 127.0.0.1:51030 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/243 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003196)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp URL **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /scripts/..)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 205 TCP 127.0.0.1:51032 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/243 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003197)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp URL **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /scripts/..)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 206 TCP 127.0.0.1:51058 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/242 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/rpc/..%255c..%255cwinnt/system32/cmd.exe?/c+dir][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003299)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp URL **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /rpc/..)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 207 TCP 127.0.0.1:51082 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/242 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/3rdparty/phpMyAdmin/server_sync.php?c=phpinfo()][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:006608)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /3rdparty/phpMyAdmin/server)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 208 TCP 127.0.0.1:51086 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/242 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/3rdparty/phpmyadmin/server_sync.php?c=phpinfo()][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:006608)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /3rdparty/phpmyadmin/server)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 209 TCP 127.0.0.1:49718 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/241 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: BREACH Test)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (eGET / HTTP/1.1)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 210 TCP 127.0.0.1:50684 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/241 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/16/level/16/exec//show/interfaces/status][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001260)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (oGET /level/16/level/16/exec//s)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 211 TCP 127.0.0.1:49764 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/240 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:negotiate)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /index HTTP/1.1)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 212 TCP 127.0.0.1:50658 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/240 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/perl/-e%20%22system('cat%20/etc/passwd');\%22][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001162)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /perl/)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 213 TCP 127.0.0.1:51048 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/239 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/certsrv/..%255cwinnt/system32/cmd.exe?/c+dir][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003294)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp URL **** Unidirectional Traffic **][Risk Score: 170][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /certsrv/..)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 214 TCP 127.0.0.1:51068 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/239 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/ans/ans.pl?p=../../../../../usr/bin/id|&blah][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003371)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /ans/ans.pl)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 215 TCP 127.0.0.1:49550 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/238 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0hXC6ZUE.rdf+destype=cache+desformat=PDF][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /0h)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 216 TCP 127.0.0.1:50680 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/237 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/16/level/16/exec//show/configuration][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001258)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (lGET /level/16/level/16/exec//s)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 217 TCP 127.0.0.1:49690 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/235 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: IIS internal IP)][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 80][PLAIN TEXT (OGET /Microsoft)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 218 TCP 127.0.0.1:49702 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/235 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: IIS internal IP)][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 80][PLAIN TEXT (GET /Microsoft)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 219 TCP 127.0.0.1:50626 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/235 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/athenareg.php?pass=%20;cat%20/etc/passwd][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000667)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (@GET /athenareg.php)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 220 TCP 127.0.0.1:51066 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/235 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/ans.pl?p=../../../../../usr/bin/id|&blah][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003370)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /ans.pl)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 221 TCP 127.0.0.1:50608 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/234 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cgi-local/cgiemail-1.6/cgicso?query=AAA][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000344)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /cgi)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 222 TCP 127.0.0.1:50682 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/234 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/16/level/16/exec//show/interfaces][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001259)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (nGET /level/16/level/16/exec//s)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 223 TCP 127.0.0.1:51038 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/234 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/admin/system.php3?cmd=cat%20/etc/passwd][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003216)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /admin/system.php)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 224 TCP 127.0.0.1:49664 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/233 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:origin_reflection)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 225 TCP 127.0.0.1:51084 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/233 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/phpMyAdmin/server_sync.php?c=phpinfo()][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:006608)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /phpMyAdmin/server)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 226 TCP 127.0.0.1:51088 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/233 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/phpmyadmin/server_sync.php?c=phpinfo()][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:006608)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /phpmyadmin/server)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 227 TCP 127.0.0.1:51042 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/232 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/admin/exec.php3?cmd=cat%20/etc/passwd][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003218)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /admin/exec.php)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 228 TCP 127.0.0.1:50574 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/231 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cfdocs/examples/cvbeans/beaninfo.cfm][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000014)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /cfdocs/examples/cv)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 229 TCP 127.0.0.1:50644 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/231 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cfdocs/snippets/gettempdirectory.cfm][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001076)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /cfdocs/snippets/gettempdir)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 230 TCP 127.0.0.1:50652 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/231 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/mods/apage/apage.cgi?f=file.htm.|id|][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001159)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /mods/apage/apage.c)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 231 TCP 127.0.0.1:50672 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/231 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/16/exec/-///show/configuration][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001254)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (fGET /level/16/exec/)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 232 TCP 127.0.0.1:50686 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/231 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/16/level/16/exec//show/version][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001261)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/16/level/16/exec//sh)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 233 TCP 127.0.0.1:50618 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/230 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/c/winnt/system32/cmd.exe?/c+dir+/OG][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000491)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /c/winnt/system)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 234 TCP 127.0.0.1:50668 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/230 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/pls/simpledad/admin_/dadentries.htm][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001167)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /pls/simpledad/admin)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 235 TCP 127.0.0.1:49644 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/229 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/clientaccesspolicy.xml][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:clientaccesspolicy)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /clientaccesspolicy.xml HTT)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 236 TCP 127.0.0.1:49666 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/228 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:origin_reflection)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 237 TCP 127.0.0.1:50612 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/228 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/servlet/sunexamples.BBoardServlet][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000346)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /servlet/sunexamples.BBoard)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 238 TCP 127.0.0.1:50576 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/227 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cfdocs/examples/parks/detail.cfm][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000015)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /cfdocs/examples/parks/deta)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 239 TCP 127.0.0.1:50678 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/227 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/16/exec//show/access-lists][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001257)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/16/exec//show/access)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 240 TCP 127.0.0.1:51040 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/227 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/admin/system.php3?cmd=dir%20c:\\][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003217)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /admin/system.php)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 241 TCP 127.0.0.1:51090 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/226 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/pma/server_sync.php?c=phpinfo()][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:006608)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /pma/server)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 242 TCP 127.0.0.1:49684 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/225 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: IIS internal IP)][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 80][PLAIN TEXT (KGET /Autodiscover/Autodiscover)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 243 TCP 127.0.0.1:50646 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/225 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/dostuff.php?action=modify_user][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001091)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (SGET /dostuff.php)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 244 TCP 127.0.0.1:51044 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/225 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/admin/exec.php3?cmd=dir%20c:\\][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003219)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /admin/exec.php)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 245 TCP 127.0.0.1:49674 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/224 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/junk988.aspx][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (BGET /junk988.asp)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 246 TCP 127.0.0.1:50598 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/224 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/html/cgi-bin/cgicso?query=AAA][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000072)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /html/c)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 247 TCP 127.0.0.1:49670 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/223 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/junk999.asp][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (@GET /junk999.asp HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 248 TCP 127.0.0.1:49688 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/223 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: IIS internal IP)][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 80][PLAIN TEXT (NGET /Microsoft)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 249 TCP 127.0.0.1:49672 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.aspx][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (AGET /index.asp)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 250 TCP 127.0.0.1:49678 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/login.aspx][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (EGET /login.asp)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 251 TCP 127.0.0.1:50592 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/scripts/samples/details.idc][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000023)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /scripts/samples/details.id)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 252 TCP 127.0.0.1:50604 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/scripts/Carello/Carello.dll][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000144)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (/GET /scripts/Carello/Carello.d)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 253 TCP 127.0.0.1:49668 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/221 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.asp][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /index.asp HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 254 TCP 127.0.0.1:49676 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/221 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/login.asp][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (DGET /login.asp HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 255 TCP 127.0.0.1:50614 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/221 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/servlets/SchedulerTransfer][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000347)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /servlets/SchedulerTransfer)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 256 TCP 127.0.0.1:50638 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/221 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/ews/ews/architext_query.pl][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001073)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (LGET /ews/ews/architext)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 257 TCP 127.0.0.1:50642 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/221 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/instantwebmail/message.php][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001075)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (PGET /instantwebmail/message.ph)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 258 TCP 127.0.0.1:49562 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/220 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0hXC6ZUE.BBoardServlet][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /0h)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 259 TCP 127.0.0.1:49660 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/220 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/nonexistent.nsf][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:Domino detection)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /nonexistent.nsf HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 260 TCP 127.0.0.1:50610 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/220 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/servlet/SchedulerTransfer][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000345)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /servlet/SchedulerTransfer )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 261 TCP 127.0.0.1:50624 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/220 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/msadc/samples/adctest.asp][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000496)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /msadc/samples/adctest.asp )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 262 TCP 127.0.0.1:50628 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/220 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cd-cgi/sscd_suncourier.pl][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001067)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (EGET /cd)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 263 TCP 127.0.0.1:50596 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/219 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/guestbook/guestbook.html][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000071)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /guestbook/guestbook.html H)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 264 TCP 127.0.0.1:50616 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/218 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/perl/-e%20print%20Hello][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000352)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /perl/)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 265 TCP 127.0.0.1:49658 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/217 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/webadmin.nsf][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:Domino detection)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /webadmin.nsf HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 266 TCP 127.0.0.1:50636 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/217 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/DB4Web/10.10.10.10:100][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001072)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /DB)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 267 TCP 127.0.0.1:49766 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/216 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/~bin][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:apacheusers: known user)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (bin HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 268 TCP 127.0.0.1:49886 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/216 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.1.tar.lzma][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.0.1.tar.lzma HTTP/1.)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 269 TCP 127.0.0.1:49888 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/216 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.1.tar.lzma][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.0.1.tar.lzma HTTP/1.)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 270 TCP 127.0.0.1:50290 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/216 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127_0_0_1.tar.lzma][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 271 TCP 127.0.0.1:50292 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/216 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127_0_0_1.tar.lzma][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 272 TCP 127.0.0.1:50408 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/216 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/favicons/favicon.ico][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:favicon)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /favicons/favicon.ico HTTP/)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 273 TCP 127.0.0.1:50412 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/216 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/favicons/favicon.gif][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:favicon)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /favicons/favicon.gif HTTP/)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 274 TCP 127.0.0.1:50416 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/216 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/favicons/favicon.png][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:favicon)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /favicons/favicon.png HTTP/)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 275 TCP 127.0.0.1:50590 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/216 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/tiki/tiki-install.php][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000022)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /tiki/tiki)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 276 TCP 127.0.0.1:50670 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/216 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/16/exec/-///pwd][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001253)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (eGET /level/16/exec/)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 277 TCP 127.0.0.1:49646 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/215 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/crossdomain.xml][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:crossdomain)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /crossdomain.xml HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 278 TCP 127.0.0.1:49650 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/215 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/domcfg.nsf][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:Domino detection)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (.GET /domcfg.nsf HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 279 TCP 127.0.0.1:49654 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/215 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/admin4.nsf][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:Domino detection)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /admin4.nsf HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 280 TCP 127.0.0.1:49656 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/215 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/admin5.nsf][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:Domino detection)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /admin5.nsf HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 281 TCP 127.0.0.1:49750 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/215 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/default.aspx][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:multiple_index)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /default.aspx HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 282 TCP 127.0.0.1:50022 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/215 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127_0_0_1.tar.bz2][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (YGET /127)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 283 TCP 127.0.0.1:50024 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/215 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127_0_0_1.tar.bz2][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 284 TCP 127.0.0.1:50146 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/215 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.1.tar.bz2][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.0.1.tar.bz)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 285 TCP 127.0.0.1:50148 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/215 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.1.tar.bz2][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.0.1.tar.bz)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 286 TCP 127.0.0.1:51014 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/215 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/_vti_bin/fpcount.exe][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003089)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (bin/fpcount.exe HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 287 TCP 127.0.0.1:49592 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0hXC6ZUE.exe|dir][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /0h)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 288 TCP 127.0.0.1:49638 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cgi-bin-sdb/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:cgi dir check)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /cgi)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 289 TCP 127.0.0.1:49652 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/admin.nsf][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:Domino detection)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (/GET /admin.nsf HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 290 TCP 127.0.0.1:49736 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.shtml][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:multiple_index)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (uGET /index.shtml HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 291 TCP 127.0.0.1:49748 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/default.asp][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:multiple_index)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /default.asp HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 292 TCP 127.0.0.1:49752 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/default.htm][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:multiple_index)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /default.htm HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 293 TCP 127.0.0.1:49756 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.jhtml][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:multiple_index)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /index.jhtml HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 294 TCP 127.0.0.1:49874 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.tar.lzma][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.0.tar.lzma HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 295 TCP 127.0.0.1:49876 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.tar.lzma][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.0.tar.lzma HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 296 TCP 127.0.0.1:49914 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127_0_0_1.tar.gz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 297 TCP 127.0.0.1:49916 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127_0_0_1.tar.gz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 298 TCP 127.0.0.1:50262 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.1.tar.gz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.0.1.tar.gz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 299 TCP 127.0.0.1:50264 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.1.tar.gz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.0.1.tar.gz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 300 TCP 127.0.0.1:50634 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cgi-bin/webdist.cgi][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001071)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (IGET /c)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 301 TCP 127.0.0.1:50640 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/exec/show/config/cr][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001074)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (NGET /exec/show/config/cr HTTP/)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 302 TCP 127.0.0.1:50648 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/logjam/showhits.php][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001157)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (UGET /logjam/showhits.php HTTP/)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 303 TCP 127.0.0.1:50690 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/16/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001263)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (tGET /level/16/exec//show HTTP/)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 304 TCP 127.0.0.1:50692 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/17/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001264)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (uGET /level/17/exec//show HTTP/)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 305 TCP 127.0.0.1:50694 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/18/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001265)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (wGET /level/18/exec//show HTTP/)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 306 TCP 127.0.0.1:50696 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/19/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001266)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/19/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 307 TCP 127.0.0.1:50698 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/20/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001267)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/20/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 308 TCP 127.0.0.1:50700 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/21/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001268)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/21/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 309 TCP 127.0.0.1:50702 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/22/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001269)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/22/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 310 TCP 127.0.0.1:50704 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/23/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001270)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/23/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 311 TCP 127.0.0.1:50706 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/24/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001271)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/24/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 312 TCP 127.0.0.1:50708 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/25/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001272)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/25/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 313 TCP 127.0.0.1:50710 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/26/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001273)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/26/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 314 TCP 127.0.0.1:50712 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/27/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001274)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/27/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 315 TCP 127.0.0.1:50714 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/28/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001275)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/28/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 316 TCP 127.0.0.1:50716 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/29/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001276)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/29/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 317 TCP 127.0.0.1:50718 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/30/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001277)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/30/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 318 TCP 127.0.0.1:50720 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/31/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001278)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/31/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 319 TCP 127.0.0.1:50722 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/32/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001279)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/32/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 320 TCP 127.0.0.1:50724 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/33/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001280)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/33/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 321 TCP 127.0.0.1:50726 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/34/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001281)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/34/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 322 TCP 127.0.0.1:50728 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/35/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001282)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/35/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 323 TCP 127.0.0.1:50730 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/36/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001283)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/36/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 324 TCP 127.0.0.1:50732 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/37/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001284)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/37/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 325 TCP 127.0.0.1:50734 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/38/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001285)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/38/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 326 TCP 127.0.0.1:50736 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/39/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001286)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/39/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 327 TCP 127.0.0.1:50738 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/40/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001287)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/40/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 328 TCP 127.0.0.1:50740 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/41/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001288)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/41/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 329 TCP 127.0.0.1:50742 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/42/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001289)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/42/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 330 TCP 127.0.0.1:50744 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/43/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001290)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/43/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 331 TCP 127.0.0.1:50746 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/44/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001291)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/44/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 332 TCP 127.0.0.1:50748 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/45/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001292)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/45/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 333 TCP 127.0.0.1:50750 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/46/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001293)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/46/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 334 TCP 127.0.0.1:50752 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/47/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001294)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/47/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 335 TCP 127.0.0.1:50754 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/48/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001295)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/48/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 336 TCP 127.0.0.1:50756 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/49/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001296)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/49/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 337 TCP 127.0.0.1:50758 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/50/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001297)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/50/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 338 TCP 127.0.0.1:50760 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/51/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001298)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/51/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 339 TCP 127.0.0.1:50762 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/52/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001299)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/52/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 340 TCP 127.0.0.1:50764 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/53/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001300)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/53/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 341 TCP 127.0.0.1:50766 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/54/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001301)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/54/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 342 TCP 127.0.0.1:50768 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/55/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001302)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/55/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 343 TCP 127.0.0.1:50770 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/56/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001303)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/56/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 344 TCP 127.0.0.1:50772 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/57/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001304)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/57/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 345 TCP 127.0.0.1:50774 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/58/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001305)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/58/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 346 TCP 127.0.0.1:50776 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/59/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001306)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/59/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 347 TCP 127.0.0.1:50778 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/60/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001307)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/60/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 348 TCP 127.0.0.1:50780 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/61/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001308)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/61/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 349 TCP 127.0.0.1:50782 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/62/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001309)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/62/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 350 TCP 127.0.0.1:50784 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/63/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001310)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/63/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 351 TCP 127.0.0.1:50786 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/64/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001311)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/64/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 352 TCP 127.0.0.1:50788 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/65/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001312)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/65/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 353 TCP 127.0.0.1:50790 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/66/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001313)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/66/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 354 TCP 127.0.0.1:50792 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/67/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001314)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/67/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 355 TCP 127.0.0.1:50794 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/68/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001315)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/68/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 356 TCP 127.0.0.1:50796 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/69/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001316)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/69/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 357 TCP 127.0.0.1:50798 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/70/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001317)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/70/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 358 TCP 127.0.0.1:50800 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/71/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001318)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/71/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 359 TCP 127.0.0.1:50802 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/72/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001319)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/72/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 360 TCP 127.0.0.1:50804 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/73/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001320)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/73/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 361 TCP 127.0.0.1:50806 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/74/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001321)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/74/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 362 TCP 127.0.0.1:50808 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/75/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001322)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/75/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 363 TCP 127.0.0.1:50810 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/76/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001323)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/76/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 364 TCP 127.0.0.1:50812 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/77/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001324)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/77/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 365 TCP 127.0.0.1:50814 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/78/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001325)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/78/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 366 TCP 127.0.0.1:50816 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/79/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001326)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/79/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 367 TCP 127.0.0.1:50818 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/80/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001327)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/80/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 368 TCP 127.0.0.1:50820 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/81/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001328)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/81/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 369 TCP 127.0.0.1:50822 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/82/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001329)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/82/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 370 TCP 127.0.0.1:50824 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/83/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001330)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/83/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 371 TCP 127.0.0.1:50826 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/84/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001331)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/84/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 372 TCP 127.0.0.1:50828 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/85/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001332)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/85/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 373 TCP 127.0.0.1:50830 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/86/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001333)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/86/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 374 TCP 127.0.0.1:50832 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/87/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001334)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/87/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 375 TCP 127.0.0.1:50834 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/88/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001335)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/88/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 376 TCP 127.0.0.1:50836 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/89/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001336)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/89/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 377 TCP 127.0.0.1:50838 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/90/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001337)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/90/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 378 TCP 127.0.0.1:50840 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/91/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001338)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/91/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 379 TCP 127.0.0.1:50842 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/92/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001339)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/92/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 380 TCP 127.0.0.1:50844 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/93/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001340)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/93/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 381 TCP 127.0.0.1:50846 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/94/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001341)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/94/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 382 TCP 127.0.0.1:50848 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/95/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001342)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/95/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 383 TCP 127.0.0.1:50850 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/96/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001343)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/96/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 384 TCP 127.0.0.1:50852 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/97/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001344)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/97/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 385 TCP 127.0.0.1:50854 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/98/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001345)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/98/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 386 TCP 127.0.0.1:50856 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/99/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001346)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /level/99/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 387 TCP 127.0.0.1:49556 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/213 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0hXC6ZUE.pl|dir][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /0h)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 388 TCP 127.0.0.1:49566 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/213 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0hXC6ZUE.10:100][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /0h)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 389 TCP 127.0.0.1:49696 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/213 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: IIS internal IP)][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 80][PLAIN TEXT (TGET /EWS/Exchange.asmx HTTP/1.)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 390 TCP 127.0.0.1:49706 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/213 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: IIS internal IP)][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 80][PLAIN TEXT (GET /EWS/Services.wsdl HTTP/1.0)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 391 TCP 127.0.0.1:49724 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/213 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.php3][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:multiple_index)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (lGET /index.php)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 392 TCP 127.0.0.1:49726 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/213 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.php4][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:multiple_index)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (nGET /index.php)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 393 TCP 127.0.0.1:49728 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/213 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.php5][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:multiple_index)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (oGET /index.php)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 394 TCP 127.0.0.1:49730 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/213 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.php7][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:multiple_index)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (pGET /index.php)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 395 TCP 127.0.0.1:49732 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/213 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.html][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:multiple_index)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (rGET /index.html HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 396 TCP 127.0.0.1:49746 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/213 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.aspx][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:multiple_index)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /index.aspx HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 397 TCP 127.0.0.1:50134 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/213 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/backup.tar.lzma][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /backup.tar.lzma HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 398 TCP 127.0.0.1:50136 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/213 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/backup.tar.lzma][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /backup.tar.lzma HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 399 TCP 127.0.0.1:50226 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/213 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127001.tar.lzma][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127001.tar.lzma HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 400 TCP 127.0.0.1:50228 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/213 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127001.tar.lzma][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127001.tar.lzma HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 401 TCP 127.0.0.1:50378 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/213 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.tar.bz2][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.0.tar.bz)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 402 TCP 127.0.0.1:50380 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/213 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.tar.bz2][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.0.tar.bz)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 403 TCP 127.0.0.1:50572 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/213 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cfappman/index.cfm][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000013)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /cfappman/index.c)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 404 TCP 127.0.0.1:51016 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/213 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/site/eg/source.asp][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003126)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /site/eg/source.asp HTTP/1.)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 405 TCP 127.0.0.1:51046 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/213 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/isapi/tstisapi.dll][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003263)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /isapi/tstisapi.dll HTTP/1.)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 406 TCP 127.0.0.1:49616 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/212 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cgi-local/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:cgi dir check)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /cgi)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 407 TCP 127.0.0.1:49722 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/212 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.php][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:multiple_index)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (kGET /index.php HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 408 TCP 127.0.0.1:49734 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/212 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.htm][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:multiple_index)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (sGET /index.htm HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 409 TCP 127.0.0.1:49738 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/212 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.cfm][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:multiple_index)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /index.cfm HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 410 TCP 127.0.0.1:49740 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/212 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.cgi][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:multiple_index)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (yGET /index.c)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 411 TCP 127.0.0.1:49744 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/212 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.asp][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:multiple_index)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /index.asp HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 412 TCP 127.0.0.1:49758 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/212 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.jsp][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:multiple_index)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /index.jsp HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 413 TCP 127.0.0.1:49760 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/212 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.xml][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:multiple_index)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /index.xml HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 414 TCP 127.0.0.1:49902 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/212 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/12700.tar.lzma][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /12700.tar.lzma HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 415 TCP 127.0.0.1:49904 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/212 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/12700.tar.lzma][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /12700.tar.lzma HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 416 TCP 127.0.0.1:49954 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/212 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.tar.gz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.0.tar.gz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 417 TCP 127.0.0.1:49956 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/212 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.tar.gz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.0.tar.gz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 418 TCP 127.0.0.1:50178 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/212 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.tar.lzma][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.tar.lzma HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 419 TCP 127.0.0.1:50180 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/212 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.tar.lzma][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.tar.lzma HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 420 TCP 127.0.0.1:50258 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/212 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/backup.tar.bz2][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT ( GET /backup.tar.bz)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 421 TCP 127.0.0.1:50260 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/212 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/backup.tar.bz2][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /backup.tar.bz2 HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 422 TCP 127.0.0.1:50338 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/212 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127001.tar.bz2][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127001.tar.bz2 HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 423 TCP 127.0.0.1:50340 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/212 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127001.tar.bz2][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127001.tar.bz2 HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 424 TCP 127.0.0.1:50600 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/212 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/bb-dnbd/faxsurvey][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000142)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /bb)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 425 TCP 127.0.0.1:49570 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0hXC6ZUE.php3][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /0h)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 426 TCP 127.0.0.1:49584 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0hXC6ZUE.html][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /0h)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 427 TCP 127.0.0.1:49628 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/fcgi-bin/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:cgi dir check)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /fc)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 428 TCP 127.0.0.1:49632 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cgi-home/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:cgi dir check)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /cgi)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 429 TCP 127.0.0.1:49634 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cgi-perl/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:cgi dir check)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /cgi)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 430 TCP 127.0.0.1:49636 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/scgi-bin/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:cgi dir check)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT ( GET /scgi)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 431 TCP 127.0.0.1:49742 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.pl][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:multiple_index)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /index.pl HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 432 TCP 127.0.0.1:49754 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.do][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:multiple_index)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /index.do HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 433 TCP 127.0.0.1:49806 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.1.cer][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.0.1.cer HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 434 TCP 127.0.0.1:49808 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.1.cer][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.0.1.cer HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 435 TCP 127.0.0.1:49822 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.1.alz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.0.1.alz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 436 TCP 127.0.0.1:49824 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.1.alz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.0.1.alz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 437 TCP 127.0.0.1:49830 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.1.tar][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.0.1.tar HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 438 TCP 127.0.0.1:49832 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.1.tar][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.0.1.tar HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 439 TCP 127.0.0.1:49838 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.tar.bz2][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.tar.bz)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 440 TCP 127.0.0.1:49840 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.tar.bz2][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.tar.bz)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 441 TCP 127.0.0.1:49866 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1270.tar.lzma][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /1270.tar.lzma HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 442 TCP 127.0.0.1:49868 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1270.tar.lzma][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /1270.tar.lzma HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 443 TCP 127.0.0.1:49870 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127_0_0_1.sql][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 444 TCP 127.0.0.1:49872 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127_0_0_1.sql][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 445 TCP 127.0.0.1:49882 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/site.tar.lzma][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /site.tar.lzma HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 446 TCP 127.0.0.1:49884 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/site.tar.lzma][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /site.tar.lzma HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 447 TCP 127.0.0.1:49890 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.1.zip][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.0.1.zip HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 448 TCP 127.0.0.1:49892 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.1.zip][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.0.1.zip HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 449 TCP 127.0.0.1:49918 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.1.war][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.0.1.war HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 450 TCP 127.0.0.1:49920 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.1.war][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.0.1.war HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 451 TCP 127.0.0.1:49958 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127_0_0_1.tgz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 452 TCP 127.0.0.1:49960 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127_0_0_1.tgz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 453 TCP 127.0.0.1:50038 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127_0_0_1.jks][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 454 TCP 127.0.0.1:50040 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127_0_0_1.jks][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (fGET /127)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 455 TCP 127.0.0.1:50078 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127_0_0_1.pem][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 456 TCP 127.0.0.1:50080 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127_0_0_1.pem][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 457 TCP 127.0.0.1:50082 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127_0_0_1.egg][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 458 TCP 127.0.0.1:50084 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127_0_0_1.egg][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 459 TCP 127.0.0.1:50102 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.1.egg][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.0.1.egg HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 460 TCP 127.0.0.1:50104 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.1.egg][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.0.1.egg HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 461 TCP 127.0.0.1:50130 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.1.pem][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.0.1.pem HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 462 TCP 127.0.0.1:50132 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.1.pem][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.0.1.pem HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 463 TCP 127.0.0.1:50154 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/12700.tar.bz2][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /12700.tar.bz)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 464 TCP 127.0.0.1:50156 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/12700.tar.bz2][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /12700.tar.bz)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 465 TCP 127.0.0.1:50158 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.1.jks][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.0.1.jks HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 466 TCP 127.0.0.1:50160 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.1.jks][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.0.1.jks HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 467 TCP 127.0.0.1:50202 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.1.tgz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.0.1.tgz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 468 TCP 127.0.0.1:50204 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.1.tgz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.0.1.tgz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 469 TCP 127.0.0.1:50250 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/backup.tar.gz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /backup.tar.gz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 470 TCP 127.0.0.1:50252 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/backup.tar.gz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /backup.tar.gz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 471 TCP 127.0.0.1:50266 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127_0_0_1.war][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 472 TCP 127.0.0.1:50268 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127_0_0_1.war][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 473 TCP 127.0.0.1:50282 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127_0_0_1.zip][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 474 TCP 127.0.0.1:50284 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127_0_0_1.zip][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 475 TCP 127.0.0.1:50310 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.1.sql][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (HGET /127.0.0.1.sql HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 476 TCP 127.0.0.1:50312 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.1.sql][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.0.1.sq)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 477 TCP 127.0.0.1:50330 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127001.tar.gz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127001.tar.gz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 478 TCP 127.0.0.1:50332 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127001.tar.gz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127001.tar.gz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 479 TCP 127.0.0.1:50350 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127_0_0_1.tar][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (fGET /127)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 480 TCP 127.0.0.1:50352 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127_0_0_1.tar][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (gGET /127)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 481 TCP 127.0.0.1:50382 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127_0_0_1.cer][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 482 TCP 127.0.0.1:50384 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127_0_0_1.cer][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 483 TCP 127.0.0.1:50390 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127_0_0_1.alz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 484 TCP 127.0.0.1:50392 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127_0_0_1.alz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 485 TCP 127.0.0.1:50664 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/Program%20Files/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001165)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (aGET /Program)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 486 TCP 127.0.0.1:50992 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/msadc/msadcs.dll][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001474)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /msadc/msadcs.dll HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 487 TCP 127.0.0.1:49558 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0hXC6ZUE.txt][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /0h)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 488 TCP 127.0.0.1:49560 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0hXC6ZUE.idc][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /0h)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 489 TCP 127.0.0.1:49564 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0hXC6ZUE.cgi][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /0h)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 490 TCP 127.0.0.1:49568 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0hXC6ZUE.exe][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /0h)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 491 TCP 127.0.0.1:49572 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0hXC6ZUE.bat][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /0h)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 492 TCP 127.0.0.1:49576 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0hXC6ZUE.cfm][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /0h)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 493 TCP 127.0.0.1:49580 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0hXC6ZUE.cmd][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /0h)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 494 TCP 127.0.0.1:49582 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0hXC6ZUE.htm][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /0h)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 495 TCP 127.0.0.1:49586 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0hXC6ZUE.dll][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /0h)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 496 TCP 127.0.0.1:49588 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0hXC6ZUE.php][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /0h)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 497 TCP 127.0.0.1:49590 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0hXC6ZUE.asp][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /0h)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 498 TCP 127.0.0.1:49596 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cgi.cgi/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:cgi dir check)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /cgi.cgi/ HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 499 TCP 127.0.0.1:49600 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cgi-914/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:cgi dir check)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /cgi)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 500 TCP 127.0.0.1:49602 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cgi-915/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:cgi dir check)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /cgi)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 501 TCP 127.0.0.1:49610 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cgi-bin/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:cgi dir check)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /cgi)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 502 TCP 127.0.0.1:49612 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/ows-bin/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:cgi dir check)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /ows)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 503 TCP 127.0.0.1:49614 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cgi-sys/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:cgi dir check)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /cgi)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 504 TCP 127.0.0.1:49624 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/scripts/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:cgi dir check)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /scripts/ HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 505 TCP 127.0.0.1:49626 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cgi-win/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:cgi dir check)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /cgi)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 506 TCP 127.0.0.1:49630 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cgi-exe/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:cgi dir check)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /cgi)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 507 TCP 127.0.0.1:49640 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cgi-mod/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:cgi dir check)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /cgi)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 508 TCP 127.0.0.1:50034 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.tar.gz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (aGET /127.0.tar.gz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 509 TCP 127.0.0.1:50036 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.tar.gz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (bGET /127.0.tar.gz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 510 TCP 127.0.0.1:50186 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.tar.lzma][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.tar.lzma HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 511 TCP 127.0.0.1:50188 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.tar.lzma][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.tar.lzma HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 512 TCP 127.0.0.1:50210 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1270.tar.bz2][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /1270.tar.bz2 HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 513 TCP 127.0.0.1:50212 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1270.tar.bz2][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /1270.tar.bz2 HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 514 TCP 127.0.0.1:50230 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/site.tar.bz2][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /site.tar.bz2 HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 515 TCP 127.0.0.1:50232 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/site.tar.bz2][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /site.tar.bz2 HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 516 TCP 127.0.0.1:50354 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/12700.tar.gz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (hGET /12700.tar.gz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 517 TCP 127.0.0.1:50356 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/12700.tar.gz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /12700.tar.gz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 518 TCP 127.0.0.1:50582 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/splashAdmin.php][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000018)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT ( GET /splashAdmin.php HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 519 TCP 127.0.0.1:50630 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cgi-bin/handler][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001069)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GGET /c)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 520 TCP 127.0.0.1:49578 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0hXC6ZUE.pl][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /0h)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 521 TCP 127.0.0.1:49598 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/webcgi/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:cgi dir check)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /webc)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 522 TCP 127.0.0.1:49620 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cgibin/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:cgi dir check)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /cgibin/ HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 523 TCP 127.0.0.1:49686 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: IIS internal IP)][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 80][PLAIN TEXT (LGET /Autodiscover/ HTTP/1.0)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 524 TCP 127.0.0.1:49712 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: IIS internal IP)][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 80][PLAIN TEXT (aGET /aspnet)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 525 TCP 127.0.0.1:49834 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.tar.bz2][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.tar.bz)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 526 TCP 127.0.0.1:49836 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.tar.bz2][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.tar.bz)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 527 TCP 127.0.0.1:49842 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/site.tar.gz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /site.tar.gz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 528 TCP 127.0.0.1:49844 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/site.tar.gz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /site.tar.gz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 529 TCP 127.0.0.1:49854 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.pem][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.0.pem HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 530 TCP 127.0.0.1:49856 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.pem][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.0.pem HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 531 TCP 127.0.0.1:49862 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1270.tar.gz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /1270.tar.gz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 532 TCP 127.0.0.1:49864 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1270.tar.gz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /1270.tar.gz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 533 TCP 127.0.0.1:49962 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.sql][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.0.sq)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 534 TCP 127.0.0.1:49964 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.sql][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.0.sq)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 535 TCP 127.0.0.1:50050 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.jks][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.0.jks HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 536 TCP 127.0.0.1:50052 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.jks][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (oGET /127.0.0.j)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 537 TCP 127.0.0.1:50062 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.cer][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (wGET /127.0.0.cer HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 538 TCP 127.0.0.1:50064 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.cer][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.0.cer HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 539 TCP 127.0.0.1:50074 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.tgz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.0.tgz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 540 TCP 127.0.0.1:50076 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.tgz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.0.tgz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 541 TCP 127.0.0.1:50138 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.tar][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.0.tar HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 542 TCP 127.0.0.1:50140 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.tar][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.0.tar HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 543 TCP 127.0.0.1:50162 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.war][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.0.war HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 544 TCP 127.0.0.1:50164 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.war][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.0.war HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 545 TCP 127.0.0.1:50214 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.alz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.0.alz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 546 TCP 127.0.0.1:50216 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.alz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.0.alz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 547 TCP 127.0.0.1:50270 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.zip][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.0.zip HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 548 TCP 127.0.0.1:50272 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.zip][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.0.zip HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 549 TCP 127.0.0.1:50314 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.egg][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (KGET /127.0.0.egg HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 550 TCP 127.0.0.1:50316 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.egg][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (LGET /127.0.0.egg HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 551 TCP 127.0.0.1:50676 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/16/exec/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001256)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (hGET /level/16/exec/ HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 552 TCP 127.0.0.1:51098 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/jenkins/script][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:006999)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /jenkins/script HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 553 TCP 127.0.0.1:49594 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.php?][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /index.php)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 554 TCP 127.0.0.1:49608 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/mpcgi/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:cgi dir check)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /mpcgi/ HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 555 TCP 127.0.0.1:49618 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/htbin/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:cgi dir check)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /htbin/ HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 556 TCP 127.0.0.1:49810 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127001.pem][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127001.pem HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 557 TCP 127.0.0.1:49812 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127001.pem][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127001.pem HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 558 TCP 127.0.0.1:49858 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127001.sql][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127001.sql HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 559 TCP 127.0.0.1:49860 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127001.sql][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127001.sql HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 560 TCP 127.0.0.1:49894 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/backup.pem][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /backup.pem HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 561 TCP 127.0.0.1:49896 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/backup.pem][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /backup.pem HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 562 TCP 127.0.0.1:49930 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/backup.sql][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /backup.sql HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 563 TCP 127.0.0.1:49932 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/backup.sql][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /backup.sql HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 564 TCP 127.0.0.1:49946 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/backup.zip][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT ( GET /backup.zip HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 565 TCP 127.0.0.1:49948 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/backup.zip][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /backup.zip HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 566 TCP 127.0.0.1:49978 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/backup.jks][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /backup.j)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 567 TCP 127.0.0.1:49980 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/backup.jks][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /backup.j)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 568 TCP 127.0.0.1:49990 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127001.war][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (AGET /127001.war HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 569 TCP 127.0.0.1:49992 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127001.war][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (BGET /127001.war HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 570 TCP 127.0.0.1:49994 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127001.egg][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (DGET /127001.egg HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 571 TCP 127.0.0.1:49996 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127001.egg][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (EGET /127001.egg HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 572 TCP 127.0.0.1:50014 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/backup.cer][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (RGET /backup.cer HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 573 TCP 127.0.0.1:50016 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/backup.cer][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (TGET /backup.cer HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 574 TCP 127.0.0.1:50026 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127001.zip][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127001.zip HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 575 TCP 127.0.0.1:50028 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127001.zip][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127001.zip HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 576 TCP 127.0.0.1:50054 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127001.jks][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (pGET /127001.jks HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 577 TCP 127.0.0.1:50056 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127001.jks][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127001.j)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 578 TCP 127.0.0.1:50058 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0.tar.lzma][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (sGET /0.tar.lzma HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 579 TCP 127.0.0.1:50060 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0.tar.lzma][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (uGET /0.tar.lzma HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 580 TCP 127.0.0.1:50086 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/backup.war][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /backup.war HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 581 TCP 127.0.0.1:50088 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/backup.war][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /backup.war HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 582 TCP 127.0.0.1:50090 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/backup.egg][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /backup.egg HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 583 TCP 127.0.0.1:50092 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/backup.egg][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /backup.egg HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 584 TCP 127.0.0.1:50094 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127001.cer][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127001.cer HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 585 TCP 127.0.0.1:50096 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127001.cer][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127001.cer HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 586 TCP 127.0.0.1:50142 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127001.alz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127001.alz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 587 TCP 127.0.0.1:50144 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127001.alz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127001.alz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 588 TCP 127.0.0.1:50222 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/backup.alz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /backup.alz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 589 TCP 127.0.0.1:50224 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/backup.alz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /backup.alz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 590 TCP 127.0.0.1:50234 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/backup.tgz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /backup.tgz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 591 TCP 127.0.0.1:50236 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/backup.tgz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /backup.tgz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 592 TCP 127.0.0.1:50274 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.tar.gz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.tar.gz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 593 TCP 127.0.0.1:50276 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.tar.gz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.tar.gz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 594 TCP 127.0.0.1:50306 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/backup.tar][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (FGET /backup.tar HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 595 TCP 127.0.0.1:50308 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/backup.tar][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GGET /backup.tar HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 596 TCP 127.0.0.1:50322 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127001.tgz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (RGET /127001.tgz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 597 TCP 127.0.0.1:50324 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127001.tgz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (TGET /127001.tgz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 598 TCP 127.0.0.1:50358 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1.tar.lzma][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (kGET /1.tar.lzma HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 599 TCP 127.0.0.1:50360 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1.tar.lzma][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /1.tar.lzma HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 600 TCP 127.0.0.1:50402 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127001.tar][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127001.tar HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 601 TCP 127.0.0.1:50404 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127001.tar][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127001.tar HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 602 TCP 127.0.0.1:51100 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/hudson/script][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:006999)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /hudson/script HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 603 TCP 127.0.0.1:49552 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/.0hXC6ZUE][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Possible Exploit Attempt **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / URL starting with dot / Expected on port 80][PLAIN TEXT (GET /.0)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 604 TCP 127.0.0.1:49574 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0hXC6ZUE/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /0h)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 605 TCP 127.0.0.1:49622 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cgis/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:cgi dir check)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /cgis/ HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 606 TCP 127.0.0.1:49782 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/12700.war][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /12700.war HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 607 TCP 127.0.0.1:49784 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/12700.war][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /12700.war HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 608 TCP 127.0.0.1:49794 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.sql][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.sq)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 609 TCP 127.0.0.1:49796 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.sql][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.sq)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 610 TCP 127.0.0.1:49798 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.pem][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.pem HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 611 TCP 127.0.0.1:49800 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.pem][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.pem HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 612 TCP 127.0.0.1:49906 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/12700.tgz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /12700.tgz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 613 TCP 127.0.0.1:49908 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/12700.tgz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /12700.tgz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 614 TCP 127.0.0.1:49938 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.zip][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.zip HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 615 TCP 127.0.0.1:49940 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.zip][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.zip HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 616 TCP 127.0.0.1:49966 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/12700.tar][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (/GET /12700.tar HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 617 TCP 127.0.0.1:49968 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/12700.tar][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /12700.tar HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 618 TCP 127.0.0.1:49974 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.alz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.alz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 619 TCP 127.0.0.1:49976 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.alz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.alz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 620 TCP 127.0.0.1:50018 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/12700.cer][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (UGET /12700.cer HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 621 TCP 127.0.0.1:50020 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/12700.cer][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (WGET /12700.cer HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 622 TCP 127.0.0.1:50030 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0.tar.bz2][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /0.tar.bz)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 623 TCP 127.0.0.1:50032 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0.tar.bz2][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /0.tar.bz)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 624 TCP 127.0.0.1:50042 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.egg][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (gGET /127.0.egg HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 625 TCP 127.0.0.1:50044 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.egg][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (iGET /127.0.egg HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 626 TCP 127.0.0.1:50046 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.jks][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.jks HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 627 TCP 127.0.0.1:50048 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.jks][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (lGET /127.0.j)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 628 TCP 127.0.0.1:50110 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/12700.pem][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /12700.pem HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 629 TCP 127.0.0.1:50112 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/12700.pem][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /12700.pem HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 630 TCP 127.0.0.1:50114 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/12700.sql][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /12700.sq)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 631 TCP 127.0.0.1:50116 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/12700.sql][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /12700.sq)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 632 TCP 127.0.0.1:50122 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.war][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.war HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 633 TCP 127.0.0.1:50124 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.war][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.war HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 634 TCP 127.0.0.1:50166 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.tgz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.tgz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 635 TCP 127.0.0.1:50168 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.tgz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.tgz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 636 TCP 127.0.0.1:50206 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/12700.zip][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /12700.zip HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 637 TCP 127.0.0.1:50208 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/12700.zip][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /12700.zip HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 638 TCP 127.0.0.1:50242 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/12700.alz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /12700.alz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 639 TCP 127.0.0.1:50244 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/12700.alz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /12700.alz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 640 TCP 127.0.0.1:50246 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.tar][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.tar HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 641 TCP 127.0.0.1:50248 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.tar][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.0.tar HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 642 TCP 127.0.0.1:50326 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1.tar.bz2][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (UGET /1.tar.bz2 HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 643 TCP 127.0.0.1:50328 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1.tar.bz2][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (WGET /1.tar.bz2 HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 644 TCP 127.0.0.1:50342 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/12700.jks][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (aGET /12700.j)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 645 TCP 127.0.0.1:50344 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/12700.jks][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /12700.jks HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 646 TCP 127.0.0.1:50346 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/12700.egg][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (dGET /12700.egg HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 647 TCP 127.0.0.1:50348 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/12700.egg][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (eGET /12700.egg HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 648 TCP 127.0.0.1:50366 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.cer][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (rGET /127.0.cer HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 649 TCP 127.0.0.1:50368 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.cer][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (tGET /127.0.cer HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 650 TCP 127.0.0.1:50406 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/favicon.ico][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:favicon)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /favicon.ico HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 651 TCP 127.0.0.1:50410 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/favicon.gif][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:favicon)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /favicon.gif HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 652 TCP 127.0.0.1:50414 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/favicon.png][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:favicon)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /favicon.png HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 653 TCP 127.0.0.1:50580 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/lists/admin/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000017)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /lists/admin/ HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 654 TCP 127.0.0.1:50602 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cartcart.cgi][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000143)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (.GET /cartcart.cgi HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 655 TCP 127.0.0.1:50994 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/uploader.php][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003018)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /uploader.php HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 656 TCP 127.0.0.1:51080 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/login.php?