Embed Size (px)
Citation preview
Application and Network
Risk ReportRisk Report
Juniper Networks SRX
for
Company Inc.
Powered by
Prepared by: OneConfig
Device: SRX1500-example_co
Model: srx1500
From: 2016-09-22 To: 2016-09-29
Why choose Juniper Networks SRX Series Gateways?
High performance security with advanced, integrated threat intelligence, delivered on the industry's most
scalable and resilient platform. SRX Series Gateways set new benchmarks with faster interfaces and feature
Express Path technology, which enables incredible performance.
Juniper’s SRX Series Gateway delivers the following advantages:
Provides advanced, next-generation defense, with a comprehensive suite of layered
security services. All SRX Series gateways are built for resiliency, scalability, and
availability to secure your data center or enterprise edge against the broadest
spectrum of threats
Supports fast, secure, and highly available data center and enterprise edge
operations, with unmatched performance and scalability, massive session volumes,
and flexible large scale connectivity, with ultra low latency performance of up to 1
Tbps.
Delivers continuous uptime through in-service hardware and software upgrades,
redundant components, and carrier-class hardware for resiliency. The high-end SRX
Series gateways deliver six nines reliability for nonstop business continuity and
application availability.
Provides outstanding value for high speed, highly effective security services—even
with multiple services enabled. The system’s flexible, modular approach protects your
investment by scaling for future network growth.
Top Applications
AppSecure is a suite of security capabilities that identifies applications for greater visibility, enforcement,
control, and protection of the network.
This section of the report shows details from Juniper’s AppSecure AppTrack feature. It analyses application
data and classifies it based on risk level and category. It helps you understand what applications are utilizing
the network by listing the top 10 applications based on data volumes. It shows details of the sessions, bytes,
categories and risk rating for each application listed.
How does this help?
With this knowledge you can decide whether you need to investigate high-risk or high data
consuming applications, and whether to take further action to deny or limited specific
applications’ access to the network.
Total AppSecure Data: 0.7 TB (top 10: 0.5 TB, others: 194 GB)
Application NameApplication Name SessionsSessions BytesBytes CategoryCategory Risk (1= low, 5= high)Risk (1= low, 5= high)
OFFICE365-CREATE-CONVERSATION 595427 159 GB Web 4
SSL 1120819 79 GB Infrastructure 1
LCP 688 79 GB Infrastructure 2
GOOGLE 105584 46 GB Web 3
HTTP 1364767 43 GB Web 5
PPTP 220572 38 GB Web 4
FACEBOOK-VIDEO-STREAM 22175 24 GB Web 2
FACEBOOK-ACCESS 102023 20 GB Web 5
OUTLOOK 53833 16 GB Web 3
SPOTIFY 17578 16 GB Multimedia 2
Top Applications
OFFICE365-CREATE-
CONVERSATION
SSL
LCP
HTTP
PPTP
FACEBOOK-VIDEO-STRE…
FACEBOOK-ACCESS
OUTLOOK
SPOTIFY
other
22.2%
11.1%
11%
27.1%
6.1% 6.4%
* Inconclusive typically refers to applications where
a matching signature cannot be found e.g. custom
developed apps
Top Web Applications
This is a more specific view of application data showing the WebApps that were detected by AppSecure. This
includes application name, number of sessions observed, amount of traffic and risk rating.
How does this help?
With this knowledge you can decide whether you need to investigate high-risk or high data
consuming web applications, and whether to take further action to deny or limited specific
applications’ access to the network. This information is also useful when combined with Juniper's
Enhanced Web Filtering features.
Total Web App Data: 461 GB (top 25: 423 GB, others: 37 GB)
Application NameApplication Name SessionsSessions BytesBytes Risk (1= low, 5= high)Risk (1= low, 5= high)
OFFICE365-CREATE-CONVERSATION 595427 159 GB 4
GOOGLE 105584 46 GB 3
HTTP 1364767 43 GB 5
FACEBOOK-VIDEO-STREAM 22175 24 GB 2
FACEBOOK-ACCESS 102023 20 GB 5
OUTLOOK 53833 16 GB 3
TWITTER 79360 15 GB 2
YOUTUBE 13473 10 GB 2
MICROSOFT-LIVE-SERVICES 131504 9 GB 5
YAHOO 75737 9 GB 2
NETFLIX-STREAM 1463 9 GB 2
DROPBOX 11406 9 GB 2
AMAZON-AWS 117548 8.9 GB 2
AKAMAI-SSL 11475 5.7 GB 1
GOOGLE-PLUS-SSL 106958 5.4 GB 2
PANDORA 14744 3.4 GB 2
YAHOO-MAIL 8473 3.4 GB 2
HTTP-VIDEO 1655 3.3 GB 2
APPLE-IOS-UPDATE-SSL 28487 3.3 GB 3
FLICKR 8647 3.2 GB 2
FASTLY 15269 2.9 GB 2
ITUNES 7582 2.7 GB 3
CLOUDFLARE 26152 2.4 GB 2
CNN 17702 2.3 GB 2
AMAZON 20614 2.1 GB 5
GeoIP
This section of the report provides a graphical illustration of the locations by country of the source and
destination of traffic on your network. The information also includes volume of traffic by country.
How does this help?
Understanding your traffic flows can help identify issues of network/resource misuse or
compromised systems.
Bytes per country
358,096,939358,096,939 597,952,775,089597,952,775,089
CountryCountry DataData
United States 0.5 TB
Private IP 98 GB
Ireland 42 GB
Canada 26 GB
Europe 4.8 GB
Brazil 2.5 GB
Netherlands 1.4 GB
Germany 0.8 GB
United Kingdom 0.6 GB
Singapore 341 MB
other 0.7 GB
Sky ATP
Sky Advanced Threat Prevention is a cloud-based service that is integrated with Juniper SRX Series firewalls. It
delivers a dynamic anti-malware solution that adapts to an ever-changing threat landscape.
