From c927aab7a5dd431e84d83668f8063d6dc059f638 Mon Sep 17 00:00:00 2001
From: Alfredo Cardigliano <cardigliano@ntop.org>
Date: Mon, 24 Jan 2022 16:00:36 +0100
Subject: [PATCH] Tests update (add num_records_processed)

---
 tests/rest/result/v2/alert_dns_data_exfiltration_01.out       | 2 +-
 tests/rest/result/v2/alert_dns_data_exfiltration_02.out       | 2 +-
 tests/rest/result/v2/alert_flow_exclusion_lists.out           | 2 +-
 tests/rest/result/v2/alert_flow_invalid_dns_query_02.out      | 2 +-
 tests/rest/result/v2/alert_flow_risk_dga_01.out               | 2 +-
 tests/rest/result/v2/alert_flow_risk_dga_02.out               | 2 +-
 tests/rest/result/v2/alert_flow_risk_http_numeric_ip_host.out | 2 +-
 tests/rest/result/v2/alert_flow_risk_missing_tls_sni.out      | 2 +-
 tests/rest/result/v2/alert_flow_risk_unsafe_protocol.out      | 2 +-
 tests/rest/result/v2/alert_tls_cert_validity_too_long.out     | 2 +-
 tests/rest/result/v2/alert_tls_certificate_expired.out        | 2 +-
 tests/rest/result/v2/alert_tls_certificate_selfsigned.out     | 2 +-
 tests/rest/result/v2/alert_web_mining.out                     | 2 +-
 13 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/tests/rest/result/v2/alert_dns_data_exfiltration_01.out b/tests/rest/result/v2/alert_dns_data_exfiltration_01.out
index 1a6a63477b..194a5e7299 100644
--- a/tests/rest/result/v2/alert_dns_data_exfiltration_01.out
+++ b/tests/rest/result/v2/alert_dns_data_exfiltration_01.out
@@ -1,2 +1,2 @@
 {"success":true}
-{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":3,"recordsTotal":3,"rsp":{"records":[{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100] [Query Type: 15] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org' target='_blank'><i class='fas fa-external-link-alt'></i> 958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv], Remote to Remote [Score: 100] [Query Type: 15] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org' target='_blank'><i class='fas fa-external-link-alt'></i> 958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","shorten_descr":"Unexpected DNS server found [Score: 100] [Query Type: 15] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' sty…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","value":"47"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain [ 958700a621c3620001636f6e736f6c65202873697276696d65732900.skullse…] [Score: 100] [Query Type: 15] [Return Code: 0] [URL:  958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org] [Main Direction: Cli Srv]","shorten_descr":"Suspicious DGA Domain [ 958700a621c3620001636f6e736f6c65202873697276696d65732900.skullse…] [Score: 100] [Query Type: 15] [Return Code: 0] [URL:  958…"},"duration":156561065,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 35966 and port 53","epoch_begin":1486012623,"epoch_end":1642573689},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299533052&flow_hash_id=0","cli_ip":{"country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"<a href='/lua/host_details.lua?host=192.168.43.91' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.43.91"},"cli_port":"35966","srv_ip":{"country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"<a href='/lua/host_details.lua?host=4.2.2.4' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"4.2.2.4"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_suspicious_dga_domain#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Suspicious DGA Domain [ 958700a621c3620001636f6e736f6c65202873697276696d65732900.skullse…] [Score: 100] [Query Type: 15] [Return Code: 0] [URL:  958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org] [Main Direction: Cli Srv]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"1","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 06:17:03","value":1486012623},"vlan_id":"0"},{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100] [Query Type: 15] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org' target='_blank'><i class='fas fa-external-link-alt'></i> a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli], Remote to Remote [Score: 100] [Query Type: 15] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org' target='_blank'><i class='fas fa-external-link-alt'></i> a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","shorten_descr":"Unexpected DNS server found [Score: 100] [Query Type: 15] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' sty…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","value":"47"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain [ a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullse…] [Score: 100] [Query Type: 15] [Return Code: 0] [URL:  a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org] [Main Direction: Srv Cli]","shorten_descr":"Suspicious DGA Domain [ a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullse…] [Score: 100] [Query Type: 15] [Return Code: 0] [URL:  a05…"},"duration":156560958,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 46961 and port 53","epoch_begin":1486012730,"epoch_end":1642573689},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299529767&flow_hash_id=2","cli_ip":{"country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"<a href='/lua/host_details.lua?host=192.168.43.91' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.43.91"},"cli_port":"46961","srv_ip":{"country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"<a href='/lua/host_details.lua?host=4.2.2.4' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"4.2.2.4"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_suspicious_dga_domain#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Suspicious DGA Domain [ a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullse…] [Score: 100] [Query Type: 15] [Return Code: 0] [URL:  a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org] [Main Direction: Srv Cli]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"2","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 06:18:50","value":1486012730},"vlan_id":"0"},{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100] [Query Type: 5] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org' target='_blank'><i class='fas fa-external-link-alt'></i> e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv], Remote to Remote [Score: 100] [Query Type: 5] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org' target='_blank'><i class='fas fa-external-link-alt'></i> e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","shorten_descr":"Unexpected DNS server found [Score: 100] [Query Type: 5] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' styl…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","value":"47"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain [ e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullse…] [Score: 100] [Query Type: 5] [Return Code: 0] [URL:  e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org] [Main Direction: Cli Srv]","shorten_descr":"Suspicious DGA Domain [ e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullse…] [Score: 100] [Query Type: 5] [Return Code: 0] [URL:  e18f…"},"duration":156561053,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 56354 and port 53","epoch_begin":1486012635,"epoch_end":1642573689},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299509580&flow_hash_id=1","cli_ip":{"country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"<a href='/lua/host_details.lua?host=192.168.43.91' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.43.91"},"cli_port":"56354","srv_ip":{"country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"<a href='/lua/host_details.lua?host=4.2.2.4' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"4.2.2.4"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_suspicious_dga_domain#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Suspicious DGA Domain [ e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullse…] [Score: 100] [Query Type: 5] [Return Code: 0] [URL:  e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org] [Main Direction: Cli Srv]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"3","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 06:17:15","value":1486012635},"vlan_id":"0"}],"stats":{"query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1    ","query_duration_msec":0.21100044250488}}}
+{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":3,"recordsTotal":3,"rsp":{"records":[{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100] [Query Type: 15] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org' target='_blank'><i class='fas fa-external-link-alt'></i> 958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv], Remote to Remote [Score: 100] [Query Type: 15] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org' target='_blank'><i class='fas fa-external-link-alt'></i> 958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","shorten_descr":"Unexpected DNS server found [Score: 100] [Query Type: 15] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' sty…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","value":"47"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain [ 958700a621c3620001636f6e736f6c65202873697276696d65732900.skullse…] [Score: 100] [Query Type: 15] [Return Code: 0] [URL:  958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org] [Main Direction: Cli Srv]","shorten_descr":"Suspicious DGA Domain [ 958700a621c3620001636f6e736f6c65202873697276696d65732900.skullse…] [Score: 100] [Query Type: 15] [Return Code: 0] [URL:  958…"},"duration":156993017,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 35966 and port 53","epoch_begin":1486012623,"epoch_end":1643005641},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299533052&flow_hash_id=0","cli_ip":{"country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"<a href='/lua/host_details.lua?host=192.168.43.91' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.43.91"},"cli_port":"35966","srv_ip":{"country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"<a href='/lua/host_details.lua?host=4.2.2.4' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"4.2.2.4"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_suspicious_dga_domain#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Suspicious DGA Domain [ 958700a621c3620001636f6e736f6c65202873697276696d65732900.skullse…] [Score: 100] [Query Type: 15] [Return Code: 0] [URL:  958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org] [Main Direction: Cli Srv]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"1","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 06:17:03","value":1486012623},"vlan_id":"0"},{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100] [Query Type: 15] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org' target='_blank'><i class='fas fa-external-link-alt'></i> a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli], Remote to Remote [Score: 100] [Query Type: 15] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org' target='_blank'><i class='fas fa-external-link-alt'></i> a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","shorten_descr":"Unexpected DNS server found [Score: 100] [Query Type: 15] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' sty…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","value":"47"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain [ a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullse…] [Score: 100] [Query Type: 15] [Return Code: 0] [URL:  a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org] [Main Direction: Srv Cli]","shorten_descr":"Suspicious DGA Domain [ a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullse…] [Score: 100] [Query Type: 15] [Return Code: 0] [URL:  a05…"},"duration":156992910,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 46961 and port 53","epoch_begin":1486012730,"epoch_end":1643005641},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299529767&flow_hash_id=2","cli_ip":{"country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"<a href='/lua/host_details.lua?host=192.168.43.91' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.43.91"},"cli_port":"46961","srv_ip":{"country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"<a href='/lua/host_details.lua?host=4.2.2.4' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"4.2.2.4"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_suspicious_dga_domain#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Suspicious DGA Domain [ a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullse…] [Score: 100] [Query Type: 15] [Return Code: 0] [URL:  a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org] [Main Direction: Srv Cli]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"2","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 06:18:50","value":1486012730},"vlan_id":"0"},{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100] [Query Type: 5] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org' target='_blank'><i class='fas fa-external-link-alt'></i> e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv], Remote to Remote [Score: 100] [Query Type: 5] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org' target='_blank'><i class='fas fa-external-link-alt'></i> e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","shorten_descr":"Unexpected DNS server found [Score: 100] [Query Type: 5] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' styl…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","value":"47"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain [ e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullse…] [Score: 100] [Query Type: 5] [Return Code: 0] [URL:  e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org] [Main Direction: Cli Srv]","shorten_descr":"Suspicious DGA Domain [ e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullse…] [Score: 100] [Query Type: 5] [Return Code: 0] [URL:  e18f…"},"duration":156993005,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 56354 and port 53","epoch_begin":1486012635,"epoch_end":1643005641},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299509580&flow_hash_id=1","cli_ip":{"country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"<a href='/lua/host_details.lua?host=192.168.43.91' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.43.91"},"cli_port":"56354","srv_ip":{"country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"<a href='/lua/host_details.lua?host=4.2.2.4' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"4.2.2.4"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_suspicious_dga_domain#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Suspicious DGA Domain [ e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullse…] [Score: 100] [Query Type: 5] [Return Code: 0] [URL:  e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org] [Main Direction: Cli Srv]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"3","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 06:17:15","value":1486012635},"vlan_id":"0"}],"stats":{"num_records_processed":"Processed 0 records [0 records/sec]","query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1    ","query_duration_msec":0.24199485778809}}}
diff --git a/tests/rest/result/v2/alert_dns_data_exfiltration_02.out b/tests/rest/result/v2/alert_dns_data_exfiltration_02.out
index 09131af9a5..3b96468dab 100644
--- a/tests/rest/result/v2/alert_dns_data_exfiltration_02.out
+++ b/tests/rest/result/v2/alert_dns_data_exfiltration_02.out
@@ -1,3 +1,3 @@
 {"success":true}
 {"rc":0,"rc_str":"OK","rc_str_hr":"Success","rsp":[]}
-{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":3,"recordsTotal":3,"rsp":{"records":[{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100] [Query Type: 15] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org' target='_blank'><i class='fas fa-external-link-alt'></i> 958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv], Remote to Remote [Score: 100] [Query Type: 15] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org' target='_blank'><i class='fas fa-external-link-alt'></i> 958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","shorten_descr":"Unexpected DNS server found [Score: 100] [Query Type: 15] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' sty…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","value":"47"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain [ 958700a621c3620001636f6e736f6c65202873697276696d65732900.skullse…] [Score: 100] [Query Type: 15] [Return Code: 0] [URL:  958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org] [Main Direction: Cli Srv]","shorten_descr":"Suspicious DGA Domain [ 958700a621c3620001636f6e736f6c65202873697276696d65732900.skullse…] [Score: 100] [Query Type: 15] [Return Code: 0] [URL:  958…"},"duration":156561136,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 35966 and port 53","epoch_begin":1486012623,"epoch_end":1642573760},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299533052&flow_hash_id=0","cli_ip":{"country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"<a href='/lua/host_details.lua?host=192.168.43.91' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.43.91"},"cli_port":"35966","srv_ip":{"country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"<a href='/lua/host_details.lua?host=4.2.2.4' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"4.2.2.4"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_suspicious_dga_domain#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Suspicious DGA Domain [ 958700a621c3620001636f6e736f6c65202873697276696d65732900.skullse…] [Score: 100] [Query Type: 15] [Return Code: 0] [URL:  958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org] [Main Direction: Cli Srv]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"1","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 06:17:03","value":1486012623},"vlan_id":"0"},{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100] [Query Type: 15] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org' target='_blank'><i class='fas fa-external-link-alt'></i> a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli], Remote to Remote [Score: 100] [Query Type: 15] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org' target='_blank'><i class='fas fa-external-link-alt'></i> a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","shorten_descr":"Unexpected DNS server found [Score: 100] [Query Type: 15] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' sty…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","value":"47"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain [ a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullse…] [Score: 100] [Query Type: 15] [Return Code: 0] [URL:  a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org] [Main Direction: Srv Cli]","shorten_descr":"Suspicious DGA Domain [ a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullse…] [Score: 100] [Query Type: 15] [Return Code: 0] [URL:  a05…"},"duration":156561029,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 46961 and port 53","epoch_begin":1486012730,"epoch_end":1642573760},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299529767&flow_hash_id=2","cli_ip":{"country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"<a href='/lua/host_details.lua?host=192.168.43.91' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.43.91"},"cli_port":"46961","srv_ip":{"country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"<a href='/lua/host_details.lua?host=4.2.2.4' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"4.2.2.4"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_suspicious_dga_domain#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Suspicious DGA Domain [ a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullse…] [Score: 100] [Query Type: 15] [Return Code: 0] [URL:  a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org] [Main Direction: Srv Cli]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"2","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 06:18:50","value":1486012730},"vlan_id":"0"},{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100] [Query Type: 5] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org' target='_blank'><i class='fas fa-external-link-alt'></i> e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv], Remote to Remote [Score: 100] [Query Type: 5] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org' target='_blank'><i class='fas fa-external-link-alt'></i> e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","shorten_descr":"Unexpected DNS server found [Score: 100] [Query Type: 5] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' styl…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","value":"47"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain [ e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullse…] [Score: 100] [Query Type: 5] [Return Code: 0] [URL:  e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org] [Main Direction: Cli Srv]","shorten_descr":"Suspicious DGA Domain [ e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullse…] [Score: 100] [Query Type: 5] [Return Code: 0] [URL:  e18f…"},"duration":156561124,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 56354 and port 53","epoch_begin":1486012635,"epoch_end":1642573760},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299509580&flow_hash_id=1","cli_ip":{"country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"<a href='/lua/host_details.lua?host=192.168.43.91' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.43.91"},"cli_port":"56354","srv_ip":{"country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"<a href='/lua/host_details.lua?host=4.2.2.4' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"4.2.2.4"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_suspicious_dga_domain#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Suspicious DGA Domain [ e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullse…] [Score: 100] [Query Type: 5] [Return Code: 0] [URL:  e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org] [Main Direction: Cli Srv]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"3","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 06:17:15","value":1486012635},"vlan_id":"0"}],"stats":{"query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1    ","query_duration_msec":0.20003318786621}}}
