diff --git a/example/ndpiReader.c b/example/ndpiReader.c index e43211ddd82..5b608b84d4b 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -252,7 +252,7 @@ static int dpdk_port_id = 0, dpdk_run_capture = 1; void test_lib(); /* Forward */ -extern void ndpi_report_payload_stats(int print); +extern void ndpi_report_payload_stats(FILE *out); extern int parse_proto_name_list(char *str, NDPI_PROTOCOL_BITMASK *bitmask, int inverted_logic); /* ********************************** */ @@ -420,10 +420,10 @@ flowGetBDMeanandVariance(struct ndpi_flow_info* flow) { if(csv_fp) { fprintf(csv_fp, ",%.3f,%.3f,%.3f,%.3f", mean, variance, entropy, entropy * num_bytes); } else { - fprintf(out, "[byte_dist_mean: %f", mean); - fprintf(out, "][byte_dist_std: %f]", variance); - fprintf(out, "[entropy: %f]", entropy); - fprintf(out, "[total_entropy: %f]", entropy * num_bytes); + fprintf(out, "[byte_dist_mean: %.3f", mean); + fprintf(out, "][byte_dist_std: %.3f]", variance); + fprintf(out, "[entropy: %.3f]", entropy); + fprintf(out, "[total_entropy: %.3f]", entropy * num_bytes); } } else { if(csv_fp) @@ -2747,7 +2747,7 @@ static void printFlowsStats() { FILE *out = results_file ? results_file : stdout; if(enable_payload_analyzer) - ndpi_report_payload_stats(1); + ndpi_report_payload_stats(out); for(thread_id = 0; thread_id < num_threads; thread_id++) total_flows += ndpi_thread_info[thread_id].workflow->num_allocated_flows; diff --git a/example/reader_util.c b/example/reader_util.c index c36b62ca1a2..003a72edc7b 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -216,68 +216,68 @@ static int payload_stats_sort_asc(void *_a, void *_b) { /* ***************************************************** */ -void print_payload_stat(struct payload_stats *p) { +static void print_payload_stat(struct payload_stats *p, FILE *out) { u_int i; struct flow_id_stats *s, *tmp; struct packet_id_stats *s1, *tmp1; - printf("\t["); + fprintf(out, "\t["); for(i=0; ipattern_len; i++) { - printf("%c", isprint(p->pattern[i]) ? p->pattern[i] : '.'); + fprintf(out, "%c", isprint(p->pattern[i]) ? p->pattern[i] : '.'); } - printf("]"); + fprintf(out, "]"); for(; i<16; i++) printf(" "); - printf("["); + fprintf(out, "["); for(i=0; ipattern_len; i++) { - printf("%s%02X", (i > 0) ? " " : "", isprint(p->pattern[i]) ? p->pattern[i] : '.'); + fprintf(out, "%s%02X", (i > 0) ? " " : "", isprint(p->pattern[i]) ? p->pattern[i] : '.'); } - printf("]"); + fprintf(out, "]"); - for(; i<16; i++) printf(" "); - for(i=p->pattern_len; ipattern_len; ipattern_len, p->num_occurrencies); + fprintf(out, "[len: %u][num_occurrencies: %u][flowId: ", + p->pattern_len, p->num_occurrencies); i = 0; HASH_ITER(hh, p->flows, s, tmp) { - printf("%s%u", (i > 0) ? " " : "", s->flow_id); + fprintf(out, "%s%u", (i > 0) ? " " : "", s->flow_id); i++; } - printf("][packetIds: "); + fprintf(out, "][packetIds: "); /* ******************************** */ i = 0; HASH_ITER(hh, p->packets, s1, tmp1) { - printf("%s%u", (i > 0) ? " " : "", s1->packet_id); + fprintf(out, "%s%u", (i > 0) ? " " : "", s1->packet_id); i++; } - printf("]\n"); + fprintf(out, "]\n"); } /* ***************************************************** */ -void ndpi_report_payload_stats(int print) { +void ndpi_report_payload_stats(FILE *out) { struct payload_stats *p, *tmp; u_int num = 0; - if(print) - printf("\n\nPayload Analysis\n"); + if(out) + fprintf(out, "\n\nPayload Analysis\n"); HASH_SORT(pstats, payload_stats_sort_asc); HASH_ITER(hh, pstats, p, tmp) { - if(print && num <= max_num_reported_top_payloads) - print_payload_stat(p); + if(out && num <= max_num_reported_top_payloads) + print_payload_stat(p, out); ndpi_free(p->pattern); @@ -711,20 +711,20 @@ ndpi_flow_update_byte_dist_mean_var(ndpi_flow_info_t *flow, const void *x, /* ***************************************************** */ -float ndpi_flow_get_byte_count_entropy(const uint32_t byte_count[256], +double ndpi_flow_get_byte_count_entropy(const uint32_t byte_count[256], unsigned int num_bytes) { int i; - float sum = 0.0; + double sum = 0.0; for(i=0; i<256; i++) { - float tmp = (float) byte_count[i] / (float) num_bytes; + double tmp = (double) byte_count[i] / (double) num_bytes; if(tmp > FLT_EPSILON) { sum -= tmp * logf(tmp); } } - return(sum / logf(2.0)); + return(sum / log(2.0)); } /* ***************************************************** */ @@ -1584,7 +1584,7 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, flow->entropy->score = ndpi_classify(flow->entropy->src2dst_pkt_len, flow->entropy->src2dst_pkt_time, flow->entropy->dst2src_pkt_len, flow->entropy->dst2src_pkt_time, flow->entropy->src2dst_start, flow->entropy->dst2src_start, - max_num_packets_per_flow, flow->src_port, flow->dst_port, + max_num_packets_per_flow, ntohs(flow->src_port), ntohs(flow->dst_port), flow->src2dst_packets, flow->dst2src_packets, flow->entropy->src2dst_opackets, flow->entropy->dst2src_opackets, flow->entropy->src2dst_l4_bytes, flow->entropy->dst2src_l4_bytes, 1, @@ -1592,7 +1592,7 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, else flow->entropy->score = ndpi_classify(flow->entropy->src2dst_pkt_len, flow->entropy->src2dst_pkt_time, NULL, NULL, flow->entropy->src2dst_start, flow->entropy->src2dst_start, - max_num_packets_per_flow, flow->src_port, flow->dst_port, + max_num_packets_per_flow, ntohs(flow->src_port), ntohs(flow->dst_port), flow->src2dst_packets, 0, flow->entropy->src2dst_opackets, 0, flow->entropy->src2dst_l4_bytes, 0, 1, diff --git a/example/reader_util.h b/example/reader_util.h index c085ebb8cfc..c5c399cd547 100644 --- a/example/reader_util.h +++ b/example/reader_util.h @@ -396,7 +396,7 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl void ndpi_flow_info_free_data(struct ndpi_flow_info *flow); void ndpi_flow_info_freer(void *node); const char* print_cipher_id(u_int32_t cipher); -float ndpi_flow_get_byte_count_entropy(const uint32_t byte_count[256], unsigned int num_bytes); +double ndpi_flow_get_byte_count_entropy(const uint32_t byte_count[256], unsigned int num_bytes); extern int nDPI_LogLevel; diff --git a/fuzz/fuzz_ndpi_reader.c b/fuzz/fuzz_ndpi_reader.c index f210611a4b7..a91becccc3c 100644 --- a/fuzz/fuzz_ndpi_reader.c +++ b/fuzz/fuzz_ndpi_reader.c @@ -24,7 +24,7 @@ int malloc_size_stats = 0; int max_malloc_bins = 14; struct ndpi_bin malloc_bins; /* unused */ -extern void ndpi_report_payload_stats(int print); +extern void ndpi_report_payload_stats(FILE *out); #ifdef CRYPT_FORCE_NO_AESNI extern int force_no_aesni; @@ -152,7 +152,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { ndpi_free(workflow->ndpi_flows_root); /* Free payload analyzer data, without printing */ if(enable_payload_analyzer) - ndpi_report_payload_stats(0); + ndpi_report_payload_stats(NULL); return 0; } diff --git a/tests/cfgs/enable_payload_stat/config.txt b/tests/cfgs/enable_payload_stat/config.txt new file mode 100644 index 00000000000..c347a0f08d5 --- /dev/null +++ b/tests/cfgs/enable_payload_stat/config.txt @@ -0,0 +1 @@ +-F -P 4:8:10:128:25 diff --git a/tests/cfgs/enable_payload_stat/pcap/1kxun.pcap b/tests/cfgs/enable_payload_stat/pcap/1kxun.pcap new file mode 120000 index 00000000000..f3b96eb01db --- /dev/null +++ b/tests/cfgs/enable_payload_stat/pcap/1kxun.pcap @@ -0,0 +1 @@ +../../default/pcap/1kxun.pcap \ No newline at end of file diff --git a/tests/cfgs/enable_payload_stat/result/1kxun.pcap.out b/tests/cfgs/enable_payload_stat/result/1kxun.pcap.out new file mode 100644 index 00000000000..2d5f70527b3 --- /dev/null +++ b/tests/cfgs/enable_payload_stat/result/1kxun.pcap.out @@ -0,0 +1,277 @@ +Guessed flow protos: 25 + +DPI Packets (TCP): 408 (4.16 pkts/flow) +DPI Packets (UDP): 120 (1.21 pkts/flow) +Confidence Unknown : 14 (flows) +Confidence Match by port : 6 (flows) +Confidence DPI : 177 (flows) +Num dissector calls: 4428 (22.48 diss/flow) +LRU cache ookla: 0/0/0 (insert/search/found) +LRU cache bittorrent: 0/60/0 (insert/search/found) +LRU cache zoom: 0/0/0 (insert/search/found) +LRU cache stun: 0/0/0 (insert/search/found) +LRU cache tls_cert: 0/8/0 (insert/search/found) +LRU cache mining: 0/20/0 (insert/search/found) +LRU cache msteams: 0/0/0 (insert/search/found) +LRU cache stun_zoom: 0/14/0 (insert/search/found) +Automa host: 161/71 (search/found) +Automa domain: 156/0 (search/found) +Automa tls cert: 0/0 (search/found) +Automa risk mask: 25/0 (search/found) +Automa common alpns: 0/0 (search/found) +Patricia risk mask: 252/0 (search/found) +Patricia risk: 6/0 (search/found) +Patricia protocols: 315/59 (search/found) + +Unknown 24 6428 14 +HTTP 249 355379 34 +MDNS 1 82 1 +NTP 1 90 1 +NetBIOS 26 2392 6 +SSDP 143 36951 13 +SMBv1 5 1197 2 +DHCP 24 8208 5 +QQ 33 6883 4 +TLS 124 28754 9 +DHCPV6 10 980 3 +Google 30 54525 4 +LLMNR 91 6931 48 +GoogleServices 17 30330 1 +MpegDash 1 299 1 +1kxun 914 1969311 48 +Line 30 19034 3 + + +Payload Analysis + [....][2E 2E 2E 2E] [len: 4][num_occurrencies: 3567][flowId: 0 3 7 9 10 12 13 15 17 18 19 21 22 23 25 32 33 34 38 41 42 46 47 48 51 52 54 59 61 62 63 64 65 66 67 68 69 70 71 72 73 75 77 79 80 81 84 87 88 89 90 91 93 94 95 96 97 98 99 100 101 102 103 104 107 110 111 113 114 117 119 120 121 122 123 124 125 126 127 128 140 143 141 142 146 159 168 169 170][packetIds: 1 2 5 11 13 14 15 17 18 19 20 21 29 30 32 35 36 39 40 41 42 43 44 48 49 50 51 52 53 54 55 56 59 69 70 71 84 85 198 199 387 388 389 390 472 473 474 489 507 539 547 554 555 563 564 583 589 591 592 594 595 597 598 602 632 636 642 643 645 646 648 649 650 651 654 657 658 659 660 661 662 665 666 667 668 669 670 671 672 673 675 676 682 684 686 687 688 690 691 696 702 703 706 726 727 730 731 733 734 738 740 743 750 755 756 760 761 773 774 775 777 778 780 781 787 788 792 793 798 799 800 801 803 804 814 817 820 822 827 828 829 830 831 833 835 836 858 859 901 902 903 904 930 931 932 934 937 941 985 986 987 991 994 995 996 1008 1009 1011 1012 1015 1016 1017 1018 1021 1023 1024 1025 1026 1067 1073 1074 1075 1130 1304 1383 1520 1525 1529] + [.....][2E 2E 2E 2E 2E] [len: 5][num_occurrencies: 3342][flowId: 0 3 7 9 10 12 13 15 17 18 19 21 22 23 25 32 33 34 38 41 42 46 47 48 51 52 54 59 61 62 63 64 65 66 67 68 69 70 71 72 73 75 77 79 80 81 84 87 88 89 90 91 93 94 95 96 97 98 99 101 102 103 104 107 110 111 113 114 117 119 120 121 122 123 124 125 126 127 128 146 159][packetIds: 1 2 5 11 13 14 15 17 18 19 20 29 30 32 35 36 39 40 41 42 43 44 48 49 50 51 52 53 54 55 69 70 84 85 198 199 387 388 389 390 472 473 489 507 539 547 554 555 563 564 583 589 591 592 594 595 597 598 602 632 636 642 643 645 646 648 649 650 651 654 657 658 659 660 661 662 665 666 667 668 669 670 671 672 673 675 676 682 684 686 687 688 690 691 696 702 703 706 726 727 730 731 733 734 738 740 743 750 755 756 760 761 773 774 775 777 778 780 781 787 788 792 793 798 799 800 801 803 817 820 822 827 828 829 830 831 833 835 836 858 901 902 903 904 930 931 932 934 937 941 985 986 987 991 994 995 996 1008 1009 1011 1012 1015 1016 1017 1018 1021 1023 1024 1025 1026 1304 1383] + [......][2E 2E 2E 2E 2E 2E] [len: 6][num_occurrencies: 3160][flowId: 0 3 7 9 10 12 13 15 17 18 19 21 22 23 25 32 33 34 38 41 42 46 47 48 51 52 54 59 61 62 63 64 65 66 67 68 69 70 71 72 73 75 77 79 80 81 84 87 88 89 90 91 93 94 95 96 97 98 99 101 102 103 104 107 110 111 113 114 117 119 120 121 122 123 124 125 126 127 128 146][packetIds: 1 2 5 11 13 14 15 17 18 19 20 29 30 32 35 36 39 40 41 42 43 44 48 49 50 51 52 53 54 55 69 70 84 85 198 199 387 388 389 390 472 473 489 507 539 547 554 555 563 564 583 589 591 592 594 595 597 598 602 632 636 642 643 645 646 648 649 650 651 654 657 658 659 660 661 662 665 666 667 668 669 670 671 672 673 675 676 682 684 686 687 688 690 691 696 702 703 706 726 727 730 731 733 734 738 740 743 750 755 756 760 761 773 774 775 777 778 780 781 787 788 792 793 798 799 800 801 803 817 820 822 827 828 829 830 831 833 835 836 858 901 902 903 904 930 931 932 934 937 941 985 986 987 991 994 995 996 1008 1009 1011 1012 1015 1016 1017 1018 1021 1023 1024 1025 1026 1304] + [.......][2E 2E 2E 2E 2E 2E 2E] [len: 7][num_occurrencies: 2982][flowId: 3 7 21 22 34 41 48 54 64 65 69 70 73 87 88 93 104 146][packetIds: 5 11 13 32 50 51 389 390 489 547 583 589 597 598 602 636 649 650 659 660 661 668 669 675 676 702 706 726 727 738 750 760 773 792 793 817 833 835 836 934 937 941 987 1304] + [........][2E 2E 2E 2E 2E 2E 2E 2E] [len: 8][num_occurrencies: 2931][flowId: 3 7 21 22 34 41 48 54 64 65 69 70 73 87 88 93 104 146][packetIds: 5 11 13 32 50 51 389 390 489 547 583 589 597 598 602 636 649 650 659 660 661 668 669 675 676 702 706 726 727 738 750 760 773 792 793 817 833 835 836 934 937 941 987 1304] + [/1.1][2F 31 2E 31] [len: 4][num_occurrencies: 324][flowId: 1 2 5 6 11 14 20 24 27 26 31 28 29 30 35 36 37 39 40 43 45 48 49 50 53 58 74 82 83 109 108 129 130 131 132 133 135 134 137 136 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 177 178 181 182 186 179 180 188 187 189 190 191 192 193 194 195 196][packetIds: 3 4 7 8 9 10 16 27 28 34 45 60 61 65 66 68 104 105 106 107 108 109 110 111 112 113 114 115 117 120 129 150 162 178 196 197 404 405 409 410 412 418 463 464 467 468 480 481 483 495 496 498 506 508 556 557 566 582 586 587 588 590 593 596 599 601 603 604 605 606 607 608 610 615 616 620 621 622 623 625 626 627 631 634 640 641 644 647 653 655 656 663 664 674 677 678 679 680 689 692 693 694 695 697 698 699 700 701 704 705 710 724 728 729 732 735 736 737 739 741 742 744 745 746 747 748 749 751 753 754 759 762 768 782 791 797 802 819 821 825 826 837 868 869 872 874 896 899 905 906 907 908 910 922 923 925 936 945 984 989 990 992 997 1002 1010 1014 1019 1029 1031 1034 1036 1038 1039 1041 1042 1045 1046 1048 1050 1053 1054 1055 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1069 1070 1071 1076 1123 1129 1149 1151 1153 1154 1158 1159 1160 1161 1162 1163 1168 1169 1174 1177 1180 1181 1182 1237 1248 1263 1265 1292 1293 1294 1301 1302 1303 1307 1308 1319 1320 1322 1327 1348 1350 1351 1352 1353 1354 1361 1365 1395 1483 1484 1503 1505 1506 1507 1508 1509 1511 1512 1513 1514 1516 1517 1518 1519 1524 1528 1567 1568 1572 1573 1574 1576 1578 1580 1582 1585 1586 1588 1627 1677 1678 1687 1688 1689 1690 1693 1697 1698 1702 1705 1706 1707 1711 1717 1723] + [HTTP][48 54 54 50] [len: 4][num_occurrencies: 289][flowId: 1 2 5 6 11 14 20 24 27 26 31 28 29 30 35 36 37 39 40 43 45 48 49 50 53 58 74 82 83 109 108 129 130 131 132 133 135 134 137 136 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 177 178 181 182 185 186 179 180 188 187 189 190 191 192 193 194 195 196][packetIds: 3 4 7 8 9 10 16 27 28 34 45 60 61 65 66 68 104 105 106 107 108 109 110 111 112 113 114 115 117 120 129 150 162 178 196 197 404 405 409 410 412 418 463 464 467 468 480 481 483 495 496 498 506 508 556 557 566 582 586 587 588 590 593 596 599 601 603 604 605 606 607 608 610 615 616 620 621 622 623 625 626 627 631 634 640 641 644 647 653 655 656 663 664 674 677 678 679 680 689 692 693 694 695 697 698 699 700 701 704 705 710 724 728 729 732 735 736 737 739 741 742 744 745 746 747 748 749 751 753 754 759 762 768 782 791 797 802 819 821 825 826 837 868 869 872 874 896 899 905 906 907 908 910 922 923 925 936 945 984 989 990 992 997 1002 1010 1014 1019 1029 1031 1034 1036 1038 1039 1041 1042 1045 1046 1048 1050 1051 1053 1054 1055 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1069 1070 1071 1076 1123 1129 1149 1151 1153 1154 1158 1159 1160 1161 1162 1163 1168 1169 1174 1177 1180 1181 1182 1237 1248 1263 1265 1292 1293 1294 1301 1302 1303 1307 1308 1319 1320 1322 1327 1348 1350 1351 1352 1353 1354 1361 1365 1395 1483 1484 1503 1505 1506 1507 1508 1509 1511 1512 1513 1514 1516 1517 1518 1519 1524 1528 1567 1568 1572 1573 1574 1576 1578 1580 1582 1585 1586 1588 1592 1627 1677 1678 1687 1688 1689 1690 1693 1697 1698 1702 1705 1706 1707 1711 1717 1723] + [HTTP/][48 54 54 50 2F] [len: 5][num_occurrencies: 289][flowId: 1 2 5 6 11 14 20 24 27 26 31 28 29 30 35 36 37 39 40 43 45 48 49 50 53 58 74 82 83 109 108 129 130 131 132 133 135 134 137 136 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 177 178 181 182 185 186 179 180 188 187 189 190 191 192 193 194 195 196][packetIds: 3 4 7 8 9 10 16 27 28 34 45 60 61 65 66 68 104 105 106 107 108 109 110 111 112 113 114 115 117 120 129 150 162 178 196 197 404 405 409 410 412 418 463 464 467 468 480 481 483 495 496 498 506 508 556 557 566 582 586 587 588 590 593 596 599 601 603 604 605 606 607 608 610 615 616 620 621 622 623 625 626 627 631 634 640 641 644 647 653 655 656 663 664 674 677 678 679 680 689 692 693 694 695 697 698 699 700 701 704 705 710 724 728 729 732 735 736 737 739 741 742 744 745 746 747 748 749 751 753 754 759 762 768 782 791 797 802 819 821 825 826 837 868 869 872 874 896 899 905 906 907 908 910 922 923 925 936 945 984 989 990 992 997 1002 1010 1014 1019 1029 1031 1034 1036 1038 1039 1041 1042 1045 1046 1048 1050 1051 1053 1054 1055 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1069 1070 1071 1076 1123 1129 1149 1151 1153 1154 1158 1159 1160 1161 1162 1163 1168 1169 1174 1177 1180 1181 1182 1237 1248 1263 1265 1292 1293 1294 1301 1302 1303 1307 1308 1319 1320 1322 1327 1348 1350 1351 1352 1353 1354 1361 1365 1395 1483 1484 1503 1505 1506 1507 1508 1509 1511 1512 1513 1514 1516 1517 1518 1519 1524 1528 1567 1568 1572 1573 1574 1576 1578 1580 1582 1585 1586 1588 1592 1627 1677 1678 1687 1688 1689 1690 1693 1697 