How does this help?
You can use this information to understand the type, frequency and severity of the attacks
detected and mitigated by Juniper Sky ATP. It identifies compromised hosts within your network,
allowing you to investigate further and take any necessary action.
Sky ATP statistics
StatisticStatistic CountCount
Session Interested 12743
Session Processed 8487
Session Ignored 0
Session Permitted 12634
Session Blocked 0
Total HTTP Session
Processed6985
Total HTTPS Session
Processed3738
File Equal or Above Verdict
Threshold0
File Under Verdict
Threshold8
StatisticStatistic CountCount
File Send to Cloud
Successfully8
File Send to Cloud Failed 196
File Not Send to Cloud 14015
File Send to Cloud Partially 0
Blacklist Hit 0
Whitelist Hit 0
Fallback Permit 215
Fallback Block 0
File Categories
executable
100%
Treat Levels
N/A
100%
Sky ATP hosts
IPIP SiteSite CountCount VerdictVerdict ActionAction CategoryCategory
192.168.2.157 au.v4.download.windowsupdate.com 1 N/A PERMIT executable
Web Filtering
This service is delivered using Juniper’s Enhanced Web Filtering service, which redirects web requests to an
external service to check and verify their safety. This section of the report lists the number of web requests
handled by the Juniper SRX and the number of requests blocked.
How does this help?
You can use this information to understand how many requests are being inspected and how
many are being blocked. You can use this information to decide whether you need to investigate
high levels of blocked requests.
Total Web Requests : 470
Top IPs: Block
Source IP (count)Source IP (count) Destination IP (count)Destination IP (count) CategoryCategory URLURL
172.18.6.106 (41) 89.34.106.16 (41) Enhanced_Adult_Content video.bzi.ro
172.18.9.109 (26)
52.22.65.58 (9) Enhanced_Gambling free.sportsinsights.com
52.0.161.134 (6) Enhanced_Gambling cdn.sportsinsights.com
54.230.5.64 (4) Enhanced_Gambling cloudfront.sportsinsights.com
64.150.188.163 (3) Enhanced_Gambling www.fantasyfeud.com
52.85.202.98 (4) Enhanced_Gambling cloudfront.sportsinsights.com
172.18.13.102 (21) 65.18.174.166 (21) Enhanced_Gambling www.footballlocks.com
172.18.6.115 (8) 104.20.26.3 (8) Enhanced_Gambling 104.20.26.3
172.18.10.119 (8) 104.20.27.3 (8) Enhanced_Gambling 104.20.27.3
172.18.10.105 (7)
31.222.48.70 (6) Enhanced_Gambling www.ladbrokes.com
31.222.48.61 (1) Enhanced_Gambling sports.ladbrokes.com
172.18.10.104 (6) 104.20.26.3 (6) Enhanced_Gambling 104.20.26.3
172.18.9.112 (5)
52.22.65.58 (4) Enhanced_Gambling free.sportsinsights.com
107.154.106.8 (1) Enhanced_Gambling liveatthebike.com
172.18.9.117 (2)
192.0.79.33 (1) Enhanced_Adult_Content theberry.com
162.208.117.11 (1) Enhanced_Adult_Content horizon.theberry.com
172.18.14.134 (2) 104.16.120.62 (2) Enhanced_Adult_Content 104.16.120.62
172.16.200.24 (1) 139.162.26.87 (1) Enhanced_Adult_Content linksredirect.com
192.168.200.101 (1) 162.208.117.10 (1) Enhanced_Adult_Content link.playboy.com
172.18.10.108 (1) 165.189.157.173 (1) Enhanced_Gambling www.wilottery.com
Anti-virus
Anti-Virus uses an integrated scanning engine and virus signature databases to protect against viruses, trojans,
rootkits, worms, and other types of malicious code from reaching devices on your network. This section of the
report lists the number of items scanned, viruses found, cleaned and associated host IP addresses.
How does this help?
You can use this information to understand the volume of threats scanned, mitigated and cleaned.
You can track the hosts within your network that are transmitting these files in order to take
further action.
Anti-Virus Statistics
CategoryCategory CountCount
Total 1425400
Clean 1403134
Threat-found 39
Fallback 421
Anti-Virus Sources
IPIP NameName CountCount FilenameFilename URLURL
172.18.9.108 C2/Zbot-A 2label.shieldapps.biz/call
back/bo.php
HTTP://SXL2-
01.P.LINK.SOPHOS.CO
M/T/en/C2/Zbot-A
172.18.14.134 Mal/HTMLGen-A 3
gmai.com/XX/YY/ZZ/CI
/MGPGHGPGPFGHCD
PFGGHGFHBGCHEGP
FHHGG
HTTP://SXL2-
01.P.LINK.SOPHOS.CO
M/T/en/Mal/HTMLGen-
A
172.18.9.111 C2/Zbot-A 2label.shieldapps.biz/call
back/bo.php
HTTP://SXL2-
01.P.LINK.SOPHOS.CO
M/T/en/C2/Zbot-A
Anti-Virus Destinations
IPIP NameName CountCount FilenameFilename URLURL
149.210.147.77 C2/Zbot-A 4label.shieldapps.biz/call
back/bo.php
HTTP://SXL2-
01.P.LINK.SOPHOS.CO
M/T/en/C2/Zbot-A
216.157.88.23 Mal/HTMLGen-A 3
gmai.com/XX/YY/ZZ/CI
/MGPGHGPGPFGHCD
PFGGHGFHBGCHEGP
FHHGG
HTTP://SXL2-
01.P.LINK.SOPHOS.CO
M/T/en/Mal/HTMLGen-
A
Anti-Virus Files
NameName CountCount
C2/Zbot-A 4
Mal/HTMLGen-A 3
Security Intelligence
The Spotlight Security Intelligence service identifies hosts that initiate contact with a possible Command and
Control (CC) server on the Internet.