+{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":3,"recordsTotal":3,"rsp":{"records":[{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100] [Query Type: 15] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org' target='_blank'><i class='fas fa-external-link-alt'></i> 958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv], Remote to Remote [Score: 100] [Query Type: 15] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org' target='_blank'><i class='fas fa-external-link-alt'></i> 958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","shorten_descr":"Unexpected DNS server found [Score: 100] [Query Type: 15] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' sty…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","value":"47"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain [ 958700a621c3620001636f6e736f6c65202873697276696d65732900.skullse…] [Score: 100] [Query Type: 15] [Return Code: 0] [URL:  958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org] [Main Direction: Cli Srv]","shorten_descr":"Suspicious DGA Domain [ 958700a621c3620001636f6e736f6c65202873697276696d65732900.skullse…] [Score: 100] [Query Type: 15] [Return Code: 0] [URL:  958…"},"duration":156993091,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 35966 and port 53","epoch_begin":1486012623,"epoch_end":1643005715},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299533052&flow_hash_id=0","cli_ip":{"country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"<a href='/lua/host_details.lua?host=192.168.43.91' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.43.91"},"cli_port":"35966","srv_ip":{"country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"<a href='/lua/host_details.lua?host=4.2.2.4' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"4.2.2.4"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_suspicious_dga_domain#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Suspicious DGA Domain [ 958700a621c3620001636f6e736f6c65202873697276696d65732900.skullse…] [Score: 100] [Query Type: 15] [Return Code: 0] [URL:  958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org] [Main Direction: Cli Srv]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"1","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 06:17:03","value":1486012623},"vlan_id":"0"},{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100] [Query Type: 15] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org' target='_blank'><i class='fas fa-external-link-alt'></i> a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli], Remote to Remote [Score: 100] [Query Type: 15] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org' target='_blank'><i class='fas fa-external-link-alt'></i> a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","shorten_descr":"Unexpected DNS server found [Score: 100] [Query Type: 15] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' sty…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","value":"47"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain [ a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullse…] [Score: 100] [Query Type: 15] [Return Code: 0] [URL:  a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org] [Main Direction: Srv Cli]","shorten_descr":"Suspicious DGA Domain [ a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullse…] [Score: 100] [Query Type: 15] [Return Code: 0] [URL:  a05…"},"duration":156992984,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 46961 and port 53","epoch_begin":1486012730,"epoch_end":1643005715},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299529767&flow_hash_id=2","cli_ip":{"country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"<a href='/lua/host_details.lua?host=192.168.43.91' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.43.91"},"cli_port":"46961","srv_ip":{"country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"<a href='/lua/host_details.lua?host=4.2.2.4' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"4.2.2.4"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_suspicious_dga_domain#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Suspicious DGA Domain [ a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullse…] [Score: 100] [Query Type: 15] [Return Code: 0] [URL:  a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org] [Main Direction: Srv Cli]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"2","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 06:18:50","value":1486012730},"vlan_id":"0"},{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100] [Query Type: 5] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org' target='_blank'><i class='fas fa-external-link-alt'></i> e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv], Remote to Remote [Score: 100] [Query Type: 5] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org' target='_blank'><i class='fas fa-external-link-alt'></i> e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","shorten_descr":"Unexpected DNS server found [Score: 100] [Query Type: 5] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' styl…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","value":"47"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain [ e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullse…] [Score: 100] [Query Type: 5] [Return Code: 0] [URL:  e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org] [Main Direction: Cli Srv]","shorten_descr":"Suspicious DGA Domain [ e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullse…] [Score: 100] [Query Type: 5] [Return Code: 0] [URL:  e18f…"},"duration":156993079,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 56354 and port 53","epoch_begin":1486012635,"epoch_end":1643005715},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299509580&flow_hash_id=1","cli_ip":{"country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"<a href='/lua/host_details.lua?host=192.168.43.91' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.43.91"},"cli_port":"56354","srv_ip":{"country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"<a href='/lua/host_details.lua?host=4.2.2.4' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"4.2.2.4"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_suspicious_dga_domain#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Suspicious DGA Domain [ e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullse…] [Score: 100] [Query Type: 5] [Return Code: 0] [URL:  e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org] [Main Direction: Cli Srv]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"3","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 06:17:15","value":1486012635},"vlan_id":"0"}],"stats":{"num_records_processed":"Processed 0 records [0 records/sec]","query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1    ","query_duration_msec":0.22006034851074}}}
diff --git a/tests/rest/result/v2/alert_flow_exclusion_lists.out b/tests/rest/result/v2/alert_flow_exclusion_lists.out
index 53f0ff608b..a7d5db28be 100644
--- a/tests/rest/result/v2/alert_flow_exclusion_lists.out
+++ b/tests/rest/result/v2/alert_flow_exclusion_lists.out
@@ -2,4 +2,4 @@
 {"rc":0,"rc_str":"OK","rc_str_hr":"Success","rsp":[]}
 {"rc":0,"rc_str":"OK","rc_str_hr":"Success","rsp":[]}
 {"rc":0,"rc_str":"OK","rc_str_hr":"Success","rsp":[]}
-{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":86,"recordsTotal":86,"rsp":{"records":[{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://www.repubblica.it' target='_blank'><i class='fas fa-external-link-alt'></i> www.repubblica.it</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831965,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 51409 and port 53","epoch_begin":1589741864,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169571639&flow_hash_id=6","cli_ip":{"country":"","label":"192.168.1.93","label_long":"192.168.1.93","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"51409","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://www.repubblica.it' target='_blank'><i class='fas fa-external-link-alt'></i> www.repubblica.it</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"1","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://beacon.krxd.net' target='_blank'><i class='fas fa-external-link-alt'></i> beacon.krxd.net</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831965,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 62064 and port 53","epoch_begin":1589741864,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169546849&flow_hash_id=10","cli_ip":{"country":"","label":"192.168.1.93","label_long":"192.168.1.93","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"62064","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://beacon.krxd.net' target='_blank'><i class='fas fa-external-link-alt'></i> beacon.krxd.net</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"2","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://partner.googleadservices.com' target='_blank'><i class='fas fa-external-link-alt'></i> partner.googleadservices.com</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":52831964,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 51784 and port 53","epoch_begin":1589741865,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169536569&flow_hash_id=52","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"51784","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Google","label":"UDP:DNS.Google","value":"126"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://partner.googleadservices.com' target='_blank'><i class='fas fa-external-link-alt'></i> partner.googleadservices.com</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"3","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://secure-it.imrworldwide.com' target='_blank'><i class='fas fa-external-link-alt'></i> secure-it.imrworldwide.com</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":52831964,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 57672 and port 53","epoch_begin":1589741865,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169536592&flow_hash_id=51","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"57672","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://secure-it.imrworldwide.com' target='_blank'><i class='fas fa-external-link-alt'></i> secure-it.imrworldwide.com</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"4","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://cdn.krxd.net' target='_blank'><i class='fas fa-external-link-alt'></i> cdn.krxd.net</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","shorten_descr":"Unexpected DNS server found [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' styl…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","value":"47"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain <a class=\"ntopng-external-link fa-sm\" href= http://cdn.krxd.net ><i  class=\"fas fa-external-link-alt fa-lg\"></i></a> [ cdn.krxd.net ] <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-016\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://cdn.krxd.net' target='_blank'><i class='fas fa-external-link-alt'></i> cdn.krxd.net</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831964,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64331 and port 53","epoch_begin":1589741865,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169537386&flow_hash_id=18","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"64331","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_suspicious_dga_domain#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Suspicious DGA Domain <a class=\"ntopng-external-link fa-sm\" href= http://cdn.krxd.net ><i  class=\"fas fa-external-link-alt fa-lg\"></i></a> [ cdn.krxd.net ] <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-016\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://cdn.krxd.net' target='_blank'><i class='fas fa-external-link-alt'></i> cdn.krxd.net</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"5","score":{"color":"#ff3231","label":"200","value":200},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://adagiof3.repubblica.it' target='_blank'><i class='fas fa-external-link-alt'></i> adagiof3.repubblica.it</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":52831964,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64210 and port 53","epoch_begin":1589741865,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169571945&flow_hash_id=53","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"64210","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://adagiof3.repubblica.it' target='_blank'><i class='fas fa-external-link-alt'></i> adagiof3.repubblica.it</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"6","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://scripts.kataweb.it' target='_blank'><i class='fas fa-external-link-alt'></i> scripts.kataweb.it</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831965,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 62168 and port 53","epoch_begin":1589741864,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169573473&flow_hash_id=8","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"62168","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://scripts.kataweb.it' target='_blank'><i class='fas fa-external-link-alt'></i> scripts.kataweb.it</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"7","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://a.gedidigital.it' target='_blank'><i class='fas fa-external-link-alt'></i> a.gedidigital.it</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831964,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 56927 and port 53","epoch_begin":1589741865,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169542477&flow_hash_id=57","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"56927","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://a.gedidigital.it' target='_blank'><i class='fas fa-external-link-alt'></i> a.gedidigital.it</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"8","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://video.repubblica.it' target='_blank'><i class='fas fa-external-link-alt'></i> video.repubblica.it</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831964,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 54636 and port 53","epoch_begin":1589741865,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169545796&flow_hash_id=48","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"54636","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://video.repubblica.it' target='_blank'><i class='fas fa-external-link-alt'></i> video.repubblica.it</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"9","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://scripts.repubblica.it' target='_blank'><i class='fas fa-external-link-alt'></i> scripts.repubblica.it</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":52831965,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64109 and port 53","epoch_begin":1589741864,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169546089&flow_hash_id=9","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"64109","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://scripts.repubblica.it' target='_blank'><i class='fas fa-external-link-alt'></i> scripts.repubblica.it</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"10","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://www.googletagmanager.com' target='_blank'><i class='fas fa-external-link-alt'></i> www.googletagmanager.com</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":52831964,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 53871 and port 53","epoch_begin":1589741865,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169546561&flow_hash_id=76","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"53871","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.GoogleServices","label":"UDP:DNS.GoogleServices","value":"239"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://www.googletagmanager.com' target='_blank'><i class='fas fa-external-link-alt'></i> www.googletagmanager.com</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"11","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://cdn-gl.imrworldwide.com' target='_blank'><i class='fas fa-external-link-alt'></i> cdn-gl.imrworldwide.com</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":52831964,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 52340 and port 53","epoch_begin":1589741865,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169547835&flow_hash_id=24","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"52340","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://cdn-gl.imrworldwide.com' target='_blank'><i class='fas fa-external-link-alt'></i> cdn-gl.imrworldwide.com</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"12","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://oasjs.kataweb.it' target='_blank'><i class='fas fa-external-link-alt'></i> oasjs.kataweb.it</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831965,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 65014 and port 53","epoch_begin":1589741864,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169581164&flow_hash_id=7","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"65014","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://oasjs.kataweb.it' target='_blank'><i class='fas fa-external-link-alt'></i> oasjs.kataweb.it</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"13","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://tvzap.kataweb.it' target='_blank'><i class='fas fa-external-link-alt'></i> tvzap.kataweb.it</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831964,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64119 and port 53","epoch_begin":1589741865,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169548649&flow_hash_id=50","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"64119","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://tvzap.kataweb.it' target='_blank'><i