-s][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:006524)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /login.php)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 657 TCP 127.0.0.1:49554 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0hXC6ZUE][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /0h)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 658 TCP 127.0.0.1:49604 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/bin/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:cgi dir check)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /bin/ HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 659 TCP 127.0.0.1:49606 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cgi/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:cgi dir check)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /cgi/ HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 660 TCP 127.0.0.1:49714 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: IIS internal IP)][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 80][PLAIN TEXT (bGET /PowerShell HTTP/1.0)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 661 TCP 127.0.0.1:49786 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1270.cer][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /1270.cer HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 662 TCP 127.0.0.1:49788 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1270.cer][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /1270.cer HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 663 TCP 127.0.0.1:49802 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/site.tar][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /site.tar HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 664 TCP 127.0.0.1:49804 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/site.tar][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /site.tar HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 665 TCP 127.0.0.1:49814 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/site.cer][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /site.cer HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 666 TCP 127.0.0.1:49816 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/site.cer][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /site.cer HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 667 TCP 127.0.0.1:49818 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1270.tar][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /1270.tar HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 668 TCP 127.0.0.1:49820 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1270.tar][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /1270.tar HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 669 TCP 127.0.0.1:49926 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1270.jks][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /1270.j)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 670 TCP 127.0.0.1:49928 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1270.jks][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /1270.j)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 671 TCP 127.0.0.1:49934 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/site.jks][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /site.j)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 672 TCP 127.0.0.1:49936 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/site.jks][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /site.j)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 673 TCP 127.0.0.1:49950 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/site.zip][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /site.zip HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 674 TCP 127.0.0.1:49952 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/site.zip][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /site.zip HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 675 TCP 127.0.0.1:49970 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1270.zip][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /1270.zip HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 676 TCP 127.0.0.1:49972 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1270.zip][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /1270.zip HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 677 TCP 127.0.0.1:49986 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/site.pem][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /site.pem HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 678 TCP 127.0.0.1:49988 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/site.pem][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (@GET /site.pem HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 679 TCP 127.0.0.1:50002 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0.tar.gz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (KGET /0.tar.gz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 680 TCP 127.0.0.1:50004 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0.tar.gz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (LGET /0.tar.gz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 681 TCP 127.0.0.1:50006 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1270.pem][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /1270.pem HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 682 TCP 127.0.0.1:50008 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1270.pem][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (OGET /1270.pem HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 683 TCP 127.0.0.1:50106 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1270.egg][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /1270.egg HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 684 TCP 127.0.0.1:50108 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1270.egg][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /1270.egg HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 685 TCP 127.0.0.1:50118 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/site.egg][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /site.egg HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 686 TCP 127.0.0.1:50120 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/site.egg][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /site.egg HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 687 TCP 127.0.0.1:50174 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/site.alz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /site.alz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 688 TCP 127.0.0.1:50176 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/site.alz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /site.alz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 689 TCP 127.0.0.1:50182 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/site.tgz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /site.tgz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 690 TCP 127.0.0.1:50184 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/site.tgz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /site.tgz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 691 TCP 127.0.0.1:50190 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1270.alz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /1270.alz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 692 TCP 127.0.0.1:50192 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1270.alz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /1270.alz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 693 TCP 127.0.0.1:50198 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1270.tgz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /1270.tgz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 694 TCP 127.0.0.1:50200 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1270.tgz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /1270.tgz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 695 TCP 127.0.0.1:50298 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1.tar.gz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (@GET /1.tar.gz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 696 TCP 127.0.0.1:50300 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1.tar.gz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (BGET /1.tar.gz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 697 TCP 127.0.0.1:50334 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1270.sql][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /1270.sql HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 698 TCP 127.0.0.1:50336 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1270.sql][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /1270.sql HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 699 TCP 127.0.0.1:50362 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/site.sql][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (oGET /site.sq)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 700 TCP 127.0.0.1:50364 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/site.sql][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /site.sql HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 701 TCP 127.0.0.1:50374 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1270.war][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /1270.war HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 702 TCP 127.0.0.1:50376 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1270.war][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (yGET /1270.war HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 703 TCP 127.0.0.1:50394 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/site.war][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /site.war HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 704 TCP 127.0.0.1:50396 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/site.war][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /site.war HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 705 TCP 127.0.0.1:50666 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/smssend.php][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001166)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (bGET /smssend.php HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 706 TCP 127.0.0.1:51074 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/fx29id1.txt][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:006449)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /fx)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 707 TCP 127.0.0.1:51076 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/fx29id2.txt][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:006450)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /fx)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 708 TCP 127.0.0.1:49648 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/205 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/robots.txt][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:robots)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Crawler/Bot **** Unidirectional Traffic **][Risk Score: 80][Risk Info: No server to client traffic / Found host 127.0.0.1 / UA Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:robots) / Expected on][PLAIN TEXT (GET /robots.t)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 709 TCP 127.0.0.1:49662 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/205 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:parked detection)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 710 TCP 127.0.0.1:49846 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/205 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.pem][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.pem HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 711 TCP 127.0.0.1:49848 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/205 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.pem][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.pem HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 712 TCP 127.0.0.1:49878 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/205 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.tgz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.tgz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 713 TCP 127.0.0.1:49880 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/205 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.tgz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.tgz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 714 TCP 127.0.0.1:49910 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/205 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.tar][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.tar HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 715 TCP 127.0.0.1:49912 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/205 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.tar][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.tar HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 716 TCP 127.0.0.1:49982 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/205 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.zip][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.zip HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 717 TCP 127.0.0.1:49984 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/205 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.zip][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.zip HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 718 TCP 127.0.0.1:50170 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/205 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.jks][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.jks HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 719 TCP 127.0.0.1:50172 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/205 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.jks][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.jks HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 720 TCP 127.0.0.1:50254 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/205 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.alz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.alz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 721 TCP 127.0.0.1:50256 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/205 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.alz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.alz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 722 TCP 127.0.0.1:50278 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/205 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.egg][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (/GET /127.egg HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 723 TCP 127.0.0.1:50280 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/205 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.egg][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.egg HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 724 TCP 127.0.0.1:50286 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/205 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.sql][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.sq)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 725 TCP 127.0.0.1:50288 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/205 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.sql][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.sq)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 726 TCP 127.0.0.1:50294 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/205 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.cer][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.cer HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 727 TCP 127.0.0.1:50296 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/205 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.cer][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.cer HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 728 TCP 127.0.0.1:50398 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/205 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.war][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.war HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 729 TCP 127.0.0.1:50400 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/205 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.war][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /127.war HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 730 TCP 127.0.0.1:50650 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/205 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/manual.php][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001158)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /manual.php HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 731 TCP 127.0.0.1:49698 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/204 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: IIS internal IP)][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 80][PLAIN TEXT (UGET /Exchange HTTP/1.0)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 732 TCP 127.0.0.1:49790 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1.cer][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /1.cer HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 733 TCP 127.0.0.1:49792 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1.cer][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /1.cer HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 734 TCP 127.0.0.1:49826 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0.zip][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /0.zip HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 735 TCP 127.0.0.1:49828 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0.zip][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /0.zip HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 736 TCP 127.0.0.1:49850 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0.tar][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /0.tar HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 737 TCP 127.0.0.1:49852 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0.tar][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /0.tar HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 738 TCP 127.0.0.1:49898 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1.jks][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /1.jks HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 739 TCP 127.0.0.1:49900 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1.jks][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /1.jks HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 740 TCP 127.0.0.1:49922 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1.tgz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /1.tgz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 741 TCP 127.0.0.1:49924 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1.tgz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /1.tgz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 742 TCP 127.0.0.1:49942 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1.alz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /1.alz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 743 TCP 127.0.0.1:49944 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1.alz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /1.alz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 744 TCP 127.0.0.1:49998 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1.war][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GGET /1.war HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 745 TCP 127.0.0.1:50000 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1.war][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (IGET /1.war HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 746 TCP 127.0.0.1:50010 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0.egg][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (PGET /0.egg HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 747 TCP 127.0.0.1:50012 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0.egg][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /0.egg HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 748 TCP 127.0.0.1:50066 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1.sql][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /1.sq)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 749 TCP 127.0.0.1:50068 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1.sql][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /1.sq)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 750 TCP 127.0.0.1:50070 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1.pem][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /1.pem HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 751 TCP 127.0.0.1:50072 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1.pem][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /1.pem HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 752 TCP 127.0.0.1:50098 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0.cer][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /0.cer HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 753 TCP 127.0.0.1:50100 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0.cer][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /0.cer HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 754 TCP 127.0.0.1:50126 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1.zip][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /1.zip HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 755 TCP 127.0.0.1:50128 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1.zip][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /1.zip HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 756 TCP 127.0.0.1:50150 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1.tar][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /1.tar HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 757 TCP 127.0.0.1:50152 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1.tar][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /1.tar HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 758 TCP 127.0.0.1:50194 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0.jks][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /0.jks HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 759 TCP 127.0.0.1:50196 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0.jks][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /0.jks HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 760 TCP 127.0.0.1:50218 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0.tgz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /0.tgz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 761 TCP 127.0.0.1:50220 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0.tgz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /0.tgz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 762 TCP 127.0.0.1:50238 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0.alz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /0.alz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 763 TCP 127.0.0.1:50240 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0.alz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /0.alz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 764 TCP 127.0.0.1:50302 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0.war][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /0.war HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 765 TCP 127.0.0.1:50304 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0.war][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (EGET /0.war HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 766 TCP 127.0.0.1:50318 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1.egg][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /1.egg HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 767 TCP 127.0.0.1:50320 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1.egg][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (PGET /1.egg HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 768 TCP 127.0.0.1:50370 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0.pem][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (uGET /0.pem HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 769 TCP 127.0.0.1:50372 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0.pem][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /0.pem HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 770 TCP 127.0.0.1:50386 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0.sql][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /0.sq)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 771 TCP 127.0.0.1:50388 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0.sql][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /0.sq)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 772 TCP 127.0.0.1:50606 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/w-agora/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000183)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /w)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 773 TCP 127.0.0.1:50674 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/16][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001255)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (gGET /level/16 HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 774 TCP 127.0.0.1:51072 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/open.txt][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:006448)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /open.t)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 775 TCP 127.0.0.1:49682 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/202 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: IIS internal IP)][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 80][PLAIN TEXT (GET /images HTTP/1.0)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 776 TCP 127.0.0.1:50578 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/202 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/kboard/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000016)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /kboard/ HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 777 TCP 127.0.0.1:50584 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/202 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/ssdefs/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000019)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /ssdefs/ HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 778 TCP 127.0.0.1:50586 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/202 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/sshome/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000020)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /sshome/ HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 779 TCP 127.0.0.1:51092 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/202 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/c99.php][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:006739)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /c99.php HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 780 TCP 127.0.0.1:49716 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/201 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: WebLogic internal IP)][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 80][PLAIN TEXT (dGET . HTTP/1.0)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 781 TCP 127.0.0.1:51096 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/201 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/script][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:006999)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /script HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 782 TCP 127.0.0.1:50570 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/200 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/v2/_catalog][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /v2/)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 783 TCP 127.0.0.1:50588 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/200 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/tiki/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000021)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /tiki/ HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 784 TCP 127.0.0.1:49544 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/199 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:Port Check)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 785 TCP 127.0.0.1:49692 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/199 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: IIS internal IP)][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 80][PLAIN TEXT (GET /EC)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 786 TCP 127.0.0.1:49694 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/199 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: IIS internal IP)][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 80][PLAIN TEXT (SGET /EWS HTTP/1.0)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 787 TCP 127.0.0.1:49700 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/199 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: IIS internal IP)][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 80][PLAIN TEXT (GET /OWA HTTP/1.0)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 788 TCP 127.0.0.1:49704 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/199 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: IIS internal IP)][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 80][PLAIN TEXT (GET /Rpc HTTP/1.0)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 789 TCP 127.0.0.1:49708 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/199 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: IIS internal IP)][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 80][PLAIN TEXT (GET /ec)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 790 TCP 127.0.0.1:49710 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/199 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: IIS internal IP)][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 80][PLAIN TEXT (GET /OAB HTTP/1.0)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 791 TCP 127.0.0.1:49548 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/198 bytes -> 0 pkts/0 bytes][Goodput ratio: 66/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 792 TCP 127.0.0.1:51078 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/198 bytes -> 0 pkts/0 bytes][Goodput ratio: 66/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/?-s][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:006523)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (s HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 793 TCP 127.0.0.1:49546 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/196 bytes -> 0 pkts/0 bytes][Goodput ratio: 66/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:getinfo)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 794 TCP 127.0.0.1:49680 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/196 bytes -> 0 pkts/0 bytes][Goodput ratio: 66/0][< 1 sec][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: IIS internal IP)][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 80][PLAIN TEXT (HGET / HTTP/1.0)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 795 TCP 127.0.0.1:50418 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/196 bytes -> 0 pkts/0 bytes][Goodput ratio: 66/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:favicon)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 796 TCP 127.0.0.1:49642 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/194 bytes -> 0 pkts/0 bytes][Goodput ratio: 66/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:paths)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 797 TCP 127.0.0.1:49720 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/189 bytes -> 0 pkts/0 bytes][Goodput ratio: 65/0][< 1 sec][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:@TESTID)][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 80][PLAIN TEXT (iGET / HTTP/1.0)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 201 TCP 127.0.0.1:51022 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/245 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/iisadmpwd/..%c0%af../winnt/system32/cmd.exe?/c+dir][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003192)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp URL **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.247 (Executable)][PLAIN TEXT (GET /iisadmpwd/..)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 202 TCP 127.0.0.1:49768 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/243 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:apache_expect_xss)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.131 (Executable)][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 203 TCP 127.0.0.1:51018 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/243 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/certsrv/..%c0%af../winnt/system32/cmd.exe?/c+dir][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003190)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp URL **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.217 (Executable)][PLAIN TEXT (GET /certsrv/..)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 204 TCP 127.0.0.1:51030 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/243 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003196)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp URL **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.231 (Executable)][PLAIN TEXT (GET /scripts/..)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 205 TCP 127.0.0.1:51032 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/243 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003197)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp URL **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.200 (Executable)][PLAIN TEXT (GET /scripts/..)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 206 TCP 127.0.0.1:51058 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/242 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/rpc/..%255c..%255cwinnt/system32/cmd.exe?/c+dir][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003299)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp URL **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.248 (Executable)][PLAIN TEXT (GET /rpc/..)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 207 TCP 127.0.0.1:51082 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/242 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/3rdparty/phpMyAdmin/server_sync.php?c=phpinfo()][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:006608)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.290 (Executable)][PLAIN TEXT (GET /3rdparty/phpMyAdmin/server)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 208 TCP 127.0.0.1:51086 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/242 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/3rdparty/phpmyadmin/server_sync.php?c=phpinfo()][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:006608)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.287 (Executable)][PLAIN TEXT (GET /3rdparty/phpmyadmin/server)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 209 TCP 127.0.0.1:49718 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/241 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: BREACH Test)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.151 (Executable)][PLAIN TEXT (eGET / HTTP/1.1)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 210 TCP 127.0.0.1:50684 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/241 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/16/level/16/exec//show/interfaces/status][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001260)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.031 (Executable)][PLAIN TEXT (oGET /level/16/level/16/exec//s)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 211 TCP 127.0.0.1:49764 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/240 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:negotiate)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.105 (Executable)][PLAIN TEXT (GET /index HTTP/1.1)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 212 TCP 127.0.0.1:50658 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/240 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/perl/-e%20%22system('cat%20/etc/passwd');\%22][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001162)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.196 (Executable)][PLAIN TEXT (GET /perl/)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 213 TCP 127.0.0.1:51048 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/239 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/certsrv/..%255cwinnt/system32/cmd.exe?/c+dir][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003294)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp URL **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.247 (Executable)][PLAIN TEXT (GET /certsrv/..)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 214 TCP 127.0.0.1:51068 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/239 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/ans/ans.pl?p=../../../../../usr/bin/id|&blah][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003371)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 270][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.106 (Executable)][PLAIN TEXT (GET /ans/ans.pl)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 215 TCP 127.0.0.1:49550 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/238 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0hXC6ZUE.rdf+destype=cache+desformat=PDF][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.359 (Executable)][PLAIN TEXT (GET /0h)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 216 TCP 127.0.0.1:50680 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/237 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/16/level/16/exec//show/configuration][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001258)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.094 (Executable)][PLAIN TEXT (lGET /level/16/level/16/exec//s)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 217 TCP 127.0.0.1:49690 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/235 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: IIS internal IP)][Risk: ** Known Proto on Non Std Port **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / Expected on port 80 / Entropy: 5.128 (Executable)][PLAIN TEXT (OGET /Microsoft)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 218 TCP 127.0.0.1:49702 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/235 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: IIS internal IP)][Risk: ** Known Proto on Non Std Port **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / Expected on port 80 / Entropy: 5.120 (Executable)][PLAIN TEXT (GET /Microsoft)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 219 TCP 127.0.0.1:50626 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/235 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/athenareg.php?pass=%20;cat%20/etc/passwd][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000667)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 270][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.194 (Executable)][PLAIN TEXT (@GET /athenareg.php)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 220 TCP 127.0.0.1:51066 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/235 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/ans.pl?p=../../../../../usr/bin/id|&blah][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003370)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 270][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.119 (Executable)][PLAIN TEXT (GET /ans.pl)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 221 TCP 127.0.0.1:50608 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/234 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cgi-local/cgiemail-1.6/cgicso?query=AAA][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000344)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.210 (Executable)][PLAIN TEXT (GET /cgi)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 222 TCP 127.0.0.1:50682 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/234 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/16/level/16/exec//show/interfaces][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001259)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.056 (Executable)][PLAIN TEXT (nGET /level/16/level/16/exec//s)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 223 TCP 127.0.0.1:51038 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/234 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/admin/system.php3?cmd=cat%20/etc/passwd][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003216)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 270][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.240 (Executable)][PLAIN TEXT (GET /admin/system.php)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 224 TCP 127.0.0.1:49664 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/233 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:origin_reflection)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.071 (Executable)][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 225 TCP 127.0.0.1:51084 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/233 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/phpMyAdmin/server_sync.php?c=phpinfo()][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:006608)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.256 (Executable)][PLAIN TEXT (GET /phpMyAdmin/server)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 226 TCP 127.0.0.1:51088 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/233 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/phpmyadmin/server_sync.php?c=phpinfo()][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:006608)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.256 (Executable)][PLAIN TEXT (GET /phpmyadmin/server)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 227 TCP 127.0.0.1:51042 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/232 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/admin/exec.php3?cmd=cat%20/etc/passwd][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003218)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 270][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.254 (Executable)][PLAIN TEXT (GET /admin/exec.php)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 228 TCP 127.0.0.1:50574 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/231 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cfdocs/examples/cvbeans/beaninfo.cfm][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000014)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.127 (Executable)][PLAIN TEXT (GET /cfdocs/examples/cv)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 229 TCP 127.0.0.1:50644 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/231 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cfdocs/snippets/gettempdirectory.cfm][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001076)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.115 (Executable)][PLAIN TEXT (GET /cfdocs/snippets/gettempdir)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 230 TCP 127.0.0.1:50652 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/231 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/mods/apage/apage.cgi?f=file.htm.|id|][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001159)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.214 (Executable)][PLAIN TEXT (GET /mods/apage/apage.c)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 231 TCP 127.0.0.1:50672 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/231 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/16/exec/-///show/configuration][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001254)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.115 (Executable)][PLAIN TEXT (fGET /level/16/exec/)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 232 TCP 127.0.0.1:50686 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/231 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/16/level/16/exec//show/version][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001261)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.993 (Executable)][PLAIN TEXT (GET /level/16/level/16/exec//sh)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 233 TCP 127.0.0.1:50618 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/230 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/c/winnt/system32/cmd.exe?/c+dir+/OG][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000491)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.247 (Executable)][PLAIN TEXT (GET /c/winnt/system)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 234 TCP 127.0.0.1:50668 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/230 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/pls/simpledad/admin_/dadentries.htm][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001167)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.108 (Executable)][PLAIN TEXT (GET /pls/simpledad/admin)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 235 TCP 127.0.0.1:49644 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/229 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/clientaccesspolicy.xml][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:clientaccesspolicy)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.008 (Executable)][PLAIN TEXT (GET /clientaccesspolicy.xml HTT)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 236 TCP 127.0.0.1:49666 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/228 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:origin_reflection)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.083 (Executable)][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 237 TCP 127.0.0.1:50612 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/228 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/servlet/sunexamples.BBoardServlet][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000346)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.161 (Executable)][PLAIN TEXT (GET /servlet/sunexamples.BBoard)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 238 TCP 127.0.0.1:50576 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/227 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cfdocs/examples/parks/detail.cfm][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000015)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.132 (Executable)][PLAIN TEXT (GET /cfdocs/examples/parks/deta)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 239 TCP 127.0.0.1:50678 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/227 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/16/exec//show/access-lists][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001257)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.045 (Executable)][PLAIN TEXT (GET /level/16/exec//show/access)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 240 TCP 127.0.0.1:51040 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/227 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/admin/system.php3?cmd=dir%20c:\\][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003217)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.280 (Executable)][PLAIN TEXT (GET /admin/system.php)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 241 TCP 127.0.0.1:51090 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/226 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/pma/server_sync.php?c=phpinfo()][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:006608)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.224 (Executable)][PLAIN TEXT (GET /pma/server)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 242 TCP 127.0.0.1:49684 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/225 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: IIS internal IP)][Risk: ** Known Proto on Non Std Port **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / Expected on port 80 / Entropy: 5.122 (Executable)][PLAIN TEXT (KGET /Autodiscover/Autodiscover)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 243 TCP 127.0.0.1:50646 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/225 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/dostuff.php?action=modify_user][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001091)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.244 (Executable)][PLAIN TEXT (SGET /dostuff.php)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 244 TCP 127.0.0.1:51044 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/225 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/admin/exec.php3?cmd=dir%20c:\\][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003219)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.291 (Executable)][PLAIN TEXT (GET /admin/exec.php)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 245 TCP 127.0.0.1:49674 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/224 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/junk988.aspx][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.200 (Executable)][PLAIN TEXT (BGET /junk988.asp)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 246 TCP 127.0.0.1:50598 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/224 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/html/cgi-bin/cgicso?query=AAA][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000072)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.214 (Executable)][PLAIN TEXT (GET /html/c)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 247 TCP 127.0.0.1:49670 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/223 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/junk999.asp][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.160 (Executable)][PLAIN TEXT (@GET /junk999.asp HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 248 TCP 127.0.0.1:49688 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/223 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: IIS internal IP)][Risk: ** Known Proto on Non Std Port **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / Expected on port 80 / Entropy: 5.104 (Executable)][PLAIN TEXT (NGET /Microsoft)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 249 TCP 127.0.0.1:49672 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.aspx][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.098 (Executable)][PLAIN TEXT (AGET /index.asp)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 250 TCP 127.0.0.1:49678 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/login.aspx][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.091 (Executable)][PLAIN TEXT (EGET /login.asp)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 251 TCP 127.0.0.1:50592 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/scripts/samples/details.idc][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000023)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.064 (Executable)][PLAIN TEXT (GET /scripts/samples/details.id)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 252 TCP 127.0.0.1:50604 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/scripts/Carello/Carello.dll][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000144)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.053 (Executable)][PLAIN TEXT (/GET /scripts/Carello/Carello.d)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 253 TCP 127.0.0.1:49668 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/221 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.asp][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.087 (Executable)][PLAIN TEXT (GET /index.asp HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 254 TCP 127.0.0.1:49676 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/221 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/login.asp][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.068 (Executable)][PLAIN TEXT (DGET /login.asp HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 255 TCP 127.0.0.1:50614 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/221 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/servlets/SchedulerTransfer][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000347)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.149 (Executable)][PLAIN TEXT (GET /servlets/SchedulerTransfer)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 256 TCP 127.0.0.1:50638 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/221 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/ews/ews/architext_query.pl][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001073)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.189 (Executable)][PLAIN TEXT (LGET /ews/ews/architext)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 257 TCP 127.0.0.1:50642 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/221 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/instantwebmail/message.php][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001075)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.092 (Executable)][PLAIN TEXT (PGET /instantwebmail/message.ph)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 258 TCP 127.0.0.1:49562 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/220 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0hXC6ZUE.BBoardServlet][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.250 (Executable)][PLAIN TEXT (GET /0h)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 259 TCP 127.0.0.1:49660 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/220 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/nonexistent.nsf][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:Domino detection)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.984 (Executable)][PLAIN TEXT (GET /nonexistent.nsf HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 260 TCP 127.0.0.1:50610 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/220 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/servlet/SchedulerTransfer][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000345)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.154 (Executable)][PLAIN TEXT (GET /servlet/SchedulerTransfer )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 261 TCP 127.0.0.1:50624 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/220 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/msadc/samples/adctest.asp][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000496)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.105 (Executable)][PLAIN TEXT (GET /msadc/samples/adctest.asp )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 262 TCP 127.0.0.1:50628 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/220 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cd-cgi/sscd_suncourier.pl][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001067)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.126 (Executable)][PLAIN TEXT (EGET /cd)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 263 TCP 127.0.0.1:50596 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/219 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/guestbook/guestbook.html][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000071)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.081 (Executable)][PLAIN TEXT (GET /guestbook/guestbook.html H)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 264 TCP 127.0.0.1:50616 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/218 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/perl/-e%20print%20Hello][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000352)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.062 (Executable)][PLAIN TEXT (GET /perl/)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 265 TCP 127.0.0.1:49658 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/217 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/webadmin.nsf][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:Domino detection)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.082 (Executable)][PLAIN TEXT (GET /webadmin.nsf HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 266 TCP 127.0.0.1:50636 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/217 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/DB4Web/10.10.10.10:100][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001072)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.018 (Executable)][PLAIN TEXT (GET /DB)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 267 TCP 127.0.0.1:49766 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/216 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/~bin][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:apacheusers: known user)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.109 (Executable)][PLAIN TEXT (bin HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 268 TCP 127.0.0.1:49886 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/216 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.1.tar.lzma][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.014 (Executable)][PLAIN TEXT (GET /127.0.0.1.tar.lzma HTTP/1.)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 269 TCP 127.0.0.1:49888 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/216 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.1.tar.lzma][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.014 (Executable)][PLAIN TEXT (GET /127.0.0.1.tar.lzma HTTP/1.)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 270 TCP 127.0.0.1:50290 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/216 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127_0_0_1.tar.lzma][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.079 (Executable)][PLAIN TEXT (GET /127)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 271 TCP 127.0.0.1:50292 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/216 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127_0_0_1.tar.lzma][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.079 (Executable)][PLAIN TEXT (GET /127)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 272 TCP 127.0.0.1:50408 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/216 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/favicons/favicon.ico][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:favicon)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.001 (Executable)][PLAIN TEXT (GET /favicons/favicon.ico HTTP/)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 273 TCP 127.0.0.1:50412 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/216 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/favicons/favicon.gif][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:favicon)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.023 (Executable)][PLAIN TEXT (GET /favicons/favicon.gif HTTP/)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 274 TCP 127.0.0.1:50416 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/216 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/favicons/favicon.png][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:favicon)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.030 (Executable)][PLAIN TEXT (GET /favicons/favicon.png HTTP/)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 275 TCP 127.0.0.1:50590 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/216 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/tiki/tiki-install.php][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000022)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.014 (Executable)][PLAIN TEXT (GET /tiki/tiki)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 276 TCP 127.0.0.1:50670 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/216 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/16/exec/-///pwd][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001253)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.087 (Executable)][PLAIN TEXT (eGET /level/16/exec/)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 277 TCP 127.0.0.1:49646 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/215 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/crossdomain.xml][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:crossdomain)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.071 (Executable)][PLAIN TEXT (GET /crossdomain.xml HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 278 TCP 127.0.0.1:49650 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/215 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/domcfg.nsf][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:Domino detection)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.067 (Executable)][PLAIN TEXT (.GET /domcfg.nsf HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 279 TCP 127.0.0.1:49654 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/215 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/admin4.nsf][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:Domino detection)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.066 (Executable)][PLAIN TEXT (GET /admin4.nsf HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 280 TCP 127.0.0.1:49656 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/215 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/admin5.nsf][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:Domino detection)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.053 (Executable)][PLAIN TEXT (GET /admin5.nsf HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 281 TCP 127.0.0.1:49750 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/215 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/default.aspx][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:multiple_index)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.149 (Executable)][PLAIN TEXT (GET /default.aspx HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 282 TCP 127.0.0.1:50022 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/215 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127_0_0_1.tar.bz2][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.079 (Executable)][PLAIN TEXT (YGET /127)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 283 TCP 127.0.0.1:50024 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/215 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127_0_0_1.tar.bz2][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.079 (Executable)][PLAIN TEXT (GET /127)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 284 TCP 127.0.0.1:50146 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/215 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.1.tar.bz2][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.014 (Executable)][PLAIN TEXT (GET /127.0.0.1.tar.bz)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 285 TCP 127.0.0.1:50148 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/215 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.1.tar.bz2][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.014 (Executable)][PLAIN TEXT (GET /127.0.0.1.tar.bz)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 286 TCP 127.0.0.1:51014 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/215 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/_vti_bin/fpcount.exe][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003089)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.173 (Executable)][PLAIN TEXT (bin/fpcount.exe HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 287 TCP 127.0.0.1:49592 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0hXC6ZUE.exe|dir][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.236 (Executable)][PLAIN TEXT (GET /0h)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 288 TCP 127.0.0.1:49638 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cgi-bin-sdb/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:cgi dir check)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.108 (Executable)][PLAIN TEXT (GET /cgi)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 289 TCP 127.0.0.1:49652 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/admin.nsf][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:Domino detection)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.042 (Executable)][PLAIN TEXT (/GET /admin.nsf HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 290 TCP 127.0.0.1:49736 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.shtml][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:multiple_index)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.126 (Executable)][PLAIN TEXT (uGET /index.shtml HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 291 TCP 127.0.0.1:49748 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/default.asp][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:multiple_index)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.139 (Executable)][PLAIN TEXT (GET /default.asp HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 292 TCP 127.0.0.1:49752 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/default.htm][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:multiple_index)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.163 (Executable)][PLAIN TEXT (GET /default.htm HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 293 TCP 127.0.0.1:49756 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.jhtml][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:multiple_index)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.153 (Executable)][PLAIN TEXT (GET /index.jhtml HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 294 TCP 127.0.0.1:49874 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.tar.lzma][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.026 (Executable)][PLAIN TEXT (GET /127.0.0.tar.lzma HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 295 TCP 127.0.0.1:49876 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.tar.lzma][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.026 (Executable)][PLAIN TEXT (GET /127.0.0.tar.lzma HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 296 TCP 127.0.0.1:49914 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127_0_0_1.tar.gz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.063 (Executable)][PLAIN TEXT (GET /127)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 297 TCP 127.0.0.1:49916 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127_0_0_1.tar.gz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.063 (Executable)][PLAIN TEXT (GET /127)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 298 TCP 127.0.0.1:50262 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.1.tar.gz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.998 (Executable)][PLAIN TEXT (GET /127.0.0.1.tar.gz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 299 TCP 127.0.0.1:50264 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.1.tar.gz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.998 (Executable)][PLAIN TEXT (GET /127.0.0.1.tar.gz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 300 TCP 127.0.0.1:50634 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cgi-bin/webdist.cgi][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001071)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.077 (Executable)][PLAIN TEXT (IGET /c)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 301 TCP 127.0.0.1:50640 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/exec/show/config/cr][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001074)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.118 (Executable)][PLAIN TEXT (NGET /exec/show/config/cr HTTP/)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 302 TCP 127.0.0.1:50648 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/logjam/showhits.php][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001157)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.128 (Executable)][PLAIN TEXT (UGET /logjam/showhits.php HTTP/)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 303 TCP 127.0.0.1:50690 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/16/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001263)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.072 (Executable)][PLAIN TEXT (tGET /level/16/exec//show HTTP/)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 304 TCP 127.0.0.1:50692 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/17/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001264)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.077 (Executable)][PLAIN TEXT (uGET /level/17/exec//show HTTP/)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 305 TCP 127.0.0.1:50694 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/18/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001265)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.078 (Executable)][PLAIN TEXT (wGET /level/18/exec//show HTTP/)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 306 TCP 127.0.0.1:50696 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/19/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001266)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.072 (Executable)][PLAIN TEXT (GET /level/19/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 307 TCP 127.0.0.1:50698 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/20/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001267)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.056 (Executable)][PLAIN TEXT (GET /level/20/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 308 TCP 127.0.0.1:50700 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/21/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001268)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.069 (Executable)][PLAIN TEXT (GET /level/21/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 309 TCP 127.0.0.1:50702 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/22/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001269)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.073 (Executable)][PLAIN TEXT (GET /level/22/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 310 TCP 127.0.0.1:50704 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/23/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001270)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.069 (Executable)][PLAIN TEXT (GET /level/23/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 311 TCP 127.0.0.1:50706 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/24/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001271)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.069 (Executable)][PLAIN TEXT (GET /level/24/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 312 TCP 127.0.0.1:50708 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/25/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001272)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.059 (Executable)][PLAIN TEXT (GET /level/25/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 313 TCP 127.0.0.1:50710 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/26/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001273)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.084 (Executable)][PLAIN TEXT (GET /level/26/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 314 TCP 127.0.0.1:50712 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/27/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001274)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.078 (Executable)][PLAIN TEXT (GET /level/27/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 315 TCP 127.0.0.1:50714 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/28/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001275)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.084 (Executable)][PLAIN TEXT (GET /level/28/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 316 TCP 127.0.0.1:50716 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/29/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001276)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.084 (Executable)][PLAIN TEXT (GET /level/29/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 317 TCP 127.0.0.1:50718 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/30/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001277)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.072 (Executable)][PLAIN TEXT (GET /level/30/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 318 TCP 127.0.0.1:50720 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/31/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001278)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.091 (Executable)][PLAIN TEXT (GET /level/31/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 319 TCP 127.0.0.1:50722 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/32/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001279)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.097 (Executable)][PLAIN TEXT (GET /level/32/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 320 TCP 127.0.0.1:50724 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/33/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001280)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.091 (Executable)][PLAIN TEXT (GET /level/33/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 321 TCP 127.0.0.1:50726 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/34/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001281)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.105 (Executable)][PLAIN TEXT (GET /level/34/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 322 TCP 127.0.0.1:50728 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/35/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001282)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.097 (Executable)][PLAIN TEXT (GET /level/35/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 323 TCP 127.0.0.1:50730 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/36/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001283)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.105 (Executable)][PLAIN TEXT (GET /level/36/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 324 TCP 127.0.0.1:50732 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/37/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001284)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.119 (Executable)][PLAIN TEXT (GET /level/37/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 325 TCP 127.0.0.1:50734 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/38/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001285)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.105 (Executable)][PLAIN TEXT (GET /level/38/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 326 TCP 127.0.0.1:50736 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/39/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001286)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.119 (Executable)][PLAIN TEXT (GET /level/39/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 327 TCP 127.0.0.1:50738 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/40/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001287)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.091 (Executable)][PLAIN TEXT (GET /level/40/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 328 TCP 127.0.0.1:50740 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/41/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001288)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.091 (Executable)][PLAIN TEXT (GET /level/41/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 329 TCP 127.0.0.1:50742 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/42/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001289)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.111 (Executable)][PLAIN TEXT (GET /level/42/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 330 TCP 127.0.0.1:50744 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/43/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001290)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.105 (Executable)][PLAIN TEXT (GET /level/43/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 331 TCP 127.0.0.1:50746 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/44/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001291)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.091 (Executable)][PLAIN TEXT (GET /level/44/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 332 TCP 127.0.0.1:50748 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/45/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001292)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.097 (Executable)][PLAIN TEXT (GET /level/45/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 333 TCP 127.0.0.1:50750 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/46/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001293)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.119 (Executable)][PLAIN TEXT (GET /level/46/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 334 TCP 127.0.0.1:50752 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/47/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001294)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.105 (Executable)][PLAIN TEXT (GET /level/47/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 335 TCP 127.0.0.1:50754 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/48/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001295)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.119 (Executable)][PLAIN TEXT (GET /level/48/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 336 TCP 127.0.0.1:50756 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/49/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001296)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.105 (Executable)][PLAIN TEXT (GET /level/49/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 337 TCP 127.0.0.1:50758 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/50/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001297)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.078 (Executable)][PLAIN TEXT (GET /level/50/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 338 TCP 127.0.0.1:50760 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/51/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001298)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.091 (Executable)][PLAIN TEXT (GET /level/51/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 339 TCP 127.0.0.1:50762 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/52/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001299)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.084 (Executable)][PLAIN TEXT (GET /level/52/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 340 TCP 127.0.0.1:50764 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/53/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001300)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.067 (Executable)][PLAIN TEXT (GET /level/53/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 341 TCP 127.0.0.1:50766 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/54/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001301)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.082 (Executable)][PLAIN TEXT (GET /level/54/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 342 TCP 127.0.0.1:50768 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/55/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001302)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.072 (Executable)][PLAIN TEXT (GET /level/55/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 343 TCP 127.0.0.1:50770 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/56/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001303)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.083 (Executable)][PLAIN TEXT (GET /level/56/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 344 TCP 127.0.0.1:50772 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/57/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001304)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.096 (Executable)][PLAIN TEXT (GET /level/57/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 345 TCP 127.0.0.1:50774 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/58/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001305)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.091 (Executable)][PLAIN TEXT (GET /level/58/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 346 TCP 127.0.0.1:50776 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/59/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001306)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.096 (Executable)][PLAIN TEXT (GET /level/59/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 347 TCP 127.0.0.1:50778 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/60/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001307)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.067 (Executable)][PLAIN TEXT (GET /level/60/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 348 TCP 127.0.0.1:50780 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/61/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001308)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.082 (Executable)][PLAIN TEXT (GET /level/61/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 349 TCP 127.0.0.1:50782 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/62/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001309)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.091 (Executable)][PLAIN TEXT (GET /level/62/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 350 TCP 127.0.0.1:50784 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/63/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001310)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.068 (Executable)][PLAIN TEXT (GET /level/63/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 351 TCP 127.0.0.1:50786 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/64/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001311)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.080 (Executable)][PLAIN TEXT (GET /level/64/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 352 TCP 127.0.0.1:50788 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/65/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001312)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.078 (Executable)][PLAIN TEXT (GET /level/65/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 353 TCP 127.0.0.1:50790 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/66/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001313)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.077 (Executable)][PLAIN TEXT (GET /level/66/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 354 TCP 127.0.0.1:50792 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/67/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001314)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.096 (Executable)][PLAIN TEXT (GET /level/67/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 355 TCP 127.0.0.1:50794 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/68/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001315)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.096 (Executable)][PLAIN TEXT (GET /level/68/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 356 TCP 127.0.0.1:50796 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/69/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001316)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.091 (Executable)][PLAIN TEXT (GET /level/69/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 357 TCP 127.0.0.1:50798 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/70/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001317)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.063 (Executable)][PLAIN TEXT (GET /level/70/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 358 TCP 127.0.0.1:50800 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/71/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001318)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.080 (Executable)][PLAIN TEXT (GET /level/71/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 359 TCP 127.0.0.1:50802 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/72/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001319)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.091 (Executable)][PLAIN TEXT (GET /level/72/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 360 TCP 127.0.0.1:50804 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/73/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001320)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.077 (Executable)][PLAIN TEXT (GET /level/73/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 361 TCP 127.0.0.1:50806 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/74/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001321)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.091 (Executable)][PLAIN TEXT (GET /level/74/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 362 TCP 127.0.0.1:50808 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/75/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001322)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.084 (Executable)][PLAIN TEXT (GET /level/75/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 363 TCP 127.0.0.1:50810 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/76/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001323)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.092 (Executable)][PLAIN TEXT (GET /level/76/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 364 TCP 127.0.0.1:50812 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/77/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001324)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.100 (Executable)][PLAIN TEXT (GET /level/77/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 365 TCP 127.0.0.1:50814 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/78/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001325)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.105 (Executable)][PLAIN TEXT (GET /level/78/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 366 TCP 127.0.0.1:50816 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/79/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001326)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.105 (Executable)][PLAIN TEXT (GET /level/79/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 367 TCP 127.0.0.1:50818 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/80/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001327)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.091 (Executable)][PLAIN TEXT (GET /level/80/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 368 TCP 127.0.0.1:50820 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/81/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001328)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.091 (Executable)][PLAIN TEXT (GET /level/81/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 369 TCP 127.0.0.1:50822 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/82/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001329)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.111 (Executable)][PLAIN TEXT (GET /level/82/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 370 TCP 127.0.0.1:50824 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/83/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001330)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.091 (Executable)][PLAIN TEXT (GET /level/83/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 371 TCP 127.0.0.1:50826 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/84/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001331)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.110 (Executable)][PLAIN TEXT (GET /level/84/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 372 TCP 127.0.0.1:50828 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/85/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001332)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.105 (Executable)][PLAIN TEXT (GET /level/85/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 373 TCP 127.0.0.1:50830 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/86/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001333)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.105 (Executable)][PLAIN TEXT (GET /level/86/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 374 TCP 127.0.0.1:50832 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/87/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001334)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.124 (Executable)][PLAIN TEXT (GET /level/87/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 375 TCP 127.0.0.1:50834 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/88/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001335)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.111 (Executable)][PLAIN TEXT (GET /level/88/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 376 TCP 127.0.0.1:50836 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/89/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001336)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.124 (Executable)][PLAIN TEXT (GET /level/89/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 377 TCP 127.0.0.1:50838 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/90/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001337)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.096 (Executable)][PLAIN TEXT (GET /level/90/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 378 TCP 127.0.0.1:50840 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/91/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001338)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.110 (Executable)][PLAIN TEXT (GET /level/91/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 379 TCP 127.0.0.1:50842 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/92/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001339)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.105 (Executable)][PLAIN TEXT (GET /level/92/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 380 TCP 127.0.0.1:50844 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/93/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001340)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.110 (Executable)][PLAIN TEXT (GET /level/93/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 381 TCP 127.0.0.1:50846 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/94/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001341)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.110 (Executable)][PLAIN TEXT (GET /level/94/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 382 TCP 127.0.0.1:50848 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/95/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001342)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.119 (Executable)][PLAIN TEXT (GET /level/95/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 383 TCP 127.0.0.1:50850 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/96/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001343)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.124 (Executable)][PLAIN TEXT (GET /level/96/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 384 TCP 127.0.0.1:50852 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/97/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001344)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.124 (Executable)][PLAIN TEXT (GET /level/97/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 385 TCP 127.0.0.1:50854 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/98/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001345)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.138 (Executable)][PLAIN TEXT (GET /level/98/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 386 TCP 127.0.0.1:50856 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/99/exec//show][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001346)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.124 (Executable)][PLAIN TEXT (GET /level/99/exec//show HTTP/1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 387 TCP 127.0.0.1:49556 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/213 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0hXC6ZUE.pl|dir][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.237 (Executable)][PLAIN TEXT (GET /0h)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 388 TCP 127.0.0.1:49566 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/213 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0hXC6ZUE.10:100][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.166 (Executable)][PLAIN TEXT (GET /0h)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 389 TCP 127.0.0.1:49696 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/213 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: IIS internal IP)][Risk: ** Known Proto on Non Std Port **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / Expected on port 80 / Entropy: 5.166 (Executable)][PLAIN TEXT (TGET /EWS/Exchange.asmx HTTP/1.)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 390 TCP 127.0.0.1:49706 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/213 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: IIS internal IP)][Risk: ** Known Proto on Non Std Port **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / Expected on port 80 / Entropy: 5.122 (Executable)][PLAIN TEXT (GET /EWS/Services.wsdl HTTP/1.0)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 391 TCP 127.0.0.1:49724 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/213 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.php3][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:multiple_index)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.156 (Executable)][PLAIN TEXT (lGET /index.php)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 392 TCP 127.0.0.1:49726 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/213 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.php4][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:multiple_index)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.156 (Executable)][PLAIN TEXT (nGET /index.php)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 393 TCP 127.0.0.1:49728 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/213 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.php5][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:multiple_index)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.143 (Executable)][PLAIN TEXT (oGET /index.php)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 394 TCP 127.0.0.1:49730 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/213 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.php7][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:multiple_index)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.143 (Executable)][PLAIN TEXT (pGET /index.php)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 395 TCP 127.0.0.1:49732 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/213 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.html][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:multiple_index)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.129 (Executable)][PLAIN TEXT (rGET /index.html HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 396 TCP 127.0.0.1:49746 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/213 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.aspx][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:multiple_index)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.114 (Executable)][PLAIN TEXT (GET /index.aspx HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 397 TCP 127.0.0.1:50134 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/213 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/backup.tar.lzma][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.111 (Executable)][PLAIN TEXT (GET /backup.tar.lzma HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 398 TCP 127.0.0.1:50136 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/213 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/backup.tar.lzma][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.111 (Executable)][PLAIN TEXT (GET /backup.tar.lzma HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 399 TCP 127.0.0.1:50226 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/213 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127001.tar.lzma][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.038 (Executable)][PLAIN TEXT (GET /127001.tar.lzma HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 400 TCP 127.0.0.1:50228 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/213 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127001.tar.lzma][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.038 (Executable)][PLAIN TEXT (GET /127001.tar.lzma HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 401 TCP 127.0.0.1:50378 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/213 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.tar.bz2][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.026 (Executable)][PLAIN TEXT (GET /127.0.0.tar.bz)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 402 TCP 127.0.0.1:50380 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/213 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.tar.bz2][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.026 (Executable)][PLAIN TEXT (GET /127.0.0.tar.bz)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 403 TCP 127.0.0.1:50572 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/213 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cfappman/index.cfm][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000013)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.141 (Executable)][PLAIN TEXT (GET /cfappman/index.c)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 404 TCP 127.0.0.1:51016 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/213 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/site/eg/source.asp][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003126)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.052 (Executable)][PLAIN TEXT (GET /site/eg/source.asp HTTP/1.)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 405 TCP 127.0.0.1:51046 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/213 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/isapi/tstisapi.dll][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003263)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.053 (Executable)][PLAIN TEXT (GET /isapi/tstisapi.dll HTTP/1.)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 406 TCP 127.0.0.1:49616 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/212 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cgi-local/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:cgi dir check)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.073 (Executable)][PLAIN TEXT (GET /cgi)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 407 TCP 127.0.0.1:49722 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/212 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.php][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:multiple_index)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.132 (Executable)][PLAIN TEXT (kGET /index.php HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 408 TCP 127.0.0.1:49734 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/212 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.htm][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:multiple_index)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.131 (Executable)][PLAIN TEXT (sGET /index.htm HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 409 TCP 127.0.0.1:49738 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/212 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.cfm][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:multiple_index)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.146 (Executable)][PLAIN TEXT (GET /index.cfm HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 410 TCP 127.0.0.1:49740 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/212 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.cgi][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:multiple_index)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.115 (Executable)][PLAIN TEXT (yGET /index.c)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 411 TCP 127.0.0.1:49744 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/212 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.asp][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:multiple_index)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.109 (Executable)][PLAIN TEXT (GET /index.asp HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 412 TCP 127.0.0.1:49758 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/212 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.jsp][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:multiple_index)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.128 (Executable)][PLAIN TEXT (GET /index.jsp HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 413 TCP 127.0.0.1:49760 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/212 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.xml][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:multiple_index)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.114 (Executable)][PLAIN TEXT (GET /index.xml HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 414 TCP 127.0.0.1:49902 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/212 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/12700.tar.lzma][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.042 (Executable)][PLAIN TEXT (GET /12700.tar.lzma HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 415 TCP 127.0.0.1:49904 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/212 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/12700.tar.lzma][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.042 (Executable)][PLAIN TEXT (GET /12700.tar.lzma HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 416 TCP 127.0.0.1:49954 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/212 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.tar.gz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.010 (Executable)][PLAIN TEXT (GET /127.0.0.tar.gz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 417 TCP 127.0.0.1:49956 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/212 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.tar.gz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.010 (Executable)][PLAIN TEXT (GET /127.0.0.tar.gz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 418 TCP 127.0.0.1:50178 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/212 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.tar.lzma][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.037 (Executable)][PLAIN TEXT (GET /127.0.tar.lzma HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 419 TCP 127.0.0.1:50180 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/212 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.tar.lzma][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.037 (Executable)][PLAIN TEXT (GET /127.0.tar.lzma HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 420 TCP 127.0.0.1:50258 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/212 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/backup.tar.bz2][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.104 (Executable)][PLAIN TEXT ( GET /backup.tar.bz)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 421 TCP 127.0.0.1:50260 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/212 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/backup.tar.bz2][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.104 (Executable)][PLAIN TEXT (GET /backup.tar.bz2 HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 422 TCP 127.0.0.1:50338 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/212 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127001.tar.bz2][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.038 (Executable)][PLAIN TEXT (GET /127001.tar.bz2 HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 423 TCP 127.0.0.1:50340 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/212 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127001.tar.bz2][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.038 (Executable)][PLAIN TEXT (GET /127001.tar.bz2 HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 424 TCP 127.0.0.1:50600 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/212 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/bb-dnbd/faxsurvey][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000142)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.205 (Executable)][PLAIN TEXT (GET /bb)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 425 TCP 127.0.0.1:49570 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0hXC6ZUE.php3][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.231 (Executable)][PLAIN TEXT (GET /0h)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 426 TCP 127.0.0.1:49584 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0hXC6ZUE.html][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.209 (Executable)][PLAIN TEXT (GET /0h)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 427 TCP 127.0.0.1:49628 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/fcgi-bin/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:cgi dir check)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.112 (Executable)][PLAIN TEXT (GET /fc)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 428 TCP 127.0.0.1:49632 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cgi-home/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:cgi dir check)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.095 (Executable)][PLAIN TEXT (GET /cgi)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 429 TCP 127.0.0.1:49634 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cgi-perl/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:cgi dir check)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.084 (Executable)][PLAIN TEXT (GET /cgi)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 430 TCP 127.0.0.1:49636 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/scgi-bin/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:cgi dir check)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.085 (Executable)][PLAIN TEXT ( GET /scgi)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 431 TCP 127.0.0.1:49742 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.pl][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:multiple_index)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.104 (Executable)][PLAIN TEXT (GET /index.pl HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 432 TCP 127.0.0.1:49754 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.do][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:multiple_index)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.101 (Executable)][PLAIN TEXT (GET /index.do HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 433 TCP 127.0.0.1:49806 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.1.cer][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.984 (Executable)][PLAIN TEXT (GET /127.0.0.1.cer HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 434 TCP 127.0.0.1:49808 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.1.cer][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.984 (Executable)][PLAIN TEXT (GET /127.0.0.1.cer HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 435 TCP 127.0.0.1:49822 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.1.alz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.988 (Executable)][PLAIN TEXT (GET /127.0.0.1.alz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 436 TCP 127.0.0.1:49824 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.1.alz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.988 (Executable)][PLAIN TEXT (GET /127.0.0.1.alz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 437 TCP 127.0.0.1:49830 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.1.tar][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.984 (Executable)][PLAIN TEXT (GET /127.0.0.1.tar HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 438 TCP 127.0.0.1:49832 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.1.tar][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.984 (Executable)][PLAIN TEXT (GET /127.0.0.1.tar HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 439 TCP 127.0.0.1:49838 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.tar.bz2][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.037 (Executable)][PLAIN TEXT (GET /127.0.tar.bz)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 440 TCP 127.0.0.1:49840 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.tar.bz2][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.037 (Executable)][PLAIN TEXT (GET /127.0.tar.bz)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 441 TCP 127.0.0.1:49866 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1270.tar.lzma][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.044 (Executable)][PLAIN TEXT (GET /1270.tar.lzma HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 442 TCP 127.0.0.1:49868 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1270.tar.lzma][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.044 (Executable)][PLAIN TEXT (GET /1270.tar.lzma HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 443 TCP 127.0.0.1:49870 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127_0_0_1.sql][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.055 (Executable)][PLAIN TEXT (GET /127)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 444 TCP 127.0.0.1:49872 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127_0_0_1.sql][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.055 (Executable)][PLAIN TEXT (GET /127)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 445 TCP 127.0.0.1:49882 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/site.tar.lzma][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.005 (Executable)][PLAIN TEXT (GET /site.tar.lzma HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 446 TCP 127.0.0.1:49884 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/site.tar.lzma][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.005 (Executable)][PLAIN TEXT (GET /site.tar.lzma HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 447 TCP 127.0.0.1:49890 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.1.zip][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.988 (Executable)][PLAIN TEXT (GET /127.0.0.1.zip HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 448 TCP 127.0.0.1:49892 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.1.zip][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.988 (Executable)][PLAIN TEXT (GET /127.0.0.1.zip HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 449 TCP 127.0.0.1:49918 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.1.war][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.013 (Executable)][PLAIN TEXT (GET /127.0.0.1.war HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 450 TCP 127.0.0.1:49920 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.1.war][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.013 (Executable)][PLAIN TEXT (GET /127.0.0.1.war HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 451 TCP 127.0.0.1:49958 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127_0_0_1.tgz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.053 (Executable)][PLAIN TEXT (GET /127)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 452 TCP 127.0.0.1:49960 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127_0_0_1.tgz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.053 (Executable)][PLAIN TEXT (GET /127)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 453 TCP 127.0.0.1:50038 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127_0_0_1.jks][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.066 (Executable)][PLAIN TEXT (GET /127)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 454 TCP 127.0.0.1:50040 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127_0_0_1.jks][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.066 (Executable)][PLAIN TEXT (fGET /127)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 455 TCP 127.0.0.1:50078 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127_0_0_1.pem][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.062 (Executable)][PLAIN TEXT (GET /127)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 456 TCP 127.0.0.1:50080 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127_0_0_1.pem][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.062 (Executable)][PLAIN TEXT (GET /127)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 457 TCP 127.0.0.1:50082 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127_0_0_1.egg][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.043 (Executable)][PLAIN TEXT (GET /127)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 458 TCP 127.0.0.1:50084 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127_0_0_1.egg][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.043 (Executable)][PLAIN TEXT (GET /127)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 459 TCP 127.0.0.1:50102 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.1.egg][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.979 (Executable)][PLAIN TEXT (GET /127.0.0.1.egg HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 460 TCP 127.0.0.1:50104 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.1.egg][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.979 (Executable)][PLAIN TEXT (GET /127.0.0.1.egg HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 461 TCP 127.0.0.1:50130 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.1.pem][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.998 (Executable)][PLAIN TEXT (GET /127.0.0.1.pem HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 462 TCP 127.0.0.1:50132 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.1.pem][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.998 (Executable)][PLAIN TEXT (GET /127.0.0.1.pem HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 463 TCP 127.0.0.1:50154 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/12700.tar.bz2][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.042 (Executable)][PLAIN TEXT (GET /12700.tar.bz)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 464 TCP 127.0.0.1:50156 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/12700.tar.bz2][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.042 (Executable)][PLAIN TEXT (GET /12700.tar.bz)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 465 TCP 127.0.0.1:50158 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.1.jks][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.002 (Executable)][PLAIN TEXT (GET /127.0.0.1.jks HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 466 TCP 127.0.0.1:50160 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.1.jks][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.002 (Executable)][PLAIN TEXT (GET /127.0.0.1.jks HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 467 TCP 127.0.0.1:50202 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.1.tgz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.989 (Executable)][PLAIN TEXT (GET /127.0.0.1.tgz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 468 TCP 127.0.0.1:50204 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.1.tgz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.989 (Executable)][PLAIN TEXT (GET /127.0.0.1.tgz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 469 TCP 127.0.0.1:50250 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/backup.tar.gz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.098 (Executable)][PLAIN TEXT (GET /backup.tar.gz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 470 TCP 127.0.0.1:50252 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/backup.tar.gz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.098 (Executable)][PLAIN TEXT (GET /backup.tar.gz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 471 TCP 127.0.0.1:50266 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127_0_0_1.war][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.077 (Executable)][PLAIN TEXT (GET /127)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 472 TCP 127.0.0.1:50268 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127_0_0_1.war][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.077 (Executable)][PLAIN TEXT (GET /127)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 473 TCP 127.0.0.1:50282 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127_0_0_1.zip][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.052 (Executable)][PLAIN TEXT (GET /127)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 474 TCP 127.0.0.1:50284 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127_0_0_1.zip][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.052 (Executable)][PLAIN TEXT (GET /127)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 475 TCP 127.0.0.1:50310 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.1.sql][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.991 (Executable)][PLAIN TEXT (HGET /127.0.0.1.sql HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 476 TCP 127.0.0.1:50312 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.1.sql][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.991 (Executable)][PLAIN TEXT (GET /127.0.0.1.sq)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 477 TCP 127.0.0.1:50330 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127001.tar.gz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.022 (Executable)][PLAIN TEXT (GET /127001.tar.gz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 478 TCP 127.0.0.1:50332 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127001.tar.gz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.022 (Executable)][PLAIN TEXT (GET /127001.tar.gz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 479 TCP 127.0.0.1:50350 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127_0_0_1.tar][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.048 (Executable)][PLAIN TEXT (fGET /127)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 480 TCP 127.0.0.1:50352 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127_0_0_1.tar][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.048 (Executable)][PLAIN TEXT (gGET /127)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 481 TCP 127.0.0.1:50382 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127_0_0_1.cer][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.049 (Executable)][PLAIN TEXT (GET /127)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 482 TCP 127.0.0.1:50384 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127_0_0_1.cer][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.049 (Executable)][PLAIN TEXT (GET /127)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 483 TCP 127.0.0.1:50390 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127_0_0_1.alz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.052 (Executable)][PLAIN TEXT (GET /127)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 484 TCP 127.0.0.1:50392 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127_0_0_1.alz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.052 (Executable)][PLAIN TEXT (GET /127)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 485 TCP 127.0.0.1:50664 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/Program%20Files/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001165)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.112 (Executable)][PLAIN TEXT (aGET /Program)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 486 TCP 127.0.0.1:50992 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/211 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/msadc/msadcs.dll][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001474)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.122 (Executable)][PLAIN TEXT (GET /msadc/msadcs.dll HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 487 TCP 127.0.0.1:49558 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0hXC6ZUE.txt][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.207 (Executable)][PLAIN TEXT (GET /0h)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 488 TCP 127.0.0.1:49560 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0hXC6ZUE.idc][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.203 (Executable)][PLAIN TEXT (GET /0h)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 489 TCP 127.0.0.1:49564 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0hXC6ZUE.cgi][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.203 (Executable)][PLAIN TEXT (GET /0h)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 490 TCP 127.0.0.1:49568 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0hXC6ZUE.exe][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.197 (Executable)][PLAIN TEXT (GET /0h)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 491 TCP 127.0.0.1:49572 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0hXC6ZUE.bat][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.213 (Executable)][PLAIN TEXT (GET /0h)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 492 TCP 127.0.0.1:49576 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0hXC6ZUE.cfm][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.230 (Executable)][PLAIN TEXT (GET /0h)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 493 TCP 127.0.0.1:49580 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0hXC6ZUE.cmd][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.216 (Executable)][PLAIN TEXT (GET /0h)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 494 TCP 127.0.0.1:49582 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0hXC6ZUE.htm][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.208 (Executable)][PLAIN TEXT (GET /0h)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 495 TCP 127.0.0.1:49586 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0hXC6ZUE.dll][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.202 (Executable)][PLAIN TEXT (GET /0h)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 496 TCP 127.0.0.1:49588 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0hXC6ZUE.php][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.207 (Executable)][PLAIN TEXT (GET /0h)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 497 TCP 127.0.0.1:49590 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0hXC6ZUE.asp][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.193 (Executable)][PLAIN TEXT (GET /0h)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 498 TCP 127.0.0.1:49596 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cgi.cgi/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:cgi dir check)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.055 (Executable)][PLAIN TEXT (GET /cgi.cgi/ HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 499 TCP 127.0.0.1:49600 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cgi-914/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:cgi dir check)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.121 (Executable)][PLAIN TEXT (GET /cgi)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 500 TCP 127.0.0.1:49602 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cgi-915/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:cgi dir check)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.107 (Executable)][PLAIN TEXT (GET /cgi)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 501 TCP 127.0.0.1:49610 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cgi-bin/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:cgi dir check)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.087 (Executable)][PLAIN TEXT (GET /cgi)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 502 TCP 127.0.0.1:49612 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/ows-bin/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:cgi dir check)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.106 (Executable)][PLAIN TEXT (GET /ows)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 503 TCP 127.0.0.1:49614 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cgi-sys/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:cgi dir check)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.092 (Executable)][PLAIN TEXT (GET /cgi)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 504 TCP 127.0.0.1:49624 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/scripts/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:cgi dir check)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.070 (Executable)][PLAIN TEXT (GET /scripts/ HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 505 TCP 127.0.0.1:49626 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cgi-win/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:cgi dir check)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.087 (Executable)][PLAIN TEXT (GET /cgi)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 506 TCP 127.0.0.1:49630 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cgi-exe/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:cgi dir check)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.081 (Executable)][PLAIN TEXT (GET /cgi)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 507 TCP 127.0.0.1:49640 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cgi-mod/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:cgi dir check)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.104 (Executable)][PLAIN TEXT (GET /cgi)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 508 TCP 127.0.0.1:50034 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.tar.gz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.020 (Executable)][PLAIN TEXT (aGET /127.0.tar.gz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 509 TCP 127.0.0.1:50036 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.tar.gz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.020 (Executable)][PLAIN TEXT (bGET /127.0.tar.gz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 510 TCP 127.0.0.1:50186 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.tar.lzma][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.044 (Executable)][PLAIN TEXT (GET /127.tar.lzma HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 511 TCP 127.0.0.1:50188 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.tar.lzma][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.044 (Executable)][PLAIN TEXT (GET /127.tar.lzma HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 512 TCP 127.0.0.1:50210 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1270.tar.bz2][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.044 (Executable)][PLAIN TEXT (GET /1270.tar.bz2 HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 513 TCP 127.0.0.1:50212 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1270.tar.bz2][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.044 (Executable)][PLAIN TEXT (GET /1270.tar.bz2 HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 514 TCP 127.0.0.1:50230 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/site.tar.bz2][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.009 (Executable)][PLAIN TEXT (GET /site.tar.bz2 HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 515 TCP 127.0.0.1:50232 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/site.tar.bz2][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.009 (Executable)][PLAIN TEXT (GET /site.tar.bz2 HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 516 TCP 127.0.0.1:50354 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/12700.tar.gz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.026 (Executable)][PLAIN TEXT (hGET /12700.tar.gz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 517 TCP 127.0.0.1:50356 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/12700.tar.gz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.026 (Executable)][PLAIN TEXT (GET /12700.tar.gz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 518 TCP 127.0.0.1:50582 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/splashAdmin.php][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000018)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.104 (Executable)][PLAIN TEXT ( GET /splashAdmin.php HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 519 TCP 127.0.0.1:50630 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cgi-bin/handler][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001069)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.119 (Executable)][PLAIN TEXT (GGET /c)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 520 TCP 127.0.0.1:49578 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0hXC6ZUE.pl][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.198 (Executable)][PLAIN TEXT (GET /0h)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 521 TCP 127.0.0.1:49598 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/webcgi/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:cgi dir check)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.110 (Executable)][PLAIN TEXT (GET /webc)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 522 TCP 127.0.0.1:49620 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cgibin/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:cgi dir check)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.082 (Executable)][PLAIN TEXT (GET /cgibin/ HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 523 TCP 127.0.0.1:49686 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: IIS internal IP)][Risk: ** Known Proto on Non Std Port **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / Expected on port 80 / Entropy: 5.085 (Executable)][PLAIN TEXT (LGET /Autodiscover/ HTTP/1.0)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 524 TCP 127.0.0.1:49712 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: IIS internal IP)][Risk: ** Known Proto on Non Std Port **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / Expected on port 80 / Entropy: 5.052 (Executable)][PLAIN TEXT (aGET /aspnet)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 525 TCP 127.0.0.1:49834 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.tar.bz2][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.045 (Executable)][PLAIN TEXT (GET /127.tar.bz)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 526 TCP 127.0.0.1:49836 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.tar.bz2][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.045 (Executable)][PLAIN TEXT (GET /127.tar.bz)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 527 TCP 127.0.0.1:49842 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/site.tar.gz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.989 (Executable)][PLAIN TEXT (GET /site.tar.gz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 528 TCP 127.0.0.1:49844 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/site.tar.gz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.989 (Executable)][PLAIN TEXT (GET /site.tar.gz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 529 TCP 127.0.0.1:49854 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.pem][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.011 (Executable)][PLAIN TEXT (GET /127.0.0.pem HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 530 TCP 127.0.0.1:49856 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.pem][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.011 (Executable)][PLAIN TEXT (GET /127.0.0.pem HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 531 TCP 127.0.0.1:49862 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1270.tar.gz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.028 (Executable)][PLAIN TEXT (GET /1270.tar.gz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 532 TCP 127.0.0.1:49864 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1270.tar.gz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.028 (Executable)][PLAIN TEXT (GET /1270.tar.gz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 533 TCP 127.0.0.1:49962 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.sql][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.003 (Executable)][PLAIN TEXT (GET /127.0.0.sq)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 534 TCP 127.0.0.1:49964 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.sql][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.003 (Executable)][PLAIN TEXT (GET /127.0.0.sq)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 535 TCP 127.0.0.1:50050 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.jks][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.014 (Executable)][PLAIN TEXT (GET /127.0.0.jks HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 536 TCP 127.0.0.1:50052 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.jks][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.014 (Executable)][PLAIN TEXT (oGET /127.0.0.j)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 537 TCP 127.0.0.1:50062 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.cer][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.997 (Executable)][PLAIN TEXT (wGET /127.0.0.cer HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 538 TCP 127.0.0.1:50064 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.cer][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.997 (Executable)][PLAIN TEXT (GET /127.0.0.cer HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 539 TCP 127.0.0.1:50074 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.tgz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.001 (Executable)][PLAIN TEXT (GET /127.0.0.tgz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 540 TCP 127.0.0.1:50076 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.tgz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.001 (Executable)][PLAIN TEXT (GET /127.0.0.tgz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 541 TCP 127.0.0.1:50138 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.tar][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.996 (Executable)][PLAIN TEXT (GET /127.0.0.tar HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 542 TCP 127.0.0.1:50140 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.tar][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.996 (Executable)][PLAIN TEXT (GET /127.0.0.tar HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 543 TCP 127.0.0.1:50162 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.war][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.025 (Executable)][PLAIN TEXT (GET /127.0.0.war HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 544 TCP 127.0.0.1:50164 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.war][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.025 (Executable)][PLAIN TEXT (GET /127.0.0.war HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 545 TCP 127.0.0.1:50214 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.alz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.000 (Executable)][PLAIN TEXT (GET /127.0.0.alz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 546 TCP 127.0.0.1:50216 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.alz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.000 (Executable)][PLAIN TEXT (GET /127.0.0.alz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 547 TCP 127.0.0.1:50270 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.zip][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.000 (Executable)][PLAIN TEXT (GET /127.0.0.zip HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 548 TCP 127.0.0.1:50272 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.zip][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.000 (Executable)][PLAIN TEXT (GET /127.0.0.zip HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 549 TCP 127.0.0.1:50314 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.egg][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.991 (Executable)][PLAIN TEXT (KGET /127.0.0.egg HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 550 TCP 127.0.0.1:50316 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.0.egg][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.991 (Executable)][PLAIN TEXT (LGET /127.0.0.egg HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 551 TCP 127.0.0.1:50676 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/16/exec/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001256)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.022 (Executable)][PLAIN TEXT (hGET /level/16/exec/ HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 552 TCP 127.0.0.1:51098 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/209 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/jenkins/script][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:006999)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.081 (Executable)][PLAIN TEXT (GET /jenkins/script HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 553 TCP 127.0.0.1:49594 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/index.php?][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.157 (Executable)][PLAIN TEXT (GET /index.php)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 554 TCP 127.0.0.1:49608 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/mpcgi/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:cgi dir check)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.104 (Executable)][PLAIN TEXT (GET /mpcgi/ HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 555 TCP 127.0.0.1:49618 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/htbin/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:cgi dir check)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.092 (Executable)][PLAIN TEXT (GET /htbin/ HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 556 TCP 127.0.0.1:49810 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127001.pem][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.021 (Executable)][PLAIN TEXT (GET /127001.pem HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 557 TCP 127.0.0.1:49812 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127001.pem][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.021 (Executable)][PLAIN TEXT (GET /127001.pem HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 558 TCP 127.0.0.1:49858 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127001.sql][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.013 (Executable)][PLAIN TEXT (GET /127001.sql HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 559 TCP 127.0.0.1:49860 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127001.sql][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.013 (Executable)][PLAIN TEXT (GET /127001.sql HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 560 TCP 127.0.0.1:49894 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/backup.pem][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.097 (Executable)][PLAIN TEXT (GET /backup.pem HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 561 TCP 127.0.0.1:49896 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/backup.pem][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.097 (Executable)][PLAIN TEXT (GET /backup.pem HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 562 TCP 127.0.0.1:49930 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/backup.sql][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.094 (Executable)][PLAIN TEXT (GET /backup.sql HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 563 TCP 127.0.0.1:49932 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/backup.sql][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.094 (Executable)][PLAIN TEXT (GET /backup.sql HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 564 TCP 127.0.0.1:49946 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/backup.zip][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.086 (Executable)][PLAIN TEXT ( GET /backup.zip HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 565 TCP 127.0.0.1:49948 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/backup.zip][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.086 (Executable)][PLAIN TEXT (GET /backup.zip HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 566 TCP 127.0.0.1:49978 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/backup.jks][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.100 (Executable)][PLAIN TEXT (GET /backup.j)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 567 TCP 127.0.0.1:49980 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/backup.jks][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.100 (Executable)][PLAIN TEXT (GET /backup.j)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 568 TCP 127.0.0.1:49990 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127001.war][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.036 (Executable)][PLAIN TEXT (AGET /127001.war HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 569 TCP 127.0.0.1:49992 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127001.war][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.036 (Executable)][PLAIN TEXT (BGET /127001.war HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 570 TCP 127.0.0.1:49994 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127001.egg][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.002 (Executable)][PLAIN TEXT (DGET /127001.egg HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 571 TCP 127.0.0.1:49996 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127001.egg][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.002 (Executable)][PLAIN TEXT (EGET /127001.egg HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 572 TCP 127.0.0.1:50014 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/backup.cer][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.083 (Executable)][PLAIN TEXT (RGET /backup.cer HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 573 TCP 127.0.0.1:50016 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/backup.cer][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.083 (Executable)][PLAIN TEXT (TGET /backup.cer HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 574 TCP 127.0.0.1:50026 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127001.zip][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.010 (Executable)][PLAIN TEXT (GET /127001.zip HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 575 TCP 127.0.0.1:50028 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127001.zip][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.010 (Executable)][PLAIN TEXT (GET /127001.zip HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 576 TCP 127.0.0.1:50054 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127001.jks][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.024 (Executable)][PLAIN TEXT (pGET /127001.jks HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 577 TCP 127.0.0.1:50056 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127001.jks][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.024 (Executable)][PLAIN TEXT (GET /127001.j)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 578 TCP 127.0.0.1:50058 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0.tar.lzma][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.030 (Executable)][PLAIN TEXT (sGET /0.tar.lzma HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 579 TCP 127.0.0.1:50060 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0.tar.lzma][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.030 (Executable)][PLAIN TEXT (uGET /0.tar.lzma HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 580 TCP 127.0.0.1:50086 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/backup.war][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.114 (Executable)][PLAIN TEXT (GET /backup.war HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 581 TCP 127.0.0.1:50088 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/backup.war][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.114 (Executable)][PLAIN TEXT (GET /backup.war HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 582 TCP 127.0.0.1:50090 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/backup.egg][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.083 (Executable)][PLAIN TEXT (GET /backup.egg HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 583 TCP 127.0.0.1:50092 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/backup.egg][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.083 (Executable)][PLAIN TEXT (GET /backup.egg HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 584 TCP 127.0.0.1:50094 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127001.cer][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.007 (Executable)][PLAIN TEXT (GET /127001.cer HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 585 TCP 127.0.0.1:50096 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127001.cer][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.007 (Executable)][PLAIN TEXT (GET /127001.cer HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 586 TCP 127.0.0.1:50142 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127001.alz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.010 (Executable)][PLAIN TEXT (GET /127001.alz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 587 TCP 127.0.0.1:50144 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127001.alz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.010 (Executable)][PLAIN TEXT (GET /127001.alz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 588 TCP 127.0.0.1:50222 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/backup.alz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.088 (Executable)][PLAIN TEXT (GET /backup.alz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 589 TCP 127.0.0.1:50224 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/backup.alz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.088 (Executable)][PLAIN TEXT (GET /backup.alz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 590 TCP 127.0.0.1:50234 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/backup.tgz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.093 (Executable)][PLAIN TEXT (GET /backup.tgz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 591 TCP 127.0.0.1:50236 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/backup.tgz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.093 (Executable)][PLAIN TEXT (GET /backup.tgz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 592 TCP 127.0.0.1:50274 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.tar.gz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.028 (Executable)][PLAIN TEXT (GET /127.tar.gz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 593 TCP 127.0.0.1:50276 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.tar.gz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.028 (Executable)][PLAIN TEXT (GET /127.tar.gz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 594 TCP 127.0.0.1:50306 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/backup.tar][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.084 (Executable)][PLAIN TEXT (FGET /backup.tar HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 595 TCP 127.0.0.1:50308 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/backup.tar][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.084 (Executable)][PLAIN TEXT (GGET /backup.tar HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 596 TCP 127.0.0.1:50322 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127001.tgz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.012 (Executable)][PLAIN TEXT (RGET /127001.tgz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 597 TCP 127.0.0.1:50324 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127001.tgz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.012 (Executable)][PLAIN TEXT (TGET /127001.tgz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 598 TCP 127.0.0.1:50358 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1.tar.lzma][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.028 (Executable)][PLAIN TEXT (kGET /1.tar.lzma HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 599 TCP 127.0.0.1:50360 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1.tar.lzma][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.028 (Executable)][PLAIN TEXT (GET /1.tar.lzma HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 600 TCP 127.0.0.1:50402 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127001.tar][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.006 (Executable)][PLAIN TEXT (GET /127001.tar HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 601 TCP 127.0.0.1:50404 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127001.tar][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.006 (Executable)][PLAIN TEXT (GET /127001.tar HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 602 TCP 127.0.0.1:51100 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/208 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/hudson/script][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:006999)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.132 (Executable)][PLAIN TEXT (GET /hudson/script HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 603 TCP 127.0.0.1:49552 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/.0hXC6ZUE][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Possible Exploit Attempt **** Unidirectional Traffic **][Risk Score: 270][Risk Info: No server to client traffic / Found host 127.0.0.1 / URL starting with dot / Expected on port 80 / Entropy: 5.192 (Executable)][PLAIN TEXT (GET /.0)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 604 TCP 127.0.0.1:49574 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0hXC6ZUE/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.197 (Executable)][PLAIN TEXT (GET /0h)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 605 TCP 127.0.0.1:49622 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cgis/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:cgi dir check)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.066 (Executable)][PLAIN TEXT (GET /cgis/ HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 606 TCP 127.0.0.1:49782 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/12700.war][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.040 (Executable)][PLAIN TEXT (GET /12700.war HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 607 TCP 127.0.0.1:49784 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/12700.war][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.040 (Executable)][PLAIN TEXT (GET /12700.war HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 608 TCP 127.0.0.1:49794 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.sql][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.013 (Executable)][PLAIN TEXT (GET /127.0.sq)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 609 TCP 127.0.0.1:49796 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.sql][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.013 (Executable)][PLAIN TEXT (GET /127.0.sq)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 610 TCP 127.0.0.1:49798 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.pem][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.021 (Executable)][PLAIN TEXT (GET /127.0.pem HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 611 TCP 127.0.0.1:49800 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.pem][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.021 (Executable)][PLAIN TEXT (GET /127.0.pem HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 612 TCP 127.0.0.1:49906 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/12700.tgz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.016 (Executable)][PLAIN TEXT (GET /12700.tgz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 613 TCP 127.0.0.1:49908 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/12700.tgz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.016 (Executable)][PLAIN TEXT (GET /12700.tgz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 614 TCP 127.0.0.1:49938 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.zip][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.010 (Executable)][PLAIN TEXT (GET /127.0.zip HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 615 TCP 127.0.0.1:49940 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.zip][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.010 (Executable)][PLAIN TEXT (GET /127.0.zip HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 616 TCP 127.0.0.1:49966 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/12700.tar][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.010 (Executable)][PLAIN TEXT (/GET /12700.tar HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 617 TCP 127.0.0.1:49968 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/12700.tar][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.010 (Executable)][PLAIN TEXT (GET /12700.tar HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 618 TCP 127.0.0.1:49974 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.alz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.010 (Executable)][PLAIN TEXT (GET /127.0.alz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 619 TCP 127.0.0.1:49976 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.alz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.010 (Executable)][PLAIN TEXT (GET /127.0.alz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 620 TCP 127.0.0.1:50018 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/12700.cer][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.011 (Executable)][PLAIN TEXT (UGET /12700.cer HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 621 TCP 127.0.0.1:50020 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/12700.cer][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.011 (Executable)][PLAIN TEXT (WGET /12700.cer HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 622 TCP 127.0.0.1:50030 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0.tar.bz2][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.034 (Executable)][PLAIN TEXT (GET /0.tar.bz)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 623 TCP 127.0.0.1:50032 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0.tar.bz2][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.034 (Executable)][PLAIN TEXT (GET /0.tar.bz)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 624 TCP 127.0.0.1:50042 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.egg][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.001 (Executable)][PLAIN TEXT (gGET /127.0.egg HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 625 TCP 127.0.0.1:50044 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.egg][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.001 (Executable)][PLAIN TEXT (iGET /127.0.egg HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 626 TCP 127.0.0.1:50046 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.jks][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.024 (Executable)][PLAIN TEXT (GET /127.0.jks HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 627 TCP 127.0.0.1:50048 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.jks][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.024 (Executable)][PLAIN TEXT (lGET /127.0.j)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 628 TCP 127.0.0.1:50110 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/12700.pem][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.025 (Executable)][PLAIN TEXT (GET /12700.pem HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 629 TCP 127.0.0.1:50112 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/12700.pem][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.025 (Executable)][PLAIN TEXT (GET /12700.pem HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 630 TCP 127.0.0.1:50114 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/12700.sql][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.017 (Executable)][PLAIN TEXT (GET /12700.sq)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 631 TCP 127.0.0.1:50116 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/12700.sql][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.017 (Executable)][PLAIN TEXT (GET /12700.sq)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 632 TCP 127.0.0.1:50122 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.war][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.035 (Executable)][PLAIN TEXT (GET /127.0.war HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 633 TCP 127.0.0.1:50124 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.war][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.035 (Executable)][PLAIN TEXT (GET /127.0.war HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 634 TCP 127.0.0.1:50166 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.tgz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.011 (Executable)][PLAIN TEXT (GET /127.0.tgz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 635 TCP 127.0.0.1:50168 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.tgz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.011 (Executable)][PLAIN TEXT (GET /127.0.tgz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 636 TCP 127.0.0.1:50206 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/12700.zip][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.014 (Executable)][PLAIN TEXT (GET /12700.zip HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 637 TCP 127.0.0.1:50208 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/12700.zip][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.014 (Executable)][PLAIN TEXT (GET /12700.zip HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 638 TCP 127.0.0.1:50242 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/12700.alz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.014 (Executable)][PLAIN TEXT (GET /12700.alz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 639 TCP 127.0.0.1:50244 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/12700.alz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.014 (Executable)][PLAIN TEXT (GET /12700.alz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 640 TCP 127.0.0.1:50246 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.tar][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.006 (Executable)][PLAIN TEXT (GET /127.0.tar HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 641 TCP 127.0.0.1:50248 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.tar][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.006 (Executable)][PLAIN TEXT (GET /127.0.tar HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 642 TCP 127.0.0.1:50326 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1.tar.bz2][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.032 (Executable)][PLAIN TEXT (UGET /1.tar.bz2 HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 643 TCP 127.0.0.1:50328 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1.tar.bz2][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.032 (Executable)][PLAIN TEXT (WGET /1.tar.bz2 HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 644 TCP 127.0.0.1:50342 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/12700.jks][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.029 (Executable)][PLAIN TEXT (aGET /12700.j)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 645 TCP 127.0.0.1:50344 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/12700.jks][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.029 (Executable)][PLAIN TEXT (GET /12700.jks HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 646 TCP 127.0.0.1:50346 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/12700.egg][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.006 (Executable)][PLAIN TEXT (dGET /12700.egg HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 647 TCP 127.0.0.1:50348 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/12700.egg][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.006 (Executable)][PLAIN TEXT (eGET /12700.egg HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 648 TCP 127.0.0.1:50366 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.cer][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.006 (Executable)][PLAIN TEXT (rGET /127.0.cer HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 649 TCP 127.0.0.1:50368 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.0.cer][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.006 (Executable)][PLAIN TEXT (tGET /127.0.cer HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 650 TCP 127.0.0.1:50406 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/favicon.ico][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:favicon)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.018 (Executable)][PLAIN TEXT (GET /favicon.ico HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 651 TCP 127.0.0.1:50410 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/favicon.gif][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:favicon)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.041 (Executable)][PLAIN TEXT (GET /favicon.gif HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 652 TCP 127.0.0.1:50414 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/favicon.png][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:favicon)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.045 (Executable)][PLAIN TEXT (GET /favicon.png HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 653 TCP 127.0.0.1:50580 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/lists/admin/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000017)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.027 (Executable)][PLAIN TEXT (GET /lists/admin/ HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 654 TCP 127.0.0.1:50602 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cartcart.cgi][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000143)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.076 (Executable)][PLAIN TEXT (.GET /cartcart.cgi HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 655 TCP 127.0.0.1:50994 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/uploader.php][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003018)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.132 (Executable)][PLAIN TEXT (GET /uploader.php HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 656 TCP 127.0.0.1:51080 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/207 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/login.php?-s][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:006524)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.111 (Executable)][PLAIN TEXT (GET /login.php)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 657 TCP 127.0.0.1:49554 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0hXC6ZUE][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.199 (Executable)][PLAIN TEXT (GET /0h)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 658 TCP 127.0.0.1:49604 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/bin/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:cgi dir check)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.085 (Executable)][PLAIN TEXT (GET /bin/ HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 659 TCP 127.0.0.1:49606 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/cgi/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:cgi dir check)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.069 (Executable)][PLAIN TEXT (GET /cgi/ HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 660 TCP 127.0.0.1:49714 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: IIS internal IP)][Risk: ** Known Proto on Non Std Port **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / Expected on port 80 / Entropy: 5.082 (Executable)][PLAIN TEXT (bGET /PowerShell HTTP/1.0)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 661 TCP 127.0.0.1:49786 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1270.cer][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.013 (Executable)][PLAIN TEXT (GET /1270.cer HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 662 TCP 127.0.0.1:49788 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1270.cer][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.013 (Executable)][PLAIN TEXT (GET /1270.cer HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 663 TCP 127.0.0.1:49802 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/site.tar][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.973 (Executable)][PLAIN TEXT (GET /site.tar HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 664 TCP 127.0.0.1:49804 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/site.tar][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.973 (Executable)][PLAIN TEXT (GET /site.tar HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 665 TCP 127.0.0.1:49814 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/site.cer][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.974 (Executable)][PLAIN TEXT (GET /site.cer HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 666 TCP 127.0.0.1:49816 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/site.cer][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.974 (Executable)][PLAIN TEXT (GET /site.cer HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 667 TCP 127.0.0.1:49818 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1270.tar][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.013 (Executable)][PLAIN TEXT (GET /1270.tar HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 668 TCP 127.0.0.1:49820 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1270.tar][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.013 (Executable)][PLAIN TEXT (GET /1270.tar HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 669 TCP 127.0.0.1:49926 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1270.jks][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.031 (Executable)][PLAIN TEXT (GET /1270.j)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 670 TCP 127.0.0.1:49928 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1270.jks][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.031 (Executable)][PLAIN TEXT (GET /1270.j)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 671 TCP 127.0.0.1:49934 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/site.jks][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.991 (Executable)][PLAIN TEXT (GET /site.j)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 672 TCP 127.0.0.1:49936 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/site.jks][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.991 (Executable)][PLAIN TEXT (GET /site.j)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 673 TCP 127.0.0.1:49950 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/site.zip][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.977 (Executable)][PLAIN TEXT (GET /site.zip HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 674 TCP 127.0.0.1:49952 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/site.zip][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.977 (Executable)][PLAIN TEXT (GET /site.zip HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 675 TCP 127.0.0.1:49970 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1270.zip][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.017 (Executable)][PLAIN TEXT (GET /1270.zip HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 676 TCP 127.0.0.1:49972 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1270.zip][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.017 (Executable)][PLAIN TEXT (GET /1270.zip HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 677 TCP 127.0.0.1:49986 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/site.pem][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.988 (Executable)][PLAIN TEXT (GET /site.pem HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 678 TCP 127.0.0.1:49988 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/site.pem][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.988 (Executable)][PLAIN TEXT (@GET /site.pem HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 679 TCP 127.0.0.1:50002 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0.tar.gz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.014 (Executable)][PLAIN TEXT (KGET /0.tar.gz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 680 TCP 127.0.0.1:50004 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0.tar.gz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.014 (Executable)][PLAIN TEXT (LGET /0.tar.gz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 681 TCP 127.0.0.1:50006 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1270.pem][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.028 (Executable)][PLAIN TEXT (GET /1270.pem HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 682 TCP 127.0.0.1:50008 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1270.pem][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.028 (Executable)][PLAIN TEXT (OGET /1270.pem HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 683 TCP 127.0.0.1:50106 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1270.egg][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.008 (Executable)][PLAIN TEXT (GET /1270.egg HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 684 TCP 127.0.0.1:50108 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1270.egg][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.008 (Executable)][PLAIN TEXT (GET /1270.egg HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 685 TCP 127.0.0.1:50118 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/site.egg][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.968 (Executable)][PLAIN TEXT (GET /site.egg HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 686 TCP 127.0.0.1:50120 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/site.egg][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.968 (Executable)][PLAIN TEXT (GET /site.egg HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 687 TCP 127.0.0.1:50174 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/site.alz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.978 (Executable)][PLAIN TEXT (GET /site.alz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 688 TCP 127.0.0.1:50176 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/site.alz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.978 (Executable)][PLAIN TEXT (GET /site.alz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 689 TCP 127.0.0.1:50182 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/site.tgz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.978 (Executable)][PLAIN TEXT (GET /site.tgz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 690 TCP 127.0.0.1:50184 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/site.tgz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.978 (Executable)][PLAIN TEXT (GET /site.tgz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 691 TCP 127.0.0.1:50190 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1270.alz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.017 (Executable)][PLAIN TEXT (GET /1270.alz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 692 TCP 127.0.0.1:50192 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1270.alz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.017 (Executable)][PLAIN TEXT (GET /1270.alz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 693 TCP 127.0.0.1:50198 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1270.tgz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.018 (Executable)][PLAIN TEXT (GET /1270.tgz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 694 TCP 127.0.0.1:50200 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1270.tgz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.018 (Executable)][PLAIN TEXT (GET /1270.tgz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 695 TCP 127.0.0.1:50298 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1.tar.gz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.012 (Executable)][PLAIN TEXT (@GET /1.tar.gz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 696 TCP 127.0.0.1:50300 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1.tar.gz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.012 (Executable)][PLAIN TEXT (BGET /1.tar.gz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 697 TCP 127.0.0.1:50334 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1270.sql][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.020 (Executable)][PLAIN TEXT (GET /1270.sql HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 698 TCP 127.0.0.1:50336 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1270.sql][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.020 (Executable)][PLAIN TEXT (GET /1270.sql HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 699 TCP 127.0.0.1:50362 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/site.sql][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.980 (Executable)][PLAIN TEXT (oGET /site.sq)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 700 TCP 127.0.0.1:50364 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/site.sql][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.980 (Executable)][PLAIN TEXT (GET /site.sql HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 701 TCP 127.0.0.1:50374 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1270.war][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.042 (Executable)][PLAIN TEXT (GET /1270.war HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 702 TCP 127.0.0.1:50376 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1270.war][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.042 (Executable)][PLAIN TEXT (yGET /1270.war HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 703 TCP 127.0.0.1:50394 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/site.war][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.004 (Executable)][PLAIN TEXT (GET /site.war HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 704 TCP 127.0.0.1:50396 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/site.war][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.004 (Executable)][PLAIN TEXT (GET /site.war HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 705 TCP 127.0.0.1:50666 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/smssend.php][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001166)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.066 (Executable)][PLAIN TEXT (bGET /smssend.php HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 706 TCP 127.0.0.1:51074 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/fx29id1.txt][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:006449)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.152 (Executable)][PLAIN TEXT (GET /fx)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 707 TCP 127.0.0.1:51076 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/fx29id2.txt][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:006450)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.142 (Executable)][PLAIN TEXT (GET /fx)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 708 TCP 127.0.0.1:49648 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/205 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/robots.txt][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:robots)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Crawler/Bot **** Unidirectional Traffic **][Risk Score: 130][Risk Info: No server to client traffic / Found host 127.0.0.1 / UA Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:robots) / Expected on][PLAIN TEXT (GET /robots.t)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 709 TCP 127.0.0.1:49662 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/205 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:parked detection)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.032 (Executable)][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 710 TCP 127.0.0.1:49846 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/205 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.pem][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.028 (Executable)][PLAIN TEXT (GET /127.pem HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 711 TCP 127.0.0.1:49848 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/205 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.pem][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.028 (Executable)][PLAIN TEXT (GET /127.pem HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 712 TCP 127.0.0.1:49878 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/205 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.tgz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.019 (Executable)][PLAIN TEXT (GET /127.tgz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 713 TCP 127.0.0.1:49880 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/205 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.tgz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.019 (Executable)][PLAIN TEXT (GET /127.tgz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 714 TCP 127.0.0.1:49910 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/205 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.tar][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.013 (Executable)][PLAIN TEXT (GET /127.tar HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 715 TCP 127.0.0.1:49912 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/205 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.tar][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.013 (Executable)][PLAIN TEXT (GET /127.tar HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 716 TCP 127.0.0.1:49982 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/205 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.zip][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.017 (Executable)][PLAIN TEXT (GET /127.zip HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 717 TCP 127.0.0.1:49984 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/205 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.zip][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.017 (Executable)][PLAIN TEXT (GET /127.zip HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 718 TCP 127.0.0.1:50170 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/205 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.jks][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.032 (Executable)][PLAIN TEXT (GET /127.jks HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 719 TCP 127.0.0.1:50172 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/205 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.jks][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.032 (Executable)][PLAIN TEXT (GET /127.jks HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 720 TCP 127.0.0.1:50254 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/205 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.alz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.017 (Executable)][PLAIN TEXT (GET /127.alz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 721 TCP 127.0.0.1:50256 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/205 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.alz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.017 (Executable)][PLAIN TEXT (GET /127.alz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 722 TCP 127.0.0.1:50278 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/205 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.egg][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.008 (Executable)][PLAIN TEXT (/GET /127.egg HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 723 TCP 127.0.0.1:50280 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/205 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.egg][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.008 (Executable)][PLAIN TEXT (GET /127.egg HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 724 TCP 127.0.0.1:50286 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/205 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.sql][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.020 (Executable)][PLAIN TEXT (GET /127.sq)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 725 TCP 127.0.0.1:50288 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/205 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.sql][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.020 (Executable)][PLAIN TEXT (GET /127.sq)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 726 TCP 127.0.0.1:50294 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/205 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.cer][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.014 (Executable)][PLAIN TEXT (GET /127.cer HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 727 TCP 127.0.0.1:50296 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/205 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.cer][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.014 (Executable)][PLAIN TEXT (GET /127.cer HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 728 TCP 127.0.0.1:50398 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/205 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.war][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.043 (Executable)][PLAIN TEXT (GET /127.war HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 729 TCP 127.0.0.1:50400 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/205 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/127.war][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.043 (Executable)][PLAIN TEXT (GET /127.war HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 730 TCP 127.0.0.1:50650 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/205 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/manual.php][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001158)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.116 (Executable)][PLAIN TEXT (GET /manual.php HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 731 TCP 127.0.0.1:49698 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/204 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: IIS internal IP)][Risk: ** Known Proto on Non Std Port **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / Expected on port 80 / Entropy: 5.103 (Executable)][PLAIN TEXT (UGET /Exchange HTTP/1.0)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 732 TCP 127.0.0.1:49790 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1.cer][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.997 (Executable)][PLAIN TEXT (GET /1.cer HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 733 TCP 127.0.0.1:49792 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1.cer][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.997 (Executable)][PLAIN TEXT (GET /1.cer HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 734 TCP 127.0.0.1:49826 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0.zip][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.002 (Executable)][PLAIN TEXT (GET /0.zip HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 735 TCP 127.0.0.1:49828 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0.zip][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.002 (Executable)][PLAIN TEXT (GET /0.zip HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 736 TCP 127.0.0.1:49850 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0.tar][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.998 (Executable)][PLAIN TEXT (GET /0.tar HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 737 TCP 127.0.0.1:49852 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0.tar][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.998 (Executable)][PLAIN TEXT (GET /0.tar HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 738 TCP 127.0.0.1:49898 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1.jks][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.015 (Executable)][PLAIN TEXT (GET /1.jks HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 739 TCP 127.0.0.1:49900 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1.jks][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.015 (Executable)][PLAIN TEXT (GET /1.jks HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 740 TCP 127.0.0.1:49922 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1.tgz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.002 (Executable)][PLAIN TEXT (GET /1.tgz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 741 TCP 127.0.0.1:49924 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1.tgz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.002 (Executable)][PLAIN TEXT (GET /1.tgz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 742 TCP 127.0.0.1:49942 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1.alz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.000 (Executable)][PLAIN TEXT (GET /1.alz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 743 TCP 127.0.0.1:49944 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1.alz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.000 (Executable)][PLAIN TEXT (GET /1.alz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 744 TCP 127.0.0.1:49998 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1.war][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.027 (Executable)][PLAIN TEXT (GGET /1.war HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 745 TCP 127.0.0.1:50000 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1.war][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.027 (Executable)][PLAIN TEXT (IGET /1.war HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 746 TCP 127.0.0.1:50010 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0.egg][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.993 (Executable)][PLAIN TEXT (PGET /0.egg HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 747 TCP 127.0.0.1:50012 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0.egg][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.993 (Executable)][PLAIN TEXT (GET /0.egg HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 748 TCP 127.0.0.1:50066 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1.sql][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.003 (Executable)][PLAIN TEXT (GET /1.sq)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 749 TCP 127.0.0.1:50068 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1.sql][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.003 (Executable)][PLAIN TEXT (GET /1.sq)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 750 TCP 127.0.0.1:50070 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1.pem][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.011 (Executable)][PLAIN TEXT (GET /1.pem HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 751 TCP 127.0.0.1:50072 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1.pem][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.011 (Executable)][PLAIN TEXT (GET /1.pem HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 752 TCP 127.0.0.1:50098 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0.cer][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.999 (Executable)][PLAIN TEXT (GET /0.cer HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 753 TCP 127.0.0.1:50100 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0.cer][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.999 (Executable)][PLAIN TEXT (GET /0.cer HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 754 TCP 127.0.0.1:50126 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1.zip][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.000 (Executable)][PLAIN TEXT (GET /1.zip HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 755 TCP 127.0.0.1:50128 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1.zip][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.000 (Executable)][PLAIN TEXT (GET /1.zip HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 756 TCP 127.0.0.1:50150 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1.tar][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.996 (Executable)][PLAIN TEXT (GET /1.tar HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 757 TCP 127.0.0.1:50152 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1.tar][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.996 (Executable)][PLAIN TEXT (GET /1.tar HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 758 TCP 127.0.0.1:50194 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0.jks][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.017 (Executable)][PLAIN TEXT (GET /0.jks HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 759 TCP 127.0.0.1:50196 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0.jks][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.017 (Executable)][PLAIN TEXT (GET /0.jks HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 760 TCP 127.0.0.1:50218 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0.tgz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.004 (Executable)][PLAIN TEXT (GET /0.tgz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 761 TCP 127.0.0.1:50220 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0.tgz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.004 (Executable)][PLAIN TEXT (GET /0.tgz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 762 TCP 127.0.0.1:50238 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0.alz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.002 (Executable)][PLAIN TEXT (GET /0.alz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 763 TCP 127.0.0.1:50240 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0.alz][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.002 (Executable)][PLAIN TEXT (GET /0.alz HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 764 TCP 127.0.0.1:50302 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0.war][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.029 (Executable)][PLAIN TEXT (GET /0.war HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 765 TCP 127.0.0.1:50304 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0.war][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.029 (Executable)][PLAIN TEXT (EGET /0.war HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 766 TCP 127.0.0.1:50318 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1.egg][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.991 (Executable)][PLAIN TEXT (GET /1.egg HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 767 TCP 127.0.0.1:50320 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/1.egg][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.991 (Executable)][PLAIN TEXT (PGET /1.egg HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 768 TCP 127.0.0.1:50370 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0.pem][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.013 (Executable)][PLAIN TEXT (uGET /0.pem HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 769 TCP 127.0.0.1:50372 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0.pem][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.013 (Executable)][PLAIN TEXT (GET /0.pem HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 770 TCP 127.0.0.1:50386 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0.sql][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.005 (Executable)][PLAIN TEXT (GET /0.sq)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 771 TCP 127.0.0.1:50388 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/0.sql][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.005 (Executable)][PLAIN TEXT (GET /0.sq)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 772 TCP 127.0.0.1:50606 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/w-agora/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000183)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.094 (Executable)][PLAIN TEXT (GET /w)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 773 TCP 127.0.0.1:50674 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/level/16][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001255)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.012 (Executable)][PLAIN TEXT (gGET /level/16 HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 774 TCP 127.0.0.1:51072 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/203 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/open.txt][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:006448)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.074 (Executable)][PLAIN TEXT (GET /open.t)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 775 TCP 127.0.0.1:49682 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/202 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: IIS internal IP)][Risk: ** Known Proto on Non Std Port **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / Expected on port 80 / Entropy: 5.076 (Executable)][PLAIN TEXT (GET /images HTTP/1.0)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 776 TCP 127.0.0.1:50578 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/202 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/kboard/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000016)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.066 (Executable)][PLAIN TEXT (GET /kboard/ HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 777 TCP 127.0.0.1:50584 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/202 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/ssdefs/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000019)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.038 (Executable)][PLAIN TEXT (GET /ssdefs/ HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 778 TCP 127.0.0.1:50586 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/202 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/sshome/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000020)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.013 (Executable)][PLAIN TEXT (GET /sshome/ HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 779 TCP 127.0.0.1:51092 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/202 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/c99.php][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:006739)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.134 (Executable)][PLAIN TEXT (GET /c99.php HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 780 TCP 127.0.0.1:49716 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/201 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: WebLogic internal IP)][Risk: ** Known Proto on Non Std Port **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / Expected on port 80 / Entropy: 5.093 (Executable)][PLAIN TEXT (dGET . HTTP/1.0)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 781 TCP 127.0.0.1:51096 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/201 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/script][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:006999)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.075 (Executable)][PLAIN TEXT (GET /script HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 782 TCP 127.0.0.1:50570 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/200 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/v2/_catalog][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.059 (Executable)][PLAIN TEXT (GET /v2/)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 783 TCP 127.0.0.1:50588 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/200 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/tiki/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000021)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 4.987 (Executable)][PLAIN TEXT (GET /tiki/ HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 784 TCP 127.0.0.1:49544 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/199 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:Port Check)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.058 (Executable)][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 785 TCP 127.0.0.1:49692 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/199 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: IIS internal IP)][Risk: ** Known Proto on Non Std Port **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / Expected on port 80 / Entropy: 5.082 (Executable)][PLAIN TEXT (GET /EC)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 786 TCP 127.0.0.1:49694 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/199 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: IIS internal IP)][Risk: ** Known Proto on Non Std Port **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / Expected on port 80 / Entropy: 5.103 (Executable)][PLAIN TEXT (SGET /EWS HTTP/1.0)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 787 TCP 127.0.0.1:49700 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/199 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: IIS internal IP)][Risk: ** Known Proto on Non Std Port **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / Expected on port 80 / Entropy: 5.118 (Executable)][PLAIN TEXT (GET /OWA HTTP/1.0)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 788 TCP 127.0.0.1:49704 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/199 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: IIS internal IP)][Risk: ** Known Proto on Non Std Port **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / Expected on port 80 / Entropy: 5.109 (Executable)][PLAIN TEXT (GET /Rpc HTTP/1.0)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 789 TCP 127.0.0.1:49708 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/199 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: IIS internal IP)][Risk: ** Known Proto on Non Std Port **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / Expected on port 80 / Entropy: 5.071 (Executable)][PLAIN TEXT (GET /ec)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 790 TCP 127.0.0.1:49710 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/199 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][< 1 sec][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: IIS internal IP)][Risk: ** Known Proto on Non Std Port **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / Expected on port 80 / Entropy: 5.118 (Executable)][PLAIN TEXT (GET /OAB HTTP/1.0)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 791 TCP 127.0.0.1:49548 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/198 bytes -> 0 pkts/0 bytes][Goodput ratio: 66/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.091 (Executable)][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 792 TCP 127.0.0.1:51078 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/198 bytes -> 0 pkts/0 bytes][Goodput ratio: 66/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/?-s][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:006523)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.080 (Executable)][PLAIN TEXT (s HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 793 TCP 127.0.0.1:49546 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/196 bytes -> 0 pkts/0 bytes][Goodput ratio: 66/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:getinfo)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.013 (Executable)][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 794 TCP 127.0.0.1:49680 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/196 bytes -> 0 pkts/0 bytes][Goodput ratio: 66/0][< 1 sec][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: IIS internal IP)][Risk: ** Known Proto on Non Std Port **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / Expected on port 80 / Entropy: 5.062 (Executable)][PLAIN TEXT (HGET / HTTP/1.0)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 795 TCP 127.0.0.1:50418 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/196 bytes -> 0 pkts/0 bytes][Goodput ratio: 66/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:favicon)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.036 (Executable)][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 796 TCP 127.0.0.1:49642 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/194 bytes -> 0 pkts/0 bytes][Goodput ratio: 66/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:paths)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Entropy: 5.040 (Executable)][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 797 TCP 127.0.0.1:49720 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/189 bytes -> 0 pkts/0 bytes][Goodput ratio: 65/0][< 1 sec][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:@TESTID)][Risk: ** Known Proto on Non Std Port **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / Expected on port 80 / Entropy: 5.112 (Executable)][PLAIN TEXT (iGET / HTTP/1.0)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/WebattackXSS.pcap.out b/tests/cfgs/default/result/WebattackXSS.pcap.out index 77e0b11c13e..f3d93d66a1e 100644 --- a/tests/cfgs/default/result/WebattackXSS.pcap.out +++ b/tests/cfgs/default/result/WebattackXSS.pcap.out @@ -44,12 +44,12 @@ Acceptable 9374 4721148 661 14 TCP 172.16.0.1:34940 <-> 192.168.10.50:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][206 pkts/62387 bytes <-> 105 pkts/190510 bytes][Goodput ratio: 78/96][69.37 sec][Hostname/SNI: 205.174.165.68][bytes ratio: -0.507 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/3 368/664 4896/4897 547/631][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 303/1814 651/1935 252/351][URL: 205.174.165.68/dv/vulnerabilities/xss_r/][StatusCode: 200][Content-Type: text/html][Server: Apache/2.4.18 (Ubuntu)][User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp Header **][Risk Score: 110][Risk Info: Found host 205.174.165.68 / Expected 192.168.10.50, found 205.174.165.68][PLAIN TEXT (GET /dv/vulnerabilities/xss)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,49] 15 TCP 172.16.0.1:54956 <-> 192.168.10.50:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][205 pkts/62321 bytes <-> 105 pkts/190525 bytes][Goodput ratio: 78/96][66.90 sec][Hostname/SNI: 205.174.165.68][bytes ratio: -0.507 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 325/707 3641/3642 473/524][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 304/1815 651/1935 252/351][URL: 205.174.165.68/dv/vulnerabilities/xss_r/][StatusCode: 200][Content-Type: text/html][Server: Apache/2.4.18 (Ubuntu)][User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp Header **][Risk Score: 110][Risk Info: Found host 205.174.165.68 / Expected 192.168.10.50, found 205.174.165.68][PLAIN TEXT (GET /dv/vulnerabilities/xss)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50] 16 TCP 172.16.0.1:59732 <-> 192.168.10.50:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][206 pkts/62299 bytes <-> 106 pkts/190495 bytes][Goodput ratio: 78/96][70.21 sec][Hostname/SNI: 205.174.165.68][bytes ratio: -0.507 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/3 384/681 3766/3767 516/543][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 302/1797 651/1935 251/373][URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27SZGGJRXX6DR9VWKN864H8LTBEZ6QC3GJPC8TUUNAED3BBL4L8P%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E][StatusCode: 200][Content-Type: text/html][Server: Apache/2.4.18 (Ubuntu)][User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** XSS Attack **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp Header **][Risk Score: 260][Risk Info: Found host 205.174.165.68 / Expected 192.168.10.50, found 205.174.165.68][PLAIN TEXT (GET /dv/vulnerabilities/xss)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,24,0,1,0,0,0,0,23,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50] - 17 TCP 172.16.0.1:52298 <-> 192.168.10.50:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][208 pkts/61639 bytes <-> 107 pkts/190727 bytes][Goodput ratio: 78/96][60.17 sec][Hostname/SNI: 205.174.165.68][bytes ratio: -0.512 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 317/536 1046/1043 421/406][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 296/1782 651/4410 248/575][URL: 205.174.165.68/dv/vulnerabilities/xss_r/][StatusCode: 302][Content-Type: text/html][Server: Apache/2.4.18 (Ubuntu)][User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp Header **][Risk Score: 110][Risk Info: Found host 205.174.165.68 / Expected 192.168.10.50, found 205.174.165.68][PLAIN TEXT (GET /dv/vulnerabilities/xss)][Plen Bins: 0,0,0,0,0,0,0,0,0,1,1,25,0,0,0,1,0,0,23,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,47] + 17 TCP 172.16.0.1:52298 <-> 192.168.10.50:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][208 pkts/61639 bytes <-> 107 pkts/190727 bytes][Goodput ratio: 78/96][60.17 sec][Hostname/SNI: 205.174.165.68][bytes ratio: -0.512 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 317/536 1046/1043 421/406][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 296/1782 651/4410 248/575][URL: 205.174.165.68/dv/vulnerabilities/xss_r/][StatusCode: 302][Content-Type: text/html][Server: Apache/2.4.18 (Ubuntu)][User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp Header **** Susp Entropy **][Risk Score: 160][Risk Info: Found host 205.174.165.68 / Expected 192.168.10.50, found 205.174.165.68 / Entropy: 5.432 (Executable)][PLAIN TEXT (GET /dv/vulnerabilities/xss)][Plen Bins: 0,0,0,0,0,0,0,0,0,1,1,25,0,0,0,1,0,0,23,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,47] 18 TCP 172.16.0.1:35626 <-> 192.168.10.50:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][88 pkts/26722 bytes <-> 45 pkts/81226 bytes][Goodput ratio: 78/96][31.23 sec][Hostname/SNI: 205.174.165.68][bytes ratio: -0.505 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/3 401/695 3953/3953 601/706][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 304/1805 651/1935 253/377][URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27KGE8ES9SCQ7FORY5VSPTYY4R4UHJNRQTPTAY6L9JR1OU40RPDA%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E][StatusCode: 200][Content-Type: text/html][Server: Apache/2.4.18 (Ubuntu)][User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** XSS Attack **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp Header **][Risk Score: 260][Risk Info: Found host 205.174.165.68 / Expected 192.168.10.50, found 205.174.165.68][PLAIN TEXT (GET /dv/vulnerabilities/xss)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,24,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50] - 19 TCP 172.16.0.1:52200 <-> 192.168.10.50:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][21 pkts/4366 bytes <-> 12 pkts/14453 bytes][Goodput ratio: 68/94][4.02 sec][Hostname/SNI: 205.174.165.68][bytes ratio: -0.536 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 71/140 842/846 196/272][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 208/1204 625/7992 186/2089][URL: 205.174.165.68/dv/vulnerabilities/xss_r/][StatusCode: 302][Content-Type: text/html][Server: Apache/2.4.18 (Ubuntu)][User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp Header **][Risk Score: 110][Risk Info: Found host 205.174.165.68 / Expected 192.168.10.50, found 205.174.165.68][PLAIN TEXT (GET /dv/vulnerabilities/xss)][Plen Bins: 0,0,0,0,0,0,0,0,0,12,12,18,5,0,0,12,12,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,5,0,5] - 20 TCP 172.16.0.1:52098 <-> 192.168.10.50:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][17 pkts/3745 bytes <-> 13 pkts/13999 bytes][Goodput ratio: 70/94][6.08 sec][Hostname/SNI: 205.174.165.68][bytes ratio: -0.578 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 431/104 5005/845 1286/263][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 220/1077 625/7306 191/1849][URL: 205.174.165.68/dv/vulnerabilities/xss_r/][StatusCode: 302][Content-Type: text/html][Server: Apache/2.4.18 (Ubuntu)][User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp Header **][Risk Score: 110][Risk Info: Found host 205.174.165.68 / Expected 192.168.10.50, found 205.174.165.68][PLAIN TEXT (GET /dv/vulnerabilities/xss)][Plen Bins: 0,0,0,0,0,0,0,0,0,12,12,12,6,0,0,12,6,6,0,0,0,6,0,6,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,6,0,6] - 21 TCP 172.16.0.1:52300 <-> 192.168.10.50:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][7 pkts/1229 bytes <-> 6 pkts/6497 bytes][Goodput ratio: 62/94][6.24 sec][Hostname/SNI: 205.174.165.68][bytes ratio: -0.682 (Download)][IAT c2s/s2c min/avg/max/stddev: 8/0 246/308 1185/1186 470/507][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 176/1083 461/5396 171/1949][URL: 205.174.165.68/dv/dvwa/js/dvwaPage.js][StatusCode: 200][Content-Type: application/javascript][Server: Apache/2.4.18 (Ubuntu)][User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp Header **][Risk Score: 110][Risk Info: Found host 205.174.165.68 / Expected 192.168.10.50, found 205.174.165.68][PLAIN TEXT (GET /dv/dvwa/js/dvwaPage.js HTT)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,25,25,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25] - 22 TCP 172.16.0.1:52318 <-> 192.168.10.50:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][5 pkts/696 bytes <-> 5 pkts/2045 bytes][Goodput ratio: 51/83][5.91 sec][Hostname/SNI: 205.174.165.68][bytes ratio: -0.492 (Download)][IAT c2s/s2c min/avg/max/stddev: 34/0 1476/301 5002/870 2065/403][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 139/409 424/1773 142/682][URL: 205.174.165.68/dv/favicon.ico][StatusCode: 200][Content-Type: image/vnd.microsoft.icon][Server: Apache/2.4.18 (Ubuntu)][User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp Header **][Risk Score: 110][Risk Info: Found host 205.174.165.68 / Expected 192.168.10.50, found 205.174.165.68][PLAIN TEXT (GET /dv/favicon.ico HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50] + 19 TCP 172.16.0.1:52200 <-> 192.168.10.50:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][21 pkts/4366 bytes <-> 12 pkts/14453 bytes][Goodput ratio: 68/94][4.02 sec][Hostname/SNI: 205.174.165.68][bytes ratio: -0.536 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 71/140 842/846 196/272][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 208/1204 625/7992 186/2089][URL: 205.174.165.68/dv/vulnerabilities/xss_r/][StatusCode: 302][Content-Type: text/html][Server: Apache/2.4.18 (Ubuntu)][User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp Header **** Susp Entropy **][Risk Score: 160][Risk Info: Found host 205.174.165.68 / Expected 192.168.10.50, found 205.174.165.68 / Entropy: 5.432 (Executable)][PLAIN TEXT (GET /dv/vulnerabilities/xss)][Plen Bins: 0,0,0,0,0,0,0,0,0,12,12,18,5,0,0,12,12,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,5,0,5] + 20 TCP 172.16.0.1:52098 <-> 192.168.10.50:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][17 pkts/3745 bytes <-> 13 pkts/13999 bytes][Goodput ratio: 70/94][6.08 sec][Hostname/SNI: 205.174.165.68][bytes ratio: -0.578 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 431/104 5005/845 1286/263][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 220/1077 625/7306 191/1849][URL: 205.174.165.68/dv/vulnerabilities/xss_r/][StatusCode: 302][Content-Type: text/html][Server: Apache/2.4.18 (Ubuntu)][User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp Header **** Susp Entropy **][Risk Score: 160][Risk Info: Found host 205.174.165.68 / Expected 192.168.10.50, found 205.174.165.68 / Entropy: 5.432 (Executable)][PLAIN TEXT (GET /dv/vulnerabilities/xss)][Plen Bins: 0,0,0,0,0,0,0,0,0,12,12,12,6,0,0,12,6,6,0,0,0,6,0,6,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,6,0,6] + 21 TCP 172.16.0.1:52300 <-> 192.168.10.50:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][7 pkts/1229 bytes <-> 6 pkts/6497 bytes][Goodput ratio: 62/94][6.24 sec][Hostname/SNI: 205.174.165.68][bytes ratio: -0.682 (Download)][IAT c2s/s2c min/avg/max/stddev: 8/0 246/308 1185/1186 470/507][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 176/1083 461/5396 171/1949][URL: 205.174.165.68/dv/dvwa/js/dvwaPage.js][StatusCode: 200][Content-Type: application/javascript][Server: Apache/2.4.18 (Ubuntu)][User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp Header **** Susp Entropy **][Risk Score: 160][Risk Info: Found host 205.174.165.68 / Expected 192.168.10.50, found 205.174.165.68 / Entropy: 5.490 (Executable)][PLAIN TEXT (GET /dv/dvwa/js/dvwaPage.js HTT)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,25,25,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25] + 22 TCP 172.16.0.1:52318 <-> 192.168.10.50:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][5 pkts/696 bytes <-> 5 pkts/2045 bytes][Goodput ratio: 51/83][5.91 sec][Hostname/SNI: 205.174.165.68][bytes ratio: -0.492 (Download)][IAT c2s/s2c min/avg/max/stddev: 34/0 1476/301 5002/870 2065/403][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 139/409 424/1773 142/682][URL: 205.174.165.68/dv/favicon.ico][StatusCode: 200][Content-Type: image/vnd.microsoft.icon][Server: Apache/2.4.18 (Ubuntu)][User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp Header **** Susp Entropy **][Risk Score: 160][Risk Info: Found host 205.174.165.68 / Expected 192.168.10.50, found 205.174.165.68 / Entropy: 5.496 (Executable)][PLAIN TEXT (GET /dv/favicon.ico HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50] 23 TCP 172.16.0.1:33068 <-> 192.168.10.50:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 7][cat: Web/5][4 pkts/272 bytes <-> 3 pkts/206 bytes][Goodput ratio: 0/0][5.73 sec][bytes ratio: 0.138 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/5728 1909/5728 5727/5728 2700/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/69 74/74 3/4][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 24 TCP 172.16.0.1:34752 <-> 192.168.10.50:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 7][cat: Web/5][4 pkts/272 bytes <-> 3 pkts/206 bytes][Goodput ratio: 0/0][5.52 sec][bytes ratio: 0.138 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/5523 1841/5523 5522/5523 2603/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/69 74/74 3/4][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 25 TCP 172.16.0.1:35208 <-> 192.168.10.50:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 7][cat: Web/5][4 pkts/272 bytes <-> 3 pkts/206 bytes][Goodput ratio: 0/0][5.79 sec][bytes ratio: 0.138 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2/5792 1931/5792 5790/5792 2729/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/69 74/74 3/4][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/alexa-app.pcapng.out b/tests/cfgs/default/result/alexa-app.pcapng.out index 5d445bc010c..16b7f4a8dc5 100644 --- a/tests/cfgs/default/result/alexa-app.pcapng.out +++ b/tests/cfgs/default/result/alexa-app.pcapng.out @@ -51,9 +51,9 @@ JA3 Host Stats: 1 TCP 172.16.42.216:54411 <-> 52.85.209.216:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 9][cat: Web/5][40 pkts/9869 bytes <-> 38 pkts/36764 bytes][Goodput ratio: 73/93][4.46 sec][Hostname/SNI: www.amazon.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.577 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 89/33 1629/317 305/68][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 247/967 1514/1514 433/642][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][ServerNames: amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com][Certificate SHA-1: EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E][Validity: 2016-10-31 00:00:00 - 2017-12-31 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,2,0,2,0,0,2,2,0,0,0,2,2,0,0,0,0,0,0,0,0,0,2,2,0,0,0,0,0,0,0,0,8,2,0,2,0,0,0,0,0,0,0,0,0,69,0,0] 2 TCP 172.16.42.216:41828 <-> 52.85.209.143:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 8][cat: Web/5][31 pkts/13163 bytes <-> 34 pkts/25939 bytes][Goodput ratio: 84/91][3.25 sec][Hostname/SNI: www.amazon.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.327 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 111/38 1832/535 365/102][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 425/763 1514/1514 587/629][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][ServerNames: amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com][Certificate SHA-1: EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E][Validity: 2016-10-31 00:00:00 - 2017-12-31 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 2,2,2,8,0,0,2,2,2,0,2,0,0,2,0,0,2,0,0,2,0,2,5,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,53,0,0] 3 TCP 172.16.42.216:40856 <-> 54.239.29.253:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][47 pkts/4785 bytes <-> 51 pkts/31984 bytes][Goodput ratio: 47/91][2.59 sec][Hostname/SNI: skills-store.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.740 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 65/13 1811/246 293/44][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 102/627 1514/1514 218/316][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][ServerNames: skills-store.amazon.com][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=skills-store.amazon.com][Certificate SHA-1: 2A:40:0E:E9:9A:EC:7C:0D:40:AA:C9:C5:66:67:00:B8:3E:90:DC:B2][Validity: 2016-05-14 00:00:00 - 2017-05-15 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,3,0,0,0,0,1,1,0,0,1,0,0,1,0,0,0,80,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,7,0,0] - 4 TCP 172.16.42.216:51986 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][31 pkts/3707 bytes <-> 28 pkts/31731 bytes][Goodput ratio: 44/94][1.26 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.791 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/21 364/286 86/68][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 120/1133 613/1514 162/585][URL: ecx.images-amazon.com/images/I/81diFQyVjHL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][Server: Server][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][PLAIN TEXT (GET /images/I/81diF)][Plen Bins: 3,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,3,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,3,68,0,0] - 5 TCP 172.16.42.216:51995 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][22 pkts/2590 bytes <-> 25 pkts/31047 bytes][Goodput ratio: 42/95][1.13 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.846 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 54/42 536/536 126/120][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 118/1242 613/1514 157/474][URL: ecx.images-amazon.com/images/I/5100jxqrQhL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][Server: Server][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][PLAIN TEXT (GET /images/I/5100j)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,8,0,0,0,4,0,0,0,0,67,0,0] - 6 TCP 172.16.42.216:51992 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 7][cat: Web/5][27 pkts/3443 bytes <-> 24 pkts/29237 bytes][Goodput ratio: 48/95][1.13 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.789 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 36/6 368/110 98/25][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 128/1218 613/1514 172/546][URL: ecx.images-amazon.com/images/I/71nqwmwmRlL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][Server: Server][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][PLAIN TEXT (GET /images/I/71nqwmwmRlL.)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,74,0,0] + 4 TCP 172.16.42.216:51986 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][31 pkts/3707 bytes <-> 28 pkts/31731 bytes][Goodput ratio: 44/94][1.26 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.791 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/21 364/286 86/68][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 120/1133 613/1514 162/585][URL: ecx.images-amazon.com/images/I/81diFQyVjHL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][Server: Server][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.729 (Executable)][PLAIN TEXT (GET /images/I/81diF)][Plen Bins: 3,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,3,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,3,68,0,0] + 5 TCP 172.16.42.216:51995 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][22 pkts/2590 bytes <-> 25 pkts/31047 bytes][Goodput ratio: 42/95][1.13 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.846 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 54/42 536/536 126/120][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 118/1242 613/1514 157/474][URL: ecx.images-amazon.com/images/I/5100jxqrQhL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][Server: Server][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.718 (Executable)][PLAIN TEXT (GET /images/I/5100j)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,8,0,0,0,4,0,0,0,0,67,0,0] + 6 TCP 172.16.42.216:51992 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 7][cat: Web/5][27 pkts/3443 bytes <-> 24 pkts/29237 bytes][Goodput ratio: 48/95][1.13 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.789 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 36/6 368/110 98/25][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 128/1218 613/1514 172/546][URL: ecx.images-amazon.com/images/I/71nqwmwmRlL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][Server: Server][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.703 (Executable)][PLAIN TEXT (GET /images/I/71nqwmwmRlL.)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,74,0,0] 7 TCP 172.16.42.216:41691 <-> 54.239.29.146:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 9][cat: Web/5][28 pkts/5292 bytes <-> 28 pkts/24601 bytes][Goodput ratio: 71/94][100.86 sec][Hostname/SNI: api.amazon.com][bytes ratio: -0.646 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 37/78 293/443 72/134][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 189/879 1514/1514 381/687][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: bdf21e38e1f69776df407235625e75e2][JA4: t12d220500_5fd681855ab9_c70a3c84db07][ServerNames: api.amazon.com,wsync.us-east-1.amazon.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=api.amazon.com][Certificate SHA-1: 1D:A3:CD:C3:06:9E:9B:A0:61:1E:1A:75:55:C1:A8:B0:DC:F8:75:2D][Firefox][Validity: 2016-09-05 00:00:00 - 2017-09-23 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,3,0,3,0,15,3,0,0,0,0,0,3,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,68,0,0] 8 TCP 172.16.42.216:38483 <-> 52.85.209.143:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 8][cat: Web/5][32 pkts/3796 bytes <-> 30 pkts/25146 bytes][Goodput ratio: 44/92][0.66 sec][bytes ratio: -0.738 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/19 227/241 45/48][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 119/838 732/1514 163/608][Risk: ** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 60][Risk Info: No ALPN][TLSv1.2][JA3C: 36e9ceaa96dd810482573844f78a063f][JA4: t12d220300_5fd681855ab9_1ea9011b3dfa][ServerNames: amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com][Certificate SHA-1: EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E][Firefox][Validity: 2016-10-31 00:00:00 - 2017-12-31 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,12,3,6,0,0,6,0,0,0,0,3,3,0,0,3,0,3,0,0,6,3,0,3,0,0,3,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0] 9 TCP 172.16.42.216:34034 <-> 54.239.24.186:443 [proto: 91.265/TLS.AmazonAWS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 7][cat: Cloud/13][24 pkts/22786 bytes <-> 19 pkts/2185 bytes][Goodput ratio: 94/49][1.87 sec][Hostname/SNI: mobileanalytics.us-east-1.amazonaws.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: 0.825 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 65/76 511/512 132/142][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 949/115 1514/564 678/140][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 4,4,0,0,4,0,0,0,4,0,0,0,4,0,0,4,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,65,0,0] @@ -61,22 +61,22 @@ JA3 Host Stats: 11 TCP 172.16.42.216:45710 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 8][cat: Web/5][26 pkts/13063 bytes <-> 23 pkts/8561 bytes][Goodput ratio: 89/85][10.20 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.208 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 464/535 3346/6303 892/1474][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 502/372 1514/1514 619/511][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 3,7,3,3,7,3,3,11,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,41,0,0] 12 TCP 172.16.42.216:54434 <-> 52.85.209.216:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][18 pkts/9106 bytes <-> 15 pkts/10708 bytes][Goodput ratio: 86/91][3.73 sec][Hostname/SNI: www.amazon.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.081 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/241 96/1116 31/336][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 506/714 1514/1514 633/678][TLSv1.2][JA3C: 5ee142340adf02ded757447e2ff78986][JA4: t12d1511h2_f0daf39aad75_7ed7223c468c][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,6,6,0,6,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,6,57,0,0] 13 TCP 172.16.42.216:41914 <-> 52.84.62.115:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 8][cat: Web/5][20 pkts/6834 bytes <-> 15 pkts/11310 bytes][Goodput ratio: 80/91][0.96 sec][Hostname/SNI: images-na.ssl-images-amazon.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.247 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 51/50 222/242 77/88][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 342/754 1351/1514 506/588][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][ServerNames: images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com][Certificate SHA-1: 39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52][Validity: 2016-09-23 00:00:00 - 2017-10-26 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,10,0,5,0,0,5,0,10,0,0,0,0,0,10,0,0,0,0,0,0,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,5,15,0,0,0,0,27,0,0] - 14 TCP 172.16.42.216:51997 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][16 pkts/1611 bytes <-> 14 pkts/16206 bytes][Goodput ratio: 34/94][1.14 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.819 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 68/24 628/205 165/61][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 101/1158 613/1514 132/593][URL: ecx.images-amazon.com/images/I/61Tfp7ZVcoL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][Server: Server][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][PLAIN TEXT (GET /images/I/61Tfp)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,83,0,0] - 15 TCP 172.16.42.216:51989 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 8][cat: Web/5][17 pkts/2771 bytes <-> 14 pkts/14992 bytes][Goodput ratio: 59/94][1.36 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.688 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 71/69 377/743 125/213][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 163/1071 613/1514 208/642][URL: ecx.images-amazon.com/images/I/71pwMKDRQIL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][Server: Server][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][PLAIN TEXT (zTGET /images/I/71pwMKDRQIL.)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,69,0,0] + 14 TCP 172.16.42.216:51997 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][16 pkts/1611 bytes <-> 14 pkts/16206 bytes][Goodput ratio: 34/94][1.14 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.819 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 68/24 628/205 165/61][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 101/1158 613/1514 132/593][URL: ecx.images-amazon.com/images/I/61Tfp7ZVcoL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][Server: Server][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.711 (Executable)][PLAIN TEXT (GET /images/I/61Tfp)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,83,0,0] + 15 TCP 172.16.42.216:51989 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 8][cat: Web/5][17 pkts/2771 bytes <-> 14 pkts/14992 bytes][Goodput ratio: 59/94][1.36 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.688 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 71/69 377/743 125/213][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 163/1071 613/1514 208/642][URL: ecx.images-amazon.com/images/I/71pwMKDRQIL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][Server: Server][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.716 (Executable)][PLAIN TEXT (zTGET /images/I/71pwMKDRQIL.)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,69,0,0] 16 TCP 172.16.42.216:44912 <-> 54.239.23.94:443 [proto: 91.265/TLS.AmazonAWS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 11][cat: Cloud/13][19 pkts/11483 bytes <-> 14 pkts/5858 bytes][Goodput ratio: 91/86][10.46 sec][Hostname/SNI: mobileanalytics.us-east-1.amazonaws.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: 0.324 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 552/875 3665/7470 1005/2334][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 604/418 1514/1514 650/593][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][ServerNames: mobileanalytics.us-east-1.amazonaws.com][JA3S: 159d46e54a2c066ef95e656fdf034e1d][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=mobileanalytics.us-east-1.amazonaws.com][Certificate SHA-1: 87:AD:E9:2D:E8:42:F0:5C:3A:09:13:00:12:93:59:04:84:C3:E2:2D][Validity: 2016-05-31 00:00:00 - 2017-06-26 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,6,0,6,0,0,0,6,0,0,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,41,0,27,0,0] - 17 TCP 172.16.42.216:51990 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][15 pkts/1557 bytes <-> 13 pkts/15104 bytes][Goodput ratio: 35/94][1.25 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.813 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 88/21 682/138 190/45][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 104/1162 613/1514 136/600][URL: ecx.images-amazon.com/images/I/612xlaOI2NL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][Server: Server][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][PLAIN TEXT (tyGET /images/I/612)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,72,0,0] - 18 TCP 172.16.42.216:51988 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][15 pkts/1557 bytes <-> 13 pkts/14454 bytes][Goodput ratio: 35/94][1.26 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.806 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 77/27 681/154 186/53][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 104/1112 613/1514 136/592][URL: ecx.images-amazon.com/images/I/61oBTb+jZvL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][Server: Server][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][PLAIN TEXT (GET /images/I/61oBTb)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,72,0,0] + 17 TCP 172.16.42.216:51990 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][15 pkts/1557 bytes <-> 13 pkts/15104 bytes][Goodput ratio: 35/94][1.25 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.813 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 88/21 682/138 190/45][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 104/1162 613/1514 136/600][URL: ecx.images-amazon.com/images/I/612xlaOI2NL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][Server: Server][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.712 (Executable)][PLAIN TEXT (tyGET /images/I/612)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,72,0,0] + 18 TCP 172.16.42.216:51988 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][15 pkts/1557 bytes <-> 13 pkts/14454 bytes][Goodput ratio: 35/94][1.26 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.806 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 77/27 681/154 186/53][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 104/1112 613/1514 136/592][URL: ecx.images-amazon.com/images/I/61oBTb+jZvL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][Server: Server][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.731 (Executable)][PLAIN TEXT (GET /images/I/61oBTb)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,72,0,0] 19 TCP 172.16.42.216:40871 <-> 54.239.29.253:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 7][cat: Web/5][20 pkts/7766 bytes <-> 21 pkts/8198 bytes][Goodput ratio: 86/86][3.82 sec][Hostname/SNI: skills-store.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.027 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 182/130 1403/1107 358/296][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 388/390 1514/1514 570/458][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,18,9,4,0,0,0,9,4,0,0,0,4,0,0,0,0,13,0,0,0,4,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0] 20 TCP 172.16.42.216:41912 <-> 52.84.62.115:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 8][cat: Web/5][16 pkts/3960 bytes <-> 14 pkts/11986 bytes][Goodput ratio: 73/92][0.96 sec][Hostname/SNI: images-na.ssl-images-amazon.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.503 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 71/14 669/71 174/23][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 248/856 1340/1514 415/644][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][ServerNames: images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com][Certificate SHA-1: 39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52][Validity: 2016-09-23 00:00:00 - 2017-10-26 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,6,0,18,0,0,6,0,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,12,0,0,0,0,0,38,0,0] - 21 TCP 172.16.42.216:51985 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][16 pkts/1623 bytes <-> 14 pkts/14282 bytes][Goodput ratio: 34/93][1.26 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.796 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 84/45 682/281 185/91][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 101/1020 613/1514 132/664][URL: ecx.images-amazon.com/images/I/51woiL9kgkL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][Server: Server][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][PLAIN TEXT (GET /images/I/51woiL9)][Plen Bins: 0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,75,0,0] - 22 TCP 172.16.42.216:51996 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][15 pkts/1545 bytes <-> 13 pkts/14178 bytes][Goodput ratio: 35/94][1.13 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.803 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 75/22 764/207 210/62][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103/1091 613/1514 136/639][URL: ecx.images-amazon.com/images/I/81Ni5COup-L._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][Server: Server][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][PLAIN TEXT (GET /images/I/81Ni5)][Plen Bins: 0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,81,0,0] + 21 TCP 172.16.42.216:51985 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][16 pkts/1623 bytes <-> 14 pkts/14282 bytes][Goodput ratio: 34/93][1.26 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.796 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 84/45 682/281 185/91][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 101/1020 613/1514 132/664][URL: ecx.images-amazon.com/images/I/51woiL9kgkL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][Server: Server][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.701 (Executable)][PLAIN TEXT (GET /images/I/51woiL9)][Plen Bins: 0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,75,0,0] + 22 TCP 172.16.42.216:51996 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][15 pkts/1545 bytes <-> 13 pkts/14178 bytes][Goodput ratio: 35/94][1.13 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.803 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 75/22 764/207 210/62][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103/1091 613/1514 136/639][URL: ecx.images-amazon.com/images/I/81Ni5COup-L._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][Server: Server][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.708 (Executable)][PLAIN TEXT (GET /images/I/81Ni5)][Plen Bins: 0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,81,0,0] 23 TCP 172.16.42.216:53682 <-> 54.239.22.185:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 9][cat: Web/5][16 pkts/10167 bytes <-> 13 pkts/5328 bytes][Goodput ratio: 91/86][163.85 sec][Hostname/SNI: firs-ta-g7g.amazon.com][bytes ratio: 0.312 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 12603/417 159135/3907 42305/1164][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 635/410 1514/1514 644/520][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: bdf21e38e1f69776df407235625e75e2][JA4: t12d220500_5fd681855ab9_c70a3c84db07][ServerNames: firs-ta-g7g.amazon.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=firs-ta-g7g.amazon.com][Certificate SHA-1: A0:32:45:00:21:A0:00:56:62:BA:FE:E7:68:81:40:5F:68:7E:A6:86][Firefox][Validity: 2016-11-25 00:00:00 - 2017-12-31 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,6,0,6,0,0,0,6,0,0,0,0,6,0,0,0,0,0,13,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,47,0,0] 24 TCP 172.16.42.216:45712 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 9][cat: Web/5][24 pkts/11240 bytes <-> 18 pkts/3909 bytes][Goodput ratio: 88/73][5.97 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.484 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 271/206 1239/905 390/325][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 468/217 1514/715 608/241][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,10,5,5,0,10,10,5,0,0,0,0,0,0,5,5,5,0,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0] 25 TCP 172.16.42.216:40854 <-> 54.239.29.253:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][21 pkts/6285 bytes <-> 16 pkts/8842 bytes][Goodput ratio: 82/90][2.68 sec][Hostname/SNI: skills-store.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.169 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 146/106 1158/932 299/253][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 299/553 1514/1514 504/512][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][ServerNames: skills-store.amazon.com][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=skills-store.amazon.com][Certificate SHA-1: 2A:40:0E:E9:9A:EC:7C:0D:40:AA:C9:C5:66:67:00:B8:3E:90:DC:B2][Validity: 2016-05-14 00:00:00 - 2017-05-15 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,11,0,0,0,0,11,0,0,0,5,0,0,0,0,0,0,30,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,5,0,0,0,0,0,5,24,0,0] 26 TCP 172.16.42.216:55242 <-> 52.85.209.197:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 8][cat: Web/5][18 pkts/6706 bytes <-> 20 pkts/8204 bytes][Goodput ratio: 82/84][123.38 sec][Hostname/SNI: www.amazon.com][bytes ratio: -0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 87/100 290/445 108/155][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 373/410 1514/1514 532/546][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: bdf21e38e1f69776df407235625e75e2][JA4: t12d220500_5fd681855ab9_c70a3c84db07][ServerNames: amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com][JA3S: 389ed42c02ebecc32e73aa31def07e14][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com][Certificate SHA-1: EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E][Firefox][Validity: 2016-10-31 00:00:00 - 2017-12-31 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 15,15,0,5,0,0,5,10,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,5,0,0,10,0,0,21,0,0] 27 TCP 172.16.42.216:50799 <-> 54.239.28.178:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 7][cat: Web/5][20 pkts/9329 bytes <-> 17 pkts/5540 bytes][Goodput ratio: 88/82][10.48 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.255 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 636/760 7767/8001 1851/2099][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 466/326 1514/1514 612/473][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][ServerNames: pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com][Certificate SHA-1: 13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24][Validity: 2017-01-12 00:00:00 - 2018-01-13 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,18,0,0,5,0,5,5,0,0,11,0,0,0,0,0,5,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,43,0,0] - 28 TCP 172.16.42.216:51993 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][14 pkts/1479 bytes <-> 12 pkts/13075 bytes][Goodput ratio: 37/94][1.13 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.797 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 102/23 765/207 218/65][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 106/1090 613/1514 141/624][URL: ecx.images-amazon.com/images/I/61SZU-lPFNL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][Server: Server][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][PLAIN TEXT (GET /images/I/61S)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,80,0,0] - 29 TCP 172.16.42.216:51987 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][14 pkts/1491 bytes <-> 12 pkts/12826 bytes][Goodput ratio: 37/94][1.26 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.792 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 96/22 682/154 199/50][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 106/1069 613/1514 141/605][URL: ecx.images-amazon.com/images/I/71GcCNTb6kL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][Server: Server][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][PLAIN TEXT (GET /images/I/71GcCNTb6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,70,0,0] + 28 TCP 172.16.42.216:51993 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][14 pkts/1479 bytes <-> 12 pkts/13075 bytes][Goodput ratio: 37/94][1.13 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.797 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 102/23 765/207 218/65][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 106/1090 613/1514 141/624][URL: ecx.images-amazon.com/images/I/61SZU-lPFNL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][Server: Server][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.720 (Executable)][PLAIN TEXT (GET /images/I/61S)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,80,0,0] + 29 TCP 172.16.42.216:51987 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][14 pkts/1491 bytes <-> 12 pkts/12826 bytes][Goodput ratio: 37/94][1.26 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.792 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 96/22 682/154 199/50][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 106/1069 613/1514 141/605][URL: ecx.images-amazon.com/images/I/71GcCNTb6kL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][Server: Server][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.711 (Executable)][PLAIN TEXT (GET /images/I/71GcCNTb6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,70,0,0] 30 TCP 172.16.42.216:34069 <-> 54.239.24.186:443 [proto: 91.265/TLS.AmazonAWS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 7][cat: Cloud/13][16 pkts/12799 bytes <-> 14 pkts/1381 bytes][Goodput ratio: 93/40][4.36 sec][Hostname/SNI: mobileanalytics.us-east-1.amazonaws.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: 0.805 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 256/126 2464/986 644/293][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 800/99 1514/449 707/105][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,8,0,0,8,0,0,0,8,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,59,0,0] 31 TCP 172.16.42.216:45711 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 11][cat: Web/5][22 pkts/11642 bytes <-> 11 pkts/2484 bytes][Goodput ratio: 89/74][21.11 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.648 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/64 1023/2459 6019/9247 1749/3564][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 529/226 1514/955 611/323][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,12,6,0,0,6,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,6,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,31,0,0] 32 TCP 172.16.42.216:42130 <-> 72.21.206.135:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 11][cat: Web/5][18 pkts/6237 bytes <-> 14 pkts/6594 bytes][Goodput ratio: 84/88][2.59 sec][Hostname/SNI: fls-na.amazon.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 164/169 783/785 225/244][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 346/471 1514/1514 494/576][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][ServerNames: fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx][JA3S: 159d46e54a2c066ef95e656fdf034e1d][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com][Certificate SHA-1: 2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A][Validity: 2017-01-07 00:00:00 - 2018-01-30 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,6,0,6,0,0,20,0,0,6,0,0,0,13,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,34,0,0] @@ -93,7 +93,7 @@ JA3 Host Stats: 43 TCP 172.16.42.216:40864 <-> 54.239.29.253:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][15 pkts/2838 bytes <-> 16 pkts/7478 bytes][Goodput ratio: 71/88][4.06 sec][Hostname/SNI: skills-store.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.450 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 66/267 259/1771 98/509][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 189/467 1514/1514 363/499][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,20,6,0,0,0,6,13,0,0,0,0,0,0,0,0,0,26,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,20,0,0] 44 TCP 172.16.42.216:45693 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 7][cat: Web/5][15 pkts/4412 bytes <-> 13 pkts/5784 bytes][Goodput ratio: 81/87][4.69 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.135 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 390/24 4145/80 1133/32][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 294/445 1514/1514 485/599][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 7,15,7,0,7,0,7,7,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0] 45 TCP 172.16.42.216:54427 <-> 52.85.209.216:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][13 pkts/8467 bytes <-> 8 pkts/1403 bytes][Goodput ratio: 90/62][1.35 sec][Hostname/SNI: www.amazon.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: 0.716 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/12 109/125 514/453 157/165][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 651/175 1514/777 663/233][TLSv1.2][JA3C: 5ee142340adf02ded757447e2ff78986][JA4: t12d1511h2_f0daf39aad75_7ed7223c468c][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,11,0,0,11,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,22,0,0] - 46 TCP 172.16.42.216:51994 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 7][cat: Web/5][11 pkts/1293 bytes <-> 10 pkts/8334 bytes][Goodput ratio: 42/92][1.10 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.731 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 106/24 808/113 266/39][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 118/833 613/1514 157/652][URL: ecx.images-amazon.com/images/I/315y9IEXZSL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][Server: Server][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][PLAIN TEXT (GET /images/I/315)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,57,0,0] + 46 TCP 172.16.42.216:51994 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 7][cat: Web/5][11 pkts/1293 bytes <-> 10 pkts/8334 bytes][Goodput ratio: 42/92][1.10 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.731 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 106/24 808/113 266/39][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 118/833 613/1514 157/652][URL: ecx.images-amazon.com/images/I/315y9IEXZSL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][Server: Server][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.728 (Executable)][PLAIN TEXT (GET /images/I/315)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,57,0,0] 47 TCP 172.16.42.216:44001 <-> 176.32.101.52:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 8][cat: Web/5][22 pkts/4394 bytes <-> 19 pkts/5213 bytes][Goodput ratio: 72/79][101.63 sec][Hostname/SNI: dp-gw-na-js.amazon.com][bytes ratio: -0.085 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 5968/5788 80048/79926 19049/20563][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 200/274 1514/1514 303/442][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: 731bcada65b0a6f850bada3bdcd716d1][JA4: t12d150900_f0daf39aad75_e69ac49eb88f][ServerNames: dp-gw-na.amazon.com,dp-gw-na-js.amazon.com,dp-gw-na.amazon.co.uk,dp-gw-na.amazon.de,dp-gw-na.amazon.co.jp,dp-gw-na.amazon.in][JA3S: fbe78c619e7ea20046131294ad087f05][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=dp-gw-na.amazon.com][Certificate SHA-1: 27:E5:06:34:82:69:BC:97:5E:28:A3:C1:5A:23:81:C7:E3:28:95:8C][Validity: 2016-09-24 00:00:00 - 2017-09-13 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 9,14,4,4,4,0,29,9,0,4,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0] 48 TCP 172.16.42.216:45714 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][17 pkts/7542 bytes <-> 10 pkts/1990 bytes][Goodput ratio: 88/71][18.45 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.582 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1317/1449 6762/8309 2110/3069][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 444/199 1514/699 598/247][Risk: ** Weak TLS Cipher **** Malicious JA3 Fingerp. **][Risk Score: 150][Risk Info: d551fafc4f40f1dec2bb45980bfa9492 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,15,7,0,15,7,0,7,0,0,0,0,0,0,0,0,0,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,0,0] 49 TCP 172.16.42.216:38404 <-> 34.199.52.240:443 [proto: 91.265/TLS.AmazonAWS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 8][cat: Cloud/13][15 pkts/3140 bytes <-> 12 pkts/6286 bytes][Goodput ratio: 69/87][1.00 sec][Hostname/SNI: cognito-identity.us-east-1.amazonaws.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.334 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 74/55 364/256 109/84][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 209/524 950/1514 299/598][Risk: ** Malicious JA3 Fingerp. **][Risk Score: 50][Risk Info: d551fafc4f40f1dec2bb45980bfa9492][TLSv1.2][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][ServerNames: cognito-identity.amazonaws.com,cognito-identity.us-east-1.amazonaws.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=cognito-identity.us-east-1.amazonaws.com][Certificate SHA-1: 56:17:8F:E9:45:10:32:78:FF:FD:E3:09:60:5A:B5:3B:8D:8C:F8:34][Validity: 2016-05-25 00:00:00 - 2017-06-22 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 8,16,0,8,0,0,0,0,8,0,0,0,0,0,0,8,8,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] @@ -191,7 +191,7 @@ JA3 Host Stats: 141 UDP 172.16.42.216:41030 <-> 172.16.42.1:53 [proto: 5.110/DNS.AmazonAlexa][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/76 bytes <-> 1 pkts/115 bytes][Goodput ratio: 44/63][0.11 sec][Hostname/SNI: alexa.amazon.com][52.94.232.134][PLAIN TEXT (amazon)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 142 UDP 172.16.42.216:59908 <-> 172.16.42.1:53 [proto: 5.110/DNS.AmazonAlexa][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/76 bytes <-> 1 pkts/115 bytes][Goodput ratio: 44/63][0.27 sec][Hostname/SNI: alexa.amazon.com][54.239.28.178][PLAIN TEXT (amazon)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 143 UDP 172.16.42.216:64073 <-> 172.16.42.1:53 [proto: 5.110/DNS.AmazonAlexa][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/76 bytes <-> 1 pkts/115 bytes][Goodput ratio: 44/63][0.06 sec][Hostname/SNI: alexa.amazon.com][52.94.232.134][PLAIN TEXT (amazon)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 144 ICMP 172.16.42.1:0 -> 172.16.42.216:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/188 bytes -> 0 pkts/0 bytes][Goodput ratio: 55/0][2.80 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 144 ICMP 172.16.42.1:0 -> 172.16.42.216:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/188 bytes -> 0 pkts/0 bytes][Goodput ratio: 55/0][2.80 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy: 5.193 (Executable)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 145 UDP 172.16.42.216:14476 <-> 172.16.42.1:53 [proto: 5.178/DNS.Amazon][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/83 bytes <-> 1 pkts/99 bytes][Goodput ratio: 49/57][0.14 sec][Hostname/SNI: skills-store.amazon.com][54.239.29.253][PLAIN TEXT (skills)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 146 UDP 172.16.42.216:7358 <-> 172.16.42.1:53 [proto: 5.178/DNS.Amazon][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/98 bytes][Goodput ratio: 48/57][0.21 sec][Hostname/SNI: firs-ta-g7g.amazon.com][54.239.22.185][PLAIN TEXT (amazon)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 147 ICMPV6 [::]:0 -> [ff02::16]:0 [proto: 102/ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/180 bytes -> 0 pkts/0 bytes][Goodput ratio: 22/0][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/android.pcap.out b/tests/cfgs/default/result/android.pcap.out index 52330cbd39e..9b33ec688f3 100644 --- a/tests/cfgs/default/result/android.pcap.out +++ b/tests/cfgs/default/result/android.pcap.out @@ -70,11 +70,11 @@ JA3 Host Stats: 15 TCP 192.168.2.16:43634 <-> 172.217.20.76:443 [proto: 91.46/TLS.DataSaver][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 7][cat: Web/5][8 pkts/1005 bytes <-> 6 pkts/3460 bytes][Goodput ratio: 51/88][0.11 sec][Hostname/SNI: proxy.googlezip.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.550 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/16 39/61 13/26][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 126/577 583/1484 173/646][TLSv1.3][JA3C: 66918128f1b9b03303d77c6f2eefd128][JA4: t00d1615h2_46e7e9700bed_45f260be83e2][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] 16 TCP 192.168.2.16:32998 <-> 216.239.38.120:443 [proto: 91.126/TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 7][cat: Web/5][8 pkts/1005 bytes <-> 6 pkts/3449 bytes][Goodput ratio: 51/88][0.05 sec][Hostname/SNI: accounts.google.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.549 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/9 20/17 8/8][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 126/575 583/1484 173/647][TLSv1.3][JA3C: 66918128f1b9b03303d77c6f2eefd128][JA4: t00d1615h2_46e7e9700bed_45f260be83e2][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] 17 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][12 pkts/4088 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][82.22 sec][Hostname/SNI: lucas-imac][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 130/0 6001/0 8764/0 3124/0][Pkt Len c2s/s2c min/avg/max/stddev: 328/0 341/0 342/0 4/0][DHCP Fingerprint: 1,121,3,6,15,119,252,95,44,46][PLAIN TEXT (android)][Plen Bins: 0,0,0,0,0,0,0,0,8,91,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 18 TCP 192.168.2.16:36834 <-> 173.194.79.114:80 [proto: 7.46/HTTP.DataSaver][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][8 pkts/1130 bytes <-> 5 pkts/1254 bytes][Goodput ratio: 53/73][0.30 sec][Hostname/SNI: check.googlezip.net][bytes ratio: -0.052 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/1 41/59 105/141 31/59][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 141/251 363/524 128/223][URL: check.googlezip.net/connect][StatusCode: 200][Content-Type: text/html][Server: sffe][User-Agent: Mozilla/5.0 (Linux; Android 9; Nokia 2.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.93 Mobile Safari/537.36][PLAIN TEXT (GET /connect HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 18 TCP 192.168.2.16:36834 <-> 173.194.79.114:80 [proto: 7.46/HTTP.DataSaver][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][8 pkts/1130 bytes <-> 5 pkts/1254 bytes][Goodput ratio: 53/73][0.30 sec][Hostname/SNI: check.googlezip.net][bytes ratio: -0.052 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/1 41/59 105/141 31/59][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 141/251 363/524 128/223][URL: check.googlezip.net/connect][StatusCode: 200][Content-Type: text/html][Server: sffe][User-Agent: Mozilla/5.0 (Linux; Android 9; Nokia 2.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.93 Mobile Safari/537.36][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.409 (Executable)][PLAIN TEXT (GET /connect HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 19 TCP 192.168.2.16:44374 <-> 172.217.22.10:443 [proto: 91.239/TLS.GoogleServices][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][3 pkts/723 bytes <-> 3 pkts/1624 bytes][Goodput ratio: 71/87][0.10 sec][Hostname/SNI: android.googleapis.com][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.384 (Download)][IAT c2s/s2c min/avg/max/stddev: 26/9 33/38 40/66 7/28][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 241/541 583/1484 242/667][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.3][JA3C: 629b587f706aee60430ec3879c6edb66][JA4: t13d171200_5b57614c22b0_931b75671d98][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Safari][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0] 20 TCP 192.168.2.16:58338 <-> 17.253.53.201:80 [proto: 7.140/HTTP.Apple][IP: 140/Apple][ClearText][Confidence: DPI][DPI packets: 6][cat: ConnCheck/30][6 pkts/607 bytes <-> 5 pkts/1053 bytes][Goodput ratio: 33/68][0.16 sec][Hostname/SNI: captive.apple.com][bytes ratio: -0.269 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/0 25/23 42/46 15/23][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 101/211 269/781 75/285][URL: captive.apple.com/][StatusCode: 200][Content-Type: text/html][Server: ATS/8.0.6][User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.32 Safari/537.36][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 21 UDP 192.168.2.1:17500 -> 192.168.2.255:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Cloud/13][3 pkts/1656 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][60.10 sec][PLAIN TEXT (version)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 22 TCP 192.168.2.16:36848 <-> 173.194.79.114:80 [proto: 7.46/HTTP.DataSaver][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][4 pkts/569 bytes <-> 3 pkts/664 bytes][Goodput ratio: 52/69][0.11 sec][Hostname/SNI: check.googlezip.net][bytes ratio: -0.077 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 31/1 37/36 41/72 4/36][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 142/221 363/524 127/214][URL: check.googlezip.net/connect][StatusCode: 200][Content-Type: text/html][Server: sffe][User-Agent: Mozilla/5.0 (Linux; Android 9; Nokia 2.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.93 Mobile Safari/537.36][PLAIN TEXT (GET /connect HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 22 TCP 192.168.2.16:36848 <-> 173.194.79.114:80 [proto: 7.46/HTTP.DataSaver][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][4 pkts/569 bytes <-> 3 pkts/664 bytes][Goodput ratio: 52/69][0.11 sec][Hostname/SNI: check.googlezip.net][bytes ratio: -0.077 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 31/1 37/36 41/72 4/36][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 142/221 363/524 127/214][URL: check.googlezip.net/connect][StatusCode: 200][Content-Type: text/html][Server: sffe][User-Agent: Mozilla/5.0 (Linux; Android 9; Nokia 2.