How does this help?
You can use this information to understand the type, frequency and severity of the attacks
detected and mitigated by Juniper Sky ATP. It identifies compromised hosts within your network,
allowing you to investigate further and take any necessary action.
Total Sessions : 0
Block drop : 0
Block close : 0
Close redirect : 0
Top Intrusion Detection and Prevention Activity
This section of the report describes the top Intrusion Detection and Prevention (IDP) activity as seen by the
Juniper SRX on your network. IDP lets you selectively enforce various attack detection and prevention
techniques on the network traffic passing through your the SRX device.
How does this help?
You can use this information to understand the type, frequency and severity of the attacks
detected and mitigated by the Juniper SRX. You can then decide whether to investigate further.
Attack NameAttack Name Attack Detailed NameAttack Detailed Name HitsHits SeveritySeverity
HTTP:TOO-MANY-
PARAMETERS
HTTP: Too many parameters
This protocol anomaly is triggered when it detects an HTTP request
with the number of parameters above the pre-set threshold. This
threshold can be adjusted in via NSM.
4 Major
HTTP:XSS:HTML-SCRIPT-IN-
POST
HTTP: HTML Script Tag Embedded in Post Submission
This signature detects attempts at cross-site scripting attacks.
Attackers can create a malicious Web site that includes HTML
embedded in the hyperlinks, which can violate site security settings.
This signature can false positive on valid submissions containing
scripts.
21 Minor
HTTP:APACHE:STRUTS-URL-
DOS
HTTP: Apache Struts URLValidator Denial of Service
This signature detects attempts to exploit a known vulnerability
against Apache Struts. Successful attack can result in a denial-of-
service situation.
6 Minor
HTTP:REQERR:POST-
MISSING-DATA
HTTP: POST Submission Missing Data
This signature detects a POST submission that does not include the
POST data in the first packet payload. This may be an indication of a
Denial of Service (DoS) using the 'Slowloris' technique. It also may be a
non-malicious submission with a low MTU.
3 Minor
HTTP:IIS:ENCODING:SINGLE-
DIG-1
HTTP: IIS Single Encoding (1)
This signature detects a single digit encoded in a URL. Microsoft
Internet Information Services (IIS) uses special techniques to decode
URLs. Attackers can be attempting to exploit these IIS techniques to
evade detection by IDP.
2 Minor
HTTP:PHP:WP-INCLUDES-
ACCESSHTTP: WordPress "wp-includes" Path Remote Access 1 Minor
Top Talkers
These are the most active clients in the network, by volume of data.
How does this help?
With this knowledge you can decide whether you need to investigate high data consuming clients
or users and related high-risk behavior (applications or GeoIP), and whether to take further action
to deny or limited specific applications’ access to the network.
Top IP: 172.18.8.105
PPTP:UNKNOWN 1.3 GB HTTP:APPSTORE 4.4 MB HTTP:ANDROID-MARKETPLACE-… HTTP:BING 464 kB
SSL:FACEBOOK-VIDEO-STREAM 353 kB SSL:FACEBOOK-ACCESS 268 kB SSL:SOUNDCLOUD 239 kB
SSL:GOOGLE-STATIC 200 kB HTTP:GOOGLE-STATIC 169 kB SSL:YAHOO-MAIL 160 kB other
0 400,000,000 800,000,000 1,200,000,000 1,600,000,000
172.18.8.105
GeoIP data for 172.18.8.105
United
States 7.6
GB
Canada 156
MB
Ireland 84
MB
Germany 16
MB
Other96.6%
Top IP: 45.58.75.165
UNSPECIFIED-ENCRYPTED:UNKNOWN 1 GB SSL:UNKNOWN 436 kB other
0 300,000,000 600,000,000 900,000,000 1,200,000,000
45.58.75.165
GeoIP data for 45.58.75.165
Private IP 1
GB
100%
Top IP: 172.16.70.4
IPP-GRE:LCP 0.8 GB IPP-GRE:CCP 16 MB IPP-GRE:CHAP 4.8 MB IPP-GRE:PPP 1 MB
SSL:UNKNOWN 10 kB PPTP:UNKNOWN 2.8 kB IPP-GRE:COMP 2.1 kB INCONCLUSIVE:INCONCLUSIVE…
UNKNOWN:UNKNOWN 0 B other
0 250,000,000 500,000,000 750,000,000 1,000,000,000
172.16.70.4
GeoIP data for 172.16.70.4
United
States 40
GB
Private IP
46 GB
Other46.6%53.4%
Top IP: 17.253.3.207
UNSPECIFIED-ENCRYPTED:UNKNOWN 0.7 GB INCONCLUSIVE:INCONCLUSIVE 10 kB other
0 250,000,000 500,000,000 750,000,000 1,000,000,000
17.253.3.207
GeoIP data for 17.253.3.207
Private IP 2.
7 GB
100%
Top IP: 45.58.75.129
SSL:UNKNOWN 440 MB UNSPECIFIED-ENCRYPTED:UNKNO… INCONCLUSIVE:INCONCLUSIVE 36… other
0 150,000,000 300,000,000 450,000,000 600,000,000
45.58.75.129
GeoIP data for 45.58.75.129
Private IP 1.
2 GB
100%
Top IP: 63.239.232.243
UNKNOWN:UNKNOWN 0.6 GB other
0 150,000,000 300,000,000 450,000,000 600,000,000
63.239.232.243
GeoIP data for 63.239.232.243
Private IP 0.