class='fas fa-external-link-alt'></i> tvzap.kataweb.it</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"14","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831965,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61563 and port 443","epoch_begin":1589741864,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169584132&flow_hash_id=14","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61563","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"15","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831964,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61566 and port 443","epoch_begin":1589741865,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169584900&flow_hash_id=21","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61566","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"16","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831964,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61569 and port 443","epoch_begin":1589741865,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169585668&flow_hash_id=27","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61569","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"17","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831964,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61570 and port 443","epoch_begin":1589741865,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169585924&flow_hash_id=28","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61570","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"18","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831964,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61572 and port 443","epoch_begin":1589741865,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169586436&flow_hash_id=31","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61572","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"19","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","value":"47"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain <a class=\"ntopng-external-link fa-sm\" href= http://cdn.krxd.net ><i  class=\"fas fa-external-link-alt fa-lg\"></i></a> [ cdn.krxd.net ] <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-016\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 05/03/2020 01:00:00 - 06/03/2021 13:00:00] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":52831964,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 151.101.130.133 and port 61573 and port 443","epoch_begin":1589741865,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1477362905&flow_hash_id=32","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61573","srv_ip":{"country":"CA","label":"cdn.krxd.net","label_long":"cdn.krxd.net","name":"cdn.krxd.net","reference":"<a href='/lua/host_details.lua?host=151.101.130.133' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"151.101.130.133"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_suspicious_dga_domain#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Suspicious DGA Domain <a class=\"ntopng-external-link fa-sm\" href= http://cdn.krxd.net ><i  class=\"fas fa-external-link-alt fa-lg\"></i></a> [ cdn.krxd.net ] <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-016\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 05/03/2020 01:00:00 - 06/03/2021 13:00:00] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"TCP","value":"6"},"row_id":"20","score":{"color":"#ff3231","label":"100","value":100},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://login.kataweb.it' target='_blank'><i class='fas fa-external-link-alt'></i> login.kataweb.it</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831964,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 59920 and port 53","epoch_begin":1589741865,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169522265&flow_hash_id=49","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"59920","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://login.kataweb.it' target='_blank'><i class='fas fa-external-link-alt'></i> login.kataweb.it</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"21","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831964,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61580 and port 443","epoch_begin":1589741865,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169588484&flow_hash_id=40","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61580","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"22","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://www.googleadservices.com' target='_blank'><i class='fas fa-external-link-alt'></i> www.googleadservices.com</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":52831964,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 62869 and port 53","epoch_begin":1589741865,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169556324&flow_hash_id=16","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"62869","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Google","label":"UDP:DNS.Google","value":"126"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://www.googleadservices.com' target='_blank'><i class='fas fa-external-link-alt'></i> www.googleadservices.com</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"23","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://www.googletagservices.com' target='_blank'><i class='fas fa-external-link-alt'></i> www.googletagservices.com</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":52831964,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 62359 and port 53","epoch_begin":1589741865,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169556834&flow_hash_id=22","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"62359","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.GoogleServices","label":"UDP:DNS.GoogleServices","value":"239"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://www.googletagservices.com' target='_blank'><i class='fas fa-external-link-alt'></i> www.googletagservices.com</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"24","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://a771.dscq.akamai.net' target='_blank'><i class='fas fa-external-link-alt'></i> a771.dscq.akamai.net</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":52831964,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 55707 and port 53","epoch_begin":1589741865,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169557832&flow_hash_id=34","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"55707","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://a771.dscq.akamai.net' target='_blank'><i class='fas fa-external-link-alt'></i> a771.dscq.akamai.net</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"25","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831964,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61589 and port 443","epoch_begin":1589741865,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169590788&flow_hash_id=59","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61589","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"26","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://b.scorecardresearch.com' target='_blank'><i class='fas fa-external-link-alt'></i> b.scorecardresearch.com</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":52831964,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 65309 and port 53","epoch_begin":1589741865,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169525614&flow_hash_id=54","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"65309","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://b.scorecardresearch.com' target='_blank'><i class='fas fa-external-link-alt'></i> b.scorecardresearch.com</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"27","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","value":"47"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain <a class=\"ntopng-external-link fa-sm\" href= http://cdn.krxd.net ><i  class=\"fas fa-external-link-alt fa-lg\"></i></a> [ cdn.krxd.net ] <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-016\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 05/03/2020 01:00:00 - 06/03/2021 13:00:00] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831964,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 151.101.130.133 and port 61590 and port 443","epoch_begin":1589741865,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1477367257&flow_hash_id=60","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61590","srv_ip":{"country":"CA","label":"cdn.krxd.net","label_long":"cdn.krxd.net","name":"cdn.krxd.net","reference":"<a href='/lua/host_details.lua?host=151.101.130.133' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"151.101.130.133"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_suspicious_dga_domain#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Suspicious DGA Domain <a class=\"ntopng-external-link fa-sm\" href= http://cdn.krxd.net ><i  class=\"fas fa-external-link-alt fa-lg\"></i></a> [ cdn.krxd.net ] <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-016\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 05/03/2020 01:00:00 - 06/03/2021 13:00:00] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"TCP","value":"6"},"row_id":"28","score":{"color":"#ff3231","label":"100","value":100},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831964,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61594 and port 443","epoch_begin":1589741865,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169592068&flow_hash_id=64","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61594","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"29","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://oasjs.repubblica.it' target='_blank'><i class='fas fa-external-link-alt'></i> oasjs.repubblica.it</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831964,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 63777 and port 53","epoch_begin":1589741865,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169526632&flow_hash_id=46","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"63777","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://oasjs.repubblica.it' target='_blank'><i class='fas fa-external-link-alt'></i> oasjs.repubblica.it</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"30","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://static.chartbeat.com' target='_blank'><i class='fas fa-external-link-alt'></i> static.chartbeat.com</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":52831964,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 52650 and port 53","epoch_begin":1589741865,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169561660&flow_hash_id=29","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"52650","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://static.chartbeat.com' target='_blank'><i class='fas fa-external-link-alt'></i> static.chartbeat.com</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"31","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://connect.facebook.net' target='_blank'><i class='fas fa-external-link-alt'></i> connect.facebook.net</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":52831965,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 61739 and port 53","epoch_begin":1589741864,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169529184&flow_hash_id=15","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61739","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Facebook","label":"UDP:DNS.Facebook","value":"119"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://connect.facebook.net' target='_blank'><i class='fas fa-external-link-alt'></i> connect.facebook.net</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"32","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831964,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61607 and port 443","epoch_begin":1589741865,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169595396&flow_hash_id=78","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61607","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"33","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831964,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61608 and port 443","epoch_begin":1589741865,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169595652&flow_hash_id=79","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61608","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"34","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://consumer.krxd.net' target='_blank'><i class='fas fa-external-link-alt'></i> consumer.krxd.net</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831964,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 53807 and port 53","epoch_begin":1589741865,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169530177&flow_hash_id=25","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"53807","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://consumer.krxd.net' target='_blank'><i class='fas fa-external-link-alt'></i> consumer.krxd.net</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"35","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831964,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61609 and port 443","epoch_begin":1589741865,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169595908&flow_hash_id=80","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61609","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"36","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831964,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61610 and port 443","epoch_begin":1589741865,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169596164&flow_hash_id=81","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61610","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"37","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://cdns.gigya.com' target='_blank'><i class='fas fa-external-link-alt'></i> cdns.gigya.com</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831964,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 62012 and port 53","epoch_begin":1589741865,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169533537&flow_hash_id=17","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"62012","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://cdns.gigya.com' target='_blank'><i class='fas fa-external-link-alt'></i> cdns.gigya.com</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"38","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://data.kataweb.it' target='_blank'><i class='fas fa-external-link-alt'></i> data.kataweb.it</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831964,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 51263 and port 53","epoch_begin":1589741865,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169534263&flow_hash_id=47","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"51263","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://data.kataweb.it' target='_blank'><i class='fas fa-external-link-alt'></i> data.kataweb.it</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"39","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://www.repstatic.it' target='_blank'><i class='fas fa-external-link-alt'></i> www.repstatic.it</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831965,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 54593 and port 53","epoch_begin":1589741864,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169534788&flow_hash_id=13","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"54593","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://www.repstatic.it' target='_blank'><i class='fas fa-external-link-alt'></i> www.repstatic.it</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"40","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://ssl.google-analytics.com' target='_blank'><i class='fas fa-external-link-alt'></i> ssl.google-analytics.com</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":52831963,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 60368 and port 53","epoch_begin":1589741866,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169571418&flow_hash_id=98","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"60368","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Google","label":"UDP:DNS.Google","value":"126"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://ssl.google-analytics.com' target='_blank'><i class='fas fa-external-link-alt'></i> ssl.google-analytics.com</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"41","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://cdns.us1.gigya.com' target='_blank'><i class='fas fa-external-link-alt'></i> cdns.us1.gigya.com</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831963,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64080 and port 53","epoch_begin":1589741866,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169538665&flow_hash_id=100","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"64080","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://cdns.us1.gigya.com' target='_blank'><i class='fas fa-external-link-alt'></i> cdns.us1.gigya.com</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"42","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://www.gelestatic.it' target='_blank'><i class='fas fa-external-link-alt'></i> www.gelestatic.it</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831963,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 61397 and port 53","epoch_begin":1589741866,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169572702&flow_hash_id=92","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61397","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://www.gelestatic.it' target='_blank'><i class='fas fa-external-link-alt'></i> www.gelestatic.it</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"43","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://sb.scorecardresearch.com' target='_blank'><i class='fas fa-external-link-alt'></i> sb.scorecardresearch.com</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":52831963,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 57066 and port 53","epoch_begin":1589741866,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169578061&flow_hash_id=93","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"57066","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://sb.scorecardresearch.com' target='_blank'><i class='fas fa-external-link-alt'></i> sb.scorecardresearch.com</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"44","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://socialize.us1.gigya.com' target='_blank'><i class='fas fa-external-link-alt'></i> socialize.us1.gigya.com</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":52831963,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 49907 and port 53","epoch_begin":1589741866,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169580337&flow_hash_id=101","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"49907","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://socialize.us1.gigya.com' target='_blank'><i class='fas fa-external-link-alt'></i> socialize.us1.gigya.com</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"45","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://graph.facebook.com' target='_blank'><i class='fas fa-external-link-alt'></i> graph.facebook.com</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831963,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 52734 and port 53","epoch_begin":1589741866,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169583164&flow_hash_id=95","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"52734","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Facebook","label":"UDP:DNS.Facebook","value":"119"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://graph.facebook.com' target='_blank'><i class='fas