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.93 Mobile Safari/537.36][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.409 (Executable)][PLAIN TEXT (GET /connect HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 23 TCP 17.248.176.75:443 -> 192.168.2.17:50580 [proto: 91/TLS][IP: 140/Apple][Encrypted][Confidence: DPI][DPI packets: 2][cat: Web/5][8 pkts/1067 bytes -> 0 pkts/0 bytes][Goodput ratio: 50/0][18.90 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 294/0 2700/0 9727/0 3229/0][Pkt Len c2s/s2c min/avg/max/stddev: 97/0 133/0 143/0 17/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 12,12,75,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 24 TCP 17.248.176.75:443 -> 192.168.2.17:50584 [proto: 91/TLS][IP: 140/Apple][Encrypted][Confidence: DPI][DPI packets: 2][cat: Web/5][8 pkts/1067 bytes -> 0 pkts/0 bytes][Goodput ratio: 50/0][19.37 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 300/0 2767/0 9727/0 3262/0][Pkt Len c2s/s2c min/avg/max/stddev: 97/0 133/0 143/0 17/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 12,12,75,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 25 TCP 192.168.2.16:52514 <-> 172.217.20.74:443 [proto: 91.239/TLS.GoogleServices][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 4][cat: Web/5][3 pkts/723 bytes <-> 1 pkts/74 bytes][Goodput ratio: 71/0][0.27 sec][Hostname/SNI: semanticlocation-pa.googleapis.com][(Advertised) ALPNs: h2][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][TLSv1.2][JA3C: 33490b1d5377580b19f7f9b5849d7991][JA4: t13d1712h][Safari][PLAIN TEXT (semanticlocation)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/anyconnect-vpn.pcap.out b/tests/cfgs/default/result/anyconnect-vpn.pcap.out index e16b6ef2477..8d4dd60607b 100644 --- a/tests/cfgs/default/result/anyconnect-vpn.pcap.out +++ b/tests/cfgs/default/result/anyconnect-vpn.pcap.out @@ -58,14 +58,14 @@ JA3 Host Stats: 2 TCP 10.0.0.227:56919 <-> 8.37.102.91:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 12][cat: Web/5][28 pkts/9088 bytes <-> 26 pkts/16944 bytes][Goodput ratio: 80/90][23.14 sec][(Advertised) ALPNs: http/1.1][bytes ratio: -0.302 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1048/487 11570/9008 2987/2009][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 325/652 1514/1514 494/646][Risk: ** Weak TLS Cipher **** Missing SNI TLS Extn **** ALPN/SNI Mismatch **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TLSv1.2][JA3C: 9f1a41f932f274fe47a992310a26a23a][JA4: t12d2204ht_95b9206a23eb_1ea9011b3dfa][ServerNames: *.pandion.viasat.com,pandion.viasat.com][JA3S: 82f0d8a75fa483d1cfe4b7085b784d7e (WEAK)][Issuer: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K][Subject: C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com][Certificate SHA-1: 92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA][Firefox][Validity: 2019-02-05 21:43:58 - 2021-02-05 22:13:57][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,12,4,0,0,4,0,0,0,8,0,0,0,0,0,0,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,8,4,0,0,0,4,0,4,0,16,0,25,0,0] 3 TCP 10.0.0.227:56921 <-> 8.37.96.194:4287 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][29 pkts/5373 bytes <-> 28 pkts/7580 bytes][Goodput ratio: 64/75][2.30 sec][bytes ratio: -0.170 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 91/63 593/619 145/135][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 185/271 1261/1434 259/387][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **** TLS Cert About To Expire **][Risk Score: 160][Risk Info: No ALPN / 29/Aug/2019 00:12:40 - 08/Oct/2019 00:12:40][TLSv1.2][JA3C: e3adec914f3893f18136762f1c0d7d81][JA4: t12d070500_c20ebc0cf62a_824431ce7cfe][JA3S: e54965894d6b45ecb4323c7ea3d6c115][Issuer: CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US][Subject: CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US][Certificate SHA-1: 86:2A:47:EF:00:68:79:60:7F:94:E2:91:6F:E0:38:82:37:8A:8E:2E][Firefox][Validity: 2019-08-29 00:12:40 - 2019-10-08 00:12:40][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,44,3,3,3,3,3,0,3,3,3,0,3,7,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,3,0,3,0,0,0,0,0] 4 TCP 10.0.0.227:56918 <-> 8.37.102.91:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 12][cat: Web/5][16 pkts/2739 bytes <-> 14 pkts/7315 bytes][Goodput ratio: 61/87][0.35 sec][(Advertised) ALPNs: http/1.1][bytes ratio: -0.455 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 23/26 48/88 21/29][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 171/522 1175/1514 274/624][Risk: ** Weak TLS Cipher **** Missing SNI TLS Extn **** ALPN/SNI Mismatch **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TLSv1.2][JA3C: 9f1a41f932f274fe47a992310a26a23a][JA4: t12d2204ht_95b9206a23eb_1ea9011b3dfa][ServerNames: *.pandion.viasat.com,pandion.viasat.com][JA3S: 82f0d8a75fa483d1cfe4b7085b784d7e (WEAK)][Issuer: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K][Subject: C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com][Certificate SHA-1: 92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA][Firefox][Validity: 2019-02-05 21:43:58 - 2021-02-05 22:13:57][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,16,8,0,0,8,0,8,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,8,0,25,0,0] - 5 UDP 10.0.0.227:54107 <-> 8.37.102.91:443 [proto: 30/DTLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: Web/5][14 pkts/2322 bytes <-> 15 pkts/3787 bytes][Goodput ratio: 75/83][0.24 sec][bytes ratio: -0.240 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 21/16 47/46 19/20][Pkt Len c2s/s2c min/avg/max/stddev: 135/90 166/252 199/407 17/74][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLS (0100)][TLS (0100)][JA3C: ee2a8029d94a1e0f64493aac044a9a9e][JA4: ts3d010000_2cfe23c976cf_e3b0c44298fc][JA3S: cee68a158056f16c2d1b274dde4e2ec3][Cipher: TLS_DHE_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,3,3,39,13,18,3,6,6,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 5 UDP 10.0.0.227:54107 <-> 8.37.102.91:443 [proto: 30/DTLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: Web/5][14 pkts/2322 bytes <-> 15 pkts/3787 bytes][Goodput ratio: 75/83][0.24 sec][bytes ratio: -0.240 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 21/16 47/46 19/20][Pkt Len c2s/s2c min/avg/max/stddev: 135/90 166/252 199/407 17/74][Risk: ** Obsolete TLS (v1.1 or older) **** Susp Entropy **][Risk Score: 150][Risk Info: TLS (0100) / Entropy: 5.320 (Executable)][TLS (0100)][JA3C: ee2a8029d94a1e0f64493aac044a9a9e][JA4: ts3d010000_2cfe23c976cf_e3b0c44298fc][JA3S: cee68a158056f16c2d1b274dde4e2ec3][Cipher: TLS_DHE_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,3,3,39,13,18,3,6,6,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 6 TCP 10.0.0.227:56920 <-> 99.86.34.156:443 [proto: 91.118/TLS.Slack][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 6][cat: Collaborative/15][16 pkts/2949 bytes <-> 11 pkts/1876 bytes][Goodput ratio: 64/61][11.47 sec][Hostname/SNI: slack.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: 0.222 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 866/28 11074/80 2947/34][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 184/171 853/487 228/155][TLSv1.2][JA3C: d8dc5f8940df366b3a58b935569143e8][JA4: t12d1313h2_8b80da21ef18_e48c60694ef0][JA3S: 7bee5c1d424b7e5f943b06983bb11422][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,34,16,0,8,0,0,0,0,0,0,0,8,16,0,0,8,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 7 TCP 10.0.0.227:56884 <-> 184.25.56.77:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: ConnCheck/30][12 pkts/2303 bytes <-> 7 pkts/2382 bytes][Goodput ratio: 67/81][18.51 sec][Hostname/SNI: detectportal.firefox.com][bytes ratio: -0.017 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 7/31 1824/3642 10081/10083 3593/4385][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 192/340 373/450 153/173][URL: detectportal.firefox.com/success.txt?ipv4][StatusCode: 200][Content-Type: text/plain][Server: AmazonS3][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko/20100101 Firefox/69.0][PLAIN TEXT (GET /success.txt)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 8 TCP 10.0.0.227:56320 <-> 10.0.0.149:8009 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 2][cat: Web/5][20 pkts/2420 bytes <-> 10 pkts/1760 bytes][Goodput ratio: 45/62][45.04 sec][bytes ratio: 0.158 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2/5003 2648/5004 5001/5006 2495/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/176 121/176 176/176 55/0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 9 ICMPV6 [fe80::2e7e:81ff:feb0:4aa1]:0 -> [ff02::1]:0 [proto: 102/ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][16 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 64/0][45.47 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2867/0 3028/0 3072/0 84/0][Pkt Len c2s/s2c min/avg/max/stddev: 174/0 174/0 174/0 0/0][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 10 TCP 10.0.0.227:56955 <-> 10.0.0.151:8060 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][6 pkts/650 bytes <-> 5 pkts/1668 bytes][Goodput ratio: 37/80][4.02 sec][Hostname/SNI: 10.0.0.151][bytes ratio: -0.439 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 4/4 9/6 3/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 108/334 308/1206 89/442][URL: 10.0.0.151:8060/dial/dd.xml][StatusCode: 200][Content-Type: text/xml][Server: Roku UPnP/1.0 MiniUPnPd/1.4][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 10.0.0.151][PLAIN TEXT (GET /dial/dd.xml HTTP/1.1)][Plen Bins: 0,0,0,0,0,33,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0] + 10 TCP 10.0.0.227:56955 <-> 10.0.0.151:8060 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][6 pkts/650 bytes <-> 5 pkts/1668 bytes][Goodput ratio: 37/80][4.02 sec][Hostname/SNI: 10.0.0.151][bytes ratio: -0.439 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 4/4 9/6 3/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 108/334 308/1206 89/442][URL: 10.0.0.151:8060/dial/dd.xml][StatusCode: 200][Content-Type: text/xml][Server: Roku UPnP/1.0 MiniUPnPd/1.4][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **][Risk Score: 110][Risk Info: Found host 10.0.0.151 / Entropy: 5.388 (Executable)][PLAIN TEXT (GET /dial/dd.xml HTTP/1.1)][Plen Bins: 0,0,0,0,0,33,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0] 11 TCP 10.0.0.227:56917 <-> 184.25.56.77:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: ConnCheck/30][6 pkts/976 bytes <-> 4 pkts/1032 bytes][Goodput ratio: 62/74][18.47 sec][Hostname/SNI: detectportal.firefox.com][bytes ratio: -0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 28/573 3694/6151 10081/10078 4344/4052][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 163/258 368/450 145/192][URL: detectportal.firefox.com/success.txt][StatusCode: 200][Content-Type: text/plain][Server: AmazonS3][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko/20100101 Firefox/69.0][PLAIN TEXT (GET /success.txt HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 12 TCP 10.0.0.227:56954 <-> 10.0.0.149:8008 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][4 pkts/527 bytes <-> 3 pkts/1401 bytes][Goodput ratio: 48/85][0.01 sec][Hostname/SNI: 10.0.0.149][bytes ratio: -0.453 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/3 2/3 6/3 3/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 132/467 317/1261 107/561][URL: 10.0.0.149:8008/ssdp/device-desc.xml][StatusCode: 200][Content-Type: application/xml][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 10.0.0.149 / Expected on port 80][PLAIN TEXT (HGET /ssdp/device)][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0] + 12 TCP 10.0.0.227:56954 <-> 10.0.0.149:8008 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][4 pkts/527 bytes <-> 3 pkts/1401 bytes][Goodput ratio: 48/85][0.01 sec][Hostname/SNI: 10.0.0.149][bytes ratio: -0.453 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/3 2/3 6/3 3/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 132/467 317/1261 107/561][URL: 10.0.0.149:8008/ssdp/device-desc.xml][StatusCode: 200][Content-Type: application/xml][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **][Risk Score: 110][Risk Info: Found host 10.0.0.149 / Expected on port 80 / Entropy: 5.413 (Executable)][PLAIN TEXT (HGET /ssdp/device)][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0] 13 UDP [fe80::408:3e45:3abc:1552]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Network/14][9 pkts/1628 bytes -> 0 pkts/0 bytes][Goodput ratio: 66/0][25.40 sec][Hostname/SNI: _raop._tcp.local][_raop._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 819/0 3174/0 11263/0 3646/0][Pkt Len c2s/s2c min/avg/max/stddev: 152/0 181/0 206/0 24/0][PLAIN TEXT (companion)][Plen Bins: 0,0,33,22,44,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 14 UDP 10.0.0.227:137 -> 10.0.0.255:137 [proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][15 pkts/1542 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][6.05 sec][Hostname/SNI: lp-rkerur-osx][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 465/0 1499/0 677/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/0 103/0 110/0 9/0][PLAIN TEXT ( EMFACNFCELEFFC)][Plen Bins: 0,40,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 15 TCP 10.0.0.227:56914 <-> 52.37.243.173:443 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 5][cat: Web/5][8 pkts/847 bytes <-> 7 pkts/651 bytes][Goodput ratio: 38/29][21.75 sec][bytes ratio: 0.131 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 35/1 3340/2605 9634/9670 4130/3611][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 106/93 131/129 31/31][Plen Bins: 0,75,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/bot.pcap.out b/tests/cfgs/default/result/bot.pcap.out index 808706e8c38..df84a2c735f 100644 --- a/tests/cfgs/default/result/bot.pcap.out +++ b/tests/cfgs/default/result/bot.pcap.out @@ -25,4 +25,4 @@ HTTP 402 431124 1 Acceptable 402 431124 1 - 1 TCP 40.77.167.36:64768 <-> 89.31.72.220:80 [VLAN: 77][proto: 7/HTTP][IP: 276/Azure][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][115 pkts/7672 bytes <-> 287 pkts/423452 bytes][Goodput ratio: 4/96][5.66 sec][Hostname/SNI: atlanteditorino.it][bytes ratio: -0.964 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 58/3 4532/106 489/16][Pkt Len c2s/s2c min/avg/max/stddev: 64/64 67/1475 374/1498 29/171][URL: atlanteditorino.it/quartieri/img/S.Donato_M.Vittoria1930_B.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: Apache][User-Agent: Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)][Risk: ** Crawler/Bot **][Risk Score: 10][Risk Info: UA Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/b][PLAIN TEXT (GET /quartieri/im)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0] + 1 TCP 40.77.167.36:64768 <-> 89.31.72.220:80 [VLAN: 77][proto: 7/HTTP][IP: 276/Azure][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][115 pkts/7672 bytes <-> 287 pkts/423452 bytes][Goodput ratio: 4/96][5.66 sec][Hostname/SNI: atlanteditorino.it][bytes ratio: -0.964 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 58/3 4532/106 489/16][Pkt Len c2s/s2c min/avg/max/stddev: 64/64 67/1475 374/1498 29/171][URL: atlanteditorino.it/quartieri/img/S.Donato_M.Vittoria1930_B.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: Apache][User-Agent: Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)][Risk: ** Susp Entropy **** Crawler/Bot **][Risk Score: 60][Risk Info: UA Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/b / Entropy: 5.159 (Executable)][PLAIN TEXT (GET /quartieri/im)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0] diff --git a/tests/cfgs/default/result/bt-http.pcapng.out b/tests/cfgs/default/result/bt-http.pcapng.out index 5407751c067..9bb93834b65 100644 --- a/tests/cfgs/default/result/bt-http.pcapng.out +++ b/tests/cfgs/default/result/bt-http.pcapng.out @@ -25,4 +25,4 @@ BitTorrent 14 1492 1 Acceptable 14 1492 1 - 1 TCP 192.168.1.128:46882 <-> 176.31.225.118:80 [proto: 7.37/HTTP.BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 7][cat: Download/7][12 pkts/1038 bytes <-> 2 pkts/454 bytes][Goodput ratio: 36/75][57.56 sec][Hostname/SNI: tracker.trackerfix.com][bytes ratio: 0.391 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 5384/0 28927/0 8989/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 86/227 424/394 102/167][URL: tracker.trackerfix.com/announce?info_hash=%aa7i%c4S%0d%de%06%24%18s%da%d4%3a%b5%cc%ec%2c%e6%22&peer_id=-TR2940-chho92c56pul&port=51413&uploaded=0&downloaded=0&left=282050560&numwant=80&key=3b5502cc&compact=1&supportcrypto=1&requirecrypto=1&event=started][User-Agent: Transmission/2.94][PLAIN TEXT (GET /announce)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 TCP 192.168.1.128:46882 <-> 176.31.225.118:80 [proto: 7.37/HTTP.BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 7][cat: Download/7][12 pkts/1038 bytes <-> 2 pkts/454 bytes][Goodput ratio: 36/75][57.56 sec][Hostname/SNI: tracker.trackerfix.com][bytes ratio: 0.391 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 5384/0 28927/0 8989/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 86/227 424/394 102/167][URL: tracker.trackerfix.com/announce?info_hash=%aa7i%c4S%0d%de%06%24%18s%da%d4%3a%b5%cc%ec%2c%e6%22&peer_id=-TR2940-chho92c56pul&port=51413&uploaded=0&downloaded=0&left=282050560&numwant=80&key=3b5502cc&compact=1&supportcrypto=1&requirecrypto=1&event=started][User-Agent: Transmission/2.94][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.357 (Executable)][PLAIN TEXT (GET /announce)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/collectd.pcap.out b/tests/cfgs/default/result/collectd.pcap.out index 33257de70e2..a884ed0a2e1 100644 --- a/tests/cfgs/default/result/collectd.pcap.out +++ b/tests/cfgs/default/result/collectd.pcap.out @@ -30,9 +30,9 @@ Acceptable 81 109386 8 1 UDP 127.0.0.1:35988 -> 127.0.0.1:25826 [proto: 298/collectd][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][49 pkts/66012 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][406.49 sec][Hostname/SNI: devlap.fritz.box][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8783/0 10000/0 3188/0][Pkt Len c2s/s2c min/avg/max/stddev: 193/0 1347/0 1388/0 167/0][PLAIN TEXT (devlap.fritz.box)][Plen Bins: 0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,83,10,0,0,0,0,0] 2 UDP 127.0.0.1:36832 -> 127.0.0.1:25826 [proto: 298/collectd][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][17 pkts/22755 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][134.67 sec][Hostname/SNI: devlap.fritz.box][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8311/0 10000/0 3518/0][Pkt Len c2s/s2c min/avg/max/stddev: 924/0 1339/0 1384/0 104/0][PLAIN TEXT (devlap.fritz.box)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,5,89,0,0,0,0,0,0] - 3 UDP 192.168.178.35:39576 -> 239.192.74.66:25826 [proto: 298/collectd][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 6][cat: System/18][6 pkts/8363 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][708570048.00 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 907/0 141714014208/0 708570000000/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 1274/0 1394/0 1434/0 54/0][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy 7.84][PLAIN TEXT (RmBJSP)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,33,50,0,0,0,0] + 3 UDP 192.168.178.35:39576 -> 239.192.74.66:25826 [proto: 298/collectd][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 6][cat: System/18][6 pkts/8363 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][708570048.00 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 907/0 141714014208/0 708570000000/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 1274/0 1394/0 1434/0 54/0][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 7.844 (Encrypted or Random)][PLAIN TEXT (RmBJSP)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,33,50,0,0,0,0] 4 UDP 127.0.0.1:54138 -> 127.0.0.1:25826 [proto: 298/collectd][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][5 pkts/6744 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][33.27 sec][Hostname/SNI: devlap.fritz.box][PLAIN TEXT (devlap.fritz.box)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,20,40,20,0,0,0,0,0] - 5 UDP 192.168.178.35:39577 -> 239.192.74.66:25826 [proto: 298/collectd][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: System/18][1 pkts/1408 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy 7.84][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 5 UDP 192.168.178.35:39577 -> 239.192.74.66:25826 [proto: 298/collectd][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: System/18][1 pkts/1408 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 7.843 (Encrypted or Random)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] 6 UDP 127.0.0.1:36064 -> 127.0.0.1:25826 [proto: 298/collectd][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/1368 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: devlap.fritz.box][PLAIN TEXT (devlap.fritz.box)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0] 7 UDP 127.0.0.1:36320 -> 127.0.0.1:25826 [proto: 298/collectd][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: System/18][1 pkts/1368 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][PLAIN TEXT (devlap.fritz.box)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0] 8 UDP 127.0.0.1:36576 -> 127.0.0.1:25826 [proto: 298/collectd][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/1368 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: devlap.fritz.box][PLAIN TEXT (devlap.fritz.box)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/discord_mid_flow.pcap.out b/tests/cfgs/default/result/discord_mid_flow.pcap.out index e9640529153..cfe0ca10bb3 100644 --- a/tests/cfgs/default/result/discord_mid_flow.pcap.out +++ b/tests/cfgs/default/result/discord_mid_flow.pcap.out @@ -14,7 +14,7 @@ Automa domain: 0/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) Automa common alpns: 0/0 (search/found) -Patricia risk mask: 0/0 (search/found) +Patricia risk mask: 2/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 1/0 (search/found) Patricia risk IPv6: 0/0 (search/found) diff --git a/tests/cfgs/default/result/dns-exf.pcap.out b/tests/cfgs/default/result/dns-exf.pcap.out index 97101800e8b..ec2619f6641 100644 --- a/tests/cfgs/default/result/dns-exf.pcap.out +++ b/tests/cfgs/default/result/dns-exf.pcap.out @@ -25,4 +25,4 @@ DNS 2 342 1 Acceptable 2 342 1 - 1 UDP 192.168.2.225:45290 <-> 192.168.2.134:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/163 bytes <-> 1 pkts/179 bytes][Goodput ratio: 74/76][0.00 sec][Hostname/SNI: 4sicn03_2qaa3rlc3qudhh0aavjycxwakjehelu5klueow0zjxulgage-.4s2fgaaaa__-.test.txt][::][Risk: ** Susp DNS Traffic **** Non-Printable/Invalid Chars Detected **** Minor Issues **][Risk Score: 160][Risk Info: Long DNS host name / DNS Record with zero TTL][PLAIN TEXT (sICN03)][Plen Bins: 0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 UDP 192.168.2.225:45290 <-> 192.168.2.134:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/163 bytes <-> 1 pkts/179 bytes][Goodput ratio: 74/76][0.00 sec][Hostname/SNI: 4sicn03_2qaa3rlc3qudhh0aavjycxwakjehelu5klueow0zjxulgage-.4s2fgaaaa__-.test.txt][::][Risk: ** Susp DNS Traffic **** Susp Entropy **** Non-Printable/Invalid Chars Detected **** Minor Issues **][Risk Score: 210][Risk Info: Long DNS host name / Entropy: 5.224 (Executable) / DNS Record with zero TTL][PLAIN TEXT (sICN03)][Plen Bins: 0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/dtls_certificate_fragments.pcap.out b/tests/cfgs/default/result/dtls_certificate_fragments.pcap.out index df144169571..52c58a0c148 100644 --- a/tests/cfgs/default/result/dtls_certificate_fragments.pcap.out +++ b/tests/cfgs/default/result/dtls_certificate_fragments.pcap.out @@ -33,5 +33,5 @@ JA3 Host Stats: 2 10.186.198.149 1 - 1 UDP 10.186.198.149:39347 <-> 35.210.59.134:44443 [proto: 30/DTLS][IP: 284/GoogleCloud][Encrypted][Confidence: DPI][DPI packets: 5][cat: Web/5][11 pkts/2624 bytes <-> 9 pkts/3354 bytes][Goodput ratio: 82/89][2.92 sec][bytes ratio: -0.122 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 324/76 2179/186 659/75][Pkt Len c2s/s2c min/avg/max/stddev: 167/90 239/373 416/1454 97/388][Risk: ** Weak TLS Cipher **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **** TLS Cert About To Expire **][Risk Score: 210][Risk Info: No ALPN / Cipher TLS_RSA_WITH_AES_256_CBC_SHA / 25/Apr/2019 09:58:06 - 25/May/2019 09:58:06][DTLSv1.2][JA3C: 3c3d129780d0066cd8936a6291a8d44f][JA4: t00d800500_9cedc1f1428b_a1e935682795][ServerNames: *.samsungmax.com,*.opera-mini.net][JA3S: d45798bc098cd930de7eb2f5f866e994 (WEAK)][Issuer: C=NO, ST=Oslo, L=Oslo, O=Opera Software ASA, OU=Opera Max, CN=Opera Max CA][Subject: C=NO, ST=Oslo, L=Oslo, O=Opera Software ASA, OU=Opera Max, CN=*.opera-mini.net, C=NO, ST=Oslo, L=Oslo, O=Opera Software ASA, OU=Opera Max, CN=Opera Max CA][Certificate SHA-1: 2F:5F:33:93:DE:4E:8B:EA:87:19:43:1A:7A:28:C2:33:FB:10:B3:A0][Firefox][Validity: 2019-04-25 09:58:06 - 2019-05-25 09:58:06][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][PLAIN TEXT (Opera Software ASA1)][Plen Bins: 0,5,0,35,5,10,10,0,10,10,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0] + 1 UDP 10.186.198.149:39347 <-> 35.210.59.134:44443 [proto: 30/DTLS][IP: 284/GoogleCloud][Encrypted][Confidence: DPI][DPI packets: 5][cat: Web/5][11 pkts/2624 bytes <-> 9 pkts/3354 bytes][Goodput ratio: 82/89][2.92 sec][bytes ratio: -0.122 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 324/76 2179/186 659/75][Pkt Len c2s/s2c min/avg/max/stddev: 167/90 239/373 416/1454 97/388][Risk: ** Weak TLS Cipher **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **** Susp Entropy **** TLS Cert About To Expire **][Risk Score: 260][Risk Info: No ALPN / Entropy: 5.007 (Executable) / Cipher TLS_RSA_WITH_AES_256_CBC_SHA / 25/Apr/2019 09:58:06 - 25/May/2019 09:58:06][DTLSv1.2][JA3C: 3c3d129780d0066cd8936a6291a8d44f][JA4: t00d800500_9cedc1f1428b_a1e935682795][ServerNames: *.samsungmax.com,*.opera-mini.net][JA3S: d45798bc098cd930de7eb2f5f866e994 (WEAK)][Issuer: C=NO, ST=Oslo, L=Oslo, O=Opera Software ASA, OU=Opera Max, CN=Opera Max CA][Subject: C=NO, ST=Oslo, L=Oslo, O=Opera Software ASA, OU=Opera Max, CN=*.opera-mini.net, C=NO, ST=Oslo, L=Oslo, O=Opera Software ASA, OU=Opera Max, CN=Opera Max CA][Certificate SHA-1: 2F:5F:33:93:DE:4E:8B:EA:87:19:43:1A:7A:28:C2:33:FB:10:B3:A0][Firefox][Validity: 2019-04-25 09:58:06 - 2019-05-25 09:58:06][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][PLAIN TEXT (Opera Software ASA1)][Plen Bins: 0,5,0,35,5,10,10,0,10,10,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0] 2 UDP 192.168.1.26:43594 <-> 104.153.87.149:50001 [proto: 30.58/DTLS.Discord][IP: 58/Discord][Encrypted][Confidence: DPI][DPI packets: 4][cat: Collaborative/15][3 pkts/1015 bytes <-> 3 pkts/3200 bytes][Goodput ratio: 88/96][0.13 sec][bytes ratio: -0.518 (Download)][IAT c2s/s2c min/avg/max/stddev: 29/44 44/22 59/44 15/22][Pkt Len c2s/s2c min/avg/max/stddev: 197/621 338/1067 621/1322 200/316][Risk: ** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 60][Risk Info: No ALPN][DTLSv1.2][JA3C: 681eb4fb79ccb6d60d35fa502c279d42][JA4: t00d120700_7c0e62f61317_d9dd6182da81][ServerNames: *.discord.gg,discord.gg][JA3S: 201fdaa63db9a086f36651aa4cfd0819][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA][Subject: CN=*.discord.gg][Certificate SHA-1: 0C:A2:45:E6:4A:06:B0:31:C6:BF:B6:C5:1B:AE:A0:A3:8E:41:B2:3C][Validity: 2020-03-26 00:00:00 - 2022-06-28 00:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][PLAIN TEXT (Greater Manchester1)][Plen Bins: 0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,16,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/dtls_mid_sessions.pcapng.out b/tests/cfgs/default/result/dtls_mid_sessions.pcapng.out index 12295944ac1..b43c119971f 100644 --- a/tests/cfgs/default/result/dtls_mid_sessions.pcapng.out +++ b/tests/cfgs/default/result/dtls_mid_sessions.pcapng.out @@ -25,7 +25,7 @@ DTLS 91 37868 4 Safe 91 37868 4 - 1 UDP 170.151.105.215:443 <-> 121.152.255.238:8460 [proto: 30/DTLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][17 pkts/16320 bytes <-> 13 pkts/2086 bytes][Goodput ratio: 96/74][0.55 sec][bytes ratio: 0.773 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 31/24 152/154 51/46][Pkt Len c2s/s2c min/avg/max/stddev: 135/135 960/160 1495/352 623/62][Plen Bins: 0,0,44,6,3,0,3,0,3,3,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,30,0,0] - 2 UDP 170.151.105.215:443 <-> 72.102.179.218:62811 [proto: 30/DTLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][13 pkts/6283 bytes <-> 17 pkts/3803 bytes][Goodput ratio: 91/81][3.28 sec][bytes ratio: 0.246 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 240/212 1725/941 499/287][Pkt Len c2s/s2c min/avg/max/stddev: 135/135 483/224 1495/833 556/172][Plen Bins: 0,0,34,20,13,0,6,3,3,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0] - 3 UDP 135.215.56.198:443 -> 124.73.140.89:61189 [proto: 30/DTLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][30 pkts/9241 bytes -> 0 pkts/0 bytes][Goodput ratio: 86/0][0.27 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/0 28/0 7/0][Pkt Len c2s/s2c min/avg/max/stddev: 120/0 308/0 1381/0 280/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][PLAIN TEXT (q/SCmS.)][Plen Bins: 0,0,20,3,13,0,41,0,3,0,3,3,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,3,0,0,0,0,0,0] - 4 UDP 53.214.238.65:53558 -> 199.186.151.155:443 [proto: 30/DTLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/135 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 UDP 170.151.105.215:443 <-> 121.152.255.238:8460 [proto: 30/DTLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][17 pkts/16320 bytes <-> 13 pkts/2086 bytes][Goodput ratio: 96/74][0.55 sec][bytes ratio: 0.773 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 31/24 152/154 51/46][Pkt Len c2s/s2c min/avg/max/stddev: 135/135 960/160 1495/352 623/62][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: No client to server traffic / Entropy: 7.828 (Encrypted or Random)][Plen Bins: 0,0,44,6,3,0,3,0,3,3,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,30,0,0] + 2 UDP 170.151.105.215:443 <-> 72.102.179.218:62811 [proto: 30/DTLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][13 pkts/6283 bytes <-> 17 pkts/3803 bytes][Goodput ratio: 91/81][3.28 sec][bytes ratio: 0.246 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 240/212 1725/941 499/287][Pkt Len c2s/s2c min/avg/max/stddev: 135/135 483/224 1495/833 556/172][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: No client to server traffic / Entropy: 7.878 (Encrypted or Random)][Plen Bins: 0,0,34,20,13,0,6,3,3,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0] + 3 UDP 135.215.56.198:443 -> 124.73.140.89:61189 [proto: 30/DTLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][30 pkts/9241 bytes -> 0 pkts/0 bytes][Goodput ratio: 86/0][0.27 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/0 28/0 7/0][Pkt Len c2s/s2c min/avg/max/stddev: 120/0 308/0 1381/0 280/0][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No client to server traffic / Entropy: 7.401 (Encrypted or Random)][PLAIN TEXT (q/SCmS.)][Plen Bins: 0,0,20,3,13,0,41,0,3,0,3,3,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,3,0,0,0,0,0,0] + 4 UDP 53.214.238.65:53558 -> 199.186.151.155:443 [proto: 30/DTLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/135 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy: 5.915 (Executable)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/dtls_old_version.pcapng.out b/tests/cfgs/default/result/dtls_old_version.pcapng.out index d08f3cf0c14..49763ae0306 100644 --- a/tests/cfgs/default/result/dtls_old_version.pcapng.out +++ b/tests/cfgs/default/result/dtls_old_version.pcapng.out @@ -30,4 +30,4 @@ JA3 Host Stats: 1 37.188.4.115 1 - 1 UDP 37.188.4.115:56453 <-> 70.66.6.128:443 [proto: 30/DTLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 7][cat: Web/5][4 pkts/584 bytes <-> 3 pkts/410 bytes][Goodput ratio: 71/69][7.22 sec][bytes ratio: 0.175 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1003/2008 2377/3064 4119/4119 1298/1055][Pkt Len c2s/s2c min/avg/max/stddev: 141/90 146/137 161/230 9/66][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLS (0100) / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TLS (0100)][JA3C: be3660f0bdab46442f52b205919fee37][JA4: ts3d010000_692296a295db_e3b0c44298fc][JA3S: 8f48e117ae3543615168a2b087cda528 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,28,0,57,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 UDP 37.188.4.115:56453 <-> 70.66.6.128:443 [proto: 30/DTLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 7][cat: Web/5][4 pkts/584 bytes <-> 3 pkts/410 bytes][Goodput ratio: 71/69][7.22 sec][bytes ratio: 0.175 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1003/2008 2377/3064 4119/4119 1298/1055][Pkt Len c2s/s2c min/avg/max/stddev: 141/90 146/137 161/230 9/66][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **** Susp Entropy **][Risk Score: 250][Risk Info: TLS (0100) / Entropy: 5.207 (Executable) / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TLS (0100)][JA3C: be3660f0bdab46442f52b205919fee37][JA4: ts3d010000_692296a295db_e3b0c44298fc][JA3S: 8f48e117ae3543615168a2b087cda528 (WEAK)][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,28,0,57,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/dtls_session_id_and_coockie_both.pcap.out b/tests/cfgs/default/result/dtls_session_id_and_coockie_both.pcap.out index b5e08e9259a..12253535991 100644 --- a/tests/cfgs/default/result/dtls_session_id_and_coockie_both.pcap.out +++ b/tests/cfgs/default/result/dtls_session_id_and_coockie_both.pcap.out @@ -30,4 +30,4 @@ JA3 Host Stats: 1 185.196.113.239 1 - 1 UDP 185.196.113.239:50257 <-> 223.116.105.247:44443 [proto: 30/DTLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: Web/5][2 pkts/302 bytes <-> 2 pkts/302 bytes][Goodput ratio: 72/72][0.06 sec][Risk: ** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 60][Risk Info: No ALPN][DTLSv1.2][JA3C: e15c510766789ed8f49de0e37951c1da][JA4: t00d010000_653ffb6f323e_e3b0c44298fc][JA3S: a1d48eca741e476d8ee735578a26bdbd][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,25,0,50,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 UDP 185.196.113.239:50257 <-> 223.116.105.247:44443 [proto: 30/DTLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: Web/5][2 pkts/302 bytes <-> 2 pkts/302 bytes][Goodput ratio: 72/72][0.06 sec][Risk: ** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **** Susp Entropy **][Risk Score: 110][Risk Info: No ALPN / Entropy: 5.353 (Executable)][DTLSv1.2][JA3C: e15c510766789ed8f49de0e37951c1da][JA4: t00d010000_653ffb6f323e_e3b0c44298fc][JA3S: a1d48eca741e476d8ee735578a26bdbd][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,25,0,50,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/edonkey.pcap.out b/tests/cfgs/default/result/edonkey.pcap.out index e7e0fd17b25..9f6f2c84bd7 100644 --- a/tests/cfgs/default/result/edonkey.pcap.out +++ b/tests/cfgs/default/result/edonkey.pcap.out @@ -14,7 +14,7 @@ Automa domain: 0/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) Automa common alpns: 0/0 (search/found) -Patricia risk mask: 0/0 (search/found) +Patricia risk mask: 2/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 1/0 (search/found) Patricia risk IPv6: 0/0 (search/found) diff --git a/tests/cfgs/default/result/emotet.pcap.out b/tests/cfgs/default/result/emotet.pcap.out index 59dca189706..b9b32a567c1 100644 --- a/tests/cfgs/default/result/emotet.pcap.out +++ b/tests/cfgs/default/result/emotet.pcap.out @@ -35,7 +35,7 @@ JA3 Host Stats: 1 TCP 10.3.29.101:56309 <-> 104.161.127.22:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][21 pkts/1592 bytes <-> 37 pkts/48623 bytes][Goodput ratio: 28/96][0.61 sec][Hostname/SNI: fkl.co.ke][bytes ratio: -0.937 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 26/7 204/204 57/36][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 76/1314 500/1415 95/343][URL: fkl.co.ke/wp-content/Elw3kPvOsZxM5/][StatusCode: 200][Content-Type: text/html][Server: LiteSpeed][User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.74 Safari/537.36 Edg/99.0.1150.55][PLAIN TEXT (GET /wp)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,2,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,95,0,0,0,0,0] 2 TCP 10.2.25.102:57309 <-> 193.252.22.84:587 [proto: 3/SMTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 19][cat: Email/3][23 pkts/16752 bytes <-> 27 pkts/1853 bytes][Goodput ratio: 93/21][8.35 sec][Hostname/SNI: opmta1mto02nd1][bytes ratio: 0.801 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 276/345 1205/3054 406/694][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 728/69 1514/214 702/33][PLAIN TEXT (220 opmta)][Plen Bins: 31,27,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0] - 3 TCP 10.4.25.101:49797 <-> 77.105.36.156:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Download/7][5 pkts/452 bytes <-> 10 pkts/10518 bytes][Goodput ratio: 34/95][0.48 sec][Hostname/SNI: filmmogzivota.rs][bytes ratio: -0.918 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 159/37 292/171 121/64][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 90/1052 206/1442 58/553][URL: filmmogzivota.rs/SpryAssets/gDR/][StatusCode: 200][Content-Type: application/x-msdownload][Server: Apache][User-Agent: vBKbaQgjyvRRbcgfvlsc][Filename: TfBXbg6gEAqeHioMEKOtCAAn73.dll][Risk: ** Binary App Transfer **** HTTP Susp User-Agent **** Binary file/data transfer (attempt) **][Risk Score: 300][Risk Info: UA vBKbaQgjyvRRbcgfvlsc / Found mime exe x-msdownload / File download TfBXbg6gEAqeHioMEKOtCAAn73.dll][PLAIN TEXT (GET /SpryAssets/gDR/ HTTP/1.1)][Plen Bins: 0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,66,0,0,0,0] - 4 TCP 10.4.20.102:54319 <-> 107.161.178.210:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][7 pkts/645 bytes <-> 7 pkts/8714 bytes][Goodput ratio: 35/96][0.38 sec][Hostname/SNI: gandhitoday.org][bytes ratio: -0.862 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 74/54 260/260 100/103][Pkt Len c2s/s2c min/avg/max/stddev: 60/62 92/1245 279/1442 76/483][URL: gandhitoday.org/video/6JvA8/][StatusCode: 200][Content-Type: application/x-msdownload][Server: Apache][User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko][Filename: EGh7x6aKN3ILP.dll][Risk: ** Binary App Transfer **** Binary file/data transfer (attempt) **][Risk Score: 200][Risk Info: Found mime exe x-msdownload / File download EGh7x6aKN3ILP.dll][PLAIN TEXT (GET /video/6J)][Plen Bins: 0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,85,0,0,0,0] + 3 TCP 10.4.25.101:49797 <-> 77.105.36.156:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Download/7][5 pkts/452 bytes <-> 10 pkts/10518 bytes][Goodput ratio: 34/95][0.48 sec][Hostname/SNI: filmmogzivota.rs][bytes ratio: -0.918 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 159/37 292/171 121/64][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 90/1052 206/1442 58/553][URL: filmmogzivota.rs/SpryAssets/gDR/][StatusCode: 200][Content-Type: application/x-msdownload][Server: Apache][User-Agent: vBKbaQgjyvRRbcgfvlsc][Filename: TfBXbg6gEAqeHioMEKOtCAAn73.dll][Risk: ** Binary App Transfer **** HTTP Susp User-Agent **** Susp Entropy **** Binary file/data transfer (attempt) **][Risk Score: 350][Risk Info: UA vBKbaQgjyvRRbcgfvlsc / Entropy: 5.113 (Executable) / Found mime exe x-msdownload / File download TfBXbg6gEAqeHioMEKOtCAAn73][PLAIN TEXT (GET /SpryAssets/gDR/ HTTP/1.1)][Plen Bins: 0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,66,0,0,0,0] + 4 TCP 10.4.20.102:54319 <-> 107.161.178.210:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][7 pkts/645 bytes <-> 7 pkts/8714 bytes][Goodput ratio: 35/96][0.38 sec][Hostname/SNI: gandhitoday.org][bytes ratio: -0.862 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 74/54 260/260 100/103][Pkt Len c2s/s2c min/avg/max/stddev: 60/62 92/1245 279/1442 76/483][URL: gandhitoday.org/video/6JvA8/][StatusCode: 200][Content-Type: application/x-msdownload][Server: Apache][User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko][Filename: EGh7x6aKN3ILP.dll][Risk: ** Binary App Transfer **** Susp Entropy **** Binary file/data transfer (attempt) **][Risk Score: 250][Risk Info: Entropy: 5.294 (Executable) / Found mime exe x-msdownload / File download EGh7x6aKN3ILP.dll][PLAIN TEXT (GET /video/6J)][Plen Bins: 0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,85,0,0,0,0] 5 TCP 10.4.25.101:49803 <-> 138.197.147.101:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][7 pkts/1130 bytes <-> 8 pkts/6240 bytes][Goodput ratio: 64/93][1.65 sec][bytes ratio: -0.693 (Download)][IAT c2s/s2c min/avg/max/stddev: 14/0 75/231 122/1117 39/400][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 161/780 534/1442 161/663][Risk: ** Self-signed Cert **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **** Malicious JA3 Fingerp. **][Risk Score: 210][Risk Info: 51c64c77e60f3980eea90869b68c58a8 / No ALPN / C=GB, ST=London, L=London, O=Global Security, OU=IT Department, CN=example.com][TLSv1.2][JA3C: 51c64c77e60f3980eea90869b68c58a8][JA4: t12d190600_d83cc789557e_2dae41c691ec][JA3S: ec74a5c51106f0419184d0dd08fb05bc][Issuer: C=GB, ST=London, L=London, O=Global Security, OU=IT Department, CN=example.com][Subject: C=GB, ST=London, L=London, O=Global Security, OU=IT Department, CN=example.com][Certificate SHA-1: 43:A2:39:73:AC:4D:2C:15:7B:D6:4E:32:EA:22:11:B7:97:65:1A:93][Firefox][Validity: 2022-04-21 10:08:46 - 2023-04-21 10:08:46][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,12,0,12,0,0,12,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,51,0,0,0,0] 6 TCP 10.4.25.101:49804 <-> 138.197.147.101:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][10 pkts/1517 bytes <-> 7 pkts/1208 bytes][Goodput ratio: 61/66][48.61 sec][bytes ratio: 0.113 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 5997/806 44782/3012 14692/1274][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 152/173 607/714 179/224][Risk: ** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **** Malicious JA3 Fingerp. **][Risk Score: 110][Risk Info: 51c64c77e60f3980eea90869b68c58a8 / No ALPN][TLSv1.2][JA3C: 51c64c77e60f3980eea90869b68c58a8][JA4: t12d190600_d83cc789557e_2dae41c691ec][JA3S: fd4bc6cea4877646ccd62f0792ec0b62][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 16,16,0,16,0,0,0,0,0,0,16,0,0,0,0,0,0,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/exe_download.pcap.out b/tests/cfgs/default/result/exe_download.pcap.out index 19fa719cf86..c6a49547cf2 100644 --- a/tests/cfgs/default/result/exe_download.pcap.out +++ b/tests/cfgs/default/result/exe_download.pcap.out @@ -25,4 +25,4 @@ HTTP 20 14869 1 Acceptable 20 14869 1 - 1 TCP 10.9.25.101:49165 <-> 144.91.69.195:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Download/7][8 pkts/597 bytes <-> 12 pkts/14272 bytes][Goodput ratio: 26/95][0.76 sec][Hostname/SNI: 144.91.69.195][bytes ratio: -0.920 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 125/33 319/298 134/89][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 75/1189 207/1514 50/510][URL: 144.91.69.195/solar.php][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx/1.10.3][User-Agent: pwtyyEKzNtGatwnJjmCcBLbOveCVpc][Filename: phn34ycjtghm.exe][Risk: ** Binary App Transfer **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Obsolete Server **** Binary file/data transfer (attempt) **][Risk Score: 360][Risk Info: Found host 144.91.69.195 / UA pwtyyEKzNtGatwnJjmCcBLbOveCVpc / Obsolete nginx server 1.10.3 / Found binary mime octet-stream /][PLAIN TEXT (GET /solar.php HTTP/1.1)][Plen Bins: 0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0,54,0,0,18,0,0] + 1 TCP 10.9.25.101:49165 <-> 144.91.69.195:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Download/7][8 pkts/597 bytes <-> 12 pkts/14272 bytes][Goodput ratio: 26/95][0.76 sec][Hostname/SNI: 144.91.69.195][bytes ratio: -0.920 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 125/33 319/298 134/89][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 75/1189 207/1514 50/510][URL: 144.91.69.195/solar.php][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx/1.10.3][User-Agent: pwtyyEKzNtGatwnJjmCcBLbOveCVpc][Filename: phn34ycjtghm.exe][Risk: ** Binary App Transfer **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** HTTP Obsolete Server **** Binary file/data transfer (attempt) **][Risk Score: 410][Risk Info: Found host 144.91.69.195 / UA pwtyyEKzNtGatwnJjmCcBLbOveCVpc / Entropy: 5.254 (Executable) / Obsolete nginx server 1.10.3 / Fo][PLAIN TEXT (GET /solar.php HTTP/1.1)][Plen Bins: 0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0,54,0,0,18,0,0] diff --git a/tests/cfgs/default/result/exe_download_as_png.pcap.out b/tests/cfgs/default/result/exe_download_as_png.pcap.out index 3f7339a9616..34e6a981d64 100644 --- a/tests/cfgs/default/result/exe_download_as_png.pcap.out +++ b/tests/cfgs/default/result/exe_download_as_png.pcap.out @@ -25,4 +25,4 @@ HTTP 100 94225 1 Acceptable 100 94225 1 - 1 TCP 10.9.25.101:49197 <-> 185.98.87.185:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][33 pkts/1943 bytes <-> 67 pkts/92282 bytes][Goodput ratio: 8/96][1.90 sec][Hostname/SNI: 185.98.87.185][bytes ratio: -0.959 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 53/14 613/612 145/81][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 59/1377 203/1514 26/239][URL: 185.98.87.185/tablone.png][StatusCode: 200][Content-Type: image/png][Server: nginx/1.10.3][User-Agent: WinHTTP loader/1.0][Risk: ** Binary App Transfer **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Obsolete Server **][Risk Score: 210][Risk Info: Found host 185.98.87.185 / Obsolete nginx server 1.10.3 / Found DOS/Windows Exe][PLAIN TEXT (GET /tablone.png HTTP/1.1)][Plen Bins: 0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,6,0,0,73,0,0,15,0,0] + 1 TCP 10.9.25.101:49197 <-> 185.98.87.185:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][33 pkts/1943 bytes <-> 67 pkts/92282 bytes][Goodput ratio: 8/96][1.90 sec][Hostname/SNI: 185.98.87.185][bytes ratio: -0.959 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 53/14 613/612 145/81][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 59/1377 203/1514 26/239][URL: 185.98.87.185/tablone.png][StatusCode: 200][Content-Type: image/png][Server: nginx/1.10.3][User-Agent: WinHTTP loader/1.0][Risk: ** Binary App Transfer **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** HTTP Obsolete Server **][Risk Score: 260][Risk Info: Found host 185.98.87.185 / Entropy: 4.957 (Executable) / Obsolete nginx server 1.10.3 / Found DOS/Windows Exe][PLAIN TEXT (GET /tablone.png HTTP/1.1)][Plen Bins: 0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,6,0,0,73,0,0,15,0,0] diff --git a/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out b/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out index f5c0134afb9..ddbbee4df73 100644 --- a/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out +++ b/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out @@ -66,7 +66,7 @@ Unrated 34 4212 34 20 UDP 192.168.1.2:2789 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: Network/14][5 pkts/430 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][::][Risk: ** Malformed Packet **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Invalid DNS Query Lenght][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 21 UDP 192.168.1.2:2806 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: Network/14][5 pkts/430 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Hostname/SNI: _sip._udp.sip.cybercity.qk][::][Risk: ** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic][PLAIN TEXT (bercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 22 UDP 192.168.1.2:2825 -> 192.168.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: Network/14][5 pkts/430 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][9.01 sec][Hostname/SNI: _sip._udp.sip.cybercity.dk][::][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No server to client traffic / Invalid DNS Query Lenght][PLAIN TEXT (cybercity)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 23 UDP 192.86.1.2:5060 -> 200.68.120.99:5060 [proto: 100/SIP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: VoIP/10][1 pkts/417 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (CANCEL qip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 23 UDP 192.86.1.2:5060 -> 200.68.120.99:5060 [proto: 100/SIP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: VoIP/10][1 pkts/417 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy: 5.584 (Executable)][PLAIN TEXT (CANCEL qip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 24 UDP 192.168.1.2:4292 -> 200.68.37.115:5060 [proto: 100/SIP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][1 pkts/417 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (CANCEL sip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 25 UDP 192.169.1.2:5060 -> 200.68.120.81:5060 [proto: 100/SIP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][1 pkts/417 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (CANCEL sip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 26 UDP 192.168.1.2:4901 -> 200.68.120.81:29440 [proto: 100/SIP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][1 pkts/389 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (ACK sip)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -264,12 +264,12 @@ Unrated 34 4212 34 Undetected flows: - 1 UDP 212.242.33.35:9587 -> 192.168.1.2:196 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/527 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (0 401 Unauthorized)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 UDP 212.242.33.35:9587 -> 192.168.1.2:196 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/527 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy: 5.608 (Executable)][PLAIN TEXT (0 401 Unauthorized)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 118 192.168.1.2:0 -> 200.68.120.81:0 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/417 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (CANCEL sip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 3 UDP 81.168.1.2:30000 -> 212.242.33.36:40392 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 4 UDP 192.168.1.2:30000 -> 37.115.0.36:40392 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (njlndlj)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 5 UDP 192.168.1.2:30000 -> 214.242.33.36:40392 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 6 UDP 192.168.1.3:30000 -> 212.242.33.36:40392 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (VRUDKBu)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 UDP 81.168.1.2:30000 -> 212.242.33.36:40392 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy: 5.446 (Executable)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 4 UDP 192.168.1.2:30000 -> 37.115.0.36:40392 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy: 6.110 (Executable)][PLAIN TEXT (njlndlj)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 5 UDP 192.168.1.2:30000 -> 214.242.33.36:40392 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy: 5.648 (Executable)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 6 UDP 192.168.1.3:30000 -> 212.242.33.36:40392 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/214 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy: 5.003 (Executable)][PLAIN TEXT (VRUDKBu)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 7 UDP 192.168.1.2:30001 -> 244.242.33.36:40393 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/146 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][PLAIN TEXT (11894297)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 8 TCP 147.234.1.170:43690 -> 170.170.170.170:43690 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/113 bytes -> 0 pkts/0 bytes][Goodput ratio: 34/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 9 UDP 192.168.1.1:117 -> 192.168.1.2:2769 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/105 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/fuzz-2006-09-29-28586.pcap.out b/tests/cfgs/default/result/fuzz-2006-09-29-28586.pcap.out index 3c5d9828e45..8a05a73bf80 100644 --- a/tests/cfgs/default/result/fuzz-2006-09-29-28586.pcap.out +++ b/tests/cfgs/default/result/fuzz-2006-09-29-28586.pcap.out @@ -19,7 +19,7 @@ Automa domain: 4/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) Automa common alpns: 0/0 (search/found) -Patricia risk mask: 54/0 (search/found) +Patricia risk mask: 56/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 0/0 (search/found) @@ -32,25 +32,25 @@ HTTP 118 28709 37 Acceptable 118 28709 37 Unrated 3 655 3 - 1 TCP 172.20.3.5:2601 <-> 172.20.3.13:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 13][cat: Web/5][9 pkts/6343 bytes <-> 4 pkts/409 bytes][Goodput ratio: 92/46][11.25 sec][bytes ratio: 0.879 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/104 67/128 469/152 164/24][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 705/102 1514/243 721/81][PLAIN TEXT (POST /servlets/mms HTTP/1.1)][Plen Bins: 16,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,67,0,0] + 1 TCP 172.20.3.5:2601 <-> 172.20.3.13:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 13][cat: Web/5][9 pkts/6343 bytes <-> 4 pkts/409 bytes][Goodput ratio: 92/46][11.25 sec][bytes ratio: 0.879 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/104 67/128 469/152 164/24][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 705/102 1514/243 721/81][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 7.527 (Encrypted or Random)][PLAIN TEXT (POST /servlets/mms HTTP/1.1)][Plen Bins: 16,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,67,0,0] 2 TCP 172.20.3.5:2606 <-> 172.20.3.13:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 12][cat: Web/5][8 pkts/2287 bytes <-> 5 pkts/2963 bytes][Goodput ratio: 80/91][11.18 sec][Hostname/SNI: 172.20.3.13][bytes ratio: -0.129 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 58/58 177/172 83/81][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 286/593 1514/1514 478/662][URL: 172.20.3.13/servlets/mms?message-id=189301][Risk: ** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 110][Risk Info: Found host 172.20.3.13 / Empty or missing User-Agent][PLAIN TEXT (GET /servlets/mms)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,50,0,0] 3 TCP 172.20.3.5:2604 <-> 172.20.3.13:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][5 pkts/1754 bytes <-> 4 pkts/583 bytes][Goodput ratio: 83/62][11.17 sec][Hostname/SNI: 172.20.3.13][bytes ratio: 0.501 (Upload)][IAT c2s/s2c min/avg/max/stddev: 307/81 2793/3724 10864/10997 4662/5143][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 351/146 1514/417 582/157][URL: 172.20.3.13/servlets/mms?message-id=189001][StatusCode: 200][Server: Resin/2.0.1][User-Agent: SonyEricssonT68/R201A][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 10][Risk Info: Found host 172.20.3.13][PLAIN TEXT (GET /servlets/mms)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] 4 TCP 172.20.3.13:53132 <-> 172.20.3.5:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 13][cat: Web/5][9 pkts/1650 bytes <-> 4 pkts/240 bytes][Goodput ratio: 70/0][5.14 sec][bytes ratio: 0.746 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 734/1 4911/1 1706/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 183/60 894/60 270/0][PLAIN TEXT (POST /ppgctrl/ppgcontrollogic.d)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 5 TCP 172.20.3.5:2602 <-> 172.20.3.13:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Web/5][4 pkts/942 bytes <-> 4 pkts/703 bytes][Goodput ratio: 75/69][11.10 sec][Hostname/SNI: 172.20.3.13][bytes ratio: 0.145 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/106 3699/5548 10844/10989 5054/5442][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 236/176 762/541 304/211][URL: 172.20.3.13.servlets/mms][StatusCode: 200][Req Content-Type: application/xml][Content-Type: application/xml][Server: Resin/2.0.1][Risk: ** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 110][Risk Info: Found host 172.20.3.13 / Empty or missing User-Agent][PLAIN TEXT (POST .servlets/mms HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 6 TCP 172.20.3.13:53136 <-> 172.20.3.5:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Web/5][5 pkts/586 bytes <-> 6 pkts/999 bytes][Goodput ratio: 54/66][5.21 sec][Hostname/SNI: 172.20.3.5][bytes ratio: -0.261 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/96 1737/1302 4910/5010 2247/2141][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 117/166 370/481 126/150][StatusCode: 100][Req Content-Type: multipart/related][Server: Microsoft-IIS/4.0][User-Agent: MMS-Relay-DeliveryInitiator][PLAIN TEXT (POST /ppgctrl/ppgcon)][Plen Bins: 0,0,25,0,25,0,0,0,0,25,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 7 TCP 172.20.3.5:9587 -> 172.20.3.13:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1514 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][Risk: ** HTTP Susp User-Agent **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / Empty or missing User-Agent][PLAIN TEXT (POST /servlets/mms HTTP/)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0] + 6 TCP 172.20.3.13:53136 <-> 172.20.3.5:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Web/5][5 pkts/586 bytes <-> 6 pkts/999 bytes][Goodput ratio: 54/66][5.21 sec][Hostname/SNI: 172.20.3.5][bytes ratio: -0.261 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/96 1737/1302 4910/5010 2247/2141][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 117/166 370/481 126/150][StatusCode: 100][Req Content-Type: multipart/related][Server: Microsoft-IIS/4.0][User-Agent: MMS-Relay-DeliveryInitiator][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.510 (Executable)][PLAIN TEXT (POST /ppgctrl/ppgcon)][Plen Bins: 0,0,25,0,25,0,0,0,0,25,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 7 TCP 172.20.3.5:9587 -> 172.20.3.13:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1514 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][Risk: ** HTTP Susp User-Agent **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 160][Risk Info: No server to client traffic / Empty or missing User-Agent / Entropy: 5.441 (Executable)][PLAIN TEXT (POST /servlets/mms HTTP/)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0] 8 TCP 172.20.3.13:80 -> 172.20.72.5:2606 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1514 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][StatusCode: 200][Content-Type: app•icatiOn/vnd.wap.mms-meBsage][Risk: ** HTTP Susp User-Agent **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No client to server traffic / Empty or missing User-Agent][PLAIN TEXT (HTTP/1.1 200 OK)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0] - 9 TCP 172.20.3.13:80 <-> 172.20.3.5:2608 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Web/5][1 pkts/58 bytes <-> 3 pkts/882 bytes][Goodput ratio: 0/80][0.25 sec][Risk: ** HTTP Susp User-Agent **][Risk Score: 100][Risk Info: Empty or missing User-Agent][PLAIN TEXT (POST /servlets/mms HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 10 TCP 172.20.3.13:53136 -> 172.70.3.5:80 [proto: 7/HTTP][IP: 220/Cloudflare][ClearText][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/854 bytes -> 0 pkts/0 bytes][Goodput ratio: 94/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (msgpart)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 9 TCP 172.20.3.13:80 <-> 172.20.3.5:2608 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Web/5][1 pkts/58 bytes <-> 3 pkts/882 bytes][Goodput ratio: 0/80][0.25 sec][Risk: ** HTTP Susp User-Agent **** Susp Entropy **][Risk Score: 150][Risk Info: Empty or missing User-Agent / Entropy: 5.612 (Executable)][PLAIN TEXT (POST /servlets/mms HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 10 TCP 172.20.3.13:53136 -> 172.70.3.5:80 [proto: 7/HTTP][IP: 220/Cloudflare][ClearText][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/854 bytes -> 0 pkts/0 bytes][Goodput ratio: 94/0][< 1 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy: 5.769 (Executable)][PLAIN TEXT (msgpart)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 11 TCP 172.20.3.5:2607 <-> 172.20.3.13:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 6][cat: Web/5][4 pkts/657 bytes <-> 2 pkts/112 bytes][Goodput ratio: 64/0][0.21 sec][bytes ratio: 0.709 (Upload)][IAT c2s/s2c min/avg/max/stddev: 207/1 69/1 207/1 98/0][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 164/56 477/58 181/2][PLAIN TEXT (201.xml)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 12 TCP 172.20.3.5:2603 <-> 172.20.3.13:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][2 pkts/120 bytes <-> 4 pkts/363 bytes][Goodput ratio: 0/39][11.06 sec][bytes ratio: -0.503 (Download)][IAT c2s/s2c min/avg/max/stddev: 216/2 216/35 216/68 0/33][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 60/91 60/197 0/61][StatusCode: 200][Content-Type: application/vnd.wap.mms-message][Server: Resin/2.0.1][Risk: ** HTTP Susp User-Agent **][Risk Score: 100][Risk Info: Empty or missing User-Agent][PLAIN TEXT (HTTP/1.1 200 OK)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 13 TCP 172.6.3.5:80 -> 172.20.3.13:53132 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/481 bytes -> 0 pkts/0 bytes][Goodput ratio: 89/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][PLAIN TEXT (xml version)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 14 TCP 51.20.3.5:2605 -> 172.20.3.13:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/477 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (201.xml)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 14 TCP 51.20.3.5:2605 -> 172.20.3.13:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/477 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][< 1 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy: 5.680 (Executable)][PLAIN TEXT (201.xml)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 15 TCP 172.20.3.5:2605 <-> 172.20.3.13:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 5][cat: Web/5][4 pkts/240 bytes <-> 1 pkts/58 bytes][Goodput ratio: 0/0][11.06 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 16 TCP 172.20.3.5:2600 <-> 172.20.3.13:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 4][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes][Goodput ratio: 0/0][0.00 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 17 TCP 172.20.2.13:80 -> 172.20.3.5:2607 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/197 bytes -> 0 pkts/0 bytes][Goodput ratio: 10/0][< 1 sec][StatusCode: 200][Risk: ** HTTP Susp User-Agent **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No client to server traffic / Empty or missing User-Agent][PLAIN TEXT (HTTP/1.1 200 OK)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 18 TCP 172.20.3.13:80 -> 44.20.3.5:2605 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/197 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][StatusCode: 220][Content-Type: application/vnk.wap.mms-message][Server: Besin/2.0.1][Risk: ** HTTP Susp User-Agent **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No client to server traffic / Empty or missing User-Agent][PLAIN TEXT (HTTP/1.1 220 OK)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 19 TCP 172.20.3.5:80 -> 172.57.3.13:53132 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/195 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][PLAIN TEXT (HTTo/1.1 202 Accepted)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 19 TCP 172.20.3.5:80 -> 172.57.3.13:53132 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/195 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No client to server traffic / Entropy: 5.166 (Executable)][PLAIN TEXT (HTTo/1.1 202 Accepted)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 20 TCP 172.20.3.1:80 -> 172.20.3.13:53132 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/143 bytes -> 0 pkts/0 bytes][Goodput ratio: 62/0][< 1 sec][StatusCode: 100][Server: Microsoft-IIS/4.0][Risk: ** HTTP Susp User-Agent **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No client to server traffic / Empty or missing User-Agent][PLAIN TEXT (HTTP/1.1 100 Continue)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 21 TCP 172.20.3.13:53193 -> 172.20.3.5:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/62 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 22 TCP 172.20.3.5:80 -> 172.20.35.13:53136 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/60 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/fuzz-2020-02-16-11740.pcap.out b/tests/cfgs/default/result/fuzz-2020-02-16-11740.pcap.out index a62288163f8..173e2f42207 100644 --- a/tests/cfgs/default/result/fuzz-2020-02-16-11740.pcap.out +++ b/tests/cfgs/default/result/fuzz-2020-02-16-11740.pcap.out @@ -99,17 +99,17 @@ Undetected flows: 3 UDP 10.12.64.30:29200 -> 198.226.25.53:1796 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/725 bytes -> 0 pkts/0 bytes][Goodput ratio: 94/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (11480073638072@wlan.mnc)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 4 254 10.12.64.30:0 -> 198.226.25.53:0 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/725 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (50311480073638072@wlan.mnc480.m)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 5 0 10.12.64.30:0 -> 198.226.25.53:0 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/697 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (50311480071394304@wlan.mnc480.m)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 6 UDP 198.226.25.53:1895 -> 10.12.64.30:29200 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/318 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (50311480073638072@wlan.mnc480.m)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 6 UDP 198.226.25.53:1895 -> 10.12.64.30:29200 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/318 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][< 1 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy: 6.745 (Compressed Executable)][PLAIN TEXT (50311480073638072@wlan.mnc480.m)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 7 88 198.226.25.53:0 -> 10.12.64.30:0 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/318 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (0311480073R)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 8 UDP 198.226.25.53:1965 -> 10.12.64.30:29200 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/239 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (50311480073638072@wlan.mnc480.m)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 8 UDP 198.226.25.53:1965 -> 10.12.64.30:29200 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/239 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy: 6.283 (Executable)][PLAIN TEXT (50311480073638072@wlan.mnc480.m)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 9 170 170.170.170.170:0 -> 170.170.170.170:0 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/239 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 10 UDP 198.162.25.53:1810 -> 10.12.64.30:29200 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 79/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (50311480281501589@wlan.Gnc480.m)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 11 UDP 198.226.25.53:43028 -> 10.12.64.30:29200 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 79/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (50311480432608586@wlan.mnc480.m)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 10 UDP 198.162.25.53:1810 -> 10.12.64.30:29200 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 79/0][< 1 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy: 5.871 (Executable)][PLAIN TEXT (50311480281501589@wlan.Gnc480.m)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 11 UDP 198.226.25.53:43028 -> 10.12.64.30:29200 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 79/0][< 1 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy: 5.797 (Executable)][PLAIN TEXT (50311480432608586@wlan.mnc480.m)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 12 UDP 198.226.170.170:43690 -> 170.170.170.170:43690 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/206 bytes -> 0 pkts/0 bytes][Goodput ratio: 79/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 13 85 198.226.25.62:0 -> 10.12.64.30:0 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/192 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (503114s)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 14 UDP 198.226.25.53:309 -> 10.12.64.30:12339 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/179 bytes -> 0 pkts/0 bytes][Goodput ratio: 61/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][PLAIN TEXT (50311480071394304@wlan.mnc480.m)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 15 UDP 198.226.25.53:1814 -> 10.12.64.30:29200 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/179 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (50311480071394304@wlan.mnc480.m)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 16 UDP 198.226.25.53:3860 -> 14.12.64.30:29200 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/179 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (50311480432608586@wlan.mnc480.m)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 14 UDP 198.226.25.53:309 -> 10.12.64.30:12339 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/179 bytes -> 0 pkts/0 bytes][Goodput ratio: 61/0][< 1 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No client to server traffic / Entropy: 5.477 (Executable)][PLAIN TEXT (50311480071394304@wlan.mnc480.m)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 15 UDP 198.226.25.53:1814 -> 10.12.64.30:29200 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/179 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy: 5.776 (Executable)][PLAIN TEXT (50311480071394304@wlan.mnc480.m)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 16 UDP 198.226.25.53:3860 -> 14.12.64.30:29200 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/179 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy: 5.845 (Executable)][PLAIN TEXT (50311480432608586@wlan.mnc480.m)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 17 UDP 198.226.25.53:43690 -> 10.12.170.170:43690 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/179 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 18 37 198.226.25.53:0 -> 10.12.64.30:0 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/179 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (5031148023)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 19 UDP 198.226.25.53:30764 -> 10.12.64.30:12344 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/147 bytes -> 0 pkts/0 bytes][Goodput ratio: 60/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (50311480063638072@wlan.mnc480.m)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/gnutella.pcap.out b/tests/cfgs/default/result/gnutella.pcap.out index dc8ae3fde9a..84566f48a1d 100644 --- a/tests/cfgs/default/result/gnutella.pcap.out +++ b/tests/cfgs/default/result/gnutella.pcap.out @@ -61,10 +61,10 @@ JA3 Host Stats: 4 TCP 10.0.2.15:50300 <-> 188.61.52.183:11852 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Download/7][66 pkts/6593 bytes <-> 69 pkts/10484 bytes][Goodput ratio: 46/64][502.91 sec][bytes ratio: -0.228 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 8559/7533 32308/32351 8859/8516][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 100/152 653/1514 91/201][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 1,43,9,6,26,4,0,1,1,0,1,1,0,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] 5 UDP [fe80::c50d:519f:96a4:e108]:63958 -> [ff02::c]:3702 [proto: 153/WSD][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][14 pkts/15504 bytes -> 0 pkts/0 bytes][Goodput ratio: 94/0][586.41 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 21/0 48849/0 583774/0 161286/0][Pkt Len c2s/s2c min/avg/max/stddev: 834/0 1107/0 1153/0 112/0][PLAIN TEXT (xml version)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,85,0,0,0,0,0,0,0,0,0,0,0,0,0] 6 UDP 10.0.2.15:63957 -> 239.255.255.250:3702 [proto: 153/WSD][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][13 pkts/14194 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][586.30 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 21/0 53286/0 583775/0 167755/0][Pkt Len c2s/s2c min/avg/max/stddev: 814/0 1092/0 1115/0 80/0][PLAIN TEXT (xml version)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,92,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 7 TCP 10.0.2.15:50330 <-> 69.118.162.229:46906 [proto: 7.35/HTTP.Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Download/7][9 pkts/1011 bytes <-> 12 pkts/11017 bytes][Goodput ratio: 51/94][3.38 sec][Hostname/SNI: 69.118.162.229][bytes ratio: -0.832 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 388/240 1119/1115 493/448][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 112/918 567/1514 161/644][URL: 69.118.162.229:46906/gnutella/thex/v1?urn:tree:tiger/:3WMUS6WM2ZC7XIPRQDKXWHHJRV4IKYC4OX4ELCA&depth=9&ed2k=1][StatusCode: 200][Content-Type: application/dime][Server: Shareaza 2.7.10.2][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unsafe Protocol **][Risk Score: 70][Risk Info: Found host 69.118.162.229][PLAIN TEXT (GET /gnutella/thex/v1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,0,0,0,0,55,0,0] + 7 TCP 10.0.2.15:50330 <-> 69.118.162.229:46906 [proto: 7.35/HTTP.Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Download/7][9 pkts/1011 bytes <-> 12 pkts/11017 bytes][Goodput ratio: 51/94][3.38 sec][Hostname/SNI: 69.118.162.229][bytes ratio: -0.832 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 388/240 1119/1115 493/448][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 112/918 567/1514 161/644][URL: 69.118.162.229:46906/gnutella/thex/v1?urn:tree:tiger/:3WMUS6WM2ZC7XIPRQDKXWHHJRV4IKYC4OX4ELCA&depth=9&ed2k=1][StatusCode: 200][Content-Type: application/dime][Server: Shareaza 2.7.10.2][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unsafe Protocol **** Susp Entropy **][Risk Score: 120][Risk Info: Found host 69.118.162.229 / Entropy: 5.691 (Executable)][PLAIN TEXT (GET /gnutella/thex/v1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,0,0,0,0,55,0,0] 8 TCP 10.0.2.15:50248 <-> 109.214.154.216:6346 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Download/7][45 pkts/3196 bytes <-> 54 pkts/8256 bytes][Goodput ratio: 24/65][522.53 sec][bytes ratio: -0.442 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/1 12254/10032 54436/54424 15860/15019][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/153 358/1078 50/183][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 56,1,12,5,3,1,1,7,3,1,3,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 9 TCP 10.0.2.15:50249 <-> 86.208.180.181:45883 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Download/7][43 pkts/3087 bytes <-> 47 pkts/7704 bytes][Goodput ratio: 24/67][522.17 sec][bytes ratio: -0.428 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 11973/13240 47909/55396 14672/15777][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 72/164 357/1119 51/213][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 57,0,4,6,4,4,4,2,6,2,2,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 10 TCP 10.0.2.15:50327 <-> 69.118.162.229:46906 [proto: 7.35/HTTP.Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Media/1][5 pkts/815 bytes <-> 7 pkts/5620 bytes][Goodput ratio: 65/93][1.25 sec][Hostname/SNI: 69.118.162.229][bytes ratio: -0.747 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 416/228 1138/1123 513/447][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 163/803 587/1514 212/666][URL: 69.118.162.229:46906/uri-res/N2R?urn:sha1:LXIP2A72T5H3BU3GRUMZFYNU3OYDK6FI][StatusCode: 206][Content-Type: audio/mpeg][Server: Shareaza 2.7.10.2][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Filename: Nickelback%20-%20Hero%20(Spiderman%20soundtrack).mp3][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unsafe Protocol **** Binary file/data transfer (attempt) **][Risk Score: 120][Risk Info: Found host 69.118.162.229 / File download Nickelback%20-%20Hero%20(Spiderman%20soundtrack).][PLAIN TEXT (GET /uri)][Plen Bins: 0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,51,0,0] + 10 TCP 10.0.2.15:50327 <-> 69.118.162.229:46906 [proto: 7.35/HTTP.Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Media/1][5 pkts/815 bytes <-> 7 pkts/5620 bytes][Goodput ratio: 65/93][1.25 sec][Hostname/SNI: 69.118.162.229][bytes ratio: -0.747 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 416/228 1138/1123 513/447][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 163/803 587/1514 212/666][URL: 69.118.162.229:46906/uri-res/N2R?urn:sha1:LXIP2A72T5H3BU3GRUMZFYNU3OYDK6FI][StatusCode: 206][Content-Type: audio/mpeg][Server: Shareaza 2.7.10.2][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Filename: Nickelback%20-%20Hero%20(Spiderman%20soundtrack).mp3][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unsafe Protocol **** Susp Entropy **** Binary file/data transfer (attempt) **][Risk Score: 170][Risk Info: Found host 69.118.162.229 / Entropy: 5.630 (Executable) / File download Nickelback%20-%20Hero%20(Spiderman%20soundtrack).][PLAIN TEXT (GET /uri)][Plen Bins: 0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,51,0,0] 11 UDP 10.0.2.15:28681 <-> 80.61.221.246:30577 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][9 pkts/1185 bytes <-> 9 pkts/5195 bytes][Goodput ratio: 68/93][197.38 sec][bytes ratio: -0.629 (Download)][IAT c2s/s2c min/avg/max/stddev: 39/35 26439/26440 107210/107216 34356/34358][Pkt Len c2s/s2c min/avg/max/stddev: 70/148 132/577 274/769 53/274][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (u.GTKG)][Plen Bins: 5,5,33,11,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 12 UDP 10.0.2.15:28681 <-> 193.37.255.130:61616 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][9 pkts/1185 bytes <-> 9 pkts/5176 bytes][Goodput ratio: 68/93][197.67 sec][bytes ratio: -0.627 (Download)][IAT c2s/s2c min/avg/max/stddev: 127/126 26488/26488 107228/107229 34539/34539][Pkt Len c2s/s2c min/avg/max/stddev: 70/129 132/575 274/769 53/277][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (u.GTKG)][Plen Bins: 5,5,39,5,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 13 UDP 10.0.2.15:28681 <-> 103.232.107.100:43508 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][9 pkts/1157 bytes <-> 8 pkts/4890 bytes][Goodput ratio: 67/93][230.22 sec][bytes ratio: -0.617 (Download)][IAT c2s/s2c min/avg/max/stddev: 4875/4875 31136/30836 107031/107033 32420/35010][Pkt Len c2s/s2c min/avg/max/stddev: 70/128 129/611 274/769 56/273][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (u.GTKG)][Plen Bins: 11,0,42,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,36,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -85,7 +85,7 @@ JA3 Host Stats: 28 UDP 10.0.2.15:28681 <-> 45.31.152.112:26851 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][6 pkts/836 bytes <-> 5 pkts/3224 bytes][Goodput ratio: 70/93][186.46 sec][bytes ratio: -0.588 (Download)][IAT c2s/s2c min/avg/max/stddev: 7100/7142 19000/19000 44374/44331 14989/14962][Pkt Len c2s/s2c min/avg/max/stddev: 70/148 139/645 274/769 63/248][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (u.GTKG)][Plen Bins: 9,0,36,9,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,36,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 29 UDP 10.0.2.15:28681 <-> 96.65.68.194:35481 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][6 pkts/836 bytes <-> 5 pkts/3224 bytes][Goodput ratio: 70/93][197.61 sec][bytes ratio: -0.588 (Download)][IAT c2s/s2c min/avg/max/stddev: 5017/5014 21044/21044 46304/46310 15712/15715][Pkt Len c2s/s2c min/avg/max/stddev: 70/148 139/645 274/769 63/248][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (client)][Plen Bins: 9,0,36,9,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,36,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 30 UDP 10.0.2.15:28681 <-> 181.84.178.16:60262 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][5 pkts/766 bytes <-> 5 pkts/3224 bytes][Goodput ratio: 72/93][84.70 sec][bytes ratio: -0.616 (Download)][IAT c2s/s2c min/avg/max/stddev: 5114/5194 21079/21064 46304/46263 15704/15629][Pkt Len c2s/s2c min/avg/max/stddev: 123/148 153/645 274/769 60/248][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (client)][Plen Bins: 0,0,40,10,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 31 TCP 10.0.2.15:50328 <-> 189.147.72.83:26108 [proto: 7.35/HTTP.Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Media/1][4 pkts/766 bytes <-> 5 pkts/2826 bytes][Goodput ratio: 70/90][1.41 sec][Hostname/SNI: 189.147.72.83][bytes ratio: -0.573 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 470/304 1214/1208 532/522][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 192/565 592/1514 231/558][URL: 189.147.72.83:26108/uri-res/N2R?urn:sha1:LXIP2A72T5H3BU3GRUMZFYNU3OYDK6FI][StatusCode: 206][Content-Type: audio/mpeg][Server: Shareaza 2.7.10.2][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Filename: Nickelback%20-%20Hero%20(Spiderman%20soundtrack).mp3][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unsafe Protocol **** Binary file/data transfer (attempt) **][Risk Score: 120][Risk Info: Found host 189.147.72.83 / File download Nickelback%20-%20Hero%20(Spiderman%20soundtrack).][PLAIN TEXT (GET /uri)][Plen Bins: 0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] + 31 TCP 10.0.2.15:50328 <-> 189.147.72.83:26108 [proto: 7.35/HTTP.Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Media/1][4 pkts/766 bytes <-> 5 pkts/2826 bytes][Goodput ratio: 70/90][1.41 sec][Hostname/SNI: 189.147.72.83][bytes ratio: -0.573 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 470/304 1214/1208 532/522][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 192/565 592/1514 231/558][URL: 189.147.72.83:26108/uri-res/N2R?urn:sha1:LXIP2A72T5H3BU3GRUMZFYNU3OYDK6FI][StatusCode: 206][Content-Type: audio/mpeg][Server: Shareaza 2.7.10.2][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Filename: Nickelback%20-%20Hero%20(Spiderman%20soundtrack).mp3][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unsafe Protocol **** Susp Entropy **** Binary file/data transfer (attempt) **][Risk Score: 170][Risk Info: Found host 189.147.72.83 / Entropy: 5.619 (Executable) / File download Nickelback%20-%20Hero%20(Spiderman%20soundtrack).][PLAIN TEXT (GET /uri)][Plen Bins: 0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] 32 UDP 10.0.2.15:28681 <-> 80.7.252.192:6888 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][6 pkts/844 bytes <-> 5 pkts/2741 bytes][Goodput ratio: 70/92][170.75 sec][bytes ratio: -0.529 (Download)][IAT c2s/s2c min/avg/max/stddev: 1605/1482 42670/42669 111028/111025 42886/42893][Pkt Len c2s/s2c min/avg/max/stddev: 98/148 141/548 274/769 61/274][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (.LGTKG)][Plen Bins: 0,18,27,9,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,27,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 33 UDP 10.0.2.15:28681 <-> 94.54.66.82:63637 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][5 pkts/537 bytes <-> 5 pkts/2722 bytes][Goodput ratio: 61/92][192.07 sec][bytes ratio: -0.670 (Download)][IAT c2s/s2c min/avg/max/stddev: 168/360 47931/46734 147616/141167 58240/55279][Pkt Len c2s/s2c min/avg/max/stddev: 70/130 107/544 123/769 21/279][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (u.GTKG)][Plen Bins: 10,10,40,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 34 UDP 10.0.2.15:28681 <-> 96.236.205.7:34794 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][5 pkts/537 bytes <-> 5 pkts/2721 bytes][Goodput ratio: 61/92][191.79 sec][bytes ratio: -0.670 (Download)][IAT c2s/s2c min/avg/max/stddev: 123/120 47920/47919 147559/147561 58219/58220][Pkt Len c2s/s2c min/avg/max/stddev: 70/129 107/544 123/769 21/280][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (u.GTKG)][Plen Bins: 10,10,40,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -265,7 +265,7 @@ JA3 Host Stats: 208 UDP 10.0.2.15:28681 -> 96.246.156.126:56070 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][2 pkts/193 bytes -> 0 pkts/0 bytes][Goodput ratio: 56/0][191.52 sec][Risk: ** Unsafe Protocol **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 209 UDP [fe80::c50d:519f:96a4:e108]:50435 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/172 bytes -> 0 pkts/0 bytes][Goodput ratio: 28/0][0.40 sec][Hostname/SNI: puppet][PLAIN TEXT (puppet)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 210 UDP [fe80::c50d:519f:96a4:e108]:62539 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/172 bytes -> 0 pkts/0 bytes][Goodput ratio: 28/0][0.40 sec][Hostname/SNI: puppet][PLAIN TEXT (puppet)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 211 ICMP 84.197.97.94:0 -> 10.0.2.15:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/151 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 211 ICMP 84.197.97.94:0 -> 10.0.2.15:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/151 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy: 5.868 (Executable)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 212 UDP 10.0.2.15:28681 -> 164.132.10.25:47808 [proto: 334/BACnet][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: IoT-Scada/31][2 pkts/140 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][35.55 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 213 UDP 10.0.2.15:28681 -> 5.180.62.37:6346 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][2 pkts/132 bytes -> 0 pkts/0 bytes][Goodput ratio: 36/0][169.51 sec][Risk: ** Unsafe Protocol **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 214 UDP 10.0.2.15:28681 -> 24.78.134.188:49046 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][2 pkts/132 bytes -> 0 pkts/0 bytes][Goodput ratio: 36/0][193.23 sec][Risk: ** Unsafe Protocol **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -374,9 +374,9 @@ JA3 Host Stats: 317 UDP 10.0.2.15:28681 -> 219.71.44.121:14398 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][1 pkts/119 bytes -> 0 pkts/0 bytes][Goodput ratio: 64/0][< 1 sec][Risk: ** Unsafe Protocol **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic][PLAIN TEXT (DNpinkfloyd@)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 318 UDP 10.0.2.15:28681 -> 220.137.106.173:11625 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][1 pkts/119 bytes -> 0 pkts/0 bytes][Goodput ratio: 64/0][< 1 sec][Risk: ** Unsafe Protocol **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic][PLAIN TEXT (DNpinkfloyd@)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 319 UDP 10.0.2.15:28681 -> 220.143.34.225:20071 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][1 pkts/119 bytes -> 0 pkts/0 bytes][Goodput ratio: 64/0][< 1 sec][Risk: ** Unsafe Protocol **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic][PLAIN TEXT (DNpinkfloyd@)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 320 ICMP 65.182.231.232:0 -> 10.0.2.15:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/98 bytes -> 0 pkts/0 bytes][Goodput ratio: 57/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 321 ICMP 164.132.10.25:0 -> 10.0.2.15:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/98 bytes -> 0 pkts/0 bytes][Goodput ratio: 57/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 322 ICMP 154.3.42.209:0 -> 10.0.2.15:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/94 bytes -> 0 pkts/0 bytes][Goodput ratio: 55/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 320 ICMP 65.182.231.232:0 -> 10.0.2.15:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/98 bytes -> 0 pkts/0 bytes][Goodput ratio: 57/0][< 1 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy: 4.985 (Executable)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 321 ICMP 164.132.10.25:0 -> 10.0.2.15:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/98 bytes -> 0 pkts/0 bytes][Goodput ratio: 57/0][< 1 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy: 5.021 (Executable)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 322 ICMP 154.3.42.209:0 -> 10.0.2.15:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/94 bytes -> 0 pkts/0 bytes][Goodput ratio: 55/0][< 1 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy: 5.210 (Executable)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 323 UDP [fe80::c50d:519f:96a4:e108]:63717 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/91 bytes -> 0 pkts/0 bytes][Goodput ratio: 32/0][< 1 sec][Hostname/SNI: msedgewin10][PLAIN TEXT (MSEDGEWIN)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 324 ICMPV6 [fe80::c50d:519f:96a4:e108]:0 -> [ff02::1]:0 [proto: 102/ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 28/0][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 325 ICMPV6 [::]:0 -> [ff02::1:ffa4:e108]:0 [proto: 102/ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/78 bytes -> 0 pkts/0 bytes][Goodput ratio: 20/0][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -429,14 +429,14 @@ JA3 Host Stats: Undetected flows: - 1 UDP 10.0.2.15:28681 <-> 193.32.126.214:59596 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 12][9 pkts/1133 bytes <-> 9 pkts/4728 bytes][Goodput ratio: 67/92][160.92 sec][bytes ratio: -0.613 (Download)][IAT c2s/s2c min/avg/max/stddev: 272/272 21367/21368 67329/67329 24897/24896][Pkt Len c2s/s2c min/avg/max/stddev: 70/130 126/525 274/769 57/278][PLAIN TEXT (CEGTKGb)][Plen Bins: 11,5,33,5,0,0,0,11,5,0,0,0,0,0,0,0,0,0,0,0,0,0,27,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 2 UDP 10.0.2.15:28681 <-> 104.156.226.72:53258 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 12][11 pkts/1318 bytes <-> 10 pkts/4413 bytes][Goodput ratio: 65/90][310.25 sec][bytes ratio: -0.540 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/119 32737/11587 222605/51544 68858/17008][Pkt Len c2s/s2c min/avg/max/stddev: 70/82 120/441 274/769 53/328][PLAIN TEXT (CEGTKGb)][Plen Bins: 4,28,28,9,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 3 UDP 10.0.2.15:28681 <-> 104.238.172.250:23548 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 10][5 pkts/464 bytes <-> 5 pkts/1845 bytes][Goodput ratio: 55/89][310.09 sec][bytes ratio: -0.598 (Download)][IAT c2s/s2c min/avg/max/stddev: 650/650 77515/77515 261177/261177 107329/107329][Pkt Len c2s/s2c min/avg/max/stddev: 70/82 93/369 123/769 25/327][PLAIN TEXT (CEGTKGb)][Plen Bins: 10,40,20,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 4 UDP 10.0.2.15:28681 <-> 142.132.165.13:30566 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 6][3 pkts/296 bytes <-> 3 pkts/1203 bytes][Goodput ratio: 57/89][160.89 sec][bytes ratio: -0.605 (Download)][IAT c2s/s2c min/avg/max/stddev: 77417/77420 80434/80434 83450/83449 3016/3014][Pkt Len c2s/s2c min/avg/max/stddev: 70/149 99/401 128/769 24/266][PLAIN TEXT (CEGTKGb)][Plen Bins: 16,16,16,16,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 5 UDP 10.0.2.15:28681 <-> 185.187.74.173:53489 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 6][3 pkts/291 bytes <-> 3 pkts/1203 bytes][Goodput ratio: 57/89][196.47 sec][bytes ratio: -0.610 (Download)][IAT c2s/s2c min/avg/max/stddev: 33201/33197 98224/98222 163247/163248 65023/65026][Pkt Len c2s/s2c min/avg/max/stddev: 70/149 97/401 123/769 22/266][PLAIN TEXT (CEGTKGW)][Plen Bins: 16,16,16,16,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 UDP 10.0.2.15:28681 <-> 193.32.126.214:59596 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 12][9 pkts/1133 bytes <-> 9 pkts/4728 bytes][Goodput ratio: 67/92][160.92 sec][bytes ratio: -0.613 (Download)][IAT c2s/s2c min/avg/max/stddev: 272/272 21367/21368 67329/67329 24897/24896][Pkt Len c2s/s2c min/avg/max/stddev: 70/130 126/525 274/769 57/278][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.090 (Executable)][PLAIN TEXT (CEGTKGb)][Plen Bins: 11,5,33,5,0,0,0,11,5,0,0,0,0,0,0,0,0,0,0,0,0,0,27,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 UDP 10.0.2.15:28681 <-> 104.156.226.72:53258 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 12][11 pkts/1318 bytes <-> 10 pkts/4413 bytes][Goodput ratio: 65/90][310.25 sec][bytes ratio: -0.540 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/119 32737/11587 222605/51544 68858/17008][Pkt Len c2s/s2c min/avg/max/stddev: 70/82 120/441 274/769 53/328][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.287 (Executable)][PLAIN TEXT (CEGTKGb)][Plen Bins: 4,28,28,9,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 UDP 10.0.2.15:28681 <-> 104.238.172.250:23548 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 10][5 pkts/464 bytes <-> 5 pkts/1845 bytes][Goodput ratio: 55/89][310.09 sec][bytes ratio: -0.598 (Download)][IAT c2s/s2c min/avg/max/stddev: 650/650 77515/77515 261177/261177 107329/107329][Pkt Len c2s/s2c min/avg/max/stddev: 70/82 93/369 123/769 25/327][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 4.951 (Executable)][PLAIN TEXT (CEGTKGb)][Plen Bins: 10,40,20,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 4 UDP 10.0.2.15:28681 <-> 142.132.165.13:30566 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 6][3 pkts/296 bytes <-> 3 pkts/1203 bytes][Goodput ratio: 57/89][160.89 sec][bytes ratio: -0.605 (Download)][IAT c2s/s2c min/avg/max/stddev: 77417/77420 80434/80434 83450/83449 3016/3014][Pkt Len c2s/s2c min/avg/max/stddev: 70/149 99/401 128/769 24/266][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.135 (Executable)][PLAIN TEXT (CEGTKGb)][Plen Bins: 16,16,16,16,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 5 UDP 10.0.2.15:28681 <-> 185.187.74.173:53489 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 6][3 pkts/291 bytes <-> 3 pkts/1203 bytes][Goodput ratio: 57/89][196.47 sec][bytes ratio: -0.610 (Download)][IAT c2s/s2c min/avg/max/stddev: 33201/33197 98224/98222 163247/163248 65023/65026][Pkt Len c2s/s2c min/avg/max/stddev: 70/149 97/401 123/769 22/266][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.008 (Executable)][PLAIN TEXT (CEGTKGW)][Plen Bins: 16,16,16,16,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 6 UDP 10.0.2.15:28681 <-> 188.61.52.183:11852 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 6][3 pkts/272 bytes <-> 3 pkts/981 bytes][Goodput ratio: 53/87][83.48 sec][bytes ratio: -0.566 (Download)][IAT c2s/s2c min/avg/max/stddev: 5559/5719 41729/41731 77899/77743 36170/36012][Pkt Len c2s/s2c min/avg/max/stddev: 70/82 91/327 128/769 26/313][PLAIN TEXT (CEGTKGW)][Plen Bins: 16,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 7 UDP 10.0.2.15:28681 <-> 14.200.255.229:37058 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 12][6 pkts/451 bytes <-> 6 pkts/641 bytes][Goodput ratio: 44/61][433.20 sec][bytes ratio: -0.174 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 6450/6454 93822/93822 203345/203341 72163/72161][Pkt Len c2s/s2c min/avg/max/stddev: 70/88 75/107 98/120 10/14][PLAIN TEXT (LOCCen)][Plen Bins: 41,33,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 8 UDP 10.0.2.15:28681 -> 75.133.101.93:52367 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 8][8 pkts/847 bytes -> 0 pkts/0 bytes][Goodput ratio: 60/0][90.43 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 12919/0 46195/0 15764/0][Pkt Len c2s/s2c min/avg/max/stddev: 70/0 106/0 128/0 21/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 12,37,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 8 UDP 10.0.2.15:28681 -> 75.133.101.93:52367 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 8][8 pkts/847 bytes -> 0 pkts/0 bytes][Goodput ratio: 60/0][90.43 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 12919/0 46195/0 15764/0][Pkt Len c2s/s2c min/avg/max/stddev: 70/0 106/0 128/0 21/0][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy: 5.287 (Executable)][Plen Bins: 12,37,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 9 TCP 10.0.2.15:50245 <-> 73.62.225.181:46843 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 11][3 pkts/198 bytes <-> 8 pkts/460 bytes][Goodput ratio: 0/0][122.56 sec][bytes ratio: -0.398 (Download)][IAT c2s/s2c min/avg/max/stddev: 3014/0 4514/0 6013/0 1499/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 66/58 66/58 0/1][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused (server)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 10 UDP 10.0.2.15:28681 <-> 84.71.243.60:34498 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 6][3 pkts/239 bytes <-> 3 pkts/312 bytes][Goodput ratio: 47/59][121.86 sec][bytes ratio: -0.132 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 14626/14492 60905/60859 107184/107226 46279/46367][Pkt Len c2s/s2c min/avg/max/stddev: 70/88 80/104 98/119 13/13][PLAIN TEXT (pinkfloyd)][Plen Bins: 33,50,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 11 TCP 10.0.2.15:50190 <-> 80.140.63.147:29545 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 9][1 pkts/66 bytes <-> 8 pkts/460 bytes][Goodput ratio: 0/0][87.66 sec][bytes ratio: -0.749 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 66/58 66/58 0/1][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused (server)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -446,7 +446,7 @@ Undetected flows: 15 UDP 10.0.2.15:28681 <-> 97.83.183.148:8890 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 6][3 pkts/238 bytes <-> 3 pkts/281 bytes][Goodput ratio: 47/55][203.46 sec][bytes ratio: -0.083 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 170/196 101636/101645 203102/203094 101466/101449][Pkt Len c2s/s2c min/avg/max/stddev: 70/88 79/94 98/105 13/8][PLAIN TEXT (pinkfloyd)][Plen Bins: 33,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 16 UDP 10.0.2.15:28681 <-> 45.65.87.24:16201 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 6][3 pkts/238 bytes <-> 3 pkts/276 bytes][Goodput ratio: 47/54][203.28 sec][bytes ratio: -0.074 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 42/41 101580/101617 203119/203193 101538/101576][Pkt Len c2s/s2c min/avg/max/stddev: 70/88 79/92 98/100 13/6][PLAIN TEXT (pinkfloyd)][Plen Bins: 33,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 17 UDP 10.0.2.15:28681 <-> 86.153.21.93:36696 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 6][3 pkts/238 bytes <-> 3 pkts/276 bytes][Goodput ratio: 47/54][203.27 sec][bytes ratio: -0.074 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 133/100 101618/101569 203102/203038 101484/101469][Pkt Len c2s/s2c min/avg/max/stddev: 70/88 79/92 98/100 13/6][PLAIN TEXT (pinkfloyd)][Plen Bins: 33,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 18 UDP 10.0.2.15:28681 <-> 156.57.42.2:33476 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 4][2 pkts/168 bytes <-> 2 pkts/203 bytes][Goodput ratio: 50/58][44.33 sec][PLAIN TEXT (pinkfloyd)][Plen Bins: 25,50,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 18 UDP 10.0.2.15:28681 <-> 156.57.42.2:33476 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 4][2 pkts/168 bytes <-> 2 pkts/203 bytes][Goodput ratio: 50/58][44.33 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.157 (Executable)][PLAIN TEXT (pinkfloyd)][Plen Bins: 25,50,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 19 UDP 10.0.2.15:28681 <-> 31.20.248.147:30706 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 4][2 pkts/172 bytes <-> 2 pkts/194 bytes][Goodput ratio: 51/56][0.07 sec][PLAIN TEXT (pinkfloyd)][Plen Bins: 25,75,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 20 UDP 10.0.2.15:28681 <-> 68.227.193.37:27481 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 4][2 pkts/172 bytes <-> 2 pkts/194 bytes][Goodput ratio: 51/56][35.67 sec][PLAIN TEXT (pinkfloyd)][Plen Bins: 25,75,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 21 UDP 10.0.2.15:28681 <-> 74.50.147.205:17735 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 4][2 pkts/172 bytes <-> 2 pkts/194 bytes][Goodput ratio: 51/56][0.32 sec][PLAIN TEXT (pinkfloyd)][Plen Bins: 25,75,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -483,7 +483,7 @@ Undetected flows: 52 UDP 10.0.2.15:28681 <-> 165.84.134.136:21407 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 4][2 pkts/140 bytes <-> 2 pkts/174 bytes][Goodput ratio: 40/51][44.00 sec][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 53 UDP 10.0.2.15:28681 <-> 223.17.132.18:23458 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 4][2 pkts/140 bytes <-> 2 pkts/174 bytes][Goodput ratio: 40/51][203.51 sec][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 54 UDP 10.0.2.15:28681 <-> 71.239.173.18:23327 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 3][2 pkts/140 bytes <-> 1 pkts/88 bytes][Goodput ratio: 40/52][63.69 sec][Plen Bins: 66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 55 UDP 10.0.2.15:28681 <-> 113.252.86.162:9239 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 2][1 pkts/89 bytes <-> 1 pkts/133 bytes][Goodput ratio: 52/68][0.24 sec][PLAIN TEXT (CEGTKGb)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 55 UDP 10.0.2.15:28681 <-> 113.252.86.162:9239 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 2][1 pkts/89 bytes <-> 1 pkts/133 bytes][Goodput ratio: 52/68][0.24 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.673 (Executable)][PLAIN TEXT (CEGTKGb)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 56 UDP 10.0.2.15:28681 -> 122.117.100.78:9010 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 3][3 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][238.90 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 57 TCP 10.0.2.15:50200 -> 176.128.217.128:45194 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 3][3 pkts/198 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][9.03 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 58 TCP 10.0.2.15:50201 -> 78.122.93.185:6346 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 3][3 pkts/198 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][9.03 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/googledns_android10.pcap.out b/tests/cfgs/default/result/googledns_android10.pcap.out index d64850581ab..92144ad6f36 100644 --- a/tests/cfgs/default/result/googledns_android10.pcap.out +++ b/tests/cfgs/default/result/googledns_android10.pcap.out @@ -40,6 +40,6 @@ JA3 Host Stats: 3 TCP 192.168.1.159:48048 <-> 8.8.4.4:853 [proto: 91.196/TLS.DoH_DoT][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 7][cat: Network/14][52 pkts/7375 bytes <-> 52 pkts/20720 bytes][Goodput ratio: 53/83][41.01 sec][Hostname/SNI: dns.google][bytes ratio: -0.475 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 882/623 15271/15287 2537/2442][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 142/398 384/1484 84/406][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: 2c776785ee603cc85d37df996bb90cc8][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8][JA3S: b44baa8a20901c5663b3a9664ba8a767][Issuer: C=US, O=Google Trust Services, CN=GTS CA 1O1][Subject: C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google][Certificate SHA-1: 5B:59:09:FC:7D:50:E6:F7:D1:08:8E:57:42:A2:D8:AE:1F:03:FF:EC][Safari][Validity: 2020-05-26 15:20:02 - 2020-08-18 15:20:02][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 1,0,1,0,44,0,0,1,0,3,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,3,0,0,0] 4 TCP 192.168.1.159:48044 <-> 8.8.4.4:853 [proto: 91.196/TLS.DoH_DoT][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 7][cat: Network/14][11 pkts/1097 bytes <-> 10 pkts/4148 bytes][Goodput ratio: 33/84][0.12 sec][Hostname/SNI: dns.google][bytes ratio: -0.582 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 12/9 34/19 13/8][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 100/415 220/1484 51/544][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: 2c776785ee603cc85d37df996bb90cc8][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8][JA3S: b44baa8a20901c5663b3a9664ba8a767][Issuer: C=US, O=Google Trust Services, CN=GTS CA 1O1][Subject: C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google][Certificate SHA-1: 5B:59:09:FC:7D:50:E6:F7:D1:08:8E:57:42:A2:D8:AE:1F:03:FF:EC][Safari][Validity: 2020-05-26 15:20:02 - 2020-08-18 15:20:02][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 11,0,22,11,11,0,0,11,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0] 5 TCP 192.168.1.159:56024 <-> 8.8.8.8:853 [proto: 91.196/TLS.DoH_DoT][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 7][cat: Network/14][11 pkts/1097 bytes <-> 10 pkts/4148 bytes][Goodput ratio: 33/84][0.14 sec][Hostname/SNI: dns.google][bytes ratio: -0.582 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/12 46/31 17/11][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 100/415 220/1484 51/544][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: 2c776785ee603cc85d37df996bb90cc8][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8][JA3S: b44baa8a20901c5663b3a9664ba8a767][Issuer: C=US, O=Google Trust Services, CN=GTS CA 1O1][Subject: C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google][Certificate SHA-1: 5B:59:09:FC:7D:50:E6:F7:D1:08:8E:57:42:A2:D8:AE:1F:03:FF:EC][Safari][Validity: 2020-05-26 15:20:02 - 2020-08-18 15:20:02][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 11,0,22,11,11,0,0,11,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0] - 6 ICMP 192.168.1.159:0 <-> 8.8.8.8:0 [proto: 81/ICMP][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/196 bytes <-> 2 pkts/196 bytes][Goodput ratio: 57/57][0.99 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 6 ICMP 192.168.1.159:0 <-> 8.8.8.8:0 [proto: 81/ICMP][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/196 bytes <-> 2 pkts/196 bytes][Goodput ratio: 57/57][0.99 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: No server to client traffic / Entropy: 5.298 (Executable)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 7 TCP 8.8.8.8:853 <-> 192.168.1.159:55856 [proto: 196/DoH_DoT][IP: 126/Google][Encrypted][Confidence: Match by port][DPI packets: 6][cat: Network/14][5 pkts/330 bytes <-> 1 pkts/54 bytes][Goodput ratio: 0/0][1.80 sec][bytes ratio: 0.719 (Upload)][IAT c2s/s2c min/avg/max/stddev: 223/0 449/0 911/0 281/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 66/54 66/54 0/0][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 8 TCP 8.8.4.4:853 <-> 192.168.1.159:47968 [proto: 196/DoH_DoT][IP: 126/Google][Encrypted][Confidence: Match by port][DPI packets: 2][cat: Network/14][1 pkts/66 bytes <-> 1 pkts/54 bytes][Goodput ratio: 0/0][0.09 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/gtp_false_positive.pcapng.out b/tests/cfgs/default/result/gtp_false_positive.pcapng.out index a308d54edd2..39d1e0eba44 100644 --- a/tests/cfgs/default/result/gtp_false_positive.pcapng.out +++ b/tests/cfgs/default/result/gtp_false_positive.pcapng.out @@ -30,7 +30,7 @@ GTP 2 424 2 Acceptable 2 424 2 Unrated 5 428 1 - 1 UDP 119.185.190.173:2123 -> 66.86.98.114:50140 [proto: 152/GTP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/368 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (autoAlgo)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 UDP 119.185.190.173:2123 -> 66.86.98.114:50140 [proto: 152/GTP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/368 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][< 1 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy: 6.121 (Executable)][PLAIN TEXT (autoAlgo)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 50.7.111.134:17000 -> 103.225.103.159:2123 [proto: 152/GTP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/56 bytes -> 0 pkts/0 bytes][Goodput ratio: 14/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/haproxy.pcap.out b/tests/cfgs/default/result/haproxy.pcap.out index d89783fcfeb..b9bba492955 100644 --- a/tests/cfgs/default/result/haproxy.pcap.out +++ b/tests/cfgs/default/result/haproxy.pcap.out @@ -25,4 +25,4 @@ HAProxy 1 375 1 Safe 1 375 1 - 1 TCP 1.1.1.1:48502 -> 2.2.2.2:443 [proto: 350/HAProxy][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/375 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (PROXY TCP)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 TCP 1.1.1.1:48502 -> 2.2.2.2:443 [proto: 350/HAProxy][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/375 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][< 1 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy: 5.968 (Executable)][PLAIN TEXT (PROXY TCP)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/http-proxy.pcapng.out b/tests/cfgs/default/result/http-proxy.pcapng.out index fbfdc0b9abe..39d4ba2a856 100644 --- a/tests/cfgs/default/result/http-proxy.pcapng.out +++ b/tests/cfgs/default/result/http-proxy.pcapng.out @@ -25,4 +25,4 @@ HTTP_Proxy 11 1652 1 Acceptable 11 1652 1 - 1 TCP 192.168.1.103:1241 <-> 192.168.1.146:8080 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][6 pkts/654 bytes <-> 5 pkts/998 bytes][Goodput ratio: 45/72][5.24 sec][Hostname/SNI: http.com][bytes ratio: -0.208 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 1048/118 4958/234 1958/116][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 109/200 348/770 107/285][URL: http://http.com/][StatusCode: 200][Content-Type: text/html][Server: Apache/2.4.41 (Ubuntu)][User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0][PLAIN TEXT (GET http)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 TCP 192.168.1.103:1241 <-> 192.168.1.146:8080 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][6 pkts/654 bytes <-> 5 pkts/998 bytes][Goodput ratio: 45/72][5.24 sec][Hostname/SNI: http.com][bytes ratio: -0.208 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 1048/118 4958/234 1958/116][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 109/200 348/770 107/285][URL: http://http.com/][StatusCode: 200][Content-Type: text/html][Server: Apache/2.4.41 (Ubuntu)][User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.285 (Executable)][PLAIN TEXT (GET http)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/http_asymmetric.pcapng.out b/tests/cfgs/default/result/http_asymmetric.pcapng.out index c39e456e878..fe9f2f60a45 100644 --- a/tests/cfgs/default/result/http_asymmetric.pcapng.out +++ b/tests/cfgs/default/result/http_asymmetric.pcapng.out @@ -12,7 +12,7 @@ LRU cache stun_zoom: 0/0/0 (insert/search/found) Automa host: 1/0 (search/found) Automa domain: 1/0 (search/found) Automa tls cert: 0/0 (search/found) -Automa risk mask: 0/0 (search/found) +Automa risk mask: 1/1 (search/found) Automa common alpns: 0/0 (search/found) Patricia risk mask: 4/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) @@ -26,4 +26,4 @@ HTTP 23 9961 2 Acceptable 23 9961 2 1 TCP 192.168.1.146:80 -> 192.168.1.103:1044 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 11][cat: Web/5][13 pkts/8357 bytes -> 0 pkts/0 bytes][Goodput ratio: 91/0][5.11 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 464/0 5000/0 1435/0][Pkt Len c2s/s2c min/avg/max/stddev: 60/0 643/0 1514/0 626/0][StatusCode: 404][Content-Type: text/html][Server: Apache/2.4.41 (Ubuntu)][Risk: ** HTTP Susp User-Agent **** Error Code **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No client to server traffic / HTTP Error Code 404 / Empty or missing User-Agent][PLAIN TEXT (HTTP/1.1 200 OK)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,14,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,57,0,0] - 2 TCP 192.168.0.1:1044 -> 10.10.10.1:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 7][cat: Web/5][10 pkts/1604 bytes -> 0 pkts/0 bytes][Goodput ratio: 66/0][5.11 sec][Hostname/SNI: proxy.wiresharkfest.acropolis.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 567/0 4951/0 1550/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/0 160/0 418/0 160/0][URL: proxy.wiresharkfest.acropolis.local/favicon.ico][User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 TCP 192.168.0.1:1044 -> 10.10.10.1:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 7][cat: Web/5][10 pkts/1604 bytes -> 0 pkts/0 bytes][Goodput ratio: 66/0][5.11 sec][Hostname/SNI: proxy.wiresharkfest.acropolis.