6 GB
100%
Top IP: 165.254.22.18
UNSPECIFIED-ENCRYPTED:UNKNOWN 0.5 GB other
0 150,000,000 300,000,000 450,000,000 600,000,000
165.254.22.18
GeoIP data for 165.254.22.18
Private IP 0.
5 GB
100%
Top IP: 172.18.12.111
HTTP:COMCAST 0.5 GB SSL:FACEBOOK-ACCESS 425… ARES:UNKNOWN 280 kB SSL:EDGECAST 203 kB
SSL:BASECAMP 105 kB SSL:YAHOO-MAIL 85 kB HTTP:SYMANTEC 82 kB SSL:YOUTUBE 65 kB
HTTP:TIDALTV 59 kB HTTP:APPLE-IOS-UPDATE-SSL 52 kB other
0 150,000,000 300,000,000 450,000,000 600,000,000
172.18.12.111
GeoIP data for 172.18.12.111
United
States 1.5…
Canada 1…
Netherlan…
Ireland 31…
Private IP…
United Ki…
Brazil 7.8…
Germany…
Other
95.5%
Top IP: 172.18.6.101
SSL:MICROSOFT-LIVE-SERVICES 448 MB HTTP:OOYALA 9 MB SSL:FASTLY 4.0 MB SSL:YAHOO 1.4 MB
SSL:GOOGLE 0.9 MB SSL:GOOGLE-PLUS-SSL 0.9 MB HTTP:PDF 0.9 MB HTTP:CLOUDFLARE 484 kB
SSL:GOOGLE-ANALYTICS-TRACKING 250 kB HTTP:BRIGHTCOVE 202 kB other
0 150,000,000 300,000,000 450,000,000 600,000,000
172.18.6.101
GeoIP data for 172.18.6.101
United
States 15
GB
Canada 7.9
GB
Other
33.1%
66.8%
Top IP: 172.18.14.104
HTTP:APPLE-UPDATE 342 MB HTTP:IOS-OTA-UPDATE 8.5 MB SSL:YOUTUBE 7.1 MB
SSL:FACEBOOK-VIDEO-STREAM 0.8 MB HTTP:INSTAGRAM 0.5 MB HTTP:DAILYMAIL 462 kB
HTTP:SYMANTEC 370 kB SSL:GOOGLE-PLUS-SSL 345 kB HTTP:AMAZON-AWS 246 kB
HTTP:APPSTORE 190 kB other
0 100,000,000 200,000,000 300,000,000 400,000,000
172.18.14.104
GeoIP data for 172.18.14.104
United
States 0.8
GB
Ireland 25
MB
Other
96.9%
Source AddressSource AddressDestination AddressDestination Address Attack NameAttack Name Repeat CountRepeat Count Threat SeverityThreat SeverityActionAction
10.128.36.110 23.66.186.127 HTTP:APACHE:STRUTS-URL-DOS 2 MEDIUM NONE
10.128.36.110 23.4.153.139 HTTP:APACHE:STRUTS-URL-DOS 1 MEDIUM NONE
10.128.36.110 104.97.108.200 HTTP:APACHE:STRUTS-URL-DOS 1 MEDIUM NONE
10.128.36.137 94.23.150.162 HTTP:IIS:ENCODING:SINGLE-DIG-1 1 MEDIUM NONE
10.128.36.137 210.111.226.105 HTTP:IIS:ENCODING:SINGLE-DIG-1 1 MEDIUM NONE
10.128.36.137 69.28.199.130 HTTP:PHP:WP-INCLUDES-ACCESS 1 MEDIUM NONE
10.128.4.183 52.39.36.196 HTTP:TOO-MANY-PARAMETERS 1 HIGH NONE
10.128.4.183 52.33.210.214 HTTP:TOO-MANY-PARAMETERS 1 HIGH NONE
10.128.36.121 23.219.92.161 HTTP:XSS:HTML-SCRIPT-IN-POST 1 MEDIUM NONE
10.128.36.140 184.168.245.73 HTTP:XSS:HTML-SCRIPT-IN-POST 19 MEDIUM NONE
10.128.4.183 184.29.106.59 HTTP:XSS:HTML-SCRIPT-IN-POST 1 MEDIUM NONE
Full IDP attack List
This section of the report lists all the attacks detected by Juniper’s Intrusion Detection (IDP) feature.
How does this help?
You can review the report to get a full understanding of the attacks and associated hosts in the
network. You can refer this information to technical specialists for further analysis.
Full Application List
This final section of the report lists all the applications detected by Juniper’s AppSecure AppTrack
feature. This is a full extension of the Top 10 Applications section found earlier in the report.
How does this help?
You can review the report to get a full understanding of the applications using the network. You
can check the report for unwanted or unknown applications and refer these to technical
specialists for further analysis.