fa-external-link-alt'></i> graph.facebook.com</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"46","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://www.google-analytics.com' target='_blank'><i class='fas fa-external-link-alt'></i> www.google-analytics.com</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":52831963,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 52367 and port 53","epoch_begin":1589741866,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169554747&flow_hash_id=90","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"52367","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Google","label":"UDP:DNS.Google","value":"126"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://www.google-analytics.com' target='_blank'><i class='fas fa-external-link-alt'></i> www.google-analytics.com</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"47","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://a221.g.akamai.net' target='_blank'><i class='fas fa-external-link-alt'></i> a221.g.akamai.net</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831963,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 59283 and port 53","epoch_begin":1589741866,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169555798&flow_hash_id=99","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"59283","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://a221.g.akamai.net' target='_blank'><i class='fas fa-external-link-alt'></i> a221.g.akamai.net</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"48","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://www.facebook.com' target='_blank'><i class='fas fa-external-link-alt'></i> www.facebook.com</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831963,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 58649 and port 53","epoch_begin":1589741866,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169524564&flow_hash_id=94","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"58649","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Facebook","label":"UDP:DNS.Facebook","value":"119"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://www.facebook.com' target='_blank'><i class='fas fa-external-link-alt'></i> www.facebook.com</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"49","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://cdn.taboola.com' target='_blank'><i class='fas fa-external-link-alt'></i> cdn.taboola.com</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831963,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 51226 and port 53","epoch_begin":1589741866,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169524791&flow_hash_id=97","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"51226","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://cdn.taboola.com' target='_blank'><i class='fas fa-external-link-alt'></i> cdn.taboola.com</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"50","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://gruppoespresso01.webtrekk.net' target='_blank'><i class='fas fa-external-link-alt'></i> gruppoespresso01.webtrekk.net</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":52831963,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 54170 and port 53","epoch_begin":1589741866,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169557570&flow_hash_id=91","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"54170","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://gruppoespresso01.webtrekk.net' target='_blank'><i class='fas fa-external-link-alt'></i> gruppoespresso01.webtrekk.net</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"51","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://www.taboola.com' target='_blank'><i class='fas fa-external-link-alt'></i> www.taboola.com</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831963,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 63273 and port 53","epoch_begin":1589741866,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169528678&flow_hash_id=96","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"63273","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://www.taboola.com' target='_blank'><i class='fas fa-external-link-alt'></i> www.taboola.com</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"52","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://imasdk.googleapis.com' target='_blank'><i class='fas fa-external-link-alt'></i> imasdk.googleapis.com</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":52831963,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64299 and port 53","epoch_begin":1589741866,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169529194&flow_hash_id=89","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"64299","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.GoogleServices","label":"UDP:DNS.GoogleServices","value":"239"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://imasdk.googleapis.com' target='_blank'><i class='fas fa-external-link-alt'></i> imasdk.googleapis.com</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"53","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://comments.us1.gigya.com' target='_blank'><i class='fas fa-external-link-alt'></i> comments.us1.gigya.com</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":52831963,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 56374 and port 53","epoch_begin":1589741866,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169531979&flow_hash_id=102","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"56374","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://comments.us1.gigya.com' target='_blank'><i class='fas fa-external-link-alt'></i> comments.us1.gigya.com</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"54","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831963,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61619 and port 443","epoch_begin":1589741866,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169598468&flow_hash_id=105","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61619","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"55","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831963,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61620 and port 443","epoch_begin":1589741866,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169598724&flow_hash_id=106","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61620","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"56","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831963,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61621 and port 443","epoch_begin":1589741866,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169598980&flow_hash_id=107","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61621","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"57","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831963,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61622 and port 443","epoch_begin":1589741866,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169599236&flow_hash_id=108","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61622","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"58","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831963,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61623 and port 443","epoch_begin":1589741866,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169599492&flow_hash_id=109","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61623","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"59","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831963,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61624 and port 443","epoch_begin":1589741866,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169599748&flow_hash_id=110","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61624","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"60","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://ping.chartbeat.net' target='_blank'><i class='fas fa-external-link-alt'></i> ping.chartbeat.net</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831963,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 56898 and port 53","epoch_begin":1589741866,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169535053&flow_hash_id=88","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"56898","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://ping.chartbeat.net' target='_blank'><i class='fas fa-external-link-alt'></i> ping.chartbeat.net</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"61","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 13/08/2019 01:00:00 - 12/08/2020 13:00:00] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831963,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 184.51.127.56 and port 61632 and port 443","epoch_begin":1589741866,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2027748492&flow_hash_id=118","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61632","srv_ip":{"country":"IT","label":"184.51.127.56","label_long":"184.51.127.56","reference":"<a href='/lua/host_details.lua?host=184.51.127.56' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"184.51.127.56"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 13/08/2019 01:00:00 - 12/08/2020 13:00:00] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"62","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831962,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61650 and port 443","epoch_begin":1589741867,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169606404&flow_hash_id=132","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61650","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"63","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831962,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61651 and port 443","epoch_begin":1589741867,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169606660&flow_hash_id=133","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61651","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"64","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831962,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61657 and port 443","epoch_begin":1589741867,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169608196&flow_hash_id=139","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61657","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"65","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831962,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61664 and port 443","epoch_begin":1589741867,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169609988&flow_hash_id=146","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61664","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"66","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831962,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61665 and port 443","epoch_begin":1589741867,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169610244&flow_hash_id=147","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61665","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"67","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831962,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61667 and port 443","epoch_begin":1589741867,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169610756&flow_hash_id=149","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61667","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"68","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831963,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61625 and port 443","epoch_begin":1589741866,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169600004&flow_hash_id=111","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61625","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"69","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831963,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61627 and port 443","epoch_begin":1589741866,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169600516&flow_hash_id=113","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61627","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"70","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831963,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61628 and port 443","epoch_begin":1589741866,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169600772&flow_hash_id=114","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61628","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"71","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831963,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61629 and port 443","epoch_begin":1589741866,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169601028&flow_hash_id=115","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61629","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"72","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://media.gedidigital.it' target='_blank'><i class='fas fa-external-link-alt'></i> media.gedidigital.it</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":52831961,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 50013 and port 53","epoch_begin":1589741868,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169541938&flow_hash_id=162","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"50013","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://media.gedidigital.it' target='_blank'><i class='fas fa-external-link-alt'></i> media.gedidigital.it</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"73","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://fbc.wcfbc.net' target='_blank'><i class='fas fa-external-link-alt'></i> fbc.wcfbc.net</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","shorten_descr":"Unexpected DNS server found [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' styl…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","value":"47"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain <a class=\"ntopng-external-link fa-sm\" href= http://fbc.wcfbc.net ><i  class=\"fas fa-external-link-alt fa-lg\"></i></a> [ fbc.wcfbc.net ] <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-016\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://fbc.wcfbc.net' target='_blank'><i class='fas fa-external-link-alt'></i> fbc.wcfbc.net</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831961,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 56544 and port 53","epoch_begin":1589741868,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169575499&flow_hash_id=172","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"56544","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_suspicious_dga_domain#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Suspicious DGA Domain <a class=\"ntopng-external-link fa-sm\" href= http://fbc.wcfbc.net ><i  class=\"fas fa-external-link-alt fa-lg\"></i></a> [ fbc.wcfbc.net ] <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-016\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://fbc.wcfbc.net' target='_blank'><i class='fas fa-external-link-alt'></i> fbc.wcfbc.net</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"74","score":{"color":"#ff3231","label":"200","value":200},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831961,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61672 and port 443","epoch_begin":1589741868,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169612036&flow_hash_id=152","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61672","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"75","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831961,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61675 and port 443","epoch_begin":1589741868,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169612804&flow_hash_id=155","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61675","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"76","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831961,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61676 and port 443","epoch_begin":1589741868,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169613060&flow_hash_id=156","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61676","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"77","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831961,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61678 and port 443","epoch_begin":1589741868,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169613572&flow_hash_id=158","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61678","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"78","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831961,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61682 and port 443","epoch_begin":1589741868,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169614596&flow_hash_id=163","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61682","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"79","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://d.adagiof3.repubblica.it' target='_blank'><i class='fas fa-external-link-alt'></i> d.adagiof3.repubblica.it</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":52831961,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 58163 and port 53","epoch_begin":1589741868,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169531218&flow_hash_id=165","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"58163","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://d.adagiof3.repubblica.it' target='_blank'><i class='fas fa-external-link-alt'></i> d.adagiof3.repubblica.it</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"80","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://hits-i.iubenda.com' target='_blank'><i class='fas fa-external-link-alt'></i> hits-i.iubenda.com</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831961,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 63928 and port 53","epoch_begin":1589741868,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169565288&flow_hash_id=169","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"63928","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://hits-i.iubenda.com' target='_blank'><i class='fas fa-external-link-alt'></i> hits-i.iubenda.com</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"81","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Obsolete TLS Version","value":"24"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Obsolete TLS Version","count":1,"description":{"descr":"Obsolete TLS Version [Version: TLSv1] <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-007\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831962,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61660 and port 443","epoch_begin":1589741867,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169608964&flow_hash_id=142","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61660","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_old_protocol_version#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Obsolete TLS Version [Version: TLSv1] <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-007\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Obsolete TLS Version","name":"Obsolete TLS Version","value":24},"proto":{"label":"TCP","value":"6"},"row_id":"82","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_old_protocol_version","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Obsolete TLS Version","value":"24"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Obsolete TLS Version","count":1,"description":{"descr":"Obsolete TLS Version [Version: TLSv1] <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-007\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831962,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61663 and port 443","epoch_begin":1589741867,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169609732&flow_hash_id=145","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61663","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_old_protocol_version#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Obsolete