1698 1702 1705 1706 1707 1711 1717 1723] + [HTTP/1][48 54 54 50 2F 31] [len: 6][num_occurrencies: 289][flowId: 1 2 5 6 11 14 20 24 27 26 31 28 29 30 35 36 37 39 40 43 45 48 49 50 53 58 74 82 83 109 108 129 130 131 132 133 135 134 137 136 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 177 178 181 182 185 186 179 180 188 187 189 190 191 192 193 194 195 196][packetIds: 3 4 7 8 9 10 16 27 28 34 45 60 61 65 66 68 104 105 106 107 108 109 110 111 112 113 114 115 117 120 129 150 162 178 196 197 404 405 409 410 412 418 463 464 467 468 480 481 483 495 496 498 506 508 556 557 566 582 586 587 588 590 593 596 599 601 603 604 605 606 607 608 610 615 616 620 621 622 623 625 626 627 631 634 640 641 644 647 653 655 656 663 664 674 677 678 679 680 689 692 693 694 695 697 698 699 700 701 704 705 710 724 728 729 732 735 736 737 739 741 742 744 745 746 747 748 749 751 753 754 759 762 768 782 791 797 802 819 821 825 826 837 868 869 872 874 896 899 905 906 907 908 910 922 923 925 936 945 984 989 990 992 997 1002 1010 1014 1019 1029 1031 1034 1036 1038 1039 1041 1042 1045 1046 1048 1050 1051 1053 1054 1055 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1069 1070 1071 1076 1123 1129 1149 1151 1153 1154 1158 1159 1160 1161 1162 1163 1168 1169 1174 1177 1180 1181 1182 1237 1248 1263 1265 1292 1293 1294 1301 1302 1303 1307 1308 1319 1320 1322 1327 1348 1350 1351 1352 1353 1354 1361 1365 1395 1483 1484 1503 1505 1506 1507 1508 1509 1511 1512 1513 1514 1516 1517 1518 1519 1524 1528 1567 1568 1572 1573 1574 1576 1578 1580 1582 1585 1586 1588 1592 1627 1677 1678 1687 1688 1689 1690 1693 1697 1698 1702 1705 1706 1707 1711 1717 1723] + [HTTP/1.][48 54 54 50 2F 31 2E] [len: 7][num_occurrencies: 289][flowId: 1 2 5 6 11 14 20 24 27 26 31 28 29 30 35 36 37 39 40 43 45 48 49 50 53 58 74 82 83 109 108 129 130 131 132 133 135 134 137 136 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 177 178 181 182 185 186 179 180 188 187 189 190 191 192 193 194 195 196][packetIds: 3 4 7 8 9 10 16 27 28 34 45 60 61 65 66 68 104 105 106 107 108 109 110 111 112 113 114 115 117 120 129 150 162 178 196 197 404 405 409 410 412 418 463 464 467 468 480 481 483 495 496 498 506 508 556 557 566 582 586 587 588 590 593 596 599 601 603 604 605 606 607 608 610 615 616 620 621 622 623 625 626 627 631 634 640 641 644 647 653 655 656 663 664 674 677 678 679 680 689 692 693 694 695 697 698 699 700 701 704 705 710 724 728 729 732 735 736 737 739 741 742 744 745 746 747 748 749 751 753 754 759 762 768 782 791 797 802 819 821 825 826 837 868 869 872 874 896 899 905 906 907 908 910 922 923 925 936 945 984 989 990 992 997 1002 1010 1014 1019 1029 1031 1034 1036 1038 1039 1041 1042 1045 1046 1048 1050 1051 1053 1054 1055 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1069 1070 1071 1076 1123 1129 1149 1151 1153 1154 1158 1159 1160 1161 1162 1163 1168 1169 1174 1177 1180 1181 1182 1237 1248 1263 1265 1292 1293 1294 1301 1302 1303 1307 1308 1319 1320 1322 1327 1348 1350 1351 1352 1353 1354 1361 1365 1395 1483 1484 1503 1505 1506 1507 1508 1509 1511 1512 1513 1514 1516 1517 1518 1519 1524 1528 1567 1568 1572 1573 1574 1576 1578 1580 1582 1585 1586 1588 1592 1627 1677 1678 1687 1688 1689 1690 1693 1697 1698 1702 1705 1706 1707 1711 1717 1723] + [TTP/][54 54 50 2F] [len: 4][num_occurrencies: 289][flowId: 1 2 5 6 11 14 20 24 27 26 31 28 29 30 35 36 37 39 40 43 45 48 49 50 53 58 74 82 83 109 108 129 130 131 132 133 135 134 137 136 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 177 178 181 182 185 186 179 180 188 187 189 190 191 192 193 194 195 196][packetIds: 3 4 7 8 9 10 16 27 28 34 45 60 61 65 66 68 104 105 106 107 108 109 110 111 112 113 114 115 117 120 129 150 162 178 196 197 404 405 409 410 412 418 463 464 467 468 480 481 483 495 496 498 506 508 556 557 566 582 586 587 588 590 593 596 599 601 603 604 605 606 607 608 610 615 616 620 621 622 623 625 626 627 631 634 640 641 644 647 653 655 656 663 664 674 677 678 679 680 689 692 693 694 695 697 698 699 700 701 704 705 710 724 728 729 732 735 736 737 739 741 742 744 745 746 747 748 749 751 753 754 759 762 768 782 791 797 802 819 821 825 826 837 868 869 872 874 896 899 905 906 907 908 910 922 923 925 936 945 984 989 990 992 997 1002 1010 1014 1019 1029 1031 1034 1036 1038 1039 1041 1042 1045 1046 1048 1050 1051 1053 1054 1055 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1069 1070 1071 1076 1123 1129 1149 1151 1153 1154 1158 1159 1160 1161 1162 1163 1168 1169 1174 1177 1180 1181 1182 1237 1248 1263 1265 1292 1293 1294 1301 1302 1303 1307 1308 1319 1320 1322 1327 1348 1350 1351 1352 1353 1354 1361 1365 1395 1483 1484 1503 1505 1506 1507 1508 1509 1511 1512 1513 1514 1516 1517 1518 1519 1524 1528 1567 1568 1572 1573 1574 1576 1578 1580 1582 1585 1586 1588 1592 1627 1677 1678 1687 1688 1689 1690 1693 1697 1698 1702 1705 1706 1707 1711 1717 1723] + [TTP/1][54 54 50 2F 31] [len: 5][num_occurrencies: 289][flowId: 1 2 5 6 11 14 20 24 27 26 31 28 29 30 35 36 37 39 40 43 45 48 49 50 53 58 74 82 83 109 108 129 130 131 132 133 135 134 137 136 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 177 178 181 182 185 186 179 180 188 187 189 190 191 192 193 194 195 196][packetIds: 3 4 7 8 9 10 16 27 28 34 45 60 61 65 66 68 104 105 106 107 108 109 110 111 112 113 114 115 117 120 129 150 162 178 196 197 404 405 409 410 412 418 463 464 467 468 480 481 483 495 496 498 506 508 556 557 566 582 586 587 588 590 593 596 599 601 603 604 605 606 607 608 610 615 616 620 621 622 623 625 626 627 631 634 640 641 644 647 653 655 656 663 664 674 677 678 679 680 689 692 693 694 695 697 698 699 700 701 704 705 710 724 728 729 732 735 736 737 739 741 742 744 745 746 747 748 749 751 753 754 759 762 768 782 791 797 802 819 821 825 826 837 868 869 872 874 896 899 905 906 907 908 910 922 923 925 936 945 984 989 990 992 997 1002 1010 1014 1019 1029 1031 1034 1036 1038 1039 1041 1042 1045 1046 1048 1050 1051 1053 1054 1055 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1069 1070 1071 1076 1123 1129 1149 1151 1153 1154 1158 1159 1160 1161 1162 1163 1168 1169 1174 1177 1180 1181 1182 1237 1248 1263 1265 1292 1293 1294 1301 1302 1303 1307 1308 1319 1320 1322 1327 1348 1350 1351 1352 1353 1354 1361 1365 1395 1483 1484 1503 1505 1506 1507 1508 1509 1511 1512 1513 1514 1516 1517 1518 1519 1524 1528 1567 1568 1572 1573 1574 1576 1578 1580 1582 1585 1586 1588 1592 1627 1677 1678 1687 1688 1689 1690 1693 1697 1698 1702 1705 1706 1707 1711 1717 1723] + [TTP/1.][54 54 50 2F 31 2E] [len: 6][num_occurrencies: 289][flowId: 1 2 5 6 11 14 20 24 27 26 31 28 29 30 35 36 37 39 40 43 45 48 49 50 53 58 74 82 83 109 108 129 130 131 132 133 135 134 137 136 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 177 178 181 182 185 186 179 180 188 187 189 190 191 192 193 194 195 196][packetIds: 3 4 7 8 9 10 16 27 28 34 45 60 61 65 66 68 104 105 106 107 108 109 110 111 112 113 114 115 117 120 129 150 162 178 196 197 404 405 409 410 412 418 463 464 467 468 480 481 483 495 496 498 506 508 556 557 566 582 586 587 588 590 593 596 599 601 603 604 605 606 607 608 610 615 616 620 621 622 623 625 626 627 631 634 640 641 644 647 653 655 656 663 664 674 677 678 679 680 689 692 693 694 695 697 698 699 700 701 704 705 710 724 728 729 732 735 736 737 739 741 742 744 745 746 747 748 749 751 753 754 759 762 768 782 791 797 802 819 821 825 826 837 868 869 872 874 896 899 905 906 907 908 910 922 923 925 936 945 984 989 990 992 997 1002 1010 1014 1019 1029 1031 1034 1036 1038 1039 1041 1042 1045 1046 1048 1050 1051 1053 1054 1055 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1069 1070 1071 1076 1123 1129 1149 1151 1153 1154 1158 1159 1160 1161 1162 1163 1168 1169 1174 1177 1180 1181 1182 1237 1248 1263 1265 1292 1293 1294 1301 1302 1303 1307 1308 1319 1320 1322 1327 1348 1350 1351 1352 1353 1354 1361 1365 1395 1483 1484 1503 1505 1506 1507 1508 1509 1511 1512 1513 1514 1516 1517 1518 1519 1524 1528 1567 1568 1572 1573 1574 1576 1578 1580 1582 1585 1586 1588 1592 1627 1677 1678 1687 1688 1689 1690 1693 1697 1698 1702 1705 1706 1707 1711 1717 1723] + [TP/1][54 50 2F 31] [len: 4][num_occurrencies: 289][flowId: 1 2 5 6 11 14 20 24 27 26 31 28 29 30 35 36 37 39 40 43 45 48 49 50 53 58 74 82 83 109 108 129 130 131 132 133 135 134 137 136 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 177 178 181 182 185 186 179 180 188 187 189 190 191 192 193 194 195 196][packetIds: 3 4 7 8 9 10 16 27 28 34 45 60 61 65 66 68 104 105 106 107 108 109 110 111 112 113 114 115 117 120 129 150 162 178 196 197 404 405 409 410 412 418 463 464 467 468 480 481 483 495 496 498 506 508 556 557 566 582 586 587 588 590 593 596 599 601 603 604 605 606 607 608 610 615 616 620 621 622 623 625 626 627 631 634 640 641 644 647 653 655 656 663 664 674 677 678 679 680 689 692 693 694 695 697 698 699 700 701 704 705 710 724 728 729 732 735 736 737 739 741 742 744 745 746 747 748 749 751 753 754 759 762 768 782 791 797 802 819 821 825 826 837 868 869 872 874 896 899 905 906 907 908 910 922 923 925 936 945 984 989 990 992 997 1002 1010 1014 1019 1029 1031 1034 1036 1038 1039 1041 1042 1045 1046 1048 1050 1051 1053 1054 1055 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1069 1070 1071 1076 1123 1129 1149 1151 1153 1154 1158 1159 1160 1161 1162 1163 1168 1169 1174 1177 1180 1181 1182 1237 1248 1263 1265 1292 1293 1294 1301 1302 1303 1307 1308 1319 1320 1322 1327 1348 1350 1351 1352 1353 1354 1361 1365 1395 1483 1484 1503 1505 1506 1507 1508 1509 1511 1512 1513 1514 1516 1517 1518 1519 1524 1528 1567 1568 1572 1573 1574 1576 1578 1580 1582 1585 1586 1588 1592 1627 1677 1678 1687 1688 1689 1690 1693 1697 1698 1702 1705 1706 1707 1711 1717 1723] + [TP/1.][54 50 2F 31 2E] [len: 5][num_occurrencies: 289][flowId: 1 2 5 6 11 14 20 24 27 26 31 28 29 30 35 36 37 39 40 43 45 48 49 50 53 58 74 82 83 109 108 129 130 131 132 133 135 134 137 136 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 177 178 181 182 185 186 179 180 188 187 189 190 191 192 193 194 195 196][packetIds: 3 4 7 8 9 10 16 27 28 34 45 60 61 65 66 68 104 105 106 107 108 109 110 111 112 113 114 115 117 120 129 150 162 178 196 197 404 405 409 410 412 418 463 464 467 468 480 481 483 495 496 498 506 508 556 557 566 582 586 587 588 590 593 596 599 601 603 604 605 606 607 608 610 615 616 620 621 622 623 625 626 627 631 634 640 641 644 647 653 655 656 663 664 674 677 678 679 680 689 692 693 694 695 697 698 699 700 701 704 705 710 724 728 729 732 735 736 737 739 741 742 744 745 746 747 748 749 751 753 754 759 762 768 782 791 797 802 819 821 825 826 837 868 869 872 874 896 899 905 906 907 908 910 922 923 925 936 945 984 989 990 992 997 1002 1010 1014 1019 1029 1031 1034 1036 1038 1039 1041 1042 1045 1046 1048 1050 1051 1053 1054 1055 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1069 1070 1071 1076 1123 1129 1149 1151 1153 1154 1158 1159 1160 1161 1162 1163 1168 1169 1174 1177 1180 1181 1182 1237 1248 1263 1265 1292 1293 1294 1301 1302 1303 1307 1308 1319 1320 1322 1327 1348 1350 1351 1352 1353 1354 1361 1365 1395 1483 1484 1503 1505 1506 1507 1508 1509 1511 1512 1513 1514 1516 1517 1518 1519 1524 1528 1567 1568 1572 1573 1574 1576 1578 1580 1582 1585 1586 1588 1592 1627 1677 1678 1687 1688 1689 1690 1693 1697 1698 1702 1705 1706 1707 1711 1717 1723] + [HTTP/1.1][48 54 54 50 2F 31 2E 31] [len: 8][num_occurrencies: 288][flowId: 1 2 5 6 11 14 20 24 27 26 31 28 29 30 35 36 37 39 40 43 45 48 49 50 53 58 74 82 83 109 108 129 130 131 132 133 135 134 137 136 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 177 178 181 182 185 186 179 180 188 187 189 190 191 192 193 194 195 196][packetIds: 3 4 7 8 9 10 16 27 28 34 45 60 61 65 66 68 104 105 106 107 108 109 110 111 112 113 114 115 117 120 129 150 162 178 196 197 404 405 409 410 412 418 463 464 467 468 480 481 483 495 496 498 506 508 556 557 566 582 586 587 588 590 593 596 599 601 603 604 605 606 607 608 610 615 616 620 621 622 623 625 626 627 631 634 640 641 644 647 653 655 656 663 664 674 677 678 679 680 689 692 693 694 695 697 698 699 700 701 704 705 710 724 728 729 732 735 736 737 739 741 742 744 745 746 747 748 749 751 753 754 759 762 768 782 791 797 802 819 821 825 826 837 868 869 872 874 896 899 905 906 907 908 910 922 923 925 936 945 984 989 990 992 997 1002 1010 1014 1019 1029 1031 1034 1036 1038 1039 1041 1042 1045 1046 1048 1050 1053 1054 1055 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1069 1070 1071 1076 1123 1129 1149 1151 1153 1154 1158 1159 1160 1161 1162 1163 1168 1169 1174 1177 1180 1181 1182 1237 1248 1263 1265 1292 1293 1294 1301 1302 1303 1307 1308 1319 1320 1322 1327 1348 1350 1351 1352 1353 1354 1361 1365 1395 1483 1484 1503 1505 1506 1507 1508 1509 1511 1512 1513 1514 1516 1517 1518 1519 1524 1528 1567 1568 1572 1573 1574 1576 1578 1580 1582 1585 1586 1588 1592 1627 1677 1678 1687 1688 1689 1690 1693 1697 1698 1702 1705 1706 1707 1711 1717 1723] + [TTP/1.1][54 54 50 2F 31 2E 31] [len: 7][num_occurrencies: 288][flowId: 1 2 5 6 11 14 20 24 27 26 31 28 29 30 35 36 37 39 40 43 45 48 49 50 53 58 74 82 83 109 108 129 130 131 132 133 135 134 137 136 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 177 178 181 182 185 186 179 180 188 187 189 190 191 192 193 194 195 196][packetIds: 3 4 7 8 9 10 16 27 28 34 45 60 61 65 66 68 104 105 106 107 108 109 110 111 112 113 114 115 117 120 129 150 162 178 196 197 404 405 409 410 412 418 463 464 467 468 480 481 483 495 496 498 506 508 556 557 566 582 586 587 588 590 593 596 599 601 603 604 605 606 607 608 610 615 616 620 621 622 623 625 626 627 631 634 640 641 644 647 653 655 656 663 664 674 677 678 679 680 689 692 693 694 695 697 698 699 700 701 704 705 710 724 728 729 732 735 736 737 739 741 742 744 745 746 747 748 749 751 753 754 759 762 768 782 791 797 802 819 821 825 826 837 868 869 872 874 896 899 905 906 907 908 910 922 923 925 936 945 984 989 990 992 997 1002 1010 1014 1019 1029 1031 1034 1036 1038 1039 1041 1042 1045 1046 1048 1050 1053 1054 1055 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1069 1070 1071 1076 1123 1129 1149 1151 1153 1154 1158 1159 1160 1161 1162 1163 1168 1169 1174 1177 1180 1181 1182 1237 1248 1263 1265 1292 1293 1294 1301 1302 1303 1307 1308 1319 1320 1322 1327 1348 1350 1351 1352 1353 1354 1361 1365 1395 1483 1484 1503 1505 1506 1507 1508 1509 1511 1512 1513 1514 1516 1517 1518 1519 1524 1528 1567 1568 1572 1573 1574 1576 1578 1580 1582 1585 1586 1588 1592 1627 1677 1678 1687 1688 1689 1690 1693 1697 1698 1702 1705 1706 1707 1711 1717 1723] + [TP/1.1][54 50 2F 31 2E 31] [len: 6][num_occurrencies: 288][flowId: 1 2 5 6 11 14 20 24 27 26 31 28 29 30 35 36 37 39 40 43 45 48 49 50 53 58 74 82 83 109 108 129 130 131 132 133 135 134 137 136 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 177 178 181 182 185 186 179 180 188 187 189 190 191 192 193 194 195 196][packetIds: 3 4 7 8 9 10 16 27 28 34 45 60 61 65 66 68 104 105 106 107 108 109 110 111 112 113 114 115 117 120 129 150 162 178 196 197 404 405 409 410 412 418 463 464 467 468 480 481 483 495 496 498 506 508 556 557 566 582 586 587 588 590 593 596 599 601 603 604 605 606 607 608 610 615 616 620 621 622 623 625 626 627 631 634 640 641 644 647 653 655 656 663 664 674 677 678 679 680 689 692 693 694 695 697 698 699 700 701 704 705 710 724 728 729 732 735 736 737 739 741 742 744 745 746 747 748 749 751 753 754 759 762 768 782 791 797 802 819 821 825 826 837 868 869 872 874 896 899 905 906 907 908 910 922 923 925 936 945 984 989 990 992 997 1002 1010 1014 1019 1029 1031 1034 1036 1038 1039 1041 1042 1045 1046 1048 1050 1053 1054 1055 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1069 1070 1071 1076 1123 1129 1149 1151 1153 1154 1158 1159 1160 1161 1162 1163 1168 1169 1174 1177 1180 1181 1182 1237 1248 1263 1265 1292 1293 1294 1301 1302 1303 1307 1308 1319 1320 1322 1327 1348 1350 1351 1352 1353 1354 1361 1365 1395 1483 1484 1503 1505 1506 1507 1508 1509 1511 1512 1513 1514 1516 1517 1518 1519 1524 1528 1567 1568 1572 1573 1574 1576 1578 1580 1582 1585 1586 1588 1592 1627 1677 1678 1687 1688 1689 1690 1693 1697 1698 1702 1705 1706 1707 1711 1717 1723] + [P/1.][50 2F 31 2E] [len: 4][num_occurrencies: 288][flowId: 1 2 5 6 11 14 20 24 27 26 31 28 29 30 35 36 37 39 40 43 45 48 49 50 53 58 74 82 83 109 108 129 130 131 132 133 135 134 137 136 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 177 178 181 182 186 179 180 188 187 189 190 191 192 193 194 195 196][packetIds: 3 4 7 8 9 10 16 27 28 34 45 60 61 65 66 68 104 105 106 107 108 109 110 111 112 113 114 115 117 120 129 150 162 178 196 197 404 405 409 410 412 418 463 464 467 468 480 481 483 495 496 498 506 508 556 557 566 582 586 587 588 590 593 596 599 601 603 604 605 606 607 608 610 615 616 620 621 622 623 625 626 627 631 634 640 641 644 647 653 655 656 663 664 674 677 678 679 680 689 692 693 694 695 697 698 699 700 701 704 705 710 724 728 729 732 735 736 737 739 741 742 744 745 746 747 748 749 751 753 754 759 762 768 782 791 797 802 819 821 825 826 837 868 869 872 874 896 899 905 906 907 908 910 922 923 925 936 945 984 989 990 992 997 1002 1010 1014 1019 1029 1031 1034 1036 1038 1039 1041 1042 1045 1046 1048 1050 1051 1053 1054 1055 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1069 1070 1071 1076 1123 1129 1149 1151 1153 1154 1158 1159 1160 1161 1162 1163 1168 1169 1174 1177 1180 1181 1182 1237 1248 1263 1265 1292 1293 1294 1301 1302 1303 1307 