Application NameApplication Name SessionsSessions BytesBytes CategoryCategory Risk (1= low, 5= high)Risk (1= low, 5= high)
OFFICE365-CREATE-CONVERSATION 595427 159 GB Web 4
SSL 1120819 79 GB Infrastructure 1
LCP 688 79 GB Infrastructure 2
GOOGLE 105584 46 GB Web 3
HTTP 1364767 43 GB Web 5
UNSPECIFIED-ENCRYPTED 220572 38 GB Infrastructure 4
FACEBOOK-VIDEO-STREAM 22175 24 GB Web 2
FACEBOOK-ACCESS 102023 20 GB Web 5
OUTLOOK 53833 16 GB Web 3
SPOTIFY 17578 16 GB Multimedia 2
TWITTER 79360 15 GB Web 2
YOUTUBE 13473 10 GB Web 2
MICROSOFT-LIVE-SERVICES 131504 9 GB Web 5
YAHOO 75737 9 GB Web 2
NETFLIX-STREAM 1463 9 GB Web 2
DROPBOX 11406 9 GB Web 2
AMAZON-AWS 117548 8.9 GB Web 2
PPTP 902 8.8 GB Remote-Access 1
Inconclusive 53949 8.4 GB Infrastructure 2
AKAMAI-SSL 11475 5.7 GB Web 1
GOOGLE-PLUS-SSL 106958 5.4 GB Web 2
PANDORA 14744 3.4 GB Web 2
RTMP 414 3.4 GB Multimedia 2
YAHOO-MAIL 8473 3.4 GB Web 2
HTTP-VIDEO 1655 3.3 GB Web 2
APPLE-IOS-UPDATE-SSL 28487 3.3 GB Web 3
FLICKR 8647 3.2 GB Web 2
FASTLY 15269 2.9 GB Web 2
ITUNES 7582 2.7 GB Web 3
CLOUDFLARE 26152 2.4 GB Web 2
MSSQL 3606 2.4 GB Infrastructure 1
CNN 17702 2.3 GB Web 2
AMAZON 20614 2.1 GB Web 5
VIMEO 3213 1.9 GB Web 2
MCAFEE 5569 1.9 GB Infrastructure 2
WEBEX 19355 1.9 GB Multimedia 2
GOOGLE-DOCS 3640 1.8 GB Web 1
BOXDOTNET 1102 1.7 GB Web 2
BUZZFEED 2551 1.7 GB Web 2
COMP 57 1.7 GB Infrastructure 2
APPSTORE 6565 1.6 GB Infrastructure 2
COMCAST 95 1.6 GB Web 2
ADOBE-FLASH 16779 1.5 GB Multimedia 2
PINTEREST 11972 1.4 GB Web 2
MOBILE-DEVICE-USERAGENT 44834 1.4 GB Infrastructure 4
ANDROID-MARKETPLACE-DOWNLOAD 3796 1.3 GB Web 5
APPLE-UPDATE 294 1.3 GB Web 1
GOOGLE-CACHE 11351 1.3 GB Web 4
INSTAGRAM 4249 1.2 GB Web 2
FLASHSOCKET 389 1.2 GB Infrastructure 2
SHAREPOINT-ONLINE 18660 1.2 GB Web 1
FTP-DATA 341 1.1 GB Infrastructure 1
GOOGLE-STATIC 43008 1 GB Web 1
LLNWD 1044 1 GB Web 2
LINKEDIN 21235 1.0 GB Web 1
RTP 110 0.9 GB Multimedia 2
GOOGLE-ADSERVICES-SSL 43198 0.9 GB Web 4
MICROSOFT-UPDATE 2554 0.9 GB Web 1
GMAIL 15007 0.9 GB Web 3
PPP 28 0.8 GB Infrastructure 2
ADOBE 22157 0.8 GB Web 2
DNS 1873042 0.8 GB Infrastructure 1
SKYPE 37163 0.7 GB Infrastructure 3
SCORECARDRESEARCH 27066 0.6 GB Web 2
ADOBE-UPDATER 16470 0.6 GB Web 2
BING 17220 503 MB Web 2
USATODAY 917 501 MB Web 2
WORDPRESS 8578 492 MB Web 2
IOS-OTA-UPDATE 20 483 MB Infrastructure 2
COMPRESSED-FILE 142 482 MB Web 4
SLACK 3061 476 MB Web 2
ICLOUD 14986 462 MB Infrastructure 1
SSH 13917 443 MB Remote-Access 3
SPDY 2514 430 MB Infrastructure 2
LIVERAIL 8019 400 MB Web 2
BLOOMBERG 601 385 MB Web 2
OCSP 40318 367 MB Web 1
DOUBLECLICK 38680 339 MB Web 5
EDGECAST 2293 332 MB Web 2
OOYALA 2356 325 MB Web 2
APPLE-AIRPORT 46 324 MB Web 2
FOXNEWS 4646 309 MB Web 2
HULU 1471 307 MB Web 2
JABBER 764 297 MB Messaging 2
CAPWAP 802728 294 MB Infrastructure 2
NASA 17 289 MB Web 2
FIREFOX-UPDATE 778 275 MB Web 2
AMAZON-VIDEO 330 250 MB Web 2
NFL 187 246 MB Web 2
IMGUR 1462 232 MB Web 2
IMESSAGE-FILE-DOWNLOAD 139 229 MB Infrastructure 2
HTTP-AUDIO-CONTENT 269 226 MB Web 1
GOTOMYPC-WEB 27 220 MB Remote-Access 3
CHAP 3 213 MB Infrastructure 2
CRITEO 15852 205 MB Web 2
SYMANTEC 4524 191 MB Web 2
APPLE-HLS 336 185 MB Multimedia 2
BLOGGER 5457 183 MB Web 2
