From d0562a3c777cf150e86a25324dac692f7d794b59 Mon Sep 17 00:00:00 2001 From: Liam Wilson Date: Wed, 18 Sep 2024 16:04:39 +1200 Subject: [PATCH] Add enable/disable guessing using client IP/port Add configurable options for whether to include client port or client IP in the flow's protocol guesses. This defaults to include both client port/IP if the protocol is not guessed with the server IP/port. This is intended for when flow direction detection is enabled, so we know that sport = client port, dport = server port. --- doc/configuration_parameters.md | 2 + fuzz/fuzz_config.cpp | 10 + src/include/ndpi_private.h | 2 + src/lib/ndpi_main.c | 11 +- tests/cfgs/disable_use_client_ip/config.txt | 1 + .../disable_use_client_ip/pcap/1kxun.pcap | 1 + .../result/1kxun.pcap.out | 256 ++++++++++++++++++ tests/cfgs/disable_use_client_port/config.txt | 1 + .../disable_use_client_port/pcap/1kxun.pcap | 1 + .../result/1kxun.pcap.out | 256 ++++++++++++++++++ 10 files changed, 538 insertions(+), 3 deletions(-) create mode 100644 tests/cfgs/disable_use_client_ip/config.txt create mode 120000 tests/cfgs/disable_use_client_ip/pcap/1kxun.pcap create mode 100644 tests/cfgs/disable_use_client_ip/result/1kxun.pcap.out create mode 100644 tests/cfgs/disable_use_client_port/config.txt create mode 120000 tests/cfgs/disable_use_client_port/pcap/1kxun.pcap create mode 100644 tests/cfgs/disable_use_client_port/result/1kxun.pcap.out diff --git a/doc/configuration_parameters.md b/doc/configuration_parameters.md index fee2e5e6dde..5639925aefa 100644 --- a/doc/configuration_parameters.md +++ b/doc/configuration_parameters.md @@ -8,6 +8,8 @@ TODO | NULL | "packets_limit_per_flow" | 32 | 0 | 255 | The upper limit on the number of packets per flow that will be subject to DPI, after which classification will be considered complete (0 = no limit) | | NULL | "flow.direction_detection" | enable | NULL | NULL | Enable/disable internal detection of packet direction (client to server or server to client) | | NULL | "flow.track_payload" | disable | NULL | NULL | Enable/disable tracking/export of flow payload (i.e. L5/7 data): if enabled, the library exports the first 1024 bytes of payload for each flow | +| NULL | "flow.use_client_ip_in_guess" | enable | NULL | NULL | Use client IP in guesses of flow protocol IDs by IP. | +| NULL | "flow.use_client_port_in_guess" | enable | NULL | NULL | Use client port in guesses of flow protocol IDs. | | NULL | "tcp_ack_payload_heuristic" | disable | NULL | NULL | In some networks, there are some anomalous TCP flows where the smallest ACK packets have some kind of zero padding. It looks like the IP and TCP headers in those frames wrongly consider the 0x00 Ethernet padding bytes as part of the TCP payload. While this kind of packets is perfectly valid per-se, in some conditions they might be treated by the TCP reassembler logic as (partial) overlaps, deceiving the classification engine. This parameter enable/disable an heuristic to detect these packets and to ignore them, allowing correct detection/classification. See #1946 for other details | | NULL | "fully_encrypted_heuristic" | enable | NULL | NULL | Enable/disable an heuristic to detect fully encrypted sessions, i.e. flows where every bytes of the payload is encrypted in an attempt to “look like nothing”. This heuristic only analyzes the first packet of the flow. See: https://www.usenix.org/system/files/sec23fall-prepub-234-wu-mingshi.pdf | | NULL | "libgcrypt.init" | 1 | NULL | NULL | Enable/disable initialization of libgcrypt. When using the external libgcrypt (instead of the internal crypto code) the libgcrypt runtime must be initialized. If, for whatever reasons, the application alread does it, nDPI must be told to skip it. Note that, by default, nDPI uses the crypto code and not libgcrypt: in that case this parameter is ignored | diff --git a/fuzz/fuzz_config.cpp b/fuzz/fuzz_config.cpp index a23b74c30d8..8c71f6bcc26 100644 --- a/fuzz/fuzz_config.cpp +++ b/fuzz/fuzz_config.cpp @@ -301,6 +301,16 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { snprintf(cfg_value, sizeof(cfg_value), "%d", value); ndpi_set_config(ndpi_info_mod, NULL, "flow.track_payload", cfg_value); } + if(fuzzed_data.ConsumeBool()) { + value = fuzzed_data.ConsumeIntegralInRange(0, 1 + 1); + snprintf(cfg_value, sizeof(cfg_value), "%d", value); + ndpi_set_config(ndpi_info_mod, NULL, "flow.use_client_ip_in_guess", cfg_value); + } + if(fuzzed_data.ConsumeBool()) { + value = fuzzed_data.ConsumeIntegralInRange(0, 1 + 1); + snprintf(cfg_value, sizeof(cfg_value), "%d", value); + ndpi_set_config(ndpi_info_mod, NULL, "flow.use_client_port_in_guess", cfg_value); + } if(fuzzed_data.ConsumeBool()) { value = fuzzed_data.ConsumeIntegralInRange(0, 1 + 1); snprintf(cfg_value, sizeof(cfg_value), "%d", value); diff --git a/src/include/ndpi_private.h b/src/include/ndpi_private.h index be142717ba3..7be2f0d7dcb 100644 --- a/src/include/ndpi_private.h +++ b/src/include/ndpi_private.h @@ -200,6 +200,8 @@ struct ndpi_detection_module_config_struct { int compute_entropy; int fpc_enabled; int guess_ip_before_port; + int use_client_ip_in_guess; + int use_client_port_in_guess; char filename_config[CFG_MAX_LEN]; diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index b3b70de5a11..d6e5198ab45 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -4394,6 +4394,8 @@ void ndpi_exit_detection_module(struct ndpi_detection_module_struct *ndpi_str) { static default_ports_tree_node_t *ndpi_get_guessed_protocol_id(struct ndpi_detection_module_struct *ndpi_str, u_int8_t proto, u_int16_t sport, u_int16_t dport) { default_ports_tree_node_t node; + /* Set use_sport to config value if direction detection is enabled */ + int use_sport = ndpi_str->cfg.direction_detect_enabled ? ndpi_str->cfg.use_client_port_in_guess : 1; if(sport && dport) { const void *ret; @@ -4402,7 +4404,7 @@ static default_ports_tree_node_t *ndpi_get_guessed_protocol_id(struct ndpi_detec ret = ndpi_tfind(&node, (proto == IPPROTO_TCP) ? (void *) &ndpi_str->tcpRoot : (void *) &ndpi_str->udpRoot, default_ports_tree_node_t_cmp); - if(ret == NULL) { + if(ret == NULL && use_sport) { node.default_port = sport; ret = ndpi_tfind(&node, (proto == IPPROTO_TCP) ? (void *) &ndpi_str->tcpRoot : (void *) &ndpi_str->udpRoot, default_ports_tree_node_t_cmp); @@ -7422,6 +7424,7 @@ u_int16_t ndpi_guess_host_protocol_id(struct ndpi_detection_module_struct *ndpi_ struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &ndpi_str->packet; u_int16_t ret = NDPI_PROTOCOL_UNKNOWN; + int use_client = ndpi_str->cfg.use_client_ip_in_guess; if(packet->iph) { struct in_addr addr; @@ -7430,7 +7433,7 @@ u_int16_t ndpi_guess_host_protocol_id(struct ndpi_detection_module_struct *ndpi_ addr.s_addr = flow->s_address.v4; ret = ndpi_network_port_ptree_match(ndpi_str, &addr, flow->s_port); - if(ret == NDPI_PROTOCOL_UNKNOWN) { + if(ret == NDPI_PROTOCOL_UNKNOWN && use_client) { addr.s_addr = flow->c_address.v4; ret = ndpi_network_port_ptree_match(ndpi_str, &addr, flow->c_port); } @@ -7441,7 +7444,7 @@ u_int16_t ndpi_guess_host_protocol_id(struct ndpi_detection_module_struct *ndpi_ addr = *(struct in6_addr *)&flow->s_address.v6; ret = ndpi_network_port_ptree6_match(ndpi_str, &addr, flow->s_port); - if(ret == NDPI_PROTOCOL_UNKNOWN) { + if(ret == NDPI_PROTOCOL_UNKNOWN && use_client) { addr = *(struct in6_addr *)&flow->c_address.v6; ret = ndpi_network_port_ptree6_match(ndpi_str, &addr, flow->c_port); } @@ -11503,6 +11506,8 @@ static const struct cfg_param { { NULL, "packets_limit_per_flow", "32", "0", "255", CFG_PARAM_INT, __OFF(max_packets_to_process), NULL }, { NULL, "flow.direction_detection", "enable", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(direction_detect_enabled), NULL }, { NULL, "flow.track_payload", "disable", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(track_payload_enabled), NULL }, + { NULL, "flow.use_client_ip_in_guess", "enable", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(use_client_ip_in_guess), NULL}, + { NULL, "flow.use_client_port_in_guess", "enable", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(use_client_port_in_guess), NULL}, { NULL, "tcp_ack_payload_heuristic", "disable", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(tcp_ack_paylod_heuristic), NULL }, { NULL, "fully_encrypted_heuristic", "enable", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(fully_encrypted_heuristic), NULL }, { NULL, "libgcrypt.init", "1", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(libgcrypt_init), NULL }, diff --git a/tests/cfgs/disable_use_client_ip/config.txt b/tests/cfgs/disable_use_client_ip/config.txt new file mode 100644 index 00000000000..b002204969e --- /dev/null +++ b/tests/cfgs/disable_use_client_ip/config.txt @@ -0,0 +1 @@ +--cfg=flow.use_client_ip_in_guess,0 \ No newline at end of file diff --git a/tests/cfgs/disable_use_client_ip/pcap/1kxun.pcap b/tests/cfgs/disable_use_client_ip/pcap/1kxun.pcap new file mode 120000 index 00000000000..f3b96eb01db --- /dev/null +++ b/tests/cfgs/disable_use_client_ip/pcap/1kxun.pcap @@ -0,0 +1 @@ +../../default/pcap/1kxun.pcap \ No newline at end of file diff --git a/tests/cfgs/disable_use_client_ip/result/1kxun.pcap.out b/tests/cfgs/disable_use_client_ip/result/1kxun.pcap.out new file mode 100644 index 00000000000..ee16f0eab7c --- /dev/null +++ b/tests/cfgs/disable_use_client_ip/result/1kxun.pcap.out @@ -0,0 +1,256 @@ +Guessed flow protos: 6 + +DPI Packets (TCP): 408 (4.16 pkts/flow) +DPI Packets (UDP): 120 (1.21 pkts/flow) +Confidence Unknown : 14 (flows) +Confidence Match by port : 6 (flows) +Confidence DPI : 177 (flows) +Num dissector calls: 5024 (25.50 diss/flow) +LRU cache ookla: 0/0/0 (insert/search/found) +LRU cache bittorrent: 0/60/0 (insert/search/found) +LRU cache stun: 0/0/0 (insert/search/found) +LRU cache tls_cert: 0/8/0 (insert/search/found) +LRU cache mining: 0/20/0 (insert/search/found) +LRU cache msteams: 0/0/0 (insert/search/found) +LRU cache fpc_dns: 6/42/13 (insert/search/found) +Automa host: 161/71 (search/found) +Automa domain: 156/0 (search/found) +Automa tls cert: 0/0 (search/found) +Automa risk mask: 16/0 (search/found) +Automa common alpns: 0/0 (search/found) +Patricia risk mask: 174/0 (search/found) +Patricia risk mask IPv6: 6/0 (search/found) +Patricia risk: 3/0 (search/found) +Patricia risk IPv6: 25/0 (search/found) +Patricia protocols: 172/57 (search/found) +Patricia protocols IPv6: 25/0 (search/found) + +Unknown 24 6428 14 +HTTP 249 355379 34 +MDNS 1 82 1 +NTP 1 90 1 +NetBIOS 26 2392 6 +SSDP 143 36951 13 +SMBv1 5 1197 2 +DHCP 24 8208 5 +QQ 33 6883 4 +TLS 124 28754 9 +DHCPV6 10 980 3 +Google 30 54525 4 +LLMNR 91 6931 48 +GoogleServices 17 30330 1 +MpegDash 1 299 1 +1kxun 914 1969311 48 +Line 30 19034 3 + +Safe 124 28754 9 +Acceptable 622 514902 119 +Fun 948 1976493 53 +Dangerous 5 1197 2 +Unrated 24 6428 14 + +JA3 Host Stats: + IP Address # JA3C + 1 192.168.5.16 2 + + + 1 TCP 192.168.2.126:45380 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][7 pkts/4845 bytes <-> 73 pkts/178280 bytes][Goodput ratio: 90/97][5.13 sec][Hostname/SNI: mangaweb.1kxun.mobi][bytes ratio: -0.947 (Download)][IAT c2s/s2c min/avg/max/stddev: 187/0 298/54 408/638 110/113][Pkt Len c2s/s2c min/avg/max/stddev: 490/759 692/2442 831/8706 147/1792][URL: mangaweb.1kxun.mobi/detail?id=27159&sytjdt&_in_app=kankan&_udid=e6dbd30b-3b84-44b4-9751-631148a3ede9&_v=2.8.2.1&_package=com.sceneway.kankan&_model=sdk_gphone_x86&_ov=11&_brand=Google&_android_id=b9e28776354d259e&_gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e][StatusCode: 200][Content-Type: text/html][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /detail)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1,0,0,0,0,1,2,3,1,0,0,0,0,0,0,0,0,0,0,0,1,1,2,0,0,0,0,0,0,52,0,33] + 2 TCP 192.168.2.126:46170 <-> 172.105.121.82:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][2 pkts/552 bytes <-> 33 pkts/181723 bytes][Goodput ratio: 76/99][1.59 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.994 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/42 0/371 0/107][Pkt Len c2s/s2c min/avg/max/stddev: 274/387 276/5507 278/21666 2/6102][URL: pic.1kxun.com/video_kankan/images/releases/296/4701-e14d0481c8fbe8a42795abb879cda2d2.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,0,55] + 3 TCP 192.168.2.126:49372 <-> 14.136.136.108:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][3 pkts/1752 bytes <-> 33 pkts/144786 bytes][Goodput ratio: 89/98][1.99 sec][Hostname/SNI: hkbn.content.1kxun.com][bytes ratio: -0.976 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/61 0/371 0/111][Pkt Len c2s/s2c min/avg/max/stddev: 580/351 584/4387 592/18786 6/4364][URL: hkbn.content.1kxun.com/manga-hant/images/project/cartoons/aec00b1dbdf678ee8d2b89df3fdbd059.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.9.7.4][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /manga)][Plen Bins: 0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,8,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,51] + 4 TCP 192.168.2.126:49396 <-> 14.136.136.108:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][3 pkts/1776 bytes <-> 28 pkts/133577 bytes][Goodput ratio: 89/99][1.65 sec][Hostname/SNI: hkbn.content.1kxun.com][bytes ratio: -0.974 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/42 0/345 0/94][Pkt Len c2s/s2c min/avg/max/stddev: 592/351 592/4771 592/21666 0/5452][URL: hkbn.content.1kxun.com/manga-hant/images/project/cartoons/00dd6bfe750c02c8d10d7112d143f322.jpg?format=webp][StatusCode: 200][Content-Type: image/webp][Server: openresty/1.9.7.4][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /manga)][Plen Bins: 0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,52] + 5 TCP 192.168.2.126:49412 <-> 14.136.136.108:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 9][cat: Streaming/17][3 pkts/1752 bytes <-> 23 pkts/128276 bytes][Goodput ratio: 89/99][1.65 sec][Hostname/SNI: hkbn.content.1kxun.com][bytes ratio: -0.973 (Download)][IAT c2s/s2c min/avg/max/stddev: 612/0 612/61 612/399 0/112][Pkt Len c2s/s2c min/avg/max/stddev: 580/351 584/5577 592/21666 6/5767][URL: hkbn.content.1kxun.com/manga-hant/images/project/cartoons/13aeb81a47e7632ccdf1aefee19ea65e.jpg?format=webp][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (NGET /manga)][Plen Bins: 0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,62] + 6 TCP 192.168.2.126:46212 <-> 172.105.121.82:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][2 pkts/555 bytes <-> 12 pkts/124834 bytes][Goodput ratio: 76/99][1.58 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.991 (Download)][IAT c2s/s2c min/avg/max/stddev: 871/0 871/122 871/373 0/155][Pkt Len c2s/s2c min/avg/max/stddev: 277/386 278/10403 278/37506 0/10887][URL: pic.1kxun.com/video_kankan/images/releases/300/5183-51fb99a2391e774037ba21cbca307be4.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,14,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,57] + 7 TCP 192.168.2.126:38316 <-> 172.105.121.82:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/273 bytes <-> 23 pkts/118294 bytes][Goodput ratio: 76/99][1.43 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.995 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/46 0/393 0/113][Pkt Len c2s/s2c min/avg/max/stddev: 273/388 273/5143 273/24546 0/5526][URL: pic.1kxun.com/video_kankan/images/videos/40701-8fa7d916c55e31f90fa55f450b716505.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,4,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,20,0,67] + 8 TCP 192.168.2.126:49380 <-> 14.136.136.108:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 9][cat: Streaming/17][2 pkts/1172 bytes <-> 30 pkts/99876 bytes][Goodput ratio: 89/98][1.31 sec][Hostname/SNI: hkbn.content.1kxun.com][bytes ratio: -0.977 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/32 0/209 0/74][Pkt Len c2s/s2c min/avg/max/stddev: 580/351 586/3329 592/18786 6/3784][URL: hkbn.content.1kxun.com/manga-hant/images/project/cartoons/f05074256b39572ad852c1c95eb5f8a7.jpg][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (LGET /manga)][Plen Bins: 0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,53,0,34] + 9 TCP 192.168.2.126:36636 <-> 18.64.103.30:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 9][cat: Web/5][1 pkts/411 bytes <-> 29 pkts/98991 bytes][Goodput ratio: 84/98][0.08 sec][Hostname/SNI: hybird.rayjump.com][bytes ratio: -0.992 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/2 0/20 0/4][Pkt Len c2s/s2c min/avg/max/stddev: 411/1467 411/3413 411/5778 0/1722][URL: hybird.rayjump.com/rv-zip-2022/0428/tpl4-4209ad845e61d9ad67b6f04187d00be0.zip?md5filename=4209ad845e61d9ad67b6f04187d00be0&foldername=tpl4&layout=1&tpl=4&wfr=1&to=9999&alecfc=1&whs_chn=m][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][PLAIN TEXT (GET /rv)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,30,0,0,63] + 10 TCP 192.168.2.126:36654 <-> 18.64.103.30:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 9][cat: Web/5][1 pkts/363 bytes <-> 25 pkts/90800 bytes][Goodput ratio: 82/98][0.10 sec][Hostname/SNI: hybird.rayjump.com][bytes ratio: -0.992 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/3 0/18 0/5][Pkt Len c2s/s2c min/avg/max/stddev: 363/1494 363/3632 363/4350 0/1035][URL: hybird.rayjump.com/rv-zip-2019/1113/mini-260291c208bf3376b5111db855e89451.zip?md5filename=260291c208bf3376b5111db855e89451&foldername=mini][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][PLAIN TEXT (GET /rv)][Plen Bins: 0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,85] + 11 TCP 192.168.2.126:45416 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][8 pkts/7202 bytes <-> 24 pkts/83277 bytes][Goodput ratio: 93/98][16.31 sec][Hostname/SNI: mangaweb.1kxun.mobi][bytes ratio: -0.841 (Download)][IAT c2s/s2c min/avg/max/stddev: 186/0 2919/772 6045/5959 2744/1789][Pkt Len c2s/s2c min/avg/max/stddev: 500/709 900/3470 1180/14466 215/3207][URL: mangaweb.1kxun.mobi/js/vendor.bundle.js?1644807874][StatusCode: 200][Content-Type: application/javascript][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/vendor.bundle.j)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,3,0,0,12,0,0,0,0,0,0,0,3,3,3,6,0,0,0,0,0,0,0,3,0,0,21,0,41] + 12 TCP 192.168.2.126:38326 <-> 172.105.121.82:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/273 bytes <-> 21 pkts/89010 bytes][Goodput ratio: 76/98][1.25 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.994 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/50 0/412 0/118][Pkt Len c2s/s2c min/avg/max/stddev: 273/387 273/4239 273/12489 0/2950][URL: pic.1kxun.com/video_kankan/images/videos/40730-48fd657abd5a1d3e45d03403ddcb0663.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,4,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,73] + 13 TCP 192.168.2.126:46200 <-> 172.105.121.82:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][2 pkts/556 bytes <-> 18 pkts/82689 bytes][Goodput ratio: 76/99][1.24 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.987 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/56 0/375 0/119][Pkt Len c2s/s2c min/avg/max/stddev: 278/386 278/4594 278/21666 0/5421][URL: pic.1kxun.com/video_kankan/images/releases/301/5027-d707192bfa2dabf22771a4d56454ab88.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,10,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,35,0,45] + 14 TCP 192.168.2.126:46184 <-> 172.105.121.82:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][3 pkts/829 bytes <-> 13 pkts/73655 bytes][Goodput ratio: 76/99][1.27 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.978 (Download)][IAT c2s/s2c min/avg/max/stddev: 392/0 392/81 392/368 0/134][Pkt Len c2s/s2c min/avg/max/stddev: 273/386 276/5666 278/23106 2/7129][URL: pic.1kxun.com/video_kankan/images/releases/299/4704-5017bcdcacc02cc3af4833cd1ed72a8f.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,18,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,25,0,37] + 15 TCP 192.168.2.126:36640 <-> 18.64.103.30:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 9][cat: Web/5][1 pkts/563 bytes <-> 20 pkts/65580 bytes][Goodput ratio: 88/98][0.06 sec][Hostname/SNI: hybird.rayjump.com][bytes ratio: -0.983 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/1 0/3 0/1][Pkt Len c2s/s2c min/avg/max/stddev: 563/1494 563/3279 563/5778 0/1489][URL: hybird.rayjump.com/rv-zip-2022/0428/endcard-dsp-1302-f2714a34f6661a70fedea1667fb7a9e4.zip?md5filename=f2714a34f6661a70fedea1667fb7a9e4&foldername=endcard-dsp-1302&mof=1&mof_uid=91199&n_imp=1&mof_pkg=com.sceneway.kankan&n_region=fk&alecfc=1&bait_click=1&mo][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][PLAIN TEXT (GET /rv)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,62] + 16 TCP 192.168.115.8:49600 <-> 106.187.35.246:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 295/1kxun, Confidence: DNS][DPI packets: 9][cat: Streaming/17][18 pkts/1722 bytes <-> 51 pkts/61707 bytes][Goodput ratio: 42/95][45.37 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.946 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3472/1029 44994/45054 11986/6714][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 96/1210 416/1314 113/325][URL: pic.1kxun.com/video_kankan/images/videos/18283-jfyj3.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.9.7.1][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][PLAIN TEXT (GET /video)][Plen Bins: 3,0,0,0,0,0,0,0,0,1,0,3,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,91,0,0,0,0,0,0,0,0] + 17 TCP 192.168.2.126:45398 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][3 pkts/2127 bytes <-> 18 pkts/58725 bytes][Goodput ratio: 91/98][4.35 sec][Hostname/SNI: mangaweb.1kxun.mobi][bytes ratio: -0.930 (Download)][IAT c2s/s2c min/avg/max/stddev: 229/0 229/262 229/3434 0/852][Pkt Len c2s/s2c min/avg/max/stddev: 490/551 709/3262 821/7266 155/2191][URL: mangaweb.1kxun.mobi/js/dependency-all.js][StatusCode: 200][Content-Type: application/javascript][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/dependency)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,4,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,39,0,43] + 18 TCP 192.168.2.126:49354 <-> 14.136.136.108:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][2 pkts/1184 bytes <-> 19 pkts/53234 bytes][Goodput ratio: 89/98][1.04 sec][Hostname/SNI: hkbn.content.1kxun.com][bytes ratio: -0.956 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/26 0/204 0/67][Pkt Len c2s/s2c min/avg/max/stddev: 592/351 592/2802 592/8706 0/2084][URL: hkbn.content.1kxun.com/manga-hant/images/project/cartoons/7e07d4417e0edc98d327d0ddfd3e227a.jpg?format=webp][StatusCode: 200][Content-Type: image/webp][Server: openresty/1.9.7.4][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (/GET /manga)][Plen Bins: 0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,38,0,42] + 19 TCP 192.168.115.8:49601 <-> 106.187.35.246:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 295/1kxun, Confidence: DNS][DPI packets: 9][cat: Streaming/17][18 pkts/2440 bytes <-> 43 pkts/49237 bytes][Goodput ratio: 59/95][45.30 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.906 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3466/4 44999/62 11990/13][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 136/1145 415/1314 149/400][URL: pic.1kxun.com/video_kankan/images/videos/3578-ywzj.