1308 1319 1320 1322 1327 1348 1350 1351 1352 1353 1354 1361 1365 1395 1483 1484 1503 1505 1506 1507 1508 1509 1511 1512 1513 1514 1516 1517 1518 1519 1524 1528 1567 1568 1572 1573 1574 1576 1578 1580 1582 1585 1586 1588 1627 1677 1678 1687 1688 1689 1690 1693 1697 1698 1702 1705 1706 1707 1711 1717 1723] + [P/1.1][50 2F 31 2E 31] [len: 5][num_occurrencies: 287][flowId: 1 2 5 6 11 14 20 24 27 26 31 28 29 30 35 36 37 39 40 43 45 48 49 50 53 58 74 82 83 109 108 129 130 131 132 133 135 134 137 136 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 177 178 181 182 186 179 180 188 187 189 190 191 192 193 194 195 196][packetIds: 3 4 7 8 9 10 16 27 28 34 45 60 61 65 66 68 104 105 106 107 108 109 110 111 112 113 114 115 117 120 129 150 162 178 196 197 404 405 409 410 412 418 463 464 467 468 480 481 483 495 496 498 506 508 556 557 566 582 586 587 588 590 593 596 599 601 603 604 605 606 607 608 610 615 616 620 621 622 623 625 626 627 631 634 640 641 644 647 653 655 656 663 664 674 677 678 679 680 689 692 693 694 695 697 698 699 700 701 704 705 710 724 728 729 732 735 736 737 739 741 742 744 745 746 747 748 749 751 753 754 759 762 768 782 791 797 802 819 821 825 826 837 868 869 872 874 896 899 905 906 907 908 910 922 923 925 936 945 984 989 990 992 997 1002 1010 1014 1019 1029 1031 1034 1036 1038 1039 1041 1042 1045 1046 1048 1050 1053 1054 1055 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1069 1070 1071 1076 1123 1129 1149 1151 1153 1154 1158 1159 1160 1161 1162 1163 1168 1169 1174 1177 1180 1181 1182 1237 1248 1263 1265 1292 1293 1294 1301 1302 1303 1307 1308 1319 1320 1322 1327 1348 1350 1351 1352 1353 1354 1361 1365 1395 1483 1484 1503 1505 1506 1507 1508 1509 1511 1512 1513 1514 1516 1517 1518 1519 1524 1528 1567 1568 1572 1573 1574 1576 1578 1580 1582 1585 1586 1588 1627 1677 1678 1687 1688 1689 1690 1693 1697 1698 1702 1705 1706 1707 1711 1717 1723] + [.1..][2E 31 2E 2E] [len: 4][num_occurrencies: 243][flowId: 1 2 5 6 11 14 20 24 27 26 31 28 29 30 35 36 37 39 40 43 49 50 53 58 74 82 83 109 108 132 135 134 137 136 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 177 181 182 186 179 180 195][packetIds: 3 4 7 8 9 10 16 27 28 34 45 60 61 65 66 104 105 106 107 108 109 110 111 112 113 114 115 117 120 129 150 162 178 196 197 404 405 409 410 412 418 463 464 468 480 481 495 496 506 508 556 557 586 587 588 590 593 596 599 601 603 604 605 606 607 608 610 615 616 620 621 622 623 625 626 627 631 640 641 644 647 653 655 656 663 664 674 677 678 679 680 689 692 693 694 695 697 698 699 700 701 704 705 710 728 729 732 735 736 737 739 741 742 744 745 746 747 748 749 751 753 754 759 762 768 782 791 797 802 819 821 825 826 837 868 869 896 899 905 906 907 908 910 922 923 925 936 945 984 989 990 992 997 1002 1010 1014 1019 1029 1031 1039 1041 1045 1046 1048 1050 1053 1054 1055 1057 1058 1059 1061 1062 1063 1064 1065 1066 1069 1070 1071 1123 1129 1149 1151 1153 1154 1158 1159 1160 1161 1162 1163 1168 1169 1174 1177 1180 1181 1237 1248 1263 1292 1293 1294 1301 1302 1303 1307 1308 1319 1320 1322 1348 1350 1351 1352 1353 1395 1483 1503 1505 1506 1507 1508 1509 1511 1512 1513 1514 1516 1517 1518 1519 1524 1528 1567 1578 1585 1586 1627 1677 1678 1707] + [..Co][2E 2E 43 6F] [len: 4][num_occurrencies: 230][flowId: 14 24 27 26 31 28 29 30 35 36 37 39 40 48 58 109 108 129 130 131 132 133 135 134 137 136 138 139 140 143 141 142 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 177 178 181 179 180 189 188 187 190 191 192 193 194 195 196][packetIds: 34 68 104 105 106 107 108 109 110 111 112 113 114 115 117 120 129 150 162 178 412 418 467 480 481 495 496 582 631 634 710 724 868 869 872 874 1034 1036 1038 1039 1041 1042 1045 1046 1048 1050 1051 1053 1054 1055 1057 1058 1059 1060 1065 1066 1069 1070 1071 1076 1129 1149 1151 1153 1154 1158 1159 1160 1161 1162 1163 1168 1169 1174 1177 1180 1181 1182 1237 1248 1263 1292 1293 1294 1301 1302 1303 1307 1308 1319 1320 1322 1327 1348 1350 1351 1352 1353 1354 1361 1365 1395 1483 1484 1503 1505 1506 1507 1508 1509 1511 1512 1513 1514 1519 1524 1528 1567 1568 1572 1573 1574 1576 1578 1580 1582 1585 1588 1677 1678 1686 1687 1688 1689 1690 1693 1697 1698 1701 1702 1705 1706 1707 1711 1717 1723] + [..Con][2E 2E 43 6F 6E] [len: 5][num_occurrencies: 230][flowId: 14 24 27 26 31 28 29 30 35 36 37 39 40 48 58 109 108 129 130 131 132 133 135 134 137 136 138 139 140 143 141 142 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 177 178 181 179 180 189 188 187 190 191 192 193 194 195 196][packetIds: 34 68 104 105 106 107 108 109 110 111 112 113 114 115 117 120 129 150 162 178 412 418 467 480 481 495 496 582 631 634 710 724 868 869 872 874 1034 1036 1038 1039 1041 1042 1045 1046 1048 1050 1051 1053 1054 1055 1057 1058 1059 1060 1065 1066 1069 1070 1071 1076 1129 1149 1151 1153 1154 1158 1159 1160 1161 1162 1163 1168 1169 1174 1177 1180 1181 1182 1237 1248 1263 1292 1293 1294 1301 1302 1303 1307 1308 1319 1320 1322 1327 1348 1350 1351 1352 1353 1354 1361 1365 1395 1483 1484 1503 1505 1506 1507 1508 1509 1511 1512 1513 1514 1519 1524 1528 1567 1568 1572 1573 1574 1576 1578 1580 1582 1585 1588 1677 1678 1686 1687 1688 1689 1690 1693 1697 1698 1701 1702 1705 1706 1707 1711 1717 1723] + [.255][2E 32 35 35] [len: 4][num_occurrencies: 220][flowId: 1 2 5 6 11 20 43 49 50 53 74 82][packetIds: 3 4 7 8 9 10 16 45 60 61 196 197 468 506 508 556 557 586 587 588 590 593 596 599 601 603 604 605 606 607 608 610 615 616 620 621 622 623 625 626 627 640 641 644 647 653 655 656 663 664 674 677 678 679 680 689 692 693 695 697 699 701 704 728 732 735 736 739 741 744 745 746 748 751 753 759 762 768 782 791 797 802 819 821 825 826 837 896 899 905 906 907 908 910 922 923 925 936 945 984 989 990 992 997 1002 1010 1014 1019 1029 1031] + [.255.][2E 32 35 35 2E] [len: 5][num_occurrencies: 220][flowId: 1 2 5 6 11 20 43 49 50 53 74 82][packetIds: 3 4 7 8 9 10 16 45 60 61 196 197 468 506 508 556 557 586 587 588 590 593 596 599 601 603 604 605 606 607 608 610 615 616 620 621 622 623 625 626 627 640 641 644 647 653 655 656 663 664 674 677 678 679 680 689 692 693 695 697 699 701 704 728 732 735 736 739 741 744 745 746 748 751 753 759 762 768 782 791 797 802 819 821 825 826 837 896 899 905 906 907 908 910 922 923 925 936 945 984 989 990 992 997 1002 1010 1014 1019 1029 1031] + [.255.2][2E 32 35 35 2E 32] [len: 6][num_occurrencies: 220][flowId: 1 2 5 6 11 20 43 49 50 53 74 82][packetIds: 3 4 7 8 9 10 16 45 60 61 196 197 468 506 508 556 557 586 587 588 590 593 596 599 601 603 604 605 606 607 608 610 615 616 620 621 622 623 625 626 627 640 641 644 647 653 655 656 663 664 674 677 678 679 680 689 692 693 695 697 699 701 704 728 732 735 736 739 741 744 745 746 748 751 753 759 762 768 782 791 797 802 819 821 825 826 837 896 899 905 906 907 908 910 922 923 925 936 945 984 989 990 992 997 1002 1010 1014 1019 1029 1031] + +JA3 Host Stats: + IP Address # JA3C + 1 192.168.5.16 2 + + + 1 TCP 192.168.2.126:45380 <-> 161.117.13.29:80 [flowId: 145][byte_dist_mean: 107.551][byte_dist_std: 61.361][entropy: 3.964][total_entropy: 45440.492][score: 0.0000][proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][7 pkts/4845 bytes <-> 73 pkts/178280 bytes][Goodput ratio: 90/97][5.13 sec][Hostname/SNI: mangaweb.1kxun.mobi][bytes ratio: -0.947 (Download)][IAT c2s/s2c min/avg/max/stddev: 187/0 298/54 408/638 110/113][Pkt Len c2s/s2c min/avg/max/stddev: 490/759 692/2442 831/8706 147/1792][URL: mangaweb.1kxun.mobi/detail?id=27159&sytjdt&_in_app=kankan&_udid=e6dbd30b-3b84-44b4-9751-631148a3ede9&_v=2.8.2.1&_package=com.sceneway.kankan&_model=sdk_gphone_x86&_ov=11&_brand=Google&_android_id=b9e28776354d259e&_gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e][StatusCode: 200][Content-Type: text/html][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /detail)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1,0,0,0,0,1,2,3,1,0,0,0,0,0,0,0,0,0,0,0,1,1,2,0,0,0,0,0,0,52,0,33] + 2 TCP 192.168.2.126:46170 <-> 172.105.121.82:80 [flowId: 141][byte_dist_mean: 124.700][byte_dist_std: 73.792][entropy: 0.982][total_entropy: 48019.298][score: 0.0136][proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][2 pkts/552 bytes <-> 33 pkts/181723 bytes][Goodput ratio: 76/99][1.59 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.994 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/42 0/371 0/107][Pkt Len c2s/s2c min/avg/max/stddev: 274/387 276/5507 278/21666 2/6102][URL: pic.1kxun.com/video_kankan/images/releases/296/4701-e14d0481c8fbe8a42795abb879cda2d2.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,0,55] + 3 TCP 192.168.2.126:49372 <-> 14.136.136.108:80 [flowId: 157][byte_dist_mean: 126.439][byte_dist_std: 72.941][entropy: 1.198][total_entropy: 50118.523][score: 0.0056][proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][3 pkts/1752 bytes <-> 33 pkts/144786 bytes][Goodput ratio: 89/98][1.99 sec][Hostname/SNI: hkbn.content.1kxun.com][bytes ratio: -0.976 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/61 0/371 0/111][Pkt Len c2s/s2c min/avg/max/stddev: 580/351 584/4387 592/18786 6/4364][URL: hkbn.content.1kxun.com/manga-hant/images/project/cartoons/aec00b1dbdf678ee8d2b89df3fdbd059.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.9.7.4][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /manga)][Plen Bins: 0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,8,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,51] + 4 TCP 192.168.2.126:49396 <-> 14.136.136.108:80 [flowId: 161][byte_dist_mean: 126.754][byte_dist_std: 73.340][entropy: 0.906][total_entropy: 51740.886][score: 0.7545][proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][3 pkts/1776 bytes <-> 28 pkts/133577 bytes][Goodput ratio: 89/99][1.65 sec][Hostname/SNI: hkbn.content.1kxun.com][bytes ratio: -0.974 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/42 0/345 0/94][Pkt Len c2s/s2c min/avg/max/stddev: 592/351 592/4771 592/21666 0/5452][URL: hkbn.content.1kxun.com/manga-hant/images/project/cartoons/00dd6bfe750c02c8d10d7112d143f322.jpg?format=webp][StatusCode: 200][Content-Type: image/webp][Server: openresty/1.9.7.4][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /manga)][Plen Bins: 0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,52] + 5 TCP 192.168.2.126:49412 <-> 14.136.136.108:80 [flowId: 160][byte_dist_mean: 125.068][byte_dist_std: 73.545][entropy: 1.068][total_entropy: 49909.760][score: 0.0378][proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Streaming/17][3 pkts/1752 bytes <-> 23 pkts/128276 bytes][Goodput ratio: 89/99][1.65 sec][Hostname/SNI: hkbn.content.1kxun.com][bytes ratio: -0.973 (Download)][IAT c2s/s2c min/avg/max/stddev: 612/0 612/61 612/399 0/112][Pkt Len c2s/s2c min/avg/max/stddev: 580/351 584/5577 592/21666 6/5767][URL: hkbn.content.1kxun.com/manga-hant/images/project/cartoons/13aeb81a47e7632ccdf1aefee19ea65e.jpg?format=webp][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (NGET /manga)][Plen Bins: 0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,62] + 6 TCP 192.168.2.126:46212 <-> 172.105.121.82:80 [flowId: 143][byte_dist_mean: 129.250][byte_dist_std: 73.241][entropy: 0.654][total_entropy: 52768.540][score: 0.0234][proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][2 pkts/555 bytes <-> 12 pkts/124834 bytes][Goodput ratio: 76/99][1.58 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.991 (Download)][IAT c2s/s2c min/avg/max/stddev: 871/0 871/122 871/373 0/155][Pkt Len c2s/s2c min/avg/max/stddev: 277/386 278/10403 278/37506 0/10887][URL: pic.1kxun.com/video_kankan/images/releases/300/5183-51fb99a2391e774037ba21cbca307be4.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,14,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,57] + 7 TCP 192.168.2.126:38316 <-> 172.105.121.82:80 [flowId: 170][byte_dist_mean: 132.673][byte_dist_std: 73.496][entropy: 0.635][total_entropy: 48541.771][score: 0.0000][proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/273 bytes <-> 23 pkts/118294 bytes][Goodput ratio: 76/99][1.43 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.995 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/46 0/393 0/113][Pkt Len c2s/s2c min/avg/max/stddev: 273/388 273/5143 273/24546 0/5526][URL: pic.1kxun.com/video_kankan/images/videos/40701-8fa7d916c55e31f90fa55f450b716505.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,4,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,20,0,67] + 8 TCP 192.168.2.126:49380 <-> 14.136.136.108:80 [flowId: 159][byte_dist_mean: 127.023][byte_dist_std: 73.287][entropy: 1.167][total_entropy: 49819.508][score: 0.1194][proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Streaming/17][2 pkts/1172 bytes <-> 30 pkts/99876 bytes][Goodput ratio: 89/98][1.31 sec][Hostname/SNI: hkbn.content.1kxun.com][bytes ratio: -0.977 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/32 0/209 0/74][Pkt Len c2s/s2c min/avg/max/stddev: 580/351 586/3329 592/18786 6/3784][URL: hkbn.content.1kxun.com/manga-hant/images/project/cartoons/f05074256b39572ad852c1c95eb5f8a7.jpg][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (LGET /manga)][Plen Bins: 0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,53,0,34] + 9 TCP 192.168.2.126:36636 <-> 18.64.103.30:80 [flowId: 183][byte_dist_mean: 128.524][byte_dist_std: 73.865][entropy: 1.096][total_entropy: 45015.602][score: 0.0000][proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 9][cat: Web/5][1 pkts/411 bytes <-> 29 pkts/98991 bytes][Goodput ratio: 84/98][0.08 sec][Hostname/SNI: hybird.rayjump.com][bytes ratio: -0.992 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/2 0/20 0/4][Pkt Len c2s/s2c min/avg/max/stddev: 411/1467 411/3413 411/5778 0/1722][URL: hybird.rayjump.com/rv-zip-2022/0428/tpl4-4209ad845e61d9ad67b6f04187d00be0.zip?md5filename=4209ad845e61d9ad67b6f04187d00be0&foldername=tpl4&layout=1&tpl=4&wfr=1&to=9999&alecfc=1&whs_chn=m][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][PLAIN TEXT (GET /rv)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,30,0,0,63] + 10 TCP 192.168.2.126:36654 <-> 18.64.103.30:80 [flowId: 185][byte_dist_mean: 127.744][byte_dist_std: 74.163][entropy: 1.193][total_entropy: 44445.968][score: 0.3334][proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 9][cat: Web/5][1 pkts/363 bytes <-> 25 pkts/90800 bytes][Goodput ratio: 82/98][0.10 sec][Hostname/SNI: hybird.rayjump.com][bytes ratio: -0.992 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/3 0/18 0/5][Pkt Len c2s/s2c min/avg/max/stddev: 363/1494 363/3632 363/4350 0/1035][URL: hybird.rayjump.com/rv-zip-2019/1113/mini-260291c208bf3376b5111db855e89451.zip?md5filename=260291c208bf3376b5111db855e89451&foldername=mini][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][PLAIN TEXT (GET /rv)][Plen Bins: 0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,85] + 11 TCP 192.168.2.126:45416 <-> 161.117.13.29:80 [flowId: 149][byte_dist_mean: 92.202][byte_dist_std: 55.836][entropy: 3.608][total_entropy: 51097.563][score: 0.0032][proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][8 pkts/7202 bytes <-> 24 pkts/83277 bytes][Goodput ratio: 93/98][16.31 sec][Hostname/SNI: mangaweb.1kxun.mobi][bytes ratio: -0.841 (Download)][IAT c2s/s2c min/avg/max/stddev: 186/0 2919/772 6045/5959 2744/1789][Pkt Len c2s/s2c min/avg/max/stddev: 500/709 900/3470 1180/14466 215/3207][URL: mangaweb.1kxun.mobi/js/vendor.bundle.js?1644807874][StatusCode: 200][Content-Type: application/javascript][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/vendor.bundle.j)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,3,0,0,12,0,0,0,0,0,0,0,3,3,3,6,0,0,0,0,0,0,0,3,0,0,21,0,41] + 12 TCP 192.168.2.126:38326 <-> 172.105.121.82:80 [flowId: 168][byte_dist_mean: 134.401][byte_dist_std: 74.168][entropy: 1.044][total_entropy: 45208.663][score: 0.7167][proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/273 bytes <-> 21 pkts/89010 bytes][Goodput ratio: 76/98][1.25 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.994 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/50 0/412 0/118][Pkt Len c2s/s2c min/avg/max/stddev: 273/387 273/4239 273/12489 0/2950][URL: pic.1kxun.com/video_kankan/images/videos/40730-48fd657abd5a1d3e45d03403ddcb0663.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,4,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,73] + 13 TCP 192.168.2.126:46200 <-> 172.105.121.82:80 [flowId: 142][byte_dist_mean: 113.562][byte_dist_std: 76.632][entropy: 1.212][total_entropy: 46434.817][score: 0.0000][proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][2 pkts/556 bytes <-> 18 pkts/82689 bytes][Goodput ratio: 76/99][1.24 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.987 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/56 0/375 0/119][Pkt Len c2s/s2c min/avg/max/stddev: 278/386 278/4594 278/21666 0/5421][URL: pic.1kxun.com/video_kankan/images/releases/301/5027-d707192bfa2dabf22771a4d56454ab88.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,10,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,35,0,45] + 14 TCP 192.168.2.126:46184 <-> 172.105.121.82:80 [flowId: 140][byte_dist_mean: 127.593][byte_dist_std: 74.051][entropy: 1.020][total_entropy: 46187.702][score: 0.0001][proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][3 pkts/829 bytes <-> 13 pkts/73655 bytes][Goodput ratio: 76/99][1.27 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.978 (Download)][IAT c2s/s2c min/avg/max/stddev: 392/0 392/81 392/368 0/134][Pkt Len c2s/s2c min/avg/max/stddev: 273/386 276/5666 278/23106 2/7129][URL: pic.1kxun.com/video_kankan/images/releases/299/4704-5017bcdcacc02cc3af4833cd1ed72a8f.