TLS Version [Version: TLSv1] <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-007\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Obsolete TLS Version","name":"Obsolete TLS Version","value":24},"proto":{"label":"TCP","value":"6"},"row_id":"83","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_old_protocol_version","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831960,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61691 and port 443","epoch_begin":1589741869,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169616900&flow_hash_id=177","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61691","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"84","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:49","value":1589741869},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","value":"47"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain <a class=\"ntopng-external-link fa-sm\" href= http://fbc.wcfbc.net ><i  class=\"fas fa-external-link-alt fa-lg\"></i></a> [ fbc.wcfbc.net ] <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-016\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 11/01/2018 14:08:01 - 11/01/2021 14:08:01] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":52831961,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 185.54.150.123 and port 61689 and port 443","epoch_begin":1589741868,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2044742863&flow_hash_id=173","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61689","srv_ip":{"country":"DE","label":"fbc.wcfbc.net","label_long":"fbc.wcfbc.net","name":"fbc.wcfbc.net","reference":"<a href='/lua/host_details.lua?host=185.54.150.123' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"185.54.150.123"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_suspicious_dga_domain#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Suspicious DGA Domain <a class=\"ntopng-external-link fa-sm\" href= http://fbc.wcfbc.net ><i  class=\"fas fa-external-link-alt fa-lg\"></i></a> [ fbc.wcfbc.net ] <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-016\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 11/01/2018 14:08:01 - 11/01/2021 14:08:01] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"TCP","value":"6"},"row_id":"85","score":{"color":"#ff3231","label":"100","value":100},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS not carrying HTTPS","value":"46"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS not carrying HTTPS","count":1,"description":{"descr":"TLS not carrying HTTPS <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-015\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 10] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":52831961,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 185.54.150.85 and port 61685 and port 443","epoch_begin":1589741868,"epoch_end":1642573830},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2044741801&flow_hash_id=167","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61685","srv_ip":{"country":"DE","label":"a.gedidigital.it","label_long":"a.gedidigital.it","name":"a.gedidigital.it","reference":"<a href='/lua/host_details.lua?host=185.54.150.85' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"185.54.150.85"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_tls_not_carrying_https#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS not carrying HTTPS <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-015\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 10] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS not carrying HTTPS","name":"TLS not carrying HTTPS","value":46},"proto":{"label":"TCP","value":"6"},"row_id":"86","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_tls_not_carrying_https","severity":{"color":"#5cd65c","label":"<i class='fas fa-fw fa-hand-paper text-primary' style='color: #5cd65c!important' title='Notice'></i> ","value":3},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 19:57:48","value":1589741868},"vlan_id":"0"}],"stats":{"query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1    ","query_duration_msec":1.2691020965576}}}
+{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":86,"recordsTotal":86,"rsp":{"records":[{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://www.repubblica.it' target='_blank'><i class='fas fa-external-link-alt'></i> www.repubblica.it</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263920,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 51409 and port 53","epoch_begin":1589741864,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169571639&flow_hash_id=6","cli_ip":{"country":"","label":"192.168.1.93","label_long":"192.168.1.93","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"51409","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://www.repubblica.it' target='_blank'><i class='fas fa-external-link-alt'></i> www.repubblica.it</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"1","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://beacon.krxd.net' target='_blank'><i class='fas fa-external-link-alt'></i> beacon.krxd.net</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263920,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 62064 and port 53","epoch_begin":1589741864,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169546849&flow_hash_id=10","cli_ip":{"country":"","label":"192.168.1.93","label_long":"192.168.1.93","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"62064","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://beacon.krxd.net' target='_blank'><i class='fas fa-external-link-alt'></i> beacon.krxd.net</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"2","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://partner.googleadservices.com' target='_blank'><i class='fas fa-external-link-alt'></i> partner.googleadservices.com</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":53263919,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 51784 and port 53","epoch_begin":1589741865,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169536569&flow_hash_id=52","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"51784","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Google","label":"UDP:DNS.Google","value":"126"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://partner.googleadservices.com' target='_blank'><i class='fas fa-external-link-alt'></i> partner.googleadservices.com</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"3","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://secure-it.imrworldwide.com' target='_blank'><i class='fas fa-external-link-alt'></i> secure-it.imrworldwide.com</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":53263919,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 57672 and port 53","epoch_begin":1589741865,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169536592&flow_hash_id=51","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"57672","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://secure-it.imrworldwide.com' target='_blank'><i class='fas fa-external-link-alt'></i> secure-it.imrworldwide.com</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"4","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://cdn.krxd.net' target='_blank'><i class='fas fa-external-link-alt'></i> cdn.krxd.net</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","shorten_descr":"Unexpected DNS server found [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' styl…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","value":"47"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain <a class=\"ntopng-external-link fa-sm\" href= http://cdn.krxd.net ><i  class=\"fas fa-external-link-alt fa-lg\"></i></a> [ cdn.krxd.net ] <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-016\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://cdn.krxd.net' target='_blank'><i class='fas fa-external-link-alt'></i> cdn.krxd.net</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263919,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64331 and port 53","epoch_begin":1589741865,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169537386&flow_hash_id=18","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"64331","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_suspicious_dga_domain#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Suspicious DGA Domain <a class=\"ntopng-external-link fa-sm\" href= http://cdn.krxd.net ><i  class=\"fas fa-external-link-alt fa-lg\"></i></a> [ cdn.krxd.net ] <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-016\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://cdn.krxd.net' target='_blank'><i class='fas fa-external-link-alt'></i> cdn.krxd.net</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"5","score":{"color":"#ff3231","label":"200","value":200},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://adagiof3.repubblica.it' target='_blank'><i class='fas fa-external-link-alt'></i> adagiof3.repubblica.it</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":53263919,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64210 and port 53","epoch_begin":1589741865,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169571945&flow_hash_id=53","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"64210","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://adagiof3.repubblica.it' target='_blank'><i class='fas fa-external-link-alt'></i> adagiof3.repubblica.it</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"6","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://scripts.kataweb.it' target='_blank'><i class='fas fa-external-link-alt'></i> scripts.kataweb.it</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263920,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 62168 and port 53","epoch_begin":1589741864,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169573473&flow_hash_id=8","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"62168","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://scripts.kataweb.it' target='_blank'><i class='fas fa-external-link-alt'></i> scripts.kataweb.it</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"7","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://a.gedidigital.it' target='_blank'><i class='fas fa-external-link-alt'></i> a.gedidigital.it</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263919,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 56927 and port 53","epoch_begin":1589741865,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169542477&flow_hash_id=57","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"56927","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://a.gedidigital.it' target='_blank'><i class='fas fa-external-link-alt'></i> a.gedidigital.it</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"8","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://video.repubblica.it' target='_blank'><i class='fas fa-external-link-alt'></i> video.repubblica.it</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263919,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 54636 and port 53","epoch_begin":1589741865,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169545796&flow_hash_id=48","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"54636","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://video.repubblica.it' target='_blank'><i class='fas fa-external-link-alt'></i> video.repubblica.it</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"9","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://scripts.repubblica.it' target='_blank'><i class='fas fa-external-link-alt'></i> scripts.repubblica.it</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":53263920,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64109 and port 53","epoch_begin":1589741864,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169546089&flow_hash_id=9","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"64109","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://scripts.repubblica.it' target='_blank'><i class='fas fa-external-link-alt'></i> scripts.repubblica.it</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"10","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://www.googletagmanager.com' target='_blank'><i class='fas fa-external-link-alt'></i> www.googletagmanager.com</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":53263919,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 53871 and port 53","epoch_begin":1589741865,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169546561&flow_hash_id=76","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"53871","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.GoogleServices","label":"UDP:DNS.GoogleServices","value":"239"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://www.googletagmanager.com' target='_blank'><i class='fas fa-external-link-alt'></i> www.googletagmanager.com</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"11","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://cdn-gl.imrworldwide.com' target='_blank'><i class='fas fa-external-link-alt'></i> cdn-gl.imrworldwide.com</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":53263919,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 52340 and port 53","epoch_begin":1589741865,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169547835&flow_hash_id=24","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"52340","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://cdn-gl.imrworldwide.com' target='_blank'><i class='fas fa-external-link-alt'></i> cdn-gl.imrworldwide.com</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"12","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://oasjs.kataweb.it' target='_blank'><i class='fas fa-external-link-alt'></i> oasjs.kataweb.it</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263920,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 65014 and port 53","epoch_begin":1589741864,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169581164&flow_hash_id=7","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"65014","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://oasjs.kataweb.it' target='_blank'><i class='fas fa-external-link-alt'></i> oasjs.kataweb.it</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"13","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://tvzap.kataweb.it' target='_blank'><i class='fas fa-external-link-alt'></i> tvzap.kataweb.it</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263919,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64119 and port 53","epoch_begin":1589741865,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169548649&flow_hash_id=50","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"64119","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://tvzap.kataweb.it' target='_blank'><i class='fas fa-external-link-alt'></i> tvzap.kataweb.it</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"14","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263920,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61563 and port 443","epoch_begin":1589741864,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169584132&flow_hash_id=14","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61563","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"15","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263919,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61566 and port 443","epoch_begin":1589741865,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169584900&flow_hash_id=21","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61566","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"16","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263919,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61569 and port 443","epoch_begin":1589741865,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169585668&flow_hash_id=27","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61569","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"17","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263919,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61570 and port 443","epoch_begin":1589741865,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169585924&flow_hash_id=28","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61570","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"18","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263919,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61572 and port 443","epoch_begin":1589741865,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169586436&flow_hash_id=31","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61572","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"19","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","value":"47"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain <a class=\"ntopng-external-link fa-sm\" href= http://cdn.krxd.net ><i  class=\"fas fa-external-link-alt fa-lg\"></i></a> [ cdn.krxd.net ] <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-016\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 05/03/2020 01:00:00 - 06/03/2021 13:00:00] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":53263919,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 151.101.130.133 and port 61573 and port 443","epoch_begin":1589741865,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1477362905&flow_hash_id=32","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61573","srv_ip":{"country":"CA","label":"cdn.krxd.net","label_long":"cdn.krxd.net","name":"cdn.krxd.net","reference":"<a href='/lua/host_details.lua?host=151.101.130.133' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"151.101.130.133"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_suspicious_dga_domain#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Suspicious DGA Domain <a class=\"ntopng-external-link fa-sm\" href= http://cdn.krxd.net ><i  class=\"fas fa-external-link-alt fa-lg\"></i></a> [ cdn.krxd.net ] <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-016\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 05/03/2020 01:00:00 - 06/03/2021 13:00:00] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"TCP","value":"6"},"row_id":"20","score":{"color":"#ff3231","label":"100","value":100},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://login.kataweb.it' target='_blank'><i class='fas fa-external-link-alt'></i> login.kataweb.it</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263919,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 59920 and port 53","epoch_begin":1589741865,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169522265&flow_hash_id=49","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"59920","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://login.kataweb.it' target='_blank'><i class='fas fa-external-link-alt'></i> login.kataweb.it</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"21","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263919,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61580 and port 443","epoch_begin":1589741865,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169588484&flow_hash_id=40","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61580","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"22","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://www.googleadservices.com' target='_blank'><i class='fas fa-external-link-alt'></i> www.googleadservices.com</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":53263919,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 62869 and port 53","epoch_begin":1589741865,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169556324&flow_hash_id=16","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"62869","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Google","label":"UDP:DNS.Google","value":"126"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://www.googleadservices.com' target='_blank'><i class='fas fa-external-link-alt'></i> www.googleadservices.com</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"23","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://www.googletagservices.com' target='_blank'><i