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.9.7.1][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][PLAIN TEXT (GET /video)][Plen Bins: 4,2,0,0,0,0,0,0,0,4,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,79,0,0,0,0,0,0,0,0] + 20 TCP 192.168.115.8:49602 <-> 106.187.35.246:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 295/1kxun, Confidence: DNS][DPI packets: 9][cat: Streaming/17][24 pkts/2786 bytes <-> 41 pkts/46203 bytes][Goodput ratio: 52/95][45.33 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.886 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2649/12 44748/253 10525/45][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 116/1127 415/1314 133/398][URL: pic.1kxun.com/video_kankan/images/videos/3713-ydm.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.9.7.1][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][PLAIN TEXT (GET /video)][Plen Bins: 4,0,0,0,0,0,0,0,0,4,0,9,0,0,4,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,76,0,0,0,0,0,0,0,0] + 21 TCP 192.168.115.8:49604 <-> 106.187.35.246:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 295/1kxun, Confidence: DNS][DPI packets: 9][cat: Streaming/17][20 pkts/2564 bytes <-> 38 pkts/43013 bytes][Goodput ratio: 57/95][45.32 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.887 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3007/1410 44996/45052 11222/7838][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 128/1132 423/1314 145/403][URL: pic.1kxun.com/video_kankan/images/videos/4657-jfyj.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.9.7.1][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][PLAIN TEXT (GET /video)][Plen Bins: 4,0,0,0,0,0,0,0,0,4,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,77,0,0,0,0,0,0,0,0] + 22 TCP 192.168.115.8:49606 <-> 106.185.35.110:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 295/1kxun, Confidence: DNS][DPI packets: 9][cat: Streaming/17][22 pkts/1926 bytes <-> 28 pkts/33821 bytes][Goodput ratio: 37/95][0.42 sec][Hostname/SNI: jp.kankan.1kxun.mobi][bytes ratio: -0.892 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/8 194/109 46/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 88/1208 411/1314 102/329][URL: jp.kankan.1kxun.mobi/api/movies/mp4script/10410?definition=true][StatusCode: 200][Content-Type: text/xml][Server: openresty/1.9.7.1][Risk: ** HTTP Susp User-Agent **][Risk Score: 100][Risk Info: Empty or missing User-Agent][PLAIN TEXT (GET /api/movies/mp4)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,89,0,0,0,0,0,0,0,0] + 23 TCP 192.168.115.8:49599 <-> 106.187.35.246:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 295/1kxun, Confidence: DNS][DPI packets: 9][cat: Streaming/17][16 pkts/1612 bytes <-> 27 pkts/29579 bytes][Goodput ratio: 45/95][45.24 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.897 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 12/6 66/65 23/18][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 101/1096 415/1314 119/461][URL: pic.1kxun.com/video_kankan/images/videos/13480-alps.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.9.7.1][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][PLAIN TEXT (GET /video)][Plen Bins: 7,3,0,0,0,0,0,0,0,3,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,79,0,0,0,0,0,0,0,0] + 24 TCP 192.168.2.126:44368 <-> 172.217.18.98:80 [proto: 7.239/HTTP.GoogleServices][IP: 126/Google][ClearText][Confidence: DPI][FPC: 7.239/HTTP.GoogleServices, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/489 bytes <-> 16 pkts/29841 bytes][Goodput ratio: 86/96][0.06 sec][Hostname/SNI: www.googletagservices.com][bytes ratio: -0.968 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/2 0/22 0/6][Pkt Len c2s/s2c min/avg/max/stddev: 489/491 489/1865 489/2902 0/738][URL: www.googletagservices.com/tag/js/gpt.js][StatusCode: 200][Content-Type: text/javascript][Server: sffe][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 5.499 (Executable?)][PLAIN TEXT (GET /tag/js/gpt.j)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,59,0,0,29] + 25 TCP 192.168.2.126:38354 <-> 142.250.186.34:80 [proto: 7.126/HTTP.Google][IP: 126/Google][ClearText][Confidence: DPI][FPC: 7.126/HTTP.Google, Confidence: DPI][DPI packets: 9][cat: Advertisement/101][1 pkts/586 bytes <-> 12 pkts/28355 bytes][Goodput ratio: 89/97][0.08 sec][Hostname/SNI: pagead2.googlesyndication.com][bytes ratio: -0.960 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/3 0/23 0/7][Pkt Len c2s/s2c min/avg/max/stddev: 586/687 586/2363 586/2902 0/788][URL: pagead2.googlesyndication.com/pagead/show_ads.js][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /pagead/show)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0,62] + 26 TCP 192.168.2.126:35664 <-> 18.66.2.90:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/249 bytes <-> 9 pkts/27029 bytes][Goodput ratio: 73/98][0.02 sec][Hostname/SNI: cdn.liftoff.io][bytes ratio: -0.982 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/1 0/3 0/1][Pkt Len c2s/s2c min/avg/max/stddev: 249/797 249/3003 249/4350 0/1362][URL: cdn.liftoff.io/customers/45d4b09eba/image/lambda_jpg_89/398101234e6cf5b3a8d8.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: AmazonS3][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (GET /customers/45)][Plen Bins: 0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,60] + 27 TCP 192.168.115.8:49603 <-> 106.187.35.246:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 295/1kxun, Confidence: DNS][DPI packets: 9][cat: Streaming/17][12 pkts/1396 bytes <-> 22 pkts/24184 bytes][Goodput ratio: 52/95][45.24 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.891 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5632/4 45001/65 14880/15][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 116/1099 415/1314 134/455][URL: pic.1kxun.com/video_kankan/images/videos/16649-ljdz.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.9.7.1][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][PLAIN TEXT (GET /video)][Plen Bins: 8,0,0,0,0,0,0,0,0,4,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,75,0,0,0,0,0,0,0,0] + 28 TCP 192.168.2.126:36732 <-> 142.250.186.174:80 [proto: 7.126/HTTP.Google][IP: 126/Google][ClearText][Confidence: DPI][FPC: 7.126/HTTP.Google, Confidence: DPI][DPI packets: 2][cat: Advertisement/101][1 pkts/487 bytes <-> 10 pkts/21123 bytes][Goodput ratio: 86/97][0.05 sec][Hostname/SNI: www.google-analytics.com][bytes ratio: -0.955 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/3 0/21 0/7][Pkt Len c2s/s2c min/avg/max/stddev: 487/677 487/2112 487/2902 0/822][URL: www.google-analytics.com/analytics.js][StatusCode: 200][Content-Type: text/javascript][Server: Golfe2][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /analytics.js HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,36,0,0,45] + 29 TCP 192.168.2.126:45388 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][2 pkts/1315 bytes <-> 8 pkts/18984 bytes][Goodput ratio: 90/97][4.33 sec][Hostname/SNI: mangaweb.1kxun.mobi][bytes ratio: -0.870 (Download)][IAT c2s/s2c min/avg/max/stddev: 3965/0 3965/593 3965/3966 0/1379][Pkt Len c2s/s2c min/avg/max/stddev: 509/1287 658/2373 806/8258 148/2234][URL: mangaweb.1kxun.mobi/js/swiper/swiper.min.css][StatusCode: 200][Content-Type: text/css][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/swiper/swiper.min.css H)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,10,0,0,0,0,40,0,20] + 30 TCP 192.168.115.8:49609 <-> 42.120.51.152:8080 [proto: 7/HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 274/Alibaba, Confidence: IP address][DPI packets: 9][cat: Web/5][20 pkts/4716 bytes <-> 13 pkts/7005 bytes][Goodput ratio: 77/90][1.19 sec][Hostname/SNI: 42.120.51.152][bytes ratio: -0.195 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 49/52 298/178 81/57][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 236/539 499/1314 193/556][URL: 42.120.51.152:8080/api/proxy?url=http%3A%2F%2Fvv.video.qq.com%2Fgetvinfo][StatusCode: 100][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.0][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 42.120.51.152 / Expected on port 80][PLAIN TEXT (POST /api/proxy)][Plen Bins: 11,0,0,0,0,0,0,22,0,0,0,0,0,33,0,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,0,0,0,0] + 31 TCP 192.168.2.126:37100 <-> 52.29.177.177:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 4][cat: Web/5][12 pkts/8973 bytes <-> 4 pkts/687 bytes][Goodput ratio: 91/61][7.04 sec][Hostname/SNI: adx-tk.rayjump.com][bytes ratio: 0.858 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/185 697/1192 4610/2198 1454/1006][Pkt Len c2s/s2c min/avg/max/stddev: 86/169 748/172 1506/180 594/5][StatusCode: 204][Server: nginx][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /track)][Plen Bins: 25,0,0,25,0,0,0,0,0,0,0,0,0,0,12,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] + 32 TCP 192.168.5.16:53627 <-> 203.69.81.73:80 [proto: 7.315/HTTP.Line][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 315/Line, Confidence: DNS][DPI packets: 6][cat: Chat/9][6 pkts/676 bytes <-> 8 pkts/8822 bytes][Goodput ratio: 40/94][0.02 sec][Hostname/SNI: dl-obs.official.line.naver.jp][bytes ratio: -0.858 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 4/2 10/8 4/3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 113/1103 334/1514 99/610][URL: dl-obs.official.line.naver.jp/r/talk/m/4697716954688/preview][StatusCode: 200][Content-Type: image/jpeg][User-Agent: DESKTOP:MAC:10.10.5-YOSEMITE(4.7.2)][PLAIN TEXT (FGET /r/talk/m/4697716954688/pr)][Plen Bins: 0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,71,0,0] + 33 TCP 192.168.5.16:53628 <-> 203.69.81.73:80 [proto: 7.315/HTTP.Line][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 315/Line, Confidence: DNS][DPI packets: 6][cat: Chat/9][6 pkts/676 bytes <-> 8 pkts/8482 bytes][Goodput ratio: 40/94][0.01 sec][Hostname/SNI: dl-obs.official.line.naver.jp][bytes ratio: -0.852 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/2 10/6 4/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 113/1060 334/1514 99/620][URL: dl-obs.official.line.naver.jp/r/talk/m/4697716971500/preview][StatusCode: 200][Content-Type: image/jpeg][User-Agent: DESKTOP:MAC:10.10.5-YOSEMITE(4.7.2)][PLAIN TEXT (GGET /r/talk/m/4697716971500/pr)][Plen Bins: 0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,71,0,0] + 34 UDP [fe80::9bd:81dd:2fdc:5750]:1900 -> [ff02::c]:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][16 pkts/8921 bytes -> 0 pkts/0 bytes][Goodput ratio: 89/0][8.40 sec][Hostname/SNI: [ff02::c]:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 103/0 512/0 2044/0 527/0][Pkt Len c2s/s2c min/avg/max/stddev: 510/0 558/0 590/0 30/0][PLAIN TEXT (NOTIFY )][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,12,56,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 35 UDP 192.168.5.49:1900 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][16 pkts/8473 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][8.40 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 102/0 512/0 2044/0 527/0][Pkt Len c2s/s2c min/avg/max/stddev: 482/0 530/0 562/0 30/0][PLAIN TEXT (NOTIFY )][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,12,18,51,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 36 TCP 192.168.2.126:49370 <-> 14.136.136.108:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/580 bytes <-> 4 pkts/7749 bytes][Goodput ratio: 88/97][0.22 sec][Hostname/SNI: hkbn.content.1kxun.com][URL: hkbn.content.1kxun.com/manga-hant/images/project/cartoons/b057f5cd8fe013d2299b57f14faa5fa9.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.9.7.4][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (AGET /manga)][Plen Bins: 0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,20] + 37 TCP 192.168.2.126:45422 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 5][cat: Streaming/17][3 pkts/2139 bytes <-> 4 pkts/6060 bytes][Goodput ratio: 91/96][4.31 sec][Hostname/SNI: mangaweb.1kxun.mobi][bytes ratio: -0.478 (Download)][IAT c2s/s2c min/avg/max/stddev: 221/224 2062/1374 3902/3898 1841/1787][Pkt Len c2s/s2c min/avg/max/stddev: 502/1413 713/1515 819/1720 149/124][URL: mangaweb.1kxun.mobi/images/detail_revision/go_homepage.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/application.min.j)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,14,0,14] + 38 TCP 192.168.2.126:60148 <-> 172.105.121.82:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][2 pkts/536 bytes <-> 3 pkts/7066 bytes][Goodput ratio: 75/97][0.56 sec][Hostname/SNI: pic.1kxun.com][URL: pic.1kxun.com/video_kankan/images/icons/5-328e3cdf244c003df08754cca05fbc2f.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,40,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20] + 39 TCP 119.235.235.84:443 <-> 192.168.5.16:53406 [proto: 91/TLS][IP: 315/Line][Encrypted][Confidence: Match by port][FPC: 315/Line, Confidence: IP address][DPI packets: 20][cat: Web/5][13 pkts/6269 bytes <-> 10 pkts/1165 bytes][Goodput ratio: 88/51][18.02 sec][bytes ratio: 0.687 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/31 352/2546 3289/14274 980/4917][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 482/116 1514/386 582/101][Plen Bins: 23,7,0,0,0,15,7,0,7,0,7,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0] + 40 TCP 192.168.2.126:38314 <-> 172.105.121.82:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/273 bytes <-> 4 pkts/6346 bytes][Goodput ratio: 76/96][0.33 sec][Hostname/SNI: pic.1kxun.com][URL: pic.1kxun.com/video_kankan/images/videos/40750-585645353a7a47615755b7714c611835.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,20,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,20] + 41 TCP 192.168.2.126:45414 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][3 pkts/2118 bytes <-> 3 pkts/3518 bytes][Goodput ratio: 91/94][4.32 sec][Hostname/SNI: mangaweb.1kxun.mobi][bytes ratio: -0.248 (Download)][IAT c2s/s2c min/avg/max/stddev: 215/216 2066/2066 3917/3916 1851/1850][Pkt Len c2s/s2c min/avg/max/stddev: 482/758 706/1173 819/1456 158/300][URL: mangaweb.1kxun.mobi/js/fb-sdk.js][StatusCode: 200][Content-Type: application/javascript][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/fb)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,16,0,34,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,16,0,0,0,0] + 42 TCP 192.168.2.126:47246 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][2 pkts/1872 bytes <-> 2 pkts/3374 bytes][Goodput ratio: 93/96][1.30 sec][Hostname/SNI: kankan.1kxun.com][URL: kankan.1kxun.com/video_kankan_tags/v2/api/homePageVideoCollections/HomePageBanners?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28][StatusCode: 200][Content-Type: application/json][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25] + 43 TCP 192.168.2.126:36660 <-> 18.64.103.30:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 4][cat: Web/5][1 pkts/328 bytes <-> 3 pkts/4733 bytes][Goodput ratio: 80/96][0.03 sec][Hostname/SNI: hybird.rayjump.com][URL: hybird.rayjump.com/rv/endv4.html?mof=1&ec_id=4&mof_uid=91199&n_imp=1&unit_id=8881&sdk_version=mal_8.7.4][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][PLAIN TEXT (GET /rv/endv4.html)][Plen Bins: 0,0,0,0,0,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,25] + 44 TCP 192.168.115.8:49608 <-> 203.205.151.234:80 [proto: 7.48/HTTP.QQ][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 48/QQ, Confidence: DNS][DPI packets: 9][cat: Chat/9][18 pkts/3550 bytes <-> 7 pkts/1400 bytes][Goodput ratio: 71/72][1.09 sec][Hostname/SNI: vv.video.qq.com][bytes ratio: 0.434 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 70/191 476/506 136/201][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 197/200 499/372 176/149][URL: vv.video.qq.com/getvinfo][StatusCode: 100][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.0][PLAIN TEXT (POST /getvinfo HTTP/1.1)][Plen Bins: 15,0,0,0,0,15,15,0,0,23,0,0,0,30,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 45 UDP 192.168.119.1:67 -> 255.255.255.255:68 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 18/DHCP, Confidence: DPI][DPI packets: 1][cat: Network/14][14 pkts/4788 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][43.01 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 412/0 3106/0 12289/0 3176/0][Pkt Len c2s/s2c min/avg/max/stddev: 342/0 342/0 342/0 0/0][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 46 TCP 192.168.5.16:53580 <-> 31.13.87.36:443 [proto: 91/TLS][IP: 119/Facebook][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 4][cat: Web/5][4 pkts/2050 bytes <-> 5 pkts/2297 bytes][Goodput ratio: 87/86][0.18 sec][bytes ratio: -0.057 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 4/0 60/44 176/133 82/54][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 512/459 1159/1464 468/536][Plen Bins: 0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,20,0,0,0,0] + 47 TCP 192.168.115.8:49613 <-> 183.131.48.144:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Media/1][7 pkts/1408 bytes <-> 5 pkts/2611 bytes][Goodput ratio: 71/89][0.15 sec][Hostname/SNI: 183.131.48.144][bytes ratio: -0.299 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 14/25 69/67 28/30][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 201/522 557/1078 225/465][URL: 183.131.48.144/vlive.qqvideo.tc.qq.com/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE656][StatusCode: 206][Content-Type: video/mp4][Risk: ** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 110][Risk Info: Found host 183.131.48.144 / Empty or missing User-Agent][PLAIN TEXT (GET /vlive.qq)][Plen Bins: 0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 48 TCP 192.168.5.16:53623 <-> 192.168.115.75:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][11 pkts/1959 bytes <-> 8 pkts/1683 bytes][Goodput ratio: 67/72][20.95 sec][Hostname/SNI: 192.168.115.75][bytes ratio: 0.076 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 2323/4176 15252/15254 4895/5951][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 178/210 1067/1055 288/323][Risk: ** Weak TLS Cipher **** HTTP/TLS/QUIC Numeric Hostname/SNI **** TLS (probably) Not Carrying HTTPS **][Risk Score: 120][Risk Info: 192.168.115.75 / No ALPN / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: 799135475da362592a4be9199d258726][JA4: t12i370500_07a749158664_d075105c1994][JA3S: 573a9f3f80037fb40d481e2054def5bb (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 14,14,14,0,0,14,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 49 TCP 192.168.5.16:53625 <-> 192.168.115.75:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][11 pkts/1955 bytes <-> 8 pkts/1683 bytes][Goodput ratio: 67/72][6.76 sec][Hostname/SNI: 192.168.115.75][bytes ratio: 0.075 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 746/1336 5987/5987 1865/2341][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 178/210 1067/1055 287/323][Risk: ** Weak TLS Cipher **** HTTP/TLS/QUIC Numeric Hostname/SNI **** TLS (probably) Not Carrying HTTPS **][Risk Score: 120][Risk Info: 192.168.115.75 / No ALPN / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: 618ee2509ef52bf0b8216e1564eea909][JA4: t12i370400_07a749158664_e64f6000bf4d][JA3S: 573a9f3f80037fb40d481e2054def5bb (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 14,14,14,0,0,14,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 50 TCP 192.168.2.126:42554 <-> 35.156.44.13:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][4 pkts/3091 bytes <-> 2 pkts/444 bytes][Goodput ratio: 91/70][2.57 sec][Hostname/SNI: de01.rayjump.com][bytes ratio: 0.749 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/2543 847/2543 2537/2543 1195/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/222 773/222 1506/222 647/0][URL: de01.rayjump.com/onlyImpression?k=629bea20a4e5410001f01c7x&mp=fURPDr5tiUStf7V2fajMiaveHUveDAJ96aiPfU5IiARTfnHIGal9i%2BMefbMM6jxc6aRAGaxIi%2BMPfdMei%2BewDke6Go9bWUxIi099WUR%2Fi%2BegYFKgY75IhFx8%2BFJML7K%2FH5K9GaHIinhPfdleialM6azIHkPIG%2BeIGnR%2FiUjPWUNMWUR][StatusCode: 200][Content-Type: text/plain][Server: nginx][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (FGET /onlyImpression)][Plen Bins: 16,0,0,16,34,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,16,0,0] + 51 TCP 192.168.5.16:53629 <-> 192.168.115.75:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][10 pkts/1895 bytes <-> 7 pkts/1623 bytes][Goodput ratio: 69/75][6.08 sec][Hostname/SNI: 192.168.115.75][bytes ratio: 0.077 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 753/1500 5998/5998 1982/2597][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 190/232 1067/1055 299/340][Risk: ** Weak TLS Cipher **** HTTP/TLS/QUIC Numeric Hostname/SNI **** TLS (probably) Not Carrying HTTPS **][Risk Score: 120][Risk Info: 192.168.115.75 / No ALPN / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: 618ee2509ef52bf0b8216e1564eea909][JA4: t12i370400_07a749158664_e64f6000bf4d][JA3S: 573a9f3f80037fb40d481e2054def5bb (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 14,14,14,0,0,14,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 52 TCP 192.168.115.8:49605 <-> 106.185.35.110:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 295/1kxun, Confidence: DNS][DPI packets: 9][cat: Streaming/17][8 pkts/1128 bytes <-> 5 pkts/2282 bytes][Goodput ratio: 60/87][0.09 sec][Hostname/SNI: jp.kankan.1kxun.mobi][bytes ratio: -0.338 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/16 36/43 13/19][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 141/456 390/1314 144/512][URL: jp.kankan.1kxun.mobi/api/videos/10410.json][StatusCode: 200][Content-Type: application/json][Server: openresty/1.9.7.1][Risk: ** HTTP Susp User-Agent **][Risk Score: 100][Risk Info: Empty or missing User-Agent][PLAIN TEXT (GET /api/videos/10410.j)][Plen Bins: 20,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0] + 53 TCP 192.168.2.126:33042 <-> 3.122.190.70:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/1986 bytes <-> 2 pkts/1328 bytes][Goodput ratio: 93/90][2.20 sec][Hostname/SNI: click.liftoff.io][URL: click.liftoff.io/v1/campaign_click/ddfWbX-c_ZpIF_3wE-XgJSwRJPn_5OpS9IR6X4XG91XQL6ssRLV4QPLSEQgWyRbP_OAHXGp-3z8zKxdRjL-BT6h7z46z4qmAWxR5DboEhr1DytY4W5gfQLUcV6yE3POR7PrQlrVbVtH-7uW1oie-jkR4naGHTVVHKv5kFXBJ9yTIX-JngaE2MMTER1HuBx9qTlyLhiZCtWSUSv4Ze5z4QuGqjWij][StatusCode: 200][Content-Type: image/png][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /v1/campaign)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 54 TCP 192.168.2.126:50176 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/1185 bytes <-> 2 pkts/2082 bytes][Goodput ratio: 94/94][0.19 sec][Hostname/SNI: mangaweb.1kxun.mobi][URL: mangaweb.1kxun.mobi/images/list_default.