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,18,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,25,0,37] + 15 TCP 192.168.2.126:36640 <-> 18.64.103.30:80 [flowId: 184][byte_dist_mean: 127.988][byte_dist_std: 74.045][entropy: 1.155][total_entropy: 44665.016][score: 0.9630][proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 9][cat: Web/5][1 pkts/563 bytes <-> 20 pkts/65580 bytes][Goodput ratio: 88/98][0.06 sec][Hostname/SNI: hybird.rayjump.com][bytes ratio: -0.983 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/1 0/3 0/1][Pkt Len c2s/s2c min/avg/max/stddev: 563/1494 563/3279 563/5778 0/1489][URL: hybird.rayjump.com/rv-zip-2022/0428/endcard-dsp-1302-f2714a34f6661a70fedea1667fb7a9e4.zip?md5filename=f2714a34f6661a70fedea1667fb7a9e4&foldername=endcard-dsp-1302&mof=1&mof_uid=91199&n_imp=1&mof_pkg=com.sceneway.kankan&n_region=fk&alecfc=1&bait_click=1&mo][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][PLAIN TEXT (GET /rv)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,62] + 16 TCP 192.168.115.8:49600 <-> 106.187.35.246:80 [flowId: 27][byte_dist_mean: 131.465][byte_dist_std: 73.521][entropy: 3.042][total_entropy: 38328.695][score: 0.0213][proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Streaming/17][18 pkts/1722 bytes <-> 51 pkts/61707 bytes][Goodput ratio: 42/95][45.37 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.946 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3472/1029 44994/45054 11986/6714][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 96/1210 416/1314 113/325][URL: pic.1kxun.com/video_kankan/images/videos/18283-jfyj3.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.9.7.1][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][PLAIN TEXT (GET /video)][Plen Bins: 3,0,0,0,0,0,0,0,0,1,0,3,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,91,0,0,0,0,0,0,0,0] + 17 TCP 192.168.2.126:45398 <-> 161.117.13.29:80 [flowId: 147][byte_dist_mean: 124.202][byte_dist_std: 69.713][entropy: 1.930][total_entropy: 55788.508][score: 0.9579][proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][3 pkts/2127 bytes <-> 18 pkts/58725 bytes][Goodput ratio: 91/98][4.35 sec][Hostname/SNI: mangaweb.1kxun.mobi][bytes ratio: -0.930 (Download)][IAT c2s/s2c min/avg/max/stddev: 229/0 229/262 229/3434 0/852][Pkt Len c2s/s2c min/avg/max/stddev: 490/551 709/3262 821/7266 155/2191][URL: mangaweb.1kxun.mobi/js/dependency-all.js][StatusCode: 200][Content-Type: application/javascript][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/dependency)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,4,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,39,0,43] + 18 TCP 192.168.2.126:49354 <-> 14.136.136.108:80 [flowId: 156][byte_dist_mean: 126.544][byte_dist_std: 72.656][entropy: 1.582][total_entropy: 48186.113][score: 0.0644][proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][2 pkts/1184 bytes <-> 19 pkts/53234 bytes][Goodput ratio: 89/98][1.04 sec][Hostname/SNI: hkbn.content.1kxun.com][bytes ratio: -0.956 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/26 0/204 0/67][Pkt Len c2s/s2c min/avg/max/stddev: 592/351 592/2802 592/8706 0/2084][URL: hkbn.content.1kxun.com/manga-hant/images/project/cartoons/7e07d4417e0edc98d327d0ddfd3e227a.jpg?format=webp][StatusCode: 200][Content-Type: image/webp][Server: openresty/1.9.7.4][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (/GET /manga)][Plen Bins: 0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,38,0,42] + 19 TCP 192.168.115.8:49601 <-> 106.187.35.246:80 [flowId: 28][byte_dist_mean: 124.041][byte_dist_std: 71.924][entropy: 7.051][total_entropy: 32588.348][score: 0.9199][proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Streaming/17][18 pkts/2440 bytes <-> 43 pkts/49237 bytes][Goodput ratio: 59/95][45.30 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.906 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3466/4 44999/62 11990/13][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 136/1145 415/1314 149/400][URL: pic.1kxun.com/video_kankan/images/videos/3578-ywzj.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.9.7.1][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][PLAIN TEXT (GET /video)][Plen Bins: 4,2,0,0,0,0,0,0,0,4,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,79,0,0,0,0,0,0,0,0] + 20 TCP 192.168.115.8:49602 <-> 106.187.35.246:80 [flowId: 29][byte_dist_mean: 127.669][byte_dist_std: 73.940][entropy: 5.704][total_entropy: 33986.217][score: 0.0856][proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Streaming/17][24 pkts/2786 bytes <-> 41 pkts/46203 bytes][Goodput ratio: 52/95][45.33 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.886 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2649/12 44748/253 10525/45][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 116/1127 415/1314 133/398][URL: pic.1kxun.com/video_kankan/images/videos/3713-ydm.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.9.7.1][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][PLAIN TEXT (GET /video)][Plen Bins: 4,0,0,0,0,0,0,0,0,4,0,9,0,0,4,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,76,0,0,0,0,0,0,0,0] + 21 TCP 192.168.115.8:49604 <-> 106.187.35.246:80 [flowId: 31][byte_dist_mean: 126.665][byte_dist_std: 72.682][entropy: 4.682][total_entropy: 35398.571][score: 0.0940][proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Streaming/17][20 pkts/2564 bytes <-> 38 pkts/43013 bytes][Goodput ratio: 57/95][45.32 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.887 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3007/1410 44996/45052 11222/7838][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 128/1132 423/1314 145/403][URL: pic.1kxun.com/video_kankan/images/videos/4657-jfyj.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.9.7.1][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][PLAIN TEXT (GET /video)][Plen Bins: 4,0,0,0,0,0,0,0,0,4,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,77,0,0,0,0,0,0,0,0] + 22 TCP 192.168.115.8:49606 <-> 106.185.35.110:80 [flowId: 36][byte_dist_mean: 74.486][byte_dist_std: 29.673][entropy: 4.971][total_entropy: 22723.291][score: 0.0000][proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Streaming/17][22 pkts/1926 bytes <-> 28 pkts/33821 bytes][Goodput ratio: 37/95][0.42 sec][Hostname/SNI: jp.kankan.1kxun.mobi][bytes ratio: -0.892 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/8 194/109 46/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 88/1208 411/1314 102/329][URL: jp.kankan.1kxun.mobi/api/movies/mp4script/10410?definition=true][StatusCode: 200][Content-Type: text/xml][Server: openresty/1.9.7.1][Risk: ** HTTP Susp User-Agent **][Risk Score: 100][Risk Info: Empty or missing User-Agent][PLAIN TEXT (GET /api/movies/mp4)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,89,0,0,0,0,0,0,0,0] + 23 TCP 192.168.115.8:49599 <-> 106.187.35.246:80 [flowId: 26][byte_dist_mean: 131.010][byte_dist_std: 74.572][entropy: 4.091][total_entropy: 36293.372][score: 0.0012][proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Streaming/17][16 pkts/1612 bytes <-> 27 pkts/29579 bytes][Goodput ratio: 45/95][45.24 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.897 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 12/6 66/65 23/18][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 101/1096 415/1314 119/461][URL: pic.1kxun.com/video_kankan/images/videos/13480-alps.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.9.7.1][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][PLAIN TEXT (GET /video)][Plen Bins: 7,3,0,0,0,0,0,0,0,3,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,79,0,0,0,0,0,0,0,0] + 24 TCP 192.168.2.126:44368 <-> 172.217.18.98:80 [flowId: 162][byte_dist_mean: 125.010][byte_dist_std: 71.799][entropy: 2.285][total_entropy: 43361.917][score: 0.8571][proto: 7.239/HTTP.GoogleServices][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/489 bytes <-> 16 pkts/29841 bytes][Goodput ratio: 86/96][0.06 sec][Hostname/SNI: www.googletagservices.com][bytes ratio: -0.968 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/2 0/22 0/6][Pkt Len c2s/s2c min/avg/max/stddev: 489/491 489/1865 489/2902 0/738][URL: www.googletagservices.com/tag/js/gpt.js][StatusCode: 200][Content-Type: text/javascript][Server: sffe][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /tag/js/gpt.j)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,59,0,0,29] + 25 TCP 192.168.2.126:38354 <-> 142.250.186.34:80 [flowId: 154][byte_dist_mean: 127.608][byte_dist_std: 72.455][entropy: 2.092][total_entropy: 45833.063][score: 0.8646][proto: 7.126/HTTP.Google][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 9][cat: Advertisement/101][1 pkts/586 bytes <-> 12 pkts/28355 bytes][Goodput ratio: 89/97][0.08 sec][Hostname/SNI: pagead2.googlesyndication.com][bytes ratio: -0.960 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/3 0/23 0/7][Pkt Len c2s/s2c min/avg/max/stddev: 586/687 586/2363 586/2902 0/788][URL: pagead2.googlesyndication.com/pagead/show_ads.js][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /pagead/show)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0,62] + 26 TCP 192.168.2.126:35664 <-> 18.66.2.90:80 [flowId: 181][byte_dist_mean: 112.670][byte_dist_std: 76.173][entropy: 1.561][total_entropy: 41740.612][score: 0.0000][proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/249 bytes <-> 9 pkts/27029 bytes][Goodput ratio: 73/98][0.02 sec][Hostname/SNI: cdn.liftoff.io][bytes ratio: -0.982 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/1 0/3 0/1][Pkt Len c2s/s2c min/avg/max/stddev: 249/797 249/3003 249/4350 0/1362][URL: cdn.liftoff.io/customers/45d4b09eba/image/lambda_jpg_89/398101234e6cf5b3a8d8.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: AmazonS3][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (GET /customers/45)][Plen Bins: 0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,60] + 27 TCP 192.168.115.8:49603 <-> 106.187.35.246:80 [flowId: 30][byte_dist_mean: 127.861][byte_dist_std: 72.164][entropy: 3.336][total_entropy: 37720.199][score: 0.0006][proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Streaming/17][12 pkts/1396 bytes <-> 22 pkts/24184 bytes][Goodput ratio: 52/95][45.24 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.891 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5632/4 45001/65 14880/15][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 116/1099 415/1314 134/455][URL: pic.1kxun.com/video_kankan/images/videos/16649-ljdz.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.9.7.1][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][PLAIN TEXT (GET /video)][Plen Bins: 8,0,0,0,0,0,0,0,0,4,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,75,0,0,0,0,0,0,0,0] + 28 TCP 192.168.2.126:36732 <-> 142.250.186.174:80 [flowId: 155][byte_dist_mean: 126.953][byte_dist_std: 71.515][entropy: 2.162][total_entropy: 44092.662][score: 0.9946][proto: 7.126/HTTP.Google][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 2][cat: Advertisement/101][1 pkts/487 bytes <-> 10 pkts/21123 bytes][Goodput ratio: 86/97][0.05 sec][Hostname/SNI: www.google-analytics.com][bytes ratio: -0.955 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/3 0/21 0/7][Pkt Len c2s/s2c min/avg/max/stddev: 487/677 487/2112 487/2902 0/822][URL: www.google-analytics.com/analytics.js][StatusCode: 200][Content-Type: text/javascript][Server: Golfe2][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /analytics.js HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,36,0,0,45] + 29 TCP 192.168.2.126:45388 <-> 161.117.13.29:80 [flowId: 146][byte_dist_mean: 119.252][byte_dist_std: 69.858][entropy: 2.482][total_entropy: 49042.362][score: 0.0000][proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][2 pkts/1315 bytes <-> 8 pkts/18984 bytes][Goodput ratio: 90/97][4.33 sec][Hostname/SNI: mangaweb.1kxun.mobi][bytes ratio: -0.870 (Download)][IAT c2s/s2c min/avg/max/stddev: 3965/0 3965/593 3965/3966 0/1379][Pkt Len c2s/s2c min/avg/max/stddev: 509/1287 658/2373 806/8258 148/2234][URL: mangaweb.1kxun.mobi/js/swiper/swiper.min.css][StatusCode: 200][Content-Type: text/css][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/swiper/swiper.min.css H)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,10,0,0,0,0,40,0,20] + 30 TCP 192.168.115.8:49609 <-> 42.120.51.152:8080 [flowId: 40][byte_dist_mean: 80.967][byte_dist_std: 22.493][entropy: 5.828][total_entropy: 10729.804][score: 0.9998][proto: 7/HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 9][cat: Web/5][20 pkts/4716 bytes <-> 13 pkts/7005 bytes][Goodput ratio: 77/90][1.19 sec][Hostname/SNI: 42.120.51.152][bytes ratio: -0.195 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 49/52 298/178 81/57][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 236/539 499/1314 193/556][URL: 42.120.51.152:8080/api/proxy?url=http%3A%2F%2Fvv.video.qq.com%2Fgetvinfo][StatusCode: 100][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.0][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 42.120.51.152 / Expected on port 80][PLAIN TEXT (POST /api/proxy)][Plen Bins: 11,0,0,0,0,0,0,22,0,0,0,0,0,33,0,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,0,0,0,0] + 31 TCP 192.168.2.126:37100 <-> 52.29.177.177:80 [flowId: 187][byte_dist_mean: 77.864][byte_dist_std: 26.554][entropy: 4.337][total_entropy: 26466.050][score: 0.2563][proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 4][cat: Web/5][12 pkts/8973 bytes <-> 4 pkts/687 bytes][Goodput ratio: 91/61][7.04 sec][Hostname/SNI: adx-tk.rayjump.com][bytes ratio: 0.858 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/185 697/1192 4610/2198 1454/1006][Pkt Len c2s/s2c min/avg/max/stddev: 86/169 748/172 1506/180 594/5][StatusCode: 204][Server: nginx][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /track)][Plen Bins: 25,0,0,25,0,0,0,0,0,0,0,0,0,0,12,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] + 32 TCP 192.168.5.16:53627 <-> 203.69.81.73:80 [flowId: 108][byte_dist_mean: 118.224][byte_dist_std: 71.254][entropy: 5.666][total_entropy: 35126.225][score: 0.7754][proto: 7.315/HTTP.Line][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Chat/9][6 pkts/676 bytes <-> 8 pkts/8822 bytes][Goodput ratio: 40/94][0.02 sec][Hostname/SNI: dl-obs.official.line.naver.jp][bytes ratio: -0.858 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 4/2 10/8 4/3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 113/1103 334/1514 99/610][URL: dl-obs.official.line.naver.jp/r/talk/m/4697716954688/preview][StatusCode: 200][Content-Type: image/jpeg][User-Agent: DESKTOP:MAC:10.10.5-YOSEMITE(4.7.2)][PLAIN TEXT (FGET /r/talk/m/4697716954688/pr)][Plen Bins: 0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,71,0,0] + 33 TCP 192.168.5.16:53628 <-> 203.69.81.73:80 [flowId: 109][byte_dist_mean: 116.562][byte_dist_std: 69.439][entropy: 5.660][total_entropy: 35093.649][score: 0.0476][proto: 7.315/HTTP.Line][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Chat/9][6 pkts/676 bytes <-> 8 pkts/8482 bytes][Goodput ratio: 40/94][0.01 sec][Hostname/SNI: dl-obs.official.line.naver.jp][bytes ratio: -0.852 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/2 10/6 4/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 113/1060 334/1514 99/620][URL: dl-obs.official.line.naver.jp/r/talk/m/4697716971500/preview][StatusCode: 200][Content-Type: image/jpeg][User-Agent: DESKTOP:MAC:10.10.5-YOSEMITE(4.7.2)][PLAIN TEXT (GGET /r/talk/m/4697716971500/pr)][Plen Bins: 0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,71,0,0] + 34 UDP [fe80::9bd:81dd:2fdc:5750]:1900 -> [ff02::c]:1900 [flowId: 83][byte_dist_mean: 76.958][byte_dist_std: 30.470][entropy: 4.634][total_entropy: 23228.415][score: 0.0958][proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][16 pkts/8921 bytes -> 0 pkts/0 bytes][Goodput ratio: 89/0][8.40 sec][Hostname/SNI: [ff02::c]:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 103/0 512/0 2044/0 527/0][Pkt Len c2s/s2c min/avg/max/stddev: 510/0 558/0 590/0 30/0][PLAIN TEXT (NOTIFY )][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,12,56,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 35 UDP 192.168.5.49:1900 -> 239.255.255.250:1900 [flowId: 82][byte_dist_mean: 75.911][byte_dist_std: 30.781][entropy: 4.666][total_entropy: 23018.291][score: 0.1207][proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][16 pkts/8473 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][8.40 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 102/0 512/0 2044/0 527/0][Pkt Len c2s/s2c min/avg/max/stddev: 482/0 530/0 562/0 30/0][PLAIN TEXT (NOTIFY )][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,12,18,51,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 36 TCP 192.168.2.126:49370 <-> 14.136.136.108:80 [flowId: 158][score: 0.4843][proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/580 bytes <-> 4 pkts/7749 bytes][Goodput ratio: 88/97][0.22 sec][Hostname/SNI: hkbn.content.1kxun.com][URL: hkbn.content.1kxun.com/manga-hant/images/project/cartoons/b057f5cd8fe013d2299b57f14faa5fa9.