class='fas fa-external-link-alt'></i> www.googletagservices.com</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":53263919,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 62359 and port 53","epoch_begin":1589741865,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169556834&flow_hash_id=22","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"62359","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.GoogleServices","label":"UDP:DNS.GoogleServices","value":"239"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://www.googletagservices.com' target='_blank'><i class='fas fa-external-link-alt'></i> www.googletagservices.com</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"24","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://a771.dscq.akamai.net' target='_blank'><i class='fas fa-external-link-alt'></i> a771.dscq.akamai.net</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":53263919,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 55707 and port 53","epoch_begin":1589741865,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169557832&flow_hash_id=34","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"55707","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://a771.dscq.akamai.net' target='_blank'><i class='fas fa-external-link-alt'></i> a771.dscq.akamai.net</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"25","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263919,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61589 and port 443","epoch_begin":1589741865,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169590788&flow_hash_id=59","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61589","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"26","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://b.scorecardresearch.com' target='_blank'><i class='fas fa-external-link-alt'></i> b.scorecardresearch.com</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":53263919,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 65309 and port 53","epoch_begin":1589741865,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169525614&flow_hash_id=54","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"65309","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://b.scorecardresearch.com' target='_blank'><i class='fas fa-external-link-alt'></i> b.scorecardresearch.com</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"27","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","value":"47"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain <a class=\"ntopng-external-link fa-sm\" href= http://cdn.krxd.net ><i  class=\"fas fa-external-link-alt fa-lg\"></i></a> [ cdn.krxd.net ] <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-016\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 05/03/2020 01:00:00 - 06/03/2021 13:00:00] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263919,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 151.101.130.133 and port 61590 and port 443","epoch_begin":1589741865,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1477367257&flow_hash_id=60","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61590","srv_ip":{"country":"CA","label":"cdn.krxd.net","label_long":"cdn.krxd.net","name":"cdn.krxd.net","reference":"<a href='/lua/host_details.lua?host=151.101.130.133' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"151.101.130.133"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_suspicious_dga_domain#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Suspicious DGA Domain <a class=\"ntopng-external-link fa-sm\" href= http://cdn.krxd.net ><i  class=\"fas fa-external-link-alt fa-lg\"></i></a> [ cdn.krxd.net ] <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-016\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 05/03/2020 01:00:00 - 06/03/2021 13:00:00] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"TCP","value":"6"},"row_id":"28","score":{"color":"#ff3231","label":"100","value":100},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263919,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61594 and port 443","epoch_begin":1589741865,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169592068&flow_hash_id=64","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61594","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"29","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://oasjs.repubblica.it' target='_blank'><i class='fas fa-external-link-alt'></i> oasjs.repubblica.it</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263919,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 63777 and port 53","epoch_begin":1589741865,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169526632&flow_hash_id=46","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"63777","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://oasjs.repubblica.it' target='_blank'><i class='fas fa-external-link-alt'></i> oasjs.repubblica.it</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"30","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://static.chartbeat.com' target='_blank'><i class='fas fa-external-link-alt'></i> static.chartbeat.com</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":53263919,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 52650 and port 53","epoch_begin":1589741865,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169561660&flow_hash_id=29","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"52650","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://static.chartbeat.com' target='_blank'><i class='fas fa-external-link-alt'></i> static.chartbeat.com</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"31","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://connect.facebook.net' target='_blank'><i class='fas fa-external-link-alt'></i> connect.facebook.net</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":53263920,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 61739 and port 53","epoch_begin":1589741864,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169529184&flow_hash_id=15","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61739","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Facebook","label":"UDP:DNS.Facebook","value":"119"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://connect.facebook.net' target='_blank'><i class='fas fa-external-link-alt'></i> connect.facebook.net</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"32","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263919,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61607 and port 443","epoch_begin":1589741865,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169595396&flow_hash_id=78","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61607","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"33","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263919,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61608 and port 443","epoch_begin":1589741865,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169595652&flow_hash_id=79","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61608","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"34","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://consumer.krxd.net' target='_blank'><i class='fas fa-external-link-alt'></i> consumer.krxd.net</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263919,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 53807 and port 53","epoch_begin":1589741865,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169530177&flow_hash_id=25","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"53807","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://consumer.krxd.net' target='_blank'><i class='fas fa-external-link-alt'></i> consumer.krxd.net</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"35","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263919,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61609 and port 443","epoch_begin":1589741865,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169595908&flow_hash_id=80","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61609","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"36","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263919,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61610 and port 443","epoch_begin":1589741865,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169596164&flow_hash_id=81","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61610","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"37","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://cdns.gigya.com' target='_blank'><i class='fas fa-external-link-alt'></i> cdns.gigya.com</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263919,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 62012 and port 53","epoch_begin":1589741865,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169533537&flow_hash_id=17","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"62012","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://cdns.gigya.com' target='_blank'><i class='fas fa-external-link-alt'></i> cdns.gigya.com</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"38","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://data.kataweb.it' target='_blank'><i class='fas fa-external-link-alt'></i> data.kataweb.it</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263919,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 51263 and port 53","epoch_begin":1589741865,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169534263&flow_hash_id=47","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"51263","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://data.kataweb.it' target='_blank'><i class='fas fa-external-link-alt'></i> data.kataweb.it</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"39","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://www.repstatic.it' target='_blank'><i class='fas fa-external-link-alt'></i> www.repstatic.it</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263920,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 54593 and port 53","epoch_begin":1589741864,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169534788&flow_hash_id=13","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"54593","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://www.repstatic.it' target='_blank'><i class='fas fa-external-link-alt'></i> www.repstatic.it</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"40","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://ssl.google-analytics.com' target='_blank'><i class='fas fa-external-link-alt'></i> ssl.google-analytics.com</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":53263918,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 60368 and port 53","epoch_begin":1589741866,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169571418&flow_hash_id=98","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"60368","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Google","label":"UDP:DNS.Google","value":"126"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://ssl.google-analytics.com' target='_blank'><i class='fas fa-external-link-alt'></i> ssl.google-analytics.com</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"41","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://cdns.us1.gigya.com' target='_blank'><i class='fas fa-external-link-alt'></i> cdns.us1.gigya.com</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263918,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64080 and port 53","epoch_begin":1589741866,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169538665&flow_hash_id=100","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"64080","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://cdns.us1.gigya.com' target='_blank'><i class='fas fa-external-link-alt'></i> cdns.us1.gigya.com</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"42","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://www.gelestatic.it' target='_blank'><i class='fas fa-external-link-alt'></i> www.gelestatic.it</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263918,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 61397 and port 53","epoch_begin":1589741866,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169572702&flow_hash_id=92","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61397","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://www.gelestatic.it' target='_blank'><i class='fas fa-external-link-alt'></i> www.gelestatic.it</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"43","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://sb.scorecardresearch.com' target='_blank'><i class='fas fa-external-link-alt'></i> sb.scorecardresearch.com</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":53263918,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 57066 and port 53","epoch_begin":1589741866,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169578061&flow_hash_id=93","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"57066","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://sb.scorecardresearch.com' target='_blank'><i class='fas fa-external-link-alt'></i> sb.scorecardresearch.com</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"44","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://socialize.us1.gigya.com' target='_blank'><i class='fas fa-external-link-alt'></i> socialize.us1.gigya.com</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":53263918,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 49907 and port 53","epoch_begin":1589741866,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169580337&flow_hash_id=101","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"49907","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://socialize.us1.gigya.com' target='_blank'><i class='fas fa-external-link-alt'></i> socialize.us1.gigya.com</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"45","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://graph.facebook.com' target='_blank'><i class='fas fa-external-link-alt'></i> graph.facebook.com</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263918,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 52734 and port 53","epoch_begin":1589741866,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169583164&flow_hash_id=95","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"52734","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Facebook","label":"UDP:DNS.Facebook","value":"119"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://graph.facebook.com' target='_blank'><i class='fas fa-external-link-alt'></i> graph.facebook.com</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"46","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://www.google-analytics.com' target='_blank'><i class='fas fa-external-link-alt'></i> www.google-analytics.com</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":53263918,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 52367 and port 53","epoch_begin":1589741866,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169554747&flow_hash_id=90","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"52367","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Google","label":"UDP:DNS.Google","value":"126"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://www.google-analytics.com' target='_blank'><i class='fas fa-external-link-alt'></i> www.google-analytics.com</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"47","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://a221.g.akamai.net' target='_blank'><i class='fas fa-external-link-alt'></i> a221.g.akamai.net</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263918,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 59283 and port 53","epoch_begin":1589741866,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169555798&flow_hash_id=99","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"59283","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://a221.g.akamai.net' target='_blank'><i class='fas fa-external-link-alt'></i> a221.g.akamai.net</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"48","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://www.facebook.com' target='_blank'><i class='fas fa-external-link-alt'></i> www.facebook.com</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263918,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 58649 and port 53","epoch_begin":1589741866,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169524564&flow_hash_id=94","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"58649","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Facebook","label":"UDP:DNS.Facebook","value":"119"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://www.facebook.com' target='_blank'><i class='fas fa-external-link-alt'></i> www.facebook.com</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"49","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://cdn.taboola.com' target='_blank'><i class='fas fa-external-link-alt'></i> cdn.taboola.com</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263918,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 51226 and port 53","epoch_begin":1589741866,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169524791&flow_hash_id=97","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"51226","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://cdn.taboola.com' target='_blank'><i class='fas fa-external-link-alt'></i> cdn.taboola.com</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"50","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://gruppoespresso01.webtrekk.net' target='_blank'><i class='fas fa-external-link-alt'></i> gruppoespresso01.webtrekk.net</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":53263918,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 54170 and port 53","epoch_begin":1589741866,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169557570&flow_hash_id=91","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"54170","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://gruppoespresso01.webtrekk.net' target='_blank'><i class='fas fa-external-link-alt'></i> gruppoespresso01.webtrekk.net</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"51","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://www.taboola.com' target='_blank'><i class='fas fa-external-link-alt'></i> www.taboola.com</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263918,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 63273 and port 53","epoch_begin":1589741866,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169528678&flow_hash_id=96","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"63273","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://www.taboola.com' target='_blank'><i class='fas fa-external-link-alt'></i> www.taboola.com</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"52","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://imasdk.googleapis.com' target='_blank'><i class='fas fa-external-link-alt'></i> imasdk.googleapis.com</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":53263918,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64299 and port 53","epoch_begin":1589741866,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169529194&flow_hash_id=89","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"64299","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.GoogleServices","label":"UDP:DNS.GoogleServices","value":"239"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://imasdk.googleapis.com' target='_blank'><i class='fas fa-external-link-alt'></i> imasdk.googleapis.com</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"53","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://comments.us1.gigya.com' target='_blank'><i class='fas fa-external-link-alt'></i> comments.us1.gigya.com</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":53263918,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 56374 and port 