VINE 998 182 MB Multimedia 2
LYNC 13628 176 MB Messaging 4
BITS 1222 172 MB Infrastructure 2
AMAZON-ADSYSTEM 19533 170 MB Web 2
SHAREFILE 10 167 MB Web 1
GOOGLE-SYNDICATION 16934 165 MB Web 5
ADDTHIS 11919 163 MB Web 2
WINDOWS-AZURE 4167 162 MB Web 2
NIELSEN 20145 162 MB Web 2
ABCNEWS 247 159 MB Web 2
TRUSTE 16084 157 MB Web 2
SMTP 3678 156 MB Messaging 5
BRIGHTCOVE 5560 156 MB Web 2
WETRANSFER-SSL 257 156 MB Web 1
BASECAMP 1228 155 MB Web 2
THE-ONION 164 155 MB Web 1
REDDIT 5043 154 MB Web 1
REUTERS 19839 153 MB Web 2
GOOGLE-MAPS 3444 150 MB Web 2
ESPN 3404 145 MB Web 1
RSS 4330 144 MB Web 1
HUFFINGTON-POST 1230 140 MB Web 2
SKYDRIVE 957 137 MB Web 2
TUMBLR-SSL 910 133 MB Web 3
PDF 249 122 MB Web 5
SOUNDCLOUD 979 122 MB Multimedia 2
CEDEXIS 13488 110 MB Web 2
TUMBLR 1021 107 MB Web 3
APPLE-PUSH 6567 107 MB Messaging 3
WIKIPEDIA 1285 105 MB Web 2
WINDOWS-MARKETPLACE 204 98 MB Infrastructure 2
QUANTCAST 30407 95 MB Web 2
MATCH 356 90 MB Web 1
TURN 9529 89 MB Web 2
CRAIGSLIST 2985 89 MB Web 2
SOUTHWEST 739 86 MB Web 2
RTCP 94 84 MB Multimedia 2
JANGO 270 76 MB Web 2
GOOGLE-UPDATE 20 75 MB Web 1
SNMP 13789 74 MB Infrastructure 1
STICKYADS 7950 71 MB Web 2
GOOGLE-ANALYTICS-TRACKING 5152 69 MB Web 1
MOZILLA 3969 68 MB Web 2
PHOTOBUCKET 429 67 MB Web 2
AIMEXPRESS 2591 67 MB Web 1
SHUTTERFLY 289 66 MB Web 2
FLASHPLUGIN-UPDATE 246 65 MB Web 2
DAILYMAIL 1712 64 MB Web 2
MASHABLE 5435 63 MB Web 2
AOL 6714 60 MB Web 2
TIDALTV 3838 59 MB Web 2
CONVIVA 2049 59 MB Web 2
BITTORRENT 105 58 MB P2P 5
CAPITALONE 437 56 MB Web 2
SALESFORCE 1598 55 MB Web 1
SPEEDTEST 94 55 MB Web 2
GOOGLE-ACCOUNTS 4986 54 MB Web 2
IMAPS 548 51 MB Messaging 2
ZENDESK 444 50 MB Web 2
SAMSUNG 61 49 MB Web 2
IMDB 769 48 MB Web 1
FREEWHEEL 2126 47 MB Web 2
ENGADGET 4385 46 MB Web 1
EBAY 1508 45 MB Web 3
GROUPON 666 44 MB Web 1
NATIONALGEOGRAPHIC 4971 43 MB Web 2
EVERNOTE 1434 41 MB Web 1
SIP 749 40 MB Infrastructure 1
BITSTRIPS 27 39 MB Gaming 2
ATT 351 39 MB Web 2
MIXPANEL 2791 38 MB Web 2
GOOGLETALK 3204 38 MB Messaging 2
TURNER 488 36 MB Web 2
LETV 914 36 MB Web 2
AMERICANEXPRESS 408 34 MB Web 2
GRAVATAR 4482 34 MB Web 2
IHEARTRADIO 2982 31 MB Multimedia 2
TOUCH 144 29 MB Messaging 2
SILVERLIGHT 17 27 MB Web 2
SPRINT 257 26 MB Web 2
SPORTSILLUSTRATED 168 25 MB Web 2
WEBSOCKET 958 25 MB Infrastructure 2
HOOTSUITE 730 24 MB Web 1
FOXSPORTS 121 24 MB Web 2
STUN 1384 23 MB Remote-Access 1
YAMMER 203 23 MB Web 2
ISSUU 426 22 MB Web 2
MPEGTS 63 21 MB Multimedia 2
VEVO 22 20 MB Multimedia 2
SMARTADSERVER 2199 20 MB Web 2
REALTOR 48 20 MB Web 2
LASTPASS 1966 19 MB Web 2
LIVE-HOTMAIL 845 18 MB Web 2
BBC 1774 18 MB Web 2
FOXMOVIES 13 17 MB Web 2
ACCUWEATHER 367 17 MB Web 2
PAYPAL 749 16 MB Web 2
CCP 1 16 MB Infrastructure 2
KING 1763 15 MB Gaming 2
NYTIMES 4779 15 MB Web 2
NING 122 14 MB Web 1
ADOBE-ONLINE-OFFICE 868 14 MB Web 2
ASK 409 14 MB Web 2
GOOGLE-TRANSLATE 1380 14 MB Web 1
YAHOO-SEARCH 549 14 MB Web 1
RDP 6 13 MB Remote-Access 2
ICMP-ECHO-REPLY 181593 12 MB Infrastructure 1
RX 205 12 MB Infrastructure 2
NTP 53640 11 MB Infrastructure 1
GOOGLE-EARTH 49 11 MB Web 2
SHAREPOINT 496 11 MB Web 2
ABOUT 130 11 MB Web 2
YANDEX 523 10 MB Web 1
ACROBAT-ONLINE 764 10 MB Web 1
ESP-OVER-UDP 1 10 MB Infrastructure 3