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.9.7.4][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (AGET /manga)][Plen Bins: 0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,20] + 37 TCP 192.168.2.126:45422 <-> 161.117.13.29:80 [flowId: 150][score: 0.0000][proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 5][cat: Streaming/17][3 pkts/2139 bytes <-> 4 pkts/6060 bytes][Goodput ratio: 91/96][4.31 sec][Hostname/SNI: mangaweb.1kxun.mobi][bytes ratio: -0.478 (Download)][IAT c2s/s2c min/avg/max/stddev: 221/224 2062/1374 3902/3898 1841/1787][Pkt Len c2s/s2c min/avg/max/stddev: 502/1413 713/1515 819/1720 149/124][URL: mangaweb.1kxun.mobi/images/detail_revision/go_homepage.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/application.min.j)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,14,0,14] + 38 TCP 192.168.2.126:60148 <-> 172.105.121.82:80 [flowId: 138][score: 0.0053][proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][2 pkts/536 bytes <-> 3 pkts/7066 bytes][Goodput ratio: 75/97][0.56 sec][Hostname/SNI: pic.1kxun.com][URL: pic.1kxun.com/video_kankan/images/icons/5-328e3cdf244c003df08754cca05fbc2f.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,40,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20] + 39 TCP 119.235.235.84:443 <-> 192.168.5.16:53406 [flowId: 100][byte_dist_mean: 121.393][byte_dist_std: 54.095][entropy: 7.660][total_entropy: 8065.664][score: 0.0006][proto: 91/TLS][IP: 315/Line][Encrypted][Confidence: Match by port][DPI packets: 20][cat: Web/5][13 pkts/6269 bytes <-> 10 pkts/1165 bytes][Goodput ratio: 88/51][18.02 sec][bytes ratio: 0.687 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/31 352/2546 3289/14274 980/4917][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 482/116 1514/386 582/101][Plen Bins: 23,7,0,0,0,15,7,0,7,0,7,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0] + 40 TCP 192.168.2.126:38314 <-> 172.105.121.82:80 [flowId: 169][score: 0.0255][proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/273 bytes <-> 4 pkts/6346 bytes][Goodput ratio: 76/96][0.33 sec][Hostname/SNI: pic.1kxun.com][URL: pic.1kxun.com/video_kankan/images/videos/40750-585645353a7a47615755b7714c611835.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,20,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,20] + 41 TCP 192.168.2.126:45414 <-> 161.117.13.29:80 [flowId: 148][score: 0.0000][proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][3 pkts/2118 bytes <-> 3 pkts/3518 bytes][Goodput ratio: 91/94][4.32 sec][Hostname/SNI: mangaweb.1kxun.mobi][bytes ratio: -0.248 (Download)][IAT c2s/s2c min/avg/max/stddev: 215/216 2066/2066 3917/3916 1851/1850][Pkt Len c2s/s2c min/avg/max/stddev: 482/758 706/1173 819/1456 158/300][URL: mangaweb.1kxun.mobi/js/fb-sdk.js][StatusCode: 200][Content-Type: application/javascript][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/fb)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,16,0,34,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,16,0,0,0,0] + 42 TCP 192.168.2.126:47246 <-> 161.117.13.29:80 [flowId: 134][score: 0.0001][proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][2 pkts/1872 bytes <-> 2 pkts/3374 bytes][Goodput ratio: 93/96][1.30 sec][Hostname/SNI: kankan.1kxun.com][URL: kankan.1kxun.com/video_kankan_tags/v2/api/homePageVideoCollections/HomePageBanners?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28][StatusCode: 200][Content-Type: application/json][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25] + 43 TCP 192.168.2.126:36660 <-> 18.64.103.30:80 [flowId: 186][score: 0.3661][proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 4][cat: Web/5][1 pkts/328 bytes <-> 3 pkts/4733 bytes][Goodput ratio: 80/96][0.03 sec][Hostname/SNI: hybird.rayjump.com][URL: hybird.rayjump.com/rv/endv4.html?mof=1&ec_id=4&mof_uid=91199&n_imp=1&unit_id=8881&sdk_version=mal_8.7.4][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][PLAIN TEXT (GET /rv/endv4.html)][Plen Bins: 0,0,0,0,0,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,25] + 44 TCP 192.168.115.8:49608 <-> 203.205.151.234:80 [flowId: 39][byte_dist_mean: 84.294][byte_dist_std: 25.294][entropy: 5.811][total_entropy: 8646.506][score: 0.1747][proto: 7.48/HTTP.QQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Chat/9][18 pkts/3550 bytes <-> 7 pkts/1400 bytes][Goodput ratio: 71/72][1.09 sec][Hostname/SNI: vv.video.qq.com][bytes ratio: 0.434 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 70/191 476/506 136/201][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 197/200 499/372 176/149][URL: vv.video.qq.com/getvinfo][StatusCode: 100][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.0][PLAIN TEXT (POST /getvinfo HTTP/1.1)][Plen Bins: 15,0,0,0,0,15,15,0,0,23,0,0,0,30,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 45 UDP 192.168.119.1:67 -> 255.255.255.255:68 [flowId: 3][byte_dist_mean: 20.538][byte_dist_std: 55.013][entropy: 1.986][total_entropy: 5958.926][score: 0.0118][proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][14 pkts/4788 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][43.01 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 412/0 3106/0 12289/0 3176/0][Pkt Len c2s/s2c min/avg/max/stddev: 342/0 342/0 342/0 0/0][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 46 TCP 192.168.5.16:53580 <-> 31.13.87.36:443 [flowId: 105][score: 0.7399][proto: 91/TLS][IP: 119/Facebook][Encrypted][Confidence: DPI][DPI packets: 4][cat: Web/5][4 pkts/2050 bytes <-> 5 pkts/2297 bytes][Goodput ratio: 87/86][0.18 sec][bytes ratio: -0.057 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 4/0 60/44 176/133 82/54][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 512/459 1159/1464 468/536][Plen Bins: 0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,20,0,0,0,0] + 47 TCP 192.168.115.8:49613 <-> 183.131.48.144:80 [flowId: 48][byte_dist_mean: 51.589][byte_dist_std: 34.844][entropy: 5.181][total_entropy: 12117.540][score: 0.9981][proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Media/1][7 pkts/1408 bytes <-> 5 pkts/2611 bytes][Goodput ratio: 71/89][0.15 sec][Hostname/SNI: 183.131.48.144][bytes ratio: -0.299 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 14/25 69/67 28/30][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 201/522 557/1078 225/465][URL: 183.131.48.144/vlive.qqvideo.tc.qq.com/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE656][StatusCode: 206][Content-Type: video/mp4][Risk: ** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 110][Risk Info: Found host 183.131.48.144 / Empty or missing User-Agent][PLAIN TEXT (GET /vlive.qq)][Plen Bins: 0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 48 TCP 192.168.5.16:53623 <-> 192.168.115.75:443 [flowId: 44][byte_dist_mean: 89.479][byte_dist_std: 58.964][entropy: 6.281][total_entropy: 3071.463][score: 0.6301][proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][11 pkts/1959 bytes <-> 8 pkts/1683 bytes][Goodput ratio: 67/72][20.95 sec][Hostname/SNI: 192.168.115.75][bytes ratio: 0.076 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 2323/4176 15252/15254 4895/5951][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 178/210 1067/1055 288/323][Risk: ** Weak TLS Cipher **** HTTP/TLS/QUIC Numeric Hostname/SNI **** TLS (probably) Not Carrying HTTPS **][Risk Score: 120][Risk Info: 192.168.115.75 / No ALPN / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: 799135475da362592a4be9199d258726][JA3S: 573a9f3f80037fb40d481e2054def5bb (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 14,14,14,0,0,14,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 49 TCP 192.168.5.16:53625 <-> 192.168.115.75:443 [flowId: 86][byte_dist_mean: 88.042][byte_dist_std: 58.586][entropy: 6.207][total_entropy: 3010.560][score: 0.6470][proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][11 pkts/1955 bytes <-> 8 pkts/1683 bytes][Goodput ratio: 67/72][6.76 sec][Hostname/SNI: 192.168.115.75][bytes ratio: 0.075 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 746/1336 5987/5987 1865/2341][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 178/210 1067/1055 287/323][Risk: ** Weak TLS Cipher **** HTTP/TLS/QUIC Numeric Hostname/SNI **** TLS (probably) Not Carrying HTTPS **][Risk Score: 120][Risk Info: 192.168.115.75 / No ALPN / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: 618ee2509ef52bf0b8216e1564eea909][JA3S: 573a9f3f80037fb40d481e2054def5bb (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 14,14,14,0,0,14,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 50 TCP 192.168.2.126:42554 <-> 35.156.44.13:80 [flowId: 188][score: 0.2538][proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][4 pkts/3091 bytes <-> 2 pkts/444 bytes][Goodput ratio: 91/70][2.57 sec][Hostname/SNI: de01.rayjump.com][bytes ratio: 0.749 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/2543 847/2543 2537/2543 1195/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/222 773/222 1506/222 647/0][URL: de01.rayjump.com/onlyImpression?k=629bea20a4e5410001f01c7x&mp=fURPDr5tiUStf7V2fajMiaveHUveDAJ96aiPfU5IiARTfnHIGal9i%2BMefbMM6jxc6aRAGaxIi%2BMPfdMei%2BewDke6Go9bWUxIi099WUR%2Fi%2BegYFKgY75IhFx8%2BFJML7K%2FH5K9GaHIinhPfdleialM6azIHkPIG%2BeIGnR%2FiUjPWUNMWUR][StatusCode: 200][Content-Type: text/plain][Server: nginx][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (FGET /onlyImpression)][Plen Bins: 16,0,0,16,34,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,16,0,0] + 51 TCP 192.168.5.16:53629 <-> 192.168.115.75:443 [flowId: 116][byte_dist_mean: 85.835][byte_dist_std: 58.485][entropy: 6.238][total_entropy: 3025.410][score: 0.6449][proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][10 pkts/1895 bytes <-> 7 pkts/1623 bytes][Goodput ratio: 69/75][6.08 sec][Hostname/SNI: 192.168.115.75][bytes ratio: 0.077 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 753/1500 5998/5998 1982/2597][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 190/232 1067/1055 299/340][Risk: ** Weak TLS Cipher **** HTTP/TLS/QUIC Numeric Hostname/SNI **** TLS (probably) Not Carrying HTTPS **][Risk Score: 120][Risk Info: 192.168.115.75 / No ALPN / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: 618ee2509ef52bf0b8216e1564eea909][JA3S: 573a9f3f80037fb40d481e2054def5bb (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 14,14,14,0,0,14,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 52 TCP 192.168.115.8:49605 <-> 106.185.35.110:80 [flowId: 35][byte_dist_mean: 99.546][byte_dist_std: 42.650][entropy: 6.062][total_entropy: 16343.553][score: 0.8444][proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Streaming/17][8 pkts/1128 bytes <-> 5 pkts/2282 bytes][Goodput ratio: 60/87][0.09 sec][Hostname/SNI: jp.kankan.1kxun.mobi][bytes ratio: -0.338 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/16 36/43 13/19][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 141/456 390/1314 144/512][URL: jp.kankan.1kxun.mobi/api/videos/10410.json][StatusCode: 200][Content-Type: application/json][Server: openresty/1.9.7.1][Risk: ** HTTP Susp User-Agent **][Risk Score: 100][Risk Info: Empty or missing User-Agent][PLAIN TEXT (GET /api/videos/10410.j)][Plen Bins: 20,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0] + 53 TCP 192.168.2.126:33042 <-> 3.122.190.70:80 [flowId: 194][score: 0.0854][proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/1986 bytes <-> 2 pkts/1328 bytes][Goodput ratio: 93/90][2.20 sec][Hostname/SNI: click.liftoff.io][URL: click.liftoff.io/v1/campaign_click/ddfWbX-c_ZpIF_3wE-XgJSwRJPn_5OpS9IR6X4XG91XQL6ssRLV4QPLSEQgWyRbP_OAHXGp-3z8zKxdRjL-BT6h7z46z4qmAWxR5DboEhr1DytY4W5gfQLUcV6yE3POR7PrQlrVbVtH-7uW1oie-jkR4naGHTVVHKv5kFXBJ9yTIX-JngaE2MMTER1HuBx9qTlyLhiZCtWSUSv4Ze5z4QuGqjWij][StatusCode: 200][Content-Type: image/png][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /v1/campaign)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 54 TCP 192.168.2.126:50176 <-> 161.117.13.29:80 [flowId: 167][score: 0.0001][proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/1185 bytes <-> 2 pkts/2082 bytes][Goodput ratio: 94/94][0.19 sec][Hostname/SNI: mangaweb.1kxun.mobi][URL: mangaweb.1kxun.mobi/images/list_default.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /images/list)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,33,0,0] + 55 TCP 192.168.5.16:53626 <-> 192.168.115.75:443 [flowId: 106][byte_dist_mean: 85.020][byte_dist_std: 57.520][entropy: 6.203][total_entropy: 3033.202][score: 0.7957][proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][11 pkts/1943 bytes <-> 8 pkts/1267 bytes][Goodput ratio: 66/63][8.90 sec][Hostname/SNI: 192.168.115.75][bytes ratio: 0.211 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 982/1763 6000/6000 1978/2381][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 177/158 1051/639 283/188][Risk: ** Weak TLS Cipher **** HTTP/TLS/QUIC Numeric Hostname/SNI **** TLS (probably) Not Carrying HTTPS **][Risk Score: 120][Risk Info: 192.168.115.75 / No ALPN / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: 799135475da362592a4be9199d258726][JA3S: 573a9f3f80037fb40d481e2054def5bb (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 14,14,14,0,0,14,14,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 56 TCP 192.168.115.8:49597 <-> 106.185.35.110:80 [flowId: 14][byte_dist_mean: 100.131][byte_dist_std: 43.771][entropy: 7.117][total_entropy: 14816.624][score: 0.0014][proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Streaming/17][10 pkts/1394 bytes <-> 4 pkts/1464 bytes][Goodput ratio: 59/83][45.16 sec][Hostname/SNI: jp.kankan.1kxun.mobi][bytes ratio: -0.024 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/4 5639/28 44799/53 14801/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 139/366 468/1272 164/523][URL: jp.kankan.1kxun.mobi/api/videos/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377698][StatusCode: 200][Content-Type: application/x-javascript][Server: openresty/1.9.7.1][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][PLAIN TEXT (GET /api/videos/10410.j)][Plen Bins: 40,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0] + 57 TCP 192.168.2.126:35426 <-> 8.209.112.118:80 [flowId: 195][score: 0.0026][proto: 7/HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 5][cat: Web/5][4 pkts/2668 bytes <-> 1 pkts/142 bytes][Goodput ratio: 92/62][0.02 sec][Hostname/SNI: analytics.rayjump.com][URL: analytics.rayjump.com/][StatusCode: 204][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (POST / HTTP/1.1)][Plen Bins: 20,0,20,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0] + 58 TCP 192.168.2.126:41390 <-> 18.64.79.37:80 [flowId: 152][score: 0.0443][proto: 7.126/HTTP.Google][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/492 bytes <-> 3 pkts/2123 bytes][Goodput ratio: 86/91][0.03 sec][Hostname/SNI: google.open-js.com][URL: google.open-js.com/doubleclick/ca0ecde2.js][StatusCode: 200][Content-Type: application/javascript][Server: AmazonS3][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (SGET /doubleclick/ca0)][Plen Bins: 0,25,0,0,0,0,0,0,0,0,0,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0] + 59 TCP 192.168.2.126:56096 <-> 3.72.69.158:80 [flowId: 174][score: 0.9767][proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/857 bytes <-> 1 pkts/1706 bytes][Goodput ratio: 92/96][0.02 sec][Hostname/SNI: setting.rayjump.com][URL: setting.rayjump.com/setting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=][StatusCode: 200][Content-Type: text/plain][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (GET /setting)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50] + 60 TCP 31.13.87.1:443 <-> 192.168.5.16:53578 [flowId: 112][byte_dist_mean: 125.406][byte_dist_std: 54.050][entropy: 7.483][total_entropy: 14614.571][score: 0.0000][proto: 91/TLS][IP: 119/Facebook][Encrypted][Confidence: DPI][DPI packets: 3][cat: Web/5][5 pkts/1006 bytes <-> 5 pkts/1487 bytes][Goodput ratio: 67/78][0.26 sec][bytes ratio: -0.193 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 64/64 205/212 84/87][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 201/297 471/1223 139/463][Plen Bins: 0,0,40,20,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0] + 61 UDP 192.168.5.57:55809 -> 239.255.255.250:1900 [flowId: 1][byte_dist_mean: 75.850][byte_dist_std: 33.153][entropy: 5.198][total_entropy: 6913.065][score: 0.0076][proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][14 pkts/2450 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][56.94 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2968/0 4488/0 17921/0 4136/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 62 TCP 192.168.115.8:49598 <-> 222.73.254.167:80 [flowId: 24][byte_dist_mean: 90.796][byte_dist_std: 35.809][entropy: 6.573][total_entropy: 10582.751][score: 0.0003][proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Streaming/17][10 pkts/1406 bytes <-> 4 pkts/980 bytes][Goodput ratio: 60/75][45.21 sec][Hostname/SNI: kankan.1kxun.com][bytes ratio: 0.179 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/9 5643/40 44798/70 14800/30][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 141/245 474/788 167/314][URL: kankan.1kxun.com/api/videos/alsolikes/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377899][StatusCode: 200][Content-Type: application/json][Server: openresty/1.9.3.2][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][PLAIN TEXT (GET /api/videos/alsolikes/10410)][Plen Bins: 40,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 63 TCP 192.168.115.8:49612 <-> 183.131.48.145:80 [flowId: 45][byte_dist_mean: 65.945][byte_dist_std: 17.074][entropy: 5.190][total_entropy: 7915.052][score: 0.9833][proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Web/5][10 pkts/1428 bytes <-> 4 pkts/867 bytes][Goodput ratio: 60/73][0.23 sec][Hostname/SNI: 183.131.48.145][bytes ratio: 0.244 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 28/42 74/83 34/42][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 143/217 486/687 172/271][URL: 183.131.48.145/vlive.qqvideo.tc.qq.com/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE656][StatusCode: 302][Server: httpserver][Risk: ** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 110][Risk Info: Found host 183.131.48.145 / Empty or missing User-Agent][PLAIN TEXT (GET /vlive.qq)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 64 UDP 192.168.5.44:51389 -> 239.255.255.250:1900 [flowId: 2][byte_dist_mean: 75.850][byte_dist_std: 33.153][entropy: 5.198][total_entropy: 6913.065][score: 0.0042][proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][13 pkts/2275 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][59.19 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2967/0 5110/0 15056/0 4451/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 65 TCP 192.168.2.126:45424 <-> 161.117.13.29:80 [flowId: 151][score: 0.0037][proto: 7/HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/480 bytes <-> 1 pkts/1787 bytes][Goodput ratio: 86/96][0.19 sec][Hostname/SNI: tcad.wedolook.com][URL: tcad.wedolook.com/js/websdk.js][StatusCode: 200][Content-Type: application/javascript][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/websdk.js HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50] + 66 UDP 192.168.3.95:59468 -> 239.255.255.250:1900 [flowId: 20][byte_dist_mean: 75.850][byte_dist_std: 33.153][entropy: 5.198][total_entropy: 6913.065][score: 0.0077][proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][12 pkts/2100 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][45.06 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2967/0 4198/0 14952/0 3585/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 67 UDP 192.168.5.9:55484 -> 239.255.255.250:1900 [flowId: 50][byte_dist_mean: 75.850][byte_dist_std: 33.153][entropy: 5.198][total_entropy: 6913.065][score: 0.0053][proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][12 pkts/2100 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][49.87 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2968/0 4680/0 19869/0 5063/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 68 TCP 192.168.2.126:50148 <-> 161.117.13.29:80 [flowId: 164][score: 0.1120][proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/1180 bytes <-> 1 pkts/832 bytes][Goodput ratio: 94/92][0.18 sec][Hostname/SNI: mangaweb.1kxun.mobi][URL: mangaweb.1kxun.mobi/images/readpage_revision/like_1.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /images/readpage)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0] + 69 TCP 192.168.2.126:42566 <-> 35.156.44.13:80 [flowId: 189][score: 0.9153][proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 4][cat: Web/5][3 pkts/1770 bytes <-> 1 pkts/222 bytes][Goodput ratio: 89/70][0.03 sec][Hostname/SNI: de01.rayjump.com][StatusCode: 200][Content-Type: text/plain][Server: nginx][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gec][PLAIN TEXT (GGET /impression)][Plen Bins: 25,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] + 70 TCP 192.168.5.16:53624 <-> 68.233.253.133:80 [flowId: 58][byte_dist_mean: 80.113][byte_dist_std: 23.889][entropy: 4.935][total_entropy: 6464.794][score: 0.0005][proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][7 pkts/996 bytes <-> 5 pkts/986 bytes][Goodput ratio: 52/66][31.95 sec][Hostname/SNI: api.magicansoft.com][bytes ratio: 0.005 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/8 2391/3919 11352/11551 4481/5397][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 142/197 331/390 117/157][URL: api.magicansoft.com/comMagicanApi/composite/app.php/Global/Index/ip][StatusCode: 502][Content-Type: text/html][Server: MServer 1.2.2][User-Agent: Magican (unknown version) CFNetwork/720.5.7 Darwin/14.5.0 (x86_64)][Risk: ** Error Code **][Risk Score: 10][Risk Info: HTTP Error Code 502][PLAIN TEXT (GET /comMagicanApi/composite/ap)][Plen Bins: 0,0,0,0,0,0,0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 71 TCP 192.168.2.126:50140 <-> 161.117.13.29:80 [flowId: 163][score: 0.3318][proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/1178 bytes <-> 1 pkts/748 bytes][Goodput ratio: 94/91][0.18 sec][Hostname/SNI: mangaweb.1kxun.mobi][URL: mangaweb.1kxun.mobi/images/readpage_revision/left.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /images/readpage)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0] + 72 TCP 192.168.2.126:50166 <-> 161.117.13.29:80 [flowId: 166][score: 0.3332][proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/1179 bytes <-> 1 pkts/746 bytes][Goodput ratio: 94/91][0.18 sec][Hostname/SNI: mangaweb.1kxun.mobi][URL: mangaweb.1kxun.mobi/images/readpage_revision/right.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /images/readpage)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0] + 73 TCP 192.168.2.126:47262 <-> 161.117.13.29:80 [flowId: 135][score: 0.7378][proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/937 bytes <-> 1 pkts/883 bytes][Goodput ratio: 93/92][0.31 sec][Hostname/SNI: kankan.1kxun.com][URL: kankan.1kxun.com/video_kankan_tags/v2/api/messages?min_id=0&access_token=&_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d25][StatusCode: 301][Content-Type: text/html][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 74 TCP 192.168.2.126:51686 <-> 18.64.79.64:80 [flowId: 196][score: 0.8771][proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1295 bytes <-> 1 pkts/500 bytes][Goodput ratio: 95/87][0.60 sec][Hostname/SNI: net.rayjump.com][URL: net.rayjump.com/openapi/ad/v3?app_id=32456&unit_id=8881&sign=3c28ded04e0f4090229968618244b583&req_type=3&ad_num=20&tnum=1&only_impression=1&ping_mode=1&ttc_ids=%5B%5D&display_cids=%5B19944365299%5D&exclude_ids=%5B19944365299%5D&ad_source_id=1&session_id=6][StatusCode: 200][Content-Type: application/json][Server: nginx][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (GET /openapi/ad/v)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] + 75 TCP 192.168.2.126:50164 <-> 161.117.13.29:80 [flowId: 165][score: 0.0743][proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/1184 bytes <-> 1 pkts/574 bytes][Goodput ratio: 94/88][0.18 sec][Hostname/SNI: mangaweb.1kxun.mobi][URL: mangaweb.1kxun.mobi/images/readpage_revision/more_white.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /images/readpage)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0] + 76 UDP 192.168.101.33:55485 -> 239.255.255.250:1900 [flowId: 49][byte_dist_mean: 75.850][byte_dist_std: 33.153][entropy: 5.198][total_entropy: 6913.065][score: 0.0000][proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][10 pkts/1750 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][49.87 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2969/0 5541/0 19870/0 5205/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 77 TCP 192.168.2.126:41940 <-> 18.64.79.50:80 [flowId: 190][score: 0.9976][proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1315 bytes <-> 1 pkts/419 bytes][Goodput ratio: 95/84][0.04 sec][Hostname/SNI: tknet-cdn.rayjump.com][URL: tknet-cdn.rayjump.com/ad/log/play?k=629bea20a4e5410001f01c7x&mp=fURPDr5tiUStf7V2fajMiaveHUveDAJ96aiPfU5IiARTfnHIGal9i%2BMefbMefAEeGn3TfaiFfnRPGnEe6jxc6aRAGaxIi%2BMPfdMei%2BewDke6Go9bWUxIi099WUR%2Fi%2BegYFKgY75IhFx8%2BFJML7K%2FH5K9GaHIinhPfdleialM6azIHkPIG][StatusCode: 200][Content-Type: text/plain][Server: nginx][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /ad/log/play)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0] + 78 TCP 192.168.2.126:49242 <-> 172.104.119.80:80 [flowId: 139][score: 0.0000][proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][2 pkts/1129 bytes <-> 2 pkts/582 bytes][Goodput ratio: 88/77][2.16 sec][Hostname/SNI: android.yingshi.tcclick.1kxun.com][URL: android.yingshi.tcclick.1kxun.com/api/upload.php][StatusCode: 500][Req Content-Type: application/octet-stream][Content-Type: text/html][Server: openresty/1.11.2.5][User-Agent: okhttp/3.10.0][Risk: ** Error Code **][Risk Score: 10][Risk Info: HTTP Error Code 500][PLAIN TEXT (aPOST /api/upload.php HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 79 TCP 192.168.2.126:56104 <-> 3.72.69.158:80 [flowId: 175][score: 0.9404][proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/896 bytes <-> 1 pkts/721 bytes][Goodput ratio: 93/91][0.02 sec][Hostname/SNI: setting.rayjump.com][URL: setting.rayjump.com/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&unit_ids=%5B8881%5D&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&br][StatusCode: 200][Content-Type: text/plain][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (GET /rewardsetting)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 80 UDP 192.168.5.49:51704 -> 239.255.255.250:1900 [flowId: 53][score: 0.0000][proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][9 pkts/1611 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][45.06 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2965/0 5631/0 15155/0 3855/0][Pkt Len c2s/s2c min/avg/max/stddev: 179/0 179/0 179/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 81 UDP 192.168.5.50:64674 -> 239.255.255.250:1900 [flowId: 5][score: 0.0000][proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][9 pkts/1611 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][57.02 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2949/0 7126/0 24065/0 7503/0][Pkt Len c2s/s2c min/avg/max/stddev: 179/0 179/0 179/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 82 UDP 192.168.5.37:57325 -> 239.255.255.250:1900 [flowId: 43][score: 0.0000][proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][9 pkts/1575 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][45.06 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2969/0 5632/0 18024/0 4843/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 83 TCP 192.168.2.126:59324 <-> 104.117.221.10:80 [flowId: 171][score: 0.9999][proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/475 bytes <-> 1 pkts/1049 bytes][Goodput ratio: 86/94][0.04 sec][Hostname/SNI: m.vpon.com][URL: m.vpon.com/sdk/vpadn-sdk-core-v1.js][StatusCode: 200][Content-Type: application/x-javascript][Server: AkamaiNetStorage][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36(Mobile; vpadn-sdk-a-v4.6.4)][PLAIN TEXT (GET /sdk/vpadn)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 84 TCP 192.168.2.126:35200 <-> 103.29.71.30:80 [flowId: 144][score: 0.0106][proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/953 bytes <-> 1 pkts/563 bytes][Goodput ratio: 93/88][0.36 sec][Hostname/SNI: release.bigdata.1kxun.com][URL: release.bigdata.1kxun.com/c/35/13277?&_in_app=kankan&_udid=e6dbd30b-3b84-44b4-9751-631148a3ede9&_v=2.8.2.1&_package=com.sceneway.kankan&_model=sdk_gphone_x86&_ov=11&_brand=Google&_android_id=b9e28776354d259e&_gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&t=16][StatusCode: 302][Content-Type: text/html][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /c/35/13277)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 85 TCP 192.168.2.126:43272 <-> 18.64.79.58:80 [flowId: 178][score: 0.3175][proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1006 bytes <-> 1 pkts/500 bytes][Goodput ratio: 93/87][0.11 sec][Hostname/SNI: net.rayjump.com][URL: net.rayjump.com/openapi/ads?app_id=32456&unit_id=52498&sign=3c28ded04e0f4090229968618244b583&is_vast=1&ad_num=1&http_req=1&client_ip=92.219.40.235&useragent=Dalvik%2F2.1.0+%28Linux%3B+U%3B+Android+11%3B+sdk_gphone_x86+Build%2FRSR1.201013.001%29&os_version][StatusCode: 200][Content-Type: application/json][Server: nginx][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][PLAIN TEXT (GET /openapi/ads)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 86 TCP 192.168.115.8:49607 <-> 218.244.135.170:9099 [flowId: 37][byte_dist_mean: 78.309][byte_dist_std: 21.694][entropy: 5.649][total_entropy: 4202.718][score: 0.9693][proto: 7/HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 8][cat: Web/5][10 pkts/880 bytes <-> 3 pkts/572 bytes][Goodput ratio: 36/69][0.74 sec][Hostname/SNI: 218.244.135.170][bytes ratio: 0.212 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/119 54/119 318/119 106/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 88/191 212/446 62/181][URL: 218.244.135.170:9099/api/qqlive_ckey/get?vid=y0013xaeeyo&platform=10902][StatusCode: 200][User-Agent: Mozilla/5.0][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 218.244.135.170][PLAIN TEXT (GET /api/qq)][Plen Bins: 25,0,0,0,50,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 87 UDP 192.168.5.47:60267 -> 239.255.255.250:1900 [flowId: 11][score: 0.0000][proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][8 pkts/1432 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][38.10 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2968/0 5442/0 17101/0 4875/0][Pkt Len c2s/s2c min/avg/max/stddev: 179/0 179/0 179/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 88 UDP 192.168.5.41:55312 -> 239.255.255.250:1900 [flowId: 6][score: 0.0000][proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][8 pkts/1400 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][57.22 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2949/0 8174/0 27242/0 8848/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 89 UDP 0.0.0.0:68 -> 255.255.255.255:67 [flowId: 7][score: 0.0000][proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][4 pkts/1368 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][46.39 sec][Hostname/SNI: shen][DHCP Fingerprint: 1,121,3,6,15,119,252][PLAIN TEXT (android)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 90 UDP 192.168.5.16:68 <-> 192.168.119.1:67 [flowId: 54][score: 0.0120][proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/684 bytes <-> 2 pkts/684 bytes][Goodput ratio: 88/88][30.01 sec][Hostname/SNI: macbook-air][DHCP Fingerprint: 1,3,6,15,119,95,252,44,46][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 91 TCP 192.168.2.126:53416 <-> 172.217.16.142:80 [flowId: 193][score: 0.8701][proto: 7.126/HTTP.Google][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/625 bytes <-> 1 pkts/734 bytes][Goodput ratio: 89/91][0.05 sec][Hostname/SNI: play.google.com][URL: play.google.com/store/apps/details?id=com.azarlive.android&referrer=adjust_external_click_id%3Dv.2_g.143845_a.f84f54bf-31cd-43ff-bd27-526ccc6457da_c.117_t.ua_u.e7df87247cbcea13%26utm_campaign%3DTest%2BCampaign%26utm_content%3DTest%2BSource%2BApp_123456789][StatusCode: 301][Content-Type: application/binary][Server: ESF][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /store/apps/details)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 92 TCP 192.168.2.126:58758 <-> 202.153.196.53:80 [flowId: 179][score: 0.0739][proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1110 bytes <-> 1 pkts/236 bytes][Goodput ratio: 94/72][0.32 sec][Hostname/SNI: tw.api.vpon.com][URL: tw.api.vpon.com/api/webviewAdReq?s_w=411&s_h=731&u_w=411&u_h=683&u_sd=2.625&lang=en_US&ni=0&sdk=vpadn-sdk-a-v4.6.4&u_o=1&os_v=30&n_mnc=260&n_mcc=310&mnc=260&mcc=310&format=320x50_mb&msid=com.sceneway.kankan&app_name=30.android.com.sceneway.kankan&simulato][StatusCode: 200][Server: Apache-Coyote/1.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36(Mobile; vpadn-sdk-a-v4.6.4)][PLAIN TEXT (NGET /api/webviewAdReq)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 93 TCP 192.168.2.126:58760 <-> 202.153.196.53:80 [flowId: 180][score: 0.0688][proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1110 bytes <-> 1 pkts/236 bytes][Goodput ratio: 94/72][1.09 sec][Hostname/SNI: tw.api.vpon.com][URL: tw.api.vpon.com/api/webviewAdReq?s_w=731&s_h=411&u_w=683&u_h=411&u_sd=2.625&lang=en_US&ni=0&sdk=vpadn-sdk-a-v4.6.4&u_o=2&os_v=30&n_mnc=260&n_mcc=310&mnc=260&mcc=310&format=320x50_mb&msid=com.sceneway.kankan&app_name=30.android.com.sceneway.kankan&simulato][StatusCode: 200][Server: Apache-Coyote/1.