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /images/list)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,33,0,0] + 55 TCP 192.168.5.16:53626 <-> 192.168.115.75:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][11 pkts/1943 bytes <-> 8 pkts/1267 bytes][Goodput ratio: 66/63][8.90 sec][Hostname/SNI: 192.168.115.75][bytes ratio: 0.211 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 982/1763 6000/6000 1978/2381][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 177/158 1051/639 283/188][Risk: ** Weak TLS Cipher **** HTTP/TLS/QUIC Numeric Hostname/SNI **** TLS (probably) Not Carrying HTTPS **][Risk Score: 120][Risk Info: 192.168.115.75 / No ALPN / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: 799135475da362592a4be9199d258726][JA4: t12i370500_07a749158664_d075105c1994][JA3S: 573a9f3f80037fb40d481e2054def5bb (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 14,14,14,0,0,14,14,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 56 TCP 192.168.115.8:49597 <-> 106.185.35.110:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 295/1kxun, Confidence: DNS][DPI packets: 9][cat: Streaming/17][10 pkts/1394 bytes <-> 4 pkts/1464 bytes][Goodput ratio: 59/83][45.16 sec][Hostname/SNI: jp.kankan.1kxun.mobi][bytes ratio: -0.024 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/4 5639/28 44799/53 14801/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 139/366 468/1272 164/523][URL: jp.kankan.1kxun.mobi/api/videos/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377698][StatusCode: 200][Content-Type: application/x-javascript][Server: openresty/1.9.7.1][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][PLAIN TEXT (GET /api/videos/10410.j)][Plen Bins: 40,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0] + 57 TCP 192.168.2.126:35426 <-> 8.209.112.118:80 [proto: 7/HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 5][cat: Web/5][4 pkts/2668 bytes <-> 1 pkts/142 bytes][Goodput ratio: 92/62][0.02 sec][Hostname/SNI: analytics.rayjump.com][URL: analytics.rayjump.com/][StatusCode: 204][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (POST / HTTP/1.1)][Plen Bins: 20,0,20,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0] + 58 TCP 192.168.2.126:41390 <-> 18.64.79.37:80 [proto: 7.126/HTTP.Google][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7.126/HTTP.Google, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/492 bytes <-> 3 pkts/2123 bytes][Goodput ratio: 86/91][0.03 sec][Hostname/SNI: google.open-js.com][URL: google.open-js.com/doubleclick/ca0ecde2.js][StatusCode: 200][Content-Type: application/javascript][Server: AmazonS3][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 5.486 (Executable?)][PLAIN TEXT (SGET /doubleclick/ca0)][Plen Bins: 0,25,0,0,0,0,0,0,0,0,0,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0] + 59 TCP 192.168.2.126:56096 <-> 3.72.69.158:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/857 bytes <-> 1 pkts/1706 bytes][Goodput ratio: 92/96][0.02 sec][Hostname/SNI: setting.rayjump.com][URL: setting.rayjump.com/setting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=][StatusCode: 200][Content-Type: text/plain][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (GET /setting)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50] + 60 TCP 31.13.87.1:443 <-> 192.168.5.16:53578 [proto: 91/TLS][IP: 119/Facebook][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 3][cat: Web/5][5 pkts/1006 bytes <-> 5 pkts/1487 bytes][Goodput ratio: 67/78][0.26 sec][bytes ratio: -0.193 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 64/64 205/212 84/87][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 201/297 471/1223 139/463][Plen Bins: 0,0,40,20,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0] + 61 UDP 192.168.5.57:55809 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][14 pkts/2450 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][56.94 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2968/0 4488/0 17921/0 4136/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 62 TCP 192.168.115.8:49598 <-> 222.73.254.167:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 295/1kxun, Confidence: DNS][DPI packets: 9][cat: Streaming/17][10 pkts/1406 bytes <-> 4 pkts/980 bytes][Goodput ratio: 60/75][45.21 sec][Hostname/SNI: kankan.1kxun.com][bytes ratio: 0.179 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/9 5643/40 44798/70 14800/30][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 141/245 474/788 167/314][URL: kankan.1kxun.com/api/videos/alsolikes/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377899][StatusCode: 200][Content-Type: application/json][Server: openresty/1.9.3.2][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][PLAIN TEXT (GET /api/videos/alsolikes/10410)][Plen Bins: 40,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 63 TCP 192.168.115.8:49612 <-> 183.131.48.145:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][10 pkts/1428 bytes <-> 4 pkts/867 bytes][Goodput ratio: 60/73][0.23 sec][Hostname/SNI: 183.131.48.145][bytes ratio: 0.244 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 28/42 74/83 34/42][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 143/217 486/687 172/271][URL: 183.131.48.145/vlive.qqvideo.tc.qq.com/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE656][StatusCode: 302][Server: httpserver][Risk: ** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 110][Risk Info: Found host 183.131.48.145 / Empty or missing User-Agent][PLAIN TEXT (GET /vlive.qq)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 64 UDP 192.168.5.44:51389 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][13 pkts/2275 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][59.19 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2967/0 5110/0 15056/0 4451/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 65 TCP 192.168.2.126:45424 <-> 161.117.13.29:80 [proto: 7/HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/480 bytes <-> 1 pkts/1787 bytes][Goodput ratio: 86/96][0.19 sec][Hostname/SNI: tcad.wedolook.com][URL: tcad.wedolook.com/js/websdk.js][StatusCode: 200][Content-Type: application/javascript][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/websdk.js HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50] + 66 UDP 192.168.3.95:59468 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][12 pkts/2100 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][45.06 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2967/0 4198/0 14952/0 3585/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 67 UDP 192.168.5.9:55484 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][12 pkts/2100 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][49.87 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2968/0 4680/0 19869/0 5063/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 68 TCP 192.168.2.126:50148 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/1180 bytes <-> 1 pkts/832 bytes][Goodput ratio: 94/92][0.18 sec][Hostname/SNI: mangaweb.1kxun.mobi][URL: mangaweb.1kxun.mobi/images/readpage_revision/like_1.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /images/readpage)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0] + 69 TCP 192.168.2.126:42566 <-> 35.156.44.13:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 4][cat: Web/5][3 pkts/1770 bytes <-> 1 pkts/222 bytes][Goodput ratio: 89/70][0.03 sec][Hostname/SNI: de01.rayjump.com][StatusCode: 200][Content-Type: text/plain][Server: nginx][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gec][PLAIN TEXT (GGET /impression)][Plen Bins: 25,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] + 70 TCP 192.168.5.16:53624 <-> 68.233.253.133:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][7 pkts/996 bytes <-> 5 pkts/986 bytes][Goodput ratio: 52/66][31.95 sec][Hostname/SNI: api.magicansoft.com][bytes ratio: 0.005 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/8 2391/3919 11352/11551 4481/5397][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 142/197 331/390 117/157][URL: api.magicansoft.com/comMagicanApi/composite/app.php/Global/Index/ip][StatusCode: 502][Content-Type: text/html][Server: MServer 1.2.2][User-Agent: Magican (unknown version) CFNetwork/720.5.7 Darwin/14.5.0 (x86_64)][Risk: ** Error Code **][Risk Score: 10][Risk Info: HTTP Error Code 502][PLAIN TEXT (GET /comMagicanApi/composite/ap)][Plen Bins: 0,0,0,0,0,0,0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 71 TCP 192.168.2.126:50140 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/1178 bytes <-> 1 pkts/748 bytes][Goodput ratio: 94/91][0.18 sec][Hostname/SNI: mangaweb.1kxun.mobi][URL: mangaweb.1kxun.mobi/images/readpage_revision/left.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /images/readpage)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0] + 72 TCP 192.168.2.126:50166 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/1179 bytes <-> 1 pkts/746 bytes][Goodput ratio: 94/91][0.18 sec][Hostname/SNI: mangaweb.1kxun.mobi][URL: mangaweb.1kxun.mobi/images/readpage_revision/right.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /images/readpage)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0] + 73 TCP 192.168.2.126:47262 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/937 bytes <-> 1 pkts/883 bytes][Goodput ratio: 93/92][0.31 sec][Hostname/SNI: kankan.1kxun.com][URL: kankan.1kxun.com/video_kankan_tags/v2/api/messages?min_id=0&access_token=&_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d25][StatusCode: 301][Content-Type: text/html][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 74 TCP 192.168.2.126:51686 <-> 18.64.79.64:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1295 bytes <-> 1 pkts/500 bytes][Goodput ratio: 95/87][0.60 sec][Hostname/SNI: net.rayjump.com][URL: net.rayjump.com/openapi/ad/v3?app_id=32456&unit_id=8881&sign=3c28ded04e0f4090229968618244b583&req_type=3&ad_num=20&tnum=1&only_impression=1&ping_mode=1&ttc_ids=%5B%5D&display_cids=%5B19944365299%5D&exclude_ids=%5B19944365299%5D&ad_source_id=1&session_id=6][StatusCode: 200][Content-Type: application/json][Server: nginx][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (GET /openapi/ad/v)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] + 75 TCP 192.168.2.126:50164 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/1184 bytes <-> 1 pkts/574 bytes][Goodput ratio: 94/88][0.18 sec][Hostname/SNI: mangaweb.1kxun.mobi][URL: mangaweb.1kxun.mobi/images/readpage_revision/more_white.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /images/readpage)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0] + 76 UDP 192.168.101.33:55485 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][10 pkts/1750 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][49.87 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2969/0 5541/0 19870/0 5205/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 77 TCP 192.168.2.126:41940 <-> 18.64.79.50:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1315 bytes <-> 1 pkts/419 bytes][Goodput ratio: 95/84][0.04 sec][Hostname/SNI: tknet-cdn.rayjump.com][URL: tknet-cdn.rayjump.com/ad/log/play?k=629bea20a4e5410001f01c7x&mp=fURPDr5tiUStf7V2fajMiaveHUveDAJ96aiPfU5IiARTfnHIGal9i%2BMefbMefAEeGn3TfaiFfnRPGnEe6jxc6aRAGaxIi%2BMPfdMei%2BewDke6Go9bWUxIi099WUR%2Fi%2BegYFKgY75IhFx8%2BFJML7K%2FH5K9GaHIinhPfdleialM6azIHkPIG][StatusCode: 200][Content-Type: text/plain][Server: nginx][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /ad/log/play)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0] + 78 TCP 192.168.2.126:49242 <-> 172.104.119.80:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][2 pkts/1129 bytes <-> 2 pkts/582 bytes][Goodput ratio: 88/77][2.16 sec][Hostname/SNI: android.yingshi.tcclick.1kxun.com][URL: android.yingshi.tcclick.1kxun.com/api/upload.php][StatusCode: 500][Req Content-Type: application/octet-stream][Content-Type: text/html][Server: openresty/1.11.2.5][User-Agent: okhttp/3.10.0][Risk: ** Error Code **][Risk Score: 10][Risk Info: HTTP Error Code 500][PLAIN TEXT (aPOST /api/upload.php HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 79 TCP 192.168.2.126:56104 <-> 3.72.69.158:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/896 bytes <-> 1 pkts/721 bytes][Goodput ratio: 93/91][0.02 sec][Hostname/SNI: setting.rayjump.com][URL: setting.rayjump.com/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&unit_ids=%5B8881%5D&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&br][StatusCode: 200][Content-Type: text/plain][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (GET /rewardsetting)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 80 UDP 192.168.5.49:51704 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][9 pkts/1611 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][45.06 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2965/0 5631/0 15155/0 3855/0][Pkt Len c2s/s2c min/avg/max/stddev: 179/0 179/0 179/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 81 UDP 192.168.5.50:64674 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][9 pkts/1611 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][57.02 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2949/0 7126/0 24065/0 7503/0][Pkt Len c2s/s2c min/avg/max/stddev: 179/0 179/0 179/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 82 UDP 192.168.5.37:57325 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][9 pkts/1575 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][45.06 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2969/0 5632/0 18024/0 4843/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 83 TCP 192.168.2.126:59324 <-> 104.117.221.10:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/475 bytes <-> 1 pkts/1049 bytes][Goodput ratio: 86/94][0.04 sec][Hostname/SNI: m.vpon.com][URL: m.vpon.com/sdk/vpadn-sdk-core-v1.js][StatusCode: 200][Content-Type: application/x-javascript][Server: AkamaiNetStorage][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36(Mobile; vpadn-sdk-a-v4.6.4)][PLAIN TEXT (GET /sdk/vpadn)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 84 TCP 192.168.2.126:35200 <-> 103.29.71.30:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/953 bytes <-> 1 pkts/563 bytes][Goodput ratio: 93/88][0.36 sec][Hostname/SNI: release.bigdata.1kxun.com][URL: release.bigdata.1kxun.com/c/35/13277?&_in_app=kankan&_udid=e6dbd30b-3b84-44b4-9751-631148a3ede9&_v=2.8.2.1&_package=com.sceneway.kankan&_model=sdk_gphone_x86&_ov=11&_brand=Google&_android_id=b9e28776354d259e&_gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&t=16][StatusCode: 302][Content-Type: text/html][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /c/35/13277)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 85 TCP 192.168.2.126:43272 <-> 18.64.79.58:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1006 bytes <-> 1 pkts/500 bytes][Goodput ratio: 93/87][0.11 sec][Hostname/SNI: net.rayjump.com][URL: net.rayjump.com/openapi/ads?app_id=32456&unit_id=52498&sign=3c28ded04e0f4090229968618244b583&is_vast=1&ad_num=1&http_req=1&client_ip=92.219.40.235&useragent=Dalvik%2F2.1.0+%28Linux%3B+U%3B+Android+11%3B+sdk_gphone_x86+Build%2FRSR1.201013.001%29&os_version][StatusCode: 200][Content-Type: application/json][Server: nginx][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][PLAIN TEXT (GET /openapi/ads)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 86 TCP 192.168.115.8:49607 <-> 218.244.135.170:9099 [proto: 7/HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 274/Alibaba, Confidence: IP address][DPI packets: 8][cat: Web/5][10 pkts/880 bytes <-> 3 pkts/572 bytes][Goodput ratio: 36/69][0.74 sec][Hostname/SNI: 218.244.135.170][bytes ratio: 0.212 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/119 54/119 318/119 106/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 88/191 212/446 62/181][URL: 218.244.135.170:9099/api/qqlive_ckey/get?vid=y0013xaeeyo&platform=10902][StatusCode: 200][User-Agent: Mozilla/5.0][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 218.244.135.170][PLAIN TEXT (GET /api/qq)][Plen Bins: 25,0,0,0,50,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 87 UDP 192.168.5.47:60267 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][8 pkts/1432 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][38.10 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2968/0 5442/0 17101/0 4875/0][Pkt Len c2s/s2c min/avg/max/stddev: 179/0 179/0 179/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 88 UDP 192.168.5.41:55312 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][8 pkts/1400 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][57.22 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2949/0 8174/0 27242/0 8848/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 89 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 18/DHCP, Confidence: DPI][DPI packets: 1][cat: Network/14][4 pkts/1368 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][46.39 sec][Hostname/SNI: shen][DHCP Fingerprint: 1,121,3,6,15,119,252][PLAIN TEXT (android)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 90 UDP 192.168.5.16:68 <-> 192.168.119.1:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 18/DHCP, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/684 bytes <-> 2 pkts/684 bytes][Goodput ratio: 88/88][30.01 sec][Hostname/SNI: macbook-air][DHCP Fingerprint: 1,3,6,15,119,95,252,44,46][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 91 TCP 192.168.2.126:53416 <-> 172.217.16.142:80 [proto: 7.126/HTTP.Google][IP: 126/Google][ClearText][Confidence: DPI][FPC: 7.126/HTTP.Google, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/625 bytes <-> 1 pkts/734 bytes][Goodput ratio: 89/91][0.05 sec][Hostname/SNI: play.google.com][URL: play.google.com/store/apps/details?id=com.azarlive.android&referrer=adjust_external_click_id%3Dv.2_g.143845_a.f84f54bf-31cd-43ff-bd27-526ccc6457da_c.117_t.ua_u.e7df87247cbcea13%26utm_campaign%3DTest%2BCampaign%26utm_content%3DTest%2BSource%2BApp_123456789][StatusCode: 301][Content-Type: application/binary][Server: ESF][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 5.564 (Executable?)][PLAIN TEXT (GET /store/apps/details)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 92 TCP 192.168.2.126:58758 <-> 202.153.196.53:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1110 bytes <-> 1 pkts/236 bytes][Goodput ratio: 94/72][0.32 sec][Hostname/SNI: tw.api.vpon.com][URL: tw.api.vpon.com/api/webviewAdReq?s_w=411&s_h=731&u_w=411&u_h=683&u_sd=2.625&lang=en_US&ni=0&sdk=vpadn-sdk-a-v4.6.4&u_o=1&os_v=30&n_mnc=260&n_mcc=310&mnc=260&mcc=310&format=320x50_mb&msid=com.sceneway.kankan&app_name=30.android.com.sceneway.kankan&simulato][StatusCode: 200][Server: Apache-Coyote/1.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36(Mobile; vpadn-sdk-a-v4.6.4)][PLAIN TEXT (NGET /api/webviewAdReq)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 93 TCP 192.168.2.126:58760 <-> 202.153.196.53:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1110 bytes <-> 1 pkts/236 bytes][Goodput ratio: 94/72][1.09 sec][Hostname/SNI: tw.api.vpon.com][URL: tw.api.vpon.com/api/webviewAdReq?s_w=731&s_h=411&u_w=683&u_h=411&u_sd=2.625&lang=en_US&ni=0&sdk=vpadn-sdk-a-v4.6.4&u_o=2&os_v=30&n_mnc=260&n_mcc=310&mnc=260&mcc=310&format=320x50_mb&msid=com.sceneway.kankan&app_name=30.android.com.sceneway.kankan&simulato][StatusCode: 200][Server: Apache-Coyote/1.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36(Mobile; vpadn-sdk-a-v4.6.4)][PLAIN TEXT (GET /api/webviewAdReq)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 94 TCP 192.168.2.126:56094 <-> 3.72.69.158:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/876 bytes <-> 1 pkts/460 bytes][Goodput ratio: 92/85][0.02 sec][Hostname/SNI: setting.rayjump.com][URL: setting.rayjump.com/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc][StatusCode: 200][Content-Type: text/plain][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (GET /rewardsetting)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 95 TCP 192.168.2.126:56098 <-> 3.72.69.158:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/863 bytes <-> 1 pkts/460 bytes][Goodput ratio: 92/85][0.02 sec][Hostname/SNI: setting.rayjump.com][URL: setting.rayjump.com/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc][StatusCode: 200][Content-Type: text/plain][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (GET /rewardsetting)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 96 TCP 192.168.2.126:47272 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/982 bytes <-> 1 pkts/331 bytes][Goodput ratio: 93/80][0.35 sec][Hostname/SNI: messages.1kxun.mobi][URL: messages.1kxun.mobi/api/messages/listForYingshi?client-uid=e6dbd30b-3b84-44b4-9751-631148a3ede9&min_id=0&access_token=&_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kx][StatusCode: 200][Content-Type: text/xml][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /api/messages/listForYingsh)][Plen Bins: 0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 97 TCP 192.168.2.126:56826 <-> 8.209.97.107:80 [proto: 7/HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 3][cat: Web/5][2 pkts/1156 bytes <-> 1 pkts/142 bytes][Goodput ratio: 91/62][0.02 sec][Hostname/SNI: analytics.rayjump.com][URL: analytics.rayjump.com/][StatusCode: 204][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (POST / HTTP/1.1)][Plen Bins: 0,0,33,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 98 UDP 192.168.5.48:49701 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][7 pkts/1253 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][16.80 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1227/0 2799/0 5942/0 1567/0][Pkt Len c2s/s2c min/avg/max/stddev: 179/0 179/0 179/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 99 TCP 192.168.2.126:43266 -> 18.64.79.58:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1198 bytes -> 0 pkts/0 bytes][Goodput ratio: 94/0][< 1 sec][Hostname/SNI: net.rayjump.com][URL: net.rayjump.com/openapi/ad/v3?app_id=32456&unit_id=8881&sign=3c28ded04e0f4090229968618244b583&req_type=2&ad_num=20&tnum=1&only_impression=1&ping_mode=1&ttc_ids=%5B%5D&ad_source_id=1&ad_type=94&offset=0&channel=&platform=1&os_version=11&package_name=com.sc][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (GET /openapi/ad/v)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0] + 100 UDP 192.168.3.236:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 10/NetBIOS, Confidence: DPI][DPI packets: 1][cat: System/18][13 pkts/1196 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][30.61 sec][Hostname/SNI: isatap][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 715/0 2708/0 9111/0 2902/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/0 92/0 92/0 0/0][PLAIN TEXT (FDEBFEEBFACACACACACACACACACAAA)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 101 TCP 192.168.2.126:40204 <-> 18.235.204.9:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/760 bytes <-> 1 pkts/237 bytes][Goodput ratio: 91/72][0.11 sec][Hostname/SNI: adexp.liftoff.io][URL: adexp.liftoff.io/event/vast/start/57aa80COXjCBIkZjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhGICaqoiTMCB1KMi9DzCiEDobY29tLnNjZW5ld2F5Lmthbmthbi5tYXJrZXQzQhhoYXdrZXItcmVuZGVyaW5nLWNvbnRyb2xKCmQ4MTI5YmY1ZTRQAloDREVVYAJoBHIJdXMtZWFzdC0x4AEBgAF1kgECZW6YAQK][StatusCode: 200][Content-Type: image/png][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /event/vast/start/57aa80COX)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 102 TCP 192.168.2.126:60962 <-> 172.104.93.92:1234 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/255 bytes][Goodput ratio: 89/74][0.31 sec][Hostname/SNI: ws.1kxun.mobi][URL: ws.1kxun.mobi:1234/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c][StatusCode: 101][Server: swoole-websocket-server][User-Agent: okhttp/3.10.0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (Google)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 103 TCP 192.168.2.126:60972 <-> 172.104.93.92:1234 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/255 bytes][Goodput ratio: 89/74][0.24 sec][Hostname/SNI: ws.1kxun.mobi][URL: ws.1kxun.mobi:1234/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c][StatusCode: 101][Server: swoole-websocket-server][User-Agent: okhttp/3.10.0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (Google)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 104 TCP 192.168.2.126:60984 <-> 172.104.93.92:1234 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/255 bytes][Goodput ratio: 89/74][0.27 