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 567/0 4951/0 1550/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/0 160/0 418/0 160/0][URL: proxy.wiresharkfest.acropolis.local/favicon.ico][User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/http_connect.pcap.out b/tests/cfgs/default/result/http_connect.pcap.out index 2af61d54750..5b524ea1628 100644 --- a/tests/cfgs/default/result/http_connect.pcap.out +++ b/tests/cfgs/default/result/http_connect.pcap.out @@ -35,5 +35,5 @@ JA3 Host Stats: 1 TCP 192.168.1.146:35968 <-> 151.101.2.132:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][28 pkts/3557 bytes <-> 30 pkts/32939 bytes][Goodput ratio: 48/94][0.11 sec][Hostname/SNI: apache.org][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.805 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/4 53/54 11/11][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 127/1098 583/1450 129/576][TLSv1.3][JA3C: c834494f5948ae026d160656c93c8871][JA4: t13d1813h2_e8a523a41297_f81080dfc557][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 2,2,8,8,2,0,0,0,0,0,0,0,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0] - 2 TCP 192.168.1.103:1714 <-> 192.168.1.146:8080 [proto: 130/HTTP_Connect][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][18 pkts/2918 bytes <-> 22 pkts/23923 bytes][Goodput ratio: 65/95][0.11 sec][Hostname/SNI: apache.org][bytes ratio: -0.783 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/5 50/53 13/12][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 162/1087 571/5590 128/1857][URL: apache.org:443][StatusCode: 200][User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0][PLAIN TEXT (CONNECT apache.org)][Plen Bins: 4,4,20,15,4,4,4,0,0,4,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,20] + 2 TCP 192.168.1.103:1714 <-> 192.168.1.146:8080 [proto: 130/HTTP_Connect][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][18 pkts/2918 bytes <-> 22 pkts/23923 bytes][Goodput ratio: 65/95][0.11 sec][Hostname/SNI: apache.org][bytes ratio: -0.783 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/5 50/53 13/12][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 162/1087 571/5590 128/1857][URL: apache.org:443][StatusCode: 200][User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.267 (Executable)][PLAIN TEXT (CONNECT apache.org)][Plen Bins: 4,4,20,15,4,4,4,0,0,4,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,20] 3 UDP 192.168.1.146:47767 <-> 192.168.1.2:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/97 bytes][Goodput ratio: 48/56][< 1 sec][Hostname/SNI: apache.org][151.101.2.132][PLAIN TEXT (apache)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/http_guessed_host_and_guessed.pcapng.out b/tests/cfgs/default/result/http_guessed_host_and_guessed.pcapng.out index b92266bf2ad..c422aad3220 100644 --- a/tests/cfgs/default/result/http_guessed_host_and_guessed.pcapng.out +++ b/tests/cfgs/default/result/http_guessed_host_and_guessed.pcapng.out @@ -27,4 +27,4 @@ POP3 1 123 1 Unsafe 1 123 1 - 1 TCP 170.33.13.5:110 -> 192.168.0.1:179 [proto: 2/POP3][IP: 274/Alibaba][ClearText][Confidence: Match by port][DPI packets: 1][cat: Email/3][1 pkts/123 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][< 1 sec][Risk: ** Unsafe Protocol **** Unidirectional Traffic **** TCP Connection Issues **][Risk Score: 70][Risk Info: No client to server traffic / TCP probing attempt][PLAIN TEXT (6 HTTP/1.1)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 TCP 170.33.13.5:110 -> 192.168.0.1:179 [proto: 2/POP3][IP: 274/Alibaba][ClearText][Confidence: Match by port][DPI packets: 1][cat: Email/3][1 pkts/123 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][< 1 sec][Risk: ** Unsafe Protocol **** Susp Entropy **** Unidirectional Traffic **** TCP Connection Issues **][Risk Score: 120][Risk Info: No client to server traffic / Entropy: 5.038 (Executable) / TCP probing attempt][PLAIN TEXT (6 HTTP/1.1)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/http_ipv6.pcap.out b/tests/cfgs/default/result/http_ipv6.pcap.out index 09d543b6376..8e59c0496a5 100644 --- a/tests/cfgs/default/result/http_ipv6.pcap.out +++ b/tests/cfgs/default/result/http_ipv6.pcap.out @@ -19,7 +19,7 @@ Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) Automa common alpns: 24/24 (search/found) Patricia risk mask: 0/0 (search/found) -Patricia risk mask IPv6: 6/0 (search/found) +Patricia risk mask IPv6: 4/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 15/0 (search/found) Patricia protocols: 0/0 (search/found) @@ -48,7 +48,7 @@ JA3 Host Stats: 6 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53132 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/TLS.Facebook][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 8][cat: SocialNetwork/6][7 pkts/960 bytes <-> 5 pkts/4227 bytes][Goodput ratio: 36/90][0.06 sec][Hostname/SNI: s-static.ak.facebook.com][(Advertised) ALPNs: http/1.1;spdy/3.1;h2-14;h2][(Negotiated) ALPN: http/1.1][bytes ratio: -0.630 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/3 8/7 3/3][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 137/845 310/2942 83/1078][TLSv1.2][JA3C: d3e627f423a33ea41841c19b8af79293][JA4: t12d1612ht_94fc43e2fc61_c9eaec7dbab4][ServerNames: *.ak.fbcdn.net,s-static.ak.fbcdn.net,igsonar.com,*.igsonar.com,ak.facebook.com,*.ak.facebook.com,*.s-static.ak.facebook.com,connect.facebook.net,s-static.ak.facebook.com][JA3S: b898351eb5e266aefd3723d466935494][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3][Subject: C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.ak.fbcdn.net][Certificate SHA-1: E7:62:76:74:8D:09:F7:E9:69:05:B8:1A:37:A1:30:2D:FF:3B:BC:0A][Firefox][Validity: 2015-08-12 00:00:00 - 2015-12-31 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,20,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20] 7 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53134 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/TLS.Facebook][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: SocialNetwork/6][6 pkts/874 bytes <-> 4 pkts/4141 bytes][Goodput ratio: 40/91][0.06 sec][Hostname/SNI: s-static.ak.facebook.com][(Advertised) ALPNs: http/1.1;spdy/3.1;h2-14;h2][(Negotiated) ALPN: http/1.1][bytes ratio: -0.651 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 12/5 43/8 16/3][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 146/1035 310/3633 86/1503][TLSv1.2][JA3C: d3e627f423a33ea41841c19b8af79293][JA4: t12d1612ht_94fc43e2fc61_c9eaec7dbab4][ServerNames: *.ak.fbcdn.net,s-static.ak.fbcdn.net,igsonar.com,*.igsonar.com,ak.facebook.com,*.ak.facebook.com,*.s-static.ak.facebook.com,connect.facebook.net,s-static.ak.facebook.com][JA3S: b898351eb5e266aefd3723d466935494][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3][Subject: C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.ak.fbcdn.net][Certificate SHA-1: E7:62:76:74:8D:09:F7:E9:69:05:B8:1A:37:A1:30:2D:FF:3B:BC:0A][Firefox][Validity: 2015-08-12 00:00:00 - 2015-12-31 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,25,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25] 8 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:41776 <-> [2a00:1450:4001:803::1017]:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 5][cat: Web/5][7 pkts/860 bytes <-> 7 pkts/1353 bytes][Goodput ratio: 30/55][0.12 sec][bytes ratio: -0.223 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/6 30/30 13/12][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 123/193 268/592 62/172][Plen Bins: 0,57,0,0,0,28,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 9 UDP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:55145 <-> [2a00:1450:400b:c02::5f]:443 [proto: 188/QUIC][IP: 126/Google][Encrypted][Confidence: Match by port][DPI packets: 3][cat: Web/5][2 pkts/359 bytes <-> 1 pkts/143 bytes][Goodput ratio: 65/56][0.07 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy 7.02][Plen Bins: 0,33,33,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 9 UDP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:55145 <-> [2a00:1450:400b:c02::5f]:443 [proto: 188/QUIC][IP: 126/Google][Encrypted][Confidence: Match by port][DPI packets: 3][cat: Web/5][2 pkts/359 bytes <-> 1 pkts/143 bytes][Goodput ratio: 65/56][0.07 sec][Plen Bins: 0,33,33,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 10 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:33062 <-> [2a00:1450:400b:c02::9a]:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: Match by port][DPI packets: 2][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.04 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 11 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:40308 <-> [2a03:2880:1010:3f20:face:b00c::25de]:443 [proto: 91/TLS][IP: 119/Facebook][Encrypted][Confidence: Match by port][DPI packets: 2][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.13 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 12 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:40526 <-> [2a00:1450:4006:804::200e]:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: Match by port][DPI packets: 2][cat: Web/5][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.02 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/http_origin_different_than_host.pcap.out b/tests/cfgs/default/result/http_origin_different_than_host.pcap.out index 470c09bfd8f..1eb276cedbf 100644 --- a/tests/cfgs/default/result/http_origin_different_than_host.pcap.out +++ b/tests/cfgs/default/result/http_origin_different_than_host.pcap.out @@ -25,4 +25,4 @@ HTTP 4 1229 1 Acceptable 4 1229 1 - 1 TCP 10.140.206.74:34536 <-> 18.135.206.102:80 [VLAN: 113][proto: GTP:7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 4][cat: Web/5][2 pkts/835 bytes <-> 2 pkts/394 bytes][Goodput ratio: 73/42][0.35 sec][Hostname/SNI: csb.performgroup.io][URL: csb.performgroup.io/?topreferer=optawidgets.365scores.com][StatusCode: 101][User-Agent: Mozilla/5.0 (Linux; Android 9; JKM-LX1 Build/HUAWEIJKM-LX1; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/106.0.5249.118 Mobile Safari/537.36][PLAIN TEXT (topreferer)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 TCP 10.140.206.74:34536 <-> 18.135.206.102:80 [VLAN: 113][proto: GTP:7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 4][cat: Web/5][2 pkts/835 bytes <-> 2 pkts/394 bytes][Goodput ratio: 73/42][0.35 sec][Hostname/SNI: csb.performgroup.io][URL: csb.performgroup.io/?topreferer=optawidgets.365scores.com][StatusCode: 101][User-Agent: Mozilla/5.0 (Linux; Android 9; JKM-LX1 Build/HUAWEIJKM-LX1; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/106.0.5249.118 Mobile Safari/537.36][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.542 (Executable)][PLAIN TEXT (topreferer)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/http_ua_splitted_in_two_pkts.pcapng.out b/tests/cfgs/default/result/http_ua_splitted_in_two_pkts.pcapng.out index 54a2bacc0fa..01b21f024b7 100644 --- a/tests/cfgs/default/result/http_ua_splitted_in_two_pkts.pcapng.out +++ b/tests/cfgs/default/result/http_ua_splitted_in_two_pkts.pcapng.out @@ -25,4 +25,4 @@ HTTP 115 76310 1 Acceptable 115 76310 1 - 1 TCP 254.125.135.128:21359 <-> 66.152.103.45:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: Web/5][76 pkts/67448 bytes <-> 39 pkts/8862 bytes][Goodput ratio: 93/71][386.83 sec][Hostname/SNI: va.origin.startappservice.com][bytes ratio: 0.768 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/234 4719/10214 59840/59845 10187/13183][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 887/227 1454/424 557/96][StatusCode: 200][User-Agent: Mozil][PLAIN TEXT (WGET /tracking/adImpression)][Plen Bins: 0,0,0,2,26,0,6,1,13,1,4,6,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,35,0,0,0,0] + 1 TCP 254.125.135.128:21359 <-> 66.152.103.45:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: Web/5][76 pkts/67448 bytes <-> 39 pkts/8862 bytes][Goodput ratio: 93/71][386.83 sec][Hostname/SNI: va.origin.startappservice.com][bytes ratio: 0.768 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/234 4719/10214 59840/59845 10187/13183][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 887/227 1454/424 557/96][StatusCode: 200][User-Agent: Mozil][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.714 (Executable)][PLAIN TEXT (WGET /tracking/adImpression)][Plen Bins: 0,0,0,2,26,0,6,1,13,1,4,6,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,35,0,0,0,0] diff --git a/tests/cfgs/default/result/icmp-tunnel.pcap.out b/tests/cfgs/default/result/icmp-tunnel.pcap.out index 2223d9016bf..27221720514 100644 --- a/tests/cfgs/default/result/icmp-tunnel.pcap.out +++ b/tests/cfgs/default/result/icmp-tunnel.pcap.out @@ -25,4 +25,4 @@ ICMP 863 190810 1 Acceptable 863 190810 1 - 1 ICMP 192.168.154.131:0 <-> 192.168.154.132:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][448 pkts/98566 bytes <-> 415 pkts/92244 bytes][Goodput ratio: 81/81][1122.51 sec][bytes ratio: 0.033 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2578/2731 145505/145505 9091/9494][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 220/222 1075/1070 245/245][Risk: ** Malformed Packet **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (OpenSSH5)][Plen Bins: 0,32,24,24,7,3,3,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 ICMP 192.168.154.131:0 <-> 192.168.154.132:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][448 pkts/98566 bytes <-> 415 pkts/92244 bytes][Goodput ratio: 81/81][1122.51 sec][bytes ratio: 0.033 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2578/2731 145505/145505 9091/9494][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 220/222 1075/1070 245/245][Risk: ** Malformed Packet **** Susp Entropy **][Risk Score: 60][Risk Info: No server to client traffic / Entropy: 5.703 (Executable)][PLAIN TEXT (OpenSSH5)][Plen Bins: 0,32,24,24,7,3,3,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/imo.pcap.out b/tests/cfgs/default/result/imo.pcap.out index 0518ca07e79..df40c2af9b5 100644 --- a/tests/cfgs/default/result/imo.pcap.out +++ b/tests/cfgs/default/result/imo.pcap.out @@ -14,7 +14,7 @@ Automa domain: 0/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) Automa common alpns: 0/0 (search/found) -Patricia risk mask: 2/0 (search/found) +Patricia risk mask: 4/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 0/0 (search/found) diff --git a/tests/cfgs/default/result/instagram.pcap.out b/tests/cfgs/default/result/instagram.pcap.out index ed7639ca753..94551a6bfd2 100644 --- a/tests/cfgs/default/result/instagram.pcap.out +++ b/tests/cfgs/default/result/instagram.pcap.out @@ -20,7 +20,7 @@ Automa domain: 25/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 9/7 (search/found) Automa common alpns: 6/6 (search/found) -Patricia risk mask: 52/0 (search/found) +Patricia risk mask: 46/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 0/0 (search/found) @@ -51,10 +51,10 @@ JA3 Host Stats: 4 TCP 192.168.0.103:44379 <-> 82.85.26.186:80 [proto: 7.211/HTTP.Instagram][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: SocialNetwork/6][41 pkts/3392 bytes <-> 40 pkts/50024 bytes][Goodput ratio: 15/95][7.88 sec][Hostname/SNI: photos-e.ak.instagram.com][bytes ratio: -0.873 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 244/12 7254/372 1261/66][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 83/1251 325/1484 56/507][URL: photos-e.ak.instagram.com/hphotos-ak-xaf1/t51.2885-15/e35/11379148_1449120228745316_607477962_n.jpg?se=7][User-Agent: Instagram 7.1.1 Android (19/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)][PLAIN TEXT (GET /hphotos)][Plen Bins: 2,0,9,0,0,0,2,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,82,0,0,0] 5 TCP 192.168.0.103:57936 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: SocialNetwork/6][24 pkts/1837 bytes <-> 34 pkts/48383 bytes][Goodput ratio: 14/95][0.51 sec][Hostname/SNI: photos-g.ak.instagram.com][bytes ratio: -0.927 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 28/0 321/2 76/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/186 77/1423 319/1484 51/249][URL: photos-g.ak.instagram.com/hphotos-ak-xaf1/t51.2885-15/e15/11386524_110257619317430_379513654_n.jpg][StatusCode: 200][Content-Type: image/jpeg][User-Agent: Instagram 7.1.1 Android (19/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)][PLAIN TEXT (GET /hphotos)][Plen Bins: 0,0,0,2,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,91,0,0,0] 6 TCP 192.168.0.103:33936 <-> 31.13.93.52:443 [proto: 91/TLS][IP: 119/Facebook][Encrypted][Confidence: DPI][DPI packets: 3][cat: Web/5][34 pkts/5555 bytes <-> 34 pkts/40133 bytes][Goodput ratio: 60/94][10.06 sec][bytes ratio: -0.757 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 364/362 7669/7709 1462/1472][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 163/1180 1431/1464 318/495][Plen Bins: 0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2,0,0,0,2,0,0,0,0,0,5,0,2,0,0,0,0,0,0,2,0,0,0,2,76,0,0,0,0] - 7 TCP 31.13.86.52:80 <-> 192.168.0.103:58216 [proto: 7/HTTP][IP: 119/Facebook][ClearText][Confidence: Match by port][DPI packets: 18][cat: Web/5][26 pkts/38064 bytes <-> 14 pkts/924 bytes][Goodput ratio: 95/0][0.02 sec][bytes ratio: 0.953 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/1 1/2 0/1][Pkt Len c2s/s2c min/avg/max/stddev: 1464/66 1464/66 1464/66 0/0][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy 7.82][PLAIN TEXT (dnlN/L)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0] - 8 TCP 2.22.236.51:80 <-> 192.168.0.103:44151 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 23][cat: Web/5][25 pkts/37100 bytes <-> 24 pkts/1584 bytes][Goodput ratio: 96/0][0.04 sec][bytes ratio: 0.918 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1/1 7/7 2/2][Pkt Len c2s/s2c min/avg/max/stddev: 1484/66 1484/66 1484/66 0/0][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy 7.84][PLAIN TEXT (inOCIM)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0] - 9 TCP 192.168.0.103:33976 <-> 77.67.29.17:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 19][cat: Web/5][14 pkts/924 bytes <-> 20 pkts/28115 bytes][Goodput ratio: 0/95][7.36 sec][bytes ratio: -0.936 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 735/0 7321/3 2195/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 66/1406 66/1484 0/309][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy 7.80][PLAIN TEXT (dGQaNFV)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,94,0,0,0] - 10 TCP 92.122.48.138:80 <-> 192.168.0.103:41562 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 18][cat: Web/5][16 pkts/22931 bytes <-> 9 pkts/594 bytes][Goodput ratio: 95/0][0.02 sec][bytes ratio: 0.950 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1/1 5/4 1/1][Pkt Len c2s/s2c min/avg/max/stddev: 671/66 1433/66 1484/66 197/0][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy 7.70][PLAIN TEXT (DD.DOo)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,93,0,0,0] + 7 TCP 31.13.86.52:80 <-> 192.168.0.103:58216 [proto: 7/HTTP][IP: 119/Facebook][ClearText][Confidence: Match by port][DPI packets: 18][cat: Web/5][26 pkts/38064 bytes <-> 14 pkts/924 bytes][Goodput ratio: 95/0][0.02 sec][bytes ratio: 0.953 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/1 1/2 0/1][Pkt Len c2s/s2c min/avg/max/stddev: 1464/66 1464/66 1464/66 0/0][PLAIN TEXT (dnlN/L)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0] + 8 TCP 2.22.236.51:80 <-> 192.168.0.103:44151 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 23][cat: Web/5][25 pkts/37100 bytes <-> 24 pkts/1584 bytes][Goodput ratio: 96/0][0.04 sec][bytes ratio: 0.918 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1/1 7/7 2/2][Pkt Len c2s/s2c min/avg/max/stddev: 1484/66 1484/66 1484/66 0/0][PLAIN TEXT (inOCIM)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0] + 9 TCP 192.168.0.103:33976 <-> 77.67.29.17:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 19][cat: Web/5][14 pkts/924 bytes <-> 20 pkts/28115 bytes][Goodput ratio: 0/95][7.36 sec][bytes ratio: -0.936 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 735/0 7321/3 2195/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 66/1406 66/1484 0/309][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 7.832 (Encrypted or Random)][PLAIN TEXT (dGQaNFV)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,94,0,0,0] + 10 TCP 92.122.48.138:80 <-> 192.168.0.103:41562 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 18][cat: Web/5][16 pkts/22931 bytes <-> 9 pkts/594 bytes][Goodput ratio: 95/0][0.02 sec][bytes ratio: 0.950 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1/1 5/4 1/1][Pkt Len c2s/s2c min/avg/max/stddev: 671/66 1433/66 1484/66 197/0][PLAIN TEXT (DD.DOo)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,93,0,0,0] 11 TCP 192.168.0.103:60908 <-> 46.33.70.136:443 [proto: 91.211/TLS.Instagram][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 10][cat: SocialNetwork/6][10 pkts/1369 bytes <-> 9 pkts/7971 bytes][Goodput ratio: 51/92][0.19 sec][Hostname/SNI: igcdn-photos-g-a.akamaihd.net][bytes ratio: -0.707 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/23 56/88 18/31][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 137/886 375/1484 114/640][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TLSv1][JA3C: 54ae5fcb0159e2ddf6a50e149221c7c7][JA4: t10d350400_1f24bcc5f17d_a875e5012fde][ServerNames: a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net][JA3S: 34d6f0ad0a79e4cfdf145e640cc93f78][Issuer: C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1][Subject: C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net][Certificate SHA-1: EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23][Validity: 2015-06-19 16:52:07 - 2016-06-19 16:52:05][Cipher: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,0,0,0,10,10,0,0,20,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,40,0,0,0] 12 TCP 192.168.2.17:49358 <-> 31.13.86.52:443 [proto: 91.211/TLS.Instagram][IP: 119/Facebook][Encrypted][Confidence: DPI][DPI packets: 8][cat: SocialNetwork/6][7 pkts/1506 bytes <-> 10 pkts/7394 bytes][Goodput ratio: 68/91][0.20 sec][Hostname/SNI: scontent-mxp1-1.cdninstagram.com][(Advertised) ALPNs: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.3 (Fizz)][bytes ratio: -0.662 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/21 12/155 5/51][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 215/739 595/1454 209/621][TLSv1.3 (Fizz)][JA3C: 44dab16d680ef93487bc16ad23b3ffb1][JA4: t00d0309ht_55b375c5d22e_2d3f7b9fe3d5][JA3S: fcb2d4d0991292272fcb1e464eedfd43][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,10,0,0,10,10,0,0,0,0,0,0,10,0,0,10,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0] 13 TCP 192.168.2.17:49360 <-> 31.13.86.52:443 [proto: 91.211/TLS.Instagram][IP: 119/Facebook][Encrypted][Confidence: DPI][DPI packets: 8][cat: SocialNetwork/6][6 pkts/1422 bytes <-> 10 pkts/7098 bytes][Goodput ratio: 71/91][0.03 sec][Hostname/SNI: scontent-mxp1-1.cdninstagram.com][(Advertised) ALPNs: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.3 (Fizz)][bytes ratio: -0.666 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/2 14/16 6/5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 237/710 592/1454 213/633][TLSv1.3 (Fizz)][JA3C: 44dab16d680ef93487bc16ad23b3ffb1][JA4: t00d0309ht_55b375c5d22e_2d3f7b9fe3d5][JA3S: fcb2d4d0991292272fcb1e464eedfd43][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 10,0,10,0,0,0,10,0,0,0,0,0,10,0,0,0,10,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0] diff --git a/tests/cfgs/default/result/ipsec_isakmp_esp.pcap.out b/tests/cfgs/default/result/ipsec_isakmp_esp.pcap.out index cc7ed1fa95e..d30845d9540 100644 --- a/tests/cfgs/default/result/ipsec_isakmp_esp.pcap.out +++ b/tests/cfgs/default/result/ipsec_isakmp_esp.pcap.out @@ -29,7 +29,7 @@ Safe 834 451722 24 2 UDP 192.168.2.100:10500 <-> 109.237.187.227:500 [proto: 79/IPSec][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: VPN/2][54 pkts/44820 bytes <-> 53 pkts/11118 bytes][Goodput ratio: 95/80][< 1 sec][bytes ratio: 0.602 (Upload)][IAT c2s/s2c min/avg/max/stddev: 28/27 689892/698588 12245747/12245747 1998175/2019137][Pkt Len c2s/s2c min/avg/max/stddev: 818/94 830/210 842/330 12/118][PLAIN TEXT (rMpKau6)][Plen Bins: 0,25,0,0,0,0,0,0,0,24,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.2.100:14500 <-> 109.237.187.195:4500 [proto: 79/IPSec][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: VPN/2][42 pkts/30020 bytes <-> 48 pkts/21472 bytes][Goodput ratio: 94/91][15275.72 sec][bytes ratio: 0.166 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 85008/72283 1429414/1429546 288620/266457][Pkt Len c2s/s2c min/avg/max/stddev: 138/122 715/447 1374/1374 518/432][PLAIN TEXT (@yIwAf)][Plen Bins: 0,0,8,13,26,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,6,0,4,2,0,0,0,6,0,0,0,0,0,0,0,0,19,0,0,0,0,0,0] 4 UDP 192.168.2.100:14500 <-> 109.237.187.193:4500 [proto: 79/IPSec][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: VPN/2][43 pkts/32226 bytes <-> 47 pkts/14246 bytes][Goodput ratio: 94/86][18892.62 sec][bytes ratio: 0.387 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 66479/485440637135486976 1521662/18446744073664032328 281113/0][Pkt Len c2s/s2c min/avg/max/stddev: 138/122 749/303 1374/1070 516/284][PLAIN TEXT (@7Ac9 )][Plen Bins: 0,0,12,13,27,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,6,0,0,7,0,0,0,5,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0] - 5 UDP 192.168.2.100:14500 <-> 109.237.187.225:4500 [proto: 79/IPSec][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: VPN/2][34 pkts/24848 bytes <-> 41 pkts/17850 bytes][Goodput ratio: 94/90][11474.04 sec][bytes ratio: 0.164 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 55649/558992261317132288 1440343/18446744073651596977 276939/0][Pkt Len c2s/s2c min/avg/max/stddev: 138/122 731/435 1374/1374 517/426][Risk: ** Malformed Packet **][Risk Score: 10][Risk Info: No server to client traffic / Invalid IPSec/ISAKMP Header][PLAIN TEXT (17Uv 2)][Plen Bins: 0,0,9,13,26,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,6,0,4,2,0,0,0,6,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0] + 5 UDP 192.168.2.100:14500 <-> 109.237.187.225:4500 [proto: 79/IPSec][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: VPN/2][34 pkts/24848 bytes <-> 41 pkts/17850 bytes][Goodput ratio: 94/90][11474.04 sec][bytes ratio: 0.164 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 55649/558992261317132288 1440343/18446744073651596977 276939/0][Pkt Len c2s/s2c min/avg/max/stddev: 138/122 731/435 1374/1374 517/426][Risk: ** Malformed Packet **** Susp Entropy **][Risk Score: 60][Risk Info: No server to client traffic / Invalid IPSec/ISAKMP Header / Entropy: 7.746 (Encrypted or Random)][PLAIN TEXT (17Uv 2)][Plen Bins: 0,0,9,13,26,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,6,0,4,2,0,0,0,6,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0] 6 UDP 192.168.2.100:14500 <-> 109.237.187.194:4500 [proto: 79/IPSec][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: VPN/2][22 pkts/15216 bytes <-> 23 pkts/8650 bytes][Goodput ratio: 94/89][13749.36 sec][bytes ratio: 0.275 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 60292/56941 1020541/1007809 240062/230637][Pkt Len c2s/s2c min/avg/max/stddev: 138/122 692/376 1374/1374 518/361][Plen Bins: 0,0,8,13,29,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,6,0,2,6,0,0,0,4,0,0,0,0,0,0,0,0,15,0,0,0,0,0,0] 7 UDP 192.168.2.100:14500 <-> 109.237.187.131:4500 [proto: 79/IPSec][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: VPN/2][21 pkts/15042 bytes <-> 24 pkts/7632 bytes][Goodput ratio: 94/87][10912.86 sec][bytes ratio: 0.327 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 27756/24780 439840/418574 106400/93007][Pkt Len c2s/s2c min/avg/max/stddev: 138/122 716/318 1374/1070 518/302][PLAIN TEXT (90dItt)][Plen Bins: 0,0,13,13,27,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,6,0,0,6,0,0,0,6,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0] 8 UDP 192.168.2.100:14500 <-> 109.237.187.227:4500 [proto: 79/IPSec][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: VPN/2][21 pkts/15042 bytes <-> 24 pkts/7632 bytes][Goodput ratio: 94/87][< 1 sec][bytes ratio: 0.327 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 31247/27702 496263/483419 120067/107511][Pkt Len c2s/s2c min/avg/max/stddev: 138/122 716/318 1374/1070 518/302][PLAIN TEXT (@EmPAT)][Plen Bins: 0,0,13,13,27,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,6,0,0,6,0,0,0,6,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/ipv6_in_gtp.pcap.out b/tests/cfgs/default/result/ipv6_in_gtp.pcap.out index c0ae29b3678..c3062b8bc8a 100644 --- a/tests/cfgs/default/result/ipv6_in_gtp.pcap.out +++ b/tests/cfgs/default/result/ipv6_in_gtp.pcap.out @@ -33,4 +33,4 @@ Unrated 1 150 1 Undetected flows: - 1 UDP [2607:fc20:4052:39e:490a:ea4d:17fe:e09c]:49120 -> [fd00:976a:bc67:193e::7]:25658 [VLAN: 5][proto: GTP:0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/150 bytes -> 0 pkts/0 bytes][Goodput ratio: 29/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 UDP [2607:fc20:4052:39e:490a:ea4d:17fe:e09c]:49120 -> [fd00:976a:bc67:193e::7]:25658 [VLAN: 5][proto: GTP:0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/150 bytes -> 0 pkts/0 bytes][Goodput ratio: 29/0][< 1 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy: 5.369 (Executable)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/jabber.pcap.out b/tests/cfgs/default/result/jabber.pcap.out index ae6ddfb04e7..012f5d600af 100644 --- a/tests/cfgs/default/result/jabber.pcap.out +++ b/tests/cfgs/default/result/jabber.pcap.out @@ -27,7 +27,7 @@ Acceptable 358 61304 12 1 TCP 172.16.0.62:57094 <-> 172.16.1.138:5222 [proto: 67/Jabber][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][44 pkts/5701 bytes <-> 42 pkts/13807 bytes][Goodput ratio: 49/80][2.17 sec][bytes ratio: -0.416 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 36/39 611/611 109/111][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 130/329 559/1514 104/415][PLAIN TEXT (xml version)][Plen Bins: 2,4,2,24,9,13,4,6,9,0,2,2,2,0,0,4,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0] 2 TCP 172.16.0.62:57122 <-> 172.16.1.138:5222 [proto: 67/Jabber][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][44 pkts/5701 bytes <-> 42 pkts/13806 bytes][Goodput ratio: 49/80][2.16 sec][bytes ratio: -0.415 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 36/39 521/520 99/101][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 130/329 677/1514 116/415][PLAIN TEXT (xml version)][Plen Bins: 2,4,2,22,9,15,4,7,9,0,2,2,2,0,0,2,0,0,0,2,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0] - 3 TCP 172.16.0.62:57149 <-> 172.16.1.138:5222 [proto: 67/Jabber][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][21 pkts/2752 bytes <-> 17 pkts/3414 bytes][Goodput ratio: 50/67][656.22 sec][bytes ratio: -0.107 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 35858/700 600484/4996 141164/1575][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 131/201 305/529 77/137][PLAIN TEXT (presence to)][Plen Bins: 0,18,0,22,18,9,18,4,0,0,0,0,4,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 TCP 172.16.0.62:57149 <-> 172.16.1.138:5222 [proto: 67/Jabber][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][21 pkts/2752 bytes <-> 17 pkts/3414 bytes][Goodput ratio: 50/67][656.22 sec][bytes ratio: -0.107 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 35858/700 600484/4996 141164/1575][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 131/201 305/529 77/137][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: No server to client traffic / Entropy: 5.068 (Executable)][PLAIN TEXT (presence to)][Plen Bins: 0,18,0,22,18,9,18,4,0,0,0,0,4,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 4 TCP 172.16.0.62:57129 <-> 172.16.1.138:5222 [proto: 67/Jabber][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][16 pkts/2866 bytes <-> 9 pkts/2273 bytes][Goodput ratio: 63/74][423.43 sec][bytes ratio: 0.115 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/2 23604/41249 136091/136094 40743/50152][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 179/253 769/481 173/115][PLAIN TEXT (iq type)][Plen Bins: 0,0,6,18,18,6,12,18,6,0,0,0,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 5 TCP 172.16.0.62:57147 <-> 172.16.1.138:5222 [proto: 67/Jabber][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][16 pkts/1698 bytes <-> 12 pkts/1584 bytes][Goodput ratio: 38/49][0.42 sec][bytes ratio: 0.035 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/52 333/333 89/108][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 106/132 404/351 90/93][PLAIN TEXT (xml version)][Plen Bins: 30,0,0,10,10,30,0,0,10,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 6 TCP 192.168.2.100:58388 <-> 160.44.201.102:5223 [proto: 67/Jabber][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Web/5][9 pkts/809 bytes <-> 6 pkts/455 bytes][Goodput ratio: 37/26][300.65 sec][bytes ratio: 0.280 (Upload)][IAT c2s/s2c min/avg/max/stddev: 13/1 30058/52574 209840/209871 73396/90816][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 90/76 221/91 51/13][Plen Bins: 12,63,12,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/kerberos.pcap.out b/tests/cfgs/default/result/kerberos.pcap.out index 05f4a67c10d..ee1057bb367 100644 --- a/tests/cfgs/default/result/kerberos.pcap.out +++ b/tests/cfgs/default/result/kerberos.pcap.out @@ -18,7 +18,7 @@ Automa domain: 0/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) Automa common alpns: 0/0 (search/found) -Patricia risk mask: 44/0 (search/found) +Patricia risk mask: 68/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 0/0 (search/found) @@ -36,39 +36,39 @@ Unrated 9 3031 2 1 TCP 172.16.8.201:49171 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/1486 bytes <-> 1 pkts/1506 bytes][Goodput ratio: 96/96][0.00 sec][happycraft.org\johnson-pc][PLAIN TEXT (HAPPYCRAFT.ORG)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,50,0,0] 2 TCP 172.16.8.201:49160 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/1485 bytes <-> 1 pkts/1498 bytes][Goodput ratio: 96/96][< 1 sec][happycraft.org\johnson-pc][PLAIN TEXT (HAPPYCRAFT.ORG)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,50,0,0] 3 TCP 172.16.8.201:49176 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/1485 bytes <-> 1 pkts/1498 bytes][Goodput ratio: 96/96][0.00 sec][happycraft.org\johnson-pc][PLAIN TEXT (HAPPYCRAFT.ORG)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,50,0,0] - 4 TCP 172.16.8.201:49173 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Network/14][1 pkts/1118 bytes <-> 1 pkts/190 bytes][Goodput ratio: 95/71][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy 7.78][PLAIN TEXT (HAPPYCRAFT.ORG)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 5 TCP 172.16.8.201:49194 <-> 172.16.8.8:445 [proto: 41/SMBv23][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: System/18][1 pkts/410 bytes <-> 1 pkts/314 bytes][Goodput ratio: 87/83][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy 7.33][Plen Bins: 0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 6 TCP 172.16.8.201:49193 <-> 172.16.8.8:389 [proto: 112/LDAP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: System/18][1 pkts/384 bytes <-> 1 pkts/264 bytes][Goodput ratio: 86/79][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy 7.34][Plen Bins: 0,0,0,0,0,0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 7 TCP 172.16.8.201:49191 <-> 172.16.8.8:389 [proto: 112/LDAP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: System/18][1 pkts/368 bytes <-> 1 pkts/264 bytes][Goodput ratio: 85/79][< 1 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy 7.29][Plen Bins: 0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 4 TCP 172.16.8.201:49173 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Network/14][1 pkts/1118 bytes <-> 1 pkts/190 bytes][Goodput ratio: 95/71][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 7.775 (Encrypted or Random)][PLAIN TEXT (HAPPYCRAFT.ORG)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 5 TCP 172.16.8.201:49194 <-> 172.16.8.8:445 [proto: 41/SMBv23][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: System/18][1 pkts/410 bytes <-> 1 pkts/314 bytes][Goodput ratio: 87/83][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 7.333 (Encrypted or Random)][Plen Bins: 0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 6 TCP 172.16.8.201:49193 <-> 172.16.8.8:389 [proto: 112/LDAP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: System/18][1 pkts/384 bytes <-> 1 pkts/264 bytes][Goodput ratio: 86/79][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 7.338 (Encrypted or Random)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 7 TCP 172.16.8.201:49191 <-> 172.16.8.8:389 [proto: 112/LDAP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: System/18][1 pkts/368 bytes <-> 1 pkts/264 bytes][Goodput ratio: 85/79][< 1 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 7.290 (Encrypted Executable)][Plen Bins: 0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 8 TCP 172.16.8.201:49157 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/293 bytes <-> 1 pkts/332 bytes][Goodput ratio: 81/83][< 1 sec][happycraft.org\johnson-pc][PLAIN TEXT (johnson)][Plen Bins: 0,0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 9 TCP 172.16.8.201:49166 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/293 bytes <-> 1 pkts/332 bytes][Goodput ratio: 81/83][0.00 sec][happycraft.org\johnson-pc][PLAIN TEXT (johnson)][Plen Bins: 0,0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 10 TCP 172.16.8.201:49181 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/293 bytes <-> 1 pkts/332 bytes][Goodput ratio: 81/83][< 1 sec][happycraft.org\johnson-pc][PLAIN TEXT (JOHNSON)][Plen Bins: 0,0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 11 TCP 172.16.8.201:49156 <-> 172.16.8.8:445 [proto: 41/SMBv23][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: System/18][1 pkts/281 bytes <-> 1 pkts/314 bytes][Goodput ratio: 80/83][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy 7.07][Plen Bins: 0,0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 12 TCP 172.16.8.201:49174 <-> 172.16.8.8:445 [proto: 41/SMBv23][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: System/18][1 pkts/281 bytes <-> 1 pkts/314 bytes][Goodput ratio: 80/83][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy 7.14][Plen Bins: 0,0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 11 TCP 172.16.8.201:49156 <-> 172.16.8.8:445 [proto: 41/SMBv23][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: System/18][1 pkts/281 bytes <-> 1 pkts/314 bytes][Goodput ratio: 80/83][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 7.068 (Compressed Executable)][Plen Bins: 0,0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 12 TCP 172.16.8.201:49174 <-> 172.16.8.8:445 [proto: 41/SMBv23][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: System/18][1 pkts/281 bytes <-> 1 pkts/314 bytes][Goodput ratio: 80/83][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 7.145 (Compressed Executable)][Plen Bins: 0,0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 13 TCP 172.16.8.201:49188 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/369 bytes <-> 1 pkts/216 bytes][Goodput ratio: 85/75][< 1 sec][happycraft\theresa.johnson][PLAIN TEXT (theresa.johnson)][Plen Bins: 0,0,0,0,0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 14 TCP 172.16.8.201:49161 <-> 172.16.8.8:389 [proto: 112/LDAP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: System/18][1 pkts/320 bytes <-> 1 pkts/264 bytes][Goodput ratio: 83/79][< 1 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy 7.21][Plen Bins: 0,0,0,0,0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 15 TCP 172.16.8.201:49179 <-> 172.16.8.8:389 [proto: 112/LDAP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: System/18][1 pkts/320 bytes <-> 1 pkts/264 bytes][Goodput ratio: 83/79][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy 7.16][Plen Bins: 0,0,0,0,0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 16 TCP 172.16.8.201:49180 <-> 172.16.8.8:389 [proto: 112/LDAP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: System/18][1 pkts/320 bytes <-> 1 pkts/264 bytes][Goodput ratio: 83/79][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy 7.27][Plen Bins: 0,0,0,0,0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 14 TCP 172.16.8.201:49161 <-> 172.16.8.8:389 [proto: 112/LDAP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: System/18][1 pkts/320 bytes <-> 1 pkts/264 bytes][Goodput ratio: 83/79][< 1 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 7.210 (Encrypted Executable)][Plen Bins: 0,0,0,0,0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 15 TCP 172.16.8.201:49179 <-> 172.16.8.8:389 [proto: 112/LDAP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: System/18][1 pkts/320 bytes <-> 1 pkts/264 bytes][Goodput ratio: 83/79][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 7.156 (Compressed Executable)][Plen Bins: 0,0,0,0,0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 16 TCP 172.16.8.201:49180 <-> 172.16.8.8:389 [proto: 112/LDAP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: System/18][1 pkts/320 bytes <-> 1 pkts/264 bytes][Goodput ratio: 83/79][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 7.273 (Encrypted Executable)][Plen Bins: 0,0,0,0,0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 17 TCP 172.16.8.201:49187 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/289 bytes <-> 1 pkts/294 bytes][Goodput ratio: 81/81][0.00 sec][happycraft\theresa.johnson][PLAIN TEXT (theresa.johnson)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 18 TCP 172.16.8.201:49169 <-> 172.16.8.8:389 [proto: 112/LDAP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: System/18][1 pkts/296 bytes <-> 1 pkts/264 bytes][Goodput ratio: 81/79][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy 7.18][PLAIN TEXT (PSTUsM)][Plen Bins: 0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 19 TCP 172.16.8.201:49172 <-> 172.16.8.8:389 [proto: 112/LDAP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: System/18][1 pkts/296 bytes <-> 1 pkts/264 bytes][Goodput ratio: 81/79][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy 7.17][Plen Bins: 0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 18 TCP 172.16.8.201:49169 <-> 172.16.8.8:389 [proto: 112/LDAP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: System/18][1 pkts/296 bytes <-> 1 pkts/264 bytes][Goodput ratio: 81/79][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 7.177 (Encrypted Executable)][PLAIN TEXT (PSTUsM)][Plen Bins: 0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 19 TCP 172.16.8.201:49172 <-> 172.16.8.8:389 [proto: 112/LDAP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: System/18][1 pkts/296 bytes <-> 1 pkts/264 bytes][Goodput ratio: 81/79][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 7.175 (Encrypted Executable)][Plen Bins: 0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 20 TCP 172.16.8.201:49158 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/373 bytes <-> 1 pkts/166 bytes][Goodput ratio: 85/67][0.00 sec][happycraft.org\johnson-pc][PLAIN TEXT (johnson)][Plen Bins: 0,0,0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 21 TCP 172.16.8.201:49167 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/373 bytes <-> 1 pkts/166 bytes][Goodput ratio: 85/67][< 1 sec][happycraft.org\johnson-pc][PLAIN TEXT (johnson)][Plen Bins: 0,0,0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 22 TCP 172.16.8.201:49182 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/373 bytes <-> 1 pkts/166 bytes][Goodput ratio: 85/67][< 1 sec][happycraft.org\johnson-pc][PLAIN TEXT (JOHNSON)][Plen Bins: 0,0,0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 23 TCP 172.16.8.201:49190 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Network/14][1 pkts/271 bytes <-> 1 pkts/244 bytes][Goodput ratio: 80/78][0.00 sec][PLAIN TEXT (happycraft.org)][Plen Bins: 0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 24 TCP 172.16.8.201:49192 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Network/14][1 pkts/255 bytes <-> 1 pkts/233 bytes][Goodput ratio: 79/76][0.00 sec][PLAIN TEXT (20370913024805Z)][Plen Bins: 0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 25 TCP 172.16.8.201:49195 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Network/14][1 pkts/255 bytes <-> 1 pkts/233 bytes][Goodput ratio: 79/76][0.00 sec][PLAIN TEXT (20370913024805Z)][Plen Bins: 0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 26 TCP 172.16.8.201:49162 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Network/14][1 pkts/207 bytes <-> 1 pkts/180 bytes][Goodput ratio: 74/70][0.00 sec][Plen Bins: 0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 27 TCP 172.16.8.201:49168 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Network/14][1 pkts/207 bytes <-> 1 pkts/180 bytes][Goodput ratio: 74/70][< 1 sec][Plen Bins: 0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 28 TCP 172.16.8.201:49159 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Network/14][1 pkts/191 bytes <-> 1 pkts/169 bytes][Goodput ratio: 71/68][< 1 sec][Plen Bins: 0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 29 TCP 172.16.8.201:49175 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Network/14][1 pkts/191 bytes <-> 1 pkts/169 bytes][Goodput ratio: 71/68][0.00 sec][Plen Bins: 0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 30 TCP 172.16.8.201:49186 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Network/14][1 pkts/191 bytes <-> 1 pkts/169 bytes][Goodput ratio: 71/68][0.00 sec][Plen Bins: 0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 31 TCP 172.16.8.201:49170 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Network/14][1 pkts/167 bytes <-> 1 pkts/122 bytes][Goodput ratio: 67/55][0.00 sec][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 32 TCP 172.16.8.201:49183 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Network/14][1 pkts/134 bytes <-> 1 pkts/94 bytes][Goodput ratio: 59/42][0.00 sec][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 33 TCP 172.16.8.201:49189 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Network/14][1 pkts/95 bytes <-> 1 pkts/120 bytes][Goodput ratio: 43/55][< 1 sec][PLAIN TEXT (370913024805Z)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 34 TCP 172.16.8.201:49196 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Network/14][1 pkts/89 bytes <-> 1 pkts/102 bytes][Goodput ratio: 39/47][< 1 sec][PLAIN TEXT (20370913024805Z)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 23 TCP 172.16.8.201:49190 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Network/14][1 pkts/271 bytes <-> 1 pkts/244 bytes][Goodput ratio: 80/78][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 6.826 (Compressed Executable)][PLAIN TEXT (happycraft.org)][Plen Bins: 0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 24 TCP 172.16.8.201:49192 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Network/14][1 pkts/255 bytes <-> 1 pkts/233 bytes][Goodput ratio: 79/76][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 6.715 (Compressed Executable)][PLAIN TEXT (20370913024805Z)][Plen Bins: 0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 25 TCP 172.16.8.201:49195 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Network/14][1 pkts/255 bytes <-> 1 pkts/233 bytes][Goodput ratio: 79/76][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 6.700 (Compressed Executable)][PLAIN TEXT (20370913024805Z)][Plen Bins: 0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 26 TCP 172.16.8.201:49162 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Network/14][1 pkts/207 bytes <-> 1 pkts/180 bytes][Goodput ratio: 74/70][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 6.691 (Compressed Executable)][Plen Bins: 0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 27 TCP 172.16.8.201:49168 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Network/14][1 pkts/207 bytes <-> 1 pkts/180 bytes][Goodput ratio: 74/70][< 1 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 6.757 (Compressed Executable)][Plen Bins: 0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 28 TCP 172.16.8.201:49159 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Network/14][1 pkts/191 bytes <-> 1 pkts/169 bytes][Goodput ratio: 71/68][< 1 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 6.553 (Executable)][Plen Bins: 0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 29 TCP 172.16.8.201:49175 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Network/14][1 pkts/191 bytes <-> 1 pkts/169 bytes][Goodput ratio: 71/68][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 6.578 (Executable)][Plen Bins: 0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 30 TCP 172.16.8.201:49186 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Network/14][1 pkts/191 bytes <-> 1 pkts/169 bytes][Goodput ratio: 71/68][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 6.623 (Executable)][Plen Bins: 0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 31 TCP 172.16.8.201:49170 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Network/14][1 pkts/167 bytes <-> 1 pkts/122 bytes][Goodput ratio: 67/55][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 6.464 (Executable)][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 32 TCP 172.16.8.201:49183 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Network/14][1 pkts/134 bytes <-> 1 pkts/94 bytes][Goodput ratio: 59/42][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 6.172 (Executable)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 33 TCP 172.16.8.201:49189 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Network/14][1 pkts/95 bytes <-> 1 pkts/120 bytes][Goodput ratio: 43/55][< 1 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.863 (Executable)][PLAIN TEXT (370913024805Z)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 34 TCP 172.16.8.201:49196 <-> 172.16.8.8:88 [proto: 111/Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Network/14][1 pkts/89 bytes <-> 1 pkts/102 bytes][Goodput ratio: 39/47][< 1 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.361 (Executable)][PLAIN TEXT (20370913024805Z)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] Undetected flows: - 1 TCP 172.16.8.201:49165 <-> 172.16.8.8:49155 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 6][4 pkts/1382 bytes <-> 2 pkts/624 bytes][Goodput ratio: 84/83][21.49 sec][bytes ratio: 0.378 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/21492 7164/21492 21491/21492 10131/0][Pkt Len c2s/s2c min/avg/max/stddev: 274/286 346/312 429/338 72/26][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy 7.41][Plen Bins: 0,0,0,0,0,0,33,16,16,0,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 2 TCP 172.16.8.201:49185 <-> 172.16.8.8:49155 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 3][2 pkts/687 bytes <-> 1 pkts/338 bytes][Goodput ratio: 84/84][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy 7.44][Plen Bins: 0,0,0,0,0,0,33,0,33,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 TCP 172.16.8.201:49165 <-> 172.16.8.8:49155 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 6][4 pkts/1382 bytes <-> 2 pkts/624 bytes][Goodput ratio: 84/83][21.49 sec][bytes ratio: 0.378 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/21492 7164/21492 21491/21492 10131/0][Pkt Len c2s/s2c min/avg/max/stddev: 274/286 346/312 429/338 72/26][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 7.413 (Encrypted or Random)][Plen Bins: 0,0,0,0,0,0,33,16,16,0,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 TCP 172.16.8.201:49185 <-> 172.16.8.8:49155 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 3][2 pkts/687 bytes <-> 1 pkts/338 bytes][Goodput ratio: 84/84][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 7.441 (Encrypted or Random)][Plen Bins: 0,0,0,0,0,0,33,0,33,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/kontiki.pcap.out b/tests/cfgs/default/result/kontiki.pcap.out index b5eb06f5868..af77aab40bd 100644 --- a/tests/cfgs/default/result/kontiki.pcap.out +++ b/tests/cfgs/default/result/kontiki.pcap.out @@ -40,5 +40,5 @@ Unrated 4 1696 2 Undetected flows: - 1 UDP 10.25.32.59:19948 -> 255.255.255.255:19948 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/1033 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][PLAIN TEXT (xml version)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 2 UDP 10.25.32.59:19948 <-> 64.200.148.82:1948 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 3][2 pkts/411 bytes <-> 1 pkts/252 bytes][Goodput ratio: 79/83][0.01 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy 7.32][Plen Bins: 33,0,0,0,0,0,33,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 UDP 10.25.32.59:19948 -> 255.255.255.255:19948 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/1033 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.762 (Executable)][PLAIN TEXT (xml version)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 UDP 10.25.32.59:19948 <-> 64.200.148.82:1948 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 3][2 pkts/411 bytes <-> 1 pkts/252 bytes][Goodput ratio: 79/83][0.01 sec][Plen Bins: 33,0,0,0,0,0,33,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/linecall_falsepositve.pcap.out b/tests/cfgs/default/result/linecall_falsepositve.pcap.out index 58ae5a438bd..7f003ac81f1 100644 --- a/tests/cfgs/default/result/linecall_falsepositve.pcap.out +++ b/tests/cfgs/default/result/linecall_falsepositve.pcap.out @@ -28,4 +28,4 @@ Unrated 42 16442 1 Undetected flows: - 1 UDP 10.13.129.30:56295 <-> 10.10.214.6:5093 [VLAN: 265][proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 12][21 pkts/5987 bytes <-> 21 pkts/10455 bytes][Goodput ratio: 82/90][150.38 sec][bytes ratio: -0.272 (Download)][IAT c2s/s2c min/avg/max/stddev: 14/13 7519/7518 120047/120047 29055/29055][Pkt Len c2s/s2c min/avg/max/stddev: 191/298 285/498 473/732 130/147][PLAIN TEXT (L@AERgX)][Plen Bins: 0,0,0,0,33,0,0,16,0,0,0,0,0,16,0,0,28,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 UDP 10.13.129.30:56295 <-> 10.10.214.6:5093 [VLAN: 265][proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 12][21 pkts/5987 bytes <-> 21 pkts/10455 bytes][Goodput ratio: 82/90][150.38 sec][bytes ratio: -0.272 (Download)][IAT c2s/s2c min/avg/max/stddev: 14/13 7519/7518 120047/120047 29055/29055][Pkt Len c2s/s2c min/avg/max/stddev: 191/298 285/498 473/732 130/147][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.639 (Executable)][PLAIN TEXT (L@AERgX)][Plen Bins: 0,0,0,0,33,0,0,16,0,0,0,0,0,16,0,0,28,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/log4j-webapp-exploit.pcap.out b/tests/cfgs/default/result/log4j-webapp-exploit.pcap.out index d32cec76557..db47f1ae173 100644 --- a/tests/cfgs/default/result/log4j-webapp-exploit.pcap.out +++ b/tests/cfgs/default/result/log4j-webapp-exploit.pcap.out @@ -29,8 +29,8 @@ LDAP 32 2796 2 Acceptable 66 9537 5 Unrated 356 25081 2 - 1 TCP 172.16.238.10:48534 <-> 172.16.238.11:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Download/7][7 pkts/692 bytes <-> 6 pkts/1964 bytes][Goodput ratio: 30/79][0.00 sec][Hostname/SNI: 172.16.238.11][bytes ratio: -0.479 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 1/1 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 99/327 276/1420 72/494][URL: 172.16.238.11/Exploit.class][StatusCode: 200][Content-Type: application/java-vm][Server: SimpleHTTP/0.6 Python/3.4.2][User-Agent: Java/1.8.0_51][Risk: ** Binary App Transfer **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Possible Exploit Attempt **][Risk Score: 310][Risk Info: Found host 172.16.238.11 / Found mime exe java-vm / Suspicious Log4J][PLAIN TEXT (GET /Exploit.class HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0] - 2 TCP 172.16.238.10:48444 <-> 172.16.238.11:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Download/7][6 pkts/624 bytes <-> 6 pkts/1964 bytes][Goodput ratio: 33/79][0.01 sec][Hostname/SNI: 172.16.238.11][bytes ratio: -0.518 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1/2 3/3 1/1][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 104/327 276/1420 77/494][URL: 172.16.238.11/Exploit.class][StatusCode: 200][Content-Type: application/java-vm][Server: SimpleHTTP/0.6 Python/3.4.2][User-Agent: Java/1.8.0_51][Risk: ** Binary App Transfer **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Possible Exploit Attempt **][Risk Score: 310][Risk Info: Found host 172.16.238.11 / Found mime exe java-vm / Suspicious Log4J][PLAIN TEXT (GGET /Exploit.class HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0] + 1 TCP 172.16.238.10:48534 <-> 172.16.238.11:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Download/7][7 pkts/692 bytes <-> 6 pkts/1964 bytes][Goodput ratio: 30/79][0.00 sec][Hostname/SNI: 172.16.238.11][bytes ratio: -0.479 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 1/1 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 99/327 276/1420 72/494][URL: 172.16.238.11/Exploit.class][StatusCode: 200][Content-Type: application/java-vm][Server: SimpleHTTP/0.6 Python/3.4.2][User-Agent: Java/1.8.0_51][Risk: ** Binary App Transfer **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Possible Exploit Attempt **][Risk Score: 360][Risk Info: Found host 172.16.238.11 / Entropy: 5.189 (Executable) / Found mime exe java-vm / Suspicious Log4J][PLAIN TEXT (GET /Exploit.class HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0] + 2 TCP 172.16.238.10:48444 <-> 172.16.238.11:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Download/7][6 pkts/624 bytes <-> 6 pkts/1964 bytes][Goodput ratio: 33/79][0.01 sec][Hostname/SNI: 172.16.238.11][bytes ratio: -0.518 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1/2 3/3 1/1][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 104/327 276/1420 77/494][URL: 172.16.238.11/Exploit.class][StatusCode: 200][Content-Type: application/java-vm][Server: SimpleHTTP/0.6 Python/3.4.2][User-Agent: Java/1.8.0_51][Risk: ** Binary App Transfer **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Possible Exploit Attempt **][Risk Score: 360][Risk Info: Found host 172.16.238.11 / Entropy: 5.189 (Executable) / Found mime exe java-vm / Suspicious Log4J][PLAIN TEXT (GGET /Exploit.class HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0] 3 TCP 172.16.238.1:1984 <-> 172.16.238.10:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 8][cat: Web/5][5 pkts/994 bytes <-> 4 pkts/503 bytes][Goodput ratio: 65/44][19.29 sec][Hostname/SNI: 192.168.13.31][bytes ratio: 0.328 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/7 4822/6428 10256/10256 4838/4568][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 199/126 714/291 258/95][URL: 192.168.13.31:8080/log4shell/login][StatusCode: 200][Req Content-Type: application/x-www-form-urlencoded][Content-Type: text/html][User-Agent: jndi:ldap://172.16.238.11:1389/a][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp Header **** Possible Exploit Attempt **][Risk Score: 310][Risk Info: Found host 192.168.13.31 / Suspicious Log4J / Expected 172.16.238.10, found 192.168.13.31 / Expected on port 80][PLAIN TEXT (POST /log)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 4 TCP 172.16.238.10:57650 <-> 172.16.238.11:1389 [proto: 112/LDAP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: System/18][9 pkts/739 bytes <-> 8 pkts/727 bytes][Goodput ratio: 16/24][17.91 sec][bytes ratio: 0.008 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/5 2545/3580 17700/17700 6187/7060][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 82/91 137/215 22/47][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (objectClass)][Plen Bins: 51,16,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 5 TCP 172.16.238.10:57742 <-> 172.16.238.11:1389 [proto: 112/LDAP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: System/18][9 pkts/739 bytes <-> 6 pkts/591 bytes][Goodput ratio: 16/30][0.02 sec][bytes ratio: 0.111 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/1 11/2 4/1][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 82/98 137/215 22/52][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (objectClass)][Plen Bins: 51,16,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/lol_wild_rift_udp.pcap.out b/tests/cfgs/default/result/lol_wild_rift_udp.pcap.out index b0baff4119e..7f90317c293 100644 --- a/tests/cfgs/default/result/lol_wild_rift_udp.pcap.out +++ b/tests/cfgs/default/result/lol_wild_rift_udp.pcap.out @@ -14,7 +14,7 @@ Automa domain: 0/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) Automa common alpns: 0/0 (search/found) -Patricia risk mask: 4/0 (search/found) +Patricia risk mask: 10/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 0/0 (search/found) diff --git a/tests/cfgs/default/result/malware.pcap.out b/tests/cfgs/default/result/malware.pcap.out index 582ce424298..8f5b3b18d45 100644 --- a/tests/cfgs/default/result/malware.pcap.out +++ b/tests/cfgs/default/result/malware.pcap.out @@ -44,5 +44,5 @@ JA3 Host Stats: 2 TCP 192.168.7.7:35236 <-> 67.215.92.210:443 [proto: 91/TLS][IP: 225/OpenDNS][Encrypted][Confidence: DPI][DPI packets: 10][cat: Malware/100][11 pkts/1280 bytes <-> 9 pkts/5860 bytes][Goodput ratio: 53/91][0.64 sec][Hostname/SNI: www.internetbadguys.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.641 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 71/75 240/249 99/103][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 116/651 571/1514 148/644][Risk: ** TLS Cert Mismatch **][Risk Score: 100][Risk Info: www.internetbadguys.com vs api.opendns.com,branded-login.opendns.com,cachecheck.opendns.com,community.opendns.com,dashboard2.o][TLSv1.2][JA3C: b20b44b18b853ef29ab773e921b03422][JA4: t13d1814h2_29a2cd9e9f10_d267a5f792d4][ServerNames: api.opendns.com,branded-login.opendns.com,cachecheck.opendns.com,community.opendns.com,dashboard2.opendns.com,dashboard.opendns.com,dashboard-ipv4.opendns.com,msp-login.opendns.com,api-ipv4.opendns.com,api-ipv6.opendns.com,authz.api.opendns.com,domain.opendns.com,help.vpn.opendns.com,ideabank.opendns.com,login.opendns.com,netgear.opendns.com,reseller-login.opendns.com,images.opendns.com,images-using.opendns.com,store.opendns.com,signup.opendns.com,twilio.opendns.com,updates.opendns.com,shared.opendns.com,tools.opendns.com,cache.opendns.com,api.umbrella.com,branded-login.umbrella.com,cachecheck.umbrella.com,community.umbrella.com,dashboard2.umbrella.com,dashboard.umbrella.com,dashboard-ipv4.umbrella.com,msp-login.umbrella.com,api-ipv4.umbrella.com,api-ipv6.umbrella.com,authz.api.umbrella.com,domain.umbrella.com,help.vpn.umbrella.com,ideabank.umbrella.com,login.umbrella.com,netgear.umbrella.com,reseller-login.umbrella.com,images.umbrella.com,images-using.umbrella.com,store.umbrella.com,signup.umbrella.com,twilio.umbrella.com,updates.umbrella.com,shared.umbrella.com,tools.umbrella.com,cache.umbrella.com][JA3S: 0c0aff9ccea5e7e1de5c3a0069d103f3][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=OpenDNS, Inc., CN=api.opendns.com][Certificate SHA-1: 21:B4:CF:84:13:3A:21:A4:B0:02:63:76:39:84:EA:ED:27:EE:51:7C][Firefox][Validity: 2018-04-26 00:00:00 - 2020-07-29 00:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,0,0,12,0,0,0,0,12,0,0,0,0,0,0,0,12,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,38,0,0] 3 TCP 192.168.7.7:48394 <-> 67.215.92.210:80 [proto: 7/HTTP][IP: 225/OpenDNS][ClearText][Confidence: DPI][DPI packets: 2][cat: Malware/100][1 pkts/383 bytes <-> 1 pkts/98 bytes][Goodput ratio: 86/44][0.21 sec][Hostname/SNI: www.internetbadguys.com][URL: www.internetbadguys.com/][User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 4 UDP 192.168.7.7:42370 <-> 1.1.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/106 bytes <-> 1 pkts/110 bytes][Goodput ratio: 60/61][0.02 sec][Hostname/SNI: www.internetbadguys.com][67.215.92.210][PLAIN TEXT (internetbadguys)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 5 ICMP 192.168.7.7:0 -> 144.139.247.220:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Malware/100][1 pkts/98 bytes -> 0 pkts/0 bytes][Goodput ratio: 57/0][< 1 sec][Risk: ** Unidirectional Traffic **** Client contacted a malware host **][Risk Score: 160][Risk Info: No server to client traffic / Client contacted malware host][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 5 ICMP 192.168.7.7:0 -> 144.139.247.220:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Malware/100][1 pkts/98 bytes -> 0 pkts/0 bytes][Goodput ratio: 57/0][< 1 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **** Client contacted a malware host **][Risk Score: 210][Risk Info: No server to client traffic / Entropy: 5.298 (Executable) / Client contacted malware host][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 6 TCP 192.168.7.7:33706 -> 144.139.247.220:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Malware/100][1 pkts/66 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **** Client contacted a malware host **][Risk Score: 160][Risk Info: No server to client traffic / Client contacted malware host][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/mullvad_wireguard.pcap.out b/tests/cfgs/default/result/mullvad_wireguard.pcap.out index fc0bfd7b9c5..3f0324194cf 100644 --- a/tests/cfgs/default/result/mullvad_wireguard.pcap.out +++ b/tests/cfgs/default/result/mullvad_wireguard.pcap.out @@ -14,7 +14,7 @@ Automa domain: 0/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) Automa common alpns: 0/0 (search/found) -Patricia risk mask: 0/0 (search/found) +Patricia risk mask: 2/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 0/0 (search/found) diff --git a/tests/cfgs/default/result/nest_log_sink.pcap.out b/tests/cfgs/default/result/nest_log_sink.pcap.out index cebcf035a08..cbe8e88b73d 100644 --- a/tests/cfgs/default/result/nest_log_sink.pcap.out +++ b/tests/cfgs/default/result/nest_log_sink.pcap.out @@ -18,7 +18,7 @@ Automa domain: 2/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 1/0 (search/found) Automa common alpns: 0/0 (search/found) -Patricia risk mask: 24/0 (search/found) +Patricia risk mask: 2/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 0/0 (search/found) diff --git a/tests/cfgs/default/result/netflix.pcap.out b/tests/cfgs/default/result/netflix.pcap.out index b5a0042f4ae..716152466ab 100644 --- a/tests/cfgs/default/result/netflix.pcap.out +++ b/tests/cfgs/default/result/netflix.pcap.out @@ -42,29 +42,29 @@ JA3 Host Stats: 1 192.168.1.7 4 - 1 TCP 192.168.1.7:53171 <-> 23.246.3.140:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][21 pkts/1868 bytes <-> 34 pkts/45139 bytes][Goodput ratio: 19/95][2.09 sec][Hostname/SNI: 23.246.3.140][bytes ratio: -0.921 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/2 70/47 708/633 171/121][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 89/1328 420/1514 75/457][URL: 23.246.3.140/range/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-8u4vlcPuFqcOLnLyb9DDtK-bB4&random=357509657][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Binary file/data transfer (attempt) **][Risk Score: 60][Risk Info: Found host 23.246.3.140 / Found binary mime octet-stream][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,90,0,0] + 1 TCP 192.168.1.7:53171 <-> 23.246.3.140:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][21 pkts/1868 bytes <-> 34 pkts/45139 bytes][Goodput ratio: 19/95][2.09 sec][Hostname/SNI: 23.246.3.140][bytes ratio: -0.921 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/2 70/47 708/633 171/121][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 89/1328 420/1514 75/457][URL: 23.246.3.140/range/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-8u4vlcPuFqcOLnLyb9DDtK-bB4&random=357509657][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Binary file/data transfer (attempt) **][Risk Score: 110][Risk Info: Found host 23.246.3.140 / Entropy: 6.015 (Executable) / Found binary mime octet-stream][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,90,0,0] 2 TCP 192.168.1.7:53148 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Video/26][31 pkts/2893 bytes <-> 32 pkts/44112 bytes][Goodput ratio: 17/95][42.46 sec][Hostname/SNI: art-2.nflximg.net][bytes ratio: -0.877 (Download)][IAT c2s/s2c min/avg/max/stddev: 11/0 425/43 3643/161 850/35][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 93/1378 312/1514 59/421][URL: art-2.nflximg.net/af7a5/362643424e775d0393ddb46e145c2375367af7a5.webp][StatusCode: 200][Content-Type: image/webp][Server: AmazonS3][User-Agent: Argo/9.1.0 (iPhone; iOS 10.2; Scale/2.00)][PLAIN TEXT (GET /af)][Plen Bins: 0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,93,0,0] - 3 TCP 192.168.1.7:53163 <-> 23.246.11.145:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][21 pkts/1826 bytes <-> 32 pkts/43179 bytes][Goodput ratio: 19/95][1.58 sec][Hostname/SNI: 23.246.11.145][bytes ratio: -0.919 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/4 53/52 354/582 87/111][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 87/1349 422/1514 75/443][URL: 23.246.11.145/range/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=5xfYVtna3GdYXL71uNs6DZ-X84Y&random=39307082][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Binary file/data transfer (attempt) **][Risk Score: 60][Risk Info: Found host 23.246.11.145 / Found binary mime octet-stream][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,93,0,0] + 3 TCP 192.168.1.7:53163 <-> 23.246.11.145:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][21 pkts/1826 bytes <-> 32 pkts/43179 bytes][Goodput ratio: 19/95][1.58 sec][Hostname/SNI: 23.246.11.145][bytes ratio: -0.919 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/4 53/52 354/582 87/111][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 87/1349 422/1514 75/443][URL: 23.246.11.145/range/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=5xfYVtna3GdYXL71uNs6DZ-X84Y&random=39307082][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Binary file/data transfer (attempt) **][Risk Score: 110][Risk Info: Found host 23.246.11.145 / Entropy: 6.018 (Executable) / Found binary mime octet-stream][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,93,0,0] 4 TCP 192.168.1.7:53133 <-> 52.89.39.139:443 [proto: 91.133/TLS.NetFlix][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 7][cat: Video/26][30 pkts/6328 bytes <-> 39 pkts/37610 bytes][Goodput ratio: 69/93][38.50 sec][Hostname/SNI: api-global.netflix.com][bytes ratio: -0.712 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1640/1232 30390/30443 6288/5475][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 211/964 1514/1514 376/637][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: 7e72698146290dd68239f788a452e7d8][JA4: t12d190700_b5dc49c6fcca_3304d8368043][ServerNames: api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com][Certificate SHA-1: FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C][Firefox][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 5,5,5,0,2,2,5,0,0,0,0,0,0,0,2,2,0,0,0,2,0,2,0,0,0,0,0,0,0,2,5,0,0,0,0,0,0,0,0,0,0,0,2,0,0,57,0,0] 5 TCP 192.168.1.7:53252 <-> 184.25.204.10:80 [proto: 7.133/HTTP.NetFlix][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Video/26][12 pkts/1221 bytes <-> 29 pkts/41018 bytes][Goodput ratio: 20/95][1.39 sec][Hostname/SNI: art-1.nflximg.net][bytes ratio: -0.942 (Download)][IAT c2s/s2c min/avg/max/stddev: 11/0 28/35 45/81 10/18][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 102/1414 311/1514 64/366][URL: art-1.nflximg.net/8b1fa/eaa1b78cd72ca4dbdcab527691d2fcab37c8b1fa.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: AmazonS3][User-Agent: Argo/9.1.0 (iPhone; iOS 10.2; Scale/2.00)][PLAIN TEXT (GET /8b)][Plen Bins: 0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,96,0,0] - 6 TCP 192.168.1.7:53179 <-> 23.246.11.141:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][31 pkts/2596 bytes <-> 29 pkts/37544 bytes][Goodput ratio: 14/95][7.33 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.871 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 267/77 1392/465 372/115][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 84/1295 424/1514 63/489][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJJiXLBugGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpPflHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JqTg0NiANIn4-aRwn3uKtWdoQ7M&random=114897][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Binary file/data transfer (attempt) **][Risk Score: 60][Risk Info: Found host 23.246.11.141 / Found binary mime octet-stream][PLAIN TEXT (czGET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,89,0,0] + 6 TCP 192.168.1.7:53179 <-> 23.246.11.141:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][31 pkts/2596 bytes <-> 29 pkts/37544 bytes][Goodput ratio: 14/95][7.33 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.871 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 267/77 1392/465 372/115][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 84/1295 424/1514 63/489][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJJiXLBugGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpPflHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JqTg0NiANIn4-aRwn3uKtWdoQ7M&random=114897][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Binary file/data transfer (attempt) **][Risk Score: 110][Risk Info: Found host 23.246.11.141 / Entropy: 6.012 (Executable) / Found binary mime octet-stream][PLAIN TEXT (czGET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,89,0,0] 7 TCP 192.168.1.7:53251 <-> 184.25.204.10:80 [proto: 7.133/HTTP.NetFlix][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Video/26][16 pkts/1558 bytes <-> 25 pkts/33413 bytes][Goodput ratio: 31/95][2.07 sec][Hostname/SNI: art-1.nflximg.net][bytes ratio: -0.911 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 166/94 1389/1416 394/300][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 97/1337 311/1514 81/428][URL: art-1.nflximg.net/4e36d/6289889020d6cc6dfb3038c35564a41e1ca4e36d.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: AmazonS3][User-Agent: Argo/9.1.0 (iPhone; iOS 10.2; Scale/2.00)][PLAIN TEXT (GET /4e)][Plen Bins: 0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,84,0,0] 8 TCP 192.168.1.7:53151 <-> 54.201.191.132:80 [proto: 7.133/HTTP.NetFlix][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 10][cat: Video/26][15 pkts/3626 bytes <-> 26 pkts/29544 bytes][Goodput ratio: 72/94][31.31 sec][Hostname/SNI: appboot.netflix.com][bytes ratio: -0.781 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3092/21 30728/135 9212/28][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 242/1136 1514/1514 405/584][URL: appboot.netflix.com/appboot/NFAPPL-02-][StatusCode: 200][Req Content-Type: application/x-www-form-urlencoded][Content-Type: application/x-msl+json][Server: appboot-:7001 i-0b273b4c40f4e78a3][User-Agent: Argo/900 CFNetwork/808.2.16 Darwin/16.3.0][PLAIN TEXT (POST /appboot/NFAPPL)][Plen Bins: 0,0,0,0,0,0,0,0,0,4,4,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,4,0,0,0,4,0,0,0,0,0,0,0,4,0,0,0,0,0,0,75,0,0] - 9 TCP 192.168.1.7:53182 <-> 23.246.11.141:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][33 pkts/2732 bytes <-> 25 pkts/30064 bytes][Goodput ratio: 13/94][7.16 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.833 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 254/199 1162/1131 295/282][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 83/1203 424/1514 61/564][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJZ2VKhqgGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzTho_flHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=LQ7LyXSnZaXKEHAHaRRHk-S7dKE&random=420981][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Binary file/data transfer (attempt) **][Risk Score: 60][Risk Info: Found host 23.246.11.141 / Found binary mime octet-stream][PLAIN TEXT (GET /range/0)][Plen Bins: 4,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,83,0,0] - 10 TCP 192.168.1.7:53173 <-> 23.246.11.133:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][24 pkts/2041 bytes <-> 25 pkts/30064 bytes][Goodput ratio: 17/94][5.93 sec][Hostname/SNI: 23.246.11.133][bytes ratio: -0.873 (Download)][IAT c2s/s2c min/avg/max/stddev: 4/4 245/165 985/775 248/180][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 85/1203 423/1514 71/564][URL: 23.246.11.133/range/0-65535?o=AQEfKq2oMrLRiWL1ouVaJZ2bLBChGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_ngHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=SixKQmLLJNvShj-pfML-2h4QaqQ&random=727666][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Binary file/data transfer (attempt) **][Risk Score: 60][Risk Info: Found host 23.246.11.133 / Found binary mime octet-stream][PLAIN TEXT (GET /range/0)][Plen Bins: 4,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,83,0,0] - 11 TCP 192.168.1.7:53175 <-> 23.246.11.141:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][31 pkts/2571 bytes <-> 22 pkts/28042 bytes][Goodput ratio: 14/95][7.15 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.832 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/4 265/326 1355/1382 337/387][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 83/1275 423/1514 62/517][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJJ2TLhuiGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpP7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=Dh278u2UpApOCGUj5RxV8azNWX8&random=323765][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Binary file/data transfer (attempt) **][Risk Score: 60][Risk Info: Found host 23.246.11.141 / Found binary mime octet-stream][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,90,0,0] + 9 TCP 192.168.1.7:53182 <-> 23.246.11.141:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][33 pkts/2732 bytes <-> 25 pkts/30064 bytes][Goodput ratio: 13/94][7.16 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.833 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 254/199 1162/1131 295/282][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 83/1203 424/1514 61/564][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJZ2VKhqgGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzTho_flHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=LQ7LyXSnZaXKEHAHaRRHk-S7dKE&random=420981][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Binary file/data transfer (attempt) **][Risk Score: 110][Risk Info: Found host 23.246.11.141 / Entropy: 6.034 (Executable) / Found binary mime octet-stream][PLAIN TEXT (GET /range/0)][Plen Bins: 4,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,83,0,0] + 10 TCP 192.168.1.7:53173 <-> 23.246.11.133:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][24 pkts/2041 bytes <-> 25 pkts/30064 bytes][Goodput ratio: 17/94][5.93 sec][Hostname/SNI: 23.246.11.133][bytes ratio: -0.873 (Download)][IAT c2s/s2c min/avg/max/stddev: 4/4 245/165 985/775 248/180][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 85/1203 423/1514 71/564][URL: 23.246.11.133/range/0-65535?o=AQEfKq2oMrLRiWL1ouVaJZ2bLBChGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_ngHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=SixKQmLLJNvShj-pfML-2h4QaqQ&random=727666][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Binary file/data transfer (attempt) **][Risk Score: 110][Risk Info: Found host 23.246.11.133 / Entropy: 6.023 (Executable) / Found binary mime octet-stream][PLAIN TEXT (GET /range/0)][Plen Bins: 4,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,83,0,0] + 11 TCP 192.168.1.7:53175 <-> 23.246.11.141:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][31 pkts/2571 bytes <-> 22 pkts/28042 bytes][Goodput ratio: 14/95][7.15 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.832 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/4 265/326 1355/1382 337/387][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 83/1275 423/1514 62/517][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJJ2TLhuiGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpP7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=Dh278u2UpApOCGUj5RxV8azNWX8&random=323765][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Binary file/data transfer (attempt) **][Risk Score: 110][Risk Info: Found host 23.246.11.141 / Entropy: 6.019 (Executable) / Found binary mime octet-stream][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,90,0,0] 12 TCP 192.168.1.7:53239 <-> 52.41.30.5:443 [proto: 91.133/TLS.NetFlix][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 7][cat: Video/26][22 pkts/6384 bytes <-> 26 pkts/23277 bytes][Goodput ratio: 77/93][1.73 sec][Hostname/SNI: api-global.netflix.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.570 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 48/42 437/291 101/61][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 290/895 1514/1514 442/626][TLSv1.2][JA3C: d8bfad189bd26664e04570c104ee8418][JA4: t12d1910h2_b5dc49c6fcca_f44caba5725b][ServerNames: api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com][Certificate SHA-1: FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C][Firefox][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 3,10,3,0,0,0,3,0,0,0,0,0,3,6,0,0,3,0,0,3,0,3,0,3,0,0,0,0,0,0,3,0,3,0,0,0,0,0,0,0,0,0,0,3,0,47,0,0] - 13 TCP 192.168.1.7:53177 <-> 23.246.11.141:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][32 pkts/2572 bytes <-> 23 pkts/26661 bytes][Goodput ratio: 14/94][7.05 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.824 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 248/271 635/1046 213/317][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 80/1159 426/1514 62/603][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQIpyTIBGjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_biCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=8Z78vL2i9OzihCA3M1LinMYcMY4&random=2386][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Binary file/data transfer (attempt) **][Risk Score: 60][Risk Info: Found host 23.246.11.141 / Found binary mime octet-stream][PLAIN TEXT (fGET /range/0)][Plen Bins: 0,5,0,0,0,0,0,0,0,0,0,5,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,80,0,0] - 14 TCP 192.168.1.7:53176 <-> 23.246.11.141:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][36 pkts/3030 bytes <-> 21 pkts/25455 bytes][Goodput ratio: 12/95][8.05 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.787 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/4 258/237 1250/1203 331/381][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 84/1212 424/1514 58/551][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJJqTIRqhGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_vlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=TnP59JB1wb5UTOCr0m-KQU2kGPo&random=413473][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Binary file/data transfer (attempt) **][Risk Score: 60][Risk Info: Found host 23.246.11.141 / Found binary mime octet-stream][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,84,0,0] - 15 TCP 192.168.1.7:53180 <-> 23.246.11.141:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][34 pkts/2864 bytes <-> 21 pkts/25456 bytes][Goodput ratio: 13/95][5.76 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.798 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 168/223 1162/1317 246/337][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 84/1212 426/1514 60/551][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJ5yTLBCkGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_3mCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=r5jtnnEcR8hDCkPImfEiWqWAjKk&random=1846][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Binary file/data transfer (attempt) **][Risk Score: 60][Risk Info: Found host 23.246.11.141 / Found binary mime octet-stream][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,84,0,0] - 16 TCP 192.168.1.7:53178 <-> 23.246.11.141:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][30 pkts/2553 bytes <-> 22 pkts/25510 bytes][Goodput ratio: 14/94][7.56 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.818 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/4 298/146 1317/530 354/131][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 85/1160 423/1514 63/590][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJJmULRajGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpfblHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=zezrDJDQvgO2TiYC1dT3imH4QC8&random=169467][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Binary file/data transfer (attempt) **][Risk Score: 60][Risk Info: Found host 23.246.11.141 / Found binary mime octet-stream][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,84,0,0] + 13 TCP 192.168.1.7:53177 <-> 23.246.11.141:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][32 pkts/2572 bytes <-> 23 pkts/26661 bytes][Goodput ratio: 14/94][7.05 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.824 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 248/271 635/1046 213/317][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 80/1159 426/1514 62/603][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQIpyTIBGjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_biCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=8Z78vL2i9OzihCA3M1LinMYcMY4&random=2386][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Binary file/data transfer (attempt) **][Risk Score: 110][Risk Info: Found host 23.246.11.141 / Entropy: 6.020 (Executable) / Found binary mime octet-stream][PLAIN TEXT (fGET /range/0)][Plen Bins: 0,5,0,0,0,0,0,0,0,0,0,5,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,80,0,0] + 14 TCP 192.168.1.7:53176 <-> 23.246.11.141:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][36 pkts/3030 bytes <-> 21 pkts/25455 bytes][Goodput ratio: 12/95][8.05 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.787 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/4 258/237 1250/1203 331/381][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 84/1212 424/1514 58/551][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJJqTIRqhGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_vlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=TnP59JB1wb5UTOCr0m-KQU2kGPo&random=413473][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Binary file/data transfer (attempt) **][Risk Score: 110][Risk Info: Found host 23.246.11.141 / Entropy: 6.031 (Executable) / Found binary mime octet-stream][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,84,0,0] + 15 TCP 192.168.1.7:53180 <-> 23.246.11.141:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][34 pkts/2864 bytes <-> 21 pkts/25456 bytes][Goodput ratio: 13/95][5.76 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.798 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 168/223 1162/1317 246/337][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 84/1212 426/1514 60/551][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJ5yTLBCkGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_3mCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=r5jtnnEcR8hDCkPImfEiWqWAjKk&random=1846][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Binary file/data transfer (attempt) **][Risk Score: 110][Risk Info: Found host 23.246.11.141 / Entropy: 6.019 (Executable) / Found binary mime octet-stream][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,84,0,0] + 16 TCP 192.168.1.7:53178 <-> 23.246.11.141:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][30 pkts/2553 bytes <-> 22 pkts/25510 bytes][Goodput ratio: 14/94][7.56 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.818 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/4 298/146 1317/530 354/131][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 85/1160 423/1514 63/590][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJJmULRajGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpfblHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=zezrDJDQvgO2TiYC1dT3imH4QC8&random=169467][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Binary file/data transfer (attempt) **][Risk Score: 110][Risk Info: Found host 23.246.11.141 / Entropy: 6.023 (Executable) / Found binary mime octet-stream][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,84,0,0] 17 TCP 192.168.1.7:53203 <-> 52.37.36.252:443 [proto: 91.133/TLS.NetFlix][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 7][cat: Video/26][28 pkts/22704 bytes <-> 17 pkts/5248 bytes][Goodput ratio: 92/78][32.21 sec][Hostname/SNI: ichnaea.netflix.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: 0.624 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 48/84 332/331 94/95][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 811/309 1514/1514 700/493][TLSv1.2][JA3C: c07cb55f88702033a8f52c046d23e0b2][JA4: t12d1909h2_b5dc49c6fcca_2cdefc264be7][ServerNames: ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com][Certificate SHA-1: 50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F][Firefox][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 8,8,4,0,0,4,0,4,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,60,0,0] 18 TCP 192.168.1.7:53249 <-> 52.41.30.5:443 [proto: 91.133/TLS.NetFlix][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 6][cat: Video/26][25 pkts/5934 bytes <-> 27 pkts/19952 bytes][Goodput ratio: 72/91][0.86 sec][Hostname/SNI: api-global.netflix.com][bytes ratio: -0.542 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 31/33 266/316 64/70][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 237/739 1514/1514 407/542][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: 7e72698146290dd68239f788a452e7d8][JA4: t12d190700_b5dc49c6fcca_3304d8368043][JA3S: 303951d4c50efb2e991652225a6f02b1][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 3,3,0,0,3,3,3,0,0,0,0,3,0,3,3,7,0,0,7,7,3,3,0,3,0,0,0,0,0,3,0,0,0,0,0,0,0,0,3,0,0,3,0,0,0,30,0,0] - 19 TCP 192.168.1.7:53174 <-> 23.246.11.141:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][35 pkts/2920 bytes <-> 19 pkts/22428 bytes][Goodput ratio: 12/94][7.38 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.770 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/0 222/250 636/1132 227/337][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 83/1180 424/1514 59/570][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJpmQIRekGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThrvnlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=mQfOf90-RY2Gd2ii20KJpCcYQVk&random=134564][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Binary file/data transfer (attempt) **][Risk Score: 60][Risk Info: Found host 23.246.11.141 / Found binary mime octet-stream][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,83,0,0] - 20 TCP 192.168.1.7:53181 <-> 23.246.11.141:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][34 pkts/2879 bytes <-> 20 pkts/22373 bytes][Goodput ratio: 12/94][8.26 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.772 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 238/289 1152/1208 301/406][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 85/1119 425/1514 60/614][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQLJ2TIBepGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpPbiCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=tTXu3c6FnJtfi6z0IJp3hw8eDv8&random=1294][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Binary file/data transfer (attempt) **][Risk Score: 60][Risk Info: Found host 23.246.11.141 / Found binary mime octet-stream][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,5,0,0,5,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,84,0,0] - 21 TCP 192.168.1.7:53217 <-> 23.246.11.141:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][12 pkts/1831 bytes <-> 18 pkts/23224 bytes][Goodput ratio: 56/95][0.40 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.854 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/22 30/71 10/19][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 153/1290 584/1514 191/435][URL: 23.246.11.141/?o=AQEfKq2oMrLRiWL2puNQJJ2TLhuiGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpP7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=Dh278u2UpApOCGUj5RxV8azNWX8][StatusCode: 206][Content-Type: application/octet-stream][Server: nginx][User-Agent: AppleCoreMedia/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Binary file/data transfer (attempt) **][Risk Score: 60][Risk Info: Found host 23.246.11.141 / Found binary mime octet-stream][PLAIN TEXT (oMrLRiWL2)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,5,5,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,74,0,0] - 22 TCP 192.168.1.7:53172 <-> 23.246.11.133:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][30 pkts/2610 bytes <-> 20 pkts/22422 bytes][Goodput ratio: 14/94][7.09 sec][Hostname/SNI: 23.246.11.133][bytes ratio: -0.791 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 255/290 811/1178 267/325][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 87/1121 424/1514 63/611][URL: 23.246.11.133/range/0-65535?o=AQEfKq2oMrLRiWL1ouVaJpeQLBWjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JfEef80K02ynIjLLoi-HZB1uQ10&random=247333][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Binary file/data transfer (attempt) **][Risk Score: 60][Risk Info: Found host 23.246.11.133 / Found binary mime octet-stream][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,5,0,5,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,84,0,0] - 23 TCP 192.168.1.7:53183 <-> 23.246.3.140:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][17 pkts/2227 bytes <-> 16 pkts/20481 bytes][Goodput ratio: 46/95][2.05 sec][Hostname/SNI: 23.246.3.140][bytes ratio: -0.804 (Download)][IAT c2s/s2c min/avg/max/stddev: 6/5 143/82 730/279 218/83][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 131/1280 578/1514 162/436][URL: 23.246.3.140/?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-8u4vlcPuFqcOLnLyb9DDtK-bB4][StatusCode: 206][Content-Type: application/octet-stream][Server: nginx][User-Agent: AppleCoreMedia/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Binary file/data transfer (attempt) **][Risk Score: 60][Risk Info: Found host 23.246.3.140 / Found binary mime octet-stream][PLAIN TEXT (oMrLRiWL)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,5,5,5,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,73,0,0] + 19 TCP 192.168.1.7:53174 <-> 23.246.11.141:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][35 pkts/2920 bytes <-> 19 pkts/22428 bytes][Goodput ratio: 12/94][7.38 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.770 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/0 222/250 636/1132 227/337][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 83/1180 424/1514 59/570][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJpmQIRekGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThrvnlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=mQfOf90-RY2Gd2ii20KJpCcYQVk&random=134564][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Binary file/data transfer (attempt) **][Risk Score: 110][Risk Info: Found host 23.246.11.141 / Entropy: 6.009 (Executable) / Found binary mime octet-stream][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,83,0,0] + 20 TCP 192.168.1.7:53181 <-> 23.246.11.141:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][34 pkts/2879 bytes <-> 20 pkts/22373 bytes][Goodput ratio: 12/94][8.26 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.772 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 238/289 1152/1208 301/406][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 85/1119 425/1514 60/614][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQLJ2TIBepGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpPbiCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=tTXu3c6FnJtfi6z0IJp3hw8eDv8&random=1294][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Binary file/data transfer (attempt) **][Risk Score: 110][Risk Info: Found host 23.246.11.141 / Entropy: 5.991 (Executable) / Found binary mime octet-stream][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,5,0,0,5,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,84,0,0] + 21 TCP 192.168.1.7:53217 <-> 23.246.11.141:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][12 pkts/1831 bytes <-> 18 pkts/23224 bytes][Goodput ratio: 56/95][0.40 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.854 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/22 30/71 10/19][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 153/1290 584/1514 191/435][URL: 23.246.11.141/?o=AQEfKq2oMrLRiWL2puNQJJ2TLhuiGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpP7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=Dh278u2UpApOCGUj5RxV8azNWX8][StatusCode: 206][Content-Type: application/octet-stream][Server: nginx][User-Agent: AppleCoreMedia/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Binary file/data transfer (attempt) **][Risk Score: 110][Risk Info: Found host 23.246.11.141 / Entropy: 5.976 (Executable) / Found binary mime octet-stream][PLAIN TEXT (oMrLRiWL2)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,5,5,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,74,0,0] + 22 TCP 192.168.1.7:53172 <-> 23.246.11.133:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][30 pkts/2610 bytes <-> 20 pkts/22422 bytes][Goodput ratio: 14/94][7.09 sec][Hostname/SNI: 23.246.11.133][bytes ratio: -0.791 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 255/290 811/1178 267/325][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 87/1121 424/1514 63/611][URL: 23.246.11.133/range/0-65535?o=AQEfKq2oMrLRiWL1ouVaJpeQLBWjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JfEef80K02ynIjLLoi-HZB1uQ10&random=247333][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Binary file/data transfer (attempt) **][Risk Score: 110][Risk Info: Found host 23.246.11.133 / Entropy: 6.004 (Executable) / Found binary mime octet-stream][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,5,0,5,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,84,0,0] + 23 TCP 192.168.1.7:53183 <-> 23.246.3.140:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][17 pkts/2227 bytes <-> 16 pkts/20481 bytes][Goodput ratio: 46/95][2.05 sec][Hostname/SNI: 23.246.3.140][bytes ratio: -0.804 (Download)][IAT c2s/s2c min/avg/max/stddev: 6/5 143/82 730/279 218/83][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 131/1280 578/1514 162/436][URL: 23.246.3.140/?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-8u4vlcPuFqcOLnLyb9DDtK-bB4][StatusCode: 206][Content-Type: application/octet-stream][Server: nginx][User-Agent: AppleCoreMedia/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Binary file/data transfer (attempt) **][Risk Score: 110][Risk Info: Found host 23.246.3.140 / Entropy: 5.933 (Executable) / Found binary mime octet-stream][PLAIN TEXT (oMrLRiWL)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,5,5,5,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,73,0,0] 24 TCP 192.168.1.7:53202 <-> 54.191.17.51:443 [proto: 91.133/TLS.NetFlix][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 7][cat: Video/26][22 pkts/10686 bytes <-> 16 pkts/7850 bytes][Goodput ratio: 86/86][0.92 sec][Hostname/SNI: ios.nccp.netflix.com][bytes ratio: 0.153 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 46/54 282/127 72/35][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 486/491 1514/1514 603/610][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: dc67ac8aaf8d7f69ecd6598135448f24][JA4: t12d910600_383454ac02f4_8587f467d9ea][ServerNames: *.nccp.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos][Subject: CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos][Certificate SHA-1: 97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33][Firefox][Validity: 2001-01-17 20:32:09 - 2018-03-24 20:32:09][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 10,15,0,5,0,0,0,0,0,0,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,5,0,0,0,5,0,0,0,0,0,0,5,37,0,0] 25 TCP 192.168.1.7:53153 <-> 184.25.204.24:80 [proto: 7.133/HTTP.NetFlix][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Video/26][6 pkts/636 bytes <-> 13 pkts/16794 bytes][Goodput ratio: 34/95][0.87 sec][Hostname/SNI: tp.akam.nflximg.com][bytes ratio: -0.927 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/27 41/71 80/192 29/49][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 106/1292 282/1514 79/521][URL: tp.akam.nflximg.com/tpa3/616/2041779616.bif][StatusCode: 200][Content-Type: text/plain][Server: Apache][User-Agent: Argo/900 CFNetwork/808.2.16 Darwin/16.3.0][Risk: ** HTTP Susp Content **][Risk Score: 100][Risk Info: Susp content 89424946][PLAIN TEXT (GET /tpa3/616/2041779616.bif HT)][Plen Bins: 0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,91,0,0] 26 TCP 192.168.1.7:53152 <-> 52.89.39.139:80 [proto: 7.133/HTTP.NetFlix][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 12][cat: Video/26][14 pkts/10001 bytes <-> 13 pkts/6504 bytes][Goodput ratio: 91/87][31.72 sec][Hostname/SNI: api-global.netflix.com][bytes ratio: 0.212 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/5 2877/42 31088/123 8921/33][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 714/500 1514/1514 676/651][URL: api-global.netflix.com/msl/nrdjs/2.1.2][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Argo/900 CFNetwork/808.2.16 Darwin/16.3.0][PLAIN TEXT (POST /msl/nrdjs/2.1.2 HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,9,0,0,0,0,72,0,0] @@ -73,9 +73,9 @@ JA3 Host Stats: 29 TCP 192.168.1.7:53150 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Video/26][10 pkts/941 bytes <-> 11 pkts/12318 bytes][Goodput ratio: 26/94][32.06 sec][Hostname/SNI: art-2.nflximg.net][bytes ratio: -0.858 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 4565/34 30963/63 10780/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 94/1120 311/1514 72/644][URL: art-2.nflximg.net/87b33/bed1223a0040fdc97bac4e906332e462c6e87b33.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: AmazonS3][User-Agent: Argo/9.1.0 (iPhone; iOS 10.2; Scale/2.00)][PLAIN TEXT (GET /87)][Plen Bins: 0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,88,0,0] 30 TCP 192.168.1.7:53149 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Video/26][6 pkts/653 bytes <-> 10 pkts/12252 bytes][Goodput ratio: 37/95][0.33 sec][Hostname/SNI: art-2.nflximg.net][bytes ratio: -0.899 (Download)][IAT c2s/s2c min/avg/max/stddev: 6/13 43/34 101/70 35/18][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 109/1225 311/1514 91/578][URL: art-2.nflximg.net/5758c/bb636e44b87ef854c331ed7b7b6e157e4945758c.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: AmazonS3][User-Agent: Argo/9.1.0 (iPhone; iOS 10.2; Scale/2.00)][PLAIN TEXT (GET /5758)][Plen Bins: 0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,88,0,0] 31 TCP 192.168.1.7:53119 <-> 54.69.204.241:443 [proto: 91.133/TLS.NetFlix][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 7][cat: Video/26][20 pkts/7639 bytes <-> 16 pkts/5235 bytes][Goodput ratio: 83/80][30.85 sec][Hostname/SNI: ichnaea.netflix.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: 0.187 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1923/16 30431/72 7361/24][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 382/327 1514/1514 559/501][TLSv1.2][JA3C: c07cb55f88702033a8f52c046d23e0b2][JA4: t12d1909h2_b5dc49c6fcca_2cdefc264be7][ServerNames: ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com][Certificate SHA-1: 50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F][Firefox][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 11,24,5,0,0,5,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,31,0,0] - 32 TCP 192.168.1.7:53184 <-> 23.246.11.141:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][9 pkts/1658 bytes <-> 10 pkts/11113 bytes][Goodput ratio: 62/94][0.68 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.740 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/5 73/76 356/206 117/70][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 184/1111 581/1514 211/518][URL: 23.246.11.141/?o=AQEfKq2oMrLRiWL2puNQJJqTIRqhGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_vlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=TnP59JB1wb5UTOCr0m-KQU2kGPo][StatusCode: 206][Content-Type: application/octet-stream][Server: nginx][User-Agent: AppleCoreMedia/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Binary file/data transfer (attempt) **][Risk Score: 60][Risk Info: Found host 23.246.11.141 / Found binary mime octet-stream][PLAIN TEXT (oMrLRiWL2)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,9,9,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,54,0,0] + 32 TCP 192.168.1.7:53184 <-> 23.246.11.141:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][9 pkts/1658 bytes <-> 10 pkts/11113 bytes][Goodput ratio: 62/94][0.68 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.740 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/5 73/76 356/206 117/70][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 184/1111 581/1514 211/518][URL: 23.246.11.141/?o=AQEfKq2oMrLRiWL2puNQJJqTIRqhGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_vlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=TnP59JB1wb5UTOCr0m-KQU2kGPo][StatusCode: 206][Content-Type: application/octet-stream][Server: nginx][User-Agent: AppleCoreMedia/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Binary file/data transfer (attempt) **][Risk Score: 110][Risk Info: Found host 23.246.11.141 / Entropy: 5.987 (Executable) / Found binary mime octet-stream][PLAIN TEXT (oMrLRiWL2)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,9,9,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,54,0,0] 33 TCP 192.168.1.7:53118 <-> 54.69.204.241:443 [proto: 91.133/TLS.NetFlix][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 7][cat: Video/26][19 pkts/7588 bytes <-> 15 pkts/5140 bytes][Goodput ratio: 83/81][30.38 sec][Hostname/SNI: ichnaea.netflix.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: 0.192 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2017/14 30033/55 7488/20][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 399/343 1514/1514 569/514][TLSv1.2][JA3C: c07cb55f88702033a8f52c046d23e0b2][JA4: t12d1909h2_b5dc49c6fcca_2cdefc264be7][ServerNames: ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com][Certificate SHA-1: 50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F][Firefox][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,18,6,0,0,6,0,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,31,0,0] - 34 TCP 192.168.1.7:53210 <-> 23.246.11.133:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][8 pkts/1564 bytes <-> 9 pkts/9556 bytes][Goodput ratio: 65/94][0.27 sec][Hostname/SNI: 23.246.11.133][bytes ratio: -0.719 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/5 26/29 45/41 14/13][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 196/1062 581/1514 221/531][URL: 23.246.11.133/?o=AQEfKq2oMrLRiWL1ouVaJpeQLBWjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JfEef80K02ynIjLLoi-HZB1uQ10][StatusCode: 206][Content-Type: application/octet-stream][Server: nginx][User-Agent: AppleCoreMedia/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Binary file/data transfer (attempt) **][Risk Score: 60][Risk Info: Found host 23.246.11.133 / Found binary mime octet-stream][PLAIN TEXT (oMrLRiWL1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,10,20,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] + 34 TCP 192.168.1.7:53210 <-> 23.246.11.133:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][8 pkts/1564 bytes <-> 9 pkts/9556 bytes][Goodput ratio: 65/94][0.27 sec][Hostname/SNI: 23.246.11.133][bytes ratio: -0.719 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/5 26/29 45/41 14/13][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 196/1062 581/1514 221/531][URL: 23.246.11.133/?o=AQEfKq2oMrLRiWL1ouVaJpeQLBWjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JfEef80K02ynIjLLoi-HZB1uQ10][StatusCode: 206][Content-Type: application/octet-stream][Server: nginx][User-Agent: AppleCoreMedia/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Binary file/data transfer (attempt) **][Risk Score: 110][Risk Info: Found host 23.246.11.133 / Entropy: 5.963 (Executable) / Found binary mime octet-stream][PLAIN TEXT (oMrLRiWL1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,10,20,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] 35 TCP 192.168.1.7:53238 <-> 52.32.22.214:443 [proto: 91.133/TLS.NetFlix][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 7][cat: Video/26][17 pkts/5528 bytes <-> 14 pkts/5406 bytes][Goodput ratio: 80/83][3.15 sec][Hostname/SNI: ios.nccp.netflix.com][bytes ratio: 0.011 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 218/303 2449/2522 645/743][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 325/386 1514/1514 478/534][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: dc67ac8aaf8d7f69ecd6598135448f24][JA4: t12d910600_383454ac02f4_8587f467d9ea][ServerNames: *.nccp.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos][Subject: CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos][Certificate SHA-1: 97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33][Firefox][Validity: 2001-01-17 20:32:09 - 2018-03-24 20:32:09][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 13,21,6,6,0,0,0,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,6,0,0,0,0,0,0,6,0,0,0,0,21,0,0] 36 TCP 192.168.1.7:53116 <-> 52.32.196.36:443 [proto: 91.133/TLS.NetFlix][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 7][cat: Video/26][11 pkts/3220 bytes <-> 11 pkts/7133 bytes][Goodput ratio: 77/90][0.34 sec][Hostname/SNI: api-global.netflix.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.378 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 22/29 75/67 27/28][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 293/648 1514/1514 432/662][TLSv1.2][JA3C: c07cb55f88702033a8f52c046d23e0b2][JA4: t12d1909h2_b5dc49c6fcca_2cdefc264be7][ServerNames: api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com][Certificate SHA-1: FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C][Firefox][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 7,15,7,0,0,0,7,7,0,0,0,7,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0] 37 TCP 192.168.1.7:53248 <-> 52.32.22.214:443 [proto: 91.133/TLS.NetFlix][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 7][cat: Video/26][12 pkts/5165 bytes <-> 10 pkts/5074 bytes][Goodput ratio: 84/87][0.34 sec][Hostname/SNI: ios.nccp.netflix.com][bytes ratio: 0.009 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 31/31 85/65 31/27][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 430/507 1514/1514 533/591][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: dc67ac8aaf8d7f69ecd6598135448f24][JA4: t12d910600_383454ac02f4_8587f467d9ea][ServerNames: *.nccp.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos][Subject: CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos][Certificate SHA-1: 97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33][Firefox][Validity: 2001-01-17 20:32:09 - 2018-03-24 20:32:09][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,25,0,8,0,0,0,0,8,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8,0,0,0,0,0,8,0,0,0,0,0,25,0,0] @@ -85,7 +85,7 @@ JA3 Host Stats: 41 TCP 192.168.1.7:53134 <-> 52.89.39.139:443 [proto: 91.133/TLS.NetFlix][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 6][cat: Video/26][14 pkts/3548 bytes <-> 11 pkts/4653 bytes][Goodput ratio: 74/84][30.77 sec][Hostname/SNI: api-global.netflix.com][bytes ratio: -0.135 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 29/22 143/79 43/29][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 253/423 1514/1514 422/512][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: 7e72698146290dd68239f788a452e7d8][JA4: t12d190700_b5dc49c6fcca_3304d8368043][JA3S: 303951d4c50efb2e991652225a6f02b1][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 18,9,0,0,9,0,9,0,0,0,0,0,9,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,18,0,0] 42 TCP 192.168.1.7:53115 <-> 52.32.196.36:443 [proto: 91.133/TLS.NetFlix][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 7][cat: Video/26][16 pkts/1657 bytes <-> 12 pkts/5005 bytes][Goodput ratio: 36/84][30.93 sec][Hostname/SNI: api-global.netflix.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.503 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2373/20 30602/58 8149/26][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 104/417 309/1514 78/548][TLSv1.2][JA3C: c07cb55f88702033a8f52c046d23e0b2][JA4: t12d1909h2_b5dc49c6fcca_2cdefc264be7][ServerNames: api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com][Certificate SHA-1: FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C][Firefox][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 15,23,15,0,0,0,7,15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0] 43 TCP 192.168.1.7:53141 <-> 104.86.97.179:443 [proto: 91.133/TLS.NetFlix][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 9][cat: Video/26][19 pkts/2356 bytes <-> 8 pkts/4069 bytes][Goodput ratio: 46/87][0.12 sec][Hostname/SNI: art-s.nflximg.net][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.267 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/7 26/21 9/8][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 124/509 293/1514 58/602][TLSv1.2][JA3C: c07cb55f88702033a8f52c046d23e0b2][JA4: t12d1909h2_b5dc49c6fcca_2cdefc264be7][ServerNames: secure.cdn.nflximg.net,*.nflxext.com,*.nflxvideo.net,*.nflxsearch.net,*.nrd.nflximg.net,*.nflximg.net][JA3S: ef6b224ce027c8e21e5a25d8a58255a3][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=California, L=Los Gatos, O=Netflix, Inc., OU=Content Delivery Operations, CN=secure.cdn.nflximg.net][Certificate SHA-1: 0D:EF:D1:E6:29:11:1A:A5:88:B3:2F:04:65:D6:D7:AD:84:A2:52:26][Firefox][Validity: 2016-04-06 00:00:00 - 2017-04-05 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 5,28,39,0,5,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0] - 44 TCP 192.168.1.7:53164 <-> 23.246.10.139:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][5 pkts/698 bytes <-> 5 pkts/5198 bytes][Goodput ratio: 51/93][0.08 sec][Hostname/SNI: 23.246.10.139][bytes ratio: -0.763 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/1 18/14 35/35 11/13][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 140/1040 422/1514 141/603][URL: 23.246.10.139/range/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-djGXIcbFBNzyfugqEWcrgtCpyY&random=34073607][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Binary file/data transfer (attempt) **][Risk Score: 60][Risk Info: Found host 23.246.10.139 / Found binary mime octet-stream][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0] + 44 TCP 192.168.1.7:53164 <-> 23.246.10.139:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][5 pkts/698 bytes <-> 5 pkts/5198 bytes][Goodput ratio: 51/93][0.08 sec][Hostname/SNI: 23.246.10.139][bytes ratio: -0.763 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/1 18/14 35/35 11/13][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 140/1040 422/1514 141/603][URL: 23.246.10.139/range/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-djGXIcbFBNzyfugqEWcrgtCpyY&random=34073607][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Binary file/data transfer (attempt) **][Risk Score: 110][Risk Info: Found host 23.246.10.139 / Entropy: 6.038 (Executable) / Found binary mime octet-stream][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0] 45 TCP 192.168.1.7:53250 <-> 52.41.30.5:443 [proto: 91.133/TLS.NetFlix][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 6][cat: Video/26][10 pkts/2830 bytes <-> 7 pkts/2484 bytes][Goodput ratio: 76/81][0.21 sec][Hostname/SNI: api-global.netflix.com][bytes ratio: 0.065 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 26/20 92/54 34/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 283/355 1450/1066 419/413][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: 7e72698146290dd68239f788a452e7d8][JA4: t12d190700_b5dc49c6fcca_3304d8368043][JA3S: 303951d4c50efb2e991652225a6f02b1][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,12,0,0,12,0,12,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,12,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0] 46 TCP 192.168.1.7:53117 <-> 52.32.196.36:443 [proto: 91.133/TLS.NetFlix][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 6][cat: Video/26][12 pkts/1294 bytes <-> 8 pkts/1723 bytes][Goodput ratio: 39/69][30.71 sec][Hostname/SNI: api-global.netflix.com][bytes ratio: -0.142 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 3064/6120 30486/30536 9141/12208][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 108/215 309/989 83/296][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: 7e72698146290dd68239f788a452e7d8][JA4: t12d190700_b5dc49c6fcca_3304d8368043][JA3S: 303951d4c50efb2e991652225a6f02b1][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 25,12,12,0,12,0,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 47 UDP 192.168.1.7:53776 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][16 pkts/2648 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][79.13 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 105/0 4588/0 14907/0 6547/0][Pkt Len c2s/s2c min/avg/max/stddev: 164/0 166/0 167/0 2/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/nintendo.pcap.out b/tests/cfgs/default/result/nintendo.pcap.out index 6f1ed86a3b8..2f1a4529520 100644 --- a/tests/cfgs/default/result/nintendo.pcap.out +++ b/tests/cfgs/default/result/nintendo.pcap.out @@ -52,13 +52,13 @@ JA3 Host Stats: 9 UDP 192.168.12.114:52119 <-> 134.3.248.25:56955 [proto: 173/Nintendo][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][8 pkts/1040 bytes <-> 7 pkts/922 bytes][Goodput ratio: 68/68][1.15 sec][bytes ratio: 0.060 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 9/17 108/127 288/286 109/90][Pkt Len c2s/s2c min/avg/max/stddev: 102/102 130/132 198/198 40/42][Plen Bins: 0,53,20,0,26,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 10 ICMP 151.6.184.100:0 -> 192.168.12.114:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][21 pkts/1470 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][0.73 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 40/0 315/0 92/0][Pkt Len c2s/s2c min/avg/max/stddev: 70/0 70/0 70/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 11 UDP 192.168.12.114:10184 <-> 192.168.12.1:53 [proto: 5.173/DNS.Nintendo][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][4 pkts/368 bytes <-> 4 pkts/400 bytes][Goodput ratio: 54/58][0.01 sec][Hostname/SNI: g2df33d01-lp1.p.srv.nintendo.net][52.10.205.177][bytes ratio: -0.042 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 4/4 4/4 5/5 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/92 92/100 92/108 0/8][PLAIN TEXT (nintendo)][Plen Bins: 0,75,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 12 UDP 192.168.12.114:52119 -> 52.10.205.177:34343 [proto: 265/AmazonAWS][IP: 265/AmazonAWS][Encrypted][Confidence: Match by IP][DPI packets: 1][cat: Cloud/13][1 pkts/730 bytes -> 0 pkts/0 bytes][Goodput ratio: 94/0][< 1 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy 7.62][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 12 UDP 192.168.12.114:52119 -> 52.10.205.177:34343 [proto: 265/AmazonAWS][IP: 265/AmazonAWS][Encrypted][Confidence: Match by IP][DPI packets: 1][cat: Cloud/13][1 pkts/730 bytes -> 0 pkts/0 bytes][Goodput ratio: 94/0][< 1 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy: 7.623 (Encrypted or Random)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 13 ICMP 151.6.184.98:0 -> 192.168.12.114:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][9 pkts/630 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][0.60 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 75/0 316/0 130/0][Pkt Len c2s/s2c min/avg/max/stddev: 70/0 70/0 70/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 14 UDP 192.168.12.114:55915 <-> 35.158.74.61:10025 [proto: 265/AmazonAWS][IP: 265/AmazonAWS][Encrypted][Confidence: Match by IP][DPI packets: 10][cat: Cloud/13][5 pkts/290 bytes <-> 5 pkts/290 bytes][Goodput ratio: 27/27][0.06 sec][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1/1 4/3 2/1][Pkt Len c2s/s2c min/avg/max/stddev: 58/58 58/58 58/58 0/0][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 15 UDP 192.168.12.114:18874 <-> 192.168.12.1:53 [proto: 5.173/DNS.Nintendo][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/110 bytes <-> 1 pkts/281 bytes][Goodput ratio: 61/85][0.03 sec][Hostname/SNI: e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com][54.192.27.217][PLAIN TEXT (fb203858ebc)][Plen Bins: 0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 16 UDP 192.168.12.114:51035 <-> 192.168.12.1:53 [proto: 5.173/DNS.Nintendo][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/110 bytes <-> 1 pkts/281 bytes][Goodput ratio: 61/85][< 1 sec][Hostname/SNI: e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com][54.192.27.8][PLAIN TEXT (fb203858ebc)][Plen Bins: 0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 17 UDP 192.168.12.114:52119 -> 35.158.74.61:33335 [proto: 173/Nintendo][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][3 pkts/354 bytes -> 0 pkts/0 bytes][Goodput ratio: 64/0][0.00 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 18 UDP 192.168.12.114:55915 -> 35.158.74.61:33335 [proto: 265/AmazonAWS][IP: 265/AmazonAWS][Encrypted][Confidence: Match by IP][DPI packets: 3][cat: Cloud/13][3 pkts/318 bytes -> 0 pkts/0 bytes][Goodput ratio: 60/0][0.00 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (NATTestId)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 19 UDP 192.168.12.114:55915 -> 52.10.205.177:34343 [proto: 265/AmazonAWS][IP: 265/AmazonAWS][Encrypted][Confidence: Match by IP][DPI packets: 1][cat: Cloud/13][1 pkts/298 bytes -> 0 pkts/0 bytes][Goodput ratio: 86/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 19 UDP 192.168.12.114:55915 -> 52.10.205.177:34343 [proto: 265/AmazonAWS][IP: 265/AmazonAWS][Encrypted][Confidence: Match by IP][DPI packets: 1][cat: Cloud/13][1 pkts/298 bytes -> 0 pkts/0 bytes][Goodput ratio: 86/0][< 1 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy: 6.886 (Compressed Executable)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 20 UDP 192.168.12.114:55915 -> 35.158.74.61:33334 [proto: 265/AmazonAWS][IP: 265/AmazonAWS][Encrypted][Confidence: Match by IP][DPI packets: 5][cat: Cloud/13][5 pkts/290 bytes -> 0 pkts/0 bytes][Goodput ratio: 27/0][0.00 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 21 TCP 192.168.12.114:11534 <-> 54.146.242.74:443 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: Match by port][DPI packets: 2][cat: Web/5][1 pkts/54 bytes <-> 1 pkts/54 bytes][Goodput ratio: 0/0][0.18 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/ocs.pcap.out b/tests/cfgs/default/result/ocs.pcap.out index 5c33361344d..016f28ee389 100644 --- a/tests/cfgs/default/result/ocs.pcap.out +++ b/tests/cfgs/default/result/ocs.pcap.out @@ -53,7 +53,7 @@ JA3 Host Stats: 7 TCP 192.168.180.2:41223 -> 216.58.208.46:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 8][cat: Web/5][13 pkts/1448 bytes -> 0 pkts/0 bytes][Goodput ratio: 50/0][0.81 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 49/0 103/0 38/0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 111/0 425/0 106/0][Risk: ** Obsolete TLS (v1.1 or older) **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / TLSv1][TLSv1][JA3C: 5a236bfc3d18ddef1b1f2f4c9e765d66][JA4: t10d350200_1f24bcc5f17d_33a13ba74d1c][Plen Bins: 0,25,0,0,25,25,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 8 TCP 192.168.180.2:48250 -> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][IP: 218/OCS][ClearText][Confidence: DPI][DPI packets: 6][cat: Media/1][6 pkts/1092 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][1.36 sec][Hostname/SNI: ocu03.labgency.ws][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 272/0 1043/0 395/0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 182/0 824/0 287/0][URL: ocu03.labgency.ws/catalog/vod?v=3][User-Agent: Mozilla/5.0 (Linux; U; Android 4.0.4; fr-fr; GT-P7510 Build/IMM76D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (POST /catalog/vod)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 9 TCP 192.168.180.2:44959 -> 137.135.129.206:80 [proto: 7/HTTP][IP: 276/Azure][ClearText][Confidence: DPI][DPI packets: 7][cat: Web/5][7 pkts/540 bytes -> 0 pkts/0 bytes][Goodput ratio: 31/0][1.18 sec][Hostname/SNI: api.eu01.capptain.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 197/0 503/0 209/0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 77/0 136/0 37/0][URL: api.eu01.capptain.com/ip-to-country][Risk: ** HTTP Susp User-Agent **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / Empty or missing User-Agent][PLAIN TEXT (GET /ip)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 10 TCP 192.168.180.2:53356 -> 137.135.129.206:80 [proto: 7/HTTP][IP: 276/Azure][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][6 pkts/479 bytes -> 0 pkts/0 bytes][Goodput ratio: 33/0][0.23 sec][Hostname/SNI: api.eu01.capptain.