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36(Mobile; vpadn-sdk-a-v4.6.4)][PLAIN TEXT (GET /api/webviewAdReq)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 94 TCP 192.168.2.126:56094 <-> 3.72.69.158:80 [flowId: 172][score: 0.9246][proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/876 bytes <-> 1 pkts/460 bytes][Goodput ratio: 92/85][0.02 sec][Hostname/SNI: setting.rayjump.com][URL: setting.rayjump.com/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc][StatusCode: 200][Content-Type: text/plain][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (GET /rewardsetting)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 95 TCP 192.168.2.126:56098 <-> 3.72.69.158:80 [flowId: 173][score: 0.9218][proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/863 bytes <-> 1 pkts/460 bytes][Goodput ratio: 92/85][0.02 sec][Hostname/SNI: setting.rayjump.com][URL: setting.rayjump.com/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc][StatusCode: 200][Content-Type: text/plain][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (GET /rewardsetting)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 96 TCP 192.168.2.126:47272 <-> 161.117.13.29:80 [flowId: 136][score: 0.2284][proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/982 bytes <-> 1 pkts/331 bytes][Goodput ratio: 93/80][0.35 sec][Hostname/SNI: messages.1kxun.mobi][URL: messages.1kxun.mobi/api/messages/listForYingshi?client-uid=e6dbd30b-3b84-44b4-9751-631148a3ede9&min_id=0&access_token=&_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kx][StatusCode: 200][Content-Type: text/xml][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /api/messages/listForYingsh)][Plen Bins: 0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 97 TCP 192.168.2.126:56826 <-> 8.209.97.107:80 [flowId: 177][score: 0.9414][proto: 7/HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 3][cat: Web/5][2 pkts/1156 bytes <-> 1 pkts/142 bytes][Goodput ratio: 91/62][0.02 sec][Hostname/SNI: analytics.rayjump.com][URL: analytics.rayjump.com/][StatusCode: 204][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (POST / HTTP/1.1)][Plen Bins: 0,0,33,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 98 UDP 192.168.5.48:49701 -> 239.255.255.250:1900 [flowId: 74][score: 0.0000][proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][7 pkts/1253 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][16.80 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1227/0 2799/0 5942/0 1567/0][Pkt Len c2s/s2c min/avg/max/stddev: 179/0 179/0 179/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 99 TCP 192.168.2.126:43266 -> 18.64.79.58:80 [flowId: 176][score: 1.0000][proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1198 bytes -> 0 pkts/0 bytes][Goodput ratio: 94/0][< 1 sec][Hostname/SNI: net.rayjump.com][URL: net.rayjump.com/openapi/ad/v3?app_id=32456&unit_id=8881&sign=3c28ded04e0f4090229968618244b583&req_type=2&ad_num=20&tnum=1&only_impression=1&ping_mode=1&ttc_ids=%5B%5D&ad_source_id=1&ad_type=94&offset=0&channel=&platform=1&os_version=11&package_name=com.sc][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (GET /openapi/ad/v)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0] + 100 UDP 192.168.3.236:137 -> 192.168.255.255:137 [flowId: 63][byte_dist_mean: 49.710][byte_dist_std: 32.872][entropy: 3.474][total_entropy: 1736.790][score: 0.0000][proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][13 pkts/1196 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][30.61 sec][Hostname/SNI: isatap][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 715/0 2708/0 9111/0 2902/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/0 92/0 92/0 0/0][PLAIN TEXT (FDEBFEEBFACACACACACACACACACAAA)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 101 TCP 192.168.2.126:40204 <-> 18.235.204.9:80 [flowId: 192][score: 0.9933][proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/760 bytes <-> 1 pkts/237 bytes][Goodput ratio: 91/72][0.11 sec][Hostname/SNI: adexp.liftoff.io][URL: adexp.liftoff.io/event/vast/start/57aa80COXjCBIkZjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhGICaqoiTMCB1KMi9DzCiEDobY29tLnNjZW5ld2F5Lmthbmthbi5tYXJrZXQzQhhoYXdrZXItcmVuZGVyaW5nLWNvbnRyb2xKCmQ4MTI5YmY1ZTRQAloDREVVYAJoBHIJdXMtZWFzdC0x4AEBgAF1kgECZW6YAQK][StatusCode: 200][Content-Type: image/png][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /event/vast/start/57aa80COX)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 102 TCP 192.168.2.126:60962 <-> 172.104.93.92:1234 [flowId: 129][score: 0.4808][proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/255 bytes][Goodput ratio: 89/74][0.31 sec][Hostname/SNI: ws.1kxun.mobi][URL: ws.1kxun.mobi:1234/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c][StatusCode: 101][Server: swoole-websocket-server][User-Agent: okhttp/3.10.0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (Google)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 103 TCP 192.168.2.126:60972 <-> 172.104.93.92:1234 [flowId: 130][score: 0.6199][proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/255 bytes][Goodput ratio: 89/74][0.24 sec][Hostname/SNI: ws.1kxun.mobi][URL: ws.1kxun.mobi:1234/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c][StatusCode: 101][Server: swoole-websocket-server][User-Agent: okhttp/3.10.0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (Google)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 104 TCP 192.168.2.126:60984 <-> 172.104.93.92:1234 [flowId: 131][score: 0.1453][proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/255 bytes][Goodput ratio: 89/74][0.27 sec][Hostname/SNI: ws.1kxun.mobi][URL: ws.1kxun.mobi:1234/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c][StatusCode: 101][Server: swoole-websocket-server][User-Agent: okhttp/3.10.0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (Google)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 105 TCP 192.168.2.126:41134 <-> 129.226.107.77:80 [flowId: 133][score: 0.0003][proto: 7.48/HTTP.QQ][IP: 285/Tencent][ClearText][Confidence: DPI][DPI packets: 2][cat: Chat/9][1 pkts/324 bytes <-> 1 pkts/518 bytes][Goodput ratio: 83/89][0.19 sec][Hostname/SNI: cgi.connect.qq.com][URL: cgi.connect.qq.com/qqconnectopen/openapi/policy_conf?status_os=11&status_version=30&status_machine=sdk_gphone_x86&sdkp=a&sdkv=3.1.0.lite&appid=100258135][StatusCode: 302][Content-Type: text/html][Server: stgw][User-Agent: AndroidSDK_30_generic_x86_arm_11][PLAIN TEXT (GET /qq)][Plen Bins: 0,0,0,0,0,0,0,0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 106 TCP 192.168.2.126:38834 <-> 119.45.78.184:80 [flowId: 137][score: 0.0104][proto: 7.48/HTTP.QQ][IP: 285/Tencent][ClearText][Confidence: DPI][DPI packets: 3][cat: Chat/9][2 pkts/655 bytes <-> 1 pkts/170 bytes][Goodput ratio: 80/61][0.31 sec][Hostname/SNI: pingma.qq.com][URL: pingma.qq.com:80/mstat/report][StatusCode: 404][Risk: ** HTTP Susp User-Agent **** Error Code **][Risk Score: 110][Risk Info: Empty or missing User-Agent / HTTP Error Code 404][PLAIN TEXT (POST /mstat/report HTTP/1.1)][Plen Bins: 0,0,0,33,33,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 107 UDP 192.168.5.45:138 -> 192.168.255.255:138 [flowId: 69][score: 0.0000][proto: 10.16/NetBIOS.SMBv1][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][3 pkts/648 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][0.00 sec][Hostname/SNI: macbookair-e1d0][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT ( ENEBEDECEPEPELEBEJ)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 108 TCP 192.168.2.126:54810 <-> 18.233.123.55:80 [flowId: 191][score: 0.1575][proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/490 bytes <-> 1 pkts/141 bytes][Goodput ratio: 86/53][0.11 sec][Hostname/SNI: impression-east.liftoff.io][URL: impression-east.liftoff.io/mintegral/beacon?ad_group_id=143845&channel_id=117&creative_id=253640&auction_id=f84f54bf-31cd-43ff-bd27-526ccc6457da&origin=haggler-mintegral021][StatusCode: 200][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /mintegral/beacon)][Plen Bins: 0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 109 TCP 192.168.2.126:51888 -> 119.28.164.143:80 [flowId: 153][score: 0.7759][proto: 7/HTTP][IP: 285/Tencent][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/571 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Hostname/SNI: qzonestyle.gtimg.cn][URL: qzonestyle.gtimg.cn/qzone/openapi/qc-1.0.1.js][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (GET /qzone/openapi/qc)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 110 TCP 192.168.2.126:47230 <-> 161.117.13.29:80 [flowId: 132][score: 0.0004][proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Download/7][1 pkts/223 bytes <-> 1 pkts/330 bytes][Goodput ratio: 70/80][0.18 sec][Hostname/SNI: kankan.1kxun.mobi][URL: kankan.1kxun.mobi/api.domain.conf][StatusCode: 200][Content-Type: application/octet-stream][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][Risk: ** Binary App Transfer **][Risk Score: 150][Risk Info: Found mime exe octet-stream][PLAIN TEXT (GET /api.domain.conf HTTP/1.1)][Plen Bins: 0,0,0,0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 111 UDP 192.168.115.8:137 -> 192.168.255.255:137 [flowId: 17][score: 0.0000][proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][6 pkts/552 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][1.50 sec][Hostname/SNI: wpad][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 300/0 749/0 367/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/0 92/0 92/0 0/0][PLAIN TEXT ( FHFAEBEECACACACACACACACACACACA)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 112 UDP 192.168.5.67:138 -> 192.168.255.255:138 [flowId: 34][score: 0.0000][proto: 10.16/NetBIOS.SMBv1][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][2 pkts/549 bytes -> 0 pkts/0 bytes][Goodput ratio: 85/0][< 1 sec][Hostname/SNI: sanji-lifebook-][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT ( FDEBEOEKEJ)][Plen Bins: 0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 113 UDP [fe80::406:55a8:6453:25dd]:546 -> [ff02::1:2]:547 [flowId: 8][score: 0.0000][proto: 103/DHCPV6][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][5 pkts/490 bytes -> 0 pkts/0 bytes][Goodput ratio: 37/0][15.56 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 114 UDP [fe80::beee:7bff:fe0c:b3de]:546 -> [ff02::1:2]:547 [flowId: 92][score: 0.0000][proto: 103/DHCPV6][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][4 pkts/392 bytes -> 0 pkts/0 bytes][Goodput ratio: 37/0][14.54 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 115 UDP 192.168.5.16:63372 <-> 168.95.1.1:53 [flowId: 107][score: 0.7862][proto: 5.315/DNS.Line][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/89 bytes <-> 1 pkts/289 bytes][Goodput ratio: 52/85][0.01 sec][Hostname/SNI: dl-obs.official.line.naver.jp][203.69.81.73][PLAIN TEXT (official)][Plen Bins: 0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 116 TCP 192.168.115.8:49596 <-> 203.66.182.87:443 [flowId: 56][score: 0.0000][proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][DPI packets: 6][cat: Web/5][4 pkts/220 bytes <-> 2 pkts/132 bytes][Goodput ratio: 2/0][45.01 sec][bytes ratio: 0.250 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/45002 14999/45002 44996/45002 21211/0][Pkt Len c2s/s2c min/avg/max/stddev: 55/66 55/66 55/66 0/0][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 117 UDP 192.168.5.9:68 -> 255.255.255.255:67 [flowId: 73][score: 0.2940][proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/342 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][< 1 sec][Hostname/SNI: joanna-pc][DHCP Fingerprint: 1,15,3,6,44,46,47,31,33,121,249,43,252][DHCP Class Ident: MSFT 5.0][PLAIN TEXT (Joanna)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 118 UDP 192.168.5.41:68 -> 255.255.255.255:67 [flowId: 104][score: 0.3896][proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/342 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][< 1 sec][Hostname/SNI: kevin-pc][DHCP Fingerprint: 1,15,3,6,44,46,47,31,33,121,249,43,252][DHCP Class Ident: MSFT 5.0][PLAIN TEXT (MSFT 5.07)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 119 TCP 192.168.2.126:35666 -> 18.66.2.90:80 [flowId: 182][score: 0.0250][proto: 7.291/HTTP.MpegDash][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 1][cat: Media/1][1 pkts/299 bytes -> 0 pkts/0 bytes][Goodput ratio: 78/0][< 1 sec][Hostname/SNI: cdn.liftoff.io][URL: cdn.liftoff.io/customers/45d4b09eba/videos/mobile/fd5692dd53042b199e03.mp4][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (GET /customers/45)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 120 UDP 192.168.115.8:60724 <-> 8.8.8.8:53 [flowId: 25][score: 0.0142][proto: 5.295/DNS.1kxun][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/146 bytes <-> 1 pkts/137 bytes][Goodput ratio: 42/69][0.05 sec][Hostname/SNI: pic.1kxun.com][106.187.35.246][Plen Bins: 66,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 121 UDP 192.168.0.104:137 -> 192.168.255.255:137 [flowId: 117][score: 0.0000][proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][3 pkts/276 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][1.54 sec][Hostname/SNI: sc.arrancar.org][PLAIN TEXT ( FDEDCOEBFC)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 122 UDP 192.168.115.8:51024 <-> 8.8.8.8:53 [flowId: 13][score: 0.0062][proto: 5.295/DNS.1kxun][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/160 bytes <-> 1 pkts/112 bytes][Goodput ratio: 47/62][0.02 sec][Hostname/SNI: jp.kankan.1kxun.mobi][106.185.35.110][PLAIN TEXT (kankan)][Plen Bins: 0,66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 123 UDP 192.168.115.8:54420 <-> 8.8.8.8:53 [flowId: 38][score: 0.0525][proto: 5.48/DNS.QQ][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/150 bytes <-> 1 pkts/116 bytes][Goodput ratio: 44/63][0.04 sec][Hostname/SNI: vv.video.qq.com][203.205.151.234][Plen Bins: 0,66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 124 UDP 192.168.115.8:52723 <-> 8.8.8.8:53 [flowId: 15][score: 0.0013][proto: 5.295/DNS.1kxun][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/152 bytes <-> 1 pkts/108 bytes][Goodput ratio: 44/61][1.05 sec][Hostname/SNI: kankan.1kxun.com][222.73.254.113][PLAIN TEXT (kankan)][Plen Bins: 0,66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 125 UDP 192.168.115.8:52723 <-> 168.95.1.1:53 [flowId: 23][score: 0.0156][proto: 5.295/DNS.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/152 bytes <-> 1 pkts/108 bytes][Goodput ratio: 44/61][0.00 sec][Hostname/SNI: kankan.1kxun.com][222.73.254.167][PLAIN TEXT (kankan)][Plen Bins: 0,66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 126 UDP 192.168.115.8:51458 -> 224.0.0.252:5355 [flowId: 12][score: 0.1835][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][4 pkts/256 bytes -> 0 pkts/0 bytes][Goodput ratio: 34/0][0.10 sec][Hostname/SNI: wpad][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 127 TCP 192.168.5.16:53613 -> 68.233.253.133:80 [flowId: 57][score: 0.0000][proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 3][cat: Web/5][3 pkts/198 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][36.19 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 128 UDP [fe80::9bd:81dd:2fdc:5750]:61548 -> [ff02::1:3]:5355 [flowId: 51][score: 0.0167][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/190 bytes -> 0 pkts/0 bytes][Goodput ratio: 35/0][0.41 sec][Hostname/SNI: caesar-thinkpad][PLAIN TEXT (caesar)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 129 UDP [fe80::9bd:81dd:2fdc:5750]:64568 -> [ff02::1:3]:5355 [flowId: 102][score: 0.0191][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/190 bytes -> 0 pkts/0 bytes][Goodput ratio: 35/0][0.41 sec][Hostname/SNI: caesar-thinkpad][PLAIN TEXT (caesar)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 130 UDP 192.168.5.45:137 -> 192.168.255.255:137 [flowId: 68][score: 0.0008][proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][2 pkts/184 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][1.02 sec][Hostname/SNI: nasfile][PLAIN TEXT ( EOEBFDEGEJEMEFCACACACACACACACA)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 131 UDP [fe80::e98f:bae2:19f7:6b0f]:51451 -> [ff02::1:3]:5355 [flowId: 96][score: 0.0108][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/184 bytes -> 0 pkts/0 bytes][Goodput ratio: 32/0][0.41 sec][Hostname/SNI: ????????????][Risk: ** Text With Non-Printable Chars **][Risk Score: 100][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 132 UDP [fe80::e98f:bae2:19f7:6b0f]:54888 -> [ff02::1:3]:5355 [flowId: 32][score: 0.1061][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/184 bytes -> 0 pkts/0 bytes][Goodput ratio: 32/0][0.10 sec][Hostname/SNI: ????????????][Risk: ** Text With Non-Printable Chars **][Risk Score: 100][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 133 UDP [fe80::e98f:bae2:19f7:6b0f]:58779 -> [ff02::1:3]:5355 [flowId: 18][score: 0.0149][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/184 bytes -> 0 pkts/0 bytes][Goodput ratio: 32/0][0.41 sec][Hostname/SNI: ????????????][Risk: ** Text With Non-Printable Chars **][Risk Score: 100][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 134 UDP [fe80::e034:7be:d8f9:6197]:49766 -> [ff02::1:3]:5355 [flowId: 124][score: 0.0101][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/182 bytes -> 0 pkts/0 bytes][Goodput ratio: 32/0][0.41 sec][Hostname/SNI: charming-pc][PLAIN TEXT (charming)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 135 UDP [fe80::5d92:62a8:ebde:1319]:49735 -> [ff02::1:3]:5355 [flowId: 89][score: 0.0867][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/178 bytes -> 0 pkts/0 bytes][Goodput ratio: 30/0][0.10 sec][Hostname/SNI: wangs-ltw][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 136 UDP [fe80::5d92:62a8:ebde:1319]:58468 -> [ff02::1:3]:5355 [flowId: 127][score: 0.0826][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/178 bytes -> 0 pkts/0 bytes][Goodput ratio: 30/0][0.10 sec][Hostname/SNI: wangs-ltw][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 137 TCP 192.168.115.8:49581 <-> 64.233.189.128:80 [flowId: 60][score: 0.0169][proto: 