53","epoch_begin":1589741866,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169531979&flow_hash_id=102","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"56374","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://comments.us1.gigya.com' target='_blank'><i class='fas fa-external-link-alt'></i> comments.us1.gigya.com</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"54","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263918,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61619 and port 443","epoch_begin":1589741866,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169598468&flow_hash_id=105","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61619","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"55","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263918,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61620 and port 443","epoch_begin":1589741866,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169598724&flow_hash_id=106","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61620","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"56","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263918,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61621 and port 443","epoch_begin":1589741866,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169598980&flow_hash_id=107","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61621","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"57","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263918,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61622 and port 443","epoch_begin":1589741866,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169599236&flow_hash_id=108","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61622","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"58","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263918,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61623 and port 443","epoch_begin":1589741866,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169599492&flow_hash_id=109","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61623","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"59","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263918,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61624 and port 443","epoch_begin":1589741866,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169599748&flow_hash_id=110","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61624","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"60","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://ping.chartbeat.net' target='_blank'><i class='fas fa-external-link-alt'></i> ping.chartbeat.net</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263918,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 56898 and port 53","epoch_begin":1589741866,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169535053&flow_hash_id=88","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"56898","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://ping.chartbeat.net' target='_blank'><i class='fas fa-external-link-alt'></i> ping.chartbeat.net</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"61","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 13/08/2019 01:00:00 - 12/08/2020 13:00:00] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263918,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 184.51.127.56 and port 61632 and port 443","epoch_begin":1589741866,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2027748492&flow_hash_id=118","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61632","srv_ip":{"country":"IT","label":"184.51.127.56","label_long":"184.51.127.56","reference":"<a href='/lua/host_details.lua?host=184.51.127.56' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"184.51.127.56"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 13/08/2019 01:00:00 - 12/08/2020 13:00:00] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"62","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263917,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61650 and port 443","epoch_begin":1589741867,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169606404&flow_hash_id=132","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61650","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"63","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263917,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61651 and port 443","epoch_begin":1589741867,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169606660&flow_hash_id=133","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61651","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"64","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263917,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61657 and port 443","epoch_begin":1589741867,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169608196&flow_hash_id=139","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61657","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"65","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263917,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61664 and port 443","epoch_begin":1589741867,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169609988&flow_hash_id=146","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61664","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"66","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263917,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61665 and port 443","epoch_begin":1589741867,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169610244&flow_hash_id=147","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61665","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"67","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263917,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61667 and port 443","epoch_begin":1589741867,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169610756&flow_hash_id=149","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61667","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"68","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263918,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61625 and port 443","epoch_begin":1589741866,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169600004&flow_hash_id=111","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61625","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"69","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263918,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61627 and port 443","epoch_begin":1589741866,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169600516&flow_hash_id=113","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61627","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"70","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263918,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61628 and port 443","epoch_begin":1589741866,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169600772&flow_hash_id=114","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61628","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"71","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263918,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61629 and port 443","epoch_begin":1589741866,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169601028&flow_hash_id=115","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61629","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"72","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://media.gedidigital.it' target='_blank'><i class='fas fa-external-link-alt'></i> media.gedidigital.it</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":53263916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 50013 and port 53","epoch_begin":1589741868,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169541938&flow_hash_id=162","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"50013","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://media.gedidigital.it' target='_blank'><i class='fas fa-external-link-alt'></i> media.gedidigital.it</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"73","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://fbc.wcfbc.net' target='_blank'><i class='fas fa-external-link-alt'></i> fbc.wcfbc.net</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","shorten_descr":"Unexpected DNS server found [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' styl…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","value":"47"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain <a class=\"ntopng-external-link fa-sm\" href= http://fbc.wcfbc.net ><i  class=\"fas fa-external-link-alt fa-lg\"></i></a> [ fbc.wcfbc.net ] <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-016\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://fbc.wcfbc.net' target='_blank'><i class='fas fa-external-link-alt'></i> fbc.wcfbc.net</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 56544 and port 53","epoch_begin":1589741868,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169575499&flow_hash_id=172","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"56544","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_suspicious_dga_domain#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Suspicious DGA Domain <a class=\"ntopng-external-link fa-sm\" href= http://fbc.wcfbc.net ><i  class=\"fas fa-external-link-alt fa-lg\"></i></a> [ fbc.wcfbc.net ] <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-016\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://fbc.wcfbc.net' target='_blank'><i class='fas fa-external-link-alt'></i> fbc.wcfbc.net</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"74","score":{"color":"#ff3231","label":"200","value":200},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61672 and port 443","epoch_begin":1589741868,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169612036&flow_hash_id=152","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61672","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"75","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61675 and port 443","epoch_begin":1589741868,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169612804&flow_hash_id=155","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61675","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"76","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61676 and port 443","epoch_begin":1589741868,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169613060&flow_hash_id=156","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61676","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"77","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61678 and port 443","epoch_begin":1589741868,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169613572&flow_hash_id=158","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61678","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"78","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61682 and port 443","epoch_begin":1589741868,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169614596&flow_hash_id=163","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61682","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"79","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://d.adagiof3.repubblica.it' target='_blank'><i class='fas fa-external-link-alt'></i> d.adagiof3.repubblica.it</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":53263916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 58163 and port 53","epoch_begin":1589741868,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169531218&flow_hash_id=165","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"58163","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://d.adagiof3.repubblica.it' target='_blank'><i class='fas fa-external-link-alt'></i> d.adagiof3.repubblica.it</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"80","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://hits-i.iubenda.com' target='_blank'><i class='fas fa-external-link-alt'></i> hits-i.iubenda.com</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 63928 and port 53","epoch_begin":1589741868,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169565288&flow_hash_id=169","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"63928","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://hits-i.iubenda.com' target='_blank'><i class='fas fa-external-link-alt'></i> hits-i.iubenda.com</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"81","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Obsolete TLS Version","value":"24"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Obsolete TLS Version","count":1,"description":{"descr":"Obsolete TLS Version [Version: TLSv1] <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-007\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263917,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61660 and port 443","epoch_begin":1589741867,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169608964&flow_hash_id=142","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61660","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_old_protocol_version#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Obsolete TLS Version [Version: TLSv1] <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-007\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Obsolete TLS Version","name":"Obsolete TLS Version","value":24},"proto":{"label":"TCP","value":"6"},"row_id":"82","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_old_protocol_version","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Obsolete TLS Version","value":"24"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Obsolete TLS Version","count":1,"description":{"descr":"Obsolete TLS Version [Version: TLSv1] <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-007\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263917,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61663 and port 443","epoch_begin":1589741867,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169609732&flow_hash_id=145","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61663","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_old_protocol_version#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Obsolete TLS Version [Version: TLSv1] <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-007\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Obsolete TLS Version","name":"Obsolete TLS Version","value":24},"proto":{"label":"TCP","value":"6"},"row_id":"83","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_old_protocol_version","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","value":"23"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Mismatch","count":1,"description":{"descr":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263915,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61691 and port 443","epoch_begin":1589741869,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169616900&flow_hash_id=177","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61691","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"<a href='/lua/host_details.lua?host=192.168.1.176' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.176"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Mismatch  <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-010\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 24/08/2019 19:04:13 - 22/11/2019 19:04:13] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"84","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:49","value":1589741869},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","value":"47"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain <a class=\"ntopng-external-link fa-sm\" href= http://fbc.wcfbc.net ><i  class=\"fas fa-external-link-alt fa-lg\"></i></a> [ fbc.wcfbc.net ] <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-016\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 11/01/2018 14:08:01 - 11/01/2021 14:08:01] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":53263916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 185.54.150.123 and port 61689 and port 443","epoch_begin":1589741868,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2044742863&flow_hash_id=173","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61689","srv_ip":{"country":"DE","label":"fbc.wcfbc.net","label_long":"fbc.wcfbc.net","name":"fbc.wcfbc.net","reference":"<a href='/lua/host_details.lua?host=185.54.150.123' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"185.54.150.123"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_suspicious_dga_domain#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Suspicious DGA Domain <a class=\"ntopng-external-link fa-sm\" href= http://fbc.wcfbc.net ><i  class=\"fas fa-external-link-alt fa-lg\"></i></a> [ fbc.wcfbc.net ] <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-016\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 11/01/2018 14:08:01 - 11/01/2021 14:08:01] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"TCP","value":"6"},"row_id":"85","score":{"color":"#ff3231","label":"100","value":100},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 19:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS not carrying HTTPS","value":"46"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS not carrying HTTPS","count":1,"description":{"descr":"TLS not carrying HTTPS <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-015\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 10] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":53263916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 185.54.150.85 and port 61685 and port 443","epoch_begin":1589741868,"epoch_end":1643005785},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2044741801&flow_hash_id=167","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"<a href='/lua/host_details.lua?host=192.168.1.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.93"},"cli_port":"61685","srv_ip":{"country":"DE","label":"a.gedidigital.it","label_long":"a.gedidigital.it","name":"a.gedidigital.it","reference":"<a href='/lua/host_details.lua?host=185.54.150.85' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"185.54.150.85"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_tls_not_carrying_https#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS not carrying HTTPS <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-015\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 10] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS not carrying HTTPS","name":"TLS not carrying HTTPS","value":46},"proto":{"label":"TCP","value":"6"},"row_id":"86","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_tls_not_carrying_https","severity":{"color":"#5cd65c","label":"<i class='fas fa-fw fa-hand-paper text-primary' style='color: #5cd65c!important' title='Notice'></i> ","value":3},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 19:57:48","value":1589741868},"vlan_id":"0"}],"stats":{"num_records_processed":"Processed 0 records [0 records/sec]","query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1    ","query_duration_msec":1.2321472167969}}}
diff --git a/tests/rest/result/v2/alert_flow_invalid_dns_query_02.out b/tests/rest/result/v2/alert_flow_invalid_dns_query_02.out
index f58fcc00da..5a4aa625bc 100644
--- a/tests/rest/result/v2/alert_flow_invalid_dns_query_02.out
+++ b/tests/rest/result/v2/alert_flow_invalid_dns_query_02.out
@@ -1,2 +1,2 @@
 {"success":true}