MYSPACE 120 10 MB Web 1
MS-ONENOTE 122 10 MB Web 2
CRASHLYTICS 702 9 MB Web 2
APPLE-MAPS 644 9 MB Web 2
ORBITZ 33 9 MB Web 1
ICECAST 12 9 MB Multimedia 2
YOUSENDIT 49 8.8 MB Web 2
VOX 332 8.8 MB Web 2
FEEDBURNER 1226 8.2 MB Web 2
NIKE 65 7.9 MB Web 2
TEAMVIEWER 93 7.7 MB Web 1
IKEA 33 7.6 MB Web 2
GOOGLE-SAFEBROWSE-UPDATE 815 7.5 MB Web 1
ZILLOW 113 7.2 MB Web 1
GOOGLE-SAFEBROWSE-SUB 39 7.2 MB Web 1
LIVINGSOCIAL 154 6.8 MB Web 2
DAILYMOTION 56 6.2 MB Web 2
BABYCENTER 472 5.9 MB Web 2
USTREAM 12 5.9 MB Web 3
MAPQUEST 236 5.7 MB Web 1
BOLDCHAT 546 5.5 MB Messaging 4
BURT 324 5.5 MB Web 2
LEVEL3 5 5.4 MB Web 2
GOOGLE-APPENGINE 367 5.4 MB Web 2
ORACLE 266 4.9 MB Web 2
OCTOSHAPE 1233 4.8 MB Multimedia 2
INDEED 141 4.8 MB Web 1
ATOM 130 4.7 MB Web 1
STACKOVERFLOW 336 4.6 MB Web 1
COTP 7 4.3 MB Infrastructure 2
VNC 1 4.2 MB Remote-Access 3
NYDAILYNEWS 46 4.2 MB Web 2
TUNEIN 61 4.2 MB Web 2
GOOGLE-GROUPS-POST 49 3.9 MB Web 3
ICMP 64474 3.7 MB Infrastructure 2
MIXCLOUD-SSL 11 3.7 MB Multimedia 2
DOUBLECLICK-AD-VIEW 367 3.5 MB Web 5
SURVEYMONKEY 148 3.4 MB Web 2
FACEBOOK-APP 35 3.3 MB Web 5
BOLT 6 3.1 MB Web 2
AIMS 155 3.0 MB Messaging 2
GIZMODO 66 2.8 MB Web 1
CAFEMOM 57 2.7 MB Web 1
ALLMUSIC-LOOKUP 69 2.7 MB Web 4
MOGULUS 38 2.6 MB Multimedia 2
SMUGMUG 50 2.5 MB Web 2
MONSTER 205 2.5 MB Web 1
FLURRY 246 2.2 MB Web 2
YAHOO-WEBMESSENGER 4 2.2 MB Web 1
NIKKEI 23 2.2 MB Web 2
APPLE-SIRI 88 2.2 MB Infrastructure 1
HBO-GO 19 2 MB Multimedia 2
COUCH-SURFING 11 2 MB Web 2
XBOX 160 1.8 MB Gaming 2
YIELDMANAGER 292 1.7 MB Web 2
ZYNGA 55 1.6 MB Web 1
ALIBABA-MOBILE-USER-AGENT 48 1.6 MB Web 1
SHOUTCAST 5 1.6 MB Multimedia 2
DIRECTV 19 1.5 MB Web 2
CNET 39 1.5 MB Multimedia 2
ICMP-ECHO 19002 1.5 MB Infrastructure 1
JUSTIN-TV 1 1.5 MB Web 2
IMAP 55 1.5 MB Messaging 1
ARES 17 1.4 MB P2P 5
PICASA-WEB 266 1.4 MB Web 1
QUORA 26 1.4 MB Web 2
PODIO 294 1.3 MB Web 1
MTV 52 1.3 MB Web 2
GOOGLE-TOOLBAR 66 1.3 MB Web 2
BADOO 43 1.2 MB Web 1
KONGREGATE 34 1.1 MB Web 1
ZOHO-SSL 35 1 MB Web 1
ALIEXPRESS 48 1 MB Web 2
FARK 87 1 MB Web 1
KAYAK 39 1 MB Web 1
TRIPADVISOR 107 1.0 MB Web 2
BBC-IPLAYER 97 1.0 MB Web 2
REDHAT-UPDATE 2 1.0 MB Web 2
TRAVELZOO 31 0.9 MB Web 1
HGTV 50 0.9 MB Web 2
WINDOWSMEDIA 81 0.9 MB Web 2
MEDIAFIRE 3 0.9 MB Web 1
YAHOO-FINANCE-HTTP 20 0.9 MB Web 2
YOUKU 48 0.9 MB Web 2
HERE 50 0.8 MB Web 2
FTP 301 0.8 MB Infrastructure 3
FLIXSTER-SITE 8 0.8 MB Web 2
EXPEDIA 51 0.8 MB Web 1
BOOKING 23 0.8 MB Web 2
SOAP 23 0.8 MB Web 1
WIKIA 55 0.8 MB Web 1
GAMECENTER-SSL 44 0.7 MB Gaming 1
TINYPIC 26 0.7 MB Web 1
FACEBOOK-UPLOAD 4 0.7 MB Web 4
GOOGLE-WEBCHAT 86 0.7 MB Web 4
FOURSQUARE 40 0.7 MB Web 2
OWA 55 0.6 MB Web 2
TRAVELOCITY 22 0.6 MB Web 1
VKONTAKTE 25 0.6 MB Web 2
KOTAKU 5 0.6 MB Web 1
JAVA-UPDATE 47 0.6 MB Web 2
POCO 7 0.5 MB P2P 5
HOTSPOT-SHIELD 46 0.5 MB Infrastructure 2
FC2 3 509 kB Web 2
STUMBLEUPON 151 500 kB Web 1
HOWSTUFFWORKS 3 497 kB Web 2
DR 12 451 kB Web 2
APPSFLYER 58 451 kB Web 2
XM-RADIO 14 441 kB Web 2
SMTPS 12 430 kB Messaging 2
WEATHER 170 412 kB Web 2
TAOBAO 105 376 kB Web 3
PLENTYOFFISH 10 372 kB Web 1
OPENSTREETMAP 13 348 kB Web 2
AOL-ON 172 336 kB Multimedia 2
WASHINGTONPOST 53 314 kB Web 2
XUNLEI 42 307 kB P2P 5
LIVE-SKYDRIVE-LOGIN 19 278 kB Web 1