7/HTTP][IP: 126/Google][ClearText][Confidence: Match by port][DPI packets: 3][cat: Web/5][2 pkts/110 bytes <-> 1 pkts/66 bytes][Goodput ratio: 2/0][0.01 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 138 UDP [fe80::4568:efbc:40b1:1346]:50194 -> [ff02::1:3]:5355 [flowId: 71][score: 0.0589][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/176 bytes -> 0 pkts/0 bytes][Goodput ratio: 29/0][0.10 sec][Hostname/SNI: kevin-pc][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 139 UDP [fe80::4568:efbc:40b1:1346]:57148 -> [ff02::1:3]:5355 [flowId: 119][score: 0.1164][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/176 bytes -> 0 pkts/0 bytes][Goodput ratio: 29/0][0.10 sec][Hostname/SNI: kevin-pc][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 140 UDP [fe80::5d92:62a8:ebde:1319]:61172 -> [ff02::1:3]:5355 [flowId: 113][score: 0.1361][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/174 bytes -> 0 pkts/0 bytes][Goodput ratio: 29/0][0.10 sec][Hostname/SNI: sonusav][PLAIN TEXT (sonusav)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 141 UDP [fe80::5d92:62a8:ebde:1319]:53938 -> [ff02::1:3]:5355 [flowId: 98][score: 0.0689][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/172 bytes -> 0 pkts/0 bytes][Goodput ratio: 28/0][0.10 sec][Hostname/SNI: isatap][PLAIN TEXT (isatap)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 142 UDP [fe80::5d92:62a8:ebde:1319]:63659 -> [ff02::1:3]:5355 [flowId: 61][score: 0.1496][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/172 bytes -> 0 pkts/0 bytes][Goodput ratio: 28/0][0.11 sec][Hostname/SNI: isatap][PLAIN TEXT (isatap)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 143 UDP [fe80::edf5:240a:c8c0:8312]:53962 -> [ff02::1:3]:5355 [flowId: 94][score: 0.0122][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/172 bytes -> 0 pkts/0 bytes][Goodput ratio: 28/0][0.41 sec][Hostname/SNI: ro_x1c][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 144 UDP [fe80::edf5:240a:c8c0:8312]:61603 -> [ff02::1:3]:5355 [flowId: 9][score: 0.0170][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/172 bytes -> 0 pkts/0 bytes][Goodput ratio: 28/0][0.41 sec][Hostname/SNI: ro_x1c][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 145 UDP 192.168.5.49:61548 -> 224.0.0.252:5355 [flowId: 52][score: 0.0167][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/150 bytes -> 0 pkts/0 bytes][Goodput ratio: 44/0][0.41 sec][Hostname/SNI: caesar-thinkpad][PLAIN TEXT (caesar)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 146 UDP 192.168.5.49:64568 -> 224.0.0.252:5355 [flowId: 103][score: 0.0191][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/150 bytes -> 0 pkts/0 bytes][Goodput ratio: 44/0][0.41 sec][Hostname/SNI: caesar-thinkpad][PLAIN TEXT (caesar)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 147 UDP 192.168.3.95:51451 -> 224.0.0.252:5355 [flowId: 97][score: 0.0108][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/144 bytes -> 0 pkts/0 bytes][Goodput ratio: 41/0][0.41 sec][Hostname/SNI: ????????????][Risk: ** Text With Non-Printable Chars **][Risk Score: 100][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 148 UDP 192.168.3.95:54888 -> 224.0.0.252:5355 [flowId: 33][score: 0.1061][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/144 bytes -> 0 pkts/0 bytes][Goodput ratio: 41/0][0.10 sec][Hostname/SNI: ????????????][Risk: ** Text With Non-Printable Chars **][Risk Score: 100][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 149 UDP 192.168.3.95:58779 -> 224.0.0.252:5355 [flowId: 19][score: 0.0149][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/144 bytes -> 0 pkts/0 bytes][Goodput ratio: 41/0][0.41 sec][Hostname/SNI: ????????????][Risk: ** Text With Non-Printable Chars **][Risk Score: 100][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 150 UDP 192.168.5.50:57143 -> 224.0.0.252:5355 [flowId: 123][score: 0.0139][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/142 bytes -> 0 pkts/0 bytes][Goodput ratio: 41/0][0.41 sec][Hostname/SNI: charming-pc][PLAIN TEXT (charming)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 151 UDP 192.168.5.50:62756 -> 224.0.0.252:5355 [flowId: 81][score: 0.0177][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/142 bytes -> 0 pkts/0 bytes][Goodput ratio: 41/0][0.41 sec][Hostname/SNI: charming-pc][PLAIN TEXT (charming)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 152 UDP 192.168.5.48:59797 -> 224.0.0.252:5355 [flowId: 77][score: 0.0156][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/140 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][0.41 sec][Hostname/SNI: kasper-mac][PLAIN TEXT (Kasper)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 153 UDP 192.168.3.236:62069 -> 224.0.0.252:5355 [flowId: 90][score: 0.1405][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/138 bytes -> 0 pkts/0 bytes][Goodput ratio: 39/0][0.10 sec][Hostname/SNI: wangs-ltw][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 154 UDP 192.168.3.236:65496 -> 224.0.0.252:5355 [flowId: 128][score: 0.1093][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/138 bytes -> 0 pkts/0 bytes][Goodput ratio: 39/0][0.10 sec][Hostname/SNI: wangs-ltw][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 155 UDP 192.168.5.9:58456 -> 224.0.0.252:5355 [flowId: 47][score: 0.1224][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/138 bytes -> 0 pkts/0 bytes][Goodput ratio: 39/0][0.10 sec][Hostname/SNI: joanna-pc][PLAIN TEXT (Joanna)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 156 UDP 192.168.5.9:62822 -> 224.0.0.252:5355 [flowId: 111][score: 0.1446][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/138 bytes -> 0 pkts/0 bytes][Goodput ratio: 39/0][0.10 sec][Hostname/SNI: joanna-pc][PLAIN TEXT (Joanna)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 157 UDP 192.168.101.33:58456 -> 224.0.0.252:5355 [flowId: 46][score: 0.1224][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/138 bytes -> 0 pkts/0 bytes][Goodput ratio: 39/0][0.10 sec][Hostname/SNI: joanna-pc][PLAIN TEXT (Joanna)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 158 UDP 192.168.101.33:62822 -> 224.0.0.252:5355 [flowId: 110][score: 0.1446][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/138 bytes -> 0 pkts/0 bytes][Goodput ratio: 39/0][0.10 sec][Hostname/SNI: joanna-pc][PLAIN TEXT (Joanna)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 159 UDP 192.168.5.37:54506 -> 224.0.0.252:5355 [flowId: 101][score: 0.0124][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/136 bytes -> 0 pkts/0 bytes][Goodput ratio: 38/0][0.41 sec][Hostname/SNI: notebook][PLAIN TEXT (notebook)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 160 UDP 192.168.5.37:56366 -> 224.0.0.252:5355 [flowId: 42][score: 0.0135][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/136 bytes -> 0 pkts/0 bytes][Goodput ratio: 38/0][0.41 sec][Hostname/SNI: notebook][PLAIN TEXT (notebook)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 161 UDP 192.168.5.41:54470 -> 224.0.0.252:5355 [flowId: 72][score: 0.0703][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/136 bytes -> 0 pkts/0 bytes][Goodput ratio: 38/0][0.10 sec][Hostname/SNI: kevin-pc][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 162 UDP 192.168.5.44:58702 -> 224.0.0.252:5355 [flowId: 91][score: 0.0835][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/136 bytes -> 0 pkts/0 bytes][Goodput ratio: 38/0][0.10 sec][Hostname/SNI: jason-pc][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 163 UDP 192.168.5.44:59571 -> 224.0.0.252:5355 [flowId: 0][score: 0.1279][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/136 bytes -> 0 pkts/0 bytes][Goodput ratio: 38/0][0.10 sec][Hostname/SNI: jason-pc][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 164 UDP 192.168.5.57:64428 -> 224.0.0.252:5355 [flowId: 121][score: 0.1537][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/136 bytes -> 0 pkts/0 bytes][Goodput ratio: 38/0][0.10 sec][Hostname/SNI: usher-pc][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 165 UDP 192.168.5.57:65150 -> 224.0.0.252:5355 [flowId: 79][score: 0.1579][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/136 bytes -> 0 pkts/0 bytes][Goodput ratio: 38/0][0.10 sec][Hostname/SNI: usher-pc][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 166 UDP 192.168.3.236:51714 -> 224.0.0.252:5355 [flowId: 62][score: 0.0942][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/132 bytes -> 0 pkts/0 bytes][Goodput ratio: 36/0][0.11 sec][Hostname/SNI: isatap][PLAIN TEXT (isatap)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 167 UDP 192.168.3.236:56043 -> 224.0.0.252:5355 [flowId: 99][score: 0.0751][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/132 bytes -> 0 pkts/0 bytes][Goodput ratio: 36/0][0.10 sec][Hostname/SNI: isatap][PLAIN TEXT (isatap)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 168 UDP 192.168.5.47:53962 -> 224.0.0.252:5355 [flowId: 95][score: 0.0122][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/132 bytes -> 0 pkts/0 bytes][Goodput ratio: 36/0][0.41 sec][Hostname/SNI: ro_x1c][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 169 UDP 192.168.5.47:61603 -> 224.0.0.252:5355 [flowId: 10][score: 0.0170][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/132 bytes -> 0 pkts/0 bytes][Goodput ratio: 36/0][0.41 sec][Hostname/SNI: ro_x1c][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 170 TCP 192.168.5.16:53605 -> 68.233.253.133:80 [flowId: 4][score: 0.4318][proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: Web/5][2 pkts/126 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][22.90 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 171 TCP 192.168.5.16:53622 <-> 192.168.115.75:443 [flowId: 16][score: 0.6566][proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][DPI packets: 2][cat: Web/5][1 pkts/60 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.00 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 172 UDP [fe80::f65c:89ff:fe89:e607]:546 -> [ff02::1:2]:547 [flowId: 115][score: 0.0464][proto: 103/DHCPV6][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/98 bytes -> 0 pkts/0 bytes][Goodput ratio: 36/0][< 1 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 173 UDP 192.168.5.45:59461 -> 192.168.255.255:137 [flowId: 67][score: 0.3849][proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/92 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][< 1 sec][Hostname/SNI: gfile][PLAIN TEXT ( EHEGEJEMEFCACACACACACACACACACA)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 174 UDP 192.168.5.45:59789 -> 192.168.255.255:137 [flowId: 66][score: 0.3883][proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/92 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][< 1 sec][Hostname/SNI: sanji-lifebook-][PLAIN TEXT ( FDEBEOEKEJ)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 175 UDP [fe80::e034:7be:d8f9:6197]:57143 -> [ff02::1:3]:5355 [flowId: 122][score: 0.4616][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/91 bytes -> 0 pkts/0 bytes][Goodput ratio: 32/0][< 1 sec][Hostname/SNI: charming-pc][PLAIN TEXT (charming)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 176 UDP [fe80::e034:7be:d8f9:6197]:62756 -> [ff02::1:3]:5355 [flowId: 80][score: 0.5234][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/91 bytes -> 0 pkts/0 bytes][Goodput ratio: 32/0][< 1 sec][Hostname/SNI: charming-pc][PLAIN TEXT (charming)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 177 UDP 192.168.5.16:123 -> 17.253.26.125:123 [flowId: 118][score: 0.0438][proto: 9/NTP][IP: 140/Apple][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/90 bytes -> 0 pkts/0 bytes][Goodput ratio: 53/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 178 UDP 192.168.5.64:5353 -> 224.0.0.251:5353 [flowId: 75][score: 0.0801][proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Hostname/SNI: _googlecast._tcp.local][_googlecast._tcp.local][PLAIN TEXT (googlecast)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 179 UDP 192.168.5.50:49766 -> 224.0.0.252:5355 [flowId: 125][score: 0.3826][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/71 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][< 1 sec][Hostname/SNI: charming-pc][PLAIN TEXT (charming)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 180 UDP 192.168.5.50:50030 -> 224.0.0.252:5355 [flowId: 84][score: 0.3853][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/71 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][< 1 sec][Hostname/SNI: charming-pc][PLAIN TEXT (charming)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 181 UDP 192.168.5.41:55593 -> 224.0.0.252:5355 [flowId: 120][score: 0.4452][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/68 bytes -> 0 pkts/0 bytes][Goodput ratio: 38/0][< 1 sec][Hostname/SNI: kevin-pc][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 182 UDP 192.168.5.44:59062 -> 224.0.0.252:5355 [flowId: 126][score: 0.4831][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/68 bytes -> 0 pkts/0 bytes][Goodput ratio: 38/0][< 1 sec][Hostname/SNI: jason-pc][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 183 UDP 192.168.3.236:59730 -> 224.0.0.252:5355 [flowId: 114][score: 0.4906][proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/67 bytes -> 0 pkts/0 bytes][Goodput ratio: 37/0][< 1 sec][Hostname/SNI: sonusav][PLAIN TEXT (sonusav)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + + +Undetected flows: + 1 UDP 192.168.10.110:60480 -> 255.255.255.255:62976 [flowId: 41][score: 0.6751][proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 5][5 pkts/1795 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][40.04 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 UDP [2001:b030:214:100:c2a0:bbff:fe73:eb47]:62976 -> [ff02::1]:62976 [flowId: 22][score: 0.9986][proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 2][2 pkts/782 bytes -> 0 pkts/0 bytes][Goodput ratio: 84/0][30.00 sec][PLAIN TEXT (Switch)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 UDP [2001:b020:6::c2a0:bbff:fe73:eb57]:62976 -> [ff02::1]:62976 [flowId: 65][score: 0.9993][proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 2][2 pkts/782 bytes -> 0 pkts/0 bytes][Goodput ratio: 84/0][30.01 sec][PLAIN TEXT (Switch)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 4 UDP 192.168.10.7:62976 -> 255.255.255.255:62976 [flowId: 70][score: 0.9996][proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 2][2 pkts/718 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][30.11 sec][PLAIN TEXT (Switch)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 5 UDP 192.168.125.30:62976 -> 255.255.255.255:62976 [flowId: 21][score: 0.9992][proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 2][2 pkts/718 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][30.10 sec][PLAIN TEXT (Switch)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 6 UDP 192.168.140.140:62976 -> 255.255.255.255:62976 [flowId: 64][score: 1.0000][proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/359 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][< 1 sec][PLAIN TEXT (Switch)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 7 UDP [fe80::4e5e:cff:feea:365]:5678 -> [ff02::1]:5678 [flowId: 88][score: 0.0407][proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/197 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][PLAIN TEXT (6.35.1 )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 8 UDP [fe80::4e5e:cff:fe9a:ec54]:5678 -> [ff02::1]:5678 [flowId: 59][score: 0.0392][proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/185 bytes -> 0 pkts/0 bytes][Goodput ratio: 66/0][< 1 sec][PLAIN TEXT (6.35.1 )][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 9 UDP 192.168.119.1:56861 -> 255.255.255.255:5678 [flowId: 87][score: 0.8611][proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/177 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][PLAIN TEXT (6.35.1 )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 10 UDP 59.120.208.218:50151 -> 255.255.255.255:1947 [flowId: 55][score: 0.0087][proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 2][2 pkts/164 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][34.71 sec][PLAIN TEXT (AABHZW50cmljZV9)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 11 UDP 192.168.2.186:32768 -> 255.255.255.255:1947 [flowId: 76][score: 0.0041][proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 2][2 pkts/164 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][34.72 sec][PLAIN TEXT (icRVSoU)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 12 UDP 192.168.119.2:43786 -> 255.255.255.255:5678 [flowId: 93][score: 0.8437][proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/163 bytes -> 0 pkts/0 bytes][Goodput ratio: 74/0][< 1 sec][PLAIN TEXT (6.35.4 )][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 13 UDP 192.168.0.100:50925 -> 255.255.255.255:5678 [flowId: 78][score: 0.3909][proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/142 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][PLAIN TEXT (6.35.1 )][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 14 UDP 59.120.208.212:32768 -> 255.255.255.255:1947 [flowId: 85][score: 0.1827][proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][PLAIN TEXT (dDYcTc4)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]