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/0 46/0 101/0 39/0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 80/0 211/0 59/0][URL: api.eu01.capptain.com/xmpp-disco?deviceid=f2c993d6218f5e22fe284b2e90c82f3b&push_on_device=true&appid=ocs000003][Risk: ** HTTP Susp User-Agent **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / Empty or missing User-Agent][PLAIN TEXT (GET /xmpp)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 10 TCP 192.168.180.2:53356 -> 137.135.129.206:80 [proto: 7/HTTP][IP: 276/Azure][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][6 pkts/479 bytes -> 0 pkts/0 bytes][Goodput ratio: 33/0][0.23 sec][Hostname/SNI: api.eu01.capptain.com][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/0 46/0 101/0 39/0][Pkt Len c2s/s2c min/avg/max/stddev: 52/0 80/0 211/0 59/0][URL: api.eu01.capptain.com/xmpp-disco?deviceid=f2c993d6218f5e22fe284b2e90c82f3b&push_on_device=true&appid=ocs000003][Risk: ** HTTP Susp User-Agent **** Susp Entropy **** Unidirectional Traffic **][Risk Score: 160][Risk Info: No server to client traffic / Empty or missing User-Agent / Entropy: 5.168 (Executable)][PLAIN TEXT (GET /xmpp)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 11 TCP 192.168.180.2:46166 -> 137.135.131.52:5122 [proto: 276/Azure][IP: 276/Azure][Encrypted][Confidence: Match by IP][DPI packets: 6][cat: Cloud/13][6 pkts/360 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][31.08 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 998/0 6216/0 16046/0 5473/0][Pkt Len c2s/s2c min/avg/max/stddev: 60/0 60/0 60/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 12 TCP 192.168.180.2:47699 -> 64.233.184.188:5228 [proto: 126/Google][IP: 126/Google][Encrypted][Confidence: Match by IP][DPI packets: 2][cat: Web/5][2 pkts/120 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][8.01 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 13 UDP 192.168.180.2:3621 -> 8.8.8.8:53 [proto: 5/DNS][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/77 bytes -> 0 pkts/0 bytes][Goodput ratio: 63/0][< 1 sec][Hostname/SNI: xmpp.device06.eu01.capptain.com][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (device06)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/ocsp.pcapng.out b/tests/cfgs/default/result/ocsp.pcapng.out index e51d9256376..56dfc7ce501 100644 --- a/tests/cfgs/default/result/ocsp.pcapng.out +++ b/tests/cfgs/default/result/ocsp.pcapng.out @@ -12,9 +12,9 @@ LRU cache stun_zoom: 0/0/0 (insert/search/found) Automa host: 1/0 (search/found) Automa domain: 1/0 (search/found) Automa tls cert: 0/0 (search/found) -Automa risk mask: 0/0 (search/found) +Automa risk mask: 1/0 (search/found) Automa common alpns: 0/0 (search/found) -Patricia risk mask: 0/0 (search/found) +Patricia risk mask: 2/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 0/0 (search/found) @@ -26,7 +26,7 @@ OCSP 344 73647 10 Safe 344 73647 10 1 TCP 192.168.1.128:49034 <-> 23.12.96.145:80 [proto: 7.63/HTTP.OCSP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Network/14][24 pkts/3999 bytes <-> 22 pkts/8476 bytes][Goodput ratio: 29/69][117.30 sec][Hostname/SNI: ocsp.entrust.net][bytes ratio: -0.359 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5094/5187 10241/10241 4906/5058][Pkt Len c2s/s2c min/avg/max/stddev: 118/118 167/385 505/1566 128/500][URL: ocsp.entrust.net/][StatusCode: 200][Req Content-Type: application/ocsp-request][Content-Type: application/ocsp-response][User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko/20100101 Firefox/89.0][PLAIN TEXT (BHPOST / HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0] - 2 TCP 192.168.1.227:49813 <-> 109.70.240.130:80 [proto: 7.63/HTTP.OCSP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][10 pkts/2245 bytes <-> 13 pkts/8626 bytes][Goodput ratio: 51/84][65.14 sec][Hostname/SNI: ocsp07.actalis.it][bytes ratio: -0.587 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/8 28/36 10/15][Pkt Len c2s/s2c min/avg/max/stddev: 112/112 224/664 491/1566 171/540][URL: ocsp07.actalis.it/VA/AUTH-ROOT/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSw4x5v4bTlizjNRmTdkYSy7q0R9gQUUtiIOsifeGbtifN7OHCUyQICNtACEEWXMtjzGMt1k6L0aA%2BQ6tk%3D][StatusCode: 200][Content-Type: application/ocsp-response][Server: nginx][User-Agent: Microsoft-CryptoAPI/10.0][PLAIN TEXT (GET /VA/AUTH)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,41,8,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] + 2 TCP 192.168.1.227:49813 <-> 109.70.240.130:80 [proto: 7.63/HTTP.OCSP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][10 pkts/2245 bytes <-> 13 pkts/8626 bytes][Goodput ratio: 51/84][65.14 sec][Hostname/SNI: ocsp07.actalis.it][bytes ratio: -0.587 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/8 28/36 10/15][Pkt Len c2s/s2c min/avg/max/stddev: 112/112 224/664 491/1566 171/540][URL: ocsp07.actalis.it/VA/AUTH-ROOT/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSw4x5v4bTlizjNRmTdkYSy7q0R9gQUUtiIOsifeGbtifN7OHCUyQICNtACEEWXMtjzGMt1k6L0aA%2BQ6tk%3D][StatusCode: 200][Content-Type: application/ocsp-response][Server: nginx][User-Agent: Microsoft-CryptoAPI/10.0][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.810 (Executable)][PLAIN TEXT (GET /VA/AUTH)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,41,8,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] 3 TCP 192.168.1.128:47904 <-> 93.184.220.29:80 [proto: 7.63/HTTP.OCSP][IP: 288/Edgecast][ClearText][Confidence: DPI][DPI packets: 6][cat: Network/14][27 pkts/4355 bytes <-> 23 pkts/5119 bytes][Goodput ratio: 27/47][166.99 sec][Hostname/SNI: ocsp.digicert.com][bytes ratio: -0.081 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2/0 6194/7858 10240/10240 4838/4216][Pkt Len c2s/s2c min/avg/max/stddev: 118/118 161/223 505/917 122/269][URL: ocsp.digicert.com/][StatusCode: 200][Req Content-Type: application/ocsp-request][Content-Type: application/ocsp-response][Server: ECS (mil/6CEA)][User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko/20100101 Firefox/89.0][PLAIN TEXT (POST / HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 4 TCP 192.168.1.128:54154 <-> 142.250.184.99:80 [proto: 7.63/HTTP.OCSP][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 6][cat: Network/14][26 pkts/3864 bytes <-> 24 pkts/4244 bytes][Goodput ratio: 20/33][193.02 sec][Hostname/SNI: ocsp.pki.goog][bytes ratio: -0.047 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/7 7460/8270 10243/10242 4397/3814][Pkt Len c2s/s2c min/avg/max/stddev: 118/118 149/177 512/820 105/194][URL: ocsp.pki.goog/gts1o1core][StatusCode: 200][Req Content-Type: application/ocsp-request][Content-Type: application/ocsp-response][Server: ocsp_responder][User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko/20100101 Firefox/89.0][PLAIN TEXT (POST /gts)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 5 TCP 192.168.1.128:43728 <-> 92.122.95.235:80 [proto: 7.63/HTTP.OCSP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Network/14][19 pkts/3022 bytes <-> 17 pkts/3792 bytes][Goodput ratio: 26/47][123.97 sec][Hostname/SNI: r3.o.lencr.org][bytes ratio: -0.113 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 6898/7491 10244/10244 4464/4342][Pkt Len c2s/s2c min/avg/max/stddev: 118/118 159/223 504/1007 118/286][URL: r3.o.lencr.org/][StatusCode: 200][Req Content-Type: application/ocsp-request][Content-Type: application/ocsp-response][Server: nginx][User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko/20100101 Firefox/89.0][PLAIN TEXT (xPOST / HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_2.pcapng.out b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_2.pcapng.out index dcc3dcada41..1158c869b11 100644 --- a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_2.pcapng.out +++ b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_2.pcapng.out @@ -18,7 +18,7 @@ Automa domain: 0/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) Automa common alpns: 0/0 (search/found) -Patricia risk mask: 0/0 (search/found) +Patricia risk mask: 2/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 0/0 (search/found) diff --git a/tests/cfgs/default/result/portable_executable.pcap.out b/tests/cfgs/default/result/portable_executable.pcap.out index 075cd547088..ba3175dae11 100644 --- a/tests/cfgs/default/result/portable_executable.pcap.out +++ b/tests/cfgs/default/result/portable_executable.pcap.out @@ -30,8 +30,8 @@ DNS 15 12154 1 Acceptable 15 12154 1 Unrated 15 12160 1 - 1 TCP 64.227.107.71:53 <-> 172.16.99.10:49652 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 15][cat: Network/14][11 pkts/11914 bytes <-> 4 pkts/240 bytes][Goodput ratio: 95/0][0.37 sec][::][bytes ratio: 0.961 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 40/182 362/364 114/182][Pkt Len c2s/s2c min/avg/max/stddev: 58/60 1083/60 1310/60 481/0][Risk: ** Binary App Transfer **** Malformed Packet **][Risk Score: 160][Risk Info: Invalid DNS Header / Portable Executable (PE32/PE32+) found][PLAIN TEXT (This program cannot be run in D)][Plen Bins: 10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,90,0,0,0,0,0,0,0,0] + 1 TCP 64.227.107.71:53 <-> 172.16.99.10:49652 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 15][cat: Network/14][11 pkts/11914 bytes <-> 4 pkts/240 bytes][Goodput ratio: 95/0][0.37 sec][::][bytes ratio: 0.961 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 40/182 362/364 114/182][Pkt Len c2s/s2c min/avg/max/stddev: 58/60 1083/60 1310/60 481/0][Risk: ** Binary App Transfer **** Malformed Packet **** Susp Entropy **][Risk Score: 210][Risk Info: Invalid DNS Header / Portable Executable (PE32/PE32+) found / Entropy: 5.990 (Executable)][PLAIN TEXT (This program cannot be run in D)][Plen Bins: 10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,90,0,0,0,0,0,0,0,0] Undetected flows: - 1 TCP 172.16.99.201:1732 <-> 64.227.107.71:4444 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 15][4 pkts/246 bytes <-> 11 pkts/11914 bytes][Goodput ratio: 0/95][0.73 sec][bytes ratio: -0.960 (Download)][IAT c2s/s2c min/avg/max/stddev: 329/0 364/45 398/398 34/125][Pkt Len c2s/s2c min/avg/max/stddev: 60/58 62/1083 66/1310 3/481][Risk: ** Binary App Transfer **][Risk Score: 150][Risk Info: Portable Executable (PE32/PE32+) found][PLAIN TEXT (This program cannot be run in D)][Plen Bins: 10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,90,0,0,0,0,0,0,0,0] + 1 TCP 172.16.99.201:1732 <-> 64.227.107.71:4444 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 15][4 pkts/246 bytes <-> 11 pkts/11914 bytes][Goodput ratio: 0/95][0.73 sec][bytes ratio: -0.960 (Download)][IAT c2s/s2c min/avg/max/stddev: 329/0 364/45 398/398 34/125][Pkt Len c2s/s2c min/avg/max/stddev: 60/58 62/1083 66/1310 3/481][Risk: ** Binary App Transfer **** Susp Entropy **][Risk Score: 200][Risk Info: Portable Executable (PE32/PE32+) found / Entropy: 6.154 (Executable)][PLAIN TEXT (This program cannot be run in D)][Plen Bins: 10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,90,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/pps.pcap.out b/tests/cfgs/default/result/pps.pcap.out index 2779c72d733..49e167ef759 100644 --- a/tests/cfgs/default/result/pps.pcap.out +++ b/tests/cfgs/default/result/pps.pcap.out @@ -17,7 +17,7 @@ LRU cache stun_zoom: 0/29/0 (insert/search/found) Automa host: 58/18 (search/found) Automa domain: 58/0 (search/found) Automa tls cert: 0/0 (search/found) -Automa risk mask: 1/1 (search/found) +Automa risk mask: 3/1 (search/found) Automa common alpns: 0/0 (search/found) Patricia risk mask: 136/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) @@ -38,7 +38,7 @@ Acceptable 195 101385 55 Fun 56 36585 20 Unrated 618 227656 29 - 1 TCP 192.168.115.8:50491 <-> 223.26.106.66:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Web/5][1 pkts/426 bytes <-> 26 pkts/33872 bytes][Goodput ratio: 87/96][0.02 sec][Hostname/SNI: 223.26.106.66][bytes ratio: -0.975 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/3 0/1][Pkt Len c2s/s2c min/avg/max/stddev: 426/1022 426/1303 426/1314 0/56][URL: 223.26.106.66/videos/v0/20160625/a5/bf/8de9bb946972a88589d1667862292130.f4v?key=07eef1821e2379d3136ffe16082185ba2&src=iqiyi.com&&tn=137719&uuid=76a3085a-57760844-de][User-Agent: QY-Player-Windows/2.0.102][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 10][Risk Info: Found host 223.26.106.66][PLAIN TEXT (GET /videos/v)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,93,0,0,0,0,0,0,0,0] + 1 TCP 192.168.115.8:50491 <-> 223.26.106.66:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Web/5][1 pkts/426 bytes <-> 26 pkts/33872 bytes][Goodput ratio: 87/96][0.02 sec][Hostname/SNI: 223.26.106.66][bytes ratio: -0.975 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/3 0/1][Pkt Len c2s/s2c min/avg/max/stddev: 426/1022 426/1303 426/1314 0/56][URL: 223.26.106.66/videos/v0/20160625/a5/bf/8de9bb946972a88589d1667862292130.f4v?key=07eef1821e2379d3136ffe16082185ba2&src=iqiyi.com&&tn=137719&uuid=76a3085a-57760844-de][User-Agent: QY-Player-Windows/2.0.102][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **][Risk Score: 60][Risk Info: Found host 223.26.106.66 / Entropy: 5.429 (Executable)][PLAIN TEXT (GET /videos/v)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,93,0,0,0,0,0,0,0,0] 2 TCP 192.168.115.8:50486 <-> 77.234.40.96:80 [proto: 7.283/HTTP.Cybersec][IP: 307/AVAST][ClearText][Confidence: DPI][DPI packets: 9][cat: Download/7][11 pkts/11023 bytes <-> 12 pkts/14869 bytes][Goodput ratio: 95/96][13.04 sec][Hostname/SNI: bcu.ff.avast.com][bytes ratio: -0.149 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 68/0 307/0 127/0][Pkt Len c2s/s2c min/avg/max/stddev: 231/536 1002/1239 1314/1314 434/215][URL: bcu.ff.avast.com/bc2][StatusCode: 200][Req Content-Type: application/x-enc][Content-Type: application/octet-stream][Server: nginx/1.8.0][User-Agent: {D699054D-1699-47D2-9B2B-E96F438C1160}][Risk: ** HTTP Susp User-Agent **** HTTP Obsolete Server **** Binary file/data transfer (attempt) **][Risk Score: 200][Risk Info: Suspicious Log4J / Obsolete nginx server 1.8.0 / Found binary mime octet-stream][PLAIN TEXT (POST /bc2 HTTP/1.1)][Plen Bins: 0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,4,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,75,0,0,0,0,0,0,0,0] 3 TCP 192.168.115.8:50778 <-> 223.26.106.20:80 [proto: 7.54/HTTP.PPStream][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/303 bytes <-> 9 pkts/11826 bytes][Goodput ratio: 82/96][0.09 sec][Hostname/SNI: preimage1.qiyipic.com][bytes ratio: -0.950 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/4 0/30 0/10][Pkt Len c2s/s2c min/avg/max/stddev: 303/1314 303/1314 303/1314 0/0][URL: preimage1.qiyipic.com/preimage/20160506/f0/1f/v_110359998_m_611_160_90_1.jpg?no=1][StatusCode: 200][Content-Type: image/jpeg][Server: QWS][User-Agent: Qiyi List Client PC 5.2.15.2240][PLAIN TEXT (GET /preimage/20160506/f0/1)][Plen Bins: 0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,90,0,0,0,0,0,0,0,0] 4 UDP 192.168.5.38:1900 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][18 pkts/9327 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][6.36 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 46/0 393/0 2654/0 855/0][Pkt Len c2s/s2c min/avg/max/stddev: 473/0 518/0 553/0 30/0][PLAIN TEXT (NOTIFY )][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -56,29 +56,29 @@ Unrated 618 227656 29 16 TCP 192.168.115.8:50779 <-> 111.206.22.77:80 [proto: 7.54/HTTP.PPStream][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Streaming/17][2 pkts/1438 bytes <-> 1 pkts/194 bytes][Goodput ratio: 92/72][0.10 sec][Hostname/SNI: msg.iqiyi.com][URL: msg.iqiyi.com/b?pf=201&p=11&p1=114&ap=0&source1=list&source2=online_l&t=201&ct=clt__pl_play&album_id=180932301&c1=479531000&clt=homedl&cn=160505-%E6%AD%A3%E7%89%87%EF%BC%9A%E9%83%91%E6%81%BA%E6%AC%A7%E5%B7%B4%E4%BA%8C%E6%AC%A1%E5%BD%92%E6%9D%A5%E5%8F%8D%E][StatusCode: 200][Content-Type: text/html][Server: nginx/1.8.0][User-Agent: Qiyi List Client PC 5.2.15.2240][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete nginx server 1.8.0][PLAIN TEXT (GET /b)][Plen Bins: 0,0,33,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0] 17 UDP 192.168.5.38:58897 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][9 pkts/1575 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][24.02 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2999/0 3002/0 3008/0 3/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 18 UDP 192.168.115.1:50945 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][9 pkts/1539 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][6.03 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 30/0 753/0 2839/0 1189/0][Pkt Len c2s/s2c min/avg/max/stddev: 165/0 171/0 175/0 5/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,44,55,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 19 TCP 192.168.115.8:50464 <-> 123.125.112.49:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/707 bytes <-> 1 pkts/744 bytes][Goodput ratio: 92/93][0.12 sec][Hostname/SNI: click.hm.baidu.com][URL: click.hm.baidu.com/clk?53e25e33e064c657c06b558e5c3c33fd][StatusCode: 302][Server: apache][User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)/QY-Player-Windows/2.0.102][PLAIN TEXT (GET /clk)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 19 TCP 192.168.115.8:50464 <-> 123.125.112.49:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/707 bytes <-> 1 pkts/744 bytes][Goodput ratio: 92/93][0.12 sec][Hostname/SNI: click.hm.baidu.com][URL: click.hm.baidu.com/clk?53e25e33e064c657c06b558e5c3c33fd][StatusCode: 302][Server: apache][User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)/QY-Player-Windows/2.0.102][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.710 (Executable)][PLAIN TEXT (GET /clk)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 20 TCP 192.168.115.8:50492 <-> 111.206.13.3:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/389 bytes <-> 2 pkts/1034 bytes][Goodput ratio: 86/89][0.28 sec][Hostname/SNI: pdata.video.qiyi.com][URL: pdata.video.qiyi.com/2efc8cd5fbe0f4ee498fb1c2fc1de8b6/videos/v0/20160625/a5/bf/8de9bb946972a88589d1667862292130.f4v?qyid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&qypid=2012][StatusCode: 200][Content-Type: text/plain][Server: nginx/1.9.4][User-Agent: HCDNClient_WINPC;libcurl/7.26.0 OpenSSL/1.0.1g zlib/1.2.5;QK/10.0.0.293][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete nginx server 1.9.4][PLAIN TEXT (GET /2efc)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,33,0,0,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 21 TCP 192.168.115.8:50777 <-> 111.206.22.77:80 [proto: 7.54/HTTP.PPStream][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/1186 bytes <-> 1 pkts/194 bytes][Goodput ratio: 95/72][0.09 sec][Hostname/SNI: msg.iqiyi.com][URL: msg.iqiyi.com/b?pf=201&p=11&p1=114&ap=0&source1=list&source2=online_l&t=11&ct=pc__ad_play&album_id=180932301&c1=479531000&clt=homedl&cn=160505-%E6%AD%A3%E7%89%87%EF%BC%9A%E9%83%91%E6%81%BA%E6%AC%A7%E5%B7%B4%E4%BA%8C%E6%AC%A1%E5%BD%92%E6%9D%A5%E5%8F%8D%E9%][StatusCode: 200][Content-Type: text/html][Server: nginx/1.8.0][User-Agent: Qiyi List Client PC 5.2.15.2240][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete nginx server 1.8.0][PLAIN TEXT (GET /b)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0] - 22 TCP 192.168.115.8:50494 <-> 223.26.106.66:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Download/7][2 pkts/887 bytes <-> 1 pkts/443 bytes][Goodput ratio: 88/88][2.24 sec][Hostname/SNI: 223.26.106.66][URL: 223.26.106.66/videos/v0/20160625/a5/bf/8de9bb946972a88589d1667862292130.f4vcrc?key=07eef1821e2379d3136ffe16082185ba2&src=iqiyi.com&qyid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&qypid=2012&uuid=76a3085a-57760844-8b][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: HCDNClient_WINPC;libcurl/7.26.0 OpenSSL/1.0.1g zlib/1.2.5;QK/10.0.0.293][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Binary file/data transfer (attempt) **][Risk Score: 60][Risk Info: Found host 223.26.106.66 / Found binary mime octet-stream][PLAIN TEXT (GET /videos/v)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,33,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 23 TCP 192.168.115.8:50497 <-> 123.125.112.49:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1004 bytes <-> 2 pkts/301 bytes][Goodput ratio: 95/62][0.10 sec][Hostname/SNI: click.hm.baidu.com][URL: click.hm.baidu.com/mkt.gif?ai=8452891900c903ae7a876447923a5aec&et=0][StatusCode: 204][Content-Type: image/gif][Server: apache][User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)/QY-Player-Windows/2.0.102][PLAIN TEXT (GET /mkt.gif)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 22 TCP 192.168.115.8:50494 <-> 223.26.106.66:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Download/7][2 pkts/887 bytes <-> 1 pkts/443 bytes][Goodput ratio: 88/88][2.24 sec][Hostname/SNI: 223.26.106.66][URL: 223.26.106.66/videos/v0/20160625/a5/bf/8de9bb946972a88589d1667862292130.f4vcrc?key=07eef1821e2379d3136ffe16082185ba2&src=iqiyi.com&qyid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&qypid=2012&uuid=76a3085a-57760844-8b][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: HCDNClient_WINPC;libcurl/7.26.0 OpenSSL/1.0.1g zlib/1.2.5;QK/10.0.0.293][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Binary file/data transfer (attempt) **][Risk Score: 110][Risk Info: Entropy: 5.536 (Executable) / Found host 223.26.106.66 / Found binary mime octet-stream][PLAIN TEXT (GET /videos/v)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,33,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 23 TCP 192.168.115.8:50497 <-> 123.125.112.49:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1004 bytes <-> 2 pkts/301 bytes][Goodput ratio: 95/62][0.10 sec][Hostname/SNI: click.hm.baidu.com][URL: click.hm.baidu.com/mkt.gif?ai=8452891900c903ae7a876447923a5aec&et=0][StatusCode: 204][Content-Type: image/gif][Server: apache][User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)/QY-Player-Windows/2.0.102][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.511 (Executable)][PLAIN TEXT (GET /mkt.gif)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 24 TCP 192.168.115.8:50499 <-> 111.206.22.76:80 [proto: 7.54/HTTP.PPStream][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/1097 bytes <-> 1 pkts/199 bytes][Goodput ratio: 95/73][0.78 sec][Hostname/SNI: msg.iqiyi.com][URL: msg.iqiyi.com/b?t=5&pf=201&p=11&p1=114&rn=1467353167221&a=34&clt=tvg2015_baikeB_comment_show&type=pc&ref=noref&url=http%3A//vodguide.pps.iqiyi.com/page.php%3Fversion%3D5.2.15.2240%23class%3D200003719%2524%2524%2524%2524180932301%26entityid%3D479531000%26b][StatusCode: 200][Content-Type: text/html][Server: nginx/1.8.0][User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete nginx server 1.8.0][PLAIN TEXT (GET /b)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 25 TCP 192.168.115.8:50474 <-> 202.108.14.221:80 [proto: 7.54/HTTP.PPStream][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/1100 bytes <-> 1 pkts/194 bytes][Goodput ratio: 95/72][0.05 sec][Hostname/SNI: msg.iqiyi.com][URL: msg.iqiyi.com/b?c1=6&s1=1&macid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&channelid=000&nu=&e=1352528&se=1253811&r=500494600&aduid=d07dfd30f0ee4e48bbcaf1208c758471&ctm=1375211&playsource=001004000&vid=562e26caed5695900212eb3259070f8a&albumid=500494600&ra=2&td=2265][StatusCode: 200][Content-Type: text/html][Server: nginx/1.4.7][User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CIBA; Alexa Toolbar; Zune 4.7)][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete nginx server 1.4.7][PLAIN TEXT (GET /b)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 26 TCP 192.168.115.8:50507 <-> 223.26.106.19:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Download/7][1 pkts/212 bytes <-> 1 pkts/1063 bytes][Goodput ratio: 74/95][0.00 sec][Hostname/SNI: static.qiyi.com][URL: static.qiyi.com/ext/common/qisu2/downloadhelper.ini][StatusCode: 200][Content-Type: application/octet-stream][Server: QWS][User-Agent: DownloadHelper_runxx][Risk: ** Binary file/data transfer (attempt) **][Risk Score: 50][Risk Info: Found binary mime octet-stream][PLAIN TEXT (GET /ext/common/qisu2/downloadh)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 26 TCP 192.168.115.8:50507 <-> 223.26.106.19:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Download/7][1 pkts/212 bytes <-> 1 pkts/1063 bytes][Goodput ratio: 74/95][0.00 sec][Hostname/SNI: static.qiyi.com][URL: static.qiyi.com/ext/common/qisu2/downloadhelper.ini][StatusCode: 200][Content-Type: application/octet-stream][Server: QWS][User-Agent: DownloadHelper_runxx][Risk: ** Susp Entropy **** Binary file/data transfer (attempt) **][Risk Score: 100][Risk Info: Entropy: 4.993 (Executable) / Found binary mime octet-stream][PLAIN TEXT (GET /ext/common/qisu2/downloadh)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 27 TCP 192.168.115.8:50485 <-> 202.108.14.236:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/947 bytes <-> 1 pkts/199 bytes][Goodput ratio: 94/73][0.16 sec][Hostname/SNI: msg.71.am][URL: msg.71.am/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:23:23|45&av=4.10.004&b=180932301&c=31&ct=5000000927558&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000858874&oi=&p=a&pp=&rc=&rd=&][StatusCode: 200][Content-Type: image/gif][Server: nginx/1.8.0][User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)/QY-Player-Windows/2.0.102][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete nginx server 1.8.0][PLAIN TEXT (GET /cp)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 28 TCP 192.168.115.8:50502 <-> 202.108.14.236:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/947 bytes <-> 1 pkts/199 bytes][Goodput ratio: 94/73][0.09 sec][Hostname/SNI: msg.71.am][URL: msg.71.am/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:45:23|45&av=4.10.004&b=180932301&c=31&ct=5000000923447&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000854934&oi=&p=a&pp=&rc=&rd=&][StatusCode: 200][Content-Type: image/gif][Server: nginx/1.8.0][User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)/QY-Player-Windows/2.0.102][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete nginx server 1.8.0][PLAIN TEXT (GET /cp)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 29 TCP 192.168.115.8:50493 <-> 202.108.14.236:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/946 bytes <-> 1 pkts/199 bytes][Goodput ratio: 94/73][0.06 sec][Hostname/SNI: msg.71.am][URL: msg.71.am/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:23:23|45&av=4.10.004&b=180932301&c=31&ct=5000000927558&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000858874&oi=&p=a&pp=&rc=&rd=&][StatusCode: 200][Content-Type: image/gif][Server: nginx/1.8.0][User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)/QY-Player-Windows/2.0.102][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete nginx server 1.8.0][PLAIN TEXT (GET /cp)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 30 TCP 192.168.115.8:50771 <-> 202.108.14.236:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/946 bytes <-> 1 pkts/199 bytes][Goodput ratio: 94/73][0.10 sec][Hostname/SNI: msg.71.am][URL: msg.71.am/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:45:23|45&av=4.10.004&b=180932301&c=31&ct=5000000923447&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000854934&oi=&p=a&pp=&rc=&rd=&][StatusCode: 200][Content-Type: image/gif][Server: nginx/1.8.0][User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)/QY-Player-Windows/2.0.102][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete nginx server 1.8.0][PLAIN TEXT (GET /cp)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 31 TCP 192.168.115.8:50473 <-> 202.108.14.219:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/944 bytes <-> 1 pkts/199 bytes][Goodput ratio: 94/73][0.18 sec][Hostname/SNI: msg.71.am][URL: msg.71.am/core?t=1&reset=0&vfrmtp=1&tm1=&tm2=0&tm21=0&tm22=0&tm23=0&tm24=0&tm3=117&tm31=0&tm32=47&tm33=78&tm34=1&tm4=137&tm41=0&tm42=16&tm43=125&tm44=2&tm5=165&tm51=0&tm52=0&tm53=0&tm54=10&tm6=&tm62=0&tm63=0&tm7=0&tm71=0&tm72=0&tm73=0&tm8=0&tm81=0&tm82=0&][StatusCode: 200][Content-Type: text/html][Server: nginx/1.4.7][User-Agent: QY-Player-Windows/2.0.102][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete nginx server 1.4.7][PLAIN TEXT (GET /core)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 32 TCP 192.168.115.8:50475 <-> 202.108.14.236:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/941 bytes <-> 1 pkts/199 bytes][Goodput ratio: 94/73][0.06 sec][Hostname/SNI: msg.71.am][URL: msg.71.am/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:2:1|2&av=4.10.004&b=204076701&c=6&ct=5000000926795&d=158&di=&dp=71000001&e=512ab77de7f67d49f24d3511778220d0&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000856344&oi=&p=a&pp=&rc=&rd=&ri=&s][StatusCode: 200][Content-Type: image/gif][Server: nginx/1.8.0][User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)/QY-Player-Windows/2.0.102][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete nginx server 1.8.0][PLAIN TEXT (GET /cp)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 33 TCP 192.168.115.8:50500 <-> 23.41.133.163:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/289 bytes <-> 1 pkts/839 bytes][Goodput ratio: 81/93][0.00 sec][Hostname/SNI: s1.symcb.com][URL: s1.symcb.com/pca3-g5.crl][StatusCode: 200][Content-Type: application/pkix-crl][Server: Apache][User-Agent: Microsoft-CryptoAPI/6.1][PLAIN TEXT (GET /pca3)][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 33 TCP 192.168.115.8:50500 <-> 23.41.133.163:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/289 bytes <-> 1 pkts/839 bytes][Goodput ratio: 81/93][0.00 sec][Hostname/SNI: s1.symcb.com][URL: s1.symcb.com/pca3-g5.crl][StatusCode: 200][Content-Type: application/pkix-crl][Server: Apache][User-Agent: Microsoft-CryptoAPI/6.1][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.413 (Executable)][PLAIN TEXT (GET /pca3)][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 34 TCP 192.168.115.8:50773 <-> 202.108.14.221:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/919 bytes <-> 1 pkts/199 bytes][Goodput ratio: 94/73][0.10 sec][Hostname/SNI: msg.71.am][URL: msg.71.am/core?t=1&reset=0&vfrmtp=1&tm1=&tm2=0&tm21=0&tm22=0&tm23=0&tm24=0&tm3=209&tm31=94&tm32=31&tm33=78&tm34=1&tm4=176&tm41=47&tm42=16&tm43=78&tm44=7&tm5=328&tm51=0&tm52=0&tm53=0&tm54=63&tm6=&tm62=0&tm63=0&tm7=0&tm71=0&tm72=0&tm73=0&tm8=0&tm81=0&tm82=0][StatusCode: 200][Content-Type: text/html][Server: nginx/1.4.7][User-Agent: QY-Player-Windows/2.0.102][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete nginx server 1.4.7][PLAIN TEXT (GET /core)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 35 TCP 192.168.115.8:50466 <-> 203.66.182.24:80 [proto: 7.63/HTTP.OCSP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/280 bytes <-> 1 pkts/813 bytes][Goodput ratio: 80/93][0.00 sec][Hostname/SNI: clients1.google.com][URL: clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih%2BZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCEYrFXkq2ugz][StatusCode: 200][Content-Type: application/ocsp-response][Server: ocsp_responder][User-Agent: Microsoft-CryptoAPI/6.1][PLAIN TEXT (GET /ocsp/MEkwRzBFMEMwQ)][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 35 TCP 192.168.115.8:50466 <-> 203.66.182.24:80 [proto: 7.63/HTTP.OCSP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/280 bytes <-> 1 pkts/813 bytes][Goodput ratio: 80/93][0.00 sec][Hostname/SNI: clients1.google.com][URL: clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih%2BZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCEYrFXkq2ugz][StatusCode: 200][Content-Type: application/ocsp-response][Server: ocsp_responder][User-Agent: Microsoft-CryptoAPI/6.1][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.657 (Executable)][PLAIN TEXT (GET /ocsp/MEkwRzBFMEMwQ)][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 36 UDP 192.168.5.50:52529 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][6 pkts/1074 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][15.01 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2999/0 3001/0 3005/0 2/0][Pkt Len c2s/s2c min/avg/max/stddev: 179/0 179/0 179/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 37 UDP 192.168.5.28:60023 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][6 pkts/1050 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][15.02 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 3000/0 3004/0 3014/0 5/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 38 UDP 192.168.5.57:59648 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][6 pkts/1050 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][15.04 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2999/0 3008/0 3038/0 15/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 39 TCP 192.168.115.8:50504 -> 202.108.14.236:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Streaming/17][1 pkts/946 bytes -> 0 pkts/0 bytes][Goodput ratio: 94/0][< 1 sec][Hostname/SNI: msg.71.am][URL: msg.71.am/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:45:23|45&av=4.10.004&b=180932301&c=31&ct=5000000923447&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000854934&oi=&p=a&pp=&rc=&rd=&][User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)/QY-Player-Windows/2.0.102][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (GET /cp)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 40 TCP 192.168.115.8:50769 <-> 101.227.200.11:80 [proto: 7.54/HTTP.PPStream][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/291 bytes][Goodput ratio: 91/81][0.03 sec][Hostname/SNI: api.cupid.iqiyi.com][URL: api.cupid.iqiyi.com/ccs][StatusCode: 200][Content-Type: text/json][Server: nginx/1.8.0][User-Agent: CookieClear_runxx][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete nginx server 1.8.0][PLAIN TEXT (GET /ccs HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 41 TCP 192.168.115.8:50498 <-> 36.110.220.15:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/694 bytes <-> 1 pkts/199 bytes][Goodput ratio: 92/73][0.09 sec][Hostname/SNI: msg.video.qiyi.com][URL: msg.video.qiyi.com/tmpstats.gif?type=recctplay20121226&usract=show&ppuid=-1&uid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&event_id=4b0868920b0f8285320a9e00ee0369e5&cid=31&bkt=pps_c_zebra_main_default&area=pps_c_zebra&platform=2012&albumlist=470694500,471591300,465][StatusCode: 200][Content-Type: image/gif][Server: nginx/1.8.0][User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete nginx server 1.8.0][PLAIN TEXT (GET /tmpstats.gif)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 41 TCP 192.168.115.8:50498 <-> 36.110.220.15:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/694 bytes <-> 1 pkts/199 bytes][Goodput ratio: 92/73][0.09 sec][Hostname/SNI: msg.video.qiyi.com][URL: msg.video.qiyi.com/tmpstats.gif?type=recctplay20121226&usract=show&ppuid=-1&uid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&event_id=4b0868920b0f8285320a9e00ee0369e5&cid=31&bkt=pps_c_zebra_main_default&area=pps_c_zebra&platform=2012&albumlist=470694500,471591300,465][StatusCode: 200][Content-Type: image/gif][Server: nginx/1.8.0][User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)][Risk: ** Susp Entropy **** HTTP Obsolete Server **][Risk Score: 100][Risk Info: Entropy: 5.509 (Executable) / Obsolete nginx server 1.8.0][PLAIN TEXT (GET /tmpstats.gif)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 42 TCP 192.168.115.8:50503 <-> 202.108.14.219:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/683 bytes <-> 1 pkts/199 bytes][Goodput ratio: 92/73][0.06 sec][Hostname/SNI: msg.71.am][URL: msg.71.am/core?t=2&chipid=Intel%28R%29%20Core%28TM%29%20i5%2D2557M%20CPU%20%40%201%2E70GHz&tm=30&ra=1&ishcdn=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E][StatusCode: 200][Content-Type: text/html][Server: nginx/1.4.7][User-Agent: QY-Player-Windows/2.0.102][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete nginx server 1.4.7][PLAIN TEXT (GET /core)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 43 UDP 192.168.5.41:50374 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][5 pkts/875 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][12.04 sec][Hostname/SNI: 239.255.255.250:1900][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 44 TCP 192.168.115.8:50490 <-> 119.188.13.188:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/357 bytes <-> 1 pkts/479 bytes][Goodput ratio: 85/89][0.04 sec][Hostname/SNI: pdata.video.qiyi.com][URL: pdata.video.qiyi.com/2efc8cd5fbe0f4ee498fb1c2fc1de8b6/videos/v0/20160625/a5/bf/8de9bb946972a88589d1667862292130.f4v?&tn=137719][StatusCode: 200][Content-Type: text/plain][Server: nginx/1.9.4][User-Agent: QY-Player-Windows/2.0.102][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete nginx server 1.9.4][PLAIN TEXT (GET /2efc)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -87,21 +87,21 @@ Unrated 618 227656 29 47 TCP 192.168.115.8:50477 <-> 202.108.14.219:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/614 bytes <-> 1 pkts/199 bytes][Goodput ratio: 91/73][0.17 sec][Hostname/SNI: msg.71.am][URL: msg.71.am/core?t=11&ct=adend&reset=0&ra=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353140&islocal=0&as=d19f64047b641cd6ff096b04][StatusCode: 200][Content-Type: text/html][Server: nginx/1.4.7][User-Agent: QY-Player-Windows/2.0.102][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete nginx server 1.4.7][PLAIN TEXT (GET /core)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 48 TCP 192.168.115.8:50774 <-> 202.108.14.219:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/587 bytes <-> 1 pkts/199 bytes][Goodput ratio: 91/73][0.13 sec][Hostname/SNI: msg.71.am][URL: msg.71.am/core?t=11&ct=adend&reset=0&ra=1&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=31&r=479531000&aid=180932301&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=Windows%207&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353195&islocal=0&as=0311c5a0d5596063db5][StatusCode: 200][Content-Type: text/html][Server: nginx/1.4.7][User-Agent: QY-Player-Windows/2.0.102][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete nginx server 1.4.7][PLAIN TEXT (GET /core)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 49 TCP 192.168.115.8:50469 <-> 202.108.14.219:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/573 bytes <-> 1 pkts/199 bytes][Goodput ratio: 90/73][0.15 sec][Hostname/SNI: msg.71.am][URL: msg.71.am/core?t=5&a=2&ra=1&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=31&r=479531000&aid=180932301&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=Windows%207&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353139&islocal=0&as=0311c5a0d5596063db5944bd76b6cbff&][StatusCode: 200][Content-Type: text/html][Server: nginx/1.4.7][User-Agent: QY-Player-Windows/2.0.102][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete nginx server 1.4.7][PLAIN TEXT (GET /core)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 50 TCP 192.168.115.8:50482 <-> 140.205.243.64:80 [proto: 7/HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/444 bytes <-> 1 pkts/283 bytes][Goodput ratio: 88/81][0.09 sec][Hostname/SNI: cmc.tanx.com][URL: cmc.tanx.com/andc?andc_uid=6693851615885049011&andc_ver=1][StatusCode: 200][Content-Type: image/gif][Server: Tengine][User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)][PLAIN TEXT (GET /andc)][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 51 TCP 192.168.115.8:50768 <-> 223.26.106.19:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Download/7][1 pkts/198 bytes <-> 1 pkts/526 bytes][Goodput ratio: 72/90][0.00 sec][Hostname/SNI: static.qiyi.com][URL: static.qiyi.com/ext/common/qisu2/masblog.ini][StatusCode: 200][Content-Type: application/octet-stream][Server: QWS][User-Agent: masblog_runxx][Risk: ** Binary file/data transfer (attempt) **][Risk Score: 50][Risk Info: Found binary mime octet-stream][PLAIN TEXT (GET /ext/common/qisu2/masblog.i)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 50 TCP 192.168.115.8:50482 <-> 140.205.243.64:80 [proto: 7/HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/444 bytes <-> 1 pkts/283 bytes][Goodput ratio: 88/81][0.09 sec][Hostname/SNI: cmc.tanx.com][URL: cmc.tanx.com/andc?andc_uid=6693851615885049011&andc_ver=1][StatusCode: 200][Content-Type: image/gif][Server: Tengine][User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.483 (Executable)][PLAIN TEXT (GET /andc)][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 51 TCP 192.168.115.8:50768 <-> 223.26.106.19:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Download/7][1 pkts/198 bytes <-> 1 pkts/526 bytes][Goodput ratio: 72/90][0.00 sec][Hostname/SNI: static.qiyi.com][URL: static.qiyi.com/ext/common/qisu2/masblog.ini][StatusCode: 200][Content-Type: application/octet-stream][Server: QWS][User-Agent: masblog_runxx][Risk: ** Susp Entropy **** Binary file/data transfer (attempt) **][Risk Score: 100][Risk Info: Entropy: 4.973 (Executable) / Found binary mime octet-stream][PLAIN TEXT (GET /ext/common/qisu2/masblog.i)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 52 TCP 192.168.5.15:65128 <-> 68.233.253.133:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/331 bytes <-> 1 pkts/390 bytes][Goodput ratio: 80/83][0.22 sec][Hostname/SNI: api.magicansoft.com][URL: api.magicansoft.com/comMagicanApi/composite/app.php/Global/Index/ip][StatusCode: 502][Content-Type: text/html][Server: MServer 1.2.2][User-Agent: Magican (unknown version) CFNetwork/720.5.7 Darwin/14.5.0 (x86_64)][Risk: ** Error Code **][Risk Score: 10][Risk Info: HTTP Error Code 502][PLAIN TEXT (GET /comMagicanApi/composite/ap)][Plen Bins: 0,0,0,0,0,0,0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 53 TCP 192.168.115.8:50509 <-> 106.38.219.107:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/163 bytes <-> 2 pkts/557 bytes][Goodput ratio: 66/80][0.09 sec][Hostname/SNI: iplocation.geo.qiyi.com][URL: iplocation.geo.qiyi.com/cityjson][StatusCode: 200][Content-Type: charset=utf-8][Server: openresty][User-Agent: QYAgent_runxx][PLAIN TEXT (GET /cityjson HTTP/1.1)][Plen Bins: 33,0,0,33,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 54 TCP 192.168.5.15:65127 <-> 68.233.253.133:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/323 bytes <-> 1 pkts/390 bytes][Goodput ratio: 79/83][0.21 sec][Hostname/SNI: api.magicansoft.com][URL: api.magicansoft.com/comMagicanApi/index.php/ToolBox/version][StatusCode: 502][Content-Type: text/html][Server: MServer 1.2.2][User-Agent: Magican (unknown version) CFNetwork/720.5.7 Darwin/14.5.0 (x86_64)][Risk: ** Error Code **][Risk Score: 10][Risk Info: HTTP Error Code 502][PLAIN TEXT (GET /comMagicanApi/index.php/To)][Plen Bins: 0,0,0,0,0,0,0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 55 TCP 192.168.115.8:50766 <-> 223.26.106.20:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Download/7][1 pkts/198 bytes <-> 1 pkts/493 bytes][Goodput ratio: 72/89][0.00 sec][Hostname/SNI: static.qiyi.com][URL: static.qiyi.com/ext/common/qisu2/masflag.ini][StatusCode: 200][Content-Type: application/octet-stream][Server: QWS][User-Agent: masflag_runxx][Risk: ** Binary file/data transfer (attempt) **][Risk Score: 50][Risk Info: Found binary mime octet-stream][PLAIN TEXT (GET /ext/common/qisu2/masflag.i)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 55 TCP 192.168.115.8:50766 <-> 223.26.106.20:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Download/7][1 pkts/198 bytes <-> 1 pkts/493 bytes][Goodput ratio: 72/89][0.00 sec][Hostname/SNI: static.qiyi.com][URL: static.qiyi.com/ext/common/qisu2/masflag.ini][StatusCode: 200][Content-Type: application/octet-stream][Server: QWS][User-Agent: masflag_runxx][Risk: ** Susp Entropy **** Binary file/data transfer (attempt) **][Risk Score: 100][Risk Info: Entropy: 4.981 (Executable) / Found binary mime octet-stream][PLAIN TEXT (GET /ext/common/qisu2/masflag.i)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 56 TCP 192.168.115.8:50487 -> 202.108.14.219:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Streaming/17][1 pkts/683 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][Hostname/SNI: msg.71.am][URL: msg.71.am/core?t=2&chipid=Intel%28R%29%20Core%28TM%29%20i5%2D2557M%20CPU%20%40%201%2E70GHz&tm=15&ra=1&ishcdn=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E][User-Agent: QY-Player-Windows/2.0.102][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (GET /core)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 57 TCP 192.168.115.8:50489 <-> 119.188.13.188:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/253 bytes <-> 1 pkts/430 bytes][Goodput ratio: 78/87][0.04 sec][Hostname/SNI: pdata.video.qiyi.com][URL: pdata.video.qiyi.com/k][StatusCode: 200][Content-Type: text/html][Server: nginx/1.9.4][User-Agent: QY-Player-Windows/2.0.102][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete nginx server 1.9.4][PLAIN TEXT (GET /k HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 58 TCP 192.168.115.8:50772 <-> 123.125.111.70:80 [proto: 7.54/HTTP.PPStream][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/399 bytes <-> 1 pkts/275 bytes][Goodput ratio: 86/80][0.14 sec][Hostname/SNI: nl.rcd.iqiyi.com][URL: nl.rcd.iqiyi.com/apis/urc/setrc?ckuid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&tvId=479531000&videoPlayTime=-1&addtime=1467353195&terminalId=12&vType=0&com=2&ppsTvidType=2&agent_type=30][StatusCode: 200][Content-Type: text/plain][Server: Tengine][User-Agent: Qiyi List Client PC 5.2.15.2240][PLAIN TEXT (GET /apis/urc/setrc)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 59 TCP 192.168.115.8:50775 <-> 123.125.111.70:80 [proto: 7.54/HTTP.PPStream][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/399 bytes <-> 1 pkts/275 bytes][Goodput ratio: 86/80][3.07 sec][Hostname/SNI: nl.rcd.iqiyi.com][URL: nl.rcd.iqiyi.com/apis/urc/setrc?ckuid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&tvId=479531000&videoPlayTime=-1&addtime=1467353195&terminalId=12&vType=0&com=2&ppsTvidType=2&agent_type=30][StatusCode: 200][Content-Type: text/plain][Server: Tengine][User-Agent: Qiyi List Client PC 5.2.15.2240][PLAIN TEXT (GET /apis/urc/setrc)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 60 TCP 192.168.115.8:50470 <-> 202.108.14.236:80 [proto: 7.54/HTTP.PPStream][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/424 bytes <-> 1 pkts/194 bytes][Goodput ratio: 87/72][0.11 sec][Hostname/SNI: msg.iqiyi.com][URL: msg.iqiyi.com/b?t=5&pf=201&p=11&p1=114&a=34&ct=onclick&type=pc&as=&clt=pc_play_player_click&mv=5.2.15.2240&pu=&rn=0FE172EC44C44B86AEEDE54AA00541C457406&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=2.0.102.30147][StatusCode: 200][Content-Type: text/html][Server: nginx/1.8.0][User-Agent: Qiyi List Client PC 5.2.15.2240][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete nginx server 1.8.0][PLAIN TEXT (GET /b)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 61 TCP 192.168.115.8:50508 <-> 223.26.106.19:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Download/7][1 pkts/198 bytes <-> 1 pkts/420 bytes][Goodput ratio: 72/87][0.00 sec][Hostname/SNI: static.qiyi.com][URL: static.qiyi.com/ext/common/qisu2/QYAgent.ini][StatusCode: 200][Content-Type: application/octet-stream][Server: QWS][User-Agent: QYAgent_runxx][Risk: ** Binary file/data transfer (attempt) **][Risk Score: 50][Risk Info: Found binary mime octet-stream][PLAIN TEXT (GET /ext/common/qisu2/Q)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 61 TCP 192.168.115.8:50508 <-> 223.26.106.19:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Download/7][1 pkts/198 bytes <-> 1 pkts/420 bytes][Goodput ratio: 72/87][0.00 sec][Hostname/SNI: static.qiyi.com][URL: static.qiyi.com/ext/common/qisu2/QYAgent.ini][StatusCode: 200][Content-Type: application/octet-stream][Server: QWS][User-Agent: QYAgent_runxx][Risk: ** Susp Entropy **** Binary file/data transfer (attempt) **][Risk Score: 100][Risk Info: Entropy: 4.977 (Executable) / Found binary mime octet-stream][PLAIN TEXT (GET /ext/common/qisu2/Q)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 62 TCP 192.168.115.8:50483 <-> 202.108.14.219:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/417 bytes <-> 1 pkts/199 bytes][Goodput ratio: 87/73][0.09 sec][Hostname/SNI: msg.71.am][URL: msg.71.am/core?t=1503291&type=vs&uuid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&area=OVERSEA|TW_HiNet&from=BS_High&to=BS_Standard&player_switch_bs_time=41714&average_download_speed_=158515.200000][StatusCode: 200][Content-Type: text/html][Server: nginx/1.4.7][User-Agent: QY-Player-Windows/2.0.102][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete nginx server 1.4.7][PLAIN TEXT (GET /core)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 63 TCP 192.168.115.8:50776 <-> 111.206.22.77:80 [proto: 7.54/HTTP.PPStream][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/394 bytes <-> 1 pkts/194 bytes][Goodput ratio: 86/72][0.09 sec][Hostname/SNI: msg.iqiyi.com][URL: msg.iqiyi.com/b?t=11&pf=201&p=11&p1=114&s1=0&ct=140819_adsyn&adsyn=1&brinfo=IE_IE9_9.0.8112.16421_1&os=Windows%207&rn=19252&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=5.2.15.2240][StatusCode: 200][Content-Type: text/html][Server: nginx/1.8.0][User-Agent: Qiyi List Client PC 5.2.15.2240][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete nginx server 1.8.0][PLAIN TEXT (GET /b)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 64 TCP 192.168.115.8:50765 <-> 36.110.220.15:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/264 bytes <-> 1 pkts/199 bytes][Goodput ratio: 79/73][0.07 sec][Hostname/SNI: msg.video.qiyi.com][URL: msg.video.qiyi.com/tmpstats.gif?method=qiubiter&os=windows-6.1.7601_sp1&uuid=350C3F1AC75D40bc90D602DA4E67A72D&softversion=1.0.0.1&source=pps&tasktype=gettaskinfo][StatusCode: 200][Content-Type: image/gif][Server: nginx/1.8.0][User-Agent: QIYiAngent][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete nginx server 1.8.0][PLAIN TEXT (GET /tmpstats.gif)][Plen Bins: 0,0,0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 64 TCP 192.168.115.8:50765 <-> 36.110.220.15:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/264 bytes <-> 1 pkts/199 bytes][Goodput ratio: 79/73][0.07 sec][Hostname/SNI: msg.video.qiyi.com][URL: msg.video.qiyi.com/tmpstats.gif?method=qiubiter&os=windows-6.1.7601_sp1&uuid=350C3F1AC75D40bc90D602DA4E67A72D&softversion=1.0.0.1&source=pps&tasktype=gettaskinfo][StatusCode: 200][Content-Type: image/gif][Server: nginx/1.8.0][User-Agent: QIYiAngent][Risk: ** Susp Entropy **** HTTP Obsolete Server **][Risk Score: 100][Risk Info: Entropy: 5.375 (Executable) / Obsolete nginx server 1.8.0][PLAIN TEXT (GET /tmpstats.gif)][Plen Bins: 0,0,0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 65 TCP 202.108.14.219:80 -> 192.168.115.8:50295 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/398 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][0.07 sec][StatusCode: 200][Content-Type: text/html][Server: nginx/1.4.7][Risk: ** HTTP Susp User-Agent **** Unidirectional Traffic **** HTTP Obsolete Server **][Risk Score: 160][Risk Info: No client to server traffic / Obsolete nginx server 1.4.7 / Empty or missing User-Agent][PLAIN TEXT (HTTP/1.1 200 OK)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 66 UDP 192.168.5.48:63930 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][2 pkts/358 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][3.00 sec][Hostname/SNI: 239.255.255.250:1900][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 67 TCP 117.79.81.135:80 -> 192.168.115.8:50443 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/347 bytes -> 0 pkts/0 bytes][Goodput ratio: 84/0][< 1 sec][StatusCode: 302][Server: nginx][Risk: ** HTTP Susp User-Agent **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No client to server traffic / Empty or missing User-Agent][PLAIN TEXT (HTTP/1.1 302 Found)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -120,13 +120,13 @@ Unrated 618 227656 29 Undetected flows: 1 UDP 192.168.115.8:22793 <-> 114.42.0.158:7716 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 12][229 pkts/18091 bytes <-> 109 pkts/120663 bytes][Goodput ratio: 47/96][0.54 sec][bytes ratio: -0.739 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/4 30/32 5/7][Pkt Len c2s/s2c min/avg/max/stddev: 79/1107 79/1107 79/1107 0/0][PLAIN TEXT (66666662)][Plen Bins: 0,67,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 2 UDP 118.171.15.56:5544 <-> 192.168.115.8:22793 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 12][30 pkts/33210 bytes <-> 71 pkts/5609 bytes][Goodput ratio: 96/47][0.55 sec][bytes ratio: 0.711 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/0 17/7 25/25 7/9][Pkt Len c2s/s2c min/avg/max/stddev: 1107/79 1107/79 1107/79 0/0][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy 7.73][PLAIN TEXT (YYYYYYY)][Plen Bins: 0,70,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,29,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 3 UDP 1.173.5.226:22636 <-> 192.168.115.8:22793 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 12][12 pkts/13284 bytes <-> 26 pkts/2054 bytes][Goodput ratio: 96/47][0.04 sec][bytes ratio: 0.732 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 2/1 11/11 3/2][Pkt Len c2s/s2c min/avg/max/stddev: 1107/79 1107/79 1107/79 0/0][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy 7.82][PLAIN TEXT (lllllllh)][Plen Bins: 0,68,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 UDP 118.171.15.56:5544 <-> 192.168.115.8:22793 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 12][30 pkts/33210 bytes <-> 71 pkts/5609 bytes][Goodput ratio: 96/47][0.55 sec][bytes ratio: 0.711 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/0 17/7 25/25 7/9][Pkt Len c2s/s2c min/avg/max/stddev: 1107/79 1107/79 1107/79 0/0][PLAIN TEXT (YYYYYYY)][Plen Bins: 0,70,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,29,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 UDP 1.173.5.226:22636 <-> 192.168.115.8:22793 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 12][12 pkts/13284 bytes <-> 26 pkts/2054 bytes][Goodput ratio: 96/47][0.04 sec][bytes ratio: 0.732 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 2/1 11/11 3/2][Pkt Len c2s/s2c min/avg/max/stddev: 1107/79 1107/79 1107/79 0/0][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 7.822 (Encrypted or Random)][PLAIN TEXT (lllllllh)][Plen Bins: 0,68,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 4 UDP 192.168.115.8:22793 <-> 219.228.107.156:1250 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 12][34 pkts/2686 bytes <-> 11 pkts/12177 bytes][Goodput ratio: 47/96][0.51 sec][bytes ratio: -0.639 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/30 15/46 45/68 18/14][Pkt Len c2s/s2c min/avg/max/stddev: 79/1107 79/1107 79/1107 0/0][PLAIN TEXT (CCCCCCC)][Plen Bins: 0,75,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 5 UDP 192.168.115.8:22793 <-> 222.197.138.12:6956 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 12][30 pkts/2370 bytes <-> 10 pkts/10042 bytes][Goodput ratio: 47/96][0.54 sec][bytes ratio: -0.618 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/12 17/44 71/77 22/23][Pkt Len c2s/s2c min/avg/max/stddev: 79/61 79/1004 79/1125 0/314][PLAIN TEXT (hhhhhhhl)][Plen Bins: 2,75,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 6 UDP 192.168.115.8:22793 <-> 202.198.7.89:16039 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 5][2 pkts/158 bytes <-> 3 pkts/3323 bytes][Goodput ratio: 47/96][0.22 sec][PLAIN TEXT (bTTTUQX)][Plen Bins: 0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 7 UDP 192.168.115.8:22793 -> 1.169.136.116:17951 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 4][4 pkts/512 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][0.00 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (444444)][Plen Bins: 50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 8 UDP 192.168.115.8:22793 -> 114.41.144.153:10492 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 4][4 pkts/512 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][0.00 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (444444)][Plen Bins: 50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 6 UDP 192.168.115.8:22793 <-> 202.198.7.89:16039 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 5][2 pkts/158 bytes <-> 3 pkts/3323 bytes][Goodput ratio: 47/96][0.22 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 7.821 (Encrypted or Random)][PLAIN TEXT (bTTTUQX)][Plen Bins: 0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 7 UDP 192.168.115.8:22793 -> 1.169.136.116:17951 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 4][4 pkts/512 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][0.00 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy: 6.102 (Executable)][PLAIN TEXT (444444)][Plen Bins: 50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 8 UDP 192.168.115.8:22793 -> 114.41.144.153:10492 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 4][4 pkts/512 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][0.00 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy: 6.102 (Executable)][PLAIN TEXT (444444)][Plen Bins: 50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 9 UDP 183.228.182.44:13913 <-> 192.168.115.8:22793 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 3][1 pkts/87 bytes <-> 2 pkts/170 bytes][Goodput ratio: 51/50][< 1 sec][PLAIN TEXT (wsssss)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 10 UDP 192.168.115.8:22793 -> 220.130.154.23:35941 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 2][2 pkts/174 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][0.00 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 11 UDP 192.168.115.8:22793 -> 111.249.53.196:32443 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 2][2 pkts/158 bytes -> 0 pkts/0 bytes][Goodput ratio: 47/0][0.00 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (222222266)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/protonvpn.pcap.out b/tests/cfgs/default/result/protonvpn.pcap.out index 86bbb261fbc..afc5faf8007 100644 --- a/tests/cfgs/default/result/protonvpn.pcap.out +++ b/tests/cfgs/default/result/protonvpn.pcap.out @@ -18,7 +18,7 @@ Automa domain: 1/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) Automa common alpns: 2/2 (search/found) -Patricia risk mask: 2/0 (search/found) +Patricia risk mask: 4/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 1/1 (search/found) Patricia risk IPv6: 0/0 (search/found) diff --git a/tests/cfgs/default/result/quic.pcap.out b/tests/cfgs/default/result/quic.pcap.out index 47296e04607..18e10bcaadf 100644 --- a/tests/cfgs/default/result/quic.pcap.out +++ b/tests/cfgs/default/result/quic.pcap.out @@ -17,7 +17,7 @@ Automa domain: 8/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) Automa common alpns: 0/0 (search/found) -Patricia risk mask: 18/0 (search/found) +Patricia risk mask: 20/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 0/0 (search/found) @@ -41,4 +41,4 @@ Fun 85 76193 5 7 UDP 192.168.1.105:45669 <-> 172.217.16.4:443 [proto: 188.126/QUIC.Google][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][3 pkts/1550 bytes <-> 2 pkts/2784 bytes][Goodput ratio: 92/97][0.16 sec][Hostname/SNI: www.google.com][User-Agent: Chrome/49.0.2623.87 Linux x86_64][QUIC ver: Q025][PLAIN TEXT (www.google.comO)][Plen Bins: 0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0] 8 UDP 192.168.1.105:48445 <-> 216.58.214.110:443 [proto: 188.124/QUIC.YouTube][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 1][cat: Media/1][2 pkts/1471 bytes <-> 1 pkts/1392 bytes][Goodput ratio: 94/97][0.10 sec][Hostname/SNI: i.ytimg.com][User-Agent: Chrome/49.0.2623.87 Linux x86_64][QUIC ver: Q025][PLAIN TEXT (i.ytimg.com)][Plen Bins: 0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0] 9 UDP 192.168.1.105:53817 <-> 216.58.210.225:443 [proto: 188.124/QUIC.YouTube][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 1][cat: Media/1][1 pkts/1392 bytes <-> 1 pkts/1392 bytes][Goodput ratio: 97/97][0.08 sec][Hostname/SNI: yt3.ggpht.com][User-Agent: Chrome/49.0.2623.87 Linux x86_64][QUIC ver: Q025][PLAIN TEXT (yt3.ggpht.com)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] - 10 UDP 192.168.1.105:40461 <-> 172.217.16.3:443 [proto: 188/QUIC][IP: 126/Google][Encrypted][Confidence: Match by port][DPI packets: 3][cat: Web/5][2 pkts/241 bytes <-> 1 pkts/123 bytes][Goodput ratio: 65/65][0.09 sec][Plen Bins: 0,33,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 10 UDP 192.168.1.105:40461 <-> 172.217.16.3:443 [proto: 188/QUIC][IP: 126/Google][Encrypted][Confidence: Match by port][DPI packets: 3][cat: Web/5][2 pkts/241 bytes <-> 1 pkts/123 bytes][Goodput ratio: 65/65][0.09 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 6.521 (Executable)][Plen Bins: 0,33,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/quic_interop_V.pcapng.out b/tests/cfgs/default/result/quic_interop_V.pcapng.out index eb32456d600..71ea2c268cc 100644 --- a/tests/cfgs/default/result/quic_interop_V.pcapng.out +++ b/tests/cfgs/default/result/quic_interop_V.pcapng.out @@ -61,7 +61,7 @@ Acceptable 246 242924 77 31 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:38077 -> [2400:8902::f03c:91ff:fe69:a454]:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/2588 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][0.15 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][QUIC ver: Ver-Negotiation][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] 32 ICMPV6 [2001:19f0:4:34::1]:0 -> [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:0 [proto: 102/ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/2588 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][0.06 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] 33 ICMPV6 [2001:19f0:5:c21:5400:1ff:fe33:3b96]:0 -> [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:0 [proto: 102/ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/2588 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][0.17 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (bSuZ88)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] - 34 ICMP 51.158.105.98:0 -> 192.168.1.128:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][3 pkts/1770 bytes -> 0 pkts/0 bytes][Goodput ratio: 93/0][0.20 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy 7.65][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 34 ICMP 51.158.105.98:0 -> 192.168.1.128:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][3 pkts/1770 bytes -> 0 pkts/0 bytes][Goodput ratio: 93/0][0.20 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy: 7.655 (Encrypted or Random)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 35 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:38394 <-> [2600:1f18:2310:d230:5103:7d9e:7d75:374f]:4433 [proto: 188/QUIC][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/113 bytes][Goodput ratio: 95/45][0.14 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][QUIC ver: Ver-Negotiation][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] 36 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:52080 <-> [2600:1f18:2310:d230:5103:7d9e:7d75:374f]:4434 [proto: 188/QUIC][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/113 bytes][Goodput ratio: 95/45][0.13 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][QUIC ver: Ver-Negotiation][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] 37 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:51040 <-> [2604:a880:800:a1::1279:3001]:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/109 bytes][Goodput ratio: 95/43][0.09 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][QUIC ver: Ver-Negotiation][PLAIN TEXT (bOP/lk)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] @@ -80,10 +80,10 @@ Acceptable 246 242924 77 50 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:49270 <-> [2001:bc8:47a4:1c25::1]:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/85 bytes][Goodput ratio: 95/27][0.04 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][QUIC ver: Ver-Negotiation][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] 51 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:51185 <-> [2001:bc8:47a4:1c25::1]:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/85 bytes][Goodput ratio: 95/27][0.03 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][QUIC ver: Ver-Negotiation][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] 52 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:60346 <-> [2001:bc8:47a4:1c25::1]:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/85 bytes][Goodput ratio: 95/27][0.03 sec][QUIC ver: Ver-Negotiation][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] - 53 ICMP 202.238.220.92:0 <-> 192.168.1.128:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/1180 bytes <-> 2 pkts/194 bytes][Goodput ratio: 93/56][0.28 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: No server to client traffic / Entropy 7.60][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 53 ICMP 202.238.220.92:0 <-> 192.168.1.128:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/1180 bytes <-> 2 pkts/194 bytes][Goodput ratio: 93/56][0.28 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: No server to client traffic / Entropy: 7.598 (Encrypted or Random)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 54 UDP 192.168.1.128:34903 <-> 18.189.84.245:443 [proto: 188/QUIC][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/77 bytes][Goodput ratio: 97/45][0.13 sec][QUIC ver: Ver-Negotiation][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0] 55 UDP 192.168.1.128:43475 <-> 18.189.84.245:4433 [proto: 188/QUIC][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1294 bytes <-> 1 pkts/73 bytes][Goodput ratio: 97/42][0.12 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][QUIC ver: Ver-Negotiation][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0] - 56 ICMP 133.242.206.244:0 <-> 192.168.1.128:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/1180 bytes <-> 2 pkts/178 bytes][Goodput ratio: 93/53][0.22 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: No server to client traffic / Entropy 7.61][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 56 ICMP 133.242.206.244:0 <-> 192.168.1.128:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/1180 bytes <-> 2 pkts/178 bytes][Goodput ratio: 93/53][0.22 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: No server to client traffic / Entropy: 7.612 (Encrypted or Random)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 57 UDP 192.168.1.128:41587 -> 131.159.24.198:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][QUIC ver: Ver-Negotiation][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] 58 UDP 192.168.1.128:43735 -> 51.158.105.98:4434 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][QUIC ver: Ver-Negotiation][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] 59 UDP 192.168.1.128:45250 -> 51.158.105.98:4433 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][QUIC ver: Ver-Negotiation][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0] @@ -99,9 +99,9 @@ Acceptable 246 242924 77 69 UDP [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:56073 -> [2604:a880:800:a1::1279:3001]:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][QUIC ver: Ver-Negotiation][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] 70 ICMPV6 [2604:a880:800:a1::1279:3001]:0 -> [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:0 [proto: 102/ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] 71 ICMPV6 [2001:4800:7817:101:be76:4eff:fe04:631d]:0 -> [2001:b07:ac9:d5ae:a4d3:fe47:691e:807d]:0 [proto: 102/ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/1294 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] - 72 ICMP 131.159.24.198:0 -> 192.168.1.128:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/1180 bytes -> 0 pkts/0 bytes][Goodput ratio: 93/0][0.14 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy 7.62][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 73 ICMP 3.121.242.54:0 -> 192.168.1.128:0 [proto: 81/ICMP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/590 bytes -> 0 pkts/0 bytes][Goodput ratio: 93/0][< 1 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy 7.59][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 74 ICMP 18.189.84.245:0 -> 192.168.1.128:0 [proto: 81/ICMP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/590 bytes -> 0 pkts/0 bytes][Goodput ratio: 93/0][< 1 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy 7.56][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 72 ICMP 131.159.24.198:0 -> 192.168.1.128:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/1180 bytes -> 0 pkts/0 bytes][Goodput ratio: 93/0][0.14 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy: 7.619 (Encrypted or Random)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 73 ICMP 3.121.242.54:0 -> 192.168.1.128:0 [proto: 81/ICMP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/590 bytes -> 0 pkts/0 bytes][Goodput ratio: 93/0][< 1 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy: 7.594 (Encrypted or Random)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 74 ICMP 18.189.84.245:0 -> 192.168.1.128:0 [proto: 81/ICMP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/590 bytes -> 0 pkts/0 bytes][Goodput ratio: 93/0][< 1 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy: 7.556 (Encrypted or Random)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 75 ICMP 192.168.1.128:0 -> 140.227.52.92:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][3 pkts/267 bytes -> 0 pkts/0 bytes][Goodput ratio: 53/0][0.17 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 76 ICMP 192.168.1.128:0 -> 40.112.191.60:0 [proto: 81/ICMP][IP: 276/Azure][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/194 bytes -> 0 pkts/0 bytes][Goodput ratio: 56/0][0.14 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 77 ICMP 192.168.1.128:0 -> 138.91.188.147:0 [proto: 81/ICMP][IP: 276/Azure][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/113 bytes -> 0 pkts/0 bytes][Goodput ratio: 62/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/quickplay.pcap.out b/tests/cfgs/default/result/quickplay.pcap.out index d4a3bfce8e1..d96449e7d0f 100644 --- a/tests/cfgs/default/result/quickplay.pcap.out +++ b/tests/cfgs/default/result/quickplay.pcap.out @@ -40,7 +40,7 @@ Fun 18 6521 8 8 TCP 10.54.169.250:52021 <-> 120.28.35.40:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Streaming/17][3 pkts/1506 bytes <-> 1 pkts/1248 bytes][Goodput ratio: 89/95][27.01 sec][Hostname/SNI: vod-singtelhawk.quickplay.com][URL: vod-singtelhawk.quickplay.com/seg/vol1/s/Warner/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192/2015-02-02/STV510R360/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0068.ts][User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; MI 3W Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,75,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0] 9 TCP 10.54.169.250:52007 <-> 120.28.35.40:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Streaming/17][3 pkts/1583 bytes <-> 1 pkts/1152 bytes][Goodput ratio: 89/95][2.46 sec][Hostname/SNI: vod-singtelhawk.quickplay.com][URL: vod-singtelhawk.quickplay.com/seg/vol1/s/Warner/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192/2015-02-02/STV80R192/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV80R192-0002.ts][User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; MI 3W Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0] 10 TCP 10.54.169.250:44256 <-> 120.28.5.41:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Streaming/17][2 pkts/1086 bytes <-> 1 pkts/1225 bytes][Goodput ratio: 90/95][0.64 sec][Hostname/SNI: play-singtelhawk.quickplay.com][URL: play-singtelhawk.quickplay.com/vstb/playlist_5_6241_357.m3u8?action=145&appId=5006&carrierId=23&appVersion=1.0&contentId=6241&contentTypeId=3&deviceName=androidmobile&encodingId=357&drmId=4&drmVersion=1.5&delivery=5&prefLanguage=eng&webvtt=true&userid=091][User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; MI 3W Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36][PLAIN TEXT (GET /vstb/playlist)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0] - 11 TCP 10.54.169.250:56381 <-> 54.179.140.65:80 [proto: 7.287/HTTP.Xiaomi][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/638 bytes <-> 1 pkts/831 bytes][Goodput ratio: 91/93][0.32 sec][Hostname/SNI: api.account.xiaomi.com][URL: api.account.xiaomi.com/pass/v2/safe/user/coreInfo?signature=u%2F73dEXBHbejev0ISNwnGyyfeTw%3D&userId=Mz5Xr5UXKuw83hxd6Yms2w%3D%3D][StatusCode: 200][Req Content-Type: application/x-www-form-urlencoded][Content-Type: application/json][Server: Tengine/2.0.1][User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI/V6.4.2.0.KXDMICB)][PLAIN TEXT (GET /pass/v)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 11 TCP 10.54.169.250:56381 <-> 54.179.140.65:80 [proto: 7.287/HTTP.Xiaomi][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/638 bytes <-> 1 pkts/831 bytes][Goodput ratio: 91/93][0.32 sec][Hostname/SNI: api.account.xiaomi.com][URL: api.account.xiaomi.com/pass/v2/safe/user/coreInfo?signature=u%2F73dEXBHbejev0ISNwnGyyfeTw%3D&userId=Mz5Xr5UXKuw83hxd6Yms2w%3D%3D][StatusCode: 200][Req Content-Type: application/x-www-form-urlencoded][Content-Type: application/json][Server: Tengine/2.0.1][User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI/V6.4.2.0.KXDMICB)][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 6.004 (Executable)][PLAIN TEXT (GET /pass/v)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 12 TCP 10.54.169.250:54883 <-> 203.205.151.160:80 [proto: 131.48/HTTP_Proxy.QQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Chat/9][2 pkts/1192 bytes <-> 1 pkts/145 bytes][Goodput ratio: 91/61][2.08 sec][Hostname/SNI: hkextshort.weixin.qq.com][URL: http://hkextshort.weixin.qq.com/cgi-bin/micromsg-bin/mmsnssync][Req Content-Type: application/octet-stream][User-Agent: MicroMessenger Client][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 8080,3128][PLAIN TEXT (POST http)][Plen Bins: 0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 13 TCP 10.54.169.250:54885 <-> 203.205.151.160:80 [proto: 131.48/HTTP_Proxy.QQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Download/7][1 pkts/461 bytes <-> 2 pkts/522 bytes][Goodput ratio: 88/78][2.81 sec][Hostname/SNI: hkextshort.weixin.qq.com][URL: http://hkextshort.weixin.qq.com/cgi-bin/micromsg-bin/getcontactlabellist][StatusCode: 200][Req Content-Type: application/octet-stream][Content-Type: application/octet-stream][User-Agent: MicroMessenger Client][Filename: micromsgresp.dat][Risk: ** Known Proto on Non Std Port **** Binary file/data transfer (attempt) **][Risk Score: 100][Risk Info: Expected on port 8080,3128 / Found binary mime octet-stream][PLAIN TEXT (POST http)][Plen Bins: 0,0,0,0,0,0,66,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 14 TCP 10.54.169.250:35670 <-> 203.205.147.215:80 [proto: 131.48/HTTP_Proxy.QQ][IP: 285/Tencent][ClearText][Confidence: DPI][DPI packets: 2][cat: Download/7][1 pkts/681 bytes <-> 1 pkts/262 bytes][Goodput ratio: 92/78][0.14 sec][Hostname/SNI: hkminorshort.weixin.qq.com][URL: http://hkminorshort.weixin.qq.com/cgi-bin/micromsg-bin/rtkvreport][StatusCode: 200][Req Content-Type: application/octet-stream][Content-Type: application/octet-stream][User-Agent: MicroMessenger Client][Filename: micromsgresp.dat][Risk: ** Known Proto on Non Std Port **** Binary file/data transfer (attempt) **][Risk Score: 100][Risk Info: Expected on port 8080,3128 / Found binary mime octet-stream][PLAIN TEXT (POST http)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -50,4 +50,4 @@ Fun 18 6521 8 18 TCP 10.54.169.250:52288 <-> 173.252.74.22:80 [proto: 7.119/HTTP.Facebook][IP: 119/Facebook][ClearText][Confidence: DPI][DPI packets: 2][cat: SocialNetwork/6][1 pkts/243 bytes <-> 1 pkts/339 bytes][Goodput ratio: 77/83][0.46 sec][Hostname/SNI: www.facebook.com][URL: www.facebook.com/mobile/status.php][StatusCode: 204][User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI/V6.4.2.0.KXDMICB)][PLAIN TEXT (GET /mobile/status.php HTTP/1.1)][Plen Bins: 0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 19 TCP 10.54.169.250:44793 <-> 31.13.68.49:80 [proto: 7.119/HTTP.Facebook][IP: 119/Facebook][ClearText][Confidence: DPI][DPI packets: 2][cat: SocialNetwork/6][1 pkts/237 bytes <-> 1 pkts/339 bytes][Goodput ratio: 76/83][0.34 sec][Hostname/SNI: www.facebook.com][URL: www.facebook.com/mobile/status.php][StatusCode: 204][User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.2; GT-I9505 Build/KOT49H)][PLAIN TEXT (GET /mobile/status.php HTTP/1.1)][Plen Bins: 0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 20 TCP 10.54.169.250:33064 <-> 120.28.5.18:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/358 bytes <-> 1 pkts/109 bytes][Goodput ratio: 84/48][0.31 sec][Hostname/SNI: api-singtelhawk.quickplay.com][URL: api-singtelhawk.quickplay.com/solr/RestApiSingTel_PH/restapi/home?apiKey=qwerty&device=androidmobile&locale=eng&network=WIFI&pageNumber=1&pageSize=50][User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI/V6.4.2.0.KXDMICB)][PLAIN TEXT (GET /solr/RestApiSingTel)][Plen Bins: 0,50,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 21 TCP 10.54.169.250:33277 <-> 120.28.26.231:80 [proto: 7.126/HTTP.Google][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/241 bytes <-> 1 pkts/137 bytes][Goodput ratio: 76/59][0.06 sec][Hostname/SNI: clients3.google.com][URL: clients3.google.com/generate_204][StatusCode: 204][Server: GFE/2.0][User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI/V6.4.2.0.KXDMICB)][PLAIN TEXT (GET /generate)][Plen Bins: 0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 21 TCP 10.54.169.250:33277 <-> 120.28.26.231:80 [proto: 7.126/HTTP.Google][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/241 bytes <-> 1 pkts/137 bytes][Goodput ratio: 76/59][0.06 sec][Hostname/SNI: clients3.google.com][URL: clients3.google.com/generate_204][StatusCode: 204][Server: GFE/2.0][User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI/V6.4.2.0.KXDMICB)][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.305 (Executable)][PLAIN TEXT (GET /generate)][Plen Bins: 0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/reasm_crash_anon.pcapng.out b/tests/cfgs/default/result/reasm_crash_anon.pcapng.out index dfc18ae6e35..eb64a2c1714 100644 --- a/tests/cfgs/default/result/reasm_crash_anon.pcapng.out +++ b/tests/cfgs/default/result/reasm_crash_anon.pcapng.out @@ -28,4 +28,4 @@ Unrated 200 20067 1 Undetected flows: - 1 TCP 192.168.145.147:51218 <-> 10.209.8.148:21999 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 23][187 pkts/13776 bytes <-> 13 pkts/6291 bytes][Goodput ratio: 7/86][1475.07 sec][bytes ratio: 0.373 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 8292/21500 30100/30165 13444/13597][Pkt Len c2s/s2c min/avg/max/stddev: 60/122 74/484 113/793 8/332][PLAIN TEXT (details /)][Plen Bins: 80,8,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 TCP 192.168.145.147:51218 <-> 10.209.8.148:21999 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 23][187 pkts/13776 bytes <-> 13 pkts/6291 bytes][Goodput ratio: 7/86][1475.07 sec][bytes ratio: 0.373 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 8292/21500 30100/30165 13444/13597][Pkt Len c2s/s2c min/avg/max/stddev: 60/122 74/484 113/793 8/332][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.046 (Executable)][PLAIN TEXT (details /)][Plen Bins: 80,8,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/reasm_segv_anon.pcapng.out b/tests/cfgs/default/result/reasm_segv_anon.pcapng.out index 2a5f50f3231..e8317ffedc5 100644 --- a/tests/cfgs/default/result/reasm_segv_anon.pcapng.out +++ b/tests/cfgs/default/result/reasm_segv_anon.pcapng.out @@ -27,4 +27,4 @@ HTTP 82 77940 1 Acceptable 82 77940 1 - 1 TCP 172.17.36.21:57619 <-> 63.190.145.43:80 [proto: GTP:7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: Match by port][DPI packets: 21][cat: Web/5][28 pkts/3184 bytes <-> 54 pkts/74756 bytes][Goodput ratio: 0/93][15.67 sec][bytes ratio: -0.918 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 448/205 1615/2133 476/518][Pkt Len c2s/s2c min/avg/max/stddev: 94/90 114/1384 130/1490 9/330][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy 7.88][PLAIN TEXT (.iJoJJ)][Plen Bins: 0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,1,0,0,92,0,0,0,0] + 1 TCP 172.17.36.21:57619 <-> 63.190.145.43:80 [proto: GTP:7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: Match by port][DPI packets: 21][cat: Web/5][28 pkts/3184 bytes <-> 54 pkts/74756 bytes][Goodput ratio: 0/93][15.67 sec][bytes ratio: -0.918 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 448/205 1615/2133 476/518][Pkt Len c2s/s2c min/avg/max/stddev: 94/90 114/1384 130/1490 9/330][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 7.880 (Encrypted or Random)][PLAIN TEXT (.iJoJJ)][Plen Bins: 0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,1,0,0,92,0,0,0,0] diff --git a/tests/cfgs/default/result/riot.pcapng.out b/tests/cfgs/default/result/riot.pcapng.out index 301d6d862f8..122945cb819 100644 --- a/tests/cfgs/default/result/riot.pcapng.out +++ b/tests/cfgs/default/result/riot.pcapng.out @@ -35,4 +35,4 @@ JA3 Host Stats: 1 TCP 35.234.85.218:443 -> 192.168.26.22:51949 [proto: 91.302/TLS.RiotGames][IP: 284/GoogleCloud][Encrypted][Confidence: DPI][DPI packets: 4][cat: Game/8][4 pkts/4338 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][0.00 sec][(Negotiated) ALPN: h2][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][TLSv1.2][ServerNames: embed.rgpub.io,sites.rgpub.io,*.embed.rgpub.io,*.sites.rgpub.io][JA3S: 827b71c134bd28975c2d605a06ef00ef][Issuer: C=US, O=IdenTrust, OU=HydrantID Trusted Certificate Service, CN=HydrantID Server CA O1][Subject: CN=embed.rgpub.io, O=Riot Games Inc, L=Los Angeles, ST=California, C=US][Certificate SHA-1: CE:85:16:DF:E3:42:05:16:39:97:1F:6B:7A:53:22:22:C8:DD:66:44][Validity: 2022-12-08 19:52:14 - 2024-01-07 19:51:14][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,75,0,0,0,0,0,0,0,0,0] - 2 TCP 52.41.135.135:443 -> 192.168.26.22:51817 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: Match by port][DPI packets: 3][cat: Web/5][3 pkts/4242 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No client to server traffic / Entropy 7.54][PLAIN TEXT (DigiCert Inc1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,66,0,0,0,0] + 2 TCP 52.41.135.135:443 -> 192.168.26.22:51817 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: Match by port][DPI packets: 3][cat: Web/5][3 pkts/4242 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No client to server traffic / Entropy: 6.927 (Compressed Executable)][PLAIN TEXT (DigiCert Inc1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,66,0,0,0,0] diff --git a/tests/cfgs/default/result/shell.pcap.out b/tests/cfgs/default/result/shell.pcap.out index 9b4fe6dee47..227b5bba7c0 100644 --- a/tests/cfgs/default/result/shell.pcap.out +++ b/tests/cfgs/default/result/shell.pcap.out @@ -30,6 +30,6 @@ Unrated 18 13422 4 Undetected flows: 1 TCP 127.0.0.1:54970 <-> 127.0.0.1:33333 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 8][5 pkts/5526 bytes <-> 3 pkts/206 bytes][Goodput ratio: 94/0][1.26 sec][bytes ratio: 0.928 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 315/0 1259/0 545/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1105/69 5254/74 2074/4][Risk: ** Possible Exploit Attempt **][Risk Score: 150][Risk Info: Shellscript found][PLAIN TEXT ( /bin/sh)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100] - 2 UDP 127.0.0.1:58538 -> 127.0.0.1:33333 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/5230 bytes -> 0 pkts/0 bytes][Goodput ratio: 99/0][< 1 sec][Risk: ** Possible Exploit Attempt **** Unidirectional Traffic **][Risk Score: 160][Risk Info: No server to client traffic / Shellscript found][PLAIN TEXT ( /bin/sh)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100] + 2 UDP 127.0.0.1:58538 -> 127.0.0.1:33333 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/5230 bytes -> 0 pkts/0 bytes][Goodput ratio: 99/0][< 1 sec][Risk: ** Susp Entropy **** Possible Exploit Attempt **** Unidirectional Traffic **][Risk Score: 210][Risk Info: No server to client traffic / Shellscript found / Entropy: 4.969 (Executable)][PLAIN TEXT ( /bin/sh)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100] 3 TCP 127.0.0.1:47638 <-> 127.0.0.1:33333 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 8][4 pkts/1209 bytes <-> 4 pkts/272 bytes][Goodput ratio: 77/0][4.14 sec][bytes ratio: 0.633 (Upload)][IAT c2s/s2c min/avg/max/stddev: 4140/0 1380/0 4140/0 1952/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 302/68 1003/74 405/3][Risk: ** Possible Exploit Attempt **][Risk Score: 150][Risk Info: Shellscript found][PLAIN TEXT (/bin/sh)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 4 UDP 127.0.0.1:54112 -> 127.0.0.1:33333 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/979 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][Risk: ** Possible Exploit Attempt **** Unidirectional Traffic **][Risk Score: 160][Risk Info: No server to client traffic / Shellscript found][PLAIN TEXT (/bin/sh)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 4 UDP 127.0.0.1:54112 -> 127.0.0.1:33333 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/979 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][Risk: ** Susp Entropy **** Possible Exploit Attempt **** Unidirectional Traffic **][Risk Score: 210][Risk Info: No server to client traffic / Shellscript found / Entropy: 5.378 (Executable)][PLAIN TEXT (/bin/sh)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/smb_frags.pcap.out b/tests/cfgs/default/result/smb_frags.pcap.out index 7ead3c673a5..235ac39a055 100644 --- a/tests/cfgs/default/result/smb_frags.pcap.out +++ b/tests/cfgs/default/result/smb_frags.pcap.out @@ -14,7 +14,7 @@ Automa domain: 0/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) Automa common alpns: 0/0 (search/found) -Patricia risk mask: 0/0 (search/found) +Patricia risk mask: 2/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 0/0 (search/found) diff --git a/tests/cfgs/default/result/soap.pcap.out b/tests/cfgs/default/result/soap.pcap.out index 5f9ec4b918d..16489c0d578 100644 --- a/tests/cfgs/default/result/soap.pcap.out +++ b/tests/cfgs/default/result/soap.pcap.out @@ -17,7 +17,7 @@ Automa domain: 1/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) Automa common alpns: 0/0 (search/found) -Patricia risk mask: 2/0 (search/found) +Patricia risk mask: 4/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 1/0 (search/found) Patricia risk IPv6: 0/0 (search/found) diff --git a/tests/cfgs/default/result/starcraft_battle.pcap.out b/tests/cfgs/default/result/starcraft_battle.pcap.out index a380bfc24e2..b5b24f27dc7 100644 --- a/tests/cfgs/default/result/starcraft_battle.pcap.out +++ b/tests/cfgs/default/result/starcraft_battle.pcap.out @@ -20,7 +20,7 @@ Automa domain: 41/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 7/1 (search/found) Automa common alpns: 0/0 (search/found) -Patricia risk mask: 22/0 (search/found) +Patricia risk mask: 24/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 0/0 (search/found) @@ -41,13 +41,13 @@ Safe 46 3071 14 Acceptable 506 304727 31 Fun 245 52374 7 - 1 TCP 192.168.1.100:3508 <-> 87.248.221.254:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Download/7][90 pkts/5059 bytes <-> 89 pkts/129145 bytes][Goodput ratio: 4/96][3.22 sec][Hostname/SNI: llnw.blizzard.com][bytes ratio: -0.925 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 45/3 2914/58 341/11][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 56/1451 241/1514 20/291][URL: llnw.blizzard.com/sc2-pod-retail/AF11CD00/EU/24621.direct/s2-36281-BA356DD57557728843CAF63A12C79AA3.mfil][StatusCode: 200][Content-Type: application/octet-stream][Server: Apache][User-Agent: Blizzard Web Client][Risk: ** Susp DGA Domain name **** Binary file/data transfer (attempt) **][Risk Score: 150][Risk Info: llnw.blizzard.com / Found binary mime octet-stream][PLAIN TEXT (GET /sc)][Plen Bins: 0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,97,0,0] + 1 TCP 192.168.1.100:3508 <-> 87.248.221.254:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Download/7][90 pkts/5059 bytes <-> 89 pkts/129145 bytes][Goodput ratio: 4/96][3.22 sec][Hostname/SNI: llnw.blizzard.com][bytes ratio: -0.925 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 45/3 2914/58 341/11][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 56/1451 241/1514 20/291][URL: llnw.blizzard.com/sc2-pod-retail/AF11CD00/EU/24621.direct/s2-36281-BA356DD57557728843CAF63A12C79AA3.mfil][StatusCode: 200][Content-Type: application/octet-stream][Server: Apache][User-Agent: Blizzard Web Client][Risk: ** Susp DGA Domain name **** Susp Entropy **** Binary file/data transfer (attempt) **][Risk Score: 200][Risk Info: llnw.blizzard.com / Entropy: 5.346 (Executable) / Found binary mime octet-stream][PLAIN TEXT (GET /sc)][Plen Bins: 0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,97,0,0] 2 TCP 192.168.1.100:3517 <-> 213.248.127.130:1119 [proto: 213/Starcraft][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Game/8][126 pkts/9157 bytes <-> 89 pkts/41021 bytes][Goodput ratio: 26/88][3.83 sec][bytes ratio: -0.635 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 30/37 1016/1086 104/133][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 73/461 249/1514 28/593][PLAIN TEXT (matteobracci1@gmail.com)][Plen Bins: 76,2,2,2,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,13,0,0] - 3 TCP 192.168.1.100:3527 <-> 2.228.46.112:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][15 pkts/971 bytes <-> 26 pkts/36462 bytes][Goodput ratio: 15/96][0.10 sec][Hostname/SNI: bnetcmsus-a.akamaihd.net][bytes ratio: -0.948 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/3 33/34 13/9][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 65/1402 203/1514 37/387][URL: bnetcmsus-a.akamaihd.net/cms/bnet_thumbnail/gc/GCF1DHMH8FDY1434670037434.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: Apache][User-Agent: Battle.net Web Client][PLAIN TEXT (GET /cms/bnet)][Plen Bins: 0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,96,0,0] - 4 TCP 192.168.1.100:3528 <-> 2.228.46.112:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][11 pkts/755 bytes <-> 18 pkts/24350 bytes][Goodput ratio: 20/96][0.10 sec][Hostname/SNI: bnetcmsus-a.akamaihd.net][bytes ratio: -0.940 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 12/4 37/64 16/16][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 69/1353 203/1514 43/456][URL: bnetcmsus-a.akamaihd.net/cms/bnet_thumbnail/4j/4J7OUIISCLTQ1436943629210.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: Apache][User-Agent: Battle.net Web Client][PLAIN TEXT (GET /cms/bnet)][Plen Bins: 0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,94,0,0] - 5 TCP 192.168.1.100:3529 <-> 2.228.46.112:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][11 pkts/752 bytes <-> 18 pkts/24350 bytes][Goodput ratio: 19/96][0.07 sec][Hostname/SNI: bnetcmsus-a.akamaihd.net][bytes ratio: -0.940 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/2 34/35 14/9][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 68/1353 200/1514 42/456][URL: bnetcmsus-a.akamaihd.net/cms/bnet_header/yf/YF9PRCZXJVPZ1428591254317.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: Apache][User-Agent: Battle.net Web Client][PLAIN TEXT (GET /cms/bnet)][Plen Bins: 0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,94,0,0] - 6 TCP 192.168.1.100:3530 <-> 2.228.46.112:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][11 pkts/752 bytes <-> 18 pkts/24350 bytes][Goodput ratio: 19/96][0.08 sec][Hostname/SNI: bnetcmsus-a.akamaihd.net][bytes ratio: -0.940 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/3 34/47 14/12][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 68/1353 200/1514 42/456][URL: bnetcmsus-a.akamaihd.net/cms/bnet_header/0x/0XQ1VXR8ZR271434128527471.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: Apache][User-Agent: Battle.net Web Client][PLAIN TEXT (GET /cms/bnet)][Plen Bins: 0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,94,0,0] - 7 TCP 192.168.1.100:3531 <-> 2.228.46.112:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][11 pkts/752 bytes <-> 18 pkts/24350 bytes][Goodput ratio: 19/96][0.07 sec][Hostname/SNI: bnetcmsus-a.akamaihd.net][bytes ratio: -0.940 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/2 34/32 14/8][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 68/1353 200/1514 42/456][URL: bnetcmsus-a.akamaihd.net/cms/bnet_header/fa/FA512IPUN0SE1436979936388.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: Apache][User-Agent: Battle.net Web Client][PLAIN TEXT (GET /cms/bnet)][Plen Bins: 0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,94,0,0] + 3 TCP 192.168.1.100:3527 <-> 2.228.46.112:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][15 pkts/971 bytes <-> 26 pkts/36462 bytes][Goodput ratio: 15/96][0.10 sec][Hostname/SNI: bnetcmsus-a.akamaihd.net][bytes ratio: -0.948 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/3 33/34 13/9][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 65/1402 203/1514 37/387][URL: bnetcmsus-a.akamaihd.net/cms/bnet_thumbnail/gc/GCF1DHMH8FDY1434670037434.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: Apache][User-Agent: Battle.net Web Client][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.258 (Executable)][PLAIN TEXT (GET /cms/bnet)][Plen Bins: 0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,96,0,0] + 4 TCP 192.168.1.100:3528 <-> 2.228.46.112:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][11 pkts/755 bytes <-> 18 pkts/24350 bytes][Goodput ratio: 20/96][0.10 sec][Hostname/SNI: bnetcmsus-a.akamaihd.net][bytes ratio: -0.940 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 12/4 37/64 16/16][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 69/1353 203/1514 43/456][URL: bnetcmsus-a.akamaihd.net/cms/bnet_thumbnail/4j/4J7OUIISCLTQ1436943629210.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: Apache][User-Agent: Battle.net Web Client][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.325 (Executable)][PLAIN TEXT (GET /cms/bnet)][Plen Bins: 0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,94,0,0] + 5 TCP 192.168.1.100:3529 <-> 2.228.46.112:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][11 pkts/752 bytes <-> 18 pkts/24350 bytes][Goodput ratio: 19/96][0.07 sec][Hostname/SNI: bnetcmsus-a.akamaihd.net][bytes ratio: -0.940 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/2 34/35 14/9][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 68/1353 200/1514 42/456][URL: bnetcmsus-a.akamaihd.net/cms/bnet_header/yf/YF9PRCZXJVPZ1428591254317.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: Apache][User-Agent: Battle.net Web Client][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.366 (Executable)][PLAIN TEXT (GET /cms/bnet)][Plen Bins: 0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,94,0,0] + 6 TCP 192.168.1.100:3530 <-> 2.228.46.112:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][11 pkts/752 bytes <-> 18 pkts/24350 bytes][Goodput ratio: 19/96][0.08 sec][Hostname/SNI: bnetcmsus-a.akamaihd.net][bytes ratio: -0.940 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/3 34/47 14/12][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 68/1353 200/1514 42/456][URL: bnetcmsus-a.akamaihd.net/cms/bnet_header/0x/0XQ1VXR8ZR271434128527471.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: Apache][User-Agent: Battle.net Web Client][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.302 (Executable)][PLAIN TEXT (GET /cms/bnet)][Plen Bins: 0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,94,0,0] + 7 TCP 192.168.1.100:3531 <-> 2.228.46.112:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][11 pkts/752 bytes <-> 18 pkts/24350 bytes][Goodput ratio: 19/96][0.07 sec][Hostname/SNI: bnetcmsus-a.akamaihd.net][bytes ratio: -0.940 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/2 34/32 14/8][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 68/1353 200/1514 42/456][URL: bnetcmsus-a.akamaihd.net/cms/bnet_header/fa/FA512IPUN0SE1436979936388.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: Apache][User-Agent: Battle.net Web Client][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.325 (Executable)][PLAIN TEXT (GET /cms/bnet)][Plen Bins: 0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,94,0,0] 8 UDP 192.168.1.254:38605 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][11 pkts/4984 bytes -> 0 pkts/0 bytes][Goodput ratio: 91/0][0.00 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 414/0 453/0 494/0 30/0][PLAIN TEXT (osNOTIFY )][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,45,0,45,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 9 TCP 192.168.1.100:3525 <-> 80.239.186.40:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][6 pkts/545 bytes <-> 6 pkts/3388 bytes][Goodput ratio: 38/90][0.18 sec][Hostname/SNI: eu.battle.net][bytes ratio: -0.723 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 31/18 64/60 27/25][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 91/565 263/1514 77/673][URL: eu.battle.net/sc2/en-gb/data/live-events.xml][StatusCode: 200][Content-Type: application/xml][Server: Apache][User-Agent: Battle.net Web Client][PLAIN TEXT (GET /sc)][Plen Bins: 0,0,0,25,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] 10 TCP 192.168.1.100:3526 <-> 80.239.186.40:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][6 pkts/547 bytes <-> 5 pkts/3139 bytes][Goodput ratio: 39/91][0.19 sec][Hostname/SNI: eu.battle.net][bytes ratio: -0.703 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 33/26 70/61 29/26][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 91/628 265/1514 78/696][URL: eu.battle.net/sc2/en-gb/data/client-homepage.xml][StatusCode: 200][Content-Type: application/xml][Server: Apache][User-Agent: Battle.net Web Client][PLAIN TEXT (GET /sc)][Plen Bins: 0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,33,0,0] @@ -63,13 +63,13 @@ Fun 245 52374 7 20 TCP 192.168.1.100:3427 <-> 80.239.208.193:1119 [proto: 213/Starcraft][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 13][cat: Game/8][6 pkts/376 bytes <-> 7 pkts/526 bytes][Goodput ratio: 14/22][10.56 sec][bytes ratio: -0.166 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2624/2614 6381/6342 2711/2730][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 63/75 74/155 9/33][Plen Bins: 80,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 21 TCP 192.168.1.100:3512 <-> 12.129.222.54:80 [proto: 7.76/HTTP.WorldOfWarcraft][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Game/8][5 pkts/367 bytes <-> 4 pkts/513 bytes][Goodput ratio: 23/53][0.60 sec][Hostname/SNI: us.scan.worldofwarcraft.com][bytes ratio: -0.166 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 9/0 148/102 198/203 80/102][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 73/128 139/327 33/115][URL: us.scan.worldofwarcraft.com/update/Launcher.txt][StatusCode: 200][Content-Type: text/plain][Server: Apache/2.2.3 (CentOS)][Risk: ** HTTP Susp User-Agent **** HTTP Obsolete Server **][Risk Score: 150][Risk Info: Empty or missing User-Agent / Obsolete Apache server 2.2.3][PLAIN TEXT (GET /update/Launcher.txt HTTP/1)][Plen Bins: 0,0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 22 UDP 192.168.1.100:55468 <-> 192.168.1.254:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/168 bytes <-> 2 pkts/388 bytes][Goodput ratio: 50/78][0.09 sec][Hostname/SNI: bnetcmsus-a.akamaihd.net][2.228.46.112][PLAIN TEXT (bnetcmsus)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 23 UDP 173.194.40.22:443 <-> 192.168.1.100:53568 [proto: 188/QUIC][IP: 126/Google][Encrypted][Confidence: Match by port][DPI packets: 6][cat: Web/5][3 pkts/243 bytes <-> 3 pkts/232 bytes][Goodput ratio: 48/45][28.94 sec][bytes ratio: 0.023 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 13855/13940 14457/14457 15059/14974 602/517][Pkt Len c2s/s2c min/avg/max/stddev: 77/66 81/77 83/83 3/8][Plen Bins: 16,83,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 23 UDP 173.194.40.22:443 <-> 192.168.1.100:53568 [proto: 188/QUIC][IP: 126/Google][Encrypted][Confidence: Match by port][DPI packets: 6][cat: Web/5][3 pkts/243 bytes <-> 3 pkts/232 bytes][Goodput ratio: 48/45][28.94 sec][bytes ratio: 0.023 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 13855/13940 14457/14457 15059/14974 602/517][Pkt Len c2s/s2c min/avg/max/stddev: 77/66 81/77 83/83 3/8][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.072 (Executable)][Plen Bins: 16,83,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 24 UDP 192.168.1.100:58851 <-> 192.168.1.254:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/173 bytes <-> 2 pkts/282 bytes][Goodput ratio: 51/70][0.05 sec][Hostname/SNI: 110.212.58.216.in-addr.arpa][::][Plen Bins: 0,50,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 25 UDP 192.168.1.100:60026 <-> 192.168.1.254:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/154 bytes <-> 2 pkts/288 bytes][Goodput ratio: 45/71][0.08 sec][Hostname/SNI: llnw.blizzard.com][87.248.221.254][Risk: ** Susp DGA Domain name **** Risky Domain Name **][Risk Score: 150][Risk Info: llnw.blizzard.com / DGA Name Query with no Error Code][PLAIN TEXT (blizzard)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 26 UDP 192.168.1.100:58818 <-> 192.168.1.254:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/172 bytes <-> 2 pkts/260 bytes][Goodput ratio: 51/67][0.06 sec][Hostname/SNI: 100.1.168.192.in-addr.arpa][::][Risk: ** Minor Issues **][Risk Score: 10][Risk Info: DNS Record with zero TTL][PLAIN TEXT (dynect)][Plen Bins: 0,50,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 27 UDP 192.168.1.100:58831 <-> 192.168.1.254:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][2 pkts/172 bytes <-> 2 pkts/245 bytes][Goodput ratio: 51/65][0.17 sec][Hostname/SNI: 26.186.239.80.in-addr.arpa][::][Risk: ** Error Code **][Risk Score: 10][Risk Info: DNS Error Code NXDOMAIN][PLAIN TEXT (signup)][Plen Bins: 0,75,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 28 TCP 192.168.1.100:3532 <-> 2.228.46.112:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Web/5][3 pkts/320 bytes <-> 1 pkts/66 bytes][Goodput ratio: 45/0][0.04 sec][Hostname/SNI: bnetcmsus-a.akamaihd.net][URL: bnetcmsus-a.akamaihd.net/cms/bnet_header/78/78XH2UNU4JYK1434560551687.jpg][User-Agent: Battle.net Web Client][PLAIN TEXT (GET /cms/bnet)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 29 TCP 192.168.1.100:3533 <-> 2.228.46.112:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Web/5][3 pkts/320 bytes <-> 1 pkts/66 bytes][Goodput ratio: 45/0][0.04 sec][Hostname/SNI: bnetcmsus-a.akamaihd.net][URL: bnetcmsus-a.akamaihd.net/cms/bnet_header/mf/MFTH8TS42HKX1430183778319.jpg][User-Agent: Battle.net Web Client][PLAIN TEXT (GET /cms/bnet)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 28 TCP 192.168.1.100:3532 <-> 2.228.46.112:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Web/5][3 pkts/320 bytes <-> 1 pkts/66 bytes][Goodput ratio: 45/0][0.04 sec][Hostname/SNI: bnetcmsus-a.akamaihd.net][URL: bnetcmsus-a.akamaihd.net/cms/bnet_header/78/78XH2UNU4JYK1434560551687.jpg][User-Agent: Battle.net Web Client][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.310 (Executable)][PLAIN TEXT (GET /cms/bnet)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 29 TCP 192.168.1.100:3533 <-> 2.228.46.112:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Web/5][3 pkts/320 bytes <-> 1 pkts/66 bytes][Goodput ratio: 45/0][0.04 sec][Hostname/SNI: bnetcmsus-a.akamaihd.net][URL: bnetcmsus-a.akamaihd.net/cms/bnet_header/mf/MFTH8TS42HKX1430183778319.jpg][User-Agent: Battle.net Web Client][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.278 (Executable)][PLAIN TEXT (GET /cms/bnet)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 30 UDP 192.168.1.100:53145 <-> 192.168.1.254:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/152 bytes <-> 2 pkts/184 bytes][Goodput ratio: 44/54][0.08 sec][Hostname/SNI: nydus.battle.net][80.239.186.26][PLAIN TEXT (battle)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 31 TCP 192.168.1.100:3479 <-> 2.228.46.114:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes][Goodput ratio: 0/32][0.03 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 32 TCP 192.168.1.100:3480 <-> 2.228.46.114:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/167 bytes][Goodput ratio: 0/32][0.04 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/stun.pcap.out b/tests/cfgs/default/result/stun.pcap.out index f26fb3b21e1..13b5e63c9c0 100644 --- a/tests/cfgs/default/result/stun.pcap.out +++ b/tests/cfgs/default/result/stun.pcap.out @@ -47,4 +47,4 @@ JA3 Host Stats: 6 UDP 192.168.12.169:43016 <-> 74.125.247.128:3478 [proto: 78.404/STUN.GoogleCall][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 7][cat: VoIP/10][4 pkts/528 bytes <-> 4 pkts/408 bytes][Goodput ratio: 68/59][1.25 sec][Hostname/SNI: turn.l.google.com][bytes ratio: 0.128 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 9/23 342/409 974/1177 447/543][Pkt Len c2s/s2c min/avg/max/stddev: 62/74 132/102 198/122 61/19][Mapped IP/Port: 93.47.225.225:23616][Relayed IP/Port: 10.2.0.86:44908][PLAIN TEXT (BSnLfRxS6)][Plen Bins: 12,37,25,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 7 UDP 192.168.43.169:48854 <-> 134.224.90.111:8801 [proto: 30/DTLS][IP: 189/Zoom][Encrypted][Confidence: DPI][DPI packets: 4][cat: Network/14][3 pkts/660 bytes <-> 1 pkts/106 bytes][Goodput ratio: 81/60][0.12 sec][(Advertised) ALPNs: webrtc;c-webrtc][Mapped IP/Port: 93.33.105.111:8466][DTLSv1.2][JA3C: 3e12a43c7535bb32beac3928f8fe905d][JA4: t00d0808we_c6c2b6ec87e0_06b1ae923e2a][Firefox][PLAIN TEXT (DCBD09778680)][Plen Bins: 0,0,25,0,25,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 8 UDP [2600:1900:4160:5999::19::]:3478 -> [2001:b07:a3d:c112:48a1:1094:1227:281e]:48094 [proto: 78/STUN][IP: 284/GoogleCloud][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][3 pkts/414 bytes -> 0 pkts/0 bytes][Goodput ratio: 55/0][5.22 sec][Mapped IP/Port: [2001:b07:a3d:c112:48a1:1094:1227:281e]:48094][Rsp Origin IP/Port: [2600:1900:4160:5999:0:19::]:3478][Other IP/Port: [2600:1900:4160:5999:0:19::]:80][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (KdfbdZ2)][Plen Bins: 0,66,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 9 ICMP 192.168.12.169:0 -> 74.125.247.128:0 [proto: 81/ICMP][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/122 bytes -> 0 pkts/0 bytes][Goodput ratio: 65/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (62NfUD5)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 9 ICMP 192.168.12.169:0 -> 74.125.247.128:0 [proto: 81/ICMP][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/122 bytes -> 0 pkts/0 bytes][Goodput ratio: 65/0][< 1 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy: 5.280 (Executable)][PLAIN TEXT (62NfUD5)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/stun_signal.pcapng.out b/tests/cfgs/default/result/stun_signal.pcapng.out index 1f53644728f..8ab83d39d9e 100644 --- a/tests/cfgs/default/result/stun_signal.pcapng.out +++ b/tests/cfgs/default/result/stun_signal.pcapng.out @@ -30,12 +30,12 @@ Acceptable 460 48496 23 1 UDP 192.168.12.169:43068 <-> 18.195.131.143:61156 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][ClearText][Confidence: DPI (cache)][DPI packets: 7][cat: VoIP/10][48 pkts/4692 bytes <-> 58 pkts/7630 bytes][Goodput ratio: 57/68][12.11 sec][bytes ratio: -0.238 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 224/234 1055/1059 250/294][Pkt Len c2s/s2c min/avg/max/stddev: 70/70 98/132 146/306 23/72][Mapped IP/Port: 93.47.225.19:11914][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (BrDwrhkDr//9e)][Plen Bins: 26,31,15,15,5,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.12.169:47767 <-> 18.195.131.143:61498 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][ClearText][Confidence: DPI (cache)][DPI packets: 7][cat: VoIP/10][18 pkts/1900 bytes <-> 35 pkts/6496 bytes][Goodput ratio: 60/77][2.67 sec][bytes ratio: -0.547 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 173/74 665/630 186/150][Pkt Len c2s/s2c min/avg/max/stddev: 70/70 106/186 146/306 26/92][Mapped IP/Port: 93.47.225.19:11932][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (80JiLM)][Plen Bins: 13,16,18,18,9,0,0,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 3 ICMP 35.158.183.167:0 <-> 192.168.12.169:0 [proto: 81/ICMP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][30 pkts/2780 bytes <-> 4 pkts/552 bytes][Goodput ratio: 55/69][51.83 sec][bytes ratio: 0.669 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 906/1 7931/1 2120/0][Pkt Len c2s/s2c min/avg/max/stddev: 90/138 93/138 98/138 4/0][PLAIN TEXT (BJKHNYBG4)][Plen Bins: 0,88,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 ICMP 35.158.183.167:0 <-> 192.168.12.169:0 [proto: 81/ICMP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][30 pkts/2780 bytes <-> 4 pkts/552 bytes][Goodput ratio: 55/69][51.83 sec][bytes ratio: 0.669 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 906/1 7931/1 2120/0][Pkt Len c2s/s2c min/avg/max/stddev: 90/138 93/138 98/138 4/0][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: No server to client traffic / Entropy: 5.051 (Executable)][PLAIN TEXT (BJKHNYBG4)][Plen Bins: 0,88,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 4 UDP 192.168.12.169:43068 <-> 35.158.183.167:3478 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][ClearText][Confidence: DPI (cache)][DPI packets: 7][cat: VoIP/10][13 pkts/1598 bytes <-> 13 pkts/1638 bytes][Goodput ratio: 66/67][31.02 sec][Hostname/SNI: signal.org][bytes ratio: -0.012 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 2090/2098 10035/10033 3616/3611][Pkt Len c2s/s2c min/avg/max/stddev: 62/102 123/126 174/190 47/25][Mapped IP/Port: 93.47.225.19:11910][Peer IP/Port: 18.195.131.143:61156][Relayed IP/Port: 35.158.183.167:64458][Rsp Origin IP/Port: 35.158.183.167:3478][Other IP/Port: 35.158.183.167:80][PLAIN TEXT (xYXlLJQ)][Plen Bins: 19,15,26,30,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 5 UDP 192.168.12.169:47767 <-> 35.158.122.211:3478 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][ClearText][Confidence: DPI (cache)][DPI packets: 7][cat: VoIP/10][11 pkts/1338 bytes <-> 11 pkts/1354 bytes][Goodput ratio: 65/66][22.74 sec][Hostname/SNI: signal.org][bytes ratio: -0.006 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 2483/2337 10020/10020 3944/4010][Pkt Len c2s/s2c min/avg/max/stddev: 62/102 122/123 158/190 44/25][Mapped IP/Port: 93.47.225.19:11928][Peer IP/Port: 18.195.131.143:54054][Relayed IP/Port: 35.158.122.211:51358][Rsp Origin IP/Port: 35.158.122.211:3478][Other IP/Port: 35.158.122.211:80][PLAIN TEXT (rMfcsrHE)][Plen Bins: 18,18,27,31,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 6 UDP 192.168.12.169:39950 <-> 35.158.183.167:3478 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][ClearText][Confidence: DPI (cache)][DPI packets: 7][cat: VoIP/10][11 pkts/1282 bytes <-> 11 pkts/1290 bytes][Goodput ratio: 64/64][30.98 sec][Hostname/SNI: signal.org][bytes ratio: -0.003 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 3757/3735 10023/10021 4493/4510][Pkt Len c2s/s2c min/avg/max/stddev: 62/102 117/117 162/134 48/13][Mapped IP/Port: 93.47.225.19:11911][Peer IP/Port: 18.195.131.143:61156][Relayed IP/Port: 35.158.183.167:52495][Rsp Origin IP/Port: 35.158.183.167:3478][Other IP/Port: 35.158.183.167:80][PLAIN TEXT (ovaKDk)][Plen Bins: 22,18,31,27,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 7 UDP 192.168.12.169:37970 <-> 35.158.122.211:3478 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][ClearText][Confidence: DPI (cache)][DPI packets: 7][cat: VoIP/10][10 pkts/1196 bytes <-> 10 pkts/1164 bytes][Goodput ratio: 65/64][22.74 sec][Hostname/SNI: signal.org][bytes ratio: 0.014 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 1760/2672 10017/10018 3250/3952][Pkt Len c2s/s2c min/avg/max/stddev: 62/102 120/116 158/134 45/13][Mapped IP/Port: 93.47.225.19:11929][Peer IP/Port: 18.195.131.143:54054][Relayed IP/Port: 35.158.122.211:51073][Rsp Origin IP/Port: 35.158.122.211:3478][Other IP/Port: 35.158.122.211:80][PLAIN TEXT (BSFWxqj)][Plen Bins: 20,20,30,30,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 8 ICMP 35.158.122.211:0 <-> 192.168.12.169:0 [proto: 81/ICMP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][17 pkts/1578 bytes <-> 2 pkts/276 bytes][Goodput ratio: 55/69][22.73 sec][bytes ratio: 0.702 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1052/0 7992/0 2154/0][Pkt Len c2s/s2c min/avg/max/stddev: 90/138 93/138 98/138 4/0][PLAIN TEXT (braaHWB)][Plen Bins: 0,89,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 8 ICMP 35.158.122.211:0 <-> 192.168.12.169:0 [proto: 81/ICMP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][17 pkts/1578 bytes <-> 2 pkts/276 bytes][Goodput ratio: 55/69][22.73 sec][bytes ratio: 0.702 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1052/0 7992/0 2154/0][Pkt Len c2s/s2c min/avg/max/stddev: 90/138 93/138 98/138 4/0][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: No server to client traffic / Entropy: 5.051 (Executable)][PLAIN TEXT (braaHWB)][Plen Bins: 0,89,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 9 UDP 192.168.12.169:39950 -> 35.158.183.167:443 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][ClearText][Confidence: DPI (cache)][DPI packets: 7][cat: VoIP/10][16 pkts/1056 bytes -> 0 pkts/0 bytes][Goodput ratio: 36/0][23.80 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 37/0 1416/0 7961/0 2721/0][Pkt Len c2s/s2c min/avg/max/stddev: 62/0 66/0 70/0 4/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 10 UDP 192.168.12.169:43068 -> 35.158.183.167:443 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][ClearText][Confidence: DPI (cache)][DPI packets: 7][cat: VoIP/10][16 pkts/1056 bytes -> 0 pkts/0 bytes][Goodput ratio: 36/0][23.82 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 60/0 1419/0 7937/0 2708/0][Pkt Len c2s/s2c min/avg/max/stddev: 62/0 66/0 70/0 4/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 3478][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 11 UDP 192.168.12.169:39518 <-> 35.158.183.167:3478 [proto: 78.269/STUN.SignalVoip][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 7][cat: VoIP/10][4 pkts/448 bytes <-> 4 pkts/504 bytes][Goodput ratio: 62/67][4.85 sec][Hostname/SNI: signal.org][bytes ratio: -0.059 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 23/30 1612/1611 4762/4754 2228/2222][Pkt Len c2s/s2c min/avg/max/stddev: 62/110 112/126 158/134 46/10][Mapped IP/Port: 93.47.225.19:11888][Relayed IP/Port: 35.158.183.167:62696][Rsp Origin IP/Port: 35.158.183.167:3478][Other IP/Port: 35.158.183.167:80][PLAIN TEXT (GBLsrHn)][Plen Bins: 25,0,50,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/stun_wa_call.pcapng.out b/tests/cfgs/default/result/stun_wa_call.pcapng.out index 8e48d178f8a..1c0c6150fa3 100644 --- a/tests/cfgs/default/result/stun_wa_call.pcapng.out +++ b/tests/cfgs/default/result/stun_wa_call.pcapng.out @@ -40,4 +40,4 @@ Acceptable 591 133689 13 10 UDP 192.168.12.156:49526 <-> 157.240.231.62:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][DPI packets: 3][cat: VoIP/10][3 pkts/890 bytes <-> 2 pkts/220 bytes][Goodput ratio: 86/62][14.68 sec][Mapped IP/Port: 93.35.171.3:61517][Relayed IP/Port: 157.240.231.62:3478][Plen Bins: 0,0,40,0,0,0,20,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 11 UDP 192.168.12.156:49526 <-> 179.60.192.48:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][DPI packets: 3][cat: VoIP/10][3 pkts/890 bytes <-> 2 pkts/220 bytes][Goodput ratio: 86/62][14.68 sec][Mapped IP/Port: 93.35.171.3:61517][Relayed IP/Port: 179.60.192.48:3478][Plen Bins: 0,0,40,0,0,0,20,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 12 UDP 192.168.12.156:49526 <-> 185.60.216.51:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][DPI packets: 3][cat: VoIP/10][3 pkts/890 bytes <-> 2 pkts/220 bytes][Goodput ratio: 86/62][14.68 sec][Mapped IP/Port: 93.35.171.3:61517][Relayed IP/Port: 185.60.216.51:3478][Plen Bins: 0,0,40,0,0,0,20,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 13 ICMP 93.63.100.129:0 -> 192.168.12.156:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/110 bytes -> 0 pkts/0 bytes][Goodput ratio: 61/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 13 ICMP 93.63.100.129:0 -> 192.168.12.156:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/110 bytes -> 0 pkts/0 bytes][Goodput ratio: 61/0][< 1 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy: 5.459 (Executable)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/teams.pcap.out b/tests/cfgs/default/result/teams.pcap.out index 0832f0de1f2..27cabbb4c97 100644 --- a/tests/cfgs/default/result/teams.pcap.out +++ b/tests/cfgs/default/result/teams.pcap.out @@ -68,7 +68,7 @@ JA3 Host Stats: 11 TCP 192.168.1.6:60540 <-> 52.114.75.70:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][DPI packets: 5][cat: Collaborative/15][14 pkts/5711 bytes <-> 10 pkts/8093 bytes][Goodput ratio: 83/92][0.13 sec][Hostname/SNI: eu-prod.asyncgw.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.173 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/9 32/32 13/14][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 408/809 1494/1506 517/688][TLSv1.2][JA3C: 74d5fa154a7fc0a7c655d8eaa34b89bf][JA4: t12d1312h2_8b80da21ef18_b00751acaffa][Plen Bins: 0,7,0,7,0,0,0,15,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,15,31,0,0] 12 TCP 192.168.1.6:60537 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][DPI packets: 8][cat: Cloud/13][16 pkts/8418 bytes <-> 10 pkts/5367 bytes][Goodput ratio: 87/88][0.27 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.221 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/27 46/46 20/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 526/537 1494/1506 639/623][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: a1674500365bdd882188db63730e69a2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 7,7,7,0,0,0,7,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,7,0,0,31,15,0,0] 13 TCP 192.168.1.6:60555 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][DPI packets: 11][cat: Cloud/13][18 pkts/5861 bytes <-> 13 pkts/7901 bytes][Goodput ratio: 80/89][2.79 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: -0.148 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 192/269 2443/2490 625/741][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 326/608 1494/1506 448/617][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Firefox][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,16,11,0,0,5,0,0,0,5,5,0,0,11,0,5,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,22,0,0] - 14 UDP 192.168.1.6:51681 <-> 52.114.77.136:3478 [proto: 38/Skype_TeamsCall][IP: 276/Azure][Encrypted][Confidence: Match by port][DPI packets: 12][cat: VoIP/10][14 pkts/5838 bytes <-> 17 pkts/7907 bytes][Goodput ratio: 90/91][4.57 sec][bytes ratio: -0.151 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 347/256 2336/2336 693/595][Pkt Len c2s/s2c min/avg/max/stddev: 79/79 417/465 1243/1227 434/401][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy 7.83][PLAIN TEXT (TBHSWF)][Plen Bins: 0,36,0,0,0,12,6,0,3,6,0,0,0,3,0,0,0,0,0,0,0,0,0,6,6,0,0,0,0,0,3,0,3,3,0,0,0,9,0,0,0,0,0,0,0,0,0,0] + 14 UDP 192.168.1.6:51681 <-> 52.114.77.136:3478 [proto: 38/Skype_TeamsCall][IP: 276/Azure][Encrypted][Confidence: Match by port][DPI packets: 12][cat: VoIP/10][14 pkts/5838 bytes <-> 17 pkts/7907 bytes][Goodput ratio: 90/91][4.57 sec][bytes ratio: -0.151 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 347/256 2336/2336 693/595][Pkt Len c2s/s2c min/avg/max/stddev: 79/79 417/465 1243/1227 434/401][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 6.927 (Compressed Executable)][PLAIN TEXT (TBHSWF)][Plen Bins: 0,36,0,0,0,12,6,0,3,6,0,0,0,3,0,0,0,0,0,0,0,0,0,6,6,0,0,0,0,0,3,0,3,3,0,0,0,9,0,0,0,0,0,0,0,0,0,0] 15 TCP 192.168.1.6:60547 <-> 52.114.88.59:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][DPI packets: 14][cat: Collaborative/15][20 pkts/3926 bytes <-> 15 pkts/8828 bytes][Goodput ratio: 66/89][0.32 sec][Hostname/SNI: chatsvcagg.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.384 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/25 91/80 23/31][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 196/589 1494/1506 320/612][TLSv1.2][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,21,10,5,0,5,10,5,0,0,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,5,21,0,0] 16 TCP 192.168.1.6:60565 <-> 52.114.108.8:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][DPI packets: 5][cat: Collaborative/15][19 pkts/3306 bytes <-> 14 pkts/9053 bytes][Goodput ratio: 61/90][0.43 sec][Hostname/SNI: emea.ng.msg.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.465 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27/12 276/54 68/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 174/647 1060/1506 238/633][TLSv1.2][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,22,16,5,0,0,5,0,0,0,0,0,0,5,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,22,0,0] 17 TCP 192.168.1.6:60541 <-> 52.114.75.69:443 [proto: 91.125/TLS.Skype_Teams][IP: 276/Azure][Encrypted][Confidence: DPI][DPI packets: 10][cat: VoIP/10][13 pkts/4051 bytes <-> 9 pkts/7973 bytes][Goodput ratio: 79/92][0.14 sec][Hostname/SNI: eu-api.asm.skype.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.326 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/11 31/36 14/16][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 312/886 1494/1506 422/676][TLSv1.2][JA3C: 74d5fa154a7fc0a7c655d8eaa34b89bf][JA4: t12d1312h2_8b80da21ef18_b00751acaffa][ServerNames: *.asm.skype.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=*.asm.skype.com][Certificate SHA-1: B9:41:1D:AE:56:09:68:D2:07:D0:69:E1:68:00:08:2B:EF:63:1E:48][Validity: 2019-05-07 12:50:03 - 2021-05-07 12:50:03][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,8,0,8,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8,34,0,0] diff --git a/tests/cfgs/default/result/telegram.pcap.out b/tests/cfgs/default/result/telegram.pcap.out index 68dcecc8b8c..cb4403d4c6d 100644 --- a/tests/cfgs/default/result/telegram.pcap.out +++ b/tests/cfgs/default/result/telegram.pcap.out @@ -91,6 +91,6 @@ Unrated 306 72708 3 Undetected flows: - 1 UDP 192.168.1.77:23174 <-> 192.168.1.52:31480 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 12][148 pkts/36776 bytes <-> 153 pkts/35418 bytes][Goodput ratio: 83/82][12.14 sec][bytes ratio: 0.019 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 57/42 71/82 1175/1681 105/157][Pkt Len c2s/s2c min/avg/max/stddev: 90/90 248/231 298/314 27/30][PLAIN TEXT (@XL/TB)][Plen Bins: 0,0,1,0,0,27,44,23,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 2 UDP 192.168.1.77:28150 -> 87.11.205.195:59772 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 3][3 pkts/302 bytes -> 0 pkts/0 bytes][Goodput ratio: 58/0][11.00 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 3 UDP 192.168.1.77:23174 -> 87.11.205.195:60723 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 2][2 pkts/212 bytes -> 0 pkts/0 bytes][Goodput ratio: 60/0][1.50 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 UDP 192.168.1.77:23174 <-> 192.168.1.52:31480 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 12][148 pkts/36776 bytes <-> 153 pkts/35418 bytes][Goodput ratio: 83/82][12.14 sec][bytes ratio: 0.019 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 57/42 71/82 1175/1681 105/157][Pkt Len c2s/s2c min/avg/max/stddev: 90/90 248/231 298/314 27/30][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 6.172 (Executable)][PLAIN TEXT (@XL/TB)][Plen Bins: 0,0,1,0,0,27,44,23,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 UDP 192.168.1.77:28150 -> 87.11.205.195:59772 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 3][3 pkts/302 bytes -> 0 pkts/0 bytes][Goodput ratio: 58/0][11.00 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy: 6.012 (Executable)][Plen Bins: 0,66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 UDP 192.168.1.77:23174 -> 87.11.205.195:60723 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 2][2 pkts/212 bytes -> 0 pkts/0 bytes][Goodput ratio: 60/0][1.50 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy: 6.072 (Executable)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/telegram_videocall.pcapng.out b/tests/cfgs/default/result/telegram_videocall.pcapng.out index 5a94ee72821..13c84387325 100644 --- a/tests/cfgs/default/result/telegram_videocall.pcapng.out +++ b/tests/cfgs/default/result/telegram_videocall.pcapng.out @@ -40,19 +40,19 @@ TelegramVoip 228 41561 16 Safe 4 295 1 Acceptable 883 382822 33 - 1 TCP 192.168.12.169:37950 <-> 149.154.167.91:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: Match by IP][DPI packets: 4][cat: Chat/9][156 pkts/40749 bytes <-> 214 pkts/142865 bytes][Goodput ratio: 75/90][41.14 sec][bytes ratio: -0.556 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 246/152 12847/5983 1291/707][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 261/668 1090/1294 224/564][PLAIN TEXT (MMHu@J)][Plen Bins: 0,0,2,2,4,5,6,4,4,3,0,1,0,0,1,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0] - 2 TCP 192.168.12.169:40830 <-> 149.154.167.222:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: Match by IP][DPI packets: 4][cat: Chat/9][80 pkts/7287 bytes <-> 100 pkts/120708 bytes][Goodput ratio: 27/95][28.19 sec][bytes ratio: -0.886 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 437/1 25008/31 3114/5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 91/1207 644/1294 95/289][PLAIN TEXT (elySaT)][Plen Bins: 0,0,0,0,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,94,0,0,0,0,0,0,0,0,0] + 1 TCP 192.168.12.169:37950 <-> 149.154.167.91:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: Match by IP][DPI packets: 4][cat: Chat/9][156 pkts/40749 bytes <-> 214 pkts/142865 bytes][Goodput ratio: 75/90][41.14 sec][bytes ratio: -0.556 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 246/152 12847/5983 1291/707][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 261/668 1090/1294 224/564][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 7.257 (Encrypted Executable)][PLAIN TEXT (MMHu@J)][Plen Bins: 0,0,2,2,4,5,6,4,4,3,0,1,0,0,1,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0] + 2 TCP 192.168.12.169:40830 <-> 149.154.167.222:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: Match by IP][DPI packets: 4][cat: Chat/9][80 pkts/7287 bytes <-> 100 pkts/120708 bytes][Goodput ratio: 27/95][28.19 sec][bytes ratio: -0.886 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 437/1 25008/31 3114/5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 91/1207 644/1294 95/289][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 7.638 (Encrypted or Random)][PLAIN TEXT (elySaT)][Plen Bins: 0,0,0,0,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,94,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.12.169:42405 <-> 93.36.13.115:35393 [proto: 78.355/STUN.TelegramVoip][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][DPI packets: 7][cat: VoIP/10][59 pkts/17987 bytes <-> 55 pkts/9102 bytes][Goodput ratio: 86/75][2.02 sec][bytes ratio: 0.328 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/28 306/117 48/28][Pkt Len c2s/s2c min/avg/max/stddev: 65/63 305/165 1154/435 330/102][Mapped IP/Port: 93.36.13.115:35393][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (BPEmhF0)][Plen Bins: 8,28,25,7,0,0,0,15,0,1,1,0,2,1,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0] - 4 TCP 192.168.12.169:40832 <-> 149.154.167.222:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: Match by IP][DPI packets: 4][cat: Chat/9][18 pkts/2256 bytes <-> 15 pkts/13705 bytes][Goodput ratio: 47/93][28.20 sec][bytes ratio: -0.717 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 218/280 2909/2997 746/859][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 125/914 644/1294 150/495][PLAIN TEXT (lmd/HB)][Plen Bins: 0,0,0,0,6,6,6,0,0,0,6,0,0,0,0,0,0,0,6,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,57,0,0,0,0,0,0,0,0,0] - 5 TCP 192.168.12.169:46862 <-> 149.154.167.51:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: Match by IP][DPI packets: 4][cat: Chat/9][11 pkts/1963 bytes <-> 8 pkts/2558 bytes][Goodput ratio: 63/79][10.13 sec][bytes ratio: -0.132 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1124/32 9909/87 3106/31][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 178/320 452/670 155/261][Plen Bins: 0,0,0,11,0,22,0,0,0,0,22,0,11,0,0,0,11,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 6 TCP 192.168.12.169:46866 <-> 149.154.167.51:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: Match by IP][DPI packets: 4][cat: Chat/9][9 pkts/1879 bytes <-> 6 pkts/1822 bytes][Goodput ratio: 68/78][10.11 sec][bytes ratio: 0.015 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/30 1440/34 9925/41 3464/5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 209/304 436/839 161/306][Plen Bins: 0,0,0,14,0,0,0,14,0,14,0,28,0,0,0,0,14,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 4 TCP 192.168.12.169:40832 <-> 149.154.167.222:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: Match by IP][DPI packets: 4][cat: Chat/9][18 pkts/2256 bytes <-> 15 pkts/13705 bytes][Goodput ratio: 47/93][28.20 sec][bytes ratio: -0.717 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 218/280 2909/2997 746/859][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 125/914 644/1294 150/495][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 7.526 (Encrypted or Random)][PLAIN TEXT (lmd/HB)][Plen Bins: 0,0,0,0,6,6,6,0,0,0,6,0,0,0,0,0,0,0,6,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,57,0,0,0,0,0,0,0,0,0] + 5 TCP 192.168.12.169:46862 <-> 149.154.167.51:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: Match by IP][DPI packets: 4][cat: Chat/9][11 pkts/1963 bytes <-> 8 pkts/2558 bytes][Goodput ratio: 63/79][10.13 sec][bytes ratio: -0.132 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1124/32 9909/87 3106/31][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 178/320 452/670 155/261][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 7.322 (Encrypted or Random)][Plen Bins: 0,0,0,11,0,22,0,0,0,0,22,0,11,0,0,0,11,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 6 TCP 192.168.12.169:46866 <-> 149.154.167.51:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: Match by IP][DPI packets: 4][cat: Chat/9][9 pkts/1879 bytes <-> 6 pkts/1822 bytes][Goodput ratio: 68/78][10.11 sec][bytes ratio: 0.015 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/30 1440/34 9925/41 3464/5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 209/304 436/839 161/306][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 7.504 (Encrypted or Random)][Plen Bins: 0,0,0,14,0,0,0,14,0,14,0,28,0,0,0,0,14,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 7 UDP 192.168.12.169:40643 <-> 91.108.9.35:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][DPI packets: 7][cat: VoIP/10][8 pkts/1224 bytes <-> 10 pkts/1236 bytes][Goodput ratio: 72/66][14.20 sec][Hostname/SNI: telegram.org][bytes ratio: -0.005 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 35/0 2360/1766 13458/13458 4964/4420][Pkt Len c2s/s2c min/avg/max/stddev: 70/102 153/124 170/190 33/25][Mapped IP/Port: 93.47.225.70:11618][Peer IP/Port: 93.36.13.115:35393][Relayed IP/Port: 91.108.9.35:56058][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (Unauthorized)][Plen Bins: 5,16,34,16,27,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 8 UDP 192.168.12.169:40906 -> 10.46.103.200:42554 [proto: 78.355/STUN.TelegramVoip][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][DPI packets: 7][cat: VoIP/10][13 pkts/1846 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][13.47 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 98/0 1088/0 1553/0 481/0][Pkt Len c2s/s2c min/avg/max/stddev: 142/0 142/0 142/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (BBEvpfJJpa)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 9 UDP 192.168.12.169:42405 -> 10.46.103.200:42554 [proto: 78.355/STUN.TelegramVoip][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][DPI packets: 7][cat: VoIP/10][13 pkts/1846 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][13.02 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 97/0 1047/0 2004/0 541/0][Pkt Len c2s/s2c min/avg/max/stddev: 142/0 142/0 142/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (bfyeXPVa97N)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 10 TCP 192.168.12.169:40834 <-> 149.154.167.222:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: Match by IP][DPI packets: 4][cat: Chat/9][5 pkts/788 bytes <-> 3 pkts/890 bytes][Goodput ratio: 57/77][0.17 sec][bytes ratio: -0.061 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 6/47 24/68 42/90 14/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 158/297 315/750 110/321][Plen Bins: 0,0,0,0,0,0,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 10 TCP 192.168.12.169:40834 <-> 149.154.167.222:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: Match by IP][DPI packets: 4][cat: Chat/9][5 pkts/788 bytes <-> 3 pkts/890 bytes][Goodput ratio: 57/77][0.17 sec][bytes ratio: -0.061 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 6/47 24/68 42/90 14/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 158/297 315/750 110/321][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 7.107 (Compressed Executable)][Plen Bins: 0,0,0,0,0,0,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 11 UDP 192.168.12.169:49667 <-> 91.108.13.23:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][DPI packets: 7][cat: VoIP/10][6 pkts/912 bytes <-> 6 pkts/704 bytes][Goodput ratio: 72/64][14.30 sec][Hostname/SNI: telegram.org][bytes ratio: 0.129 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 82/81 176/176 283/284 76/77][Pkt Len c2s/s2c min/avg/max/stddev: 70/102 152/117 170/134 37/14][Mapped IP/Port: 93.47.225.70:11619][Peer IP/Port: 93.36.13.115:35393][Relayed IP/Port: 91.108.13.23:62318][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (ehscoNGDW)][Plen Bins: 8,16,33,16,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 12 UDP 192.168.12.169:49780 <-> 91.108.17.2:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][DPI packets: 7][cat: VoIP/10][6 pkts/912 bytes <-> 6 pkts/704 bytes][Goodput ratio: 72/64][14.31 sec][Hostname/SNI: telegram.org][bytes ratio: 0.129 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 83/84 174/175 253/252 62/61][Pkt Len c2s/s2c min/avg/max/stddev: 70/102 152/117 170/134 37/14][Mapped IP/Port: 93.47.225.70:11620][Peer IP/Port: 93.36.13.115:35393][Relayed IP/Port: 91.108.17.2:45408][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (Unauthorized)][Plen Bins: 8,16,33,16,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 13 TCP 192.168.12.169:37966 <-> 149.154.167.91:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: Match by IP][DPI packets: 4][cat: Chat/9][5 pkts/1117 bytes <-> 3 pkts/464 bytes][Goodput ratio: 70/55][0.15 sec][bytes ratio: 0.413 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/32 20/62 33/91 13/30][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 223/155 532/324 196/120][Plen Bins: 0,0,0,0,0,0,0,0,33,33,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 13 TCP 192.168.12.169:37966 <-> 149.154.167.91:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: Match by IP][DPI packets: 4][cat: Chat/9][5 pkts/1117 bytes <-> 3 pkts/464 bytes][Goodput ratio: 70/55][0.15 sec][bytes ratio: 0.413 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/32 20/62 33/91 13/30][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 223/155 532/324 196/120][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 7.574 (Encrypted or Random)][Plen Bins: 0,0,0,0,0,0,0,0,33,33,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 14 UDP 192.168.12.169:37444 <-> 91.108.17.2:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][DPI packets: 6][cat: VoIP/10][3 pkts/402 bytes <-> 3 pkts/378 bytes][Goodput ratio: 68/66][14.31 sec][Hostname/SNI: telegram.org][bytes ratio: 0.031 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 159/159 7082/7082 14005/14005 6923/6923][Pkt Len c2s/s2c min/avg/max/stddev: 70/110 134/126 166/134 45/11][Mapped IP/Port: 93.47.225.70:11623][Relayed IP/Port: 91.108.17.2:35898][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (Unauthorized)][Plen Bins: 16,0,50,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 15 UDP 192.168.12.169:37530 <-> 91.108.13.23:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][DPI packets: 6][cat: VoIP/10][3 pkts/402 bytes <-> 3 pkts/378 bytes][Goodput ratio: 68/66][14.30 sec][Hostname/SNI: telegram.org][bytes ratio: 0.031 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 133/132 7082/7082 14032/14032 6950/6950][Pkt Len c2s/s2c min/avg/max/stddev: 70/110 134/126 166/134 45/11][Mapped IP/Port: 93.47.225.70:11622][Relayed IP/Port: 91.108.13.23:34290][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (Unauthorized)][Plen Bins: 16,0,50,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 16 UDP 192.168.12.169:37849 <-> 91.108.9.35:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][DPI packets: 6][cat: VoIP/10][3 pkts/402 bytes <-> 3 pkts/378 bytes][Goodput ratio: 68/66][14.20 sec][Hostname/SNI: telegram.org][bytes ratio: 0.031 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 30/45 7084/7084 14138/14124 7054/7040][Pkt Len c2s/s2c min/avg/max/stddev: 70/110 134/126 166/134 45/11][Mapped IP/Port: 93.47.225.70:11621][Relayed IP/Port: 91.108.9.35:63273][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (Bs/cdOs)][Plen Bins: 16,0,50,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -67,9 +67,9 @@ Acceptable 883 382822 33 25 TCP 18.195.162.93:443 <-> 192.168.12.169:38956 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][2 pkts/163 bytes <-> 2 pkts/132 bytes][Goodput ratio: 19/0][5.09 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 26 TCP 192.168.12.169:40710 <-> 52.58.18.25:5222 [proto: 265/AmazonAWS][IP: 265/AmazonAWS][Encrypted][Confidence: Match by IP][DPI packets: 4][cat: Cloud/13][2 pkts/144 bytes <-> 2 pkts/144 bytes][Goodput ratio: 8/8][0.02 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 27 ICMPV6 [fe80::98df:58ff:fefa:ebdc]:0 -> [ff02::2]:0 [proto: 102/ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][4 pkts/280 bytes -> 0 pkts/0 bytes][Goodput ratio: 11/0][32.62 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 28 ICMP 192.168.12.169:0 -> 91.108.9.35:0 [proto: 81/ICMP][IP: 185/Telegram][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/276 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][0.00 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (ORtRLoo/fpi)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 29 ICMP 192.168.12.169:0 -> 91.108.13.23:0 [proto: 81/ICMP][IP: 185/Telegram][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/276 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][0.00 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (BuBNffVSd)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 30 ICMP 192.168.12.169:0 -> 91.108.17.2:0 [proto: 81/ICMP][IP: 185/Telegram][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/276 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][0.01 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (KHOirrFTCqEz)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 28 ICMP 192.168.12.169:0 -> 91.108.9.35:0 [proto: 81/ICMP][IP: 185/Telegram][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/276 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][0.00 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy: 5.590 (Executable)][PLAIN TEXT (ORtRLoo/fpi)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 29 ICMP 192.168.12.169:0 -> 91.108.13.23:0 [proto: 81/ICMP][IP: 185/Telegram][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/276 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][0.00 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy: 5.612 (Executable)][PLAIN TEXT (BuBNffVSd)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 30 ICMP 192.168.12.169:0 -> 91.108.17.2:0 [proto: 81/ICMP][IP: 185/Telegram][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/276 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][0.01 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy: 5.737 (Executable)][PLAIN TEXT (KHOirrFTCqEz)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 31 TCP 192.168.12.169:37948 <-> 149.154.167.91:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI (partial)][DPI packets: 3][cat: Chat/9][2 pkts/128 bytes <-> 1 pkts/74 bytes][Goodput ratio: 0/0][0.03 sec][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused (client)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 32 UDP [fe80::abe:acff:fe0b:176e]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/107 bytes -> 0 pkts/0 bytes][Goodput ratio: 42/0][< 1 sec][Hostname/SNI: _ipps._tcp.local][_ipps._tcp.local][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 33 UDP 192.168.12.1:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/87 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Hostname/SNI: _ipps._tcp.local][_ipps._tcp.local][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/tftp.pcap.out b/tests/cfgs/default/result/tftp.pcap.out index 340559ba1a3..cc755d7ffb8 100644 --- a/tests/cfgs/default/result/tftp.pcap.out +++ b/tests/cfgs/default/result/tftp.pcap.out @@ -17,7 +17,7 @@ Automa domain: 0/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) Automa common alpns: 0/0 (search/found) -Patricia risk mask: 14/0 (search/found) +Patricia risk mask: 16/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 0/0 (search/found) diff --git a/tests/cfgs/default/result/tls_certificate_too_long.pcap.out b/tests/cfgs/default/result/tls_certificate_too_long.pcap.out index 23df3567906..83319a94f14 100644 --- a/tests/cfgs/default/result/tls_certificate_too_long.pcap.out +++ b/tests/cfgs/default/result/tls_certificate_too_long.pcap.out @@ -83,4 +83,4 @@ JA3 Host Stats: Undetected flows: - 1 TCP 192.168.1.121:52721 <-> 192.168.1.139:55367 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 13][6 pkts/1578 bytes <-> 7 pkts/4004 bytes][Goodput ratio: 75/88][1.86 sec][bytes ratio: -0.435 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 388/69 825/279 297/108][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 263/572 460/1514 197/612][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy 7.40][Plen Bins: 0,0,0,0,0,0,14,0,0,0,0,0,57,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0] + 1 TCP 192.168.1.121:52721 <-> 192.168.1.139:55367 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 13][6 pkts/1578 bytes <-> 7 pkts/4004 bytes][Goodput ratio: 75/88][1.86 sec][bytes ratio: -0.435 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 388/69 825/279 297/108][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 263/572 460/1514 197/612][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 7.849 (Encrypted or Random)][Plen Bins: 0,0,0,0,0,0,14,0,0,0,0,0,57,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0] diff --git a/tests/cfgs/default/result/toca-boca.pcap.out b/tests/cfgs/default/result/toca-boca.pcap.out index ea7273a08d0..568b28e3eab 100644 --- a/tests/cfgs/default/result/toca-boca.pcap.out +++ b/tests/cfgs/default/result/toca-boca.pcap.out @@ -33,9 +33,9 @@ Fun 77 15576 21 3 UDP 192.168.2.100:44818 <-> 91.199.81.123:5055 [proto: 155/TocaBoca][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][8 pkts/1177 bytes <-> 7 pkts/1167 bytes][Goodput ratio: 71/75][2.29 sec][bytes ratio: 0.004 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 51/15 360/435 985/1007 340/380][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 147/167 478/515 129/147][PLAIN TEXT (82620531)][Plen Bins: 0,61,13,0,13,0,0,0,0,0,0,0,0,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 4 UDP 192.168.2.100:35671 <-> 91.199.81.123:5055 [proto: 155/TocaBoca][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][8 pkts/1172 bytes <-> 7 pkts/1128 bytes][Goodput ratio: 71/74][2.28 sec][bytes ratio: 0.019 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 62/5 369/232 1011/994 346/382][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 146/161 478/515 132/150][PLAIN TEXT (82620531)][Plen Bins: 13,47,13,0,13,0,0,0,0,0,0,0,0,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 5 UDP 91.199.81.122:5055 -> 192.168.2.100:56920 [proto: 155/TocaBoca][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Game/8][1 pkts/1242 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (256582283)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0] - 6 UDP 91.199.81.225:5055 -> 192.168.2.100:43151 [proto: 155/TocaBoca][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Game/8][1 pkts/1242 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (Game8683)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0] - 7 UDP 91.199.81.225:5055 -> 192.168.2.100:50337 [proto: 155/TocaBoca][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Game/8][1 pkts/1242 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT ( busco amigos soy policia franc)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0] - 8 UDP 91.199.81.123:5055 -> 192.168.2.100:37167 [proto: 155/TocaBoca][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Game/8][1 pkts/495 bytes -> 0 pkts/0 bytes][Goodput ratio: 91/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (65NC02dcs)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 6 UDP 91.199.81.225:5055 -> 192.168.2.100:43151 [proto: 155/TocaBoca][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Game/8][1 pkts/1242 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy: 5.407 (Executable)][PLAIN TEXT (Game8683)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0] + 7 UDP 91.199.81.225:5055 -> 192.168.2.100:50337 [proto: 155/TocaBoca][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Game/8][1 pkts/1242 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy: 5.633 (Executable)][PLAIN TEXT ( busco amigos soy policia franc)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0] + 8 UDP 91.199.81.123:5055 -> 192.168.2.100:37167 [proto: 155/TocaBoca][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Game/8][1 pkts/495 bytes -> 0 pkts/0 bytes][Goodput ratio: 91/0][< 1 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy: 6.192 (Executable)][PLAIN TEXT (65NC02dcs)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 9 UDP 192.168.2.100:37218 -> 91.199.81.123:5055 [proto: 155/TocaBoca][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][1 pkts/201 bytes -> 0 pkts/0 bytes][Goodput ratio: 79/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 10 UDP 91.199.81.123:5055 -> 192.168.2.100:33311 [proto: 155/TocaBoca][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][1 pkts/192 bytes -> 0 pkts/0 bytes][Goodput ratio: 78/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 11 UDP 91.199.81.123:5055 -> 192.168.2.100:40290 [proto: 155/TocaBoca][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][1 pkts/192 bytes -> 0 pkts/0 bytes][Goodput ratio: 78/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/viber.pcap.out b/tests/cfgs/default/result/viber.pcap.out index daaa8807596..65b1fc74078 100644 --- a/tests/cfgs/default/result/viber.pcap.out +++ b/tests/cfgs/default/result/viber.pcap.out @@ -19,7 +19,7 @@ Automa domain: 31/0 (search/found) Automa tls cert: 2/0 (search/found) Automa risk mask: 8/0 (search/found) Automa common alpns: 9/9 (search/found) -Patricia risk mask: 28/0 (search/found) +Patricia risk mask: 30/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 1/0 (search/found) @@ -50,7 +50,7 @@ JA3 Host Stats: 1 TCP 192.168.0.17:53934 <-> 54.230.93.53:443 [proto: 91.144/TLS.Viber][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 8][cat: Chat/9][43 pkts/4571 bytes <-> 46 pkts/60087 bytes][Goodput ratio: 38/95][5.64 sec][Hostname/SNI: dl-media.viber.