sec][Hostname/SNI: ws.1kxun.mobi][URL: ws.1kxun.mobi:1234/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c][StatusCode: 101][Server: swoole-websocket-server][User-Agent: okhttp/3.10.0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (Google)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 105 TCP 192.168.2.126:41134 <-> 129.226.107.77:80 [proto: 7.48/HTTP.QQ][IP: 285/Tencent][ClearText][Confidence: DPI][FPC: 7.48/HTTP.QQ, Confidence: DPI][DPI packets: 2][cat: Chat/9][1 pkts/324 bytes <-> 1 pkts/518 bytes][Goodput ratio: 83/89][0.19 sec][Hostname/SNI: cgi.connect.qq.com][URL: cgi.connect.qq.com/qqconnectopen/openapi/policy_conf?status_os=11&status_version=30&status_machine=sdk_gphone_x86&sdkp=a&sdkv=3.1.0.lite&appid=100258135][StatusCode: 302][Content-Type: text/html][Server: stgw][User-Agent: AndroidSDK_30_generic_x86_arm_11][PLAIN TEXT (GET /qq)][Plen Bins: 0,0,0,0,0,0,0,0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 106 TCP 192.168.2.126:38834 <-> 119.45.78.184:80 [proto: 7.48/HTTP.QQ][IP: 285/Tencent][ClearText][Confidence: DPI][FPC: 7.48/HTTP.QQ, Confidence: DPI][DPI packets: 3][cat: Chat/9][2 pkts/655 bytes <-> 1 pkts/170 bytes][Goodput ratio: 80/61][0.31 sec][Hostname/SNI: pingma.qq.com][URL: pingma.qq.com:80/mstat/report][StatusCode: 404][Risk: ** HTTP Susp User-Agent **** Error Code **][Risk Score: 110][Risk Info: Empty or missing User-Agent / HTTP Error Code 404][PLAIN TEXT (POST /mstat/report HTTP/1.1)][Plen Bins: 0,0,0,33,33,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 107 UDP 192.168.5.45:138 -> 192.168.255.255:138 [proto: 10.16/NetBIOS.SMBv1][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 10.16/NetBIOS.SMBv1, Confidence: DPI][DPI packets: 1][cat: System/18][3 pkts/648 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][0.00 sec][Hostname/SNI: macbookair-e1d0][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT ( ENEBEDECEPEPELEBEJ)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 108 TCP 192.168.2.126:54810 <-> 18.233.123.55:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/490 bytes <-> 1 pkts/141 bytes][Goodput ratio: 86/53][0.11 sec][Hostname/SNI: impression-east.liftoff.io][URL: impression-east.liftoff.io/mintegral/beacon?ad_group_id=143845&channel_id=117&creative_id=253640&auction_id=f84f54bf-31cd-43ff-bd27-526ccc6457da&origin=haggler-mintegral021][StatusCode: 200][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /mintegral/beacon)][Plen Bins: 0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 109 TCP 192.168.2.126:51888 -> 119.28.164.143:80 [proto: 7/HTTP][IP: 285/Tencent][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/571 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Hostname/SNI: qzonestyle.gtimg.cn][URL: qzonestyle.gtimg.cn/qzone/openapi/qc-1.0.1.js][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (GET /qzone/openapi/qc)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 110 TCP 192.168.2.126:47230 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Download/7][1 pkts/223 bytes <-> 1 pkts/330 bytes][Goodput ratio: 70/80][0.18 sec][Hostname/SNI: kankan.1kxun.mobi][URL: kankan.1kxun.mobi/api.domain.conf][StatusCode: 200][Content-Type: application/octet-stream][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][Risk: ** Binary File/Data Transfer (Attempt) **][Risk Score: 50][Risk Info: Found binary mime octet-stream][PLAIN TEXT (GET /api.domain.conf HTTP/1.1)][Plen Bins: 0,0,0,0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 111 UDP 192.168.115.8:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 10/NetBIOS, Confidence: DPI][DPI packets: 1][cat: System/18][6 pkts/552 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][1.50 sec][Hostname/SNI: wpad][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 300/0 749/0 367/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/0 92/0 92/0 0/0][PLAIN TEXT ( FHFAEBEECACACACACACACACACACACA)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 112 UDP 192.168.5.67:138 -> 192.168.255.255:138 [proto: 10.16/NetBIOS.SMBv1][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 10.16/NetBIOS.SMBv1, Confidence: DPI][DPI packets: 1][cat: System/18][2 pkts/549 bytes -> 0 pkts/0 bytes][Goodput ratio: 85/0][< 1 sec][Hostname/SNI: sanji-lifebook-][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT ( FDEBEOEKEJ)][Plen Bins: 0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 113 UDP [fe80::406:55a8:6453:25dd]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 103/DHCPV6, Confidence: DPI][DPI packets: 1][cat: Network/14][5 pkts/490 bytes -> 0 pkts/0 bytes][Goodput ratio: 37/0][15.56 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 114 UDP [fe80::beee:7bff:fe0c:b3de]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 103/DHCPV6, Confidence: DPI][DPI packets: 1][cat: Network/14][4 pkts/392 bytes -> 0 pkts/0 bytes][Goodput ratio: 37/0][14.54 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 115 UDP 192.168.5.16:63372 <-> 168.95.1.1:53 [proto: 5.315/DNS.Line][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.315/DNS.Line, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/89 bytes <-> 1 pkts/289 bytes][Goodput ratio: 52/85][0.01 sec][Hostname/SNI: dl-obs.official.line.naver.jp][203.69.81.73][PLAIN TEXT (official)][Plen Bins: 0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 116 TCP 192.168.115.8:49596 <-> 203.66.182.87:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][4 pkts/220 bytes <-> 2 pkts/132 bytes][Goodput ratio: 2/0][45.01 sec][bytes ratio: 0.250 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/45002 14999/45002 44996/45002 21211/0][Pkt Len c2s/s2c min/avg/max/stddev: 55/66 55/66 55/66 0/0][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 117 UDP 192.168.5.9:68 -> 255.255.255.255:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 18/DHCP, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/342 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][< 1 sec][Hostname/SNI: joanna-pc][DHCP Fingerprint: 1,15,3,6,44,46,47,31,33,121,249,43,252][DHCP Class Ident: MSFT 5.0][PLAIN TEXT (Joanna)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 118 UDP 192.168.5.41:68 -> 255.255.255.255:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 18/DHCP, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/342 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][< 1 sec][Hostname/SNI: kevin-pc][DHCP Fingerprint: 1,15,3,6,44,46,47,31,33,121,249,43,252][DHCP Class Ident: MSFT 5.0][PLAIN TEXT (MSFT 5.07)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 119 TCP 192.168.2.126:35666 -> 18.66.2.90:80 [proto: 7.291/HTTP.MpegDash][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7.291/HTTP.MpegDash, Confidence: DPI][DPI packets: 1][cat: Media/1][1 pkts/299 bytes -> 0 pkts/0 bytes][Goodput ratio: 78/0][< 1 sec][Hostname/SNI: cdn.liftoff.io][URL: cdn.liftoff.io/customers/45d4b09eba/videos/mobile/fd5692dd53042b199e03.mp4][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (GET /customers/45)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 120 UDP 192.168.115.8:60724 <-> 8.8.8.8:53 [proto: 5.295/DNS.1kxun][IP: 126/Google][ClearText][Confidence: DPI][FPC: 5.295/DNS.1kxun, Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/146 bytes <-> 1 pkts/137 bytes][Goodput ratio: 42/69][0.05 sec][Hostname/SNI: pic.1kxun.com][106.187.35.246][Plen Bins: 66,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 121 UDP 192.168.0.104:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 10/NetBIOS, Confidence: DPI][DPI packets: 1][cat: System/18][3 pkts/276 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][1.54 sec][Hostname/SNI: sc.arrancar.org][PLAIN TEXT ( FDEDCOEBFC)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 122 UDP 192.168.115.8:51024 <-> 8.8.8.8:53 [proto: 5.295/DNS.1kxun][IP: 126/Google][ClearText][Confidence: DPI][FPC: 5.295/DNS.1kxun, Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/160 bytes <-> 1 pkts/112 bytes][Goodput ratio: 47/62][0.02 sec][Hostname/SNI: jp.kankan.1kxun.mobi][106.185.35.110][PLAIN TEXT (kankan)][Plen Bins: 0,66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 123 UDP 192.168.115.8:54420 <-> 8.8.8.8:53 [proto: 5.48/DNS.QQ][IP: 126/Google][ClearText][Confidence: DPI][FPC: 5.48/DNS.QQ, Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/150 bytes <-> 1 pkts/116 bytes][Goodput ratio: 44/63][0.04 sec][Hostname/SNI: vv.video.qq.com][203.205.151.234][Plen Bins: 0,66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 124 UDP 192.168.115.8:52723 <-> 8.8.8.8:53 [proto: 5.295/DNS.1kxun][IP: 126/Google][ClearText][Confidence: DPI][FPC: 5.295/DNS.1kxun, Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/152 bytes <-> 1 pkts/108 bytes][Goodput ratio: 44/61][1.05 sec][Hostname/SNI: kankan.1kxun.com][222.73.254.113][PLAIN TEXT (kankan)][Plen Bins: 0,66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 125 UDP 192.168.115.8:52723 <-> 168.95.1.1:53 [proto: 5.295/DNS.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.295/DNS.1kxun, Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/152 bytes <-> 1 pkts/108 bytes][Goodput ratio: 44/61][0.00 sec][Hostname/SNI: kankan.1kxun.com][222.73.254.167][PLAIN TEXT (kankan)][Plen Bins: 0,66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 126 UDP 192.168.115.8:51458 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][4 pkts/256 bytes -> 0 pkts/0 bytes][Goodput ratio: 34/0][0.10 sec][Hostname/SNI: wpad][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 127 TCP 192.168.5.16:53613 -> 68.233.253.133:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Web/5][3 pkts/198 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][36.19 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 128 UDP [fe80::9bd:81dd:2fdc:5750]:61548 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/190 bytes -> 0 pkts/0 bytes][Goodput ratio: 35/0][0.41 sec][Hostname/SNI: caesar-thinkpad][PLAIN TEXT (caesar)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 129 UDP [fe80::9bd:81dd:2fdc:5750]:64568 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/190 bytes -> 0 pkts/0 bytes][Goodput ratio: 35/0][0.41 sec][Hostname/SNI: caesar-thinkpad][PLAIN TEXT (caesar)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 130 UDP 192.168.5.45:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 10/NetBIOS, Confidence: DPI][DPI packets: 1][cat: System/18][2 pkts/184 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][1.02 sec][Hostname/SNI: nasfile][PLAIN TEXT ( EOEBFDEGEJEMEFCACACACACACACACA)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 131 UDP [fe80::e98f:bae2:19f7:6b0f]:51451 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/184 bytes -> 0 pkts/0 bytes][Goodput ratio: 32/0][0.41 sec][Hostname/SNI: ????????????][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][Risk Info: Invalid chars detected in domain name][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 132 UDP [fe80::e98f:bae2:19f7:6b0f]:54888 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/184 bytes -> 0 pkts/0 bytes][Goodput ratio: 32/0][0.10 sec][Hostname/SNI: ????????????][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][Risk Info: Invalid chars detected in domain name][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 133 UDP [fe80::e98f:bae2:19f7:6b0f]:58779 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/184 bytes -> 0 pkts/0 bytes][Goodput ratio: 32/0][0.41 sec][Hostname/SNI: ????????????][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][Risk Info: Invalid chars detected in domain name][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 134 UDP [fe80::e034:7be:d8f9:6197]:49766 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/182 bytes -> 0 pkts/0 bytes][Goodput ratio: 32/0][0.41 sec][Hostname/SNI: charming-pc][PLAIN TEXT (charming)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 135 UDP [fe80::5d92:62a8:ebde:1319]:49735 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/178 bytes -> 0 pkts/0 bytes][Goodput ratio: 30/0][0.10 sec][Hostname/SNI: wangs-ltw][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 136 UDP [fe80::5d92:62a8:ebde:1319]:58468 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/178 bytes -> 0 pkts/0 bytes][Goodput ratio: 30/0][0.10 sec][Hostname/SNI: wangs-ltw][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 137 TCP 192.168.115.8:49581 <-> 64.233.189.128:80 [proto: 7/HTTP][IP: 126/Google][ClearText][Confidence: Match by port][FPC: 126/Google, Confidence: IP address][DPI packets: 3][cat: Web/5][2 pkts/110 bytes <-> 1 pkts/66 bytes][Goodput ratio: 2/0][0.01 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 138 UDP [fe80::4568:efbc:40b1:1346]:50194 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/176 bytes -> 0 pkts/0 bytes][Goodput ratio: 29/0][0.10 sec][Hostname/SNI: kevin-pc][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 139 UDP [fe80::4568:efbc:40b1:1346]:57148 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/176 bytes -> 0 pkts/0 bytes][Goodput ratio: 29/0][0.10 sec][Hostname/SNI: kevin-pc][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 140 UDP [fe80::5d92:62a8:ebde:1319]:61172 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/174 bytes -> 0 pkts/0 bytes][Goodput ratio: 29/0][0.10 sec][Hostname/SNI: sonusav][PLAIN TEXT (sonusav)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 141 UDP [fe80::5d92:62a8:ebde:1319]:53938 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/172 bytes -> 0 pkts/0 bytes][Goodput ratio: 28/0][0.10 sec][Hostname/SNI: isatap][PLAIN TEXT (isatap)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 142 UDP [fe80::5d92:62a8:ebde:1319]:63659 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/172 bytes -> 0 pkts/0 bytes][Goodput ratio: 28/0][0.11 sec][Hostname/SNI: isatap][PLAIN TEXT (isatap)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 143 UDP [fe80::edf5:240a:c8c0:8312]:53962 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/172 bytes -> 0 pkts/0 bytes][Goodput ratio: 28/0][0.41 sec][Hostname/SNI: ro_x1c][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 144 UDP [fe80::edf5:240a:c8c0:8312]:61603 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/172 bytes -> 0 pkts/0 bytes][Goodput ratio: 28/0][0.41 sec][Hostname/SNI: ro_x1c][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 145 UDP 192.168.5.49:61548 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/150 bytes -> 0 pkts/0 bytes][Goodput ratio: 44/0][0.41 sec][Hostname/SNI: caesar-thinkpad][PLAIN TEXT (caesar)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 146 UDP 192.168.5.49:64568 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/150 bytes -> 0 pkts/0 bytes][Goodput ratio: 44/0][0.41 sec][Hostname/SNI: caesar-thinkpad][PLAIN TEXT (caesar)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 147 UDP 192.168.3.95:51451 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/144 bytes -> 0 pkts/0 bytes][Goodput ratio: 41/0][0.41 sec][Hostname/SNI: ????????????][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][Risk Info: Invalid chars detected in domain name][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 148 UDP 192.168.3.95:54888 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/144 bytes -> 0 pkts/0 bytes][Goodput ratio: 41/0][0.10 sec][Hostname/SNI: ????????????][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][Risk Info: Invalid chars detected in domain name][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 149 UDP 192.168.3.95:58779 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/144 bytes -> 0 pkts/0 bytes][Goodput ratio: 41/0][0.41 sec][Hostname/SNI: ????????????][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][Risk Info: Invalid chars detected in domain name][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 150 UDP 192.168.5.50:57143 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/142 bytes -> 0 pkts/0 bytes][Goodput ratio: 41/0][0.41 sec][Hostname/SNI: charming-pc][PLAIN TEXT (charming)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 151 UDP 192.168.5.50:62756 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/142 bytes -> 0 pkts/0 bytes][Goodput ratio: 41/0][0.41 sec][Hostname/SNI: charming-pc][PLAIN TEXT (charming)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 152 UDP 192.168.5.48:59797 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/140 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][0.41 sec][Hostname/SNI: kasper-mac][PLAIN TEXT (Kasper)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 153 UDP 192.168.3.236:62069 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/138 bytes -> 0 pkts/0 bytes][Goodput ratio: 39/0][0.10 sec][Hostname/SNI: wangs-ltw][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 154 UDP 192.168.3.236:65496 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/138 bytes -> 0 pkts/0 bytes][Goodput ratio: 39/0][0.10 sec][Hostname/SNI: wangs-ltw][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 155 UDP 192.168.5.9:58456 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/138 bytes -> 0 pkts/0 bytes][Goodput ratio: 39/0][0.10 sec][Hostname/SNI: joanna-pc][PLAIN TEXT (Joanna)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 156 UDP 192.168.5.9:62822 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/138 bytes -> 0 pkts/0 bytes][Goodput ratio: 39/0][0.10 sec][Hostname/SNI: joanna-pc][PLAIN TEXT (Joanna)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 157 UDP 192.168.101.33:58456 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/138 bytes -> 0 pkts/0 bytes][Goodput ratio: 39/0][0.10 sec][Hostname/SNI: joanna-pc][PLAIN TEXT (Joanna)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 158 UDP 192.168.101.33:62822 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/138 bytes -> 0 pkts/0 bytes][Goodput ratio: 39/0][0.10 sec][Hostname/SNI: joanna-pc][PLAIN TEXT (Joanna)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 159 UDP 192.168.5.37:54506 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/136 bytes -> 0 pkts/0 bytes][Goodput ratio: 38/0][0.41 sec][Hostname/SNI: notebook][PLAIN TEXT (notebook)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 160 UDP 192.168.5.37:56366 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/136 bytes -> 0 pkts/0 bytes][Goodput ratio: 38/0][0.41 sec][Hostname/SNI: notebook][PLAIN TEXT (notebook)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 161 UDP 192.168.5.41:54470 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/136 bytes -> 0 pkts/0 bytes][Goodput ratio: 38/0][0.10 sec][Hostname/SNI: kevin-pc][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 162 UDP 192.168.5.44:58702 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/136 bytes -> 0 pkts/0 bytes][Goodput ratio: 38/0][0.10 sec][Hostname/SNI: jason-pc][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 163 UDP 192.168.5.44:59571 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/136 bytes -> 0 pkts/0 bytes][Goodput ratio: 38/0][0.10 sec][Hostname/SNI: jason-pc][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 164 UDP 192.168.5.57:64428 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/136 bytes -> 0 pkts/0 bytes][Goodput ratio: 38/0][0.10 sec][Hostname/SNI: usher-pc][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 165 UDP 192.168.5.57:65150 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/136 bytes -> 0 pkts/0 bytes][Goodput ratio: 38/0][0.10 sec][Hostname/SNI: usher-pc][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 166 UDP 192.168.3.236:51714 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/132 bytes -> 0 pkts/0 bytes][Goodput ratio: 36/0][0.11 sec][Hostname/SNI: isatap][PLAIN TEXT (isatap)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 167 UDP 192.168.3.236:56043 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/132 bytes -> 0 pkts/0 bytes][Goodput ratio: 36/0][0.10 sec][Hostname/SNI: isatap][PLAIN TEXT (isatap)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 168 UDP 192.168.5.47:53962 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/132 bytes -> 0 pkts/0 bytes][Goodput ratio: 36/0][0.41 sec][Hostname/SNI: ro_x1c][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 169 UDP 192.168.5.47:61603 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/132 bytes -> 0 pkts/0 bytes][Goodput ratio: 36/0][0.41 sec][Hostname/SNI: ro_x1c][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 170 TCP 192.168.5.16:53605 -> 68.233.253.133:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: Web/5][2 pkts/126 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][22.90 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 171 TCP 192.168.5.16:53622 <-> 192.168.115.75:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: Web/5][1 pkts/60 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.00 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 172 UDP [fe80::f65c:89ff:fe89:e607]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 103/DHCPV6, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/98 bytes -> 0 pkts/0 bytes][Goodput ratio: 36/0][< 1 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 173 UDP 192.168.5.45:59461 -> 192.168.255.255:137 [proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 10/NetBIOS, Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/92 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][< 1 sec][Hostname/SNI: gfile][PLAIN TEXT ( EHEGEJEMEFCACACACACACACACACACA)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 174 UDP 192.168.5.45:59789 -> 192.168.255.255:137 [proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 10/NetBIOS, Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/92 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][< 1 sec][Hostname/SNI: sanji-lifebook-][PLAIN TEXT ( FDEBEOEKEJ)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 175 UDP [fe80::e034:7be:d8f9:6197]:57143 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/91 bytes -> 0 pkts/0 bytes][Goodput ratio: 32/0][< 1 sec][Hostname/SNI: charming-pc][PLAIN TEXT (charming)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 176 UDP [fe80::e034:7be:d8f9:6197]:62756 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/91 bytes -> 0 pkts/0 bytes][Goodput ratio: 32/0][< 1 sec][Hostname/SNI: charming-pc][PLAIN TEXT (charming)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 177 UDP 192.168.5.16:123 -> 17.253.26.125:123 [proto: 9/NTP][IP: 140/Apple][ClearText][Confidence: DPI][FPC: 9/NTP, Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/90 bytes -> 0 pkts/0 bytes][Goodput ratio: 53/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 178 UDP 192.168.5.64:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Hostname/SNI: _googlecast._tcp.local][_googlecast._tcp.local][PLAIN TEXT (googlecast)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 179 UDP 192.168.5.50:49766 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/71 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][< 1 sec][Hostname/SNI: charming-pc][PLAIN TEXT (charming)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 180 UDP 192.168.5.50:50030 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/71 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][< 1 sec][Hostname/SNI: charming-pc][PLAIN TEXT (charming)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 181 UDP 192.168.5.41:55593 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/68 bytes -> 0 pkts/0 bytes][Goodput ratio: 38/0][< 1 sec][Hostname/SNI: kevin-pc][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 182 UDP 192.168.5.44:59062 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/68 bytes -> 0 pkts/0 bytes][Goodput ratio: 38/0][< 1 sec][Hostname/SNI: jason-pc][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 183 UDP 192.168.3.236:59730 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/67 bytes -> 0 pkts/0 bytes][Goodput ratio: 37/0][< 1 sec][Hostname/SNI: sonusav][PLAIN TEXT (sonusav)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + + +Undetected flows: + 1 UDP 192.168.10.110:60480 -> 255.255.255.255:62976 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][5 pkts/1795 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][40.04 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 UDP [2001:b030:214:100:c2a0:bbff:fe73:eb47]:62976 -> [ff02::1]:62976 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][2 pkts/782 bytes -> 0 pkts/0 bytes][Goodput ratio: 84/0][30.00 sec][PLAIN TEXT (Switch)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 UDP [2001:b020:6::c2a0:bbff:fe73:eb57]:62976 -> [ff02::1]:62976 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][2 pkts/782 bytes -> 0 pkts/0 bytes][Goodput ratio: 84/0][30.01 sec][PLAIN TEXT (Switch)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 4 UDP 192.168.10.7:62976 -> 255.255.255.255:62976 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][2 pkts/718 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][30.11 sec][PLAIN TEXT (Switch)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 5 UDP 192.168.125.30:62976 -> 255.255.255.255:62976 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][2 pkts/718 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][30.10 sec][PLAIN TEXT (Switch)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 6 UDP 192.168.140.140:62976 -> 255.255.255.255:62976 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][1 pkts/359 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][< 1 sec][PLAIN TEXT (Switch)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 7 UDP [fe80::4e5e:cff:feea:365]:5678 -> [ff02::1]:5678 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][1 pkts/197 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 5.188 (Executable?)][PLAIN TEXT (6.35.1 )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 8 UDP [fe80::4e5e:cff:fe9a:ec54]:5678 -> [ff02::1]:5678 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][1 pkts/185 bytes -> 0 pkts/0 bytes][Goodput ratio: 66/0][< 1 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 5.214 (Executable?)][PLAIN TEXT (6.35.1 )][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 9 UDP 192.168.119.1:56861 -> 255.255.255.255:5678 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][1 pkts/177 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 5.168 (Executable?)][PLAIN TEXT (6.35.1 )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 10 UDP 59.120.208.218:50151 -> 255.255.255.255:1947 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][2 pkts/164 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][34.71 sec][PLAIN TEXT (AABHZW50cmljZV9)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 11 UDP 192.168.2.186:32768 -> 255.255.255.255:1947 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][2 pkts/164 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][34.72 sec][PLAIN TEXT (icRVSoU)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 12 UDP 192.168.119.2:43786 -> 255.255.255.255:5678 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][1 pkts/163 bytes -> 0 pkts/0 bytes][Goodput ratio: 74/0][< 1 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 5.052 (Executable?)][PLAIN TEXT (6.35.4 )][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 13 UDP 192.168.0.100:50925 -> 255.255.255.255:5678 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][1 pkts/142 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 5.173 (Executable?)][PLAIN TEXT (6.35.1 )][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 14 UDP 59.120.208.212:32768 -> 255.255.255.255:1947 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][PLAIN TEXT (dDYcTc4)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/disable_use_client_port/config.txt b/tests/cfgs/disable_use_client_port/config.txt new file mode 100644 index 00000000000..90c830a98d9 --- /dev/null +++ b/tests/cfgs/disable_use_client_port/config.txt @@ -0,0 +1 @@ +--cfg=flow.use_client_port_in_guess,0 \ No newline at end of file diff --git a/tests/cfgs/disable_use_client_port/pcap/1kxun.pcap b/tests/cfgs/disable_use_client_port/pcap/1kxun.pcap new file mode 120000 index 00000000000..f3b96eb01db --- /dev/null +++ b/tests/cfgs/disable_use_client_port/pcap/1kxun.pcap @@ -0,0 +1 @@ +../../default/pcap/1kxun.pcap \ No newline at end of file diff --git a/tests/cfgs/disable_use_client_port/result/1kxun.pcap.out b/tests/cfgs/disable_use_client_port/result/1kxun.pcap.out new file mode 100644 index 00000000000..52e4801750c --- /dev/null +++ b/tests/cfgs/disable_use_client_port/result/1kxun.pcap.out @@ -0,0 +1,256 @@ +Guessed flow protos: 6 + +DPI Packets (TCP): 408 (4.16 pkts/flow) +DPI Packets (UDP): 120 (1.21 pkts/flow) +Confidence Unknown : 14 (flows) +Confidence Match by port : 6 (flows) +Confidence DPI : 177 (flows) +Num dissector calls: 5024 (25.50 diss/flow) +LRU cache ookla: 0/0/0 (insert/search/found) +LRU cache bittorrent: 0/60/0 (insert/search/found) +LRU cache stun: 0/0/0 (insert/search/found) +LRU cache tls_cert: 0/8/0 (insert/search/found) +LRU cache mining: 0/20/0 (insert/search/found) +LRU cache msteams: 0/0/0 (insert/search/found) +LRU cache fpc_dns: 6/42/13 (insert/search/found) +Automa host: 161/71 (search/found) +Automa domain: 156/0 (search/found) +Automa tls cert: 0/0 (search/found) +Automa risk mask: 16/0 (search/found) +Automa common alpns: 0/0 (search/found) +Patricia risk mask: 174/0 (search/found) +Patricia risk mask IPv6: 6/0 (search/found) +Patricia risk: 3/0 (search/found) +Patricia risk IPv6: 25/0 (search/found) +Patricia protocols: 287/57 (search/found) +Patricia protocols IPv6: 50/0 (search/found) + +Unknown 24 6428 14 +HTTP 249 355379 34 +MDNS 1 82 1 +NTP 1 90 1 +NetBIOS 26 2392 6 +SSDP 143 36951 13 +SMBv1 5 1197 2 +DHCP 24 8208 5 +QQ 33 6883 4 +TLS 124 28754 9 +DHCPV6 10 980 3 +Google 30 54525 4 +LLMNR 91 6931 48 +GoogleServices 17 30330 1 +MpegDash 1 299 1 +1kxun 914 1969311 48 +Line 30 19034 3 + +Safe 124 28754 9 +Acceptable 622 514902 119 +Fun 948 1976493 53 +Dangerous 5 1197 2 +Unrated 24 6428 14 + +JA3 Host Stats: + IP Address # JA3C + 1 192.168.5.16 2 + + + 1 TCP 192.168.2.126:45380 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][7 pkts/4845 bytes <-> 73 pkts/178280 bytes][Goodput ratio: 90/97][5.13 sec][Hostname/SNI: mangaweb.1kxun.mobi][bytes ratio: -0.947 (Download)][IAT c2s/s2c min/avg/max/stddev: 187/0 298/54 408/638 110/113][Pkt Len c2s/s2c min/avg/max/stddev: 490/759 692/2442 831/8706 147/1792][URL: mangaweb.1kxun.mobi/detail?id=27159&sytjdt&_in_app=kankan&_udid=e6dbd30b-3b84-44b4-9751-631148a3ede9&_v=2.8.2.1&_package=com.sceneway.kankan&_model=sdk_gphone_x86&_ov=11&_brand=Google&_android_id=b9e28776354d259e&_gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e][StatusCode: 200][Content-Type: text/html][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /detail)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1,0,0,0,0,1,2,3,1,0,0,0,0,0,0,0,0,0,0,0,1,1,2,0,0,0,0,0,0,52,0,33] + 2 TCP 192.168.2.126:46170 <-> 172.105.121.82:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][2 pkts/552 bytes <-> 33 pkts/181723 bytes][Goodput ratio: 76/99][1.59 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.994 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/42 0/371 0/107][Pkt Len c2s/s2c min/avg/max/stddev: 274/387 276/5507 278/21666 2/6102][URL: pic.1kxun.com/video_kankan/images/releases/296/4701-e14d0481c8fbe8a42795abb879cda2d2.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,0,55] + 3 TCP 192.168.2.126:49372 <-> 14.136.136.108:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][3 pkts/1752 bytes <-> 33 pkts/144786 bytes][Goodput ratio: 89/98][1.99 sec][Hostname/SNI: hkbn.content.1kxun.com][bytes ratio: -0.976 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/61 0/371 0/111][Pkt Len c2s/s2c min/avg/max/stddev: 580/351 584/4387 592/18786 6/4364][URL: hkbn.content.1kxun.com/manga-hant/images/project/cartoons/aec00b1dbdf678ee8d2b89df3fdbd059.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.9.7.4][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /manga)][Plen Bins: 0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,8,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,51] + 4 TCP 192.168.2.126:49396 <-> 14.136.136.108:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][3 pkts/1776 bytes <-> 28 pkts/133577 bytes][Goodput ratio: 89/99][1.65 sec][Hostname/SNI: hkbn.content.1kxun.com][bytes ratio: -0.974 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/42 0/345 0/94][Pkt Len c2s/s2c min/avg/max/stddev: 592/351 592/4771 592/21666 0/5452][URL: hkbn.content.1kxun.com/manga-hant/images/project/cartoons/00dd6bfe750c02c8d10d7112d143f322.jpg?format=webp][StatusCode: 200][Content-Type: image/webp][Server: openresty/1.9.7.4][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /manga)][Plen Bins: 0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,52] + 5 TCP 192.168.2.126:49412 <-> 14.136.136.108:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 9][cat: Streaming/17][3 pkts/1752 bytes <-> 23 pkts/128276 bytes][Goodput ratio: 89/99][1.65 sec][Hostname/SNI: hkbn.content.1kxun.com][bytes ratio: -0.973 (Download)][IAT c2s/s2c min/avg/max/stddev: 612/0 612/61 612/399 0/112][Pkt Len c2s/s2c min/avg/max/stddev: 580/351 584/5577 592/21666 6/5767][URL: hkbn.content.1kxun.com/manga-hant/images/project/cartoons/13aeb81a47e7632ccdf1aefee19ea65e.jpg?format=webp][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (NGET /manga)][Plen Bins: 0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,62] + 6 TCP 192.168.2.126:46212 <-> 172.105.121.82:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][2 pkts/555 bytes <-> 12 pkts/124834 bytes][Goodput ratio: 76/99][1.58 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.991 (Download)][IAT c2s/s2c min/avg/max/stddev: 871/0 871/122 871/373 0/155][Pkt Len c2s/s2c min/avg/max/stddev: 277/386 278/10403 278/37506 0/10887][URL: pic.1kxun.com/video_kankan/images/releases/300/5183-51fb99a2391e774037ba21cbca307be4.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,14,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,57] + 7 TCP 192.168.2.126:38316 <-> 172.105.121.82:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/273 bytes <-> 23 pkts/118294 bytes][Goodput ratio: 76/99][1.43 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.995 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/46 0/393 0/113][Pkt Len c2s/s2c min/avg/max/stddev: 273/388 273/5143 273/24546 0/5526][URL: pic.1kxun.com/video_kankan/images/videos/40701-8fa7d916c55e31f90fa55f450b716505.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,4,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,20,0,67] + 8 TCP 192.168.2.126:49380 <-> 14.136.136.108:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 9][cat: Streaming/17][2 pkts/1172 bytes <-> 30 pkts/99876 bytes][Goodput ratio: 89/98][1.31 sec][Hostname/SNI: hkbn.content.1kxun.com][bytes ratio: -0.977 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/32 0/209 0/74][Pkt Len c2s/s2c min/avg/max/stddev: 580/351 586/3329 592/18786 6/3784][URL: hkbn.content.1kxun.com/manga-hant/images/project/cartoons/f05074256b39572ad852c1c95eb5f8a7.jpg][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (LGET /manga)][Plen Bins: 0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,53,0,34] + 9 TCP 192.168.2.126:36636 <-> 18.64.103.30:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 9][cat: Web/5][1 pkts/411 bytes <-> 29 pkts/98991 bytes][Goodput ratio: 84/98][0.08 sec][Hostname/SNI: hybird.rayjump.com][bytes ratio: -0.992 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/2 0/20 0/4][Pkt Len c2s/s2c min/avg/max/stddev: 411/1467 411/3413 411/5778 0/1722][URL: hybird.rayjump.com/rv-zip-2022/0428/tpl4-4209ad845e61d9ad67b6f04187d00be0.zip?md5filename=4209ad845e61d9ad67b6f04187d00be0&foldername=tpl4&layout=1&tpl=4&wfr=1&to=9999&alecfc=1&whs_chn=m][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][PLAIN TEXT (GET /rv)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,30,0,0,63] + 10 TCP 192.168.2.126:36654 <-> 18.64.103.30:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 9][cat: Web/5][1 pkts/363 bytes <-> 25 pkts/90800 bytes][Goodput ratio: 82/98][0.10 sec][Hostname/SNI: hybird.rayjump.com][bytes ratio: -0.992 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/3 0/18 0/5][Pkt Len c2s/s2c min/avg/max/stddev: 363/1494 363/3632 363/4350 0/1035][URL: hybird.rayjump.com/rv-zip-2019/1113/mini-260291c208bf3376b5111db855e89451.zip?md5filename=260291c208bf3376b5111db855e89451&foldername=mini][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][PLAIN TEXT (GET /rv)][Plen Bins: 0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,85] + 11 TCP 192.168.2.126:45416 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][8 pkts/7202 bytes <-> 24 pkts/83277 bytes][Goodput ratio: 93/98][16.31 sec][Hostname/SNI: mangaweb.1kxun.mobi][bytes ratio: -0.841 (Download)][IAT c2s/s2c min/avg/max/stddev: 186/0 2919/772 6045/5959 2744/1789][Pkt Len c2s/s2c min/avg/max/stddev: 500/709 900/3470 1180/14466 215/3207][URL: mangaweb.1kxun.mobi/js/vendor.bundle.js?1644807874][StatusCode: 200][Content-Type: application/javascript][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/vendor.bundle.j)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,3,0,0,12,0,0,0,0,0,0,0,3,3,3,6,0,0,0,0,0,0,0,3,0,0,21,0,41] + 12 TCP 192.168.2.126:38326 <-> 172.105.121.82:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/273 bytes <-> 21 pkts/89010 bytes][Goodput ratio: 76/98][1.25 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.994 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/50 0/412 0/118][Pkt Len c2s/s2c min/avg/max/stddev: 273/387 273/4239 273/12489 0/2950][URL: pic.1kxun.com/video_kankan/images/videos/40730-48fd657abd5a1d3e45d03403ddcb0663.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,4,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,73] + 13 TCP 192.168.2.126:46200 <-> 172.105.121.82:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][2 pkts/556 bytes <-> 18 pkts/82689 bytes][Goodput ratio: 76/99][1.24 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.987 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/56 0/375 0/119][Pkt Len c2s/s2c min/avg/max/stddev: 278/386 278/4594 278/21666 0/5421][URL: pic.1kxun.com/video_kankan/images/releases/301/5027-d707192bfa2dabf22771a4d56454ab88.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,10,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,35,0,45] + 14 TCP 192.168.2.126:46184 <-> 172.105.121.82:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][3 pkts/829 bytes <-> 13 pkts/73655 bytes][Goodput ratio: 76/99][1.27 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.978 (Download)][IAT c2s/s2c min/avg/max/stddev: 392/0 392/81 392/368 0/134][Pkt Len c2s/s2c min/avg/max/stddev: 273/386 276/5666 278/23106 2/7129][URL: pic.1kxun.com/video_kankan/images/releases/299/4704-5017bcdcacc02cc3af4833cd1ed72a8f.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,18,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,25,0,37] + 15 TCP 192.168.2.126:36640 <-> 18.64.103.30:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 9][cat: Web/5][1 pkts/563 bytes <-> 20 pkts/65580 bytes][Goodput ratio: 88/98][0.06 sec][Hostname/SNI: hybird.rayjump.com][bytes ratio: -0.983 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/1 0/3 0/1][Pkt Len c2s/s2c min/avg/max/stddev: 563/1494 563/3279 563/5778 0/1489][URL: hybird.rayjump.com/rv-zip-2022/0428/endcard-dsp-1302-f2714a34f6661a70fedea1667fb7a9e4.zip?md5filename=f2714a34f6661a70fedea1667fb7a9e4&foldername=endcard-dsp-1302&mof=1&mof_uid=91199&n_imp=1&mof_pkg=com.sceneway.kankan&n_region=fk&alecfc=1&bait_click=1&mo][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][PLAIN TEXT (GET /rv)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,62] + 16 TCP 192.168.115.8:49600 <-> 106.187.35.246:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 295/1kxun, Confidence: DNS][DPI packets: 9][cat: Streaming/17][18 pkts/1722 bytes <-> 51 pkts/61707 bytes][Goodput ratio: 42/95][45.37 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.946 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3472/1029 44994/45054 11986/6714][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 96/1210 416/1314 113/325][URL: pic.1kxun.com/video_kankan/images/videos/18283-jfyj3.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.9.7.1][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][PLAIN TEXT (GET /video)][Plen Bins: 3,0,0,0,0,0,0,0,0,1,0,3,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,91,0,0,0,0,0,0,0,0] + 17 TCP 192.168.2.126:45398 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][3 pkts/2127 bytes <-> 18 pkts/58725 bytes][Goodput ratio: 91/98][4.35 sec][Hostname/SNI: mangaweb.1kxun.mobi][bytes ratio: -0.930 (Download)][IAT c2s/s2c min/avg/max/stddev: 229/0 229/262 229/3434 0/852][Pkt Len c2s/s2c min/avg/max/stddev: 490/551 709/3262 821/7266 155/2191][URL: mangaweb.1kxun.mobi/js/dependency-all.js][StatusCode: 200][Content-Type: application/javascript][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/dependency)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,4,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,39,0,43] + 18 TCP 192.168.2.126:49354 <-> 14.136.136.108:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][2 pkts/1184 bytes <-> 19 pkts/53234 bytes][Goodput ratio: 89/98][1.04 sec][Hostname/SNI: hkbn.content.1kxun.com][bytes ratio: -0.956 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/26 0/204 0/67][Pkt Len c2s/s2c min/avg/max/stddev: 592/351 592/2802 592/8706 0/2084][URL: hkbn.content.1kxun.com/manga-hant/images/project/cartoons/7e07d4417e0edc98d327d0ddfd3e227a.jpg?format=webp][StatusCode: 200][Content-Type: image/webp][Server: openresty/1.9.7.4][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (/GET /manga)][Plen Bins: 0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,38,0,42] + 19 TCP 192.168.115.8:49601 <-> 106.187.35.246:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 295/1kxun, Confidence: DNS][DPI packets: 9][cat: Streaming/17][18 pkts/2440 bytes <-> 43 pkts/49237 bytes][Goodput ratio: 59/95][45.30 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.906 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3466/4 44999/62 11990/13][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 136/1145 415/1314 149/400][URL: pic.1kxun.com/video_kankan/images/videos/3578-ywzj.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.9.7.1][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][PLAIN TEXT (GET /video)][Plen Bins: 4,2,0,0,0,0,0,0,0,4,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,79,0,0,0,0,0,0,0,0] + 20 TCP 192.168.115.8:49602 <-> 106.187.35.246:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 295/1kxun, Confidence: DNS][DPI packets: 9][cat: Streaming/17][24 pkts/2786 bytes <-> 41 pkts/46203 bytes][Goodput ratio: 52/95][45.33 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.886 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2649/12 44748/253 10525/45][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 116/1127 415/1314 133/398][URL: pic.1kxun.com/video_kankan/images/videos/3713-ydm.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.9.7.1][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][PLAIN TEXT (GET /video)][Plen Bins: 4,0,0,0,0,0,0,0,0,4,0,9,0,0,4,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,76,0,0,0,0,0,0,0,0] + 21 TCP 192.168.115.8:49604 <-> 106.187.35.246:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 295/1kxun, Confidence: DNS][DPI packets: 9][cat: Streaming/17][20 pkts/2564 bytes <-> 38 pkts/43013 bytes][Goodput ratio: 57/95][45.32 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.887 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3007/1410 44996/45052 11222/7838][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 128/1132 423/1314 145/403][URL: pic.1kxun.com/video_kankan/images/videos/4657-jfyj.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.9.7.1][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][PLAIN TEXT (GET /video)][Plen Bins: 4,0,0,0,0,0,0,0,0,4,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,77,0,0,0,0,0,0,0,0] + 22 TCP 192.168.115.8:49606 <-> 106.185.35.110:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 295/1kxun, Confidence: DNS][DPI packets: 9][cat: Streaming/17][22 pkts/1926 bytes <-> 28 pkts/33821 bytes][Goodput ratio: 37/95][0.42 sec][Hostname/SNI: jp.kankan.1kxun.mobi][bytes ratio: -0.892 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/8 194/109 46/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 88/1208 411/1314 102/329][URL: jp.kankan.1kxun.mobi/api/movies/mp4script/10410?definition=true][StatusCode: 200][Content-Type: text/xml][Server: openresty/1.9.7.1][Risk: ** HTTP Susp User-Agent **][Risk Score: 100][Risk Info: Empty or missing User-Agent][PLAIN TEXT (GET /api/movies/mp4)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,89,0,0,0,0,0,0,0,0] + 23 TCP 192.168.115.8:49599 <-> 106.187.35.246:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 295/1kxun, Confidence: DNS][DPI packets: 9][cat: Streaming/17][16 pkts/1612 bytes <-> 27 pkts/29579 bytes][Goodput ratio: 45/95][45.24 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.897 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 12/6 66/65 23/18][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 101/1096 415/1314 119/461][URL: pic.1kxun.com/video_kankan/images/videos/13480-alps.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.9.7.1][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][PLAIN TEXT (GET /video)][Plen Bins: 7,3,0,0,0,0,0,0,0,3,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,79,0,0,0,0,0,0,0,0] + 24 TCP 192.168.2.126:44368 <-> 172.217.18.98:80 [proto: 7.239/HTTP.GoogleServices][IP: 126/Google][ClearText][Confidence: DPI][FPC: 7.239/HTTP.GoogleServices, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/489 bytes <-> 16 pkts/29841 bytes][Goodput ratio: 86/96][0.06 sec][Hostname/SNI: www.googletagservices.com][bytes ratio: -0.968 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/2 0/22 0/6][Pkt Len c2s/s2c min/avg/max/stddev: 489/491 489/1865 489/2902 0/738][URL: www.googletagservices.com/tag/js/gpt.js][StatusCode: 200][Content-Type: text/javascript][Server: sffe][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 5.499 (Executable?)][PLAIN TEXT (GET /tag/js/gpt.j)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,59,0,0,29] + 25 TCP 192.168.2.126:38354 <-> 142.250.186.34:80 [proto: 7.126/HTTP.Google][IP: 126/Google][ClearText][Confidence: DPI][FPC: 7.126/HTTP.Google, Confidence: DPI][DPI packets: 9][cat: Advertisement/101][1 pkts/586 bytes <-> 12 pkts/28355 bytes][Goodput ratio: 89/97][0.08 sec][Hostname/SNI: pagead2.googlesyndication.com][bytes ratio: -0.960 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/3 0/23 0/7][Pkt Len c2s/s2c min/avg/max/stddev: 586/687 586/2363 586/2902 0/788][URL: pagead2.googlesyndication.com/pagead/show_ads.js][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /pagead/show)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0,62] + 26 TCP 192.168.2.126:35664 <-> 18.66.2.90:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/249 bytes <-> 9 pkts/27029 bytes][Goodput ratio: 73/98][0.02 sec][Hostname/SNI: cdn.liftoff.io][bytes ratio: -0.982 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/1 0/3 0/1][Pkt Len c2s/s2c min/avg/max/stddev: 249/797 249/3003 249/4350 0/1362][URL: cdn.liftoff.io/customers/45d4b09eba/image/lambda_jpg_89/398101234e6cf5b3a8d8.