CRITTERCISM 26 276 kB Web 2
ALIPAY 26 274 kB Web 2
CHANNEL4 129 258 kB Web 2
TRULIA 46 248 kB Web 1
ANSWERS 16 243 kB Web 2
MARCA 12 241 kB Web 1
SNMPTRAP 359 237 kB Infrastructure 1
QQ-WEB 9 226 kB Web 2
MYGAZINES 4 216 kB Web 1
CLDAP 501 208 kB Infrastructure 1
SCRIBD 29 207 kB Web 1
GOOGLE-VIDEOS 27 205 kB Web 1
MS-SWAY 28 204 kB Web 2
DTLS 1 174 kB Infrastructure 2
FOTKI 1 158 kB Web 1
BRIGHTTALK 44 155 kB Web 2
FREE 7 142 kB Web 2
LPR 16 140 kB Infrastructure 1
2SHARED-UPLOAD 7 133 kB Web 5
PRENSA 3 128 kB Web 2
WETRANSFER 52 124 kB Web 1
GATHER 31 123 kB Web 2
OFFICEDEPOT 18 122 kB Web 2
PRICELINE 14 121 kB Web 1
SLIDESHARE 11 121 kB Web 1
MICROSOFT-LYNC 1 121 kB Messaging 3
NBA 42 121 kB Web 2
GAMECENTER 11 119 kB Web 1
51LA 5 112 kB Web 2
CLASSMATES 6 111 kB Web 1
SLIDESHARE-SSL 13 111 kB Web 1
YELP 12 109 kB Web 1
JOIN.ME 29 109 kB Remote-Access 1
INMOBI 6 107 kB Web 2
FANPOP 4 103 kB Web 2
HUBPAGES 8 102 kB Web 1
GENI 6 87 kB Web 2
VIDEOPLAZA 16 82 kB Web 2
STEAM-USER-AGENT 4 74 kB Web 3
MEETUP 4 73 kB Web 1
UPLOAD-COM 2 71 kB Web 2
FOGBUGZ 6 69 kB Web 2
RAKUTEN 8 68 kB Web 1
TUNEIN-SSL 8 64 kB Multimedia 2
ONCLICKADS 5 59 kB Web 2
SLINGBOX 3 58 kB Multimedia 2
COMEDY-CENTRAL 1 58 kB Web 1
CNZZ 18 56 kB Web 2
AOL-VIDEO 2 52 kB Web 2
WAZE 6 49 kB Web 2
WIKISPACES-EDIT 6 46 kB Web 4
DHCP 6 43 kB Infrastructure 1
MSRPC 29 43 kB Infrastructure 1
SOSO 3 43 kB Web 2
XINHUANET 1 42 kB Web 2
RDT 17 39 kB Multimedia 2
OPERA-UPDATE 9 39 kB Web 2
TFTP 83 37 kB Infrastructure 2
LDAP 22 36 kB Infrastructure 1
MAVENLINK 2 35 kB Web 2
TWITPIC 4 33 kB Web 3
SOFTONIC 4 32 kB Web 2
0ZZ0 2 30 kB Web 2
NAVER 3 30 kB Web 2
HOTPADS 6 27 kB Web 1
MENDELEY 5 25 kB Web 2
WHATSAPP-TCP 2 25 kB Messaging 1
ICMP6 3 25 kB Infrastructure 2
REDIFF 1 25 kB Web 1
FOXBUSINESS 1 25 kB Web 2
IMAGESHACK 15 24 kB Web 2
STEAM-STORE 3 24 kB Gaming 2
YADRO 13 23 kB Web 2
RAMBLER 1 22 kB Web 2
MAPI 10 21 kB Messaging 2
DAUM 8 21 kB Web 2
TANX 2 21 kB Web 2
TED 1 21 kB Web 2
BAIDU 3 19 kB Web 2
AIM 14 19 kB Web 1
HOTWIRE 6 19 kB Web 1
SMB 8 16 kB Infrastructure 3
CLEARSPACE 1 16 kB Web 2
VUZE-AGENT 4 16 kB Web 5
GOOGLE-PLUS 2 15 kB Web 2
MMS-OVER-HTTP 10 15 kB Web 3
DIGG 8 14 kB Web 1
SINA 8 14 kB Web 5
GOODREADS 2 14 kB Web 2
PORTMAPPER 99 12 kB Infrastructure 1
IKE 1 12 kB Infrastructure 4
DELICIOUS 7 11 kB Web 1
ALEXA 6 11 kB Web 2
FSECURE 1 11 kB Infrastructure 2
CITRIXONLINE 1 9 kB Web 3
GRACENOTE-GCSP-LOOKUP 3 9 kB Web 1
WSP 1 9 kB Infrastructure 2
91COM 3 8.6 kB Web 2
NBNS 3 7.2 kB Infrastructure 2
IPP-GRE 18 6.3 kB Infrastructure 1
DIGITALRIVER 1 6 kB Web 2
PHOTOSHOP 2 6 kB Web 2
TELNETS 1 5 kB Remote-access 2
NORTON-UPDATE 2 4.7 kB Web 2
TU-TV 3 4.0 kB Web 2
XMLRPC 3 3.9 kB Web 2
RTSP 1 2.7 kB Multimedia 2
INTUIT 2 2.7 kB Web 2
MYHERITAGE 2 2.6 kB Web 2
TAPATALK 1 2.4 kB Web 2
CONCUR 1 2.3 kB Web 2
SVN 2 1.6 kB Infrastructure 2
VIBER-HTTP 1 1.6 kB Messaging 1
SAMSUNG-APPS 1 1.4 kB Infrastructure 2
TEAMSPEAK 4 1 kB Infrastructure 1
WINDOWSLIVESPACE 1 1.0 kB Web 2
LEBONCOIN 1 0.8 kB Web 2
PLAYSTATION 1 0.8 kB Web 2
TEREDO 9 0.7 kB Remote-Access 1
SOCKS4 1 0.5 kB Remote-Access 1
IPP-IPV6 1 226 B Infrastructure 1
Copyright 2011 - 2016 OneConfig Pty Ltd
OTHER 0 0 B Unknown ?