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.859 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 162/2 5370/40 907/7][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 106/1306 774/1514 151/466][TLSv1.2][JA3C: d8c87b9bfde38897979e41242626c2f3][JA4: t12d1409h2_c866b44c5a26_e08eabe7240f][ServerNames: *.viber.com,viber.com][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=US, O=thawte, Inc., CN=thawte SSL CA - G2][Subject: C=LU, ST=Luxembourg, L=Luxembourg, O=Viber Media Sarl, OU=IT, CN=*.viber.com][Certificate SHA-1: E1:11:26:E6:14:A5:E6:F7:F1:CB:68:D1:A6:95:A1:5E:11:48:72:2A][Firefox][Validity: 2016-06-26 00:00:00 - 2018-06-26 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,4,0,2,0,2,0,0,2,0,0,0,0,0,0,0,2,0,0,0,4,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,81,0,0] 2 TCP 192.168.0.17:57520 <-> 54.230.93.96:443 [proto: 91.144/TLS.Viber][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 8][cat: Chat/9][12 pkts/1848 bytes <-> 12 pkts/9317 bytes][Goodput ratio: 57/91][5.69 sec][Hostname/SNI: media.cdn.viber.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.669 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 622/10 5492/35 1722/14][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 154/776 435/1514 138/635][TLSv1.2][JA3C: d8c87b9bfde38897979e41242626c2f3][JA4: t12d1409h2_c866b44c5a26_e08eabe7240f][ServerNames: *.cdn.viber.com][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=US, O=thawte, Inc., CN=thawte SSL CA - G2][Subject: C=LU, ST=Luxembourg, L=Luxembourg, O=Viber Media Sarl, OU=IT, CN=*.cdn.viber.com][Certificate SHA-1: B6:30:6F:02:75:A8:08:0A:AE:AA:9C:6C:9F:B5:8E:4C:82:02:3D:39][Firefox][Validity: 2016-07-03 00:00:00 - 2018-07-03 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,7,0,7,0,7,0,0,15,23,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,39,0,0] 3 TCP 192.168.0.17:49048 <-> 54.187.91.182:443 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 9][cat: Web/5][13 pkts/2823 bytes <-> 14 pkts/6552 bytes][Goodput ratio: 69/86][1.00 sec][Hostname/SNI: brahe.apptimize.com][(Advertised) ALPNs: http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.398 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 58/60 176/183 76/72][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 217/468 1514/1514 380/570][TLSv1.2][JA3C: d8c87b9bfde38897979e41242626c2f3][JA4: t12d1409ht_c866b44c5a26_e08eabe7240f][ServerNames: *.apptimize.com,apptimize.com][JA3S: 8d2a028aa94425f76ced7826b1f39039][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Organization Validation Secure Server CA][Subject: C=US, ST=CA, L=Mountain View, O=Apptimize, Inc, OU=PremiumSSL Wildcard, CN=*.apptimize.com][Certificate SHA-1: BC:4C:8F:EC:8B:7B:85:BD:54:61:8B:C0:7B:E7:A2:69:0B:F2:49:E5][Firefox][Validity: 2016-02-11 00:00:00 - 2019-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 7,15,0,7,0,15,0,0,7,0,0,0,7,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,0,0] - 4 TCP 192.168.0.17:33208 <-> 52.0.253.101:4244 [proto: 144/Viber][IP: 144/Viber][Encrypted][Confidence: Match by port][DPI packets: 21][cat: VoIP/10][32 pkts/6563 bytes <-> 26 pkts/2782 bytes][Goodput ratio: 68/38][46.77 sec][bytes ratio: 0.405 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1220/1489 7187/7333 2090/2188][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 205/107 657/176 184/43][Plen Bins: 0,3,57,18,0,0,0,0,0,0,3,3,0,3,0,0,9,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 4 TCP 192.168.0.17:33208 <-> 52.0.253.101:4244 [proto: 144/Viber][IP: 144/Viber][Encrypted][Confidence: Match by port][DPI packets: 21][cat: VoIP/10][32 pkts/6563 bytes <-> 26 pkts/2782 bytes][Goodput ratio: 68/38][46.77 sec][bytes ratio: 0.405 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1220/1489 7187/7333 2090/2188][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 205/107 657/176 184/43][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 7.553 (Encrypted or Random)][Plen Bins: 0,3,57,18,0,0,0,0,0,0,3,3,0,3,0,0,9,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 5 TCP 192.168.0.17:43702 <-> 172.217.23.78:443 [proto: 91.126/TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][15 pkts/5339 bytes <-> 12 pkts/3436 bytes][Goodput ratio: 81/77][33.94 sec][Hostname/SNI: app-measurement.com][(Advertised) ALPNs: http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: 0.217 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2821/2646 23555/23575 6838/7399][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 356/286 1038/884 370/258][TLSv1.2][JA3C: 3967ff2d2c9c4d144e7e30f24f4e9761][JA4: t12d1410ht_c866b44c5a26_f88f2b2eb673][JA3S: 67619a80665d7ab92d1041b1d11f9164][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,7,0,0,0,7,0,0,0,0,0,0,40,0,0,0,7,0,0,0,0,0,0,7,0,15,7,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 6 TCP 192.168.0.17:36986 <-> 54.69.166.226:443 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 9][cat: Web/5][11 pkts/1437 bytes <-> 11 pkts/6412 bytes][Goodput ratio: 49/89][1.01 sec][Hostname/SNI: mapi.apptimize.com][(Advertised) ALPNs: http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.634 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 104/51 273/178 102/80][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 131/583 432/1514 112/601][TLSv1.2][JA3C: d8c87b9bfde38897979e41242626c2f3][JA4: t12d1409ht_c866b44c5a26_e08eabe7240f][ServerNames: *.apptimize.com,apptimize.com][JA3S: 8d2a028aa94425f76ced7826b1f39039][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Organization Validation Secure Server CA][Subject: C=US, ST=CA, L=Mountain View, O=Apptimize, Inc, OU=PremiumSSL Wildcard, CN=*.apptimize.com][Certificate SHA-1: BC:4C:8F:EC:8B:7B:85:BD:54:61:8B:C0:7B:E7:A2:69:0B:F2:49:E5][Firefox][Validity: 2016-02-11 00:00:00 - 2019-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 18,0,0,9,0,9,0,0,9,0,0,9,0,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,27,0,0] 7 TCP 192.168.0.17:55746 <-> 151.101.1.130:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][10 pkts/1534 bytes <-> 9 pkts/6239 bytes][Goodput ratio: 55/90][0.23 sec][Hostname/SNI: venetia.iad.appboy.com][(Advertised) ALPNs: http/1.1][bytes ratio: -0.605 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 29/19 152/60 47/24][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 153/693 631/1514 169/616][TLSv1.2][JA3C: d8c87b9bfde38897979e41242626c2f3][JA4: t12d1409ht_c866b44c5a26_e08eabe7240f][Firefox][Plen Bins: 0,0,11,0,0,11,0,0,11,0,11,0,0,0,0,0,0,11,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0] @@ -58,7 +58,7 @@ JA3 Host Stats: 9 UDP 192.168.0.17:47171 <-> 18.201.4.32:7985 [proto: 144/Viber][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 1][cat: VoIP/10][24 pkts/5035 bytes <-> 22 pkts/2302 bytes][Goodput ratio: 80/60][7.22 sec][bytes ratio: 0.372 (Upload)][IAT c2s/s2c min/avg/max/stddev: 15/15 304/334 529/529 209/188][Pkt Len c2s/s2c min/avg/max/stddev: 54/76 210/105 299/118 115/20][PLAIN TEXT (Android)][Plen Bins: 19,15,32,0,0,0,0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 10 UDP 192.168.0.17:38190 <-> 18.201.4.3:7985 [proto: 144/Viber][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 1][cat: VoIP/10][25 pkts/4344 bytes <-> 18 pkts/1872 bytes][Goodput ratio: 76/60][5.68 sec][bytes ratio: 0.398 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 203/279 513/531 233/236][Pkt Len c2s/s2c min/avg/max/stddev: 54/76 174/104 299/118 120/20][PLAIN TEXT (Android)][Plen Bins: 30,13,27,0,0,0,0,0,27,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 11 TCP 192.168.2.100:48690 <-> 52.0.252.145:4244 [proto: 144/Viber][IP: 144/Viber][Encrypted][Confidence: DPI][DPI packets: 4][cat: VoIP/10][7 pkts/679 bytes <-> 8 pkts/3857 bytes][Goodput ratio: 29/86][1.11 sec][bytes ratio: -0.701 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 201/136 711/814 261/303][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 97/482 167/1506 43/573][Plen Bins: 12,0,25,25,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,12,0,0] - 12 ICMP 192.168.0.17:0 <-> 192.168.0.15:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/1514 bytes][Goodput ratio: 97/97][< 1 sec][PLAIN TEXT (1234567890ABCDEFGHIJKLMNOPQ)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0] + 12 ICMP 192.168.0.17:0 <-> 192.168.0.15:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/1514 bytes][Goodput ratio: 97/97][< 1 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: No server to client traffic / Entropy: 5.196 (Executable)][PLAIN TEXT (1234567890ABCDEFGHIJKLMNOPQ)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0] 13 TCP 192.168.2.100:41184 <-> 52.0.252.2:5242 [proto: 144/Viber][IP: 144/Viber][Encrypted][Confidence: DPI][DPI packets: 4][cat: VoIP/10][6 pkts/428 bytes <-> 5 pkts/854 bytes][Goodput ratio: 6/60][0.55 sec][bytes ratio: -0.332 (Download)][IAT c2s/s2c min/avg/max/stddev: 6/0 89/70 156/141 59/70][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 71/171 90/582 9/206][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 14 UDP 192.168.0.17:62872 <-> 192.168.0.15:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/78 bytes <-> 1 pkts/373 bytes][Goodput ratio: 46/89][0.00 sec][Hostname/SNI: mapi.apptimize.com][54.69.166.226][PLAIN TEXT (apptimize)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 15 TCP 192.168.0.17:33744 <-> 18.201.4.3:443 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: Match by port][DPI packets: 6][cat: Web/5][4 pkts/272 bytes <-> 2 pkts/140 bytes][Goodput ratio: 0/0][5.72 sec][bytes ratio: 0.320 (Upload)][IAT c2s/s2c min/avg/max/stddev: 34/0 1907/0 5652/0 2648/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/70 74/74 3/4][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/wa_video.pcap.out b/tests/cfgs/default/result/wa_video.pcap.out index f24395137a2..fce5f9a0f83 100644 --- a/tests/cfgs/default/result/wa_video.pcap.out +++ b/tests/cfgs/default/result/wa_video.pcap.out @@ -38,7 +38,7 @@ Fun 1 86 1 1 UDP 192.168.2.12:53688 <-> 31.13.86.48:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][DPI packets: 7][cat: VoIP/10][347 pkts/223797 bytes <-> 146 pkts/24878 bytes][Goodput ratio: 93/75][22.48 sec][bytes ratio: 0.800 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 44/77 2891/3013 278/400][Pkt Len c2s/s2c min/avg/max/stddev: 48/44 645/170 1181/1095 402/174][Mapped IP/Port: 80.180.162.48:53046][PLAIN TEXT (hw3@PydH)][Plen Bins: 11,29,10,5,5,0,0,0,0,0,0,0,0,0,14,0,3,0,0,0,0,0,0,0,0,1,1,0,1,3,2,0,2,4,2,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.2.12:53688 <-> 91.252.56.51:32641 [proto: 78.45/STUN.WhatsAppCall][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][DPI packets: 7][cat: VoIP/10][72 pkts/48848 bytes <-> 35 pkts/22821 bytes][Goodput ratio: 94/94][3.05 sec][bytes ratio: 0.363 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 47/19 707/132 139/32][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 678/652 1160/1140 376/376][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (dBXAnF)][Plen Bins: 1,8,0,8,2,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,8,1,5,5,14,2,5,1,8,4,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0] - 3 TCP 192.168.2.12:49355 <-> 157.240.20.53:5222 [proto: 142/WhatsApp][IP: 142/WhatsApp][Encrypted][Confidence: Match by IP][DPI packets: 22][cat: Chat/9][66 pkts/8810 bytes <-> 67 pkts/11758 bytes][Goodput ratio: 50/62][27.94 sec][bytes ratio: -0.143 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 365/429 6456/7033 1181/1216][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 133/175 1454/1454 183/248][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy 7.59][PLAIN TEXT (AaPKuGR)][Plen Bins: 2,50,0,5,13,17,0,0,2,0,0,1,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0] + 3 TCP 192.168.2.12:49355 <-> 157.240.20.53:5222 [proto: 142/WhatsApp][IP: 142/WhatsApp][Encrypted][Confidence: Match by IP][DPI packets: 22][cat: Chat/9][66 pkts/8810 bytes <-> 67 pkts/11758 bytes][Goodput ratio: 50/62][27.94 sec][bytes ratio: -0.143 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 365/429 6456/7033 1181/1216][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 133/175 1454/1454 183/248][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 7.866 (Encrypted or Random)][PLAIN TEXT (AaPKuGR)][Plen Bins: 2,50,0,5,13,17,0,0,2,0,0,1,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0] 4 UDP 192.168.2.12:53688 -> 1.60.78.64:59491 [proto: 78.45/STUN.WhatsAppCall][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][DPI packets: 7][cat: VoIP/10][18 pkts/1548 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][10.75 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 618/0 631/0 695/0 17/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/0 86/0 86/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 5 UDP 192.168.2.1:17500 -> 192.168.2.255:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Cloud/13][2 pkts/764 bytes -> 0 pkts/0 bytes][Goodput ratio: 89/0][< 1 sec][PLAIN TEXT (version)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 6 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/684 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][8.20 sec][Hostname/SNI: lucas-imac][DHCP Fingerprint: 1,121,3,6,15,119,252,95,44,46][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/waze.pcap.out b/tests/cfgs/default/result/waze.pcap.out index 1c1d4ac08c1..6d8188794a6 100644 --- a/tests/cfgs/default/result/waze.pcap.out +++ b/tests/cfgs/default/result/waze.pcap.out @@ -43,7 +43,7 @@ JA3 Host Stats: 1 TCP 10.8.0.1:36100 <-> 46.51.173.182:443 [proto: 91.135/TLS.Waze][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][52 pkts/10860 bytes <-> 55 pkts/74852 bytes][Goodput ratio: 74/96][19.68 sec][bytes ratio: -0.747 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 288/329 3806/5018 686/820][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 209/1361 590/17258 183/3378][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][JA4: t10d320300_771403ec58f7_a875e5012fde][ServerNames: *.world.waze.com][JA3S: 714ac86d50db68420429ca897688f5f3 (WEAK)][Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2][Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com][Certificate SHA-1: 30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B][Validity: 2014-11-06 16:09:20 - 2015-11-06 16:09:20][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,5,0,0,21,1,5,3,3,1,10,1,0,0,0,0,14,0,0,0,0,0,1,0,1,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23] - 2 TCP 10.8.0.1:54915 <-> 65.39.128.135:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Download/7][19 pkts/1309 bytes <-> 18 pkts/61896 bytes][Goodput ratio: 20/98][5.27 sec][Hostname/SNI: xtra1.gpsonextra.net][bytes ratio: -0.959 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 321/373 3680/3677 903/960][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 69/3439 317/11833 59/3468][URL: xtra1.gpsonextra.net/xtra2.bin][StatusCode: 200][Content-Type: application/octet-stream][Server: Cherokee][User-Agent: Android][Risk: ** Binary file/data transfer (attempt) **][Risk Score: 50][Risk Info: Found binary mime octet-stream][PLAIN TEXT (GET /xtra)][Plen Bins: 0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,0,71] + 2 TCP 10.8.0.1:54915 <-> 65.39.128.135:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Download/7][19 pkts/1309 bytes <-> 18 pkts/61896 bytes][Goodput ratio: 20/98][5.27 sec][Hostname/SNI: xtra1.gpsonextra.net][bytes ratio: -0.959 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 321/373 3680/3677 903/960][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 69/3439 317/11833 59/3468][URL: xtra1.gpsonextra.net/xtra2.bin][StatusCode: 200][Content-Type: application/octet-stream][Server: Cherokee][User-Agent: Android][Risk: ** Susp Entropy **** Binary file/data transfer (attempt) **][Risk Score: 100][Risk Info: Entropy: 5.051 (Executable) / Found binary mime octet-stream][PLAIN TEXT (GET /xtra)][Plen Bins: 0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,0,71] 3 TCP 10.8.0.1:39021 <-> 52.17.114.219:443 [proto: 91.135/TLS.Waze][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 8][cat: Web/5][17 pkts/1962 bytes <-> 16 pkts/56934 bytes][Goodput ratio: 52/98][2.64 sec][bytes ratio: -0.933 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 155/189 387/415 137/131][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 115/3558 590/21942 132/6125][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][JA4: t10d320300_771403ec58f7_a875e5012fde][ServerNames: *.world.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2][Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com][Certificate SHA-1: 30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B][Validity: 2014-11-06 16:09:20 - 2015-11-06 16:09:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 7,0,0,0,15,7,0,7,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0,0,0,39] 4 TCP 10.8.0.1:36312 <-> 176.34.186.180:443 [proto: 91.135/TLS.Waze][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 8][cat: Web/5][17 pkts/2176 bytes <-> 15 pkts/42443 bytes][Goodput ratio: 57/98][3.70 sec][bytes ratio: -0.902 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 218/126 1449/293 383/116][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 128/2830 590/11186 147/3901][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][JA4: t10d320300_771403ec58f7_a875e5012fde][ServerNames: *.world.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2][Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com][Certificate SHA-1: 30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B][Validity: 2014-11-06 16:09:20 - 2015-11-06 16:09:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,7,0,0,7,7,0,7,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,35] 5 TCP 10.8.0.1:36316 <-> 176.34.186.180:443 [proto: 91.135/TLS.Waze][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][15 pkts/1540 bytes <-> 13 pkts/26346 bytes][Goodput ratio: 46/97][3.22 sec][bytes ratio: -0.890 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 237/155 1289/609 359/182][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 103/2027 411/8150 98/2612][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][JA4: t10d320300_771403ec58f7_a875e5012fde][ServerNames: *.world.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2][Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com][Certificate SHA-1: 30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B][Validity: 2014-11-06 16:09:20 - 2015-11-06 16:09:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,8,0,0,8,8,0,8,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33] @@ -55,15 +55,15 @@ JA3 Host Stats: 11 TCP 10.8.0.1:36137 <-> 46.51.173.182:443 [proto: 91.135/TLS.Waze][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 8][cat: Web/5][12 pkts/1522 bytes <-> 11 pkts/4220 bytes][Goodput ratio: 56/86][2.36 sec][bytes ratio: -0.470 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 196/195 883/537 286/190][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 127/384 380/2189 107/640][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][JA4: t10d320300_771403ec58f7_a875e5012fde][ServerNames: *.world.waze.com][JA3S: 714ac86d50db68420429ca897688f5f3 (WEAK)][Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2][Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com][Certificate SHA-1: 30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B][Validity: 2014-11-06 16:09:20 - 2015-11-06 16:09:20][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,0,0,0,12,12,12,25,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12] 12 TCP 10.8.0.1:36314 <-> 176.34.186.180:443 [proto: 91.135/TLS.Waze][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 8][cat: Web/5][11 pkts/1260 bytes <-> 9 pkts/4413 bytes][Goodput ratio: 51/89][3.32 sec][bytes ratio: -0.556 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 335/261 1332/645 428/236][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 115/490 347/2533 95/785][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][JA4: t10d320300_771403ec58f7_a875e5012fde][ServerNames: *.world.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2][Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com][Certificate SHA-1: 30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B][Validity: 2014-11-06 16:09:20 - 2015-11-06 16:09:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,12,0,0,12,12,12,12,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12] 13 TCP 10.8.0.1:51050 <-> 176.34.103.105:443 [proto: 91.135/TLS.Waze][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 8][cat: Web/5][9 pkts/1184 bytes <-> 9 pkts/4369 bytes][Goodput ratio: 57/89][2.45 sec][bytes ratio: -0.574 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 300/341 1397/1346 459/421][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 132/485 379/2165 108/725][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][JA4: t10d320300_771403ec58f7_a875e5012fde][ServerNames: *.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2][Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.waze.com][Certificate SHA-1: A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57][Validity: 2015-01-12 13:36:11 - 2015-12-31 00:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,12,0,0,12,25,0,12,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,12] - 14 TCP 10.8.0.1:45529 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 8][cat: Web/5][9 pkts/591 bytes <-> 8 pkts/3424 bytes][Goodput ratio: 14/87][0.53 sec][Hostname/SNI: roadshields.waze.com][bytes ratio: -0.706 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/3 75/105 261/274 89/92][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 66/428 137/1678 26/651][URL: roadshields.waze.com/images/HD/CH2.png][StatusCode: 200][Content-Type: image/png][Server: AmazonS3][User-Agent: /3.9.4.0][PLAIN TEXT (GET /images/HD/CH)][Plen Bins: 25,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,25] + 14 TCP 10.8.0.1:45529 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 8][cat: Web/5][9 pkts/591 bytes <-> 8 pkts/3424 bytes][Goodput ratio: 14/87][0.53 sec][Hostname/SNI: roadshields.waze.com][bytes ratio: -0.706 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/3 75/105 261/274 89/92][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 66/428 137/1678 26/651][URL: roadshields.waze.com/images/HD/CH2.png][StatusCode: 200][Content-Type: image/png][Server: AmazonS3][User-Agent: /3.9.4.0][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 4.989 (Executable)][PLAIN TEXT (GET /images/HD/CH)][Plen Bins: 25,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,25] 15 TCP 10.8.0.1:36585 <-> 173.194.118.48:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][7 pkts/1137 bytes <-> 6 pkts/1005 bytes][Goodput ratio: 65/68][0.40 sec][bytes ratio: 0.062 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/2 32/74 53/188 24/69][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 162/168 572/602 177/200][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TLSv1][JA3C: f8f5b71e02603b283e55b50d17ede861][JA4: t10d140200_37d7d24289bf_33a13ba74d1c][JA3S: 23f1f6e2f0015c166df49fdab4280370 (INSECURE)][Cipher: TLS_ECDHE_RSA_WITH_RC4_128_SHA][Plen Bins: 0,20,0,0,20,20,0,0,0,0,0,0,0,0,0,0,20,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 16 TCP 10.8.0.1:45536 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 8][cat: Web/5][8 pkts/594 bytes <-> 7 pkts/771 bytes][Goodput ratio: 24/51][0.14 sec][Hostname/SNI: cres.waze.com][bytes ratio: -0.130 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 23/29 134/84 50/39][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 74/110 194/447 46/138][URL: cres.waze.com/lang_asr/lang.portuguese_br_asr][StatusCode: 304][Server: AmazonS3][User-Agent: /3.9.4.0][PLAIN TEXT (GET /lang)][Plen Bins: 33,0,0,0,33,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 16 TCP 10.8.0.1:45536 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 8][cat: Web/5][8 pkts/594 bytes <-> 7 pkts/771 bytes][Goodput ratio: 24/51][0.14 sec][Hostname/SNI: cres.waze.com][bytes ratio: -0.130 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 23/29 134/84 50/39][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 74/110 194/447 46/138][URL: cres.waze.com/lang_asr/lang.portuguese_br_asr][StatusCode: 304][Server: AmazonS3][User-Agent: /3.9.4.0][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.214 (Executable)][PLAIN TEXT (GET /lang)][Plen Bins: 33,0,0,0,33,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 17 TCP 10.8.0.1:50828 <-> 108.168.176.228:443 [proto: 142/WhatsApp][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: Chat/9][8 pkts/673 bytes <-> 7 pkts/668 bytes][Goodput ratio: 33/43][0.55 sec][bytes ratio: 0.004 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/9 80/98 289/238 106/83][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 84/95 222/245 53/67][PLAIN TEXT (Android)][Plen Bins: 50,0,16,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 18 TCP 10.8.0.1:45546 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 8][cat: Web/5][7 pkts/557 bytes <-> 7 pkts/771 bytes][Goodput ratio: 28/51][0.54 sec][Hostname/SNI: cres.waze.com][bytes ratio: -0.161 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 105/174 394/397 152/166][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 80/110 211/447 54/138][URL: cres.waze.com/newVconfig/1.0/3/prompts_conf.buf?rtserver-id=15][StatusCode: 304][Server: AmazonS3][User-Agent: /3.9.4.0][PLAIN TEXT (GET /newV)][Plen Bins: 33,0,0,0,33,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 19 TCP 10.8.0.1:45538 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 8][cat: Web/5][7 pkts/555 bytes <-> 7 pkts/771 bytes][Goodput ratio: 28/51][0.29 sec][Hostname/SNI: cres.waze.com][bytes ratio: -0.163 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 42/70 177/177 68/77][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 79/110 209/447 53/138][URL: cres.waze.com/lang_tts/lang.portuguese_br_tts?rtserver-id=15][StatusCode: 304][Server: AmazonS3][User-Agent: /3.9.4.0][PLAIN TEXT (GET /lang)][Plen Bins: 33,0,0,0,33,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 20 TCP 10.8.0.1:45552 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 8][cat: Web/5][7 pkts/552 bytes <-> 7 pkts/771 bytes][Goodput ratio: 28/51][0.23 sec][Hostname/SNI: cres.waze.com][bytes ratio: -0.166 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 34/56 169/168 67/79][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 79/110 206/447 52/138][URL: cres.waze.com/langs/1.0/lang.portuguese_br?rtserver-id=15][StatusCode: 304][Server: AmazonS3][User-Agent: /3.9.4.0][PLAIN TEXT (GET /langs/1.0/lang.portuguese)][Plen Bins: 33,0,0,0,33,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 21 TCP 10.8.0.1:45554 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 8][cat: Web/5][7 pkts/550 bytes <-> 7 pkts/769 bytes][Goodput ratio: 28/51][0.14 sec][Hostname/SNI: cres.waze.com][bytes ratio: -0.166 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 26/42 126/125 50/58][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 79/110 204/445 52/137][URL: cres.waze.com/newVconfig/1.0/3/lang.conf?rtserver-id=15][StatusCode: 304][Server: AmazonS3][User-Agent: /3.9.4.0][PLAIN TEXT (GET /newV)][Plen Bins: 33,0,0,0,33,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 22 TCP 10.8.0.1:45540 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 8][cat: Web/5][7 pkts/553 bytes <-> 7 pkts/733 bytes][Goodput ratio: 28/48][0.29 sec][Hostname/SNI: roadshields.waze.com][bytes ratio: -0.140 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 42/68 176/174 68/76][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 79/105 207/409 53/124][URL: roadshields.waze.com/shields_conf_new_latam?rtserver-id=15][StatusCode: 304][Server: AmazonS3][User-Agent: /3.9.4.0][PLAIN TEXT (GET /shields)][Plen Bins: 33,0,0,0,33,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 18 TCP 10.8.0.1:45546 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 8][cat: Web/5][7 pkts/557 bytes <-> 7 pkts/771 bytes][Goodput ratio: 28/51][0.54 sec][Hostname/SNI: cres.waze.com][bytes ratio: -0.161 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 105/174 394/397 152/166][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 80/110 211/447 54/138][URL: cres.waze.com/newVconfig/1.0/3/prompts_conf.buf?rtserver-id=15][StatusCode: 304][Server: AmazonS3][User-Agent: /3.9.4.0][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.243 (Executable)][PLAIN TEXT (GET /newV)][Plen Bins: 33,0,0,0,33,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 19 TCP 10.8.0.1:45538 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 8][cat: Web/5][7 pkts/555 bytes <-> 7 pkts/771 bytes][Goodput ratio: 28/51][0.29 sec][Hostname/SNI: cres.waze.com][bytes ratio: -0.163 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 42/70 177/177 68/77][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 79/110 209/447 53/138][URL: cres.waze.com/lang_tts/lang.portuguese_br_tts?rtserver-id=15][StatusCode: 304][Server: AmazonS3][User-Agent: /3.9.4.0][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.276 (Executable)][PLAIN TEXT (GET /lang)][Plen Bins: 33,0,0,0,33,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 20 TCP 10.8.0.1:45552 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 8][cat: Web/5][7 pkts/552 bytes <-> 7 pkts/771 bytes][Goodput ratio: 28/51][0.23 sec][Hostname/SNI: cres.waze.com][bytes ratio: -0.166 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 34/56 169/168 67/79][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 79/110 206/447 52/138][URL: cres.waze.com/langs/1.0/lang.portuguese_br?rtserver-id=15][StatusCode: 304][Server: AmazonS3][User-Agent: /3.9.4.0][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.296 (Executable)][PLAIN TEXT (GET /langs/1.0/lang.portuguese)][Plen Bins: 33,0,0,0,33,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 21 TCP 10.8.0.1:45554 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 8][cat: Web/5][7 pkts/550 bytes <-> 7 pkts/769 bytes][Goodput ratio: 28/51][0.14 sec][Hostname/SNI: cres.waze.com][bytes ratio: -0.166 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 26/42 126/125 50/58][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 79/110 204/445 52/137][URL: cres.waze.com/newVconfig/1.0/3/lang.conf?rtserver-id=15][StatusCode: 304][Server: AmazonS3][User-Agent: /3.9.4.0][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.250 (Executable)][PLAIN TEXT (GET /newV)][Plen Bins: 33,0,0,0,33,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 22 TCP 10.8.0.1:45540 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 8][cat: Web/5][7 pkts/553 bytes <-> 7 pkts/733 bytes][Goodput ratio: 28/48][0.29 sec][Hostname/SNI: roadshields.waze.com][bytes ratio: -0.140 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 42/68 176/174 68/76][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 79/105 207/409 53/124][URL: roadshields.waze.com/shields_conf_new_latam?rtserver-id=15][StatusCode: 304][Server: AmazonS3][User-Agent: /3.9.4.0][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.234 (Executable)][PLAIN TEXT (GET /shields)][Plen Bins: 33,0,0,0,33,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 23 TCP 10.16.37.157:41823 <-> 200.160.4.49:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 4][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes][Goodput ratio: 0/0][0.00 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 24 TCP 10.16.37.157:43991 <-> 200.160.4.31:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 4][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes][Goodput ratio: 0/0][0.01 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 25 TCP 10.16.37.157:46473 <-> 200.160.4.49:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 4][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes][Goodput ratio: 0/0][0.01 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/wechat.pcap.out b/tests/cfgs/default/result/wechat.pcap.out index 693572de6df..5c0c7fe6aa7 100644 --- a/tests/cfgs/default/result/wechat.pcap.out +++ b/tests/cfgs/default/result/wechat.pcap.out @@ -20,7 +20,7 @@ Automa domain: 94/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 20/0 (search/found) Automa common alpns: 56/56 (search/found) -Patricia risk mask: 78/0 (search/found) +Patricia risk mask: 76/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 1/0 (search/found) Patricia risk IPv6: 8/0 (search/found) @@ -93,7 +93,7 @@ JA3 Host Stats: 38 UDP 192.168.1.100:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Network/14][14 pkts/1148 bytes -> 0 pkts/0 bytes][Goodput ratio: 49/0][123.08 sec][Hostname/SNI: _googlecast._tcp.local][_googlecast._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 4608/0 45058/0 12221/0][Pkt Len c2s/s2c min/avg/max/stddev: 82/0 82/0 82/0 0/0][PLAIN TEXT (googlecast)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 39 TCP 192.168.1.103:58039 <-> 203.205.147.171:443 [proto: 91/TLS][IP: 285/Tencent][Encrypted][Confidence: Match by port][DPI packets: 17][cat: Web/5][13 pkts/866 bytes <-> 4 pkts/280 bytes][Goodput ratio: 0/0][140.92 sec][bytes ratio: 0.511 (Upload)][IAT c2s/s2c min/avg/max/stddev: 272/45308 12755/45308 45020/45308 13611/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 67/70 74/74 2/4][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 40 TCP 192.168.1.103:58143 -> 216.58.205.131:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 3][cat: Web/5][3 pkts/1078 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][92.69 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 41 TCP 203.205.151.162:443 <-> 192.168.1.103:54084 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][DPI packets: 6][cat: Web/5][3 pkts/802 bytes <-> 3 pkts/198 bytes][Goodput ratio: 75/0][16.21 sec][bytes ratio: 0.604 (Upload)][IAT c2s/s2c min/avg/max/stddev: 6562/9679 8102/9679 9642/9679 1540/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 267/66 670/66 285/0][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy 7.65][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 41 TCP 203.205.151.162:443 <-> 192.168.1.103:54084 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][DPI packets: 6][cat: Web/5][3 pkts/802 bytes <-> 3 pkts/198 bytes][Goodput ratio: 75/0][16.21 sec][bytes ratio: 0.604 (Upload)][IAT c2s/s2c min/avg/max/stddev: 6562/9679 8102/9679 9642/9679 1540/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 267/66 670/66 285/0][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 42 UDP 192.168.1.100:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][9 pkts/828 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][1.44 sec][Hostname/SNI: lbjamwptxz][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 179/0 816/0 313/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/0 92/0 92/0 0/0][PLAIN TEXT ( EMECEKEBENFHFAFEFIFKCACACACACA)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 43 IGMP 192.168.1.100:0 -> 224.0.0.22:0 [proto: 82/IGMP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][15 pkts/810 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3769.99 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 409/0 289920/0 3384346/0 895904/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/0 54/0 54/0 0/0][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 44 UDP 192.168.1.100:138 -> 192.168.1.255:138 [proto: 10.16/NetBIOS.SMBv1][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][3 pkts/751 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][3600.00 sec][Hostname/SNI: giovanni-pc][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT ( EHEJEPFGEBEOEOEJ)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/weibo.pcap.out b/tests/cfgs/default/result/weibo.pcap.out index 4bfe380c35c..df49fd5832c 100644 --- a/tests/cfgs/default/result/weibo.pcap.out +++ b/tests/cfgs/default/result/weibo.pcap.out @@ -18,7 +18,7 @@ Automa domain: 32/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 12/0 (search/found) Automa common alpns: 3/3 (search/found) -Patricia risk mask: 46/0 (search/found) +Patricia risk mask: 44/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 0/0 (search/found) @@ -49,8 +49,8 @@ JA3 Host Stats: 5 TCP 192.168.1.105:35805 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: SocialNetwork/6][21 pkts/2323 bytes <-> 20 pkts/20922 bytes][Goodput ratio: 37/94][1.37 sec][Hostname/SNI: img.t.sinajs.cn][bytes ratio: -0.800 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 72/75 375/438 116/123][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 111/1046 525/1502 127/557][URL: img.t.sinajs.cn/t6/skin/default/skin.css?version=201605130537][StatusCode: 200][Content-Type: text/css][Server: PWS/8.1.36][User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36][PLAIN TEXT (GET /t6/skin/default/skin.css)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,5,10,5,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,58,0,0,0] 6 TCP 192.168.1.105:35809 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: SocialNetwork/6][18 pkts/1681 bytes <-> 17 pkts/20680 bytes][Goodput ratio: 28/95][0.56 sec][Hostname/SNI: img.t.sinajs.cn][bytes ratio: -0.850 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 32/38 252/181 64/51][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 93/1216 539/1502 108/526][URL: img.t.sinajs.cn/t6/style/images/common/font/wbficon.woff?id=201605111746][StatusCode: 200][Content-Type: application/x-font-woff][Server: PWS/8.1.36][User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36][PLAIN TEXT (GET /t6/style/images/common/fon)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,12,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,81,0,0,0] 7 TCP 192.168.1.105:35806 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: SocialNetwork/6][7 pkts/946 bytes <-> 6 pkts/3755 bytes][Goodput ratio: 49/89][0.23 sec][Hostname/SNI: img.t.sinajs.cn][bytes ratio: -0.598 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 45/42 163/160 63/68][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 135/626 530/1502 161/505][URL: img.t.sinajs.cn/t6/style/images/global_nav/WB_logo_b.png][StatusCode: 200][Content-Type: image/png][Server: PWS/8.1.36][User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36][PLAIN TEXT (GET /t6/style/images/global)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,20,0,20,0,0,0,0,20,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0] - 8 UDP 192.168.1.105:53656 <-> 216.58.210.227:443 [proto: 188/QUIC][IP: 126/Google][Encrypted][Confidence: Match by port][DPI packets: 12][cat: Web/5][8 pkts/1301 bytes <-> 6 pkts/873 bytes][Goodput ratio: 74/71][1.60 sec][bytes ratio: 0.197 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 76/2 266/14 1385/29 503/13][Pkt Len c2s/s2c min/avg/max/stddev: 67/74 163/146 406/433 122/129][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy 7.37][Plen Bins: 21,35,14,0,0,7,0,0,7,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 9 UDP 216.58.210.14:443 <-> 192.168.1.105:49361 [proto: 188/QUIC][IP: 126/Google][Encrypted][Confidence: Match by port][DPI packets: 9][cat: Web/5][5 pkts/963 bytes <-> 4 pkts/981 bytes][Goodput ratio: 78/83][0.69 sec][bytes ratio: -0.009 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 171/228 626/662 264/307][Pkt Len c2s/s2c min/avg/max/stddev: 77/85 193/245 353/660 93/241][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy 7.39][Plen Bins: 0,33,11,11,11,11,0,0,0,11,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 8 UDP 192.168.1.105:53656 <-> 216.58.210.227:443 [proto: 188/QUIC][IP: 126/Google][Encrypted][Confidence: Match by port][DPI packets: 12][cat: Web/5][8 pkts/1301 bytes <-> 6 pkts/873 bytes][Goodput ratio: 74/71][1.60 sec][bytes ratio: 0.197 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 76/2 266/14 1385/29 503/13][Pkt Len c2s/s2c min/avg/max/stddev: 67/74 163/146 406/433 122/129][Plen Bins: 21,35,14,0,0,7,0,0,7,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 9 UDP 216.58.210.14:443 <-> 192.168.1.105:49361 [proto: 188/QUIC][IP: 126/Google][Encrypted][Confidence: Match by port][DPI packets: 9][cat: Web/5][5 pkts/963 bytes <-> 4 pkts/981 bytes][Goodput ratio: 78/83][0.69 sec][bytes ratio: -0.009 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 171/228 626/662 264/307][Pkt Len c2s/s2c min/avg/max/stddev: 77/85 193/245 353/660 93/241][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 6.609 (Executable)][Plen Bins: 0,33,11,11,11,11,0,0,0,11,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 10 TCP 192.168.1.105:59119 <-> 114.134.80.162:80 [proto: 7.356/HTTP.SinaWeibo][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: SocialNetwork/6][5 pkts/736 bytes <-> 4 pkts/863 bytes][Goodput ratio: 61/73][1.05 sec][Hostname/SNI: weibo.com][bytes ratio: -0.079 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/347 176/348 353/348 174/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 147/216 500/689 177/273][URL: weibo.com/login.php?lang=en-us][StatusCode: 301][Content-Type: text/html][Server: Apache][User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36][PLAIN TEXT (GET /login.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 11 TCP 192.168.1.105:35811 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: SocialNetwork/6][3 pkts/604 bytes <-> 2 pkts/140 bytes][Goodput ratio: 66/0][0.46 sec][Hostname/SNI: js.t.sinajs.cn][URL: js.t.sinajs.cn/t5/register/js/v6/pl/base.js?version=201605130537][User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36][PLAIN TEXT (KGET /t)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 12 TCP 192.168.1.105:42275 <-> 222.73.28.96:80 [proto: 7.200/HTTP.Sina][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: SocialNetwork/6][3 pkts/610 bytes <-> 1 pkts/66 bytes][Goodput ratio: 70/0][0.38 sec][Hostname/SNI: u1.img.mobile.sina.cn][URL: u1.img.mobile.sina.cn/public/files/image/620x300_img5653d57c6dab2.png][User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36][PLAIN TEXT (GET /public/files/image/620)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/wireguard.pcap.out b/tests/cfgs/default/result/wireguard.pcap.out index ad93b9cd151..afe7ba6c4f8 100644 --- a/tests/cfgs/default/result/wireguard.pcap.out +++ b/tests/cfgs/default/result/wireguard.pcap.out @@ -14,7 +14,7 @@ Automa domain: 0/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) Automa common alpns: 0/0 (search/found) -Patricia risk mask: 2/0 (search/found) +Patricia risk mask: 4/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 0/0 (search/found) diff --git a/tests/cfgs/default/result/xiaomi.pcap.out b/tests/cfgs/default/result/xiaomi.pcap.out index 9ef3586c790..ae041f59288 100644 --- a/tests/cfgs/default/result/xiaomi.pcap.out +++ b/tests/cfgs/default/result/xiaomi.pcap.out @@ -25,10 +25,10 @@ Xiaomi 52 11467 7 Acceptable 52 11467 7 - 1 TCP 192.168.2.100:45106 <-> 18.193.233.122:5222 [proto: 287/Xiaomi][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 4][cat: Web/5][8 pkts/2061 bytes <-> 7 pkts/1063 bytes][Goodput ratio: 74/56][359.14 sec][Hostname/SNI: fr-app-chat-global-xiaomi-net2-2117517874.eu-central-1.elb.amazonaws.com][bytes ratio: 0.319 (Upload)][IAT c2s/s2c min/avg/max/stddev: 7/1 59816/100 358553/211 133599/79][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 258/152 1014/488 311/142][User-Agent: Redmi Note 8T][PLAIN TEXT (xiaomi.com)][Plen Bins: 14,0,14,14,0,0,14,0,0,0,14,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 2 TCP 192.168.2.100:37708 <-> 3.127.176.74:5222 [proto: 287/Xiaomi][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 4][cat: Web/5][8 pkts/1983 bytes <-> 7 pkts/641 bytes][Goodput ratio: 73/27][455.15 sec][Hostname/SNI: fr-app-chat-global-xiaomi-net1-1667981913.eu-central-1.elb.amazonaws.com][bytes ratio: 0.511 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/0 75808/90740 453408/453409 168869/181335][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 248/92 999/171 303/39][User-Agent: Redmi Note 9 Pro][PLAIN TEXT (xiaomi.com)][Plen Bins: 16,0,16,16,0,0,0,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 3 TCP 115.164.74.232:5222 <-> 192.168.247.13:38018 [proto: 287/Xiaomi][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 2][cat: Web/5][4 pkts/456 bytes <-> 3 pkts/1283 bytes][Goodput ratio: 40/85][149.32 sec][Hostname/SNI: 47.241.35.73][bytes ratio: -0.476 (Download)][IAT c2s/s2c min/avg/max/stddev: 143/153 49772/74586 149015/149020 70175/74434][Pkt Len c2s/s2c min/avg/max/stddev: 74/78 114/428 172/980 41/395][User-Agent: M2010J19SG][PLAIN TEXT (xiaomi.com)][Plen Bins: 34,0,16,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 4 TCP 97.39.119.172:5222 <-> 192.168.93.59:51488 [proto: 287/Xiaomi][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 2][cat: Web/5][3 pkts/377 bytes <-> 2 pkts/1249 bytes][Goodput ratio: 45/89][0.25 sec][Hostname/SNI: 47.241.59.87][User-Agent: M2101K7BG][PLAIN TEXT (xiaomi.com)][Plen Bins: 0,0,25,25,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 5 TCP 115.164.74.232:5222 <-> 192.168.244.219:45904 [proto: 287/Xiaomi][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 2][cat: Web/5][3 pkts/378 bytes <-> 2 pkts/1244 bytes][Goodput ratio: 45/89][0.26 sec][Hostname/SNI: 47.241.35.73][User-Agent: Redmi Note 9S][PLAIN TEXT (xiaomi.com)][Plen Bins: 0,0,25,25,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 6 TCP 192.168.2.100:48698 <-> 203.107.1.65:80 [proto: 7.287/HTTP.Xiaomi][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 4][cat: Web/5][3 pkts/530 bytes <-> 1 pkts/66 bytes][Goodput ratio: 66/0][0.49 sec][Hostname/SNI: 203.107.1.65][URL: 203.107.1.65/164566/sign_d?host=appmarket.micloud.xiaomi.net&sdk=android_1.3.3&t=1650284179&s=762f2c07cf9262c61753f45b4117c232&sid=jccM7PF4XY0T&net=wifi&bssid=02%3A00%3A00%3A00%3A00%3A00][User-Agent: Dalvik/2.1.0 (Linux; U; Android 10; Redmi Note 9 Pro MIUI/V12.0.3.0.QJZMIXM)][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 10][Risk Info: Found host 203.107.1.65][PLAIN TEXT (GET /164566/sign)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 TCP 192.168.2.100:45106 <-> 18.193.233.122:5222 [proto: 287/Xiaomi][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 4][cat: Web/5][8 pkts/2061 bytes <-> 7 pkts/1063 bytes][Goodput ratio: 74/56][359.14 sec][Hostname/SNI: fr-app-chat-global-xiaomi-net2-2117517874.eu-central-1.elb.amazonaws.com][bytes ratio: 0.319 (Upload)][IAT c2s/s2c min/avg/max/stddev: 7/1 59816/100 358553/211 133599/79][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 258/152 1014/488 311/142][User-Agent: Redmi Note 8T][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.758 (Executable)][PLAIN TEXT (xiaomi.com)][Plen Bins: 14,0,14,14,0,0,14,0,0,0,14,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 TCP 192.168.2.100:37708 <-> 3.127.176.74:5222 [proto: 287/Xiaomi][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 4][cat: Web/5][8 pkts/1983 bytes <-> 7 pkts/641 bytes][Goodput ratio: 73/27][455.15 sec][Hostname/SNI: fr-app-chat-global-xiaomi-net1-1667981913.eu-central-1.elb.amazonaws.com][bytes ratio: 0.511 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/0 75808/90740 453408/453409 168869/181335][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 248/92 999/171 303/39][User-Agent: Redmi Note 9 Pro][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.872 (Executable)][PLAIN TEXT (xiaomi.com)][Plen Bins: 16,0,16,16,0,0,0,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 TCP 115.164.74.232:5222 <-> 192.168.247.13:38018 [proto: 287/Xiaomi][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 2][cat: Web/5][4 pkts/456 bytes <-> 3 pkts/1283 bytes][Goodput ratio: 40/85][149.32 sec][Hostname/SNI: 47.241.35.73][bytes ratio: -0.476 (Download)][IAT c2s/s2c min/avg/max/stddev: 143/153 49772/74586 149015/149020 70175/74434][Pkt Len c2s/s2c min/avg/max/stddev: 74/78 114/428 172/980 41/395][User-Agent: M2010J19SG][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.561 (Executable)][PLAIN TEXT (xiaomi.com)][Plen Bins: 34,0,16,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 4 TCP 97.39.119.172:5222 <-> 192.168.93.59:51488 [proto: 287/Xiaomi][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 2][cat: Web/5][3 pkts/377 bytes <-> 2 pkts/1249 bytes][Goodput ratio: 45/89][0.25 sec][Hostname/SNI: 47.241.59.87][User-Agent: M2101K7BG][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.687 (Executable)][PLAIN TEXT (xiaomi.com)][Plen Bins: 0,0,25,25,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 5 TCP 115.164.74.232:5222 <-> 192.168.244.219:45904 [proto: 287/Xiaomi][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 2][cat: Web/5][3 pkts/378 bytes <-> 2 pkts/1244 bytes][Goodput ratio: 45/89][0.26 sec][Hostname/SNI: 47.241.35.73][User-Agent: Redmi Note 9S][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.814 (Executable)][PLAIN TEXT (xiaomi.com)][Plen Bins: 0,0,25,25,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 6 TCP 192.168.2.100:48698 <-> 203.107.1.65:80 [proto: 7.287/HTTP.Xiaomi][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 4][cat: Web/5][3 pkts/530 bytes <-> 1 pkts/66 bytes][Goodput ratio: 66/0][0.49 sec][Hostname/SNI: 203.107.1.65][URL: 203.107.1.65/164566/sign_d?host=appmarket.micloud.xiaomi.net&sdk=android_1.3.3&t=1650284179&s=762f2c07cf9262c61753f45b4117c232&sid=jccM7PF4XY0T&net=wifi&bssid=02%3A00%3A00%3A00%3A00%3A00][User-Agent: Dalvik/2.1.0 (Linux; U; Android 10; Redmi Note 9 Pro MIUI/V12.0.3.0.QJZMIXM)][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **][Risk Score: 60][Risk Info: Found host 203.107.1.65 / Entropy: 5.609 (Executable)][PLAIN TEXT (GET /164566/sign)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 7 TCP 47.241.7.88:5222 -> 10.52.151.160:39180 [VLAN: 208][proto: 287/Xiaomi][IP: 274/Alibaba][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/136 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (xiaomi.com)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/zoom.pcap.out b/tests/cfgs/default/result/zoom.pcap.out index bfbc359c831..335c6b9096d 100644 --- a/tests/cfgs/default/result/zoom.pcap.out +++ b/tests/cfgs/default/result/zoom.pcap.out @@ -62,7 +62,7 @@ JA3 Host Stats: 11 TCP 192.168.1.117:53872 <-> 35.186.224.53:443 [proto: 91/TLS][IP: 284/GoogleCloud][Encrypted][Confidence: DPI][DPI packets: 5][cat: Web/5][8 pkts/2017 bytes <-> 8 pkts/4822 bytes][Goodput ratio: 74/89][0.07 sec][bytes ratio: -0.410 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/10 58/45 22/16][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 252/603 1434/1484 447/585][Plen Bins: 0,12,25,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,25,0,0,0] 12 TCP 192.168.1.117:54863 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Network/14][10 pkts/2198 bytes <-> 10 pkts/2067 bytes][Goodput ratio: 69/68][5.26 sec][Hostname/SNI: dati.ntop.org][bytes ratio: 0.031 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 645/740 5003/5003 1647/1741][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 220/207 932/1292 283/364][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **][Risk Score: 60][Risk Info: No ALPN][TLSv1.2][JA3C: a795593605a13211941d44505b4d1e39][JA4: t12d800700_64d9932cae36_4446390ac224][JA3S: dd4b012f7a008e741554bd0a4ed12920][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 16,0,0,0,34,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0] 13 TCP 192.168.1.117:54854 -> 172.217.21.72:443 [proto: 91.239/TLS.GoogleServices][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 4][cat: Web/5][4 pkts/1060 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][6.46 sec][Hostname/SNI: www.googletagmanager.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][Risk: ** Obsolete TLS (v1.1 or older) **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / TLSv1][TLSv1][JA3C: d78489b860c8bf7838a6ff0b4d131541][JA4: t10d0909h2_61c4dbd01224_cc731f12afbb][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 14 TCP 192.168.1.117:53867 <-> 104.199.65.42:80 [proto: 7/HTTP][IP: 126/Google][ClearText][Confidence: Match by port][DPI packets: 6][cat: Web/5][4 pkts/710 bytes <-> 2 pkts/242 bytes][Goodput ratio: 63/45][0.09 sec][bytes ratio: 0.492 (Upload)][IAT c2s/s2c min/avg/max/stddev: 30/64 31/64 32/64 1/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/121 178/121 329/121 115/0][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy 7.23][Plen Bins: 0,50,0,0,0,25,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 14 TCP 192.168.1.117:53867 <-> 104.199.65.42:80 [proto: 7/HTTP][IP: 126/Google][ClearText][Confidence: Match by port][DPI packets: 6][cat: Web/5][4 pkts/710 bytes <-> 2 pkts/242 bytes][Goodput ratio: 63/45][0.09 sec][bytes ratio: 0.492 (Upload)][IAT c2s/s2c min/avg/max/stddev: 30/64 31/64 32/64 1/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/121 178/121 329/121 115/0][Plen Bins: 0,50,0,0,0,25,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 15 UDP 192.168.1.117:61731 <-> 109.94.160.99:8801 [proto: 338.189/SRTP.Zoom][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 5][cat: Video/26][4 pkts/372 bytes <-> 4 pkts/290 bytes][Goodput ratio: 55/39][0.11 sec][bytes ratio: 0.124 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 4/35 28/27 49/47 18/20][Pkt Len c2s/s2c min/avg/max/stddev: 55/60 93/72 151/93 40/14][PLAIN TEXT (replace)][Plen Bins: 50,25,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 16 UDP 192.168.1.117:60620 <-> 109.94.160.99:8801 [proto: 338.189/SRTP.Zoom][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 5][cat: Video/26][4 pkts/408 bytes <-> 3 pkts/222 bytes][Goodput ratio: 59/41][1.24 sec][bytes ratio: 0.295 (Upload)][IAT c2s/s2c min/avg/max/stddev: 7/31 413/16 1209/31 563/16][Pkt Len c2s/s2c min/avg/max/stddev: 55/60 102/74 149/85 33/10][PLAIN TEXT (replace)][Plen Bins: 28,57,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 17 UDP 192.168.1.117:23903 <-> 162.255.37.14:3478 [proto: 78.189/STUN.Zoom][IP: 189/Zoom][ClearText][Confidence: DPI][DPI packets: 1][cat: Video/26][3 pkts/258 bytes <-> 3 pkts/222 bytes][Goodput ratio: 51/43][0.19 sec][bytes ratio: 0.075 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 10/9 10/9 10/9 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/74 86/74 86/74 0/0][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/zoom_p2p.pcapng.out b/tests/cfgs/default/result/zoom_p2p.pcapng.out index 21c2b02c984..1efc36c1f47 100644 --- a/tests/cfgs/default/result/zoom_p2p.pcapng.out +++ b/tests/cfgs/default/result/zoom_p2p.pcapng.out @@ -35,12 +35,12 @@ Acceptable 763 271804 12 1 UDP 192.168.12.156:39065 <-> 192.168.1.226:46757 [proto: 189/Zoom][IP: 0/Unknown][Encrypted][Confidence: DPI (partial cache)][DPI packets: 12][cat: Video/26][148 pkts/108673 bytes <-> 174 pkts/110457 bytes][Goodput ratio: 94/93][1.67 sec][bytes ratio: -0.008 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/8 88/71 15/12][Pkt Len c2s/s2c min/avg/max/stddev: 127/98 734/635 1269/1302 277/371][PLAIN TEXT (192.168.1.226)][Plen Bins: 0,0,9,1,0,0,0,6,1,0,0,0,0,2,5,11,10,5,4,4,2,0,0,1,2,2,0,0,0,0,0,1,16,0,0,0,3,1,5,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.12.156:49579 -> 10.78.14.178:49586 [proto: 189/Zoom][IP: 0/Unknown][Encrypted][Confidence: DPI (partial cache)][DPI packets: 12][cat: Video/26][154 pkts/19404 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][4.51 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 28/0 82/0 14/0][Pkt Len c2s/s2c min/avg/max/stddev: 126/0 126/0 126/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (10.78.14.178)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.12.156:42208 -> 10.78.14.178:47312 [proto: 189/Zoom][IP: 0/Unknown][Encrypted][Confidence: DPI (partial cache)][DPI packets: 12][cat: Video/26][130 pkts/16380 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][2.24 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/0 82/0 18/0][Pkt Len c2s/s2c min/avg/max/stddev: 126/0 126/0 126/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (10.78.14.178)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 4 ICMP 206.247.10.253:0 -> 192.168.12.156:0 [proto: 81/ICMP][IP: 189/Zoom][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][40 pkts/4560 bytes -> 0 pkts/0 bytes][Goodput ratio: 63/0][38.24 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 895/0 2027/0 1000/0][Pkt Len c2s/s2c min/avg/max/stddev: 114/0 114/0 114/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 4 ICMP 206.247.10.253:0 -> 192.168.12.156:0 [proto: 81/ICMP][IP: 189/Zoom][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][40 pkts/4560 bytes -> 0 pkts/0 bytes][Goodput ratio: 63/0][38.24 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 895/0 2027/0 1000/0][Pkt Len c2s/s2c min/avg/max/stddev: 114/0 114/0 114/0 0/0][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy: 5.319 (Executable)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 5 UDP 192.168.12.1:17500 -> 192.168.12.255:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Cloud/13][16 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][450.15 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 30007/0 30010/0 30013/0 9/0][Pkt Len c2s/s2c min/avg/max/stddev: 174/0 174/0 174/0 0/0][PLAIN TEXT (version)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 6 UDP 192.168.12.156:38453 -> 206.247.87.213:3478 [proto: 78.189/STUN.Zoom][IP: 189/Zoom][ClearText][Confidence: DPI][DPI packets: 1][cat: Video/26][20 pkts/1720 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][38.30 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1974/0 2015/0 2040/0 19/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/0 86/0 86/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 7 UDP 192.168.12.156:39065 -> 206.247.87.213:3478 [proto: 78.189/STUN.Zoom][IP: 189/Zoom][ClearText][Confidence: DPI][DPI packets: 1][cat: Video/26][20 pkts/1720 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][38.30 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1976/0 2015/0 2040/0 18/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/0 86/0 86/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 8 UDP 192.168.12.156:42208 -> 206.247.10.253:3478 [proto: 78.189/STUN.Zoom][IP: 189/Zoom][ClearText][Confidence: DPI][DPI packets: 1][cat: Video/26][20 pkts/1720 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][38.24 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1990/0 2013/0 2032/0 13/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/0 86/0 86/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 9 UDP 192.168.12.156:49579 -> 206.247.10.253:3478 [proto: 78.189/STUN.Zoom][IP: 189/Zoom][ClearText][Confidence: DPI][DPI packets: 1][cat: Video/26][20 pkts/1720 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][38.24 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1990/0 2013/0 2030/0 12/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/0 86/0 86/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 10 ICMP 206.247.87.213:0 -> 192.168.12.156:0 [proto: 81/ICMP][IP: 189/Zoom][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][13 pkts/1482 bytes -> 0 pkts/0 bytes][Goodput ratio: 63/0][38.30 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 3298/0 22119/0 6017/0][Pkt Len c2s/s2c min/avg/max/stddev: 114/0 114/0 114/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 10 ICMP 206.247.87.213:0 -> 192.168.12.156:0 [proto: 81/ICMP][IP: 189/Zoom][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][13 pkts/1482 bytes -> 0 pkts/0 bytes][Goodput ratio: 63/0][38.30 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 3298/0 22119/0 6017/0][Pkt Len c2s/s2c min/avg/max/stddev: 114/0 114/0 114/0 0/0][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy: 5.315 (Executable)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 11 UDP 192.168.12.156:38453 -> 192.168.1.226:41036 [proto: 189/Zoom][IP: 0/Unknown][Encrypted][Confidence: DPI (partial cache)][DPI packets: 5][cat: Video/26][5 pkts/635 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][0.06 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (192.168.1.226)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 12 UDP 192.168.12.1:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][3 pkts/549 bytes -> 0 pkts/0 bytes][Goodput ratio: 77/0][384.13 sec][Hostname/SNI: _ipps._tcp.local][_ipps._tcp.local][PLAIN TEXT (webdav)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/disable_protocols/result/quic-mvfst-27.pcapng.out b/tests/cfgs/disable_protocols/result/quic-mvfst-27.pcapng.out index 8bf60a3dd25..ec5be724267 100644 --- a/tests/cfgs/disable_protocols/result/quic-mvfst-27.pcapng.out +++ b/tests/cfgs/disable_protocols/result/quic-mvfst-27.pcapng.out @@ -27,4 +27,4 @@ Facebook 20 11399 1 Fun 20 11399 1 - 1 UDP 10.0.2.15:35957 <-> 69.171.250.15:443 [proto: 119/Facebook][IP: 119/Facebook][Encrypted][Confidence: Match by IP][DPI packets: 12][cat: SocialNetwork/6][7 pkts/3196 bytes <-> 13 pkts/8203 bytes][Goodput ratio: 79/85][8.96 sec][bytes ratio: -0.439 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1782/811 8808/8827 3513/2535][Pkt Len c2s/s2c min/avg/max/stddev: 128/115 457/631 1326/1346 492/540][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy 7.86][PLAIN TEXT (Xic gcl)][Plen Bins: 20,25,10,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,5,0,0,0,0,5,0,0,0,0,0,5,20,0,0,0,0,0,0,0,0] + 1 UDP 10.0.2.15:35957 <-> 69.171.250.15:443 [proto: 119/Facebook][IP: 119/Facebook][Encrypted][Confidence: Match by IP][DPI packets: 12][cat: SocialNetwork/6][7 pkts/3196 bytes <-> 13 pkts/8203 bytes][Goodput ratio: 79/85][8.96 sec][bytes ratio: -0.439 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1782/811 8808/8827 3513/2535][Pkt Len c2s/s2c min/avg/max/stddev: 128/115 457/631 1326/1346 492/540][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 7.857 (Encrypted or Random)][PLAIN TEXT (Xic gcl)][Plen Bins: 20,25,10,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,5,0,0,0,0,5,0,0,0,0,0,5,20,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/disable_protocols/result/soap.pcap.out b/tests/cfgs/disable_protocols/result/soap.pcap.out index 0fbde82152e..8107a2b8bf7 100644 --- a/tests/cfgs/disable_protocols/result/soap.pcap.out +++ b/tests/cfgs/disable_protocols/result/soap.pcap.out @@ -17,7 +17,7 @@ Automa domain: 1/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) Automa common alpns: 0/0 (search/found) -Patricia risk mask: 2/0 (search/found) +Patricia risk mask: 4/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 1/0 (search/found) Patricia risk IPv6: 0/0 (search/found) @@ -31,5 +31,5 @@ Safe 1 1506 1 Acceptable 19 9442 2 1 TCP 192.168.2.100:50100 <-> 23.2.213.165:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 14][cat: Web/5][7 pkts/4746 bytes <-> 7 pkts/752 bytes][Goodput ratio: 92/39][5.01 sec][bytes ratio: 0.726 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 989/1236 2486/2486 1098/1096][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 678/107 1506/362 717/104][PLAIN TEXT (POST /fwlink/)][Plen Bins: 0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,75,0,0] - 2 TCP 185.32.192.30:80 <-> 85.154.114.113:56028 [VLAN: 808][proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 5][cat: Web/5][3 pkts/2487 bytes <-> 2 pkts/1457 bytes][Goodput ratio: 92/92][0.34 sec][PLAIN TEXT (xml version)][Plen Bins: 0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,50,0,0,0,0,0,0,0,0,0] + 2 TCP 185.32.192.30:80 <-> 85.154.114.113:56028 [VLAN: 808][proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 5][cat: Web/5][3 pkts/2487 bytes <-> 2 pkts/1457 bytes][Goodput ratio: 92/92][0.34 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 6.075 (Executable)][PLAIN TEXT (xml version)][Plen Bins: 0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,50,0,0,0,0,0,0,0,0,0] 3 TCP 192.168.2.100:50100 -> 23.2.213.165:4176 [proto: 7.212/HTTP.Microsoft][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Cloud/13][1 pkts/1506 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][Hostname/SNI: go.microsoft.com][URL: go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409][Req Content-Type: text/xml][User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (POST /fwlink/)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0] diff --git a/tests/cfgs/enable_payload_stat/result/1kxun.pcap.out b/tests/cfgs/enable_payload_stat/result/1kxun.pcap.out index ad38d093b2a..5a0fe8e0935 100644 --- a/tests/cfgs/enable_payload_stat/result/1kxun.pcap.out +++ b/tests/cfgs/enable_payload_stat/result/1kxun.pcap.out @@ -19,7 +19,7 @@ Automa domain: 156/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 16/0 (search/found) Automa common alpns: 0/0 (search/found) -Patricia risk mask: 176/0 (search/found) +Patricia risk mask: 174/0 (search/found) Patricia risk mask IPv6: 6/0 (search/found) Patricia risk: 3/0 (search/found) Patricia risk IPv6: 25/0 (search/found) @@ -92,13 +92,13 @@ JA3 Host Stats: 6 TCP 192.168.2.126:46212 <-> 172.105.121.82:80 [flowId: 143][proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][2 pkts/555 bytes <-> 12 pkts/124834 bytes][Goodput ratio: 76/99][1.58 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.991 (Download)][IAT c2s/s2c min/avg/max/stddev: 871/0 871/122 871/373 0/155][Pkt Len c2s/s2c min/avg/max/stddev: 277/386 278/10403 278/37506 0/10887][URL: pic.1kxun.com/video_kankan/images/releases/300/5183-51fb99a2391e774037ba21cbca307be4.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,14,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,57] 7 TCP 192.168.2.126:38316 <-> 172.105.121.82:80 [flowId: 170][proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/273 bytes <-> 23 pkts/118294 bytes][Goodput ratio: 76/99][1.43 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.995 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/46 0/393 0/113][Pkt Len c2s/s2c min/avg/max/stddev: 273/388 273/5143 273/24546 0/5526][URL: pic.1kxun.com/video_kankan/images/videos/40701-8fa7d916c55e31f90fa55f450b716505.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,4,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,20,0,67] 8 TCP 192.168.2.126:49380 <-> 14.136.136.108:80 [flowId: 159][proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Streaming/17][2 pkts/1172 bytes <-> 30 pkts/99876 bytes][Goodput ratio: 89/98][1.31 sec][Hostname/SNI: hkbn.content.1kxun.com][bytes ratio: -0.977 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/32 0/209 0/74][Pkt Len c2s/s2c min/avg/max/stddev: 580/351 586/3329 592/18786 6/3784][URL: hkbn.content.1kxun.com/manga-hant/images/project/cartoons/f05074256b39572ad852c1c95eb5f8a7.jpg][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (LGET /manga)][Plen Bins: 0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,53,0,34] - 9 TCP 192.168.2.126:36636 <-> 18.64.103.30:80 [flowId: 183][proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 9][cat: Web/5][1 pkts/411 bytes <-> 29 pkts/98991 bytes][Goodput ratio: 84/98][0.08 sec][Hostname/SNI: hybird.rayjump.com][bytes ratio: -0.992 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/2 0/20 0/4][Pkt Len c2s/s2c min/avg/max/stddev: 411/1467 411/3413 411/5778 0/1722][URL: hybird.rayjump.com/rv-zip-2022/0428/tpl4-4209ad845e61d9ad67b6f04187d00be0.zip?md5filename=4209ad845e61d9ad67b6f04187d00be0&foldername=tpl4&layout=1&tpl=4&wfr=1&to=9999&alecfc=1&whs_chn=m][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][PLAIN TEXT (GET /rv)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,30,0,0,63] - 10 TCP 192.168.2.126:36654 <-> 18.64.103.30:80 [flowId: 185][proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 9][cat: Web/5][1 pkts/363 bytes <-> 25 pkts/90800 bytes][Goodput ratio: 82/98][0.10 sec][Hostname/SNI: hybird.rayjump.com][bytes ratio: -0.992 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/3 0/18 0/5][Pkt Len c2s/s2c min/avg/max/stddev: 363/1494 363/3632 363/4350 0/1035][URL: hybird.rayjump.com/rv-zip-2019/1113/mini-260291c208bf3376b5111db855e89451.zip?md5filename=260291c208bf3376b5111db855e89451&foldername=mini][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][PLAIN TEXT (GET /rv)][Plen Bins: 0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,85] + 9 TCP 192.168.2.126:36636 <-> 18.64.103.30:80 [flowId: 183][proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 9][cat: Web/5][1 pkts/411 bytes <-> 29 pkts/98991 bytes][Goodput ratio: 84/98][0.08 sec][Hostname/SNI: hybird.rayjump.com][bytes ratio: -0.992 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/2 0/20 0/4][Pkt Len c2s/s2c min/avg/max/stddev: 411/1467 411/3413 411/5778 0/1722][URL: hybird.rayjump.com/rv-zip-2022/0428/tpl4-4209ad845e61d9ad67b6f04187d00be0.zip?md5filename=4209ad845e61d9ad67b6f04187d00be0&foldername=tpl4&layout=1&tpl=4&wfr=1&to=9999&alecfc=1&whs_chn=m][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.552 (Executable)][PLAIN TEXT (GET /rv)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,30,0,0,63] + 10 TCP 192.168.2.126:36654 <-> 18.64.103.30:80 [flowId: 185][proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 9][cat: Web/5][1 pkts/363 bytes <-> 25 pkts/90800 bytes][Goodput ratio: 82/98][0.10 sec][Hostname/SNI: hybird.rayjump.com][bytes ratio: -0.992 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/3 0/18 0/5][Pkt Len c2s/s2c min/avg/max/stddev: 363/1494 363/3632 363/4350 0/1035][URL: hybird.rayjump.com/rv-zip-2019/1113/mini-260291c208bf3376b5111db855e89451.zip?md5filename=260291c208bf3376b5111db855e89451&foldername=mini][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.485 (Executable)][PLAIN TEXT (GET /rv)][Plen Bins: 0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,85] 11 TCP 192.168.2.126:45416 <-> 161.117.13.29:80 [flowId: 149][proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][8 pkts/7202 bytes <-> 24 pkts/83277 bytes][Goodput ratio: 93/98][16.31 sec][Hostname/SNI: mangaweb.1kxun.mobi][bytes ratio: -0.841 (Download)][IAT c2s/s2c min/avg/max/stddev: 186/0 2919/772 6045/5959 2744/1789][Pkt Len c2s/s2c min/avg/max/stddev: 500/709 900/3470 1180/14466 215/3207][URL: mangaweb.1kxun.mobi/js/vendor.bundle.js?1644807874][StatusCode: 200][Content-Type: application/javascript][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/vendor.bundle.j)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,3,0,0,12,0,0,0,0,0,0,0,3,3,3,6,0,0,0,0,0,0,0,3,0,0,21,0,41] 12 TCP 192.168.2.126:38326 <-> 172.105.121.82:80 [flowId: 168][proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/273 bytes <-> 21 pkts/89010 bytes][Goodput ratio: 76/98][1.25 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.994 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/50 0/412 0/118][Pkt Len c2s/s2c min/avg/max/stddev: 273/387 273/4239 273/12489 0/2950][URL: pic.1kxun.com/video_kankan/images/videos/40730-48fd657abd5a1d3e45d03403ddcb0663.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,4,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,73] 13 TCP 192.168.2.126:46200 <-> 172.105.121.82:80 [flowId: 142][proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][2 pkts/556 bytes <-> 18 pkts/82689 bytes][Goodput ratio: 76/99][1.24 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.987 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/56 0/375 0/119][Pkt Len c2s/s2c min/avg/max/stddev: 278/386 278/4594 278/21666 0/5421][URL: pic.1kxun.com/video_kankan/images/releases/301/5027-d707192bfa2dabf22771a4d56454ab88.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,10,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,35,0,45] 14 TCP 192.168.2.126:46184 <-> 172.105.121.82:80 [flowId: 140][proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][3 pkts/829 bytes <-> 13 pkts/73655 bytes][Goodput ratio: 76/99][1.27 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.978 (Download)][IAT c2s/s2c min/avg/max/stddev: 392/0 392/81 392/368 0/134][Pkt Len c2s/s2c min/avg/max/stddev: 273/386 276/5666 278/23106 2/7129][URL: pic.1kxun.com/video_kankan/images/releases/299/4704-5017bcdcacc02cc3af4833cd1ed72a8f.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,18,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,25,0,37] - 15 TCP 192.168.2.126:36640 <-> 18.64.103.30:80 [flowId: 184][proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 9][cat: Web/5][1 pkts/563 bytes <-> 20 pkts/65580 bytes][Goodput ratio: 88/98][0.06 sec][Hostname/SNI: hybird.rayjump.com][bytes ratio: -0.983 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/1 0/3 0/1][Pkt Len c2s/s2c min/avg/max/stddev: 563/1494 563/3279 563/5778 0/1489][URL: hybird.rayjump.com/rv-zip-2022/0428/endcard-dsp-1302-f2714a34f6661a70fedea1667fb7a9e4.zip?md5filename=f2714a34f6661a70fedea1667fb7a9e4&foldername=endcard-dsp-1302&mof=1&mof_uid=91199&n_imp=1&mof_pkg=com.sceneway.kankan&n_region=fk&alecfc=1&bait_click=1&mo][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][PLAIN TEXT (GET /rv)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,62] + 15 TCP 192.168.2.126:36640 <-> 18.64.103.30:80 [flowId: 184][proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 9][cat: Web/5][1 pkts/563 bytes <-> 20 pkts/65580 bytes][Goodput ratio: 88/98][0.06 sec][Hostname/SNI: hybird.rayjump.com][bytes ratio: -0.983 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/1 0/3 0/1][Pkt Len c2s/s2c min/avg/max/stddev: 563/1494 563/3279 563/5778 0/1489][URL: hybird.rayjump.com/rv-zip-2022/0428/endcard-dsp-1302-f2714a34f6661a70fedea1667fb7a9e4.zip?md5filename=f2714a34f6661a70fedea1667fb7a9e4&foldername=endcard-dsp-1302&mof=1&mof_uid=91199&n_imp=1&mof_pkg=com.sceneway.kankan&n_region=fk&alecfc=1&bait_click=1&mo][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.428 (Executable)][PLAIN TEXT (GET /rv)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,62] 16 TCP 192.168.115.8:49600 <-> 106.187.35.246:80 [flowId: 27][proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Streaming/17][18 pkts/1722 bytes <-> 51 pkts/61707 bytes][Goodput ratio: 42/95][45.37 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.946 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3472/1029 44994/45054 11986/6714][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 96/1210 416/1314 113/325][URL: pic.1kxun.com/video_kankan/images/videos/18283-jfyj3.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.9.7.1][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][PLAIN TEXT (GET /video)][Plen Bins: 3,0,0,0,0,0,0,0,0,1,0,3,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,91,0,0,0,0,0,0,0,0] 17 TCP 192.168.2.126:45398 <-> 161.117.13.29:80 [flowId: 147][proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][3 pkts/2127 bytes <-> 18 pkts/58725 bytes][Goodput ratio: 91/98][4.35 sec][Hostname/SNI: mangaweb.1kxun.mobi][bytes ratio: -0.930 (Download)][IAT c2s/s2c min/avg/max/stddev: 229/0 229/262 229/3434 0/852][Pkt Len c2s/s2c min/avg/max/stddev: 490/551 709/3262 821/7266 155/2191][URL: mangaweb.1kxun.mobi/js/dependency-all.js][StatusCode: 200][Content-Type: application/javascript][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/dependency)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,4,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,39,0,43] 18 TCP 192.168.2.126:49354 <-> 14.136.136.108:80 [flowId: 156][proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][2 pkts/1184 bytes <-> 19 pkts/53234 bytes][Goodput ratio: 89/98][1.04 sec][Hostname/SNI: hkbn.content.1kxun.com][bytes ratio: -0.956 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/26 0/204 0/67][Pkt Len c2s/s2c min/avg/max/stddev: 592/351 592/2802 592/8706 0/2084][URL: hkbn.content.1kxun.com/manga-hant/images/project/cartoons/7e07d4417e0edc98d327d0ddfd3e227a.jpg?format=webp][StatusCode: 200][Content-Type: image/webp][Server: openresty/1.9.7.4][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (/GET /manga)][Plen Bins: 0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,38,0,42] @@ -109,12 +109,12 @@ JA3 Host Stats: 23 TCP 192.168.115.8:49599 <-> 106.187.35.246:80 [flowId: 26][proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Streaming/17][16 pkts/1612 bytes <-> 27 pkts/29579 bytes][Goodput ratio: 45/95][45.24 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.897 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 12/6 66/65 23/18][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 101/1096 415/1314 119/461][URL: pic.1kxun.com/video_kankan/images/videos/13480-alps.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.9.7.1][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][PLAIN TEXT (GET /video)][Plen Bins: 7,3,0,0,0,0,0,0,0,3,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,79,0,0,0,0,0,0,0,0] 24 TCP 192.168.2.126:44368 <-> 172.217.18.98:80 [flowId: 162][proto: 7.239/HTTP.GoogleServices][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/489 bytes <-> 16 pkts/29841 bytes][Goodput ratio: 86/96][0.06 sec][Hostname/SNI: www.googletagservices.com][bytes ratio: -0.968 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/2 0/22 0/6][Pkt Len c2s/s2c min/avg/max/stddev: 489/491 489/1865 489/2902 0/738][URL: www.googletagservices.com/tag/js/gpt.js][StatusCode: 200][Content-Type: text/javascript][Server: sffe][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /tag/js/gpt.j)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,59,0,0,29] 25 TCP 192.168.2.126:38354 <-> 142.250.186.34:80 [flowId: 154][proto: 7.126/HTTP.Google][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 9][cat: Advertisement/101][1 pkts/586 bytes <-> 12 pkts/28355 bytes][Goodput ratio: 89/97][0.08 sec][Hostname/SNI: pagead2.googlesyndication.com][bytes ratio: -0.960 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/3 0/23 0/7][Pkt Len c2s/s2c min/avg/max/stddev: 586/687 586/2363 586/2902 0/788][URL: pagead2.googlesyndication.com/pagead/show_ads.js][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /pagead/show)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0,62] - 26 TCP 192.168.2.126:35664 <-> 18.66.2.90:80 [flowId: 181][proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/249 bytes <-> 9 pkts/27029 bytes][Goodput ratio: 73/98][0.02 sec][Hostname/SNI: cdn.liftoff.io][bytes ratio: -0.982 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/1 0/3 0/1][Pkt Len c2s/s2c min/avg/max/stddev: 249/797 249/3003 249/4350 0/1362][URL: cdn.liftoff.io/customers/45d4b09eba/image/lambda_jpg_89/398101234e6cf5b3a8d8.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: AmazonS3][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (GET /customers/45)][Plen Bins: 0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,60] + 26 TCP 192.168.2.126:35664 <-> 18.66.2.90:80 [flowId: 181][proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/249 bytes <-> 9 pkts/27029 bytes][Goodput ratio: 73/98][0.02 sec][Hostname/SNI: cdn.liftoff.io][bytes ratio: -0.982 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/1 0/3 0/1][Pkt Len c2s/s2c min/avg/max/stddev: 249/797 249/3003 249/4350 0/1362][URL: cdn.liftoff.io/customers/45d4b09eba/image/lambda_jpg_89/398101234e6cf5b3a8d8.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: AmazonS3][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.428 (Executable)][PLAIN TEXT (GET /customers/45)][Plen Bins: 0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,60] 27 TCP 192.168.115.8:49603 <-> 106.187.35.246:80 [flowId: 30][proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Streaming/17][12 pkts/1396 bytes <-> 22 pkts/24184 bytes][Goodput ratio: 52/95][45.24 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.891 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5632/4 45001/65 14880/15][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 116/1099 415/1314 134/455][URL: pic.1kxun.com/video_kankan/images/videos/16649-ljdz.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.9.7.1][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][PLAIN TEXT (GET /video)][Plen Bins: 8,0,0,0,0,0,0,0,0,4,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,75,0,0,0,0,0,0,0,0] 28 TCP 192.168.2.126:36732 <-> 142.250.186.174:80 [flowId: 155][proto: 7.126/HTTP.Google][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 2][cat: Advertisement/101][1 pkts/487 bytes <-> 10 pkts/21123 bytes][Goodput ratio: 86/97][0.05 sec][Hostname/SNI: www.google-analytics.com][bytes ratio: -0.955 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/3 0/21 0/7][Pkt Len c2s/s2c min/avg/max/stddev: 487/677 487/2112 487/2902 0/822][URL: www.google-analytics.com/analytics.js][StatusCode: 200][Content-Type: text/javascript][Server: Golfe2][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /analytics.js HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,36,0,0,45] 29 TCP 192.168.2.126:45388 <-> 161.117.13.29:80 [flowId: 146][proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][2 pkts/1315 bytes <-> 8 pkts/18984 bytes][Goodput ratio: 90/97][4.33 sec][Hostname/SNI: mangaweb.1kxun.mobi][bytes ratio: -0.870 (Download)][IAT c2s/s2c min/avg/max/stddev: 3965/0 3965/593 3965/3966 0/1379][Pkt Len c2s/s2c min/avg/max/stddev: 509/1287 658/2373 806/8258 148/2234][URL: mangaweb.1kxun.mobi/js/swiper/swiper.min.css][StatusCode: 200][Content-Type: text/css][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/swiper/swiper.min.css H)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,10,0,0,0,0,40,0,20] - 30 TCP 192.168.115.8:49609 <-> 42.120.51.152:8080 [flowId: 40][proto: 7/HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 9][cat: Web/5][20 pkts/4716 bytes <-> 13 pkts/7005 bytes][Goodput ratio: 77/90][1.19 sec][Hostname/SNI: 42.120.51.152][bytes ratio: -0.195 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 49/52 298/178 81/57][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 236/539 499/1314 193/556][URL: 42.120.51.152:8080/api/proxy?url=http%3A%2F%2Fvv.video.qq.com%2Fgetvinfo][StatusCode: 100][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.0][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 42.120.51.152 / Expected on port 80][PLAIN TEXT (POST /api/proxy)][Plen Bins: 11,0,0,0,0,0,0,22,0,0,0,0,0,33,0,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,0,0,0,0] - 31 TCP 192.168.2.126:37100 <-> 52.29.177.177:80 [flowId: 187][proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 4][cat: Web/5][12 pkts/8973 bytes <-> 4 pkts/687 bytes][Goodput ratio: 91/61][7.04 sec][Hostname/SNI: adx-tk.rayjump.com][bytes ratio: 0.858 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/185 697/1192 4610/2198 1454/1006][Pkt Len c2s/s2c min/avg/max/stddev: 86/169 748/172 1506/180 594/5][StatusCode: 204][Server: nginx][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /track)][Plen Bins: 25,0,0,25,0,0,0,0,0,0,0,0,0,0,12,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] + 30 TCP 192.168.115.8:49609 <-> 42.120.51.152:8080 [flowId: 40][proto: 7/HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 9][cat: Web/5][20 pkts/4716 bytes <-> 13 pkts/7005 bytes][Goodput ratio: 77/90][1.19 sec][Hostname/SNI: 42.120.51.152][bytes ratio: -0.195 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 49/52 298/178 81/57][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 236/539 499/1314 193/556][URL: 42.120.51.152:8080/api/proxy?url=http%3A%2F%2Fvv.video.qq.com%2Fgetvinfo][StatusCode: 100][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.0][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **][Risk Score: 110][Risk Info: Found host 42.120.51.152 / Expected on port 80 / Entropy: 5.310 (Executable)][PLAIN TEXT (POST /api/proxy)][Plen Bins: 11,0,0,0,0,0,0,22,0,0,0,0,0,33,0,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,0,0,0,0] + 31 TCP 192.168.2.126:37100 <-> 52.29.177.177:80 [flowId: 187][proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 4][cat: Web/5][12 pkts/8973 bytes <-> 4 pkts/687 bytes][Goodput ratio: 91/61][7.04 sec][Hostname/SNI: adx-tk.rayjump.com][bytes ratio: 0.858 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/185 697/1192 4610/2198 1454/1006][Pkt Len c2s/s2c min/avg/max/stddev: 86/169 748/172 1506/180 594/5][StatusCode: 204][Server: nginx][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.814 (Executable)][PLAIN TEXT (GET /track)][Plen Bins: 25,0,0,25,0,0,0,0,0,0,0,0,0,0,12,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] 32 TCP 192.168.5.16:53627 <-> 203.69.81.73:80 [flowId: 108][proto: 7.315/HTTP.Line][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Chat/9][6 pkts/676 bytes <-> 8 pkts/8822 bytes][Goodput ratio: 40/94][0.02 sec][Hostname/SNI: dl-obs.official.line.naver.jp][bytes ratio: -0.858 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 4/2 10/8 4/3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 113/1103 334/1514 99/610][URL: dl-obs.official.line.naver.jp/r/talk/m/4697716954688/preview][StatusCode: 200][Content-Type: image/jpeg][User-Agent: DESKTOP:MAC:10.10.5-YOSEMITE(4.7.2)][PLAIN TEXT (FGET /r/talk/m/4697716954688/pr)][Plen Bins: 0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,71,0,0] 33 TCP 192.168.5.16:53628 <-> 203.69.81.73:80 [flowId: 109][proto: 7.315/HTTP.Line][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Chat/9][6 pkts/676 bytes <-> 8 pkts/8482 bytes][Goodput ratio: 40/94][0.01 sec][Hostname/SNI: dl-obs.official.line.naver.jp][bytes ratio: -0.852 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/2 10/6 4/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 113/1060 334/1514 99/620][URL: dl-obs.official.line.naver.jp/r/talk/m/4697716971500/preview][StatusCode: 200][Content-Type: image/jpeg][User-Agent: DESKTOP:MAC:10.10.5-YOSEMITE(4.7.2)][PLAIN TEXT (GGET /r/talk/m/4697716971500/pr)][Plen Bins: 0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,71,0,0] 34 UDP [fe80::9bd:81dd:2fdc:5750]:1900 -> [ff02::c]:1900 [flowId: 83][proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][16 pkts/8921 bytes -> 0 pkts/0 bytes][Goodput ratio: 89/0][8.40 sec][Hostname/SNI: [ff02::c]:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 103/0 512/0 2044/0 527/0][Pkt Len c2s/s2c min/avg/max/stddev: 510/0 558/0 590/0 30/0][PLAIN TEXT (NOTIFY )][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,12,56,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -122,37 +122,37 @@ JA3 Host Stats: 36 TCP 192.168.2.126:49370 <-> 14.136.136.108:80 [flowId: 158][proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/580 bytes <-> 4 pkts/7749 bytes][Goodput ratio: 88/97][0.22 sec][Hostname/SNI: hkbn.content.1kxun.com][URL: hkbn.content.1kxun.com/manga-hant/images/project/cartoons/b057f5cd8fe013d2299b57f14faa5fa9.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.9.7.4][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (AGET /manga)][Plen Bins: 0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,20] 37 TCP 192.168.2.126:45422 <-> 161.117.13.29:80 [flowId: 150][proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 5][cat: Streaming/17][3 pkts/2139 bytes <-> 4 pkts/6060 bytes][Goodput ratio: 91/96][4.31 sec][Hostname/SNI: mangaweb.1kxun.mobi][bytes ratio: -0.478 (Download)][IAT c2s/s2c min/avg/max/stddev: 221/224 2062/1374 3902/3898 1841/1787][Pkt Len c2s/s2c min/avg/max/stddev: 502/1413 713/1515 819/1720 149/124][URL: mangaweb.1kxun.mobi/images/detail_revision/go_homepage.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/application.min.j)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,14,0,14] 38 TCP 192.168.2.126:60148 <-> 172.105.121.82:80 [flowId: 138][proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][2 pkts/536 bytes <-> 3 pkts/7066 bytes][Goodput ratio: 75/97][0.56 sec][Hostname/SNI: pic.1kxun.com][URL: pic.1kxun.com/video_kankan/images/icons/5-328e3cdf244c003df08754cca05fbc2f.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,40,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20] - 39 TCP 119.235.235.84:443 <-> 192.168.5.16:53406 [flowId: 100][proto: 91/TLS][IP: 315/Line][Encrypted][Confidence: Match by port][DPI packets: 20][cat: Web/5][13 pkts/6269 bytes <-> 10 pkts/1165 bytes][Goodput ratio: 88/51][18.02 sec][bytes ratio: 0.687 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/31 352/2546 3289/14274 980/4917][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 482/116 1514/386 582/101][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy 7.83][Plen Bins: 23,7,0,0,0,15,7,0,7,0,7,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0] + 39 TCP 119.235.235.84:443 <-> 192.168.5.16:53406 [flowId: 100][proto: 91/TLS][IP: 315/Line][Encrypted][Confidence: Match by port][DPI packets: 20][cat: Web/5][13 pkts/6269 bytes <-> 10 pkts/1165 bytes][Goodput ratio: 88/51][18.02 sec][bytes ratio: 0.687 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/31 352/2546 3289/14274 980/4917][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 482/116 1514/386 582/101][Plen Bins: 23,7,0,0,0,15,7,0,7,0,7,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0] 40 TCP 192.168.2.126:38314 <-> 172.105.121.82:80 [flowId: 169][proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/273 bytes <-> 4 pkts/6346 bytes][Goodput ratio: 76/96][0.33 sec][Hostname/SNI: pic.1kxun.com][URL: pic.1kxun.com/video_kankan/images/videos/40750-585645353a7a47615755b7714c611835.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,20,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,20] 41 TCP 192.168.2.126:45414 <-> 161.117.13.29:80 [flowId: 148][proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][3 pkts/2118 bytes <-> 3 pkts/3518 bytes][Goodput ratio: 91/94][4.32 sec][Hostname/SNI: mangaweb.1kxun.mobi][bytes ratio: -0.248 (Download)][IAT c2s/s2c min/avg/max/stddev: 215/216 2066/2066 3917/3916 1851/1850][Pkt Len c2s/s2c min/avg/max/stddev: 482/758 706/1173 819/1456 158/300][URL: mangaweb.1kxun.mobi/js/fb-sdk.js][StatusCode: 200][Content-Type: application/javascript][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/fb)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,16,0,34,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,16,0,0,0,0] 42 TCP 192.168.2.126:47246 <-> 161.117.13.29:80 [flowId: 134][proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][2 pkts/1872 bytes <-> 2 pkts/3374 bytes][Goodput ratio: 93/96][1.30 sec][Hostname/SNI: kankan.1kxun.com][URL: kankan.1kxun.com/video_kankan_tags/v2/api/homePageVideoCollections/HomePageBanners?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28][StatusCode: 200][Content-Type: application/json][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25] - 43 TCP 192.168.2.126:36660 <-> 18.64.103.30:80 [flowId: 186][proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 4][cat: Web/5][1 pkts/328 bytes <-> 3 pkts/4733 bytes][Goodput ratio: 80/96][0.03 sec][Hostname/SNI: hybird.rayjump.com][URL: hybird.rayjump.com/rv/endv4.html?mof=1&ec_id=4&mof_uid=91199&n_imp=1&unit_id=8881&sdk_version=mal_8.7.4][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][PLAIN TEXT (GET /rv/endv4.html)][Plen Bins: 0,0,0,0,0,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,25] + 43 TCP 192.168.2.126:36660 <-> 18.64.103.30:80 [flowId: 186][proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 4][cat: Web/5][1 pkts/328 bytes <-> 3 pkts/4733 bytes][Goodput ratio: 80/96][0.03 sec][Hostname/SNI: hybird.rayjump.com][URL: hybird.rayjump.com/rv/endv4.html?mof=1&ec_id=4&mof_uid=91199&n_imp=1&unit_id=8881&sdk_version=mal_8.7.4][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.481 (Executable)][PLAIN TEXT (GET /rv/endv4.html)][Plen Bins: 0,0,0,0,0,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,25] 44 TCP 192.168.115.8:49608 <-> 203.205.151.234:80 [flowId: 39][proto: 7.48/HTTP.QQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Chat/9][18 pkts/3550 bytes <-> 7 pkts/1400 bytes][Goodput ratio: 71/72][1.09 sec][Hostname/SNI: vv.video.qq.com][bytes ratio: 0.434 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 70/191 476/506 136/201][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 197/200 499/372 176/149][URL: vv.video.qq.com/getvinfo][StatusCode: 100][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.0][PLAIN TEXT (POST /getvinfo HTTP/1.1)][Plen Bins: 15,0,0,0,0,15,15,0,0,23,0,0,0,30,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 45 UDP 192.168.119.1:67 -> 255.255.255.255:68 [flowId: 3][proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][14 pkts/4788 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][43.01 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 412/0 3106/0 12289/0 3176/0][Pkt Len c2s/s2c min/avg/max/stddev: 342/0 342/0 342/0 0/0][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 46 TCP 192.168.5.16:53580 <-> 31.13.87.36:443 [flowId: 105][proto: 91/TLS][IP: 119/Facebook][Encrypted][Confidence: DPI][DPI packets: 4][cat: Web/5][4 pkts/2050 bytes <-> 5 pkts/2297 bytes][Goodput ratio: 87/86][0.18 sec][bytes ratio: -0.057 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 4/0 60/44 176/133 82/54][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 512/459 1159/1464 468/536][Plen Bins: 0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,20,0,0,0,0] - 47 TCP 192.168.115.8:49613 <-> 183.131.48.144:80 [flowId: 48][proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Media/1][7 pkts/1408 bytes <-> 5 pkts/2611 bytes][Goodput ratio: 71/89][0.15 sec][Hostname/SNI: 183.131.48.144][bytes ratio: -0.299 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 14/25 69/67 28/30][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 201/522 557/1078 225/465][URL: 183.131.48.144/vlive.qqvideo.tc.qq.com/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE656][StatusCode: 206][Content-Type: video/mp4][Risk: ** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 110][Risk Info: Found host 183.131.48.144 / Empty or missing User-Agent][PLAIN TEXT (GET /vlive.qq)][Plen Bins: 0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 47 TCP 192.168.115.8:49613 <-> 183.131.48.144:80 [flowId: 48][proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Media/1][7 pkts/1408 bytes <-> 5 pkts/2611 bytes][Goodput ratio: 71/89][0.15 sec][Hostname/SNI: 183.131.48.144][bytes ratio: -0.299 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 14/25 69/67 28/30][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 201/522 557/1078 225/465][URL: 183.131.48.144/vlive.qqvideo.tc.qq.com/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE656][StatusCode: 206][Content-Type: video/mp4][Risk: ** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **][Risk Score: 160][Risk Info: Found host 183.131.48.144 / Empty or missing User-Agent / Entropy: 5.207 (Executable)][PLAIN TEXT (GET /vlive.qq)][Plen Bins: 0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 48 TCP 192.168.5.16:53623 <-> 192.168.115.75:443 [flowId: 44][proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][11 pkts/1959 bytes <-> 8 pkts/1683 bytes][Goodput ratio: 67/72][20.95 sec][Hostname/SNI: 192.168.115.75][bytes ratio: 0.076 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 2323/4176 15252/15254 4895/5951][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 178/210 1067/1055 288/323][Risk: ** Weak TLS Cipher **** HTTP/TLS/QUIC Numeric Hostname/SNI **** TLS (probably) Not Carrying HTTPS **][Risk Score: 120][Risk Info: 192.168.115.75 / No ALPN / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: 799135475da362592a4be9199d258726][JA4: t12i370500_07a749158664_d075105c1994][JA3S: 573a9f3f80037fb40d481e2054def5bb (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 14,14,14,0,0,14,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 49 TCP 192.168.5.16:53625 <-> 192.168.115.75:443 [flowId: 86][proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][11 pkts/1955 bytes <-> 8 pkts/1683 bytes][Goodput ratio: 67/72][6.76 sec][Hostname/SNI: 192.168.115.75][bytes ratio: 0.075 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 746/1336 5987/5987 1865/2341][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 178/210 1067/1055 287/323][Risk: ** Weak TLS Cipher **** HTTP/TLS/QUIC Numeric Hostname/SNI **** TLS (probably) Not Carrying HTTPS **][Risk Score: 120][Risk Info: 192.168.115.75 / No ALPN / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: 618ee2509ef52bf0b8216e1564eea909][JA4: t12i370400_07a749158664_e64f6000bf4d][JA3S: 573a9f3f80037fb40d481e2054def5bb (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 14,14,14,0,0,14,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 50 TCP 192.168.2.126:42554 <-> 35.156.44.13:80 [flowId: 188][proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][4 pkts/3091 bytes <-> 2 pkts/444 bytes][Goodput ratio: 91/70][2.57 sec][Hostname/SNI: de01.rayjump.com][bytes ratio: 0.749 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/2543 847/2543 2537/2543 1195/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/222 773/222 1506/222 647/0][URL: de01.rayjump.com/onlyImpression?k=629bea20a4e5410001f01c7x&mp=fURPDr5tiUStf7V2fajMiaveHUveDAJ96aiPfU5IiARTfnHIGal9i%2BMefbMM6jxc6aRAGaxIi%2BMPfdMei%2BewDke6Go9bWUxIi099WUR%2Fi%2BegYFKgY75IhFx8%2BFJML7K%2FH5K9GaHIinhPfdleialM6azIHkPIG%2BeIGnR%2FiUjPWUNMWUR][StatusCode: 200][Content-Type: text/plain][Server: nginx][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (FGET /onlyImpression)][Plen Bins: 16,0,0,16,34,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,16,0,0] + 50 TCP 192.168.2.126:42554 <-> 35.156.44.13:80 [flowId: 188][proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][4 pkts/3091 bytes <-> 2 pkts/444 bytes][Goodput ratio: 91/70][2.57 sec][Hostname/SNI: de01.rayjump.com][bytes ratio: 0.749 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/2543 847/2543 2537/2543 1195/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/222 773/222 1506/222 647/0][URL: de01.rayjump.com/onlyImpression?k=629bea20a4e5410001f01c7x&mp=fURPDr5tiUStf7V2fajMiaveHUveDAJ96aiPfU5IiARTfnHIGal9i%2BMefbMM6jxc6aRAGaxIi%2BMPfdMei%2BewDke6Go9bWUxIi099WUR%2Fi%2BegYFKgY75IhFx8%2BFJML7K%2FH5K9GaHIinhPfdleialM6azIHkPIG%2BeIGnR%2FiUjPWUNMWUR][StatusCode: 200][Content-Type: text/plain][Server: nginx][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.839 (Executable)][PLAIN TEXT (FGET /onlyImpression)][Plen Bins: 16,0,0,16,34,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,16,0,0] 51 TCP 192.168.5.16:53629 <-> 192.168.115.75:443 [flowId: 116][proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][10 pkts/1895 bytes <-> 7 pkts/1623 bytes][Goodput ratio: 69/75][6.08 sec][Hostname/SNI: 192.168.115.75][bytes ratio: 0.077 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 753/1500 5998/5998 1982/2597][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 190/232 1067/1055 299/340][Risk: ** Weak TLS Cipher **** HTTP/TLS/QUIC Numeric Hostname/SNI **** TLS (probably) Not Carrying HTTPS **][Risk Score: 120][Risk Info: 192.168.115.75 / No ALPN / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: 618ee2509ef52bf0b8216e1564eea909][JA4: t12i370400_07a749158664_e64f6000bf4d][JA3S: 573a9f3f80037fb40d481e2054def5bb (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 14,14,14,0,0,14,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 52 TCP 192.168.115.8:49605 <-> 106.185.35.110:80 [flowId: 35][proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Streaming/17][8 pkts/1128 bytes <-> 5 pkts/2282 bytes][Goodput ratio: 60/87][0.09 sec][Hostname/SNI: jp.kankan.1kxun.mobi][bytes ratio: -0.338 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/16 36/43 13/19][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 141/456 390/1314 144/512][URL: jp.kankan.1kxun.mobi/api/videos/10410.json][StatusCode: 200][Content-Type: application/json][Server: openresty/1.9.7.1][Risk: ** HTTP Susp User-Agent **][Risk Score: 100][Risk Info: Empty or missing User-Agent][PLAIN TEXT (GET /api/videos/10410.j)][Plen Bins: 20,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0] - 53 TCP 192.168.2.126:33042 <-> 3.122.190.70:80 [flowId: 194][proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/1986 bytes <-> 2 pkts/1328 bytes][Goodput ratio: 93/90][2.20 sec][Hostname/SNI: click.liftoff.io][URL: click.liftoff.io/v1/campaign_click/ddfWbX-c_ZpIF_3wE-XgJSwRJPn_5OpS9IR6X4XG91XQL6ssRLV4QPLSEQgWyRbP_OAHXGp-3z8zKxdRjL-BT6h7z46z4qmAWxR5DboEhr1DytY4W5gfQLUcV6yE3POR7PrQlrVbVtH-7uW1oie-jkR4naGHTVVHKv5kFXBJ9yTIX-JngaE2MMTER1HuBx9qTlyLhiZCtWSUSv4Ze5z4QuGqjWij][StatusCode: 200][Content-Type: image/png][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /v1/campaign)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 53 TCP 192.168.2.126:33042 <-> 3.122.190.70:80 [flowId: 194][proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/1986 bytes <-> 2 pkts/1328 bytes][Goodput ratio: 93/90][2.20 sec][Hostname/SNI: click.liftoff.io][URL: click.liftoff.io/v1/campaign_click/ddfWbX-c_ZpIF_3wE-XgJSwRJPn_5OpS9IR6X4XG91XQL6ssRLV4QPLSEQgWyRbP_OAHXGp-3z8zKxdRjL-BT6h7z46z4qmAWxR5DboEhr1DytY4W5gfQLUcV6yE3POR7PrQlrVbVtH-7uW1oie-jkR4naGHTVVHKv5kFXBJ9yTIX-JngaE2MMTER1HuBx9qTlyLhiZCtWSUSv4Ze5z4QuGqjWij][StatusCode: 200][Content-Type: image/png][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 6.072 (Executable)][PLAIN TEXT (GET /v1/campaign)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 54 TCP 192.168.2.126:50176 <-> 161.117.13.29:80 [flowId: 167][proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/1185 bytes <-> 2 pkts/2082 bytes][Goodput ratio: 94/94][0.19 sec][Hostname/SNI: mangaweb.1kxun.mobi][URL: mangaweb.1kxun.mobi/images/list_default.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /images/list)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,33,0,0] 55 TCP 192.168.5.16:53626 <-> 192.168.115.75:443 [flowId: 106][proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][11 pkts/1943 bytes <-> 8 pkts/1267 bytes][Goodput ratio: 66/63][8.90 sec][Hostname/SNI: 192.168.115.75][bytes ratio: 0.211 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 982/1763 6000/6000 1978/2381][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 177/158 1051/639 283/188][Risk: ** Weak TLS Cipher **** HTTP/TLS/QUIC Numeric Hostname/SNI **** TLS (probably) Not Carrying HTTPS **][Risk Score: 120][Risk Info: 192.168.115.75 / No ALPN / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: 799135475da362592a4be9199d258726][JA4: t12i370500_07a749158664_d075105c1994][JA3S: 573a9f3f80037fb40d481e2054def5bb (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 14,14,14,0,0,14,14,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 56 TCP 192.168.115.8:49597 <-> 106.185.35.110:80 [flowId: 14][proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Streaming/17][10 pkts/1394 bytes <-> 4 pkts/1464 bytes][Goodput ratio: 59/83][45.16 sec][Hostname/SNI: jp.kankan.1kxun.mobi][bytes ratio: -0.024 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/4 5639/28 44799/53 14801/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 139/366 468/1272 164/523][URL: jp.kankan.1kxun.mobi/api/videos/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377698][StatusCode: 200][Content-Type: application/x-javascript][Server: openresty/1.9.7.1][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][PLAIN TEXT (GET /api/videos/10410.j)][Plen Bins: 40,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0] - 57 TCP 192.168.2.126:35426 <-> 8.209.112.118:80 [flowId: 195][proto: 7/HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 5][cat: Web/5][4 pkts/2668 bytes <-> 1 pkts/142 bytes][Goodput ratio: 92/62][0.02 sec][Hostname/SNI: analytics.rayjump.com][URL: analytics.rayjump.com/][StatusCode: 204][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (POST / HTTP/1.1)][Plen Bins: 20,0,20,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0] - 58 TCP 192.168.2.126:41390 <-> 18.64.79.37:80 [flowId: 152][proto: 7.126/HTTP.Google][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/492 bytes <-> 3 pkts/2123 bytes][Goodput ratio: 86/91][0.03 sec][Hostname/SNI: google.open-js.com][URL: google.open-js.com/doubleclick/ca0ecde2.js][StatusCode: 200][Content-Type: application/javascript][Server: AmazonS3][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (SGET /doubleclick/ca0)][Plen Bins: 0,25,0,0,0,0,0,0,0,0,0,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0] + 57 TCP 192.168.2.126:35426 <-> 8.209.112.118:80 [flowId: 195][proto: 7/HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 5][cat: Web/5][4 pkts/2668 bytes <-> 1 pkts/142 bytes][Goodput ratio: 92/62][0.02 sec][Hostname/SNI: analytics.rayjump.com][URL: analytics.rayjump.com/][StatusCode: 204][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.261 (Executable)][PLAIN TEXT (POST / HTTP/1.1)][Plen Bins: 20,0,20,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0] + 58 TCP 192.168.2.126:41390 <-> 18.64.79.37:80 [flowId: 152][proto: 7.126/HTTP.Google][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/492 bytes <-> 3 pkts/2123 bytes][Goodput ratio: 86/91][0.03 sec][Hostname/SNI: google.open-js.com][URL: google.open-js.com/doubleclick/ca0ecde2.js][StatusCode: 200][Content-Type: application/javascript][Server: AmazonS3][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.486 (Executable)][PLAIN TEXT (SGET /doubleclick/ca0)][Plen Bins: 0,25,0,0,0,0,0,0,0,0,0,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0] 59 TCP 192.168.2.126:56096 <-> 3.72.69.158:80 [flowId: 174][proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/857 bytes <-> 1 pkts/1706 bytes][Goodput ratio: 92/96][0.02 sec][Hostname/SNI: setting.rayjump.com][URL: setting.rayjump.com/setting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=][StatusCode: 200][Content-Type: text/plain][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (GET /setting)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50] 60 TCP 31.13.87.1:443 <-> 192.168.5.16:53578 [flowId: 112][proto: 91/TLS][IP: 119/Facebook][Encrypted][Confidence: DPI][DPI packets: 3][cat: Web/5][5 pkts/1006 bytes <-> 5 pkts/1487 bytes][Goodput ratio: 67/78][0.26 sec][bytes ratio: -0.193 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 64/64 205/212 84/87][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 201/297 471/1223 139/463][Plen Bins: 0,0,40,20,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0] 61 UDP 192.168.5.57:55809 -> 239.255.255.250:1900 [flowId: 1][proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][14 pkts/2450 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][56.94 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2968/0 4488/0 17921/0 4136/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 62 TCP 192.168.115.8:49598 <-> 222.73.254.167:80 [flowId: 24][proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Streaming/17][10 pkts/1406 bytes <-> 4 pkts/980 bytes][Goodput ratio: 60/75][45.21 sec][Hostname/SNI: kankan.1kxun.com][bytes ratio: 0.179 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/9 5643/40 44798/70 14800/30][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 141/245 474/788 167/314][URL: kankan.1kxun.com/api/videos/alsolikes/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377899][StatusCode: 200][Content-Type: application/json][Server: openresty/1.9.3.2][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][PLAIN TEXT (GET /api/videos/alsolikes/10410)][Plen Bins: 40,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 63 TCP 192.168.115.8:49612 <-> 183.131.48.145:80 [flowId: 45][proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Web/5][10 pkts/1428 bytes <-> 4 pkts/867 bytes][Goodput ratio: 60/73][0.23 sec][Hostname/SNI: 183.131.48.145][bytes ratio: 0.244 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 28/42 74/83 34/42][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 143/217 486/687 172/271][URL: 183.131.48.145/vlive.qqvideo.tc.qq.com/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE656][StatusCode: 302][Server: httpserver][Risk: ** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 110][Risk Info: Found host 183.131.48.145 / Empty or missing User-Agent][PLAIN TEXT (GET /vlive.qq)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 63 TCP 192.168.115.8:49612 <-> 183.131.48.145:80 [flowId: 45][proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Web/5][10 pkts/1428 bytes <-> 4 pkts/867 bytes][Goodput ratio: 60/73][0.23 sec][Hostname/SNI: 183.131.48.145][bytes ratio: 0.244 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 28/42 74/83 34/42][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 143/217 486/687 172/271][URL: 183.131.48.145/vlive.qqvideo.tc.qq.com/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE656][StatusCode: 302][Server: httpserver][Risk: ** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **][Risk Score: 160][Risk Info: Found host 183.131.48.145 / Empty or missing User-Agent / Entropy: 5.112 (Executable)][PLAIN TEXT (GET /vlive.qq)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 64 UDP 192.168.5.44:51389 -> 239.255.255.250:1900 [flowId: 2][proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][13 pkts/2275 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][59.19 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2967/0 5110/0 15056/0 4451/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 65 TCP 192.168.2.126:45424 <-> 161.117.13.29:80 [flowId: 151][proto: 7/HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/480 bytes <-> 1 pkts/1787 bytes][Goodput ratio: 86/96][0.19 sec][Hostname/SNI: tcad.wedolook.com][URL: tcad.wedolook.com/js/websdk.js][StatusCode: 200][Content-Type: application/javascript][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/websdk.js HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50] 66 UDP 192.168.3.95:59468 -> 239.255.255.250:1900 [flowId: 20][proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][12 pkts/2100 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][45.06 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2967/0 4198/0 14952/0 3585/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 67 UDP 192.168.5.9:55484 -> 239.255.255.250:1900 [flowId: 50][proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][12 pkts/2100 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][49.87 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2968/0 4680/0 19869/0 5063/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 68 TCP 192.168.2.126:50148 <-> 161.117.13.29:80 [flowId: 164][proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/1180 bytes <-> 1 pkts/832 bytes][Goodput ratio: 94/92][0.18 sec][Hostname/SNI: mangaweb.1kxun.mobi][URL: mangaweb.1kxun.mobi/images/readpage_revision/like_1.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /images/readpage)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0] - 69 TCP 192.168.2.126:42566 <-> 35.156.44.13:80 [flowId: 189][proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 4][cat: Web/5][3 pkts/1770 bytes <-> 1 pkts/222 bytes][Goodput ratio: 89/70][0.03 sec][Hostname/SNI: de01.rayjump.com][StatusCode: 200][Content-Type: text/plain][Server: nginx][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gec][PLAIN TEXT (GGET /impression)][Plen Bins: 25,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] + 69 TCP 192.168.2.126:42566 <-> 35.156.44.13:80 [flowId: 189][proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 4][cat: Web/5][3 pkts/1770 bytes <-> 1 pkts/222 bytes][Goodput ratio: 89/70][0.03 sec][Hostname/SNI: de01.rayjump.com][StatusCode: 200][Content-Type: text/plain][Server: nginx][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.706 (Executable)][PLAIN TEXT (GGET /impression)][Plen Bins: 25,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] 70 TCP 192.168.5.16:53624 <-> 68.233.253.133:80 [flowId: 58][proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][7 pkts/996 bytes <-> 5 pkts/986 bytes][Goodput ratio: 52/66][31.95 sec][Hostname/SNI: api.magicansoft.com][bytes ratio: 0.005 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/8 2391/3919 11352/11551 4481/5397][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 142/197 331/390 117/157][URL: api.magicansoft.com/comMagicanApi/composite/app.php/Global/Index/ip][StatusCode: 502][Content-Type: text/html][Server: MServer 1.2.2][User-Agent: Magican (unknown version) CFNetwork/720.5.7 Darwin/14.5.0 (x86_64)][Risk: ** Error Code **][Risk Score: 10][Risk Info: HTTP Error Code 502][PLAIN TEXT (GET /comMagicanApi/composite/ap)][Plen Bins: 0,0,0,0,0,0,0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 71 TCP 192.168.2.126:50140 <-> 161.117.13.29:80 [flowId: 163][proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/1178 bytes <-> 1 pkts/748 bytes][Goodput ratio: 94/91][0.18 sec][Hostname/SNI: mangaweb.1kxun.mobi][URL: mangaweb.1kxun.mobi/images/readpage_revision/left.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /images/readpage)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0] 72 TCP 192.168.2.126:50166 <-> 161.117.13.29:80 [flowId: 166][proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/1179 bytes <-> 1 pkts/746 bytes][Goodput ratio: 94/91][0.18 sec][Hostname/SNI: mangaweb.1kxun.mobi][URL: mangaweb.1kxun.mobi/images/readpage_revision/right.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /images/readpage)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -160,39 +160,39 @@ JA3 Host Stats: 74 TCP 192.168.2.126:51686 <-> 18.64.79.64:80 [flowId: 196][proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1295 bytes <-> 1 pkts/500 bytes][Goodput ratio: 95/87][0.60 sec][Hostname/SNI: net.rayjump.com][URL: net.rayjump.com/openapi/ad/v3?app_id=32456&unit_id=8881&sign=3c28ded04e0f4090229968618244b583&req_type=3&ad_num=20&tnum=1&only_impression=1&ping_mode=1&ttc_ids=%5B%5D&display_cids=%5B19944365299%5D&exclude_ids=%5B19944365299%5D&ad_source_id=1&session_id=6][StatusCode: 200][Content-Type: application/json][Server: nginx][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (GET /openapi/ad/v)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] 75 TCP 192.168.2.126:50164 <-> 161.117.13.29:80 [flowId: 165][proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/1184 bytes <-> 1 pkts/574 bytes][Goodput ratio: 94/88][0.18 sec][Hostname/SNI: mangaweb.1kxun.mobi][URL: mangaweb.1kxun.mobi/images/readpage_revision/more_white.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /images/readpage)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0] 76 UDP 192.168.101.33:55485 -> 239.255.255.250:1900 [flowId: 49][proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][10 pkts/1750 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][49.87 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2969/0 5541/0 19870/0 5205/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 77 TCP 192.168.2.126:41940 <-> 18.64.79.50:80 [flowId: 190][proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1315 bytes <-> 1 pkts/419 bytes][Goodput ratio: 95/84][0.04 sec][Hostname/SNI: tknet-cdn.rayjump.com][URL: tknet-cdn.rayjump.com/ad/log/play?k=629bea20a4e5410001f01c7x&mp=fURPDr5tiUStf7V2fajMiaveHUveDAJ96aiPfU5IiARTfnHIGal9i%2BMefbMefAEeGn3TfaiFfnRPGnEe6jxc6aRAGaxIi%2BMPfdMei%2BewDke6Go9bWUxIi099WUR%2Fi%2BegYFKgY75IhFx8%2BFJML7K%2FH5K9GaHIinhPfdleialM6azIHkPIG][StatusCode: 200][Content-Type: text/plain][Server: nginx][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /ad/log/play)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0] + 77 TCP 192.168.2.126:41940 <-> 18.64.79.50:80 [flowId: 190][proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1315 bytes <-> 1 pkts/419 bytes][Goodput ratio: 95/84][0.04 sec][Hostname/SNI: tknet-cdn.rayjump.com][URL: tknet-cdn.rayjump.com/ad/log/play?k=629bea20a4e5410001f01c7x&mp=fURPDr5tiUStf7V2fajMiaveHUveDAJ96aiPfU5IiARTfnHIGal9i%2BMefbMefAEeGn3TfaiFfnRPGnEe6jxc6aRAGaxIi%2BMPfdMei%2BewDke6Go9bWUxIi099WUR%2Fi%2BegYFKgY75IhFx8%2BFJML7K%2FH5K9GaHIinhPfdleialM6azIHkPIG][StatusCode: 200][Content-Type: text/plain][Server: nginx][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.868 (Executable)][PLAIN TEXT (GET /ad/log/play)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0] 78 TCP 192.168.2.126:49242 <-> 172.104.119.80:80 [flowId: 139][proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][2 pkts/1129 bytes <-> 2 pkts/582 bytes][Goodput ratio: 88/77][2.16 sec][Hostname/SNI: android.yingshi.tcclick.1kxun.com][URL: android.yingshi.tcclick.1kxun.com/api/upload.php][StatusCode: 500][Req Content-Type: application/octet-stream][Content-Type: text/html][Server: openresty/1.11.2.5][User-Agent: okhttp/3.10.0][Risk: ** Error Code **][Risk Score: 10][Risk Info: HTTP Error Code 500][PLAIN TEXT (aPOST /api/upload.php HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 79 TCP 192.168.2.126:56104 <-> 3.72.69.158:80 [flowId: 175][proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/896 bytes <-> 1 pkts/721 bytes][Goodput ratio: 93/91][0.02 sec][Hostname/SNI: setting.rayjump.com][URL: setting.rayjump.com/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&unit_ids=%5B8881%5D&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&br][StatusCode: 200][Content-Type: text/plain][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (GET /rewardsetting)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 80 UDP 192.168.5.49:51704 -> 239.255.255.250:1900 [flowId: 53][proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][9 pkts/1611 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][45.06 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2965/0 5631/0 15155/0 3855/0][Pkt Len c2s/s2c min/avg/max/stddev: 179/0 179/0 179/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 81 UDP 192.168.5.50:64674 -> 239.255.255.250:1900 [flowId: 5][proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][9 pkts/1611 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][57.02 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2949/0 7126/0 24065/0 7503/0][Pkt Len c2s/s2c min/avg/max/stddev: 179/0 179/0 179/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 82 UDP 192.168.5.37:57325 -> 239.255.255.250:1900 [flowId: 43][proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][9 pkts/1575 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][45.06 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2969/0 5632/0 18024/0 4843/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 83 TCP 192.168.2.126:59324 <-> 104.117.221.10:80 [flowId: 171][proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/475 bytes <-> 1 pkts/1049 bytes][Goodput ratio: 86/94][0.04 sec][Hostname/SNI: m.vpon.com][URL: m.vpon.com/sdk/vpadn-sdk-core-v1.js][StatusCode: 200][Content-Type: application/x-javascript][Server: AkamaiNetStorage][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36(Mobile; vpadn-sdk-a-v4.6.4)][PLAIN TEXT (GET /sdk/vpadn)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 83 TCP 192.168.2.126:59324 <-> 104.117.221.10:80 [flowId: 171][proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/475 bytes <-> 1 pkts/1049 bytes][Goodput ratio: 86/94][0.04 sec][Hostname/SNI: m.vpon.com][URL: m.vpon.com/sdk/vpadn-sdk-core-v1.js][StatusCode: 200][Content-Type: application/x-javascript][Server: AkamaiNetStorage][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36(Mobile; vpadn-sdk-a-v4.6.4)][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.517 (Executable)][PLAIN TEXT (GET /sdk/vpadn)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 84 TCP 192.168.2.126:35200 <-> 103.29.71.30:80 [flowId: 144][proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/953 bytes <-> 1 pkts/563 bytes][Goodput ratio: 93/88][0.36 sec][Hostname/SNI: release.bigdata.1kxun.com][URL: release.bigdata.1kxun.com/c/35/13277?