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: AmazonS3][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (GET /customers/45)][Plen Bins: 0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,60] + 27 TCP 192.168.115.8:49603 <-> 106.187.35.246:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 295/1kxun, Confidence: DNS][DPI packets: 9][cat: Streaming/17][12 pkts/1396 bytes <-> 22 pkts/24184 bytes][Goodput ratio: 52/95][45.24 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.891 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5632/4 45001/65 14880/15][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 116/1099 415/1314 134/455][URL: pic.1kxun.com/video_kankan/images/videos/16649-ljdz.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.9.7.1][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][PLAIN TEXT (GET /video)][Plen Bins: 8,0,0,0,0,0,0,0,0,4,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,75,0,0,0,0,0,0,0,0] + 28 TCP 192.168.2.126:36732 <-> 142.250.186.174:80 [proto: 7.126/HTTP.Google][IP: 126/Google][ClearText][Confidence: DPI][FPC: 7.126/HTTP.Google, Confidence: DPI][DPI packets: 2][cat: Advertisement/101][1 pkts/487 bytes <-> 10 pkts/21123 bytes][Goodput ratio: 86/97][0.05 sec][Hostname/SNI: www.google-analytics.com][bytes ratio: -0.955 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/3 0/21 0/7][Pkt Len c2s/s2c min/avg/max/stddev: 487/677 487/2112 487/2902 0/822][URL: www.google-analytics.com/analytics.js][StatusCode: 200][Content-Type: text/javascript][Server: Golfe2][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /analytics.js HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,36,0,0,45] + 29 TCP 192.168.2.126:45388 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][2 pkts/1315 bytes <-> 8 pkts/18984 bytes][Goodput ratio: 90/97][4.33 sec][Hostname/SNI: mangaweb.1kxun.mobi][bytes ratio: -0.870 (Download)][IAT c2s/s2c min/avg/max/stddev: 3965/0 3965/593 3965/3966 0/1379][Pkt Len c2s/s2c min/avg/max/stddev: 509/1287 658/2373 806/8258 148/2234][URL: mangaweb.1kxun.mobi/js/swiper/swiper.min.css][StatusCode: 200][Content-Type: text/css][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/swiper/swiper.min.css H)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,10,0,0,0,0,40,0,20] + 30 TCP 192.168.115.8:49609 <-> 42.120.51.152:8080 [proto: 7/HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 274/Alibaba, Confidence: IP address][DPI packets: 9][cat: Web/5][20 pkts/4716 bytes <-> 13 pkts/7005 bytes][Goodput ratio: 77/90][1.19 sec][Hostname/SNI: 42.120.51.152][bytes ratio: -0.195 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 49/52 298/178 81/57][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 236/539 499/1314 193/556][URL: 42.120.51.152:8080/api/proxy?url=http%3A%2F%2Fvv.video.qq.com%2Fgetvinfo][StatusCode: 100][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.0][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 42.120.51.152 / Expected on port 80][PLAIN TEXT (POST /api/proxy)][Plen Bins: 11,0,0,0,0,0,0,22,0,0,0,0,0,33,0,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,0,0,0,0] + 31 TCP 192.168.2.126:37100 <-> 52.29.177.177:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 4][cat: Web/5][12 pkts/8973 bytes <-> 4 pkts/687 bytes][Goodput ratio: 91/61][7.04 sec][Hostname/SNI: adx-tk.rayjump.com][bytes ratio: 0.858 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/185 697/1192 4610/2198 1454/1006][Pkt Len c2s/s2c min/avg/max/stddev: 86/169 748/172 1506/180 594/5][StatusCode: 204][Server: nginx][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /track)][Plen Bins: 25,0,0,25,0,0,0,0,0,0,0,0,0,0,12,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] + 32 TCP 192.168.5.16:53627 <-> 203.69.81.73:80 [proto: 7.315/HTTP.Line][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 315/Line, Confidence: DNS][DPI packets: 6][cat: Chat/9][6 pkts/676 bytes <-> 8 pkts/8822 bytes][Goodput ratio: 40/94][0.02 sec][Hostname/SNI: dl-obs.official.line.naver.jp][bytes ratio: -0.858 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 4/2 10/8 4/3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 113/1103 334/1514 99/610][URL: dl-obs.official.line.naver.jp/r/talk/m/4697716954688/preview][StatusCode: 200][Content-Type: image/jpeg][User-Agent: DESKTOP:MAC:10.10.5-YOSEMITE(4.7.2)][PLAIN TEXT (FGET /r/talk/m/4697716954688/pr)][Plen Bins: 0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,71,0,0] + 33 TCP 192.168.5.16:53628 <-> 203.69.81.73:80 [proto: 7.315/HTTP.Line][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 315/Line, Confidence: DNS][DPI packets: 6][cat: Chat/9][6 pkts/676 bytes <-> 8 pkts/8482 bytes][Goodput ratio: 40/94][0.01 sec][Hostname/SNI: dl-obs.official.line.naver.jp][bytes ratio: -0.852 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/2 10/6 4/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 113/1060 334/1514 99/620][URL: dl-obs.official.line.naver.jp/r/talk/m/4697716971500/preview][StatusCode: 200][Content-Type: image/jpeg][User-Agent: DESKTOP:MAC:10.10.5-YOSEMITE(4.7.2)][PLAIN TEXT (GGET /r/talk/m/4697716971500/pr)][Plen Bins: 0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,71,0,0] + 34 UDP [fe80::9bd:81dd:2fdc:5750]:1900 -> [ff02::c]:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][16 pkts/8921 bytes -> 0 pkts/0 bytes][Goodput ratio: 89/0][8.40 sec][Hostname/SNI: [ff02::c]:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 103/0 512/0 2044/0 527/0][Pkt Len c2s/s2c min/avg/max/stddev: 510/0 558/0 590/0 30/0][PLAIN TEXT (NOTIFY )][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,12,56,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 35 UDP 192.168.5.49:1900 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][16 pkts/8473 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][8.40 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 102/0 512/0 2044/0 527/0][Pkt Len c2s/s2c min/avg/max/stddev: 482/0 530/0 562/0 30/0][PLAIN TEXT (NOTIFY )][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,12,18,51,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 36 TCP 192.168.2.126:49370 <-> 14.136.136.108:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/580 bytes <-> 4 pkts/7749 bytes][Goodput ratio: 88/97][0.22 sec][Hostname/SNI: hkbn.content.1kxun.com][URL: hkbn.content.1kxun.com/manga-hant/images/project/cartoons/b057f5cd8fe013d2299b57f14faa5fa9.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.9.7.4][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (AGET /manga)][Plen Bins: 0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,20] + 37 TCP 192.168.2.126:45422 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 5][cat: Streaming/17][3 pkts/2139 bytes <-> 4 pkts/6060 bytes][Goodput ratio: 91/96][4.31 sec][Hostname/SNI: mangaweb.1kxun.mobi][bytes ratio: -0.478 (Download)][IAT c2s/s2c min/avg/max/stddev: 221/224 2062/1374 3902/3898 1841/1787][Pkt Len c2s/s2c min/avg/max/stddev: 502/1413 713/1515 819/1720 149/124][URL: mangaweb.1kxun.mobi/images/detail_revision/go_homepage.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/application.min.j)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,14,0,14] + 38 TCP 192.168.2.126:60148 <-> 172.105.121.82:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][2 pkts/536 bytes <-> 3 pkts/7066 bytes][Goodput ratio: 75/97][0.56 sec][Hostname/SNI: pic.1kxun.com][URL: pic.1kxun.com/video_kankan/images/icons/5-328e3cdf244c003df08754cca05fbc2f.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,40,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20] + 39 TCP 119.235.235.84:443 <-> 192.168.5.16:53406 [proto: 91/TLS][IP: 315/Line][Encrypted][Confidence: Match by port][FPC: 315/Line, Confidence: IP address][DPI packets: 20][cat: Web/5][13 pkts/6269 bytes <-> 10 pkts/1165 bytes][Goodput ratio: 88/51][18.02 sec][bytes ratio: 0.687 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/31 352/2546 3289/14274 980/4917][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 482/116 1514/386 582/101][Plen Bins: 23,7,0,0,0,15,7,0,7,0,7,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0] + 40 TCP 192.168.2.126:38314 <-> 172.105.121.82:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/273 bytes <-> 4 pkts/6346 bytes][Goodput ratio: 76/96][0.33 sec][Hostname/SNI: pic.1kxun.com][URL: pic.1kxun.com/video_kankan/images/videos/40750-585645353a7a47615755b7714c611835.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,20,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,20] + 41 TCP 192.168.2.126:45414 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][3 pkts/2118 bytes <-> 3 pkts/3518 bytes][Goodput ratio: 91/94][4.32 sec][Hostname/SNI: mangaweb.1kxun.mobi][bytes ratio: -0.248 (Download)][IAT c2s/s2c min/avg/max/stddev: 215/216 2066/2066 3917/3916 1851/1850][Pkt Len c2s/s2c min/avg/max/stddev: 482/758 706/1173 819/1456 158/300][URL: mangaweb.1kxun.mobi/js/fb-sdk.js][StatusCode: 200][Content-Type: application/javascript][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/fb)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,16,0,34,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,16,0,0,0,0] + 42 TCP 192.168.2.126:47246 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][2 pkts/1872 bytes <-> 2 pkts/3374 bytes][Goodput ratio: 93/96][1.30 sec][Hostname/SNI: kankan.1kxun.com][URL: kankan.1kxun.com/video_kankan_tags/v2/api/homePageVideoCollections/HomePageBanners?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28][StatusCode: 200][Content-Type: application/json][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25] + 43 TCP 192.168.2.126:36660 <-> 18.64.103.30:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 4][cat: Web/5][1 pkts/328 bytes <-> 3 pkts/4733 bytes][Goodput ratio: 80/96][0.03 sec][Hostname/SNI: hybird.rayjump.com][URL: hybird.rayjump.com/rv/endv4.html?mof=1&ec_id=4&mof_uid=91199&n_imp=1&unit_id=8881&sdk_version=mal_8.7.4][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][PLAIN TEXT (GET /rv/endv4.html)][Plen Bins: 0,0,0,0,0,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,25] + 44 TCP 192.168.115.8:49608 <-> 203.205.151.234:80 [proto: 7.48/HTTP.QQ][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 48/QQ, Confidence: DNS][DPI packets: 9][cat: Chat/9][18 pkts/3550 bytes <-> 7 pkts/1400 bytes][Goodput ratio: 71/72][1.09 sec][Hostname/SNI: vv.video.qq.com][bytes ratio: 0.434 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 70/191 476/506 136/201][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 197/200 499/372 176/149][URL: vv.video.qq.com/getvinfo][StatusCode: 100][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.0][PLAIN TEXT (POST /getvinfo HTTP/1.1)][Plen Bins: 15,0,0,0,0,15,15,0,0,23,0,0,0,30,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 45 UDP 192.168.119.1:67 -> 255.255.255.255:68 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 18/DHCP, Confidence: DPI][DPI packets: 1][cat: Network/14][14 pkts/4788 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][43.01 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 412/0 3106/0 12289/0 3176/0][Pkt Len c2s/s2c min/avg/max/stddev: 342/0 342/0 342/0 0/0][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 46 TCP 192.168.5.16:53580 <-> 31.13.87.36:443 [proto: 91/TLS][IP: 119/Facebook][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 4][cat: Web/5][4 pkts/2050 bytes <-> 5 pkts/2297 bytes][Goodput ratio: 87/86][0.18 sec][bytes ratio: -0.057 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 4/0 60/44 176/133 82/54][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 512/459 1159/1464 468/536][Plen Bins: 0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,20,0,0,0,0] + 47 TCP 192.168.115.8:49613 <-> 183.131.48.144:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Media/1][7 pkts/1408 bytes <-> 5 pkts/2611 bytes][Goodput ratio: 71/89][0.15 sec][Hostname/SNI: 183.131.48.144][bytes ratio: -0.299 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 14/25 69/67 28/30][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 201/522 557/1078 225/465][URL: 183.131.48.144/vlive.qqvideo.tc.qq.com/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE656][StatusCode: 206][Content-Type: video/mp4][Risk: ** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 110][Risk Info: Found host 183.131.48.144 / Empty or missing User-Agent][PLAIN TEXT (GET /vlive.qq)][Plen Bins: 0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 48 TCP 192.168.5.16:53623 <-> 192.168.115.75:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][11 pkts/1959 bytes <-> 8 pkts/1683 bytes][Goodput ratio: 67/72][20.95 sec][Hostname/SNI: 192.168.115.75][bytes ratio: 0.076 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 2323/4176 15252/15254 4895/5951][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 178/210 1067/1055 288/323][Risk: ** Weak TLS Cipher **** HTTP/TLS/QUIC Numeric Hostname/SNI **** TLS (probably) Not Carrying HTTPS **][Risk Score: 120][Risk Info: 192.168.115.75 / No ALPN / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: 799135475da362592a4be9199d258726][JA4: t12i370500_07a749158664_d075105c1994][JA3S: 573a9f3f80037fb40d481e2054def5bb (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 14,14,14,0,0,14,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 49 TCP 192.168.5.16:53625 <-> 192.168.115.75:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][11 pkts/1955 bytes <-> 8 pkts/1683 bytes][Goodput ratio: 67/72][6.76 sec][Hostname/SNI: 192.168.115.75][bytes ratio: 0.075 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 746/1336 5987/5987 1865/2341][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 178/210 1067/1055 287/323][Risk: ** Weak TLS Cipher **** HTTP/TLS/QUIC Numeric Hostname/SNI **** TLS (probably) Not Carrying HTTPS **][Risk Score: 120][Risk Info: 192.168.115.75 / No ALPN / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: 618ee2509ef52bf0b8216e1564eea909][JA4: t12i370400_07a749158664_e64f6000bf4d][JA3S: 573a9f3f80037fb40d481e2054def5bb (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 14,14,14,0,0,14,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 50 TCP 192.168.2.126:42554 <-> 35.156.44.13:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][4 pkts/3091 bytes <-> 2 pkts/444 bytes][Goodput ratio: 91/70][2.57 sec][Hostname/SNI: de01.rayjump.com][bytes ratio: 0.749 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/2543 847/2543 2537/2543 1195/0][Pkt Len c2s/s2c min/avg/max/stddev: 86/222 773/222 1506/222 647/0][URL: de01.rayjump.com/onlyImpression?k=629bea20a4e5410001f01c7x&mp=fURPDr5tiUStf7V2fajMiaveHUveDAJ96aiPfU5IiARTfnHIGal9i%2BMefbMM6jxc6aRAGaxIi%2BMPfdMei%2BewDke6Go9bWUxIi099WUR%2Fi%2BegYFKgY75IhFx8%2BFJML7K%2FH5K9GaHIinhPfdleialM6azIHkPIG%2BeIGnR%2FiUjPWUNMWUR][StatusCode: 200][Content-Type: text/plain][Server: nginx][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (FGET /onlyImpression)][Plen Bins: 16,0,0,16,34,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,16,0,0] + 51 TCP 192.168.5.16:53629 <-> 192.168.115.75:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][10 pkts/1895 bytes <-> 7 pkts/1623 bytes][Goodput ratio: 69/75][6.08 sec][Hostname/SNI: 192.168.115.75][bytes ratio: 0.077 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 753/1500 5998/5998 1982/2597][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 190/232 1067/1055 299/340][Risk: ** Weak TLS Cipher **** HTTP/TLS/QUIC Numeric Hostname/SNI **** TLS (probably) Not Carrying HTTPS **][Risk Score: 120][Risk Info: 192.168.115.75 / No ALPN / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: 618ee2509ef52bf0b8216e1564eea909][JA4: t12i370400_07a749158664_e64f6000bf4d][JA3S: 573a9f3f80037fb40d481e2054def5bb (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 14,14,14,0,0,14,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 52 TCP 192.168.115.8:49605 <-> 106.185.35.110:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 295/1kxun, Confidence: DNS][DPI packets: 9][cat: Streaming/17][8 pkts/1128 bytes <-> 5 pkts/2282 bytes][Goodput ratio: 60/87][0.09 sec][Hostname/SNI: jp.kankan.1kxun.mobi][bytes ratio: -0.338 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/16 36/43 13/19][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 141/456 390/1314 144/512][URL: jp.kankan.1kxun.mobi/api/videos/10410.json][StatusCode: 200][Content-Type: application/json][Server: openresty/1.9.7.1][Risk: ** HTTP Susp User-Agent **][Risk Score: 100][Risk Info: Empty or missing User-Agent][PLAIN TEXT (GET /api/videos/10410.j)][Plen Bins: 20,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0] + 53 TCP 192.168.2.126:33042 <-> 3.122.190.70:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/1986 bytes <-> 2 pkts/1328 bytes][Goodput ratio: 93/90][2.20 sec][Hostname/SNI: click.liftoff.io][URL: click.liftoff.io/v1/campaign_click/ddfWbX-c_ZpIF_3wE-XgJSwRJPn_5OpS9IR6X4XG91XQL6ssRLV4QPLSEQgWyRbP_OAHXGp-3z8zKxdRjL-BT6h7z46z4qmAWxR5DboEhr1DytY4W5gfQLUcV6yE3POR7PrQlrVbVtH-7uW1oie-jkR4naGHTVVHKv5kFXBJ9yTIX-JngaE2MMTER1HuBx9qTlyLhiZCtWSUSv4Ze5z4QuGqjWij][StatusCode: 200][Content-Type: image/png][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /v1/campaign)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 54 TCP 192.168.2.126:50176 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/1185 bytes <-> 2 pkts/2082 bytes][Goodput ratio: 94/94][0.19 sec][Hostname/SNI: mangaweb.1kxun.mobi][URL: mangaweb.1kxun.mobi/images/list_default.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /images/list)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,33,0,0] + 55 TCP 192.168.5.16:53626 <-> 192.168.115.75:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][11 pkts/1943 bytes <-> 8 pkts/1267 bytes][Goodput ratio: 66/63][8.90 sec][Hostname/SNI: 192.168.115.75][bytes ratio: 0.211 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 982/1763 6000/6000 1978/2381][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 177/158 1051/639 283/188][Risk: ** Weak TLS Cipher **** HTTP/TLS/QUIC Numeric Hostname/SNI **** TLS (probably) Not Carrying HTTPS **][Risk Score: 120][Risk Info: 192.168.115.75 / No ALPN / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: 799135475da362592a4be9199d258726][JA4: t12i370500_07a749158664_d075105c1994][JA3S: 573a9f3f80037fb40d481e2054def5bb (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 14,14,14,0,0,14,14,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 56 TCP 192.168.115.8:49597 <-> 106.185.35.110:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 295/1kxun, Confidence: DNS][DPI packets: 9][cat: Streaming/17][10 pkts/1394 bytes <-> 4 pkts/1464 bytes][Goodput ratio: 59/83][45.16 sec][Hostname/SNI: jp.kankan.1kxun.mobi][bytes ratio: -0.024 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/4 5639/28 44799/53 14801/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 139/366 468/1272 164/523][URL: jp.kankan.1kxun.mobi/api/videos/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377698][StatusCode: 200][Content-Type: application/x-javascript][Server: openresty/1.9.7.1][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][PLAIN TEXT (GET /api/videos/10410.j)][Plen Bins: 40,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0] + 57 TCP 192.168.2.126:35426 <-> 8.209.112.118:80 [proto: 7/HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 5][cat: Web/5][4 pkts/2668 bytes <-> 1 pkts/142 bytes][Goodput ratio: 92/62][0.02 sec][Hostname/SNI: analytics.rayjump.com][URL: analytics.rayjump.com/][StatusCode: 204][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (POST / HTTP/1.1)][Plen Bins: 20,0,20,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0] + 58 TCP 192.168.2.126:41390 <-> 18.64.79.37:80 [proto: 7.126/HTTP.Google][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7.126/HTTP.Google, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/492 bytes <-> 3 pkts/2123 bytes][Goodput ratio: 86/91][0.03 sec][Hostname/SNI: google.open-js.com][URL: google.open-js.com/doubleclick/ca0ecde2.js][StatusCode: 200][Content-Type: application/javascript][Server: AmazonS3][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 5.486 (Executable?)][PLAIN TEXT (SGET /doubleclick/ca0)][Plen Bins: 0,25,0,0,0,0,0,0,0,0,0,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0] + 59 TCP 192.168.2.126:56096 <-> 3.72.69.158:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/857 bytes <-> 1 pkts/1706 bytes][Goodput ratio: 92/96][0.02 sec][Hostname/SNI: setting.rayjump.com][URL: setting.rayjump.com/setting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=][StatusCode: 200][Content-Type: text/plain][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (GET /setting)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50] + 60 TCP 31.13.87.1:443 <-> 192.168.5.16:53578 [proto: 91/TLS][IP: 119/Facebook][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 3][cat: Web/5][5 pkts/1006 bytes <-> 5 pkts/1487 bytes][Goodput ratio: 67/78][0.26 sec][bytes ratio: -0.193 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 64/64 205/212 84/87][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 201/297 471/1223 139/463][Plen Bins: 0,0,40,20,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0] + 61 UDP 192.168.5.57:55809 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][14 pkts/2450 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][56.94 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2968/0 4488/0 17921/0 4136/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 62 TCP 192.168.115.8:49598 <-> 222.73.254.167:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 295/1kxun, Confidence: DNS][DPI packets: 9][cat: Streaming/17][10 pkts/1406 bytes <-> 4 pkts/980 bytes][Goodput ratio: 60/75][45.21 sec][Hostname/SNI: kankan.1kxun.com][bytes ratio: 0.179 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/9 5643/40 44798/70 14800/30][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 141/245 474/788 167/314][URL: kankan.1kxun.com/api/videos/alsolikes/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377899][StatusCode: 200][Content-Type: application/json][Server: openresty/1.9.3.2][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][PLAIN TEXT (GET /api/videos/alsolikes/10410)][Plen Bins: 40,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 63 TCP 192.168.115.8:49612 <-> 183.131.48.145:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][10 pkts/1428 bytes <-> 4 pkts/867 bytes][Goodput ratio: 60/73][0.23 sec][Hostname/SNI: 183.131.48.145][bytes ratio: 0.244 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 28/42 74/83 34/42][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 143/217 486/687 172/271][URL: 183.131.48.145/vlive.qqvideo.tc.qq.com/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE656][StatusCode: 302][Server: httpserver][Risk: ** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 110][Risk Info: Found host 183.131.48.145 / Empty or missing User-Agent][PLAIN TEXT (GET /vlive.qq)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 64 UDP 192.168.5.44:51389 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][13 pkts/2275 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][59.19 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2967/0 5110/0 15056/0 4451/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 65 TCP 192.168.2.126:45424 <-> 161.117.13.29:80 [proto: 7/HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/480 bytes <-> 1 pkts/1787 bytes][Goodput ratio: 86/96][0.19 sec][Hostname/SNI: tcad.wedolook.com][URL: tcad.wedolook.com/js/websdk.js][StatusCode: 200][Content-Type: application/javascript][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/websdk.js HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50] + 66 UDP 192.168.3.95:59468 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][12 pkts/2100 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][45.06 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2967/0 4198/0 14952/0 3585/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 67 UDP 192.168.5.9:55484 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][12 pkts/2100 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][49.87 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2968/0 4680/0 19869/0 5063/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 68 TCP 192.168.2.126:50148 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/1180 bytes <-> 1 pkts/832 bytes][Goodput ratio: 94/92][0.18 sec][Hostname/SNI: mangaweb.1kxun.mobi][URL: mangaweb.1kxun.mobi/images/readpage_revision/like_1.