&_in_app=kankan&_udid=e6dbd30b-3b84-44b4-9751-631148a3ede9&_v=2.8.2.1&_package=com.sceneway.kankan&_model=sdk_gphone_x86&_ov=11&_brand=Google&_android_id=b9e28776354d259e&_gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&t=16][StatusCode: 302][Content-Type: text/html][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /c/35/13277)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 85 TCP 192.168.2.126:43272 <-> 18.64.79.58:80 [flowId: 178][proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1006 bytes <-> 1 pkts/500 bytes][Goodput ratio: 93/87][0.11 sec][Hostname/SNI: net.rayjump.com][URL: net.rayjump.com/openapi/ads?app_id=32456&unit_id=52498&sign=3c28ded04e0f4090229968618244b583&is_vast=1&ad_num=1&http_req=1&client_ip=92.219.40.235&useragent=Dalvik%2F2.1.0+%28Linux%3B+U%3B+Android+11%3B+sdk_gphone_x86+Build%2FRSR1.201013.001%29&os_version][StatusCode: 200][Content-Type: application/json][Server: nginx][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][PLAIN TEXT (GET /openapi/ads)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 86 TCP 192.168.115.8:49607 <-> 218.244.135.170:9099 [flowId: 37][proto: 7/HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 8][cat: Web/5][10 pkts/880 bytes <-> 3 pkts/572 bytes][Goodput ratio: 36/69][0.74 sec][Hostname/SNI: 218.244.135.170][bytes ratio: 0.212 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/119 54/119 318/119 106/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 88/191 212/446 62/181][URL: 218.244.135.170:9099/api/qqlive_ckey/get?vid=y0013xaeeyo&platform=10902][StatusCode: 200][User-Agent: Mozilla/5.0][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 218.244.135.170][PLAIN TEXT (GET /api/qq)][Plen Bins: 25,0,0,0,50,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 86 TCP 192.168.115.8:49607 <-> 218.244.135.170:9099 [flowId: 37][proto: 7/HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 8][cat: Web/5][10 pkts/880 bytes <-> 3 pkts/572 bytes][Goodput ratio: 36/69][0.74 sec][Hostname/SNI: 218.244.135.170][bytes ratio: 0.212 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/119 54/119 318/119 106/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 88/191 212/446 62/181][URL: 218.244.135.170:9099/api/qqlive_ckey/get?vid=y0013xaeeyo&platform=10902][StatusCode: 200][User-Agent: Mozilla/5.0][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **][Risk Score: 110][Risk Info: Found host 218.244.135.170 / Entropy: 5.332 (Executable)][PLAIN TEXT (GET /api/qq)][Plen Bins: 25,0,0,0,50,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 87 UDP 192.168.5.47:60267 -> 239.255.255.250:1900 [flowId: 11][proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][8 pkts/1432 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][38.10 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2968/0 5442/0 17101/0 4875/0][Pkt Len c2s/s2c min/avg/max/stddev: 179/0 179/0 179/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 88 UDP 192.168.5.41:55312 -> 239.255.255.250:1900 [flowId: 6][proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][8 pkts/1400 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][57.22 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2949/0 8174/0 27242/0 8848/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 89 UDP 0.0.0.0:68 -> 255.255.255.255:67 [flowId: 7][proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][4 pkts/1368 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][46.39 sec][Hostname/SNI: shen][DHCP Fingerprint: 1,121,3,6,15,119,252][PLAIN TEXT (android)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 90 UDP 192.168.5.16:68 <-> 192.168.119.1:67 [flowId: 54][proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/684 bytes <-> 2 pkts/684 bytes][Goodput ratio: 88/88][30.01 sec][Hostname/SNI: macbook-air][DHCP Fingerprint: 1,3,6,15,119,95,252,44,46][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 91 TCP 192.168.2.126:53416 <-> 172.217.16.142:80 [flowId: 193][proto: 7.126/HTTP.Google][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/625 bytes <-> 1 pkts/734 bytes][Goodput ratio: 89/91][0.05 sec][Hostname/SNI: play.google.com][URL: play.google.com/store/apps/details?id=com.azarlive.android&referrer=adjust_external_click_id%3Dv.2_g.143845_a.f84f54bf-31cd-43ff-bd27-526ccc6457da_c.117_t.ua_u.e7df87247cbcea13%26utm_campaign%3DTest%2BCampaign%26utm_content%3DTest%2BSource%2BApp_123456789][StatusCode: 301][Content-Type: application/binary][Server: ESF][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /store/apps/details)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 92 TCP 192.168.2.126:58758 <-> 202.153.196.53:80 [flowId: 179][proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1110 bytes <-> 1 pkts/236 bytes][Goodput ratio: 94/72][0.32 sec][Hostname/SNI: tw.api.vpon.com][URL: tw.api.vpon.com/api/webviewAdReq?s_w=411&s_h=731&u_w=411&u_h=683&u_sd=2.625&lang=en_US&ni=0&sdk=vpadn-sdk-a-v4.6.4&u_o=1&os_v=30&n_mnc=260&n_mcc=310&mnc=260&mcc=310&format=320x50_mb&msid=com.sceneway.kankan&app_name=30.android.com.sceneway.kankan&simulato][StatusCode: 200][Server: Apache-Coyote/1.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36(Mobile; vpadn-sdk-a-v4.6.4)][PLAIN TEXT (NGET /api/webviewAdReq)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 93 TCP 192.168.2.126:58760 <-> 202.153.196.53:80 [flowId: 180][proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1110 bytes <-> 1 pkts/236 bytes][Goodput ratio: 94/72][1.09 sec][Hostname/SNI: tw.api.vpon.com][URL: tw.api.vpon.com/api/webviewAdReq?s_w=731&s_h=411&u_w=683&u_h=411&u_sd=2.625&lang=en_US&ni=0&sdk=vpadn-sdk-a-v4.6.4&u_o=2&os_v=30&n_mnc=260&n_mcc=310&mnc=260&mcc=310&format=320x50_mb&msid=com.sceneway.kankan&app_name=30.android.com.sceneway.kankan&simulato][StatusCode: 200][Server: Apache-Coyote/1.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36(Mobile; vpadn-sdk-a-v4.6.4)][PLAIN TEXT (GET /api/webviewAdReq)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 91 TCP 192.168.2.126:53416 <-> 172.217.16.142:80 [flowId: 193][proto: 7.126/HTTP.Google][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/625 bytes <-> 1 pkts/734 bytes][Goodput ratio: 89/91][0.05 sec][Hostname/SNI: play.google.com][URL: play.google.com/store/apps/details?id=com.azarlive.android&referrer=adjust_external_click_id%3Dv.2_g.143845_a.f84f54bf-31cd-43ff-bd27-526ccc6457da_c.117_t.ua_u.e7df87247cbcea13%26utm_campaign%3DTest%2BCampaign%26utm_content%3DTest%2BSource%2BApp_123456789][StatusCode: 301][Content-Type: application/binary][Server: ESF][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.564 (Executable)][PLAIN TEXT (GET /store/apps/details)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 92 TCP 192.168.2.126:58758 <-> 202.153.196.53:80 [flowId: 179][proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1110 bytes <-> 1 pkts/236 bytes][Goodput ratio: 94/72][0.32 sec][Hostname/SNI: tw.api.vpon.com][URL: tw.api.vpon.com/api/webviewAdReq?s_w=411&s_h=731&u_w=411&u_h=683&u_sd=2.625&lang=en_US&ni=0&sdk=vpadn-sdk-a-v4.6.4&u_o=1&os_v=30&n_mnc=260&n_mcc=310&mnc=260&mcc=310&format=320x50_mb&msid=com.sceneway.kankan&app_name=30.android.com.sceneway.kankan&simulato][StatusCode: 200][Server: Apache-Coyote/1.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36(Mobile; vpadn-sdk-a-v4.6.4)][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.864 (Executable)][PLAIN TEXT (NGET /api/webviewAdReq)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 93 TCP 192.168.2.126:58760 <-> 202.153.196.53:80 [flowId: 180][proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1110 bytes <-> 1 pkts/236 bytes][Goodput ratio: 94/72][1.09 sec][Hostname/SNI: tw.api.vpon.com][URL: tw.api.vpon.com/api/webviewAdReq?s_w=731&s_h=411&u_w=683&u_h=411&u_sd=2.625&lang=en_US&ni=0&sdk=vpadn-sdk-a-v4.6.4&u_o=2&os_v=30&n_mnc=260&n_mcc=310&mnc=260&mcc=310&format=320x50_mb&msid=com.sceneway.kankan&app_name=30.android.com.sceneway.kankan&simulato][StatusCode: 200][Server: Apache-Coyote/1.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36(Mobile; vpadn-sdk-a-v4.6.4)][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.865 (Executable)][PLAIN TEXT (GET /api/webviewAdReq)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 94 TCP 192.168.2.126:56094 <-> 3.72.69.158:80 [flowId: 172][proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/876 bytes <-> 1 pkts/460 bytes][Goodput ratio: 92/85][0.02 sec][Hostname/SNI: setting.rayjump.com][URL: setting.rayjump.com/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc][StatusCode: 200][Content-Type: text/plain][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (GET /rewardsetting)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 95 TCP 192.168.2.126:56098 <-> 3.72.69.158:80 [flowId: 173][proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/863 bytes <-> 1 pkts/460 bytes][Goodput ratio: 92/85][0.02 sec][Hostname/SNI: setting.rayjump.com][URL: setting.rayjump.com/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc][StatusCode: 200][Content-Type: text/plain][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (GET /rewardsetting)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 96 TCP 192.168.2.126:47272 <-> 161.117.13.29:80 [flowId: 136][proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/982 bytes <-> 1 pkts/331 bytes][Goodput ratio: 93/80][0.35 sec][Hostname/SNI: messages.1kxun.mobi][URL: messages.1kxun.mobi/api/messages/listForYingshi?client-uid=e6dbd30b-3b84-44b4-9751-631148a3ede9&min_id=0&access_token=&_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kx][StatusCode: 200][Content-Type: text/xml][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /api/messages/listForYingsh)][Plen Bins: 0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 97 TCP 192.168.2.126:56826 <-> 8.209.97.107:80 [flowId: 177][proto: 7/HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 3][cat: Web/5][2 pkts/1156 bytes <-> 1 pkts/142 bytes][Goodput ratio: 91/62][0.02 sec][Hostname/SNI: analytics.rayjump.com][URL: analytics.rayjump.com/][StatusCode: 204][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (POST / HTTP/1.1)][Plen Bins: 0,0,33,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 97 TCP 192.168.2.126:56826 <-> 8.209.97.107:80 [flowId: 177][proto: 7/HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 3][cat: Web/5][2 pkts/1156 bytes <-> 1 pkts/142 bytes][Goodput ratio: 91/62][0.02 sec][Hostname/SNI: analytics.rayjump.com][URL: analytics.rayjump.com/][StatusCode: 204][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.265 (Executable)][PLAIN TEXT (POST / HTTP/1.1)][Plen Bins: 0,0,33,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 98 UDP 192.168.5.48:49701 -> 239.255.255.250:1900 [flowId: 74][proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][7 pkts/1253 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][16.80 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1227/0 2799/0 5942/0 1567/0][Pkt Len c2s/s2c min/avg/max/stddev: 179/0 179/0 179/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 99 TCP 192.168.2.126:43266 -> 18.64.79.58:80 [flowId: 176][proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1198 bytes -> 0 pkts/0 bytes][Goodput ratio: 94/0][< 1 sec][Hostname/SNI: net.rayjump.com][URL: net.rayjump.com/openapi/ad/v3?app_id=32456&unit_id=8881&sign=3c28ded04e0f4090229968618244b583&req_type=2&ad_num=20&tnum=1&only_impression=1&ping_mode=1&ttc_ids=%5B%5D&ad_source_id=1&ad_type=94&offset=0&channel=&platform=1&os_version=11&package_name=com.sc][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (GET /openapi/ad/v)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0] + 99 TCP 192.168.2.126:43266 -> 18.64.79.58:80 [flowId: 176][proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1198 bytes -> 0 pkts/0 bytes][Goodput ratio: 94/0][< 1 sec][Hostname/SNI: net.rayjump.com][URL: net.rayjump.com/openapi/ad/v3?app_id=32456&unit_id=8881&sign=3c28ded04e0f4090229968618244b583&req_type=2&ad_num=20&tnum=1&only_impression=1&ping_mode=1&ttc_ids=%5B%5D&ad_source_id=1&ad_type=94&offset=0&channel=&platform=1&os_version=11&package_name=com.sc][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy: 5.560 (Executable)][PLAIN TEXT (GET /openapi/ad/v)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0] 100 UDP 192.168.3.236:137 -> 192.168.255.255:137 [flowId: 63][proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][13 pkts/1196 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][30.61 sec][Hostname/SNI: isatap][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 715/0 2708/0 9111/0 2902/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/0 92/0 92/0 0/0][PLAIN TEXT (FDEBFEEBFACACACACACACACACACAAA)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 101 TCP 192.168.2.126:40204 <-> 18.235.204.9:80 [flowId: 192][proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/760 bytes <-> 1 pkts/237 bytes][Goodput ratio: 91/72][0.11 sec][Hostname/SNI: adexp.liftoff.io][URL: adexp.liftoff.io/event/vast/start/57aa80COXjCBIkZjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhGICaqoiTMCB1KMi9DzCiEDobY29tLnNjZW5ld2F5Lmthbmthbi5tYXJrZXQzQhhoYXdrZXItcmVuZGVyaW5nLWNvbnRyb2xKCmQ4MTI5YmY1ZTRQAloDREVVYAJoBHIJdXMtZWFzdC0x4AEBgAF1kgECZW6YAQK][StatusCode: 200][Content-Type: image/png][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /event/vast/start/57aa80COX)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 101 TCP 192.168.2.126:40204 <-> 18.235.204.9:80 [flowId: 192][proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/760 bytes <-> 1 pkts/237 bytes][Goodput ratio: 91/72][0.11 sec][Hostname/SNI: adexp.liftoff.io][URL: adexp.liftoff.io/event/vast/start/57aa80COXjCBIkZjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhGICaqoiTMCB1KMi9DzCiEDobY29tLnNjZW5ld2F5Lmthbmthbi5tYXJrZXQzQhhoYXdrZXItcmVuZGVyaW5nLWNvbnRyb2xKCmQ4MTI5YmY1ZTRQAloDREVVYAJoBHIJdXMtZWFzdC0x4AEBgAF1kgECZW6YAQK][StatusCode: 200][Content-Type: image/png][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.991 (Executable)][PLAIN TEXT (GET /event/vast/start/57aa80COX)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 102 TCP 192.168.2.126:60962 <-> 172.104.93.92:1234 [flowId: 129][proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/255 bytes][Goodput ratio: 89/74][0.31 sec][Hostname/SNI: ws.1kxun.mobi][URL: ws.1kxun.mobi:1234/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c][StatusCode: 101][Server: swoole-websocket-server][User-Agent: okhttp/3.10.0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (Google)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 103 TCP 192.168.2.126:60972 <-> 172.104.93.92:1234 [flowId: 130][proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/255 bytes][Goodput ratio: 89/74][0.24 sec][Hostname/SNI: ws.1kxun.mobi][URL: ws.1kxun.mobi:1234/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c][StatusCode: 101][Server: swoole-websocket-server][User-Agent: okhttp/3.10.0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (Google)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 104 TCP 192.168.2.126:60984 <-> 172.104.93.92:1234 [flowId: 131][proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/255 bytes][Goodput ratio: 89/74][0.27 sec][Hostname/SNI: ws.1kxun.mobi][URL: ws.1kxun.mobi:1234/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c][StatusCode: 101][Server: swoole-websocket-server][User-Agent: okhttp/3.10.0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (Google)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 105 TCP 192.168.2.126:41134 <-> 129.226.107.77:80 [flowId: 133][proto: 7.48/HTTP.QQ][IP: 285/Tencent][ClearText][Confidence: DPI][DPI packets: 2][cat: Chat/9][1 pkts/324 bytes <-> 1 pkts/518 bytes][Goodput ratio: 83/89][0.19 sec][Hostname/SNI: cgi.connect.qq.com][URL: cgi.connect.qq.com/qqconnectopen/openapi/policy_conf?status_os=11&status_version=30&status_machine=sdk_gphone_x86&sdkp=a&sdkv=3.1.0.lite&appid=100258135][StatusCode: 302][Content-Type: text/html][Server: stgw][User-Agent: AndroidSDK_30_generic_x86_arm_11][PLAIN TEXT (GET /qq)][Plen Bins: 0,0,0,0,0,0,0,0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 106 TCP 192.168.2.126:38834 <-> 119.45.78.184:80 [flowId: 137][proto: 7.48/HTTP.QQ][IP: 285/Tencent][ClearText][Confidence: DPI][DPI packets: 3][cat: Chat/9][2 pkts/655 bytes <-> 1 pkts/170 bytes][Goodput ratio: 80/61][0.31 sec][Hostname/SNI: pingma.qq.com][URL: pingma.qq.com:80/mstat/report][StatusCode: 404][Risk: ** HTTP Susp User-Agent **** Error Code **][Risk Score: 110][Risk Info: Empty or missing User-Agent / HTTP Error Code 404][PLAIN TEXT (POST /mstat/report HTTP/1.1)][Plen Bins: 0,0,0,33,33,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 107 UDP 192.168.5.45:138 -> 192.168.255.255:138 [flowId: 69][proto: 10.16/NetBIOS.SMBv1][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][3 pkts/648 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][0.00 sec][Hostname/SNI: macbookair-e1d0][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT ( ENEBEDECEPEPELEBEJ)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 108 TCP 192.168.2.126:54810 <-> 18.233.123.55:80 [flowId: 191][proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/490 bytes <-> 1 pkts/141 bytes][Goodput ratio: 86/53][0.11 sec][Hostname/SNI: impression-east.liftoff.io][URL: impression-east.liftoff.io/mintegral/beacon?ad_group_id=143845&channel_id=117&creative_id=253640&auction_id=f84f54bf-31cd-43ff-bd27-526ccc6457da&origin=haggler-mintegral021][StatusCode: 200][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /mintegral/beacon)][Plen Bins: 0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 109 TCP 192.168.2.126:51888 -> 119.28.164.143:80 [flowId: 153][proto: 7/HTTP][IP: 285/Tencent][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/571 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Hostname/SNI: qzonestyle.gtimg.cn][URL: qzonestyle.gtimg.cn/qzone/openapi/qc-1.0.1.js][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (GET /qzone/openapi/qc)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 108 TCP 192.168.2.126:54810 <-> 18.233.123.55:80 [flowId: 191][proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/490 bytes <-> 1 pkts/141 bytes][Goodput ratio: 86/53][0.11 sec][Hostname/SNI: impression-east.liftoff.io][URL: impression-east.liftoff.io/mintegral/beacon?ad_group_id=143845&channel_id=117&creative_id=253640&auction_id=f84f54bf-31cd-43ff-bd27-526ccc6457da&origin=haggler-mintegral021][StatusCode: 200][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.499 (Executable)][PLAIN TEXT (GET /mintegral/beacon)][Plen Bins: 0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 109 TCP 192.168.2.126:51888 -> 119.28.164.143:80 [flowId: 153][proto: 7/HTTP][IP: 285/Tencent][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/571 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Hostname/SNI: qzonestyle.gtimg.cn][URL: qzonestyle.gtimg.cn/qzone/openapi/qc-1.0.1.js][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy: 5.539 (Executable)][PLAIN TEXT (GET /qzone/openapi/qc)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 110 TCP 192.168.2.126:47230 <-> 161.117.13.29:80 [flowId: 132][proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Download/7][1 pkts/223 bytes <-> 1 pkts/330 bytes][Goodput ratio: 70/80][0.18 sec][Hostname/SNI: kankan.1kxun.mobi][URL: kankan.1kxun.mobi/api.domain.conf][StatusCode: 200][Content-Type: application/octet-stream][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][Risk: ** Binary file/data transfer (attempt) **][Risk Score: 50][Risk Info: Found binary mime octet-stream][PLAIN TEXT (GET /api.domain.conf HTTP/1.1)][Plen Bins: 0,0,0,0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 111 UDP 192.168.115.8:137 -> 192.168.255.255:137 [flowId: 17][proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][6 pkts/552 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][1.50 sec][Hostname/SNI: wpad][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 300/0 749/0 367/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/0 92/0 92/0 0/0][PLAIN TEXT ( FHFAEBEECACACACACACACACACACACA)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 112 UDP 192.168.5.67:138 -> 192.168.255.255:138 [flowId: 34][proto: 10.16/NetBIOS.SMBv1][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][2 pkts/549 bytes -> 0 pkts/0 bytes][Goodput ratio: 85/0][< 1 sec][Hostname/SNI: sanji-lifebook-][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT ( FDEBEOEKEJ)][Plen Bins: 0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -276,11 +276,11 @@ Undetected flows: 4 UDP 192.168.10.7:62976 -> 255.255.255.255:62976 [flowId: 70][proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 2][2 pkts/718 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][30.11 sec][PLAIN TEXT (Switch)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 5 UDP 192.168.125.30:62976 -> 255.255.255.255:62976 [flowId: 21][proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 2][2 pkts/718 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][30.10 sec][PLAIN TEXT (Switch)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 6 UDP 192.168.140.140:62976 -> 255.255.255.255:62976 [flowId: 64][proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/359 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][< 1 sec][PLAIN TEXT (Switch)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 7 UDP [fe80::4e5e:cff:feea:365]:5678 -> [ff02::1]:5678 [flowId: 88][proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/197 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][PLAIN TEXT (6.35.1 )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 8 UDP [fe80::4e5e:cff:fe9a:ec54]:5678 -> [ff02::1]:5678 [flowId: 59][proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/185 bytes -> 0 pkts/0 bytes][Goodput ratio: 66/0][< 1 sec][PLAIN TEXT (6.35.1 )][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 9 UDP 192.168.119.1:56861 -> 255.255.255.255:5678 [flowId: 87][proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/177 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][PLAIN TEXT (6.35.1 )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 7 UDP [fe80::4e5e:cff:feea:365]:5678 -> [ff02::1]:5678 [flowId: 88][proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/197 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.188 (Executable)][PLAIN TEXT (6.35.1 )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 8 UDP [fe80::4e5e:cff:fe9a:ec54]:5678 -> [ff02::1]:5678 [flowId: 59][proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/185 bytes -> 0 pkts/0 bytes][Goodput ratio: 66/0][< 1 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.214 (Executable)][PLAIN TEXT (6.35.1 )][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 9 UDP 192.168.119.1:56861 -> 255.255.255.255:5678 [flowId: 87][proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/177 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.168 (Executable)][PLAIN TEXT (6.35.1 )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 10 UDP 59.120.208.218:50151 -> 255.255.255.255:1947 [flowId: 55][proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 2][2 pkts/164 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][34.71 sec][PLAIN TEXT (AABHZW50cmljZV9)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 11 UDP 192.168.2.186:32768 -> 255.255.255.255:1947 [flowId: 76][proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 2][2 pkts/164 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][34.72 sec][PLAIN TEXT (icRVSoU)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 12 UDP 192.168.119.2:43786 -> 255.255.255.255:5678 [flowId: 93][proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/163 bytes -> 0 pkts/0 bytes][Goodput ratio: 74/0][< 1 sec][PLAIN TEXT (6.35.4 )][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 13 UDP 192.168.0.100:50925 -> 255.255.255.255:5678 [flowId: 78][proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/142 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][PLAIN TEXT (6.35.1 )][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 12 UDP 192.168.119.2:43786 -> 255.255.255.255:5678 [flowId: 93][proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/163 bytes -> 0 pkts/0 bytes][Goodput ratio: 74/0][< 1 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.052 (Executable)][PLAIN TEXT (6.35.4 )][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 13 UDP 192.168.0.100:50925 -> 255.255.255.255:5678 [flowId: 78][proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/142 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.173 (Executable)][PLAIN TEXT (6.35.1 )][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 14 UDP 59.120.208.212:32768 -> 255.255.255.255:1947 [flowId: 85][proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][PLAIN TEXT (dDYcTc4)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/flow_risk_lists_disable/result/protonvpn.pcap.out b/tests/cfgs/flow_risk_lists_disable/result/protonvpn.pcap.out index bff997389fc..642ea21ed8a 100644 --- a/tests/cfgs/flow_risk_lists_disable/result/protonvpn.pcap.out +++ b/tests/cfgs/flow_risk_lists_disable/result/protonvpn.pcap.out @@ -18,7 +18,7 @@ Automa domain: 1/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) Automa common alpns: 2/2 (search/found) -Patricia risk mask: 2/0 (search/found) +Patricia risk mask: 4/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 0/0 (search/found) diff --git a/tests/cfgs/http_process_response_disable/result/http_asymmetric.pcapng.out b/tests/cfgs/http_process_response_disable/result/http_asymmetric.pcapng.out index df351c7ece4..43165a5e4cd 100644 --- a/tests/cfgs/http_process_response_disable/result/http_asymmetric.pcapng.out +++ b/tests/cfgs/http_process_response_disable/result/http_asymmetric.pcapng.out @@ -26,4 +26,4 @@ HTTP 23 9961 2 Acceptable 23 9961 2 1 TCP 192.168.1.146:80 -> 192.168.1.103:1044 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Web/5][13 pkts/8357 bytes -> 0 pkts/0 bytes][Goodput ratio: 91/0][5.11 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 464/0 5000/0 1435/0][Pkt Len c2s/s2c min/avg/max/stddev: 60/0 643/0 1514/0 626/0][StatusCode: 200][Content-Type: text/html][Server: Apache/2.4.41 (Ubuntu)][Risk: ** HTTP Susp User-Agent **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No client to server traffic / Empty or missing User-Agent][PLAIN TEXT (HTTP/1.1 200 OK)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,14,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,57,0,0] - 2 TCP 192.168.0.1:1044 -> 10.10.10.1:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Web/5][10 pkts/1604 bytes -> 0 pkts/0 bytes][Goodput ratio: 66/0][5.11 sec][Hostname/SNI: proxy.wiresharkfest.acropolis.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 567/0 4951/0 1550/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/0 160/0 418/0 160/0][URL: proxy.wiresharkfest.acropolis.local/][User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 TCP 192.168.0.1:1044 -> 10.10.10.1:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Web/5][10 pkts/1604 bytes -> 0 pkts/0 bytes][Goodput ratio: 66/0][5.11 sec][Hostname/SNI: proxy.wiresharkfest.acropolis.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 567/0 4951/0 1550/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/0 160/0 418/0 160/0][URL: proxy.wiresharkfest.acropolis.local/][User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy: 5.414 (Executable)][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/ip_lists_disable/result/1kxun.pcap.out b/tests/cfgs/ip_lists_disable/result/1kxun.pcap.out index afd577976e1..1f0e253976a 100644 --- a/tests/cfgs/ip_lists_disable/result/1kxun.pcap.out +++ b/tests/cfgs/ip_lists_disable/result/1kxun.pcap.out @@ -19,7 +19,7 @@ Automa domain: 156/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 16/0 (search/found) Automa common alpns: 0/0 (search/found) -Patricia risk mask: 176/0 (search/found) +Patricia risk mask: 174/0 (search/found) Patricia risk mask IPv6: 6/0 (search/found) Patricia risk: 3/0 (search/found) Patricia risk IPv6: 25/0 (search/found) @@ -63,13 +63,13 @@ JA3 Host Stats: 6 TCP 192.168.2.126:46212 <-> 172.105.121.82:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][2 pkts/555 bytes <-> 12 pkts/124834 bytes][Goodput ratio: 76/99][1.58 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.991 (Download)][IAT c2s/s2c min/avg/max/stddev: 871/0 871/122 871/373 0/155][Pkt Len c2s/s2c min/avg/max/stddev: 277/386 278/10403 278/37506 0/10887][URL: pic.1kxun.com/video_kankan/images/releases/300/5183-51fb99a2391e774037ba21cbca307be4.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,14,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,57] 7 TCP 192.168.2.126:38316 <-> 172.105.121.82:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/273 bytes <-> 23 pkts/118294 bytes][Goodput ratio: 76/99][1.43 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.995 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/46 0/393 0/113][Pkt Len c2s/s2c min/avg/max/stddev: 273/388 273/5143 273/24546 0/5526][URL: pic.1kxun.com/video_kankan/images/videos/40701-8fa7d916c55e31f90fa55f450b716505.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,4,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,20,0,67] 8 TCP 192.168.2.126:49380 <-> 14.136.136.108:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Streaming/17][2 pkts/1172 bytes <-> 30 pkts/99876 bytes][Goodput ratio: 89/98][1.31 sec][Hostname/SNI: hkbn.content.1kxun.com][bytes ratio: -0.977 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/32 0/209 0/74][Pkt Len c2s/s2c min/avg/max/stddev: 580/351 586/3329 592/18786 6/3784][URL: hkbn.content.1kxun.com/manga-hant/images/project/cartoons/f05074256b39572ad852c1c95eb5f8a7.jpg][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (LGET /manga)][Plen Bins: 0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,53,0,34] - 9 TCP 192.168.2.126:36636 <-> 18.64.103.30:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Web/5][1 pkts/411 bytes <-> 29 pkts/98991 bytes][Goodput ratio: 84/98][0.08 sec][Hostname/SNI: hybird.rayjump.com][bytes ratio: -0.992 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/2 0/20 0/4][Pkt Len c2s/s2c min/avg/max/stddev: 411/1467 411/3413 411/5778 0/1722][URL: hybird.rayjump.com/rv-zip-2022/0428/tpl4-4209ad845e61d9ad67b6f04187d00be0.zip?md5filename=4209ad845e61d9ad67b6f04187d00be0&foldername=tpl4&layout=1&tpl=4&wfr=1&to=9999&alecfc=1&whs_chn=m][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][PLAIN TEXT (GET /rv)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,30,0,0,63] - 10 TCP 192.168.2.126:36654 <-> 18.64.103.30:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Web/5][1 pkts/363 bytes <-> 25 pkts/90800 bytes][Goodput ratio: 82/98][0.10 sec][Hostname/SNI: hybird.rayjump.com][bytes ratio: -0.992 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/3 0/18 0/5][Pkt Len c2s/s2c min/avg/max/stddev: 363/1494 363/3632 363/4350 0/1035][URL: hybird.rayjump.com/rv-zip-2019/1113/mini-260291c208bf3376b5111db855e89451.zip?md5filename=260291c208bf3376b5111db855e89451&foldername=mini][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][PLAIN TEXT (GET /rv)][Plen Bins: 0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,85] + 9 TCP 192.168.2.126:36636 <-> 18.64.103.30:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Web/5][1 pkts/411 bytes <-> 29 pkts/98991 bytes][Goodput ratio: 84/98][0.08 sec][Hostname/SNI: hybird.rayjump.com][bytes ratio: -0.992 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/2 0/20 0/4][Pkt Len c2s/s2c min/avg/max/stddev: 411/1467 411/3413 411/5778 0/1722][URL: hybird.rayjump.com/rv-zip-2022/0428/tpl4-4209ad845e61d9ad67b6f04187d00be0.zip?md5filename=4209ad845e61d9ad67b6f04187d00be0&foldername=tpl4&layout=1&tpl=4&wfr=1&to=9999&alecfc=1&whs_chn=m][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.552 (Executable)][PLAIN TEXT (GET /rv)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,30,0,0,63] + 10 TCP 192.168.2.126:36654 <-> 18.64.103.30:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Web/5][1 pkts/363 bytes <-> 25 pkts/90800 bytes][Goodput ratio: 82/98][0.10 sec][Hostname/SNI: hybird.rayjump.com][bytes ratio: -0.992 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/3 0/18 0/5][Pkt Len c2s/s2c min/avg/max/stddev: 363/1494 363/3632 363/4350 0/1035][URL: hybird.rayjump.com/rv-zip-2019/1113/mini-260291c208bf3376b5111db855e89451.zip?md5filename=260291c208bf3376b5111db855e89451&foldername=mini][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.485 (Executable)][PLAIN TEXT (GET /rv)][Plen Bins: 0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,85] 11 TCP 192.168.2.126:45416 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][8 pkts/7202 bytes <-> 24 pkts/83277 bytes][Goodput ratio: 93/98][16.31 sec][Hostname/SNI: mangaweb.1kxun.mobi][bytes ratio: -0.841 (Download)][IAT c2s/s2c min/avg/max/stddev: 186/0 2919/772 6045/5959 2744/1789][Pkt Len c2s/s2c min/avg/max/stddev: 500/709 900/3470 1180/14466 215/3207][URL: mangaweb.1kxun.mobi/js/vendor.bundle.js?1644807874][StatusCode: 200][Content-Type: application/javascript][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/vendor.bundle.j)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,3,0,0,12,0,0,0,0,0,0,0,3,3,3,6,0,0,0,0,0,0,0,3,0,0,21,0,41] 12 TCP 192.168.2.126:38326 <-> 172.105.121.82:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/273 bytes <-> 21 pkts/89010 bytes][Goodput ratio: 76/98][1.25 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.994 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/50 0/412 0/118][Pkt Len c2s/s2c min/avg/max/stddev: 273/387 273/4239 273/12489 0/2950][URL: pic.1kxun.com/video_kankan/images/videos/40730-48fd657abd5a1d3e45d03403ddcb0663.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,4,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,73] 13 TCP 192.168.2.126:46200 <-> 172.105.121.82:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][2 pkts/556 bytes <-> 18 pkts/82689 bytes][Goodput ratio: 76/99][1.24 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.987 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/56 0/375 0/119][Pkt Len c2s/s2c min/avg/max/stddev: 278/386 278/4594 278/21666 0/5421][URL: pic.1kxun.com/video_kankan/images/releases/301/5027-d707192bfa2dabf22771a4d56454ab88.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,10,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,35,0,45] 14 TCP 192.168.2.126:46184 <-> 172.105.121.82:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][3 pkts/829 bytes <-> 13 pkts/73655 bytes][Goodput ratio: 76/99][1.27 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.978 (Download)][IAT c2s/s2c min/avg/max/stddev: 392/0 392/81 392/368 0/134][Pkt Len c2s/s2c min/avg/max/stddev: 273/386 276/5666 278/23106 2/7129][URL: pic.1kxun.com/video_kankan/images/releases/299/4704-5017bcdcacc02cc3af4833cd1ed72a8f.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,18,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,25,0,37] - 15 TCP 192.168.2.126:36640 <-> 18.64.103.30:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Web/5][1 pkts/563 bytes <-> 20 pkts/65580 bytes][Goodput ratio: 88/98][0.06 sec][Hostname/SNI: hybird.rayjump.com][bytes ratio: -0.983 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/1 0/3 0/1][Pkt Len c2s/s2c min/avg/max/stddev: 563/1494 563/3279 563/5778 0/1489][URL: hybird.rayjump.com/rv-zip-2022/0428/endcard-dsp-1302-f2714a34f6661a70fedea1667fb7a9e4.zip?md5filename=f2714a34f6661a70fedea1667fb7a9e4&foldername=endcard-dsp-1302&mof=1&mof_uid=91199&n_imp=1&mof_pkg=com.sceneway.kankan&n_region=fk&alecfc=1&bait_click=1&mo][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][PLAIN TEXT (GET /rv)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,62] + 15 TCP 192.168.2.126:36640 <-> 18.64.103.30:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Web/5][1 pkts/563 bytes <-> 20 pkts/65580 bytes][Goodput ratio: 88/98][0.06 sec][Hostname/SNI: hybird.rayjump.com][bytes ratio: -0.983 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/1 0/3 0/1][Pkt Len c2s/s2c min/avg/max/stddev: 563/1494 563/3279 563/5778 0/1489][URL: hybird.rayjump.com/rv-zip-2022/0428/endcard-dsp-1302-f2714a34f6661a70fedea1667fb7a9e4.zip?md5filename=f2714a34f6661a70fedea1667fb7a9e4&foldername=endcard-dsp-1302&mof=1&mof_uid=91199&n_imp=1&mof_pkg=com.sceneway.kankan&n_region=fk&alecfc=1&bait_click=1&mo][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.428 (Executable)][PLAIN TEXT (GET /rv)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,62] 16 TCP 192.168.115.8:49600 <-> 106.187.35.246:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Streaming/17][18 pkts/1722 bytes <-> 51 pkts/61707 bytes][Goodput ratio: 42/95][45.37 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.946 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3472/1029 44994/45054 11986/6714][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 96/1210 416/1314 113/325][URL: pic.1kxun.com/video_kankan/images/videos/18283-jfyj3.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.9.7.1][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][PLAIN TEXT (GET /video)][Plen Bins: 3,0,0,0,0,0,0,0,0,1,0,3,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,91,0,0,0,0,0,0,0,0] 17 TCP 192.168.2.126:45398 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][3 pkts/2127 bytes <-> 18 pkts/58725 bytes][Goodput ratio: 91/98][4.35 sec][Hostname/SNI: mangaweb.1kxun.mobi][bytes ratio: -0.930 (Download)][IAT c2s/s2c min/avg/max/stddev: 229/0 229/262 229/3434 0/852][Pkt Len c2s/s2c min/avg/max/stddev: 490/551 709/3262 821/7266 155/2191][URL: mangaweb.1kxun.mobi/js/dependency-all.js][StatusCode: 200][Content-Type: application/javascript][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/dependency)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,4,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,39,0,43] 18 TCP 192.168.2.126:49354 <-> 14.136.136.108:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][2 pkts/1184 bytes <-> 19 pkts/53234 bytes][Goodput ratio: 89/98][1.04 sec][Hostname/SNI: hkbn.content.1kxun.com][bytes ratio: -0.956 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/26 0/204 0/67][Pkt Len c2s/s2c min/avg/max/stddev: 592/351 592/2802 592/8706 0/2084][URL: hkbn.content.1kxun.com/manga-hant/images/project/cartoons/7e07d4417e0edc98d327d0ddfd3e227a.jpg?format=webp][StatusCode: 200][Content-Type: image/webp][Server: openresty/1.9.7.4][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (/GET /manga)][Plen Bins: 0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,38,0,42] @@ -80,12 +80,12 @@ JA3 Host Stats: 23 TCP 192.168.115.8:49599 <-> 106.187.35.246:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Streaming/17][16 pkts/1612 bytes <-> 27 pkts/29579 bytes][Goodput ratio: 45/95][45.24 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.897 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 12/6 66/65 23/18][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 101/1096 415/1314 119/461][URL: pic.1kxun.com/video_kankan/images/videos/13480-alps.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.9.7.1][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][PLAIN TEXT (GET /video)][Plen Bins: 7,3,0,0,0,0,0,0,0,3,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,79,0,0,0,0,0,0,0,0] 24 TCP 192.168.2.126:44368 <-> 172.217.18.98:80 [proto: 7.239/HTTP.GoogleServices][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/489 bytes <-> 16 pkts/29841 bytes][Goodput ratio: 86/96][0.06 sec][Hostname/SNI: www.googletagservices.com][bytes ratio: -0.968 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/2 0/22 0/6][Pkt Len c2s/s2c min/avg/max/stddev: 489/491 489/1865 489/2902 0/738][URL: www.googletagservices.com/tag/js/gpt.js][StatusCode: 200][Content-Type: text/javascript][Server: sffe][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /tag/js/gpt.j)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,59,0,0,29] 25 TCP 192.168.2.126:38354 <-> 142.250.186.34:80 [proto: 7.126/HTTP.Google][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Advertisement/101][1 pkts/586 bytes <-> 12 pkts/28355 bytes][Goodput ratio: 89/97][0.08 sec][Hostname/SNI: pagead2.googlesyndication.com][bytes ratio: -0.960 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/3 0/23 0/7][Pkt Len c2s/s2c min/avg/max/stddev: 586/687 586/2363 586/2902 0/788][URL: pagead2.googlesyndication.com/pagead/show_ads.js][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /pagead/show)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0,62] - 26 TCP 192.168.2.126:35664 <-> 18.66.2.90:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/249 bytes <-> 9 pkts/27029 bytes][Goodput ratio: 73/98][0.02 sec][Hostname/SNI: cdn.liftoff.io][bytes ratio: -0.982 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/1 0/3 0/1][Pkt Len c2s/s2c min/avg/max/stddev: 249/797 249/3003 249/4350 0/1362][URL: cdn.liftoff.io/customers/45d4b09eba/image/lambda_jpg_89/398101234e6cf5b3a8d8.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: AmazonS3][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (GET /customers/45)][Plen Bins: 0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,60] + 26 TCP 192.168.2.126:35664 <-> 18.66.2.90:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/249 bytes <-> 9 pkts/27029 bytes][Goodput ratio: 73/98][0.02 sec][Hostname/SNI: cdn.liftoff.io][bytes ratio: -0.982 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/1 0/3 0/1][Pkt Len c2s/s2c min/avg/max/stddev: 249/797 249/3003 249/4350 0/1362][URL: cdn.liftoff.io/customers/45d4b09eba/image/lambda_jpg_89/398101234e6cf5b3a8d8.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: AmazonS3][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.428 (Executable)][PLAIN TEXT (GET /customers/45)][Plen Bins: 0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,60] 27 TCP 192.168.115.8:49603 <-> 106.187.35.246:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Streaming/17][12 pkts/1396 bytes <-> 22 pkts/24184 bytes][Goodput ratio: 52/95][45.24 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.891 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5632/4 45001/65 14880/15][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 116/1099 415/1314 134/455][URL: pic.1kxun.com/video_kankan/images/videos/16649-ljdz.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.9.7.1][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][PLAIN TEXT (GET /video)][Plen Bins: 8,0,0,0,0,0,0,0,0,4,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,75,0,0,0,0,0,0,0,0] 28 TCP 192.168.2.126:36732 <-> 142.250.186.174:80 [proto: 7.126/HTTP.Google][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Advertisement/101][1 pkts/487 bytes <-> 10 pkts/21123 bytes][Goodput ratio: 86/97][0.05 sec][Hostname/SNI: www.google-analytics.com][bytes ratio: -0.955 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/3 0/21 0/7][Pkt Len c2s/s2c min/avg/max/stddev: 487/677 487/2112 487/2902 0/822][URL: www.google-analytics.com/analytics.js][StatusCode: 200][Content-Type: text/javascript][Server: Golfe2][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /analytics.js HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,36,0,0,45] 29 TCP 192.168.2.126:45388 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][2 pkts/1315 bytes <-> 8 pkts/18984 bytes][Goodput ratio: 90/97][4.33 sec][Hostname/SNI: mangaweb.1kxun.mobi][bytes ratio: -0.870 (Download)][IAT c2s/s2c min/avg/max/stddev: 3965/0 3965/593 3965/3966 0/1379][Pkt Len c2s/s2c min/avg/max/stddev: 509/1287 658/2373 806/8258 148/2234][URL: mangaweb.1kxun.mobi/js/swiper/swiper.min.css][StatusCode: 200][Content-Type: text/css][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/swiper/swiper.min.css H)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,10,0,0,0,0,40,0,20] - 30 TCP 192.168.115.8:49609 <-> 42.120.51.152:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Web/5][20 pkts/4716 bytes <-> 13 pkts/7005 bytes][Goodput ratio: 77/90][1.19 sec][Hostname/SNI: 42.120.51.152][bytes ratio: -0.195 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 49/52 298/178 81/57][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 236/539 499/1314 193/556][URL: 42.120.51.152:8080/api/proxy?url=http%3A%2F%2Fvv.video.qq.com%2Fgetvinfo][StatusCode: 100][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.0][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 42.120.51.152 / Expected on port 80][PLAIN TEXT (POST /api/proxy)][Plen Bins: 11,0,0,0,0,0,0,22,0,0,0,0,0,33,0,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,0,0,0,0] - 31 TCP 192.168.2.126:37100 <-> 52.29.177.177:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Web/5][12 pkts/8973 bytes <-> 4 pkts/687 bytes][Goodput ratio: 91/61][7.04 sec][Hostname/SNI: adx-tk.rayjump.com][bytes ratio: 0.858 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/185 697/1192 4610/2198 1454/1006][Pkt Len c2s/s2c min/avg/max/stddev: 86/169 748/172 1506/180 594/5][StatusCode: 204][Server: nginx][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /track)][Plen Bins: 25,0,0,25,0,0,0,0,0,0,0,0,0,0,12,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] + 30 TCP 192.168.115.8:49609 <-> 42.120.51.152:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Web/5][20 pkts/4716 bytes <-> 13 pkts/7005 bytes][Goodput ratio: 77/90][1.19 sec][Hostname/SNI: 42.120.51.152][bytes ratio: -0.195 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 49/52 298/178 81/57][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 236/539 499/1314 193/556][URL: 42.120.51.152:8080/api/proxy?url=http%3A%2F%2Fvv.video.qq.com%2Fgetvinfo][StatusCode: 100][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.0][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **][Risk Score: 110][Risk Info: Found host 42.120.51.152 / Expected on port 80 / Entropy: 5.310 (Executable)][PLAIN TEXT (POST /api/proxy)][Plen Bins: 11,0,0,0,0,0,0,22,0,0,0,0,0,33,0,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,0,0,0,0] + 31 TCP 192.168.2.126:37100 <-> 52.29.177.177:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Web/5][12 pkts/8973 bytes <-> 4 pkts/687 bytes][Goodput ratio: 91/61][7.04 sec][Hostname/SNI: adx-tk.rayjump.com][bytes ratio: 0.858 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/185 697/1192 4610/2198 1454/1006][Pkt Len c2s/s2c min/avg/max/stddev: 86/169 748/172 1506/180 594/5][StatusCode: 204][Server: nginx][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.814 (Executable)][PLAIN TEXT (GET /track)][Plen Bins: 25,0,0,25,0,0,0,0,0,0,0,0,0,0,12,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] 32 TCP 192.168.5.16:53627 <-> 203.69.81.73:80 [proto: 7.315/HTTP.Line][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Chat/9][6 pkts/676 bytes <-> 8 pkts/8822 bytes][Goodput ratio: 40/94][0.02 sec][Hostname/SNI: dl-obs.official.line.naver.jp][bytes ratio: -0.858 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 4/2 10/8 4/3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 113/1103 334/1514 99/610][URL: dl-obs.official.line.naver.jp/r/talk/m/4697716954688/preview][StatusCode: 200][Content-Type: image/jpeg][User-Agent: DESKTOP:MAC:10.10.5-YOSEMITE(4.7.2)][PLAIN TEXT (FGET /r/talk/m/4697716954688/pr)][Plen Bins: 0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,71,0,0] 33 TCP 192.168.5.16:53628 <-> 203.69.81.73:80 [proto: 7.315/HTTP.Line][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Chat/9][6 pkts/676 bytes <-> 8 pkts/8482 bytes][Goodput ratio: 40/94][0.01 sec][Hostname/SNI: dl-obs.official.line.naver.jp][bytes ratio: -0.852 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/2 10/6 4/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 113/1060 334/1514 99/620][URL: dl-obs.official.line.naver.jp/r/talk/m/4697716971500/preview][StatusCode: 200][Content-Type: image/jpeg][User-Agent: DESKTOP:MAC:10.10.5-YOSEMITE(4.7.2)][PLAIN TEXT (GGET /r/talk/m/4697716971500/pr)][Plen Bins: 0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,71,0,0] 34 UDP [fe80::9bd:81dd:2fdc:5750]:1900 -> [ff02::c]:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][16 pkts/8921 bytes -> 0 pkts/0 bytes][Goodput ratio: 89/0][8.40 sec][Hostname/SNI: [ff02::c]:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 103/0 512/0 2044/0 527/0][Pkt Len c2s/s2c min/avg/max/stddev: 510/0 558/0 590/0 30/0][PLAIN TEXT (NOTIFY )][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,12,56,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -93,37 +93,37 @@ JA3 Host Stats: 36 TCP 192.168.2.126:49370 <-> 14.136.136.108:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/580 bytes <-> 4 pkts/7749 bytes][Goodput ratio: 88/97][0.22 sec][Hostname/SNI: hkbn.content.1kxun.com][URL: hkbn.content.1kxun.com/manga-hant/images/project/cartoons/b057f5cd8fe013d2299b57f14faa5fa9.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.9.7.4][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (AGET /manga)][Plen Bins: 0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,20] 37 TCP 192.168.2.126:45422 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: Streaming/17][3 pkts/2139 bytes <-> 4 pkts/6060 bytes][Goodput ratio: 91/96][4.31 sec][Hostname/SNI: mangaweb.1kxun.mobi][bytes ratio: -0.478 (Download)][IAT c2s/s2c min/avg/max/stddev: 221/224 2062/1374 3902/3898 1841/1787][Pkt Len c2s/s2c min/avg/max/stddev: 502/1413 713/1515 819/1720 149/124][URL: mangaweb.1kxun.mobi/images/detail_revision/go_homepage.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/application.min.j)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,14,0,14] 38 TCP 192.168.2.126:60148 <-> 172.105.121.82:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][2 pkts/536 bytes <-> 3 pkts/7066 bytes][Goodput ratio: 75/97][0.56 sec][Hostname/SNI: pic.1kxun.com][URL: pic.1kxun.com/video_kankan/images/icons/5-328e3cdf244c003df08754cca05fbc2f.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,40,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20] - 39 TCP 119.235.235.84:443 <-> 192.168.5.16:53406 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][DPI packets: 20][cat: Web/5][13 pkts/6269 bytes <-> 10 pkts/1165 bytes][Goodput ratio: 88/51][18.02 sec][bytes ratio: 0.687 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/31 352/2546 3289/14274 980/4917][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 482/116 1514/386 582/101][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy 7.83][Plen Bins: 23,7,0,0,0,15,7,0,7,0,7,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0] + 39 TCP 119.235.235.84:443 <-> 192.168.5.16:53406 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][DPI packets: 20][cat: Web/5][13 pkts/6269 bytes <-> 10 pkts/1165 bytes][Goodput ratio: 88/51][18.02 sec][bytes ratio: 0.687 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/31 352/2546 3289/14274 980/4917][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 482/116 1514/386 582/101][Plen Bins: 23,7,0,0,0,15,7,0,7,0,7,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0] 40 TCP 192.168.2.126:38314 <-> 172.105.121.82:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/273 bytes <-> 4 pkts/6346 bytes][Goodput ratio: 76/96][0.33 sec][Hostname/SNI: pic.1kxun.com][URL: pic.1kxun.com/video_kankan/images/videos/40750-585645353a7a47615755b7714c611835.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,20,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,20] 41 TCP 192.168.2.126:45414 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][3 pkts/2118 bytes <-> 3 pkts/3518 bytes][Goodput ratio: 91/94][4.32 sec][Hostname/SNI: mangaweb.1kxun.mobi][bytes ratio: -0.248 (Download)][IAT c2s/s2c min/avg/max/stddev: 215/216 2066/2066 3917/3916 1851/1850][Pkt Len c2s/s2c min/avg/max/stddev: 482/758 706/1173 819/1456 158/300][URL: mangaweb.1kxun.mobi/js/fb-sdk.js][StatusCode: 200][Content-Type: application/javascript][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/fb)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,16,0,34,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,16,0,0,0,0] 42 TCP 192.168.2.126:47246 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][2 pkts/1872 bytes <-> 2 pkts/3374 bytes][Goodput ratio: 93/96][1.30 sec][Hostname/SNI: kankan.1kxun.com][URL: kankan.1kxun.com/video_kankan_tags/v2/api/homePageVideoCollections/HomePageBanners?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28][StatusCode: 200][Content-Type: application/json][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25] - 43 TCP 192.168.2.126:36660 <-> 18.64.103.30:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Web/5][1 pkts/328 bytes <-> 3 pkts/4733 bytes][Goodput ratio: 80/96][0.03 sec][Hostname/SNI: hybird.rayjump.com][URL: hybird.rayjump.com/rv/endv4.html?mof=1&ec_id=4&mof_uid=91199&n_imp=1&unit_id=8881&sdk_version=mal_8.7.4][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][PLAIN TEXT (GET /rv/endv4.html)][Plen Bins: 0,0,0,0,0,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,25] + 43 TCP 192.168.2.126:36660 <-> 18.64.103.30:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Web/5][1 pkts/328 bytes <-> 3 pkts/4733 bytes][Goodput ratio: 80/96][0.03 sec][Hostname/SNI: hybird.rayjump.com][URL: hybird.rayjump.com/rv/endv4.html?mof=1&ec_id=4&mof_uid=91199&n_imp=1&unit_id=8881&sdk_version=mal_8.7.4][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.481 (Executable)][PLAIN TEXT (GET /rv/endv4.html)][Plen Bins: 0,0,0,0,0,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,25] 44 TCP 192.168.115.8:49608 <-> 203.205.151.234:80 [proto: 7.48/HTTP.QQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Chat/9][18 pkts/3550 bytes <-> 7 pkts/1400 bytes][Goodput ratio: 71/72][1.09 sec][Hostname/SNI: vv.video.qq.com][bytes ratio: 0.434 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 70/191 476/506 136/201][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 197/200 499/372 176/149][URL: vv.video.qq.com/getvinfo][StatusCode: 100][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.0][PLAIN TEXT (POST /getvinfo HTTP/1.1)][Plen Bins: 15,0,0,0,0,15,15,0,0,23,0,0,0,30,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 45 UDP 192.168.119.1:67 -> 255.255.255.255:68 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][14 pkts/4788 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][43.01 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 412/0 3106/0 12289/0 3176/0][Pkt Len c2s/s2c min/avg/max/stddev: 342/0 342/0 342/0 0/0][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 46 TCP 192.168.5.16:53580 <-> 31.13.87.36:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: Web/5][4 pkts/2050 bytes <-> 5 pkts/2297 bytes][Goodput ratio: 87/86][0.18 sec][bytes ratio: -0.057 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 4/0 60/44 176/133 82/54][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 512/459 1159/1464 468/536][Plen Bins: 0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,20,0,0,0,0] - 47 TCP 192.168.115.8:49613 <-> 183.131.48.144:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Media/1][7 pkts/1408 bytes <-> 5 pkts/2611 bytes][Goodput ratio: 71/89][0.15 sec][Hostname/SNI: 183.131.48.144][bytes ratio: -0.299 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 14/25 69/67 28/30][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 201/522 557/1078 225/465][URL: 183.131.48.144/vlive.qqvideo.tc.qq.com/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE656][StatusCode: 206][Content-Type: video/mp4][Risk: ** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 110][Risk Info: Found host 183.131.48.144 / Empty or missing User-Agent][PLAIN TEXT (GET /vlive.qq)][Plen Bins: 0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 47 TCP 192.168.115.8:49613 <-> 183.131.48.144:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Media/1][7 pkts/1408 bytes <-> 5 pkts/2611 bytes][Goodput ratio: 71/89][0.15 sec][Hostname/SNI: 183.131.48.144][bytes ratio: -0.299 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 14/25 69/67 28/30][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 201/522 557/1078 225/465][URL: 183.131.48.144/vlive.qqvideo.tc.qq.com/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE656][StatusCode: 206][Content-Type: video/mp4][Risk: ** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **][Risk Score: 160][Risk Info: Found host 183.131.48.144 / Empty or missing User-Agent / Entropy: 5.207 (Executable)][PLAIN TEXT (GET /vlive.qq)][Plen Bins: 0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 48 TCP 192.168.5.16:53623 <-> 192.168.115.75:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][11 pkts/1959 bytes <-> 8 pkts/1683 bytes][Goodput ratio: 67/72][20.95 sec][Hostname/SNI: 192.168.115.75][bytes ratio: 0.076 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 2323/4176 15252/15254 4895/5951][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 178/210 1067/1055 288/323][Risk: ** Weak TLS Cipher **** HTTP/TLS/QUIC Numeric Hostname/SNI **** TLS (probably) Not Carrying HTTPS **][Risk Score: 120][Risk Info: 192.168.115.75 / No ALPN / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: 799135475da362592a4be9199d258726][JA4: t12i370500_07a749158664_d075105c1994][JA3S: 573a9f3f80037fb40d481e2054def5bb (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 14,14,14,0,0,14,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 49 TCP 192.168.5.16:53625 <-> 192.168.115.75:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][11 pkts/1955 bytes <-> 8 pkts/1683 bytes][Goodput ratio: 67/72][6.76 sec][Hostname/SNI: 192.168.115.75][bytes ratio: 0.075 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 746/1336 5987/5987 1865/2341][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 178/210 1067/1055 287/323][Risk: ** Weak TLS Cipher **** HTTP/TLS/QUIC Numeric Hostname/SNI **** TLS (probably) Not Carrying HTTPS **][Risk Score: 120][Risk Info: 192.168.115.75 / No ALPN / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: 618ee2509ef52bf0b8216e1564eea909][JA4: t12i370400_07a749158664_e64f6000bf4d][JA3S: 573a9f3f80037fb40d481e2054def5bb (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 14,14,14,0,0,14,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 50 TCP 192.168.2.126:42554 <-> 35.156.44.13:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][4 pkts/3091 bytes <-> 2 pkts/444 bytes][Goodput ratio: 91/70][2.57 sec][Hostname/SNI: de01.rayjump.com][bytes ratio: 0.749 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/2543 847/2543 2537/2543 1195/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/222 773/222 1506/222 647/0][URL: de01.rayjump.com/onlyImpression?k=629bea20a4e5410001f01c7x&mp=fURPDr5tiUStf7V2fajMiaveHUveDAJ96aiPfU5IiARTfnHIGal9i%2BMefbMM6jxc6aRAGaxIi%2BMPfdMei%2BewDke6Go9bWUxIi099WUR%2Fi%2BegYFKgY75IhFx8%2BFJML7K%2FH5K9GaHIinhPfdleialM6azIHkPIG%2BeIGnR%2FiUjPWUNMWUR][StatusCode: 200][Content-Type: text/plain][Server: nginx][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (FGET /onlyImpression)][Plen Bins: 16,0,0,16,34,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,16,0,0] + 50 TCP 192.168.2.126:42554 <-> 35.156.44.13:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][4 pkts/3091 bytes <-> 2 pkts/444 bytes][Goodput ratio: 91/70][2.57 sec][Hostname/SNI: de01.rayjump.com][bytes ratio: 0.749 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/2543 847/2543 2537/2543 1195/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/222 773/222 1506/222 647/0][URL: de01.rayjump.com/onlyImpression?k=629bea20a4e5410001f01c7x&mp=fURPDr5tiUStf7V2fajMiaveHUveDAJ96aiPfU5IiARTfnHIGal9i%2BMefbMM6jxc6aRAGaxIi%2BMPfdMei%2BewDke6Go9bWUxIi099WUR%2Fi%2BegYFKgY75IhFx8%2BFJML7K%2FH5K9GaHIinhPfdleialM6azIHkPIG%2BeIGnR%2FiUjPWUNMWUR][StatusCode: 200][Content-Type: text/plain][Server: nginx][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.839 (Executable)][PLAIN TEXT (FGET /onlyImpression)][Plen Bins: 16,0,0,16,34,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,16,0,0] 51 TCP 192.168.5.16:53629 <-> 192.168.115.75:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][10 pkts/1895 bytes <-> 7 pkts/1623 bytes][Goodput ratio: 69/75][6.08 sec][Hostname/SNI: 192.168.115.75][bytes ratio: 0.077 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 753/1500 5998/5998 1982/2597][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 190/232 1067/1055 299/340][Risk: ** Weak TLS Cipher **** HTTP/TLS/QUIC Numeric Hostname/SNI **** TLS (probably) Not Carrying HTTPS **][Risk Score: 120][Risk Info: 192.168.115.75 / No ALPN / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: 618ee2509ef52bf0b8216e1564eea909][JA4: t12i370400_07a749158664_e64f6000bf4d][JA3S: 573a9f3f80037fb40d481e2054def5bb (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 14,14,14,0,0,14,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 52 TCP 192.168.115.8:49605 <-> 106.185.35.110:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Streaming/17][8 pkts/1128 bytes <-> 5 pkts/2282 bytes][Goodput ratio: 60/87][0.09 sec][Hostname/SNI: jp.kankan.1kxun.mobi][bytes ratio: -0.338 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/16 36/43 13/19][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 141/456 390/1314 144/512][URL: jp.kankan.1kxun.mobi/api/videos/10410.json][StatusCode: 200][Content-Type: application/json][Server: openresty/1.9.7.1][Risk: ** HTTP Susp User-Agent **][Risk Score: 100][Risk Info: Empty or missing User-Agent][PLAIN TEXT (GET /api/videos/10410.j)][Plen Bins: 20,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0] - 53 TCP 192.168.2.126:33042 <-> 3.122.190.70:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/1986 bytes <-> 2 pkts/1328 bytes][Goodput ratio: 93/90][2.20 sec][Hostname/SNI: click.liftoff.io][URL: click.liftoff.io/v1/campaign_click/ddfWbX-c_ZpIF_3wE-XgJSwRJPn_5OpS9IR6X4XG91XQL6ssRLV4QPLSEQgWyRbP_OAHXGp-3z8zKxdRjL-BT6h7z46z4qmAWxR5DboEhr1DytY4W5gfQLUcV6yE3POR7PrQlrVbVtH-7uW1oie-jkR4naGHTVVHKv5kFXBJ9yTIX-JngaE2MMTER1HuBx9qTlyLhiZCtWSUSv4Ze5z4QuGqjWij][StatusCode: 200][Content-Type: image/png][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /v1/campaign)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 53 TCP 192.168.2.126:33042 <-> 3.122.190.70:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/1986 bytes <-> 2 pkts/1328 bytes][Goodput ratio: 93/90][2.20 sec][Hostname/SNI: click.liftoff.io][URL: click.liftoff.io/v1/campaign_click/ddfWbX-c_ZpIF_3wE-XgJSwRJPn_5OpS9IR6X4XG91XQL6ssRLV4QPLSEQgWyRbP_OAHXGp-3z8zKxdRjL-BT6h7z46z4qmAWxR5DboEhr1DytY4W5gfQLUcV6yE3POR7PrQlrVbVtH-7uW1oie-jkR4naGHTVVHKv5kFXBJ9yTIX-JngaE2MMTER1HuBx9qTlyLhiZCtWSUSv4Ze5z4QuGqjWij][StatusCode: 200][Content-Type: image/png][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 6.072 (Executable)][PLAIN TEXT (GET /v1/campaign)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 54 TCP 192.168.2.126:50176 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/1185 bytes <-> 2 pkts/2082 bytes][Goodput ratio: 94/94][0.19 sec][Hostname/SNI: mangaweb.1kxun.mobi][URL: mangaweb.1kxun.mobi/images/list_default.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /images/list)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,33,0,0] 55 TCP 192.168.5.16:53626 <-> 192.168.115.75:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][11 pkts/1943 bytes <-> 8 pkts/1267 bytes][Goodput ratio: 66/63][8.90 sec][Hostname/SNI: 192.168.115.75][bytes ratio: 0.211 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 982/1763 6000/6000 1978/2381][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 177/158 1051/639 283/188][Risk: ** Weak TLS Cipher **** HTTP/TLS/QUIC Numeric Hostname/SNI **** TLS (probably) Not Carrying HTTPS **][Risk Score: 120][Risk Info: 192.168.115.75 / No ALPN / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: 799135475da362592a4be9199d258726][JA4: t12i370500_07a749158664_d075105c1994][JA3S: 573a9f3f80037fb40d481e2054def5bb (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 14,14,14,0,0,14,14,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 56 TCP 192.168.115.8:49597 <-> 106.185.35.110:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Streaming/17][10 pkts/1394 bytes <-> 4 pkts/1464 bytes][Goodput ratio: 59/83][45.16 sec][Hostname/SNI: jp.kankan.1kxun.mobi][bytes ratio: -0.024 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/4 5639/28 44799/53 14801/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 139/366 468/1272 164/523][URL: jp.kankan.1kxun.mobi/api/videos/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377698][StatusCode: 200][Content-Type: application/x-javascript][Server: openresty/1.9.7.1][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][PLAIN TEXT (GET /api/videos/10410.j)][Plen Bins: 40,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0] - 57 TCP 192.168.2.126:35426 <-> 8.209.112.118:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: Web/5][4 pkts/2668 bytes <-> 1 pkts/142 bytes][Goodput ratio: 92/62][0.02 sec][Hostname/SNI: analytics.rayjump.com][URL: analytics.rayjump.com/][StatusCode: 204][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (POST / HTTP/1.1)][Plen Bins: 20,0,20,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0] - 58 TCP 192.168.2.126:41390 <-> 18.64.79.37:80 [proto: 7.126/HTTP.Google][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/492 bytes <-> 3 pkts/2123 bytes][Goodput ratio: 86/91][0.03 sec][Hostname/SNI: google.open-js.com][URL: google.open-js.com/doubleclick/ca0ecde2.js][StatusCode: 200][Content-Type: application/javascript][Server: AmazonS3][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (SGET /doubleclick/ca0)][Plen Bins: 0,25,0,0,0,0,0,0,0,0,0,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0] + 57 TCP 192.168.2.126:35426 <-> 8.209.112.118:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: Web/5][4 pkts/2668 bytes <-> 1 pkts/142 bytes][Goodput ratio: 92/62][0.02 sec][Hostname/SNI: analytics.rayjump.com][URL: analytics.rayjump.com/][StatusCode: 204][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.261 (Executable)][PLAIN TEXT (POST / HTTP/1.1)][Plen Bins: 20,0,20,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0] + 58 TCP 192.168.2.126:41390 <-> 18.64.79.37:80 [proto: 7.126/HTTP.Google][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/492 bytes <-> 3 pkts/2123 bytes][Goodput ratio: 86/91][0.03 sec][Hostname/SNI: google.open-js.com][URL: google.open-js.com/doubleclick/ca0ecde2.js][StatusCode: 200][Content-Type: application/javascript][Server: AmazonS3][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.486 (Executable)][PLAIN TEXT (SGET /doubleclick/ca0)][Plen Bins: 0,25,0,0,0,0,0,0,0,0,0,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0] 59 TCP 192.168.2.126:56096 <-> 3.72.69.158:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/857 bytes <-> 1 pkts/1706 bytes][Goodput ratio: 92/96][0.02 sec][Hostname/SNI: setting.rayjump.com][URL: setting.rayjump.com/setting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=][StatusCode: 200][Content-Type: text/plain][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (GET /setting)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50] 60 TCP 31.13.87.1:443 <-> 192.168.5.16:53578 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 3][cat: Web/5][5 pkts/1006 bytes <-> 5 pkts/1487 bytes][Goodput ratio: 67/78][0.26 sec][bytes ratio: -0.193 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 64/64 205/212 84/87][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 201/297 471/1223 139/463][Plen Bins: 0,0,40,20,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0] 61 UDP 192.168.5.57:55809 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][14 pkts/2450 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][56.94 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2968/0 4488/0 17921/0 4136/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 62 TCP 192.168.115.8:49598 <-> 222.73.254.167:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Streaming/17][10 pkts/1406 bytes <-> 4 pkts/980 bytes][Goodput ratio: 60/75][45.21 sec][Hostname/SNI: kankan.1kxun.com][bytes ratio: 0.179 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/9 5643/40 44798/70 14800/30][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 141/245 474/788 167/314][URL: kankan.1kxun.com/api/videos/alsolikes/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377899][StatusCode: 200][Content-Type: application/json][Server: openresty/1.9.3.2][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][PLAIN TEXT (GET /api/videos/alsolikes/10410)][Plen Bins: 40,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 63 TCP 192.168.115.8:49612 <-> 183.131.48.145:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Web/5][10 pkts/1428 bytes <-> 4 pkts/867 bytes][Goodput ratio: 60/73][0.23 sec][Hostname/SNI: 183.131.48.145][bytes ratio: 0.244 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 28/42 74/83 34/42][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 143/217 486/687 172/271][URL: 183.131.48.145/vlive.qqvideo.tc.qq.com/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE656][StatusCode: 302][Server: httpserver][Risk: ** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 110][Risk Info: Found host 183.131.48.145 / Empty or missing User-Agent][PLAIN TEXT (GET /vlive.qq)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 63 TCP 192.168.115.8:49612 <-> 183.131.48.145:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Web/5][10 pkts/1428 bytes <-> 4 pkts/867 bytes][Goodput ratio: 60/73][0.23 sec][Hostname/SNI: 183.131.48.145][bytes ratio: 0.244 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 28/42 74/83 34/42][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 143/217 486/687 172/271][URL: 183.131.48.145/vlive.qqvideo.tc.qq.com/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE656][StatusCode: 302][Server: httpserver][Risk: ** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **][Risk Score: 160][Risk Info: Found host 183.131.48.145 / Empty or missing User-Agent / Entropy: 5.112 (Executable)][PLAIN TEXT (GET /vlive.qq)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 64 UDP 192.168.5.44:51389 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][13 pkts/2275 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][59.19 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2967/0 5110/0 15056/0 4451/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 65 TCP 192.168.2.126:45424 <-> 161.117.13.29:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/480 bytes <-> 1 pkts/1787 bytes][Goodput ratio: 86/96][0.19 sec][Hostname/SNI: tcad.wedolook.com][URL: tcad.wedolook.com/js/websdk.js][StatusCode: 200][Content-Type: application/javascript][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/websdk.js HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50] 66 UDP 192.168.3.95:59468 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][12 pkts/2100 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][45.06 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2967/0 4198/0 14952/0 3585/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 67 UDP 192.168.5.9:55484 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][12 pkts/2100 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][49.87 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2968/0 4680/0 19869/0 5063/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 68 TCP 192.168.2.126:50148 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/1180 bytes <-> 1 pkts/832 bytes][Goodput ratio: 94/92][0.18 sec][Hostname/SNI: mangaweb.1kxun.mobi][URL: mangaweb.1kxun.mobi/images/readpage_revision/like_1.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /images/readpage)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0] - 69 TCP 192.168.2.126:42566 <-> 35.156.44.13:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Web/5][3 pkts/1770 bytes <-> 1 pkts/222 bytes][Goodput ratio: 89/70][0.03 sec][Hostname/SNI: de01.rayjump.com][StatusCode: 200][Content-Type: text/plain][Server: nginx][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gec][PLAIN TEXT (GGET /impression)][Plen Bins: 25,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] + 69 TCP 192.168.2.126:42566 <-> 35.156.44.13:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Web/5][3 pkts/1770 bytes <-> 1 pkts/222 bytes][Goodput ratio: 89/70][0.03 sec][Hostname/SNI: de01.rayjump.com][StatusCode: 200][Content-Type: text/plain][Server: nginx][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.706 (Executable)][PLAIN TEXT (GGET /impression)][Plen Bins: 25,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] 70 TCP 192.168.5.16:53624 <-> 68.233.253.133:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][7 pkts/996 bytes <-> 5 pkts/986 bytes][Goodput ratio: 52/66][31.95 sec][Hostname/SNI: api.magicansoft.com][bytes ratio: 0.005 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/8 2391/3919 11352/11551 4481/5397][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 142/197 331/390 117/157][URL: api.magicansoft.com/comMagicanApi/composite/app.php/Global/Index/ip][StatusCode: 502][Content-Type: text/html][Server: MServer 1.2.2][User-Agent: Magican (unknown version) CFNetwork/720.5.7 Darwin/14.5.0 (x86_64)][Risk: ** Error Code **][Risk Score: 10][Risk Info: HTTP Error Code 502][PLAIN TEXT (GET /comMagicanApi/composite/ap)][Plen Bins: 0,0,0,0,0,0,0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 71 TCP 192.168.2.126:50140 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/1178 bytes <-> 1 pkts/748 bytes][Goodput ratio: 94/91][0.18 sec][Hostname/SNI: mangaweb.1kxun.mobi][URL: mangaweb.1kxun.mobi/images/readpage_revision/left.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /images/readpage)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0] 72 TCP 192.168.2.126:50166 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/1179 bytes <-> 1 pkts/746 bytes][Goodput ratio: 94/91][0.18 sec][Hostname/SNI: mangaweb.1kxun.mobi][URL: mangaweb.1kxun.mobi/images/readpage_revision/right.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /images/readpage)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -131,39 +131,39 @@ JA3 Host Stats: 74 TCP 192.168.2.126:51686 <-> 18.64.79.64:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1295 bytes <-> 1 pkts/500 bytes][Goodput ratio: 95/87][0.60 sec][Hostname/SNI: net.rayjump.com][URL: net.rayjump.com/openapi/ad/v3?app_id=32456&unit_id=8881&sign=3c28ded04e0f4090229968618244b583&req_type=3&ad_num=20&tnum=1&only_impression=1&ping_mode=1&ttc_ids=%5B%5D&display_cids=%5B19944365299%5D&exclude_ids=%5B19944365299%5D&ad_source_id=1&session_id=6][StatusCode: 200][Content-Type: application/json][Server: nginx][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (GET /openapi/ad/v)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] 75 TCP 192.168.2.126:50164 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/1184 bytes <-> 1 pkts/574 bytes][Goodput ratio: 94/88][0.18 sec][Hostname/SNI: mangaweb.1kxun.mobi][URL: mangaweb.1kxun.mobi/images/readpage_revision/more_white.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /images/readpage)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0] 76 UDP 192.168.101.33:55485 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][10 pkts/1750 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][49.87 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2969/0 5541/0 19870/0 5205/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 77 TCP 192.168.2.126:41940 <-> 18.64.79.50:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1315 bytes <-> 1 pkts/419 bytes][Goodput ratio: 95/84][0.04 sec][Hostname/SNI: tknet-cdn.rayjump.com][URL: tknet-cdn.rayjump.com/ad/log/play?k=629bea20a4e5410001f01c7x&mp=fURPDr5tiUStf7V2fajMiaveHUveDAJ96aiPfU5IiARTfnHIGal9i%2BMefbMefAEeGn3TfaiFfnRPGnEe6jxc6aRAGaxIi%2BMPfdMei%2BewDke6Go9bWUxIi099WUR%2Fi%2BegYFKgY75IhFx8%2BFJML7K%2FH5K9GaHIinhPfdleialM6azIHkPIG][StatusCode: 200][Content-Type: text/plain][Server: nginx][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /ad/log/play)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0] + 77 TCP 192.168.2.126:41940 <-> 18.64.79.50:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1315 bytes <-> 1 pkts/419 bytes][Goodput ratio: 95/84][0.04 sec][Hostname/SNI: tknet-cdn.rayjump.com][URL: tknet-cdn.rayjump.com/ad/log/play?k=629bea20a4e5410001f01c7x&mp=fURPDr5tiUStf7V2fajMiaveHUveDAJ96aiPfU5IiARTfnHIGal9i%2BMefbMefAEeGn3TfaiFfnRPGnEe6jxc6aRAGaxIi%2BMPfdMei%2BewDke6Go9bWUxIi099WUR%2Fi%2BegYFKgY75IhFx8%2BFJML7K%2FH5K9GaHIinhPfdleialM6azIHkPIG][StatusCode: 200][Content-Type: text/plain][Server: nginx][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.868 (Executable)][PLAIN TEXT (GET /ad/log/play)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0] 78 TCP 192.168.2.126:49242 <-> 172.104.119.80:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][2 pkts/1129 bytes <-> 2 pkts/582 bytes][Goodput ratio: 88/77][2.16 sec][Hostname/SNI: android.yingshi.tcclick.1kxun.com][URL: android.yingshi.tcclick.1kxun.com/api/upload.php][StatusCode: 500][Req Content-Type: application/octet-stream][Content-Type: text/html][Server: openresty/1.11.2.5][User-Agent: okhttp/3.10.0][Risk: ** Error Code **][Risk Score: 10][Risk Info: HTTP Error Code 500][PLAIN TEXT (aPOST /api/upload.php HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 79 TCP 192.168.2.126:56104 <-> 3.72.69.158:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/896 bytes <-> 1 pkts/721 bytes][Goodput ratio: 93/91][0.02 sec][Hostname/SNI: setting.rayjump.com][URL: setting.rayjump.com/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&unit_ids=%5B8881%5D&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&br][StatusCode: 200][Content-Type: text/plain][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (GET /rewardsetting)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 80 UDP 192.168.5.49:51704 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][9 pkts/1611 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][45.06 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2965/0 5631/0 15155/0 3855/0][Pkt Len c2s/s2c min/avg/max/stddev: 179/0 179/0 179/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 81 UDP 192.168.5.50:64674 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][9 pkts/1611 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][57.02 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2949/0 7126/0 24065/0 7503/0][Pkt Len c2s/s2c min/avg/max/stddev: 179/0 179/0 179/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 82 UDP 192.168.5.37:57325 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][9 pkts/1575 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][45.06 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2969/0 5632/0 18024/0 4843/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 83 TCP 192.168.2.126:59324 <-> 104.117.221.10:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/475 bytes <-> 1 pkts/1049 bytes][Goodput ratio: 86/94][0.04 sec][Hostname/SNI: m.vpon.com][URL: m.vpon.com/sdk/vpadn-sdk-core-v1.js][StatusCode: 200][Content-Type: application/x-javascript][Server: AkamaiNetStorage][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36(Mobile; vpadn-sdk-a-v4.6.4)][PLAIN TEXT (GET /sdk/vpadn)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 83 TCP 192.168.2.126:59324 <-> 104.117.221.10:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/475 bytes <-> 1 pkts/1049 bytes][Goodput ratio: 86/94][0.04 sec][Hostname/SNI: m.vpon.com][URL: m.vpon.com/sdk/vpadn-sdk-core-v1.js][StatusCode: 200][Content-Type: application/x-javascript][Server: AkamaiNetStorage][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36(Mobile; vpadn-sdk-a-v4.6.4)][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.517 (Executable)][PLAIN TEXT (GET /sdk/vpadn)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 84 TCP 192.168.2.126:35200 <-> 103.29.71.30:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/953 bytes <-> 1 pkts/563 bytes][Goodput ratio: 93/88][0.36 sec][Hostname/SNI: release.bigdata.1kxun.com][URL: release.bigdata.1kxun.com/c/35/13277?&_in_app=kankan&_udid=e6dbd30b-3b84-44b4-9751-631148a3ede9&_v=2.8.2.1&_package=com.sceneway.kankan&_model=sdk_gphone_x86&_ov=11&_brand=Google&_android_id=b9e28776354d259e&_gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&t=16][StatusCode: 302][Content-Type: text/html][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /c/35/13277)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 85 TCP 192.168.2.126:43272 <-> 18.64.79.58:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1006 bytes <-> 1 pkts/500 bytes][Goodput ratio: 93/87][0.11 sec][Hostname/SNI: net.rayjump.com][URL: net.rayjump.com/openapi/ads?app_id=32456&unit_id=52498&sign=3c28ded04e0f4090229968618244b583&is_vast=1&ad_num=1&http_req=1&client_ip=92.219.40.235&useragent=Dalvik%2F2.1.0+%28Linux%3B+U%3B+Android+11%3B+sdk_gphone_x86+Build%2FRSR1.201013.001%29&os_version][StatusCode: 200][Content-Type: application/json][Server: nginx][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][PLAIN TEXT (GET /openapi/ads)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 86 TCP 192.168.115.8:49607 <-> 218.244.135.170:9099 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 8][cat: Web/5][10 pkts/880 bytes <-> 3 pkts/572 bytes][Goodput ratio: 36/69][0.74 sec][Hostname/SNI: 218.244.135.170][bytes ratio: 0.212 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/119 54/119 318/119 106/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 88/191 212/446 62/181][URL: 218.244.135.170:9099/api/qqlive_ckey/get?vid=y0013xaeeyo&platform=10902][StatusCode: 200][User-Agent: Mozilla/5.0][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 218.244.135.170][PLAIN TEXT (GET /api/qq)][Plen Bins: 25,0,0,0,50,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 86 TCP 192.168.115.8:49607 <-> 218.244.135.170:9099 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 8][cat: Web/5][10 pkts/880 bytes <-> 3 pkts/572 bytes][Goodput ratio: 36/69][0.74 sec][Hostname/SNI: 218.244.135.170][bytes ratio: 0.212 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/119 54/119 318/119 106/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 88/191 212/446 62/181][URL: 218.244.135.170:9099/api/qqlive_ckey/get?vid=y0013xaeeyo&platform=10902][StatusCode: 200][User-Agent: Mozilla/5.0][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **][Risk Score: 110][Risk Info: Found host 218.244.135.170 / Entropy: 5.332 (Executable)][PLAIN TEXT (GET /api/qq)][Plen Bins: 25,0,0,0,50,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 87 UDP 192.168.5.47:60267 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][8 pkts/1432 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][38.10 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2968/0 5442/0 17101/0 4875/0][Pkt Len c2s/s2c min/avg/max/stddev: 179/0 179/0 179/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 88 UDP 192.168.5.41:55312 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][8 pkts/1400 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][57.22 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2949/0 8174/0 27242/0 8848/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 89 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][4 pkts/1368 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][46.39 sec][Hostname/SNI: shen][DHCP Fingerprint: 1,121,3,6,15,119,252][PLAIN TEXT (android)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 90 UDP 192.168.5.16:68 <-> 192.168.119.1:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/684 bytes <-> 2 pkts/684 bytes][Goodput ratio: 88/88][30.01 sec][Hostname/SNI: macbook-air][DHCP Fingerprint: 1,3,6,15,119,95,252,44,46][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 91 TCP 192.168.2.126:53416 <-> 172.217.16.142:80 [proto: 7.126/HTTP.Google][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/625 bytes <-> 1 pkts/734 bytes][Goodput ratio: 89/91][0.05 sec][Hostname/SNI: play.google.com][URL: play.google.com/store/apps/details?id=com.azarlive.android&referrer=adjust_external_click_id%3Dv.2_g.143845_a.f84f54bf-31cd-43ff-bd27-526ccc6457da_c.117_t.ua_u.e7df87247cbcea13%26utm_campaign%3DTest%2BCampaign%26utm_content%3DTest%2BSource%2BApp_123456789][StatusCode: 301][Content-Type: application/binary][Server: ESF][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /store/apps/details)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 92 TCP 192.168.2.126:58758 <-> 202.153.196.53:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1110 bytes <-> 1 pkts/236 bytes][Goodput ratio: 94/72][0.32 sec][Hostname/SNI: tw.api.vpon.com][URL: tw.api.vpon.com/api/webviewAdReq?s_w=411&s_h=731&u_w=411&u_h=683&u_sd=2.625&lang=en_US&ni=0&sdk=vpadn-sdk-a-v4.6.4&u_o=1&os_v=30&n_mnc=260&n_mcc=310&mnc=260&mcc=310&format=320x50_mb&msid=com.sceneway.kankan&app_name=30.android.com.sceneway.kankan&simulato][StatusCode: 200][Server: Apache-Coyote/1.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36(Mobile; vpadn-sdk-a-v4.6.4)][PLAIN TEXT (NGET /api/webviewAdReq)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 93 TCP 192.168.2.126:58760 <-> 202.153.196.53:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1110 bytes <-> 1 pkts/236 bytes][Goodput ratio: 94/72][1.09 sec][Hostname/SNI: tw.api.vpon.com][URL: tw.api.vpon.com/api/webviewAdReq?s_w=731&s_h=411&u_w=683&u_h=411&u_sd=2.625&lang=en_US&ni=0&sdk=vpadn-sdk-a-v4.6.4&u_o=2&os_v=30&n_mnc=260&n_mcc=310&mnc=260&mcc=310&format=320x50_mb&msid=com.sceneway.kankan&app_name=30.android.com.sceneway.kankan&simulato][StatusCode: 200][Server: Apache-Coyote/1.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36(Mobile; vpadn-sdk-a-v4.6.4)][PLAIN TEXT (GET /api/webviewAdReq)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 91 TCP 192.168.2.126:53416 <-> 172.217.16.142:80 [proto: 7.126/HTTP.Google][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/625 bytes <-> 1 pkts/734 bytes][Goodput ratio: 89/91][0.05 sec][Hostname/SNI: play.google.com][URL: play.google.com/store/apps/details?id=com.azarlive.android&referrer=adjust_external_click_id%3Dv.2_g.143845_a.f84f54bf-31cd-43ff-bd27-526ccc6457da_c.117_t.ua_u.e7df87247cbcea13%26utm_campaign%3DTest%2BCampaign%26utm_content%3DTest%2BSource%2BApp_123456789][StatusCode: 301][Content-Type: application/binary][Server: ESF][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.564 (Executable)][PLAIN TEXT (GET /store/apps/details)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 92 TCP 192.168.2.126:58758 <-> 202.153.196.53:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1110 bytes <-> 1 pkts/236 bytes][Goodput ratio: 94/72][0.32 sec][Hostname/SNI: tw.api.vpon.com][URL: tw.api.vpon.com/api/webviewAdReq?s_w=411&s_h=731&u_w=411&u_h=683&u_sd=2.625&lang=en_US&ni=0&sdk=vpadn-sdk-a-v4.6.4&u_o=1&os_v=30&n_mnc=260&n_mcc=310&mnc=260&mcc=310&format=320x50_mb&msid=com.sceneway.kankan&app_name=30.android.com.sceneway.kankan&simulato][StatusCode: 200][Server: Apache-Coyote/1.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36(Mobile; vpadn-sdk-a-v4.6.4)][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.864 (Executable)][PLAIN TEXT (NGET /api/webviewAdReq)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 93 TCP 192.168.2.126:58760 <-> 202.153.196.53:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1110 bytes <-> 1 pkts/236 bytes][Goodput ratio: 94/72][1.09 sec][Hostname/SNI: tw.api.vpon.com][URL: tw.api.vpon.com/api/webviewAdReq?s_w=731&s_h=411&u_w=683&u_h=411&u_sd=2.625&lang=en_US&ni=0&sdk=vpadn-sdk-a-v4.6.4&u_o=2&os_v=30&n_mnc=260&n_mcc=310&mnc=260&mcc=310&format=320x50_mb&msid=com.sceneway.kankan&app_name=30.android.com.sceneway.kankan&simulato][StatusCode: 200][Server: Apache-Coyote/1.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36(Mobile; vpadn-sdk-a-v4.6.4)][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.865 (Executable)][PLAIN TEXT (GET /api/webviewAdReq)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 94 TCP 192.168.2.126:56094 <-> 3.72.69.158:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/876 bytes <-> 1 pkts/460 bytes][Goodput ratio: 92/85][0.02 sec][Hostname/SNI: setting.rayjump.com][URL: setting.rayjump.com/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc][StatusCode: 200][Content-Type: text/plain][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (GET /rewardsetting)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 95 TCP 192.168.2.126:56098 <-> 3.72.69.158:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/863 bytes <-> 1 pkts/460 bytes][Goodput ratio: 92/85][0.02 sec][Hostname/SNI: setting.rayjump.com][URL: setting.rayjump.com/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc][StatusCode: 200][Content-Type: text/plain][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (GET /rewardsetting)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 96 TCP 192.168.2.126:47272 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/982 bytes <-> 1 pkts/331 bytes][Goodput ratio: 93/80][0.35 sec][Hostname/SNI: messages.1kxun.mobi][URL: messages.1kxun.mobi/api/messages/listForYingshi?client-uid=e6dbd30b-3b84-44b4-9751-631148a3ede9&min_id=0&access_token=&_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kx][StatusCode: 200][Content-Type: text/xml][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /api/messages/listForYingsh)][Plen Bins: 0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 97 TCP 192.168.2.126:56826 <-> 8.209.97.107:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Web/5][2 pkts/1156 bytes <-> 1 pkts/142 bytes][Goodput ratio: 91/62][0.02 sec][Hostname/SNI: analytics.rayjump.com][URL: analytics.rayjump.com/][StatusCode: 204][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (POST / HTTP/1.1)][Plen Bins: 0,0,33,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 97 TCP 192.168.2.126:56826 <-> 8.209.97.107:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Web/5][2 pkts/1156 bytes <-> 1 pkts/142 bytes][Goodput ratio: 91/62][0.02 sec][Hostname/SNI: analytics.rayjump.com][URL: analytics.rayjump.com/][StatusCode: 204][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.265 (Executable)][PLAIN TEXT (POST / HTTP/1.1)][Plen Bins: 0,0,33,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 98 UDP 192.168.5.48:49701 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][7 pkts/1253 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][16.80 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1227/0 2799/0 5942/0 1567/0][Pkt Len c2s/s2c min/avg/max/stddev: 179/0 179/0 179/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 99 TCP 192.168.2.126:43266 -> 18.64.79.58:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1198 bytes -> 0 pkts/0 bytes][Goodput ratio: 94/0][< 1 sec][Hostname/SNI: net.rayjump.com][URL: net.rayjump.com/openapi/ad/v3?app_id=32456&unit_id=8881&sign=3c28ded04e0f4090229968618244b583&req_type=2&ad_num=20&tnum=1&only_impression=1&ping_mode=1&ttc_ids=%5B%5D&ad_source_id=1&ad_type=94&offset=0&channel=&platform=1&os_version=11&package_name=com.sc][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (GET /openapi/ad/v)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0] + 99 TCP 192.168.2.126:43266 -> 18.64.79.58:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1198 bytes -> 0 pkts/0 bytes][Goodput ratio: 94/0][< 1 sec][Hostname/SNI: net.rayjump.com][URL: net.rayjump.com/openapi/ad/v3?app_id=32456&unit_id=8881&sign=3c28ded04e0f4090229968618244b583&req_type=2&ad_num=20&tnum=1&only_impression=1&ping_mode=1&ttc_ids=%5B%5D&ad_source_id=1&ad_type=94&offset=0&channel=&platform=1&os_version=11&package_name=com.sc][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy: 5.560 (Executable)][PLAIN TEXT (GET /openapi/ad/v)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0] 100 UDP 192.168.3.236:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][13 pkts/1196 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][30.61 sec][Hostname/SNI: isatap][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 715/0 2708/0 9111/0 2902/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/0 92/0 92/0 0/0][PLAIN TEXT (FDEBFEEBFACACACACACACACACACAAA)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 101 TCP 192.168.2.126:40204 <-> 18.235.204.9:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/760 bytes <-> 1 pkts/237 bytes][Goodput ratio: 91/72][0.11 sec][Hostname/SNI: adexp.liftoff.io][URL: adexp.liftoff.io/event/vast/start/57aa80COXjCBIkZjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhGICaqoiTMCB1KMi9DzCiEDobY29tLnNjZW5ld2F5Lmthbmthbi5tYXJrZXQzQhhoYXdrZXItcmVuZGVyaW5nLWNvbnRyb2xKCmQ4MTI5YmY1ZTRQAloDREVVYAJoBHIJdXMtZWFzdC0x4AEBgAF1kgECZW6YAQK][StatusCode: 200][Content-Type: image/png][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /event/vast/start/57aa80COX)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 101 TCP 192.168.2.126:40204 <-> 18.235.204.9:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/760 bytes <-> 1 pkts/237 bytes][Goodput ratio: 91/72][0.11 sec][Hostname/SNI: adexp.liftoff.io][URL: adexp.liftoff.io/event/vast/start/57aa80COXjCBIkZjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhGICaqoiTMCB1KMi9DzCiEDobY29tLnNjZW5ld2F5Lmthbmthbi5tYXJrZXQzQhhoYXdrZXItcmVuZGVyaW5nLWNvbnRyb2xKCmQ4MTI5YmY1ZTRQAloDREVVYAJoBHIJdXMtZWFzdC0x4AEBgAF1kgECZW6YAQK][StatusCode: 200][Content-Type: image/png][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.991 (Executable)][PLAIN TEXT (GET /event/vast/start/57aa80COX)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 102 TCP 192.168.2.126:60962 <-> 172.104.93.92:1234 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/255 bytes][Goodput ratio: 89/74][0.31 sec][Hostname/SNI: ws.1kxun.mobi][URL: ws.1kxun.mobi:1234/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c][StatusCode: 101][Server: swoole-websocket-server][User-Agent: okhttp/3.10.0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (Google)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 103 TCP 192.168.2.126:60972 <-> 172.104.93.92:1234 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/255 bytes][Goodput ratio: 89/74][0.24 sec][Hostname/SNI: ws.1kxun.mobi][URL: ws.1kxun.mobi:1234/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c][StatusCode: 101][Server: swoole-websocket-server][User-Agent: okhttp/3.10.0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (Google)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 104 TCP 192.168.2.126:60984 <-> 172.104.93.92:1234 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/255 bytes][Goodput ratio: 89/74][0.27 sec][Hostname/SNI: ws.1kxun.mobi][URL: ws.1kxun.mobi:1234/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c][StatusCode: 101][Server: swoole-websocket-server][User-Agent: okhttp/3.10.0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (Google)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 105 TCP 192.168.2.126:41134 <-> 129.226.107.77:80 [proto: 7.48/HTTP.QQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Chat/9][1 pkts/324 bytes <-> 1 pkts/518 bytes][Goodput ratio: 83/89][0.19 sec][Hostname/SNI: cgi.connect.qq.com][URL: cgi.connect.qq.com/qqconnectopen/openapi/policy_conf?status_os=11&status_version=30&status_machine=sdk_gphone_x86&sdkp=a&sdkv=3.1.0.lite&appid=100258135][StatusCode: 302][Content-Type: text/html][Server: stgw][User-Agent: AndroidSDK_30_generic_x86_arm_11][PLAIN TEXT (GET /qq)][Plen Bins: 0,0,0,0,0,0,0,0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 106 TCP 192.168.2.126:38834 <-> 119.45.78.184:80 [proto: 7.48/HTTP.QQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Chat/9][2 pkts/655 bytes <-> 1 pkts/170 bytes][Goodput ratio: 80/61][0.31 sec][Hostname/SNI: pingma.qq.com][URL: pingma.qq.com:80/mstat/report][StatusCode: 404][Risk: ** HTTP Susp User-Agent **** Error Code **][Risk Score: 110][Risk Info: Empty or missing User-Agent / HTTP Error Code 404][PLAIN TEXT (POST /mstat/report HTTP/1.1)][Plen Bins: 0,0,0,33,33,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 107 UDP 192.168.5.45:138 -> 192.168.255.255:138 [proto: 10.16/NetBIOS.SMBv1][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][3 pkts/648 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][0.00 sec][Hostname/SNI: macbookair-e1d0][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT ( ENEBEDECEPEPELEBEJ)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 108 TCP 192.168.2.126:54810 <-> 18.233.123.55:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/490 bytes <-> 1 pkts/141 bytes][Goodput ratio: 86/53][0.11 sec][Hostname/SNI: impression-east.liftoff.io][URL: impression-east.liftoff.io/mintegral/beacon?ad_group_id=143845&channel_id=117&creative_id=253640&auction_id=f84f54bf-31cd-43ff-bd27-526ccc6457da&origin=haggler-mintegral021][StatusCode: 200][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /mintegral/beacon)][Plen Bins: 0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 109 TCP 192.168.2.126:51888 -> 119.28.164.143:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/571 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Hostname/SNI: qzonestyle.gtimg.cn][URL: qzonestyle.gtimg.cn/qzone/openapi/qc-1.0.1.js][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (GET /qzone/openapi/qc)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 108 TCP 192.168.2.126:54810 <-> 18.233.123.55:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/490 bytes <-> 1 pkts/141 bytes][Goodput ratio: 86/53][0.11 sec][Hostname/SNI: impression-east.liftoff.io][URL: impression-east.liftoff.io/mintegral/beacon?ad_group_id=143845&channel_id=117&creative_id=253640&auction_id=f84f54bf-31cd-43ff-bd27-526ccc6457da&origin=haggler-mintegral021][StatusCode: 200][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.499 (Executable)][PLAIN TEXT (GET /mintegral/beacon)][Plen Bins: 0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 109 TCP 192.168.2.126:51888 -> 119.28.164.143:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/571 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Hostname/SNI: qzonestyle.gtimg.cn][URL: qzonestyle.gtimg.cn/qzone/openapi/qc-1.0.1.js][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy: 5.539 (Executable)][PLAIN TEXT (GET /qzone/openapi/qc)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 110 TCP 192.168.2.126:47230 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Download/7][1 pkts/223 bytes <-> 1 pkts/330 bytes][Goodput ratio: 70/80][0.18 sec][Hostname/SNI: kankan.1kxun.mobi][URL: kankan.1kxun.mobi/api.domain.conf][StatusCode: 200][Content-Type: application/octet-stream][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][Risk: ** Binary file/data transfer (attempt) **][Risk Score: 50][Risk Info: Found binary mime octet-stream][PLAIN TEXT (GET /api.domain.conf HTTP/1.1)][Plen Bins: 0,0,0,0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 111 UDP 192.168.115.8:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][6 pkts/552 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][1.50 sec][Hostname/SNI: wpad][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 300/0 749/0 367/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/0 92/0 92/0 0/0][PLAIN TEXT ( FHFAEBEECACACACACACACACACACACA)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 112 UDP 192.168.5.67:138 -> 192.168.255.255:138 [proto: 10.16/NetBIOS.SMBv1][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][2 pkts/549 bytes -> 0 pkts/0 bytes][Goodput ratio: 85/0][< 1 sec][Hostname/SNI: sanji-lifebook-][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT ( FDEBEOEKEJ)][Plen Bins: 0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -247,11 +247,11 @@ Undetected flows: 4 UDP 192.168.10.7:62976 -> 255.255.255.255:62976 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 2][2 pkts/718 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][30.11 sec][PLAIN TEXT (Switch)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 5 UDP 192.168.125.30:62976 -> 255.255.255.255:62976 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 2][2 pkts/718 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][30.10 sec][PLAIN TEXT (Switch)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 6 UDP 192.168.140.140:62976 -> 255.255.255.255:62976 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/359 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][< 1 sec][PLAIN TEXT (Switch)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 7 UDP [fe80::4e5e:cff:feea:365]:5678 -> [ff02::1]:5678 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/197 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][PLAIN TEXT (6.35.1 )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 8 UDP [fe80::4e5e:cff:fe9a:ec54]:5678 -> [ff02::1]:5678 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/185 bytes -> 0 pkts/0 bytes][Goodput ratio: 66/0][< 1 sec][PLAIN TEXT (6.35.1 )][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 9 UDP 192.168.119.1:56861 -> 255.255.255.255:5678 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/177 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][PLAIN TEXT (6.35.1 )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 7 UDP [fe80::4e5e:cff:feea:365]:5678 -> [ff02::1]:5678 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/197 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.188 (Executable)][PLAIN TEXT (6.35.1 )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 8 UDP [fe80::4e5e:cff:fe9a:ec54]:5678 -> [ff02::1]:5678 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/185 bytes -> 0 pkts/0 bytes][Goodput ratio: 66/0][< 1 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.214 (Executable)][PLAIN TEXT (6.35.1 )][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 9 UDP 192.168.119.1:56861 -> 255.255.255.255:5678 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/177 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.168 (Executable)][PLAIN TEXT (6.35.1 )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 10 UDP 59.120.208.218:50151 -> 255.255.255.255:1947 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 2][2 pkts/164 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][34.71 sec][PLAIN TEXT (AABHZW50cmljZV9)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 11 UDP 192.168.2.186:32768 -> 255.255.255.255:1947 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 2][2 pkts/164 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][34.72 sec][PLAIN TEXT (icRVSoU)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 12 UDP 192.168.119.2:43786 -> 255.255.255.255:5678 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/163 bytes -> 0 pkts/0 bytes][Goodput ratio: 74/0][< 1 sec][PLAIN TEXT (6.35.4 )][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 13 UDP 192.168.0.100:50925 -> 255.255.255.255:5678 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/142 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][PLAIN TEXT (6.35.1 )][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 12 UDP 192.168.119.2:43786 -> 255.255.255.255:5678 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/163 bytes -> 0 pkts/0 bytes][Goodput ratio: 74/0][< 1 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.052 (Executable)][PLAIN TEXT (6.35.4 )][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 13 UDP 192.168.0.100:50925 -> 255.255.255.255:5678 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/142 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 5.173 (Executable)][PLAIN TEXT (6.35.1 )][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 14 UDP 59.120.208.212:32768 -> 255.255.255.255:1947 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][PLAIN TEXT (dDYcTc4)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/stun_all_attributes_disabled/result/teams.pcap.out b/tests/cfgs/stun_all_attributes_disabled/result/teams.pcap.out index de5e8337780..a504ac1a13c 100644 --- a/tests/cfgs/stun_all_attributes_disabled/result/teams.pcap.out +++ b/tests/cfgs/stun_all_attributes_disabled/result/teams.pcap.out @@ -68,7 +68,7 @@ JA3 Host Stats: 11 TCP 192.168.1.6:60540 <-> 52.114.75.70:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][DPI packets: 5][cat: Collaborative/15][14 pkts/5711 bytes <-> 10 pkts/8093 bytes][Goodput ratio: 83/92][0.13 sec][Hostname/SNI: eu-prod.asyncgw.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.173 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/9 32/32 13/14][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 408/809 1494/1506 517/688][TLSv1.2][JA3C: 74d5fa154a7fc0a7c655d8eaa34b89bf][JA4: t12d1312h2_8b80da21ef18_b00751acaffa][Plen Bins: 0,7,0,7,0,0,0,15,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,15,31,0,0] 12 TCP 192.168.1.6:60537 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][DPI packets: 8][cat: Cloud/13][16 pkts/8418 bytes <-> 10 pkts/5367 bytes][Goodput ratio: 87/88][0.27 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.221 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/27 46/46 20/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 526/537 1494/1506 639/623][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: a1674500365bdd882188db63730e69a2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 7,7,7,0,0,0,7,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,7,0,0,31,15,0,0] 13 TCP 192.168.1.6:60555 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][DPI packets: 11][cat: Cloud/13][18 pkts/5861 bytes <-> 13 pkts/7901 bytes][Goodput ratio: 80/89][2.79 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: -0.148 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 192/269 2443/2490 625/741][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 326/608 1494/1506 448/617][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Firefox][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,16,11,0,0,5,0,0,0,5,5,0,0,11,0,5,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,22,0,0] - 14 UDP 192.168.1.6:51681 <-> 52.114.77.136:3478 [proto: 38/Skype_TeamsCall][IP: 276/Azure][Encrypted][Confidence: Match by port][DPI packets: 12][cat: VoIP/10][14 pkts/5838 bytes <-> 17 pkts/7907 bytes][Goodput ratio: 90/91][4.57 sec][bytes ratio: -0.151 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 347/256 2336/2336 693/595][Pkt Len c2s/s2c min/avg/max/stddev: 79/79 417/465 1243/1227 434/401][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy 7.83][PLAIN TEXT (TBHSWF)][Plen Bins: 0,36,0,0,0,12,6,0,3,6,0,0,0,3,0,0,0,0,0,0,0,0,0,6,6,0,0,0,0,0,3,0,3,3,0,0,0,9,0,0,0,0,0,0,0,0,0,0] + 14 UDP 192.168.1.6:51681 <-> 52.114.77.136:3478 [proto: 38/Skype_TeamsCall][IP: 276/Azure][Encrypted][Confidence: Match by port][DPI packets: 12][cat: VoIP/10][14 pkts/5838 bytes <-> 17 pkts/7907 bytes][Goodput ratio: 90/91][4.57 sec][bytes ratio: -0.151 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 347/256 2336/2336 693/595][Pkt Len c2s/s2c min/avg/max/stddev: 79/79 417/465 1243/1227 434/401][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 6.927 (Compressed Executable)][PLAIN TEXT (TBHSWF)][Plen Bins: 0,36,0,0,0,12,6,0,3,6,0,0,0,3,0,0,0,0,0,0,0,0,0,6,6,0,0,0,0,0,3,0,3,3,0,0,0,9,0,0,0,0,0,0,0,0,0,0] 15 TCP 192.168.1.6:60547 <-> 52.114.88.59:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][DPI packets: 14][cat: Collaborative/15][20 pkts/3926 bytes <-> 15 pkts/8828 bytes][Goodput ratio: 66/89][0.32 sec][Hostname/SNI: chatsvcagg.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.384 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/25 91/80 23/31][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 196/589 1494/1506 320/612][TLSv1.2][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,21,10,5,0,5,10,5,0,0,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,5,21,0,0] 16 TCP 192.168.1.6:60565 <-> 52.114.108.8:443 [proto: 91.250/TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][DPI packets: 5][cat: Collaborative/15][19 pkts/3306 bytes <-> 14 pkts/9053 bytes][Goodput ratio: 61/90][0.43 sec][Hostname/SNI: emea.ng.msg.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.465 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27/12 276/54 68/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 174/647 1060/1506 238/633][TLSv1.2][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,22,16,5,0,0,5,0,0,0,0,0,0,5,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,22,0,0] 17 TCP 192.168.1.6:60541 <-> 52.114.75.69:443 [proto: 91.125/TLS.Skype_Teams][IP: 276/Azure][Encrypted][Confidence: DPI][DPI packets: 10][cat: VoIP/10][13 pkts/4051 bytes <-> 9 pkts/7973 bytes][Goodput ratio: 79/92][0.14 sec][Hostname/SNI: eu-api.asm.skype.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.326 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/11 31/36 14/16][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 312/886 1494/1506 422/676][TLSv1.2][JA3C: 74d5fa154a7fc0a7c655d8eaa34b89bf][JA4: t12d1312h2_8b80da21ef18_b00751acaffa][ServerNames: *.asm.skype.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=*.asm.skype.com][Certificate SHA-1: B9:41:1D:AE:56:09:68:D2:07:D0:69:E1:68:00:08:2B:EF:63:1E:48][Validity: 2019-05-07 12:50:03 - 2021-05-07 12:50:03][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,8,0,8,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8,34,0,0] diff --git a/tests/cfgs/stun_only_peer_address_enabled/result/stun_wa_call.pcapng.out b/tests/cfgs/stun_only_peer_address_enabled/result/stun_wa_call.pcapng.out index a6e20c44b83..f6820b1a769 100644 --- a/tests/cfgs/stun_only_peer_address_enabled/result/stun_wa_call.pcapng.out +++ b/tests/cfgs/stun_only_peer_address_enabled/result/stun_wa_call.pcapng.out @@ -40,4 +40,4 @@ Acceptable 591 133689 13 10 UDP 192.168.12.156:49526 <-> 157.240.231.62:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][3 pkts/890 bytes <-> 2 pkts/220 bytes][Goodput ratio: 86/62][14.68 sec][Plen Bins: 0,0,40,0,0,0,20,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 11 UDP 192.168.12.156:49526 <-> 179.60.192.48:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][3 pkts/890 bytes <-> 2 pkts/220 bytes][Goodput ratio: 86/62][14.68 sec][Plen Bins: 0,0,40,0,0,0,20,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 12 UDP 192.168.12.156:49526 <-> 185.60.216.51:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][3 pkts/890 bytes <-> 2 pkts/220 bytes][Goodput ratio: 86/62][14.68 sec][Plen Bins: 0,0,40,0,0,0,20,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 13 ICMP 93.63.100.129:0 -> 192.168.12.156:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/110 bytes -> 0 pkts/0 bytes][Goodput ratio: 61/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 13 ICMP 93.63.100.129:0 -> 192.168.12.156:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/110 bytes -> 0 pkts/0 bytes][Goodput ratio: 61/0][< 1 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy: 5.459 (Executable)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/stun_only_peer_address_enabled/result/telegram_videocall.pcapng.out b/tests/cfgs/stun_only_peer_address_enabled/result/telegram_videocall.pcapng.out index d798b1ad7e3..bea67066bca 100644 --- a/tests/cfgs/stun_only_peer_address_enabled/result/telegram_videocall.pcapng.out +++ b/tests/cfgs/stun_only_peer_address_enabled/result/telegram_videocall.pcapng.out @@ -40,19 +40,19 @@ TelegramVoip 228 41561 16 Safe 4 295 1 Acceptable 883 382822 33 - 1 TCP 192.168.12.169:37950 <-> 149.154.167.91:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: Match by IP][DPI packets: 4][cat: Chat/9][156 pkts/40749 bytes <-> 214 pkts/142865 bytes][Goodput ratio: 75/90][41.14 sec][bytes ratio: -0.556 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 246/152 12847/5983 1291/707][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 261/668 1090/1294 224/564][PLAIN TEXT (MMHu@J)][Plen Bins: 0,0,2,2,4,5,6,4,4,3,0,1,0,0,1,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0] - 2 TCP 192.168.12.169:40830 <-> 149.154.167.222:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: Match by IP][DPI packets: 4][cat: Chat/9][80 pkts/7287 bytes <-> 100 pkts/120708 bytes][Goodput ratio: 27/95][28.19 sec][bytes ratio: -0.886 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 437/1 25008/31 3114/5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 91/1207 644/1294 95/289][PLAIN TEXT (elySaT)][Plen Bins: 0,0,0,0,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,94,0,0,0,0,0,0,0,0,0] + 1 TCP 192.168.12.169:37950 <-> 149.154.167.91:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: Match by IP][DPI packets: 4][cat: Chat/9][156 pkts/40749 bytes <-> 214 pkts/142865 bytes][Goodput ratio: 75/90][41.14 sec][bytes ratio: -0.556 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 246/152 12847/5983 1291/707][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 261/668 1090/1294 224/564][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 7.257 (Encrypted Executable)][PLAIN TEXT (MMHu@J)][Plen Bins: 0,0,2,2,4,5,6,4,4,3,0,1,0,0,1,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0] + 2 TCP 192.168.12.169:40830 <-> 149.154.167.222:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: Match by IP][DPI packets: 4][cat: Chat/9][80 pkts/7287 bytes <-> 100 pkts/120708 bytes][Goodput ratio: 27/95][28.19 sec][bytes ratio: -0.886 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 437/1 25008/31 3114/5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 91/1207 644/1294 95/289][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 7.638 (Encrypted or Random)][PLAIN TEXT (elySaT)][Plen Bins: 0,0,0,0,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,94,0,0,0,0,0,0,0,0,0] 3 UDP 192.168.12.169:42405 <-> 93.36.13.115:35393 [proto: 78.355/STUN.TelegramVoip][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][DPI packets: 7][cat: VoIP/10][59 pkts/17987 bytes <-> 55 pkts/9102 bytes][Goodput ratio: 86/75][2.02 sec][bytes ratio: 0.328 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/28 306/117 48/28][Pkt Len c2s/s2c min/avg/max/stddev: 65/63 305/165 1154/435 330/102][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (BPEmhF0)][Plen Bins: 8,28,25,7,0,0,0,15,0,1,1,0,2,1,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0] - 4 TCP 192.168.12.169:40832 <-> 149.154.167.222:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: Match by IP][DPI packets: 4][cat: Chat/9][18 pkts/2256 bytes <-> 15 pkts/13705 bytes][Goodput ratio: 47/93][28.20 sec][bytes ratio: -0.717 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 218/280 2909/2997 746/859][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 125/914 644/1294 150/495][PLAIN TEXT (lmd/HB)][Plen Bins: 0,0,0,0,6,6,6,0,0,0,6,0,0,0,0,0,0,0,6,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,57,0,0,0,0,0,0,0,0,0] - 5 TCP 192.168.12.169:46862 <-> 149.154.167.51:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: Match by IP][DPI packets: 4][cat: Chat/9][11 pkts/1963 bytes <-> 8 pkts/2558 bytes][Goodput ratio: 63/79][10.13 sec][bytes ratio: -0.132 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1124/32 9909/87 3106/31][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 178/320 452/670 155/261][Plen Bins: 0,0,0,11,0,22,0,0,0,0,22,0,11,0,0,0,11,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 6 TCP 192.168.12.169:46866 <-> 149.154.167.51:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: Match by IP][DPI packets: 4][cat: Chat/9][9 pkts/1879 bytes <-> 6 pkts/1822 bytes][Goodput ratio: 68/78][10.11 sec][bytes ratio: 0.015 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/30 1440/34 9925/41 3464/5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 209/304 436/839 161/306][Plen Bins: 0,0,0,14,0,0,0,14,0,14,0,28,0,0,0,0,14,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 4 TCP 192.168.12.169:40832 <-> 149.154.167.222:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: Match by IP][DPI packets: 4][cat: Chat/9][18 pkts/2256 bytes <-> 15 pkts/13705 bytes][Goodput ratio: 47/93][28.20 sec][bytes ratio: -0.717 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 218/280 2909/2997 746/859][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 125/914 644/1294 150/495][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 7.526 (Encrypted or Random)][PLAIN TEXT (lmd/HB)][Plen Bins: 0,0,0,0,6,6,6,0,0,0,6,0,0,0,0,0,0,0,6,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,57,0,0,0,0,0,0,0,0,0] + 5 TCP 192.168.12.169:46862 <-> 149.154.167.51:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: Match by IP][DPI packets: 4][cat: Chat/9][11 pkts/1963 bytes <-> 8 pkts/2558 bytes][Goodput ratio: 63/79][10.13 sec][bytes ratio: -0.132 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1124/32 9909/87 3106/31][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 178/320 452/670 155/261][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 7.322 (Encrypted or Random)][Plen Bins: 0,0,0,11,0,22,0,0,0,0,22,0,11,0,0,0,11,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 6 TCP 192.168.12.169:46866 <-> 149.154.167.51:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: Match by IP][DPI packets: 4][cat: Chat/9][9 pkts/1879 bytes <-> 6 pkts/1822 bytes][Goodput ratio: 68/78][10.11 sec][bytes ratio: 0.015 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/30 1440/34 9925/41 3464/5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 209/304 436/839 161/306][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 7.504 (Encrypted or Random)][Plen Bins: 0,0,0,14,0,0,0,14,0,14,0,28,0,0,0,0,14,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 7 UDP 192.168.12.169:40643 <-> 91.108.9.35:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][DPI packets: 7][cat: VoIP/10][8 pkts/1224 bytes <-> 10 pkts/1236 bytes][Goodput ratio: 72/66][14.20 sec][Hostname/SNI: telegram.org][bytes ratio: -0.005 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 35/0 2360/1766 13458/13458 4964/4420][Pkt Len c2s/s2c min/avg/max/stddev: 70/102 153/124 170/190 33/25][Peer IP/Port: 93.36.13.115:35393][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (Unauthorized)][Plen Bins: 5,16,34,16,27,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 8 UDP 192.168.12.169:40906 -> 10.46.103.200:42554 [proto: 78.355/STUN.TelegramVoip][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][DPI packets: 7][cat: VoIP/10][13 pkts/1846 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][13.47 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 98/0 1088/0 1553/0 481/0][Pkt Len c2s/s2c min/avg/max/stddev: 142/0 142/0 142/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (BBEvpfJJpa)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 9 UDP 192.168.12.169:42405 -> 10.46.103.200:42554 [proto: 78.355/STUN.TelegramVoip][IP: 0/Unknown][ClearText][Confidence: DPI (cache)][DPI packets: 7][cat: VoIP/10][13 pkts/1846 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][13.02 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 97/0 1047/0 2004/0 541/0][Pkt Len c2s/s2c min/avg/max/stddev: 142/0 142/0 142/0 0/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (bfyeXPVa97N)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 10 TCP 192.168.12.169:40834 <-> 149.154.167.222:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: Match by IP][DPI packets: 4][cat: Chat/9][5 pkts/788 bytes <-> 3 pkts/890 bytes][Goodput ratio: 57/77][0.17 sec][bytes ratio: -0.061 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 6/47 24/68 42/90 14/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 158/297 315/750 110/321][Plen Bins: 0,0,0,0,0,0,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 10 TCP 192.168.12.169:40834 <-> 149.154.167.222:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: Match by IP][DPI packets: 4][cat: Chat/9][5 pkts/788 bytes <-> 3 pkts/890 bytes][Goodput ratio: 57/77][0.17 sec][bytes ratio: -0.061 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 6/47 24/68 42/90 14/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 158/297 315/750 110/321][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 7.107 (Compressed Executable)][Plen Bins: 0,0,0,0,0,0,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 11 UDP 192.168.12.169:49667 <-> 91.108.13.23:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][DPI packets: 7][cat: VoIP/10][6 pkts/912 bytes <-> 6 pkts/704 bytes][Goodput ratio: 72/64][14.30 sec][Hostname/SNI: telegram.org][bytes ratio: 0.129 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 82/81 176/176 283/284 76/77][Pkt Len c2s/s2c min/avg/max/stddev: 70/102 152/117 170/134 37/14][Peer IP/Port: 93.36.13.115:35393][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (ehscoNGDW)][Plen Bins: 8,16,33,16,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 12 UDP 192.168.12.169:49780 <-> 91.108.17.2:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][DPI packets: 7][cat: VoIP/10][6 pkts/912 bytes <-> 6 pkts/704 bytes][Goodput ratio: 72/64][14.31 sec][Hostname/SNI: telegram.org][bytes ratio: 0.129 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 83/84 174/175 253/252 62/61][Pkt Len c2s/s2c min/avg/max/stddev: 70/102 152/117 170/134 37/14][Peer IP/Port: 93.36.13.115:35393][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (Unauthorized)][Plen Bins: 8,16,33,16,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 13 TCP 192.168.12.169:37966 <-> 149.154.167.91:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: Match by IP][DPI packets: 4][cat: Chat/9][5 pkts/1117 bytes <-> 3 pkts/464 bytes][Goodput ratio: 70/55][0.15 sec][bytes ratio: 0.413 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/32 20/62 33/91 13/30][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 223/155 532/324 196/120][Plen Bins: 0,0,0,0,0,0,0,0,33,33,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 13 TCP 192.168.12.169:37966 <-> 149.154.167.91:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: Match by IP][DPI packets: 4][cat: Chat/9][5 pkts/1117 bytes <-> 3 pkts/464 bytes][Goodput ratio: 70/55][0.15 sec][bytes ratio: 0.413 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/32 20/62 33/91 13/30][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 223/155 532/324 196/120][Risk: ** Susp Entropy **][Risk Score: 50][Risk Info: Entropy: 7.574 (Encrypted or Random)][Plen Bins: 0,0,0,0,0,0,0,0,33,33,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 14 UDP 192.168.12.169:37444 <-> 91.108.17.2:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][DPI packets: 6][cat: VoIP/10][3 pkts/402 bytes <-> 3 pkts/378 bytes][Goodput ratio: 68/66][14.31 sec][Hostname/SNI: telegram.org][bytes ratio: 0.031 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 159/159 7082/7082 14005/14005 6923/6923][Pkt Len c2s/s2c min/avg/max/stddev: 70/110 134/126 166/134 45/11][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (Unauthorized)][Plen Bins: 16,0,50,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 15 UDP 192.168.12.169:37530 <-> 91.108.13.23:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][DPI packets: 6][cat: VoIP/10][3 pkts/402 bytes <-> 3 pkts/378 bytes][Goodput ratio: 68/66][14.30 sec][Hostname/SNI: telegram.org][bytes ratio: 0.031 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 133/132 7082/7082 14032/14032 6950/6950][Pkt Len c2s/s2c min/avg/max/stddev: 70/110 134/126 166/134 45/11][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (Unauthorized)][Plen Bins: 16,0,50,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 16 UDP 192.168.12.169:37849 <-> 91.108.9.35:1400 [proto: 78.355/STUN.TelegramVoip][IP: 185/Telegram][ClearText][Confidence: DPI][DPI packets: 6][cat: VoIP/10][3 pkts/402 bytes <-> 3 pkts/378 bytes][Goodput ratio: 68/66][14.20 sec][Hostname/SNI: telegram.org][bytes ratio: 0.031 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 30/45 7084/7084 14138/14124 7054/7040][Pkt Len c2s/s2c min/avg/max/stddev: 70/110 134/126 166/134 45/11][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (Bs/cdOs)][Plen Bins: 16,0,50,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -67,9 +67,9 @@ Acceptable 883 382822 33 25 TCP 18.195.162.93:443 <-> 192.168.12.169:38956 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][2 pkts/163 bytes <-> 2 pkts/132 bytes][Goodput ratio: 19/0][5.09 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 26 TCP 192.168.12.169:40710 <-> 52.58.18.25:5222 [proto: 265/AmazonAWS][IP: 265/AmazonAWS][Encrypted][Confidence: Match by IP][DPI packets: 4][cat: Cloud/13][2 pkts/144 bytes <-> 2 pkts/144 bytes][Goodput ratio: 8/8][0.02 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 27 ICMPV6 [fe80::98df:58ff:fefa:ebdc]:0 -> [ff02::2]:0 [proto: 102/ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][4 pkts/280 bytes -> 0 pkts/0 bytes][Goodput ratio: 11/0][32.62 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 28 ICMP 192.168.12.169:0 -> 91.108.9.35:0 [proto: 81/ICMP][IP: 185/Telegram][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/276 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][0.00 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (ORtRLoo/fpi)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 29 ICMP 192.168.12.169:0 -> 91.108.13.23:0 [proto: 81/ICMP][IP: 185/Telegram][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/276 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][0.00 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (BuBNffVSd)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 30 ICMP 192.168.12.169:0 -> 91.108.17.2:0 [proto: 81/ICMP][IP: 185/Telegram][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/276 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][0.01 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (KHOirrFTCqEz)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 28 ICMP 192.168.12.169:0 -> 91.108.9.35:0 [proto: 81/ICMP][IP: 185/Telegram][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/276 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][0.00 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy: 5.590 (Executable)][PLAIN TEXT (ORtRLoo/fpi)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 29 ICMP 192.168.12.169:0 -> 91.108.13.23:0 [proto: 81/ICMP][IP: 185/Telegram][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/276 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][0.00 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy: 5.612 (Executable)][PLAIN TEXT (BuBNffVSd)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 30 ICMP 192.168.12.169:0 -> 91.108.17.2:0 [proto: 81/ICMP][IP: 185/Telegram][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/276 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][0.01 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Entropy: 5.737 (Executable)][PLAIN TEXT (KHOirrFTCqEz)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 31 TCP 192.168.12.169:37948 <-> 149.154.167.91:443 [proto: 185/Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI (partial)][DPI packets: 3][cat: Chat/9][2 pkts/128 bytes <-> 1 pkts/74 bytes][Goodput ratio: 0/0][0.03 sec][Risk: ** TCP Connection Issues **][Risk Score: 50][Risk Info: Connection refused (client)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 32 UDP [fe80::abe:acff:fe0b:176e]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/107 bytes -> 0 pkts/0 bytes][Goodput ratio: 42/0][< 1 sec][Hostname/SNI: _ipps._tcp.local][_ipps._tcp.local][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 33 UDP 192.168.12.1:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/87 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Hostname/SNI: _ipps._tcp.local][_ipps._tcp.local][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]