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /images/readpage)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0] + 69 TCP 192.168.2.126:42566 <-> 35.156.44.13:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 4][cat: Web/5][3 pkts/1770 bytes <-> 1 pkts/222 bytes][Goodput ratio: 89/70][0.03 sec][Hostname/SNI: de01.rayjump.com][StatusCode: 200][Content-Type: text/plain][Server: nginx][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gec][PLAIN TEXT (GGET /impression)][Plen Bins: 25,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] + 70 TCP 192.168.5.16:53624 <-> 68.233.253.133:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][7 pkts/996 bytes <-> 5 pkts/986 bytes][Goodput ratio: 52/66][31.95 sec][Hostname/SNI: api.magicansoft.com][bytes ratio: 0.005 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/8 2391/3919 11352/11551 4481/5397][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 142/197 331/390 117/157][URL: api.magicansoft.com/comMagicanApi/composite/app.php/Global/Index/ip][StatusCode: 502][Content-Type: text/html][Server: MServer 1.2.2][User-Agent: Magican (unknown version) CFNetwork/720.5.7 Darwin/14.5.0 (x86_64)][Risk: ** Error Code **][Risk Score: 10][Risk Info: HTTP Error Code 502][PLAIN TEXT (GET /comMagicanApi/composite/ap)][Plen Bins: 0,0,0,0,0,0,0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 71 TCP 192.168.2.126:50140 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/1178 bytes <-> 1 pkts/748 bytes][Goodput ratio: 94/91][0.18 sec][Hostname/SNI: mangaweb.1kxun.mobi][URL: mangaweb.1kxun.mobi/images/readpage_revision/left.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /images/readpage)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0] + 72 TCP 192.168.2.126:50166 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/1179 bytes <-> 1 pkts/746 bytes][Goodput ratio: 94/91][0.18 sec][Hostname/SNI: mangaweb.1kxun.mobi][URL: mangaweb.1kxun.mobi/images/readpage_revision/right.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /images/readpage)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0] + 73 TCP 192.168.2.126:47262 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/937 bytes <-> 1 pkts/883 bytes][Goodput ratio: 93/92][0.31 sec][Hostname/SNI: kankan.1kxun.com][URL: kankan.1kxun.com/video_kankan_tags/v2/api/messages?min_id=0&access_token=&_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d25][StatusCode: 301][Content-Type: text/html][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 74 TCP 192.168.2.126:51686 <-> 18.64.79.64:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1295 bytes <-> 1 pkts/500 bytes][Goodput ratio: 95/87][0.60 sec][Hostname/SNI: net.rayjump.com][URL: net.rayjump.com/openapi/ad/v3?app_id=32456&unit_id=8881&sign=3c28ded04e0f4090229968618244b583&req_type=3&ad_num=20&tnum=1&only_impression=1&ping_mode=1&ttc_ids=%5B%5D&display_cids=%5B19944365299%5D&exclude_ids=%5B19944365299%5D&ad_source_id=1&session_id=6][StatusCode: 200][Content-Type: application/json][Server: nginx][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (GET /openapi/ad/v)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0] + 75 TCP 192.168.2.126:50164 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/1184 bytes <-> 1 pkts/574 bytes][Goodput ratio: 94/88][0.18 sec][Hostname/SNI: mangaweb.1kxun.mobi][URL: mangaweb.1kxun.mobi/images/readpage_revision/more_white.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /images/readpage)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0] + 76 UDP 192.168.101.33:55485 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][10 pkts/1750 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][49.87 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2969/0 5541/0 19870/0 5205/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 77 TCP 192.168.2.126:41940 <-> 18.64.79.50:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1315 bytes <-> 1 pkts/419 bytes][Goodput ratio: 95/84][0.04 sec][Hostname/SNI: tknet-cdn.rayjump.com][URL: tknet-cdn.rayjump.com/ad/log/play?k=629bea20a4e5410001f01c7x&mp=fURPDr5tiUStf7V2fajMiaveHUveDAJ96aiPfU5IiARTfnHIGal9i%2BMefbMefAEeGn3TfaiFfnRPGnEe6jxc6aRAGaxIi%2BMPfdMei%2BewDke6Go9bWUxIi099WUR%2Fi%2BegYFKgY75IhFx8%2BFJML7K%2FH5K9GaHIinhPfdleialM6azIHkPIG][StatusCode: 200][Content-Type: text/plain][Server: nginx][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /ad/log/play)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0] + 78 TCP 192.168.2.126:49242 <-> 172.104.119.80:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][2 pkts/1129 bytes <-> 2 pkts/582 bytes][Goodput ratio: 88/77][2.16 sec][Hostname/SNI: android.yingshi.tcclick.1kxun.com][URL: android.yingshi.tcclick.1kxun.com/api/upload.php][StatusCode: 500][Req Content-Type: application/octet-stream][Content-Type: text/html][Server: openresty/1.11.2.5][User-Agent: okhttp/3.10.0][Risk: ** Error Code **][Risk Score: 10][Risk Info: HTTP Error Code 500][PLAIN TEXT (aPOST /api/upload.php HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 79 TCP 192.168.2.126:56104 <-> 3.72.69.158:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/896 bytes <-> 1 pkts/721 bytes][Goodput ratio: 93/91][0.02 sec][Hostname/SNI: setting.rayjump.com][URL: setting.rayjump.com/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&unit_ids=%5B8881%5D&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&br][StatusCode: 200][Content-Type: text/plain][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (GET /rewardsetting)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 80 UDP 192.168.5.49:51704 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][9 pkts/1611 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][45.06 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2965/0 5631/0 15155/0 3855/0][Pkt Len c2s/s2c min/avg/max/stddev: 179/0 179/0 179/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 81 UDP 192.168.5.50:64674 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][9 pkts/1611 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][57.02 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2949/0 7126/0 24065/0 7503/0][Pkt Len c2s/s2c min/avg/max/stddev: 179/0 179/0 179/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 82 UDP 192.168.5.37:57325 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][9 pkts/1575 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][45.06 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2969/0 5632/0 18024/0 4843/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 83 TCP 192.168.2.126:59324 <-> 104.117.221.10:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/475 bytes <-> 1 pkts/1049 bytes][Goodput ratio: 86/94][0.04 sec][Hostname/SNI: m.vpon.com][URL: m.vpon.com/sdk/vpadn-sdk-core-v1.js][StatusCode: 200][Content-Type: application/x-javascript][Server: AkamaiNetStorage][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36(Mobile; vpadn-sdk-a-v4.6.4)][PLAIN TEXT (GET /sdk/vpadn)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 84 TCP 192.168.2.126:35200 <-> 103.29.71.30:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/953 bytes <-> 1 pkts/563 bytes][Goodput ratio: 93/88][0.36 sec][Hostname/SNI: release.bigdata.1kxun.com][URL: release.bigdata.1kxun.com/c/35/13277?&_in_app=kankan&_udid=e6dbd30b-3b84-44b4-9751-631148a3ede9&_v=2.8.2.1&_package=com.sceneway.kankan&_model=sdk_gphone_x86&_ov=11&_brand=Google&_android_id=b9e28776354d259e&_gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&t=16][StatusCode: 302][Content-Type: text/html][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /c/35/13277)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 85 TCP 192.168.2.126:43272 <-> 18.64.79.58:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1006 bytes <-> 1 pkts/500 bytes][Goodput ratio: 93/87][0.11 sec][Hostname/SNI: net.rayjump.com][URL: net.rayjump.com/openapi/ads?app_id=32456&unit_id=52498&sign=3c28ded04e0f4090229968618244b583&is_vast=1&ad_num=1&http_req=1&client_ip=92.219.40.235&useragent=Dalvik%2F2.1.0+%28Linux%3B+U%3B+Android+11%3B+sdk_gphone_x86+Build%2FRSR1.201013.001%29&os_version][StatusCode: 200][Content-Type: application/json][Server: nginx][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][PLAIN TEXT (GET /openapi/ads)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 86 TCP 192.168.115.8:49607 <-> 218.244.135.170:9099 [proto: 7/HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 274/Alibaba, Confidence: IP address][DPI packets: 8][cat: Web/5][10 pkts/880 bytes <-> 3 pkts/572 bytes][Goodput ratio: 36/69][0.74 sec][Hostname/SNI: 218.244.135.170][bytes ratio: 0.212 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/119 54/119 318/119 106/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 88/191 212/446 62/181][URL: 218.244.135.170:9099/api/qqlive_ckey/get?vid=y0013xaeeyo&platform=10902][StatusCode: 200][User-Agent: Mozilla/5.0][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 218.244.135.170][PLAIN TEXT (GET /api/qq)][Plen Bins: 25,0,0,0,50,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 87 UDP 192.168.5.47:60267 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][8 pkts/1432 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][38.10 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2968/0 5442/0 17101/0 4875/0][Pkt Len c2s/s2c min/avg/max/stddev: 179/0 179/0 179/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 88 UDP 192.168.5.41:55312 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][8 pkts/1400 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][57.22 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2949/0 8174/0 27242/0 8848/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 89 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 18/DHCP, Confidence: DPI][DPI packets: 1][cat: Network/14][4 pkts/1368 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][46.39 sec][Hostname/SNI: shen][DHCP Fingerprint: 1,121,3,6,15,119,252][PLAIN TEXT (android)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 90 UDP 192.168.5.16:68 <-> 192.168.119.1:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 18/DHCP, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/684 bytes <-> 2 pkts/684 bytes][Goodput ratio: 88/88][30.01 sec][Hostname/SNI: macbook-air][DHCP Fingerprint: 1,3,6,15,119,95,252,44,46][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 91 TCP 192.168.2.126:53416 <-> 172.217.16.142:80 [proto: 7.126/HTTP.Google][IP: 126/Google][ClearText][Confidence: DPI][FPC: 7.126/HTTP.Google, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/625 bytes <-> 1 pkts/734 bytes][Goodput ratio: 89/91][0.05 sec][Hostname/SNI: play.google.com][URL: play.google.com/store/apps/details?id=com.azarlive.android&referrer=adjust_external_click_id%3Dv.2_g.143845_a.f84f54bf-31cd-43ff-bd27-526ccc6457da_c.117_t.ua_u.e7df87247cbcea13%26utm_campaign%3DTest%2BCampaign%26utm_content%3DTest%2BSource%2BApp_123456789][StatusCode: 301][Content-Type: application/binary][Server: ESF][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 5.564 (Executable?)][PLAIN TEXT (GET /store/apps/details)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 92 TCP 192.168.2.126:58758 <-> 202.153.196.53:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1110 bytes <-> 1 pkts/236 bytes][Goodput ratio: 94/72][0.32 sec][Hostname/SNI: tw.api.vpon.com][URL: tw.api.vpon.com/api/webviewAdReq?s_w=411&s_h=731&u_w=411&u_h=683&u_sd=2.625&lang=en_US&ni=0&sdk=vpadn-sdk-a-v4.6.4&u_o=1&os_v=30&n_mnc=260&n_mcc=310&mnc=260&mcc=310&format=320x50_mb&msid=com.sceneway.kankan&app_name=30.android.com.sceneway.kankan&simulato][StatusCode: 200][Server: Apache-Coyote/1.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36(Mobile; vpadn-sdk-a-v4.6.4)][PLAIN TEXT (NGET /api/webviewAdReq)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 93 TCP 192.168.2.126:58760 <-> 202.153.196.53:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1110 bytes <-> 1 pkts/236 bytes][Goodput ratio: 94/72][1.09 sec][Hostname/SNI: tw.api.vpon.com][URL: tw.api.vpon.com/api/webviewAdReq?s_w=731&s_h=411&u_w=683&u_h=411&u_sd=2.625&lang=en_US&ni=0&sdk=vpadn-sdk-a-v4.6.4&u_o=2&os_v=30&n_mnc=260&n_mcc=310&mnc=260&mcc=310&format=320x50_mb&msid=com.sceneway.kankan&app_name=30.android.com.sceneway.kankan&simulato][StatusCode: 200][Server: Apache-Coyote/1.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36(Mobile; vpadn-sdk-a-v4.6.4)][PLAIN TEXT (GET /api/webviewAdReq)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 94 TCP 192.168.2.126:56094 <-> 3.72.69.158:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/876 bytes <-> 1 pkts/460 bytes][Goodput ratio: 92/85][0.02 sec][Hostname/SNI: setting.rayjump.com][URL: setting.rayjump.com/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc][StatusCode: 200][Content-Type: text/plain][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (GET /rewardsetting)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 95 TCP 192.168.2.126:56098 <-> 3.72.69.158:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/863 bytes <-> 1 pkts/460 bytes][Goodput ratio: 92/85][0.02 sec][Hostname/SNI: setting.rayjump.com][URL: setting.rayjump.com/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc][StatusCode: 200][Content-Type: text/plain][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (GET /rewardsetting)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 96 TCP 192.168.2.126:47272 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/982 bytes <-> 1 pkts/331 bytes][Goodput ratio: 93/80][0.35 sec][Hostname/SNI: messages.1kxun.mobi][URL: messages.1kxun.mobi/api/messages/listForYingshi?client-uid=e6dbd30b-3b84-44b4-9751-631148a3ede9&min_id=0&access_token=&_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kx][StatusCode: 200][Content-Type: text/xml][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /api/messages/listForYingsh)][Plen Bins: 0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 97 TCP 192.168.2.126:56826 <-> 8.209.97.107:80 [proto: 7/HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 3][cat: Web/5][2 pkts/1156 bytes <-> 1 pkts/142 bytes][Goodput ratio: 91/62][0.02 sec][Hostname/SNI: analytics.rayjump.com][URL: analytics.rayjump.com/][StatusCode: 204][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (POST / HTTP/1.1)][Plen Bins: 0,0,33,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 98 UDP 192.168.5.48:49701 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][7 pkts/1253 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][16.80 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1227/0 2799/0 5942/0 1567/0][Pkt Len c2s/s2c min/avg/max/stddev: 179/0 179/0 179/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 99 TCP 192.168.2.126:43266 -> 18.64.79.58:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1198 bytes -> 0 pkts/0 bytes][Goodput ratio: 94/0][< 1 sec][Hostname/SNI: net.rayjump.com][URL: net.rayjump.com/openapi/ad/v3?app_id=32456&unit_id=8881&sign=3c28ded04e0f4090229968618244b583&req_type=2&ad_num=20&tnum=1&only_impression=1&ping_mode=1&ttc_ids=%5B%5D&ad_source_id=1&ad_type=94&offset=0&channel=&platform=1&os_version=11&package_name=com.sc][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (GET /openapi/ad/v)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0] + 100 UDP 192.168.3.236:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 10/NetBIOS, Confidence: DPI][DPI packets: 1][cat: System/18][13 pkts/1196 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][30.61 sec][Hostname/SNI: isatap][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 715/0 2708/0 9111/0 2902/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/0 92/0 92/0 0/0][PLAIN TEXT (FDEBFEEBFACACACACACACACACACAAA)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 101 TCP 192.168.2.126:40204 <-> 18.235.204.9:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/760 bytes <-> 1 pkts/237 bytes][Goodput ratio: 91/72][0.11 sec][Hostname/SNI: adexp.liftoff.io][URL: adexp.liftoff.io/event/vast/start/57aa80COXjCBIkZjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhGICaqoiTMCB1KMi9DzCiEDobY29tLnNjZW5ld2F5Lmthbmthbi5tYXJrZXQzQhhoYXdrZXItcmVuZGVyaW5nLWNvbnRyb2xKCmQ4MTI5YmY1ZTRQAloDREVVYAJoBHIJdXMtZWFzdC0x4AEBgAF1kgECZW6YAQK][StatusCode: 200][Content-Type: image/png][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /event/vast/start/57aa80COX)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 102 TCP 192.168.2.126:60962 <-> 172.104.93.92:1234 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/255 bytes][Goodput ratio: 89/74][0.31 sec][Hostname/SNI: ws.1kxun.mobi][URL: ws.1kxun.mobi:1234/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c][StatusCode: 101][Server: swoole-websocket-server][User-Agent: okhttp/3.10.0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (Google)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 103 TCP 192.168.2.126:60972 <-> 172.104.93.92:1234 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/255 bytes][Goodput ratio: 89/74][0.24 sec][Hostname/SNI: ws.1kxun.mobi][URL: ws.1kxun.mobi:1234/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c][StatusCode: 101][Server: swoole-websocket-server][User-Agent: okhttp/3.10.0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (Google)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 104 TCP 192.168.2.126:60984 <-> 172.104.93.92:1234 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/255 bytes][Goodput ratio: 89/74][0.27 sec][Hostname/SNI: ws.1kxun.mobi][URL: ws.1kxun.mobi:1234/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c][StatusCode: 101][Server: swoole-websocket-server][User-Agent: okhttp/3.10.0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (Google)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 105 TCP 192.168.2.126:41134 <-> 129.226.107.77:80 [proto: 7.48/HTTP.QQ][IP: 285/Tencent][ClearText][Confidence: DPI][FPC: 7.48/HTTP.QQ, Confidence: DPI][DPI packets: 2][cat: Chat/9][1 pkts/324 bytes <-> 1 pkts/518 bytes][Goodput ratio: 83/89][0.19 sec][Hostname/SNI: cgi.connect.qq.com][URL: cgi.connect.qq.com/qqconnectopen/openapi/policy_conf?status_os=11&status_version=30&status_machine=sdk_gphone_x86&sdkp=a&sdkv=3.1.0.lite&appid=100258135][StatusCode: 302][Content-Type: text/html][Server: stgw][User-Agent: AndroidSDK_30_generic_x86_arm_11][PLAIN TEXT (GET /qq)][Plen Bins: 0,0,0,0,0,0,0,0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 106 TCP 192.168.2.126:38834 <-> 119.45.78.184:80 [proto: 7.48/HTTP.QQ][IP: 285/Tencent][ClearText][Confidence: DPI][FPC: 7.48/HTTP.QQ, Confidence: DPI][DPI packets: 3][cat: Chat/9][2 pkts/655 bytes <-> 1 pkts/170 bytes][Goodput ratio: 80/61][0.31 sec][Hostname/SNI: pingma.qq.com][URL: pingma.qq.com:80/mstat/report][StatusCode: 404][Risk: ** HTTP Susp User-Agent **** Error Code **][Risk Score: 110][Risk Info: Empty or missing User-Agent / HTTP Error Code 404][PLAIN TEXT (POST /mstat/report HTTP/1.1)][Plen Bins: 0,0,0,33,33,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 107 UDP 192.168.5.45:138 -> 192.168.255.255:138 [proto: 10.16/NetBIOS.SMBv1][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 10.16/NetBIOS.SMBv1, Confidence: DPI][DPI packets: 1][cat: System/18][3 pkts/648 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][0.00 sec][Hostname/SNI: macbookair-e1d0][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT ( ENEBEDECEPEPELEBEJ)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 108 TCP 192.168.2.126:54810 <-> 18.233.123.55:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/490 bytes <-> 1 pkts/141 bytes][Goodput ratio: 86/53][0.11 sec][Hostname/SNI: impression-east.liftoff.io][URL: impression-east.liftoff.io/mintegral/beacon?ad_group_id=143845&channel_id=117&creative_id=253640&auction_id=f84f54bf-31cd-43ff-bd27-526ccc6457da&origin=haggler-mintegral021][StatusCode: 200][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /mintegral/beacon)][Plen Bins: 0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 109 TCP 192.168.2.126:51888 -> 119.28.164.143:80 [proto: 7/HTTP][IP: 285/Tencent][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/571 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Hostname/SNI: qzonestyle.gtimg.cn][URL: qzonestyle.gtimg.cn/qzone/openapi/qc-1.0.1.js][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (GET /qzone/openapi/qc)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 110 TCP 192.168.2.126:47230 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Download/7][1 pkts/223 bytes <-> 1 pkts/330 bytes][Goodput ratio: 70/80][0.18 sec][Hostname/SNI: kankan.1kxun.mobi][URL: kankan.1kxun.mobi/api.domain.conf][StatusCode: 200][Content-Type: application/octet-stream][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][Risk: ** Binary File/Data Transfer (Attempt) **][Risk Score: 50][Risk Info: Found binary mime octet-stream][PLAIN TEXT (GET /api.domain.conf HTTP/1.1)][Plen Bins: 0,0,0,0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 111 UDP 192.168.115.8:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 10/NetBIOS, Confidence: DPI][DPI packets: 1][cat: System/18][6 pkts/552 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][1.50 sec][Hostname/SNI: wpad][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 300/0 749/0 367/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/0 92/0 92/0 0/0][PLAIN TEXT ( FHFAEBEECACACACACACACACACACACA)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 112 UDP 192.168.5.67:138 -> 192.168.255.255:138 [proto: 10.16/NetBIOS.SMBv1][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 10.16/NetBIOS.SMBv1, Confidence: DPI][DPI packets: 1][cat: System/18][2 pkts/549 bytes -> 0 pkts/0 bytes][Goodput ratio: 85/0][< 1 sec][Hostname/SNI: sanji-lifebook-][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT ( FDEBEOEKEJ)][Plen Bins: 0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 113 UDP [fe80::406:55a8:6453:25dd]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 103/DHCPV6, Confidence: DPI][DPI packets: 1][cat: Network/14][5 pkts/490 bytes -> 0 pkts/0 bytes][Goodput ratio: 37/0][15.56 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 114 UDP [fe80::beee:7bff:fe0c:b3de]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 103/DHCPV6, Confidence: DPI][DPI packets: 1][cat: Network/14][4 pkts/392 bytes -> 0 pkts/0 bytes][Goodput ratio: 37/0][14.54 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 115 UDP 192.168.5.16:63372 <-> 168.95.1.1:53 [proto: 5.315/DNS.Line][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.315/DNS.Line, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/89 bytes <-> 1 pkts/289 bytes][Goodput ratio: 52/85][0.01 sec][Hostname/SNI: dl-obs.official.line.naver.jp][203.69.81.73][PLAIN TEXT (official)][Plen Bins: 0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 116 TCP 192.168.115.8:49596 <-> 203.66.182.87:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][4 pkts/220 bytes <-> 2 pkts/132 bytes][Goodput ratio: 2/0][45.01 sec][bytes ratio: 0.250 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/45002 14999/45002 44996/45002 21211/0][Pkt Len c2s/s2c min/avg/max/stddev: 55/66 55/66 55/66 0/0][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 117 UDP 192.168.5.9:68 -> 255.255.255.255:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 18/DHCP, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/342 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][< 1 sec][Hostname/SNI: joanna-pc][DHCP Fingerprint: 1,15,3,6,44,46,47,31,33,121,249,43,252][DHCP Class Ident: MSFT 5.0][PLAIN TEXT (Joanna)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 118 UDP 192.168.5.41:68 -> 255.255.255.255:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 18/DHCP, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/342 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][< 1 sec][Hostname/SNI: kevin-pc][DHCP Fingerprint: 1,15,3,6,44,46,47,31,33,121,249,43,252][DHCP Class Ident: MSFT 5.0][PLAIN TEXT (MSFT 5.07)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 119 TCP 192.168.2.126:35666 -> 18.66.2.90:80 [proto: 7.291/HTTP.MpegDash][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7.291/HTTP.MpegDash, Confidence: DPI][DPI packets: 1][cat: Media/1][1 pkts/299 bytes -> 0 pkts/0 bytes][Goodput ratio: 78/0][< 1 sec][Hostname/SNI: cdn.liftoff.io][URL: cdn.liftoff.io/customers/45d4b09eba/videos/mobile/fd5692dd53042b199e03.mp4][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (GET /customers/45)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 120 UDP 192.168.115.8:60724 <-> 8.8.8.8:53 [proto: 5.295/DNS.1kxun][IP: 126/Google][ClearText][Confidence: DPI][FPC: 5.295/DNS.1kxun, Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/146 bytes <-> 1 pkts/137 bytes][Goodput ratio: 42/69][0.05 sec][Hostname/SNI: pic.1kxun.com][106.187.35.246][Plen Bins: 66,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 121 UDP 192.168.0.104:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 10/NetBIOS, Confidence: DPI][DPI packets: 1][cat: System/18][3 pkts/276 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][1.54 sec][Hostname/SNI: sc.arrancar.org][PLAIN TEXT ( FDEDCOEBFC)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 122 UDP 192.168.115.8:51024 <-> 8.8.8.8:53 [proto: 5.295/DNS.1kxun][IP: 126/Google][ClearText][Confidence: DPI][FPC: 5.295/DNS.1kxun, Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/160 bytes <-> 1 pkts/112 bytes][Goodput ratio: 47/62][0.02 sec][Hostname/SNI: jp.kankan.1kxun.mobi][106.185.35.110][PLAIN TEXT (kankan)][Plen Bins: 0,66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 123 UDP 192.168.115.8:54420 <-> 8.8.8.8:53 [proto: 5.48/DNS.QQ][IP: 126/Google][ClearText][Confidence: DPI][FPC: 5.48/DNS.QQ, Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/150 bytes <-> 1 pkts/116 bytes][Goodput ratio: 44/63][0.04 sec][Hostname/SNI: vv.video.qq.com][203.205.151.234][Plen Bins: 0,66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 124 UDP 192.168.115.8:52723 <-> 8.8.8.8:53 [proto: 5.295/DNS.1kxun][IP: 126/Google][ClearText][Confidence: DPI][FPC: 5.295/DNS.1kxun, Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/152 bytes <-> 1 pkts/108 bytes][Goodput ratio: 44/61][1.05 sec][Hostname/SNI: kankan.1kxun.com][222.73.254.113][PLAIN TEXT (kankan)][Plen Bins: 0,66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 125 UDP 192.168.115.8:52723 <-> 168.95.1.1:53 [proto: 5.295/DNS.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.295/DNS.1kxun, Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/152 bytes <-> 1 pkts/108 bytes][Goodput ratio: 44/61][0.00 sec][Hostname/SNI: kankan.1kxun.com][222.73.254.167][PLAIN TEXT (kankan)][Plen Bins: 0,66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 126 UDP 192.168.115.8:51458 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][4 pkts/256 bytes -> 0 pkts/0 bytes][Goodput ratio: 34/0][0.10 sec][Hostname/SNI: wpad][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 127 TCP 192.168.5.16:53613 -> 68.233.253.133:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Web/5][3 pkts/198 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][36.19 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 128 UDP [fe80::9bd:81dd:2fdc:5750]:61548 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/190 bytes -> 0 pkts/0 bytes][Goodput ratio: 35/0][0.41 sec][Hostname/SNI: caesar-thinkpad][PLAIN TEXT (caesar)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 129 UDP [fe80::9bd:81dd:2fdc:5750]:64568 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/190 bytes -> 0 pkts/0 bytes][Goodput ratio: 35/0][0.41 sec][Hostname/SNI: caesar-thinkpad][PLAIN TEXT (caesar)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 130 UDP 192.168.5.45:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 10/NetBIOS, Confidence: DPI][DPI packets: 1][cat: System/18][2 pkts/184 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][1.02 sec][Hostname/SNI: nasfile][PLAIN TEXT ( EOEBFDEGEJEMEFCACACACACACACACA)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 131 UDP [fe80::e98f:bae2:19f7:6b0f]:51451 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/184 bytes -> 0 pkts/0 bytes][Goodput ratio: 32/0][0.41 sec][Hostname/SNI: ????????????][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][Risk Info: Invalid chars detected in domain name][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 132 UDP [fe80::e98f:bae2:19f7:6b0f]:54888 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/184 bytes -> 0 pkts/0 bytes][Goodput ratio: 32/0][0.10 sec][Hostname/SNI: ????????????][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][Risk Info: Invalid chars detected in domain name][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 133 UDP [fe80::e98f:bae2:19f7:6b0f]:58779 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/184 bytes -> 0 pkts/0 bytes][Goodput ratio: 32/0][0.41 sec][Hostname/SNI: ????????????][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][Risk Info: Invalid chars detected in domain name][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 134 UDP [fe80::e034:7be:d8f9:6197]:49766 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/182 bytes -> 0 pkts/0 bytes][Goodput ratio: 32/0][0.41 sec][Hostname/SNI: charming-pc][PLAIN TEXT (charming)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 135 UDP [fe80::5d92:62a8:ebde:1319]:49735 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/178 bytes -> 0 pkts/0 bytes][Goodput ratio: 30/0][0.10 sec][Hostname/SNI: wangs-ltw][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 136 UDP [fe80::5d92:62a8:ebde:1319]:58468 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/178 bytes -> 0 pkts/0 bytes][Goodput ratio: 30/0][0.10 sec][Hostname/SNI: wangs-ltw][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 137 TCP 192.168.115.8:49581 <-> 64.233.189.128:80 [proto: 7/HTTP][IP: 126/Google][ClearText][Confidence: Match by port][FPC: 126/Google, Confidence: IP address][DPI packets: 3][cat: Web/5][2 pkts/110 bytes <-> 1 pkts/66 bytes][Goodput ratio: 2/0][0.01 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 138 UDP [fe80::4568:efbc:40b1:1346]:50194 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/176 bytes -> 0 pkts/0 bytes][Goodput ratio: 29/0][0.10 sec][Hostname/SNI: kevin-pc][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 139 UDP [fe80::4568:efbc:40b1:1346]:57148 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/176 bytes -> 0 pkts/0 bytes][Goodput ratio: 29/0][0.10 sec][Hostname/SNI: kevin-pc][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 140 UDP [fe80::5d92:62a8:ebde:1319]:61172 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/174 bytes -> 0 pkts/0 bytes][Goodput ratio: 29/0][0.10 sec][Hostname/SNI: sonusav][PLAIN TEXT (sonusav)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 141 UDP [fe80::5d92:62a8:ebde:1319]:53938 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/172 bytes -> 0 pkts/0 bytes][Goodput ratio: 28/0][0.10 sec][Hostname/SNI: isatap][PLAIN TEXT (isatap)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 142 UDP [fe80::5d92:62a8:ebde:1319]:63659 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/172 bytes -> 0 pkts/0 bytes][Goodput ratio: 28/0][0.11 sec][Hostname/SNI: isatap][PLAIN TEXT (isatap)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 143 UDP [fe80::edf5:240a:c8c0:8312]:53962 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/172 bytes -> 0 pkts/0 bytes][Goodput ratio: 28/0][0.41 sec][Hostname/SNI: ro_x1c][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 144 UDP [fe80::edf5:240a:c8c0:8312]:61603 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/172 bytes -> 0 pkts/0 bytes][Goodput ratio: 28/0][0.41 sec][Hostname/SNI: ro_x1c][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 145 UDP 192.168.5.49:61548 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/150 bytes -> 0 pkts/0 bytes][Goodput ratio: 44/0][0.41 sec][Hostname/SNI: caesar-thinkpad][PLAIN TEXT (caesar)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 146 UDP 192.168.5.49:64568 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/150 bytes -> 0 pkts/0 bytes][Goodput ratio: 44/0][0.41 sec][Hostname/SNI: caesar-thinkpad][PLAIN TEXT (caesar)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 147 UDP 192.168.3.95:51451 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/144 bytes -> 0 pkts/0 bytes][Goodput ratio: 41/0][0.41 sec][Hostname/SNI: ????????????][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][Risk Info: Invalid chars detected in domain name][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 148 UDP 192.168.3.95:54888 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/144 bytes -> 0 pkts/0 bytes][Goodput ratio: 41/0][0.10 sec][Hostname/SNI: ????????????][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][Risk Info: Invalid chars detected in domain name][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 149 UDP 192.168.3.95:58779 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/144 bytes -> 0 pkts/0 bytes][Goodput ratio: 41/0][0.41 sec][Hostname/SNI: ????????????][Risk: ** Non-Printable/Invalid Chars Detected **][Risk Score: 100][Risk Info: Invalid chars detected in domain name][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 150 UDP 192.168.5.50:57143 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/142 bytes -> 0 pkts/0 bytes][Goodput ratio: 41/0][0.41 sec][Hostname/SNI: charming-pc][PLAIN TEXT (charming)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 151 UDP 192.168.5.50:62756 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/142 bytes -> 0 pkts/0 bytes][Goodput ratio: 41/0][0.41 sec][Hostname/SNI: charming-pc][PLAIN TEXT (charming)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 152 UDP 192.168.5.48:59797 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/140 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][0.41 sec][Hostname/SNI: kasper-mac][PLAIN TEXT (Kasper)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 153 UDP 192.168.3.236:62069 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/138 bytes -> 0 pkts/0 bytes][Goodput ratio: 39/0][0.10 sec][Hostname/SNI: wangs-ltw][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 154 UDP 192.168.3.236:65496 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/138 bytes -> 0 pkts/0 bytes][Goodput ratio: 39/0][0.10 sec][Hostname/SNI: wangs-ltw][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 155 UDP 192.168.5.9:58456 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/138 bytes -> 0 pkts/0 bytes][Goodput ratio: 39/0][0.10 sec][Hostname/SNI: joanna-pc][PLAIN TEXT (Joanna)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 156 UDP 192.168.5.9:62822 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/138 bytes -> 0 pkts/0 bytes][Goodput ratio: 39/0][0.10 sec][Hostname/SNI: joanna-pc][PLAIN TEXT (Joanna)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 157 UDP 192.168.101.33:58456 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/138 bytes -> 0 pkts/0 bytes][Goodput ratio: 39/0][0.10 sec][Hostname/SNI: joanna-pc][PLAIN TEXT (Joanna)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 158 UDP 192.168.101.33:62822 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/138 bytes -> 0 pkts/0 bytes][Goodput ratio: 39/0][0.10 sec][Hostname/SNI: joanna-pc][PLAIN TEXT (Joanna)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 159 UDP 192.168.5.37:54506 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/136 bytes -> 0 pkts/0 bytes][Goodput ratio: 38/0][0.41 sec][Hostname/SNI: notebook][PLAIN TEXT (notebook)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 160 UDP 192.168.5.37:56366 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/136 bytes -> 0 pkts/0 bytes][Goodput ratio: 38/0][0.41 sec][Hostname/SNI: notebook][PLAIN TEXT (notebook)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 161 UDP 192.168.5.41:54470 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/136 bytes -> 0 pkts/0 bytes][Goodput ratio: 38/0][0.10 sec][Hostname/SNI: kevin-pc][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 162 UDP 192.168.5.44:58702 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/136 bytes -> 0 pkts/0 bytes][Goodput ratio: 38/0][0.10 sec][Hostname/SNI: jason-pc][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 163 UDP 192.168.5.44:59571 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/136 bytes -> 0 pkts/0 bytes][Goodput ratio: 38/0][0.10 sec][Hostname/SNI: jason-pc][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 164 UDP 192.168.5.57:64428 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/136 bytes -> 0 pkts/0 bytes][Goodput ratio: 38/0][0.10 sec][Hostname/SNI: usher-pc][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 165 UDP 192.168.5.57:65150 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/136 bytes -> 0 pkts/0 bytes][Goodput ratio: 38/0][0.10 sec][Hostname/SNI: usher-pc][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 166 UDP 192.168.3.236:51714 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/132 bytes -> 0 pkts/0 bytes][Goodput ratio: 36/0][0.11 sec][Hostname/SNI: isatap][PLAIN TEXT (isatap)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 167 UDP 192.168.3.236:56043 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/132 bytes -> 0 pkts/0 bytes][Goodput ratio: 36/0][0.10 sec][Hostname/SNI: isatap][PLAIN TEXT (isatap)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 168 UDP 192.168.5.47:53962 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/132 bytes -> 0 pkts/0 bytes][Goodput ratio: 36/0][0.41 sec][Hostname/SNI: ro_x1c][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 169 UDP 192.168.5.47:61603 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/132 bytes -> 0 pkts/0 bytes][Goodput ratio: 36/0][0.41 sec][Hostname/SNI: ro_x1c][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 170 TCP 192.168.5.16:53605 -> 68.233.253.133:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: Web/5][2 pkts/126 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][22.90 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 171 TCP 192.168.5.16:53622 <-> 192.168.115.75:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: Web/5][1 pkts/60 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.00 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 172 UDP [fe80::f65c:89ff:fe89:e607]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 103/DHCPV6, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/98 bytes -> 0 pkts/0 bytes][Goodput ratio: 36/0][< 1 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 173 UDP 192.168.5.45:59461 -> 192.168.255.255:137 [proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 10/NetBIOS, Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/92 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][< 1 sec][Hostname/SNI: gfile][PLAIN TEXT ( EHEGEJEMEFCACACACACACACACACACA)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 174 UDP 192.168.5.45:59789 -> 192.168.255.255:137 [proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 10/NetBIOS, Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/92 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][< 1 sec][Hostname/SNI: sanji-lifebook-][PLAIN TEXT ( FDEBEOEKEJ)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 175 UDP [fe80::e034:7be:d8f9:6197]:57143 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/91 bytes -> 0 pkts/0 bytes][Goodput ratio: 32/0][< 1 sec][Hostname/SNI: charming-pc][PLAIN TEXT (charming)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 176 UDP [fe80::e034:7be:d8f9:6197]:62756 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/91 bytes -> 0 pkts/0 bytes][Goodput ratio: 32/0][< 1 sec][Hostname/SNI: charming-pc][PLAIN TEXT (charming)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 177 UDP 192.168.5.16:123 -> 17.253.26.125:123 [proto: 9/NTP][IP: 140/Apple][ClearText][Confidence: DPI][FPC: 9/NTP, Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/90 bytes -> 0 pkts/0 bytes][Goodput ratio: 53/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 178 UDP 192.168.5.64:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Hostname/SNI: _googlecast._tcp.local][_googlecast._tcp.local][PLAIN TEXT (googlecast)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 179 UDP 192.168.5.50:49766 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/71 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][< 1 sec][Hostname/SNI: charming-pc][PLAIN TEXT (charming)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 180 UDP 192.168.5.50:50030 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/71 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][< 1 sec][Hostname/SNI: charming-pc][PLAIN TEXT (charming)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 181 UDP 192.168.5.41:55593 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/68 bytes -> 0 pkts/0 bytes][Goodput ratio: 38/0][< 1 sec][Hostname/SNI: kevin-pc][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 182 UDP 192.168.5.44:59062 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/68 bytes -> 0 pkts/0 bytes][Goodput ratio: 38/0][< 1 sec][Hostname/SNI: jason-pc][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 183 UDP 192.168.3.236:59730 -> 224.0.0.252:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/67 bytes -> 0 pkts/0 bytes][Goodput ratio: 37/0][< 1 sec][Hostname/SNI: sonusav][PLAIN TEXT (sonusav)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + + +Undetected flows: + 1 UDP 192.168.10.110:60480 -> 255.255.255.255:62976 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][5 pkts/1795 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][40.04 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 UDP [2001:b030:214:100:c2a0:bbff:fe73:eb47]:62976 -> [ff02::1]:62976 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][2 pkts/782 bytes -> 0 pkts/0 bytes][Goodput ratio: 84/0][30.00 sec][PLAIN TEXT (Switch)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 UDP [2001:b020:6::c2a0:bbff:fe73:eb57]:62976 -> [ff02::1]:62976 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][2 pkts/782 bytes -> 0 pkts/0 bytes][Goodput ratio: 84/0][30.01 sec][PLAIN TEXT (Switch)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 4 UDP 192.168.10.7:62976 -> 255.255.255.255:62976 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][2 pkts/718 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][30.11 sec][PLAIN TEXT (Switch)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 5 UDP 192.168.125.30:62976 -> 255.255.255.255:62976 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][2 pkts/718 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][30.10 sec][PLAIN TEXT (Switch)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 6 UDP 192.168.140.140:62976 -> 255.255.255.255:62976 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][1 pkts/359 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][< 1 sec][PLAIN TEXT (Switch)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 7 UDP [fe80::4e5e:cff:feea:365]:5678 -> [ff02::1]:5678 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][1 pkts/197 bytes -> 0 pkts/0 bytes][Goodput ratio: 68/0][< 1 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 5.188 (Executable?)][PLAIN TEXT (6.35.1 )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 8 UDP [fe80::4e5e:cff:fe9a:ec54]:5678 -> [ff02::1]:5678 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][1 pkts/185 bytes -> 0 pkts/0 bytes][Goodput ratio: 66/0][< 1 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 5.214 (Executable?)][PLAIN TEXT (6.35.1 )][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 9 UDP 192.168.119.1:56861 -> 255.255.255.255:5678 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][1 pkts/177 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 5.168 (Executable?)][PLAIN TEXT (6.35.1 )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 10 UDP 59.120.208.218:50151 -> 255.255.255.255:1947 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][2 pkts/164 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][34.71 sec][PLAIN TEXT (AABHZW50cmljZV9)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 11 UDP 192.168.2.186:32768 -> 255.255.255.255:1947 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][2 pkts/164 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][34.72 sec][PLAIN TEXT (icRVSoU)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 12 UDP 192.168.119.2:43786 -> 255.255.255.255:5678 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][1 pkts/163 bytes -> 0 pkts/0 bytes][Goodput ratio: 74/0][< 1 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 5.052 (Executable?)][PLAIN TEXT (6.35.4 )][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 13 UDP 192.168.0.100:50925 -> 255.255.255.255:5678 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][1 pkts/142 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 5.173 (Executable?)][PLAIN TEXT (6.35.1 )][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 14 UDP 59.120.208.212:32768 -> 255.255.255.255:1947 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][1 pkts/82 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][PLAIN TEXT (dDYcTc4)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]