-{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":{"descr":"Remote to Remote [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://adsf.adsfadfasdfasdfadsfadsf.adfasdfasdfadsf.adsfadfasdfasdfadsfaasdf.google.it' target='_blank'><i class='fas fa-external-link-alt'></i> adsf.adsfadfasdfasdfadsfadsf.adfasdfasdfadsf.adsfadfasdfasdfadsfaasdf.google.it</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","shorten_descr":"Remote to Remote [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: …"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 9.9.9.9 [Score: 100] [Query Type: 1] [Return Code: 0] [URL:  adsf.adsfadfasdfasdfadsfadsf.adfasdfasdfadsf.adsfadfasdfasdfadsfaasdf.google.it] [Main Direction: Srv Cli]","shorten_descr":"Unexpected DNS server found: 9.9.9.9 [Score: 100] [Query Type: 1] [Return Code: 0] [URL:  adsf.adsfadfasdfasdfadsfadsf.adfasdfasdfadsf.adsfadfasdfasdf…"},"duration":29085047,"family":"flow","filter":{"bpf":"host 192.168.2.222 and host 9.9.9.9 and port 59610 and port 53","epoch_begin":1613488852,"epoch_end":1642573900},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3383892960&flow_hash_id=0","cli_ip":{"country":"","label":"192.168.2.222","label_long":"192.168.2.222","reference":"<a href='/lua/host_details.lua?host=192.168.2.222' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.2.222"},"cli_port":"59610","srv_ip":{"country":"US","label":"9.9.9.9","label_long":"9.9.9.9","reference":"<a href='/lua/host_details.lua?host=9.9.9.9' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"9.9.9.9"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Google","label":"UDP:DNS.Google","value":"126"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 9.9.9.9 [Score: 100] [Query Type: 1] [Return Code: 0] [URL:  adsf.adsfadfasdfasdfadsfadsf.adfasdfasdfadsf.adsfadfasdfasdfadsfaasdf.google.it] [Main Direction: Srv Cli]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"1","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"16/02/2021 16:20:52","value":1613488852},"vlan_id":"0"}],"stats":{"query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1    ","query_duration_msec":0.18596649169922}}}
+{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":{"descr":"Remote to Remote [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://adsf.adsfadfasdfasdfadsfadsf.adfasdfasdfadsf.adsfadfasdfasdfadsfaasdf.google.it' target='_blank'><i class='fas fa-external-link-alt'></i> adsf.adsfadfasdfasdfadsfadsf.adfasdfasdfadsf.adsfadfasdfasdfadsfaasdf.google.it</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","shorten_descr":"Remote to Remote [Score: 100] [Query Type: 1] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: …"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 9.9.9.9 [Score: 100] [Query Type: 1] [Return Code: 0] [URL:  adsf.adsfadfasdfasdfadsfadsf.adfasdfasdfadsf.adsfadfasdfasdfadsfaasdf.google.it] [Main Direction: Srv Cli]","shorten_descr":"Unexpected DNS server found: 9.9.9.9 [Score: 100] [Query Type: 1] [Return Code: 0] [URL:  adsf.adsfadfasdfasdfadsfadsf.adfasdfasdfadsf.adsfadfasdfasdf…"},"duration":29517002,"family":"flow","filter":{"bpf":"host 192.168.2.222 and host 9.9.9.9 and port 59610 and port 53","epoch_begin":1613488852,"epoch_end":1643005855},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3383892960&flow_hash_id=0","cli_ip":{"country":"","label":"192.168.2.222","label_long":"192.168.2.222","reference":"<a href='/lua/host_details.lua?host=192.168.2.222' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.2.222"},"cli_port":"59610","srv_ip":{"country":"US","label":"9.9.9.9","label_long":"9.9.9.9","reference":"<a href='/lua/host_details.lua?host=9.9.9.9' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"9.9.9.9"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Google","label":"UDP:DNS.Google","value":"126"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 9.9.9.9 [Score: 100] [Query Type: 1] [Return Code: 0] [URL:  adsf.adsfadfasdfasdfadsfadsf.adfasdfasdfadsf.adsfadfasdfasdfadsfaasdf.google.it] [Main Direction: Srv Cli]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"1","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"16/02/2021 16:20:52","value":1613488852},"vlan_id":"0"}],"stats":{"num_records_processed":"Processed 0 records [0 records/sec]","query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1    ","query_duration_msec":0.2589225769043}}}
diff --git a/tests/rest/result/v2/alert_flow_risk_dga_01.out b/tests/rest/result/v2/alert_flow_risk_dga_01.out
index 9c75a295a0..49c84dd9a8 100644
--- a/tests/rest/result/v2/alert_flow_risk_dga_01.out
+++ b/tests/rest/result/v2/alert_flow_risk_dga_01.out
@@ -1,2 +1,2 @@
 {"success":true}
-{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":3,"recordsTotal":3,"rsp":{"records":[{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100] [Query Type: 15] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org' target='_blank'><i class='fas fa-external-link-alt'></i> 958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv], Remote to Remote [Score: 100] [Query Type: 15] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org' target='_blank'><i class='fas fa-external-link-alt'></i> 958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","shorten_descr":"Unexpected DNS server found [Score: 100] [Query Type: 15] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' sty…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","value":"47"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain [ 958700a621c3620001636f6e736f6c65202873697276696d65732900.skullse…] [Score: 100] [Query Type: 15] [Return Code: 0] [URL:  958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org] [Main Direction: Cli Srv]","shorten_descr":"Suspicious DGA Domain [ 958700a621c3620001636f6e736f6c65202873697276696d65732900.skullse…] [Score: 100] [Query Type: 15] [Return Code: 0] [URL:  958…"},"duration":156561425,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 35966 and port 53","epoch_begin":1486012623,"epoch_end":1642574049},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299533052&flow_hash_id=0","cli_ip":{"country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"<a href='/lua/host_details.lua?host=192.168.43.91' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.43.91"},"cli_port":"35966","srv_ip":{"country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"<a href='/lua/host_details.lua?host=4.2.2.4' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"4.2.2.4"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_suspicious_dga_domain#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Suspicious DGA Domain [ 958700a621c3620001636f6e736f6c65202873697276696d65732900.skullse…] [Score: 100] [Query Type: 15] [Return Code: 0] [URL:  958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org] [Main Direction: Cli Srv]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"1","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 06:17:03","value":1486012623},"vlan_id":"0"},{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100] [Query Type: 15] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org' target='_blank'><i class='fas fa-external-link-alt'></i> a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli], Remote to Remote [Score: 100] [Query Type: 15] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org' target='_blank'><i class='fas fa-external-link-alt'></i> a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","shorten_descr":"Unexpected DNS server found [Score: 100] [Query Type: 15] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' sty…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","value":"47"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain [ a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullse…] [Score: 100] [Query Type: 15] [Return Code: 0] [URL:  a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org] [Main Direction: Srv Cli]","shorten_descr":"Suspicious DGA Domain [ a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullse…] [Score: 100] [Query Type: 15] [Return Code: 0] [URL:  a05…"},"duration":156561318,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 46961 and port 53","epoch_begin":1486012730,"epoch_end":1642574049},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299529767&flow_hash_id=2","cli_ip":{"country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"<a href='/lua/host_details.lua?host=192.168.43.91' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.43.91"},"cli_port":"46961","srv_ip":{"country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"<a href='/lua/host_details.lua?host=4.2.2.4' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"4.2.2.4"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_suspicious_dga_domain#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Suspicious DGA Domain [ a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullse…] [Score: 100] [Query Type: 15] [Return Code: 0] [URL:  a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org] [Main Direction: Srv Cli]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"2","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 06:18:50","value":1486012730},"vlan_id":"0"},{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100] [Query Type: 5] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org' target='_blank'><i class='fas fa-external-link-alt'></i> e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv], Remote to Remote [Score: 100] [Query Type: 5] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org' target='_blank'><i class='fas fa-external-link-alt'></i> e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","shorten_descr":"Unexpected DNS server found [Score: 100] [Query Type: 5] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' styl…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","value":"47"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain [ e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullse…] [Score: 100] [Query Type: 5] [Return Code: 0] [URL:  e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org] [Main Direction: Cli Srv]","shorten_descr":"Suspicious DGA Domain [ e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullse…] [Score: 100] [Query Type: 5] [Return Code: 0] [URL:  e18f…"},"duration":156561413,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 56354 and port 53","epoch_begin":1486012635,"epoch_end":1642574049},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299509580&flow_hash_id=1","cli_ip":{"country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"<a href='/lua/host_details.lua?host=192.168.43.91' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.43.91"},"cli_port":"56354","srv_ip":{"country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"<a href='/lua/host_details.lua?host=4.2.2.4' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"4.2.2.4"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_suspicious_dga_domain#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Suspicious DGA Domain [ e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullse…] [Score: 100] [Query Type: 5] [Return Code: 0] [URL:  e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org] [Main Direction: Cli Srv]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"3","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 06:17:15","value":1486012635},"vlan_id":"0"}],"stats":{"query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1    ","query_duration_msec":0.21982192993164}}}
+{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":3,"recordsTotal":3,"rsp":{"records":[{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100] [Query Type: 15] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org' target='_blank'><i class='fas fa-external-link-alt'></i> 958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv], Remote to Remote [Score: 100] [Query Type: 15] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org' target='_blank'><i class='fas fa-external-link-alt'></i> 958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","shorten_descr":"Unexpected DNS server found [Score: 100] [Query Type: 15] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' sty…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","value":"47"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain [ 958700a621c3620001636f6e736f6c65202873697276696d65732900.skullse…] [Score: 100] [Query Type: 15] [Return Code: 0] [URL:  958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org] [Main Direction: Cli Srv]","shorten_descr":"Suspicious DGA Domain [ 958700a621c3620001636f6e736f6c65202873697276696d65732900.skullse…] [Score: 100] [Query Type: 15] [Return Code: 0] [URL:  958…"},"duration":156993370,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 35966 and port 53","epoch_begin":1486012623,"epoch_end":1643005994},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299533052&flow_hash_id=0","cli_ip":{"country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"<a href='/lua/host_details.lua?host=192.168.43.91' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.43.91"},"cli_port":"35966","srv_ip":{"country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"<a href='/lua/host_details.lua?host=4.2.2.4' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"4.2.2.4"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_suspicious_dga_domain#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Suspicious DGA Domain [ 958700a621c3620001636f6e736f6c65202873697276696d65732900.skullse…] [Score: 100] [Query Type: 15] [Return Code: 0] [URL:  958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org] [Main Direction: Cli Srv]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"1","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 06:17:03","value":1486012623},"vlan_id":"0"},{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100] [Query Type: 15] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org' target='_blank'><i class='fas fa-external-link-alt'></i> a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli], Remote to Remote [Score: 100] [Query Type: 15] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org' target='_blank'><i class='fas fa-external-link-alt'></i> a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","shorten_descr":"Unexpected DNS server found [Score: 100] [Query Type: 15] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' sty…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","value":"47"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain [ a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullse…] [Score: 100] [Query Type: 15] [Return Code: 0] [URL:  a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org] [Main Direction: Srv Cli]","shorten_descr":"Suspicious DGA Domain [ a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullse…] [Score: 100] [Query Type: 15] [Return Code: 0] [URL:  a05…"},"duration":156993263,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 46961 and port 53","epoch_begin":1486012730,"epoch_end":1643005994},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299529767&flow_hash_id=2","cli_ip":{"country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"<a href='/lua/host_details.lua?host=192.168.43.91' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.43.91"},"cli_port":"46961","srv_ip":{"country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"<a href='/lua/host_details.lua?host=4.2.2.4' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"4.2.2.4"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_suspicious_dga_domain#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Suspicious DGA Domain [ a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullse…] [Score: 100] [Query Type: 15] [Return Code: 0] [URL:  a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org] [Main Direction: Srv Cli]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"2","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 06:18:50","value":1486012730},"vlan_id":"0"},{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100] [Query Type: 5] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org' target='_blank'><i class='fas fa-external-link-alt'></i> e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv], Remote to Remote [Score: 100] [Query Type: 5] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org' target='_blank'><i class='fas fa-external-link-alt'></i> e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","shorten_descr":"Unexpected DNS server found [Score: 100] [Query Type: 5] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' styl…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","value":"47"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain [ e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullse…] [Score: 100] [Query Type: 5] [Return Code: 0] [URL:  e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org] [Main Direction: Cli Srv]","shorten_descr":"Suspicious DGA Domain [ e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullse…] [Score: 100] [Query Type: 5] [Return Code: 0] [URL:  e18f…"},"duration":156993358,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 56354 and port 53","epoch_begin":1486012635,"epoch_end":1643005994},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299509580&flow_hash_id=1","cli_ip":{"country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"<a href='/lua/host_details.lua?host=192.168.43.91' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.43.91"},"cli_port":"56354","srv_ip":{"country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"<a href='/lua/host_details.lua?host=4.2.2.4' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"4.2.2.4"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_suspicious_dga_domain#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Suspicious DGA Domain [ e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullse…] [Score: 100] [Query Type: 5] [Return Code: 0] [URL:  e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org] [Main Direction: Cli Srv]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"3","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 06:17:15","value":1486012635},"vlan_id":"0"}],"stats":{"num_records_processed":"Processed 0 records [0 records/sec]","query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1    ","query_duration_msec":0.23293495178223}}}
diff --git a/tests/rest/result/v2/alert_flow_risk_dga_02.out b/tests/rest/result/v2/alert_flow_risk_dga_02.out
index 48fb6b562f..4f73e6a8ad 100644
--- a/tests/rest/result/v2/alert_flow_risk_dga_02.out
+++ b/tests/rest/result/v2/alert_flow_risk_dga_02.out
@@ -1,3 +1,3 @@
 {"success":true}
 {"rc":0,"rc_str":"OK","rc_str_hr":"Success","rsp":[]}
-{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":3,"recordsTotal":3,"rsp":{"records":[{"additional_alerts":{"descr":"Remote to Remote [Score: 100] [Query Type: 15] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org' target='_blank'><i class='fas fa-external-link-alt'></i> 958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","shorten_descr":"Remote to Remote [Score: 100] [Query Type: 15] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor:…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 4.2.2.4 [Score: 100] [Query Type: 15] [Return Code: 0] [URL:  958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org] [Main Direction: Cli Srv]","shorten_descr":"Unexpected DNS server found: 4.2.2.4 [Score: 100] [Query Type: 15] [Return Code: 0] [URL:  958700a621c3620001636f6e736f6c65202873697276696d65732900.sk…"},"duration":156561496,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 35966 and port 53","epoch_begin":1486012623,"epoch_end":1642574120},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299533052&flow_hash_id=0","cli_ip":{"country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"<a href='/lua/host_details.lua?host=192.168.43.91' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.43.91"},"cli_port":"35966","srv_ip":{"country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"<a href='/lua/host_details.lua?host=4.2.2.4' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"4.2.2.4"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 4.2.2.4 [Score: 100] [Query Type: 15] [Return Code: 0] [URL:  958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org] [Main Direction: Cli Srv]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"1","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 06:17:03","value":1486012623},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 100] [Query Type: 15] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org' target='_blank'><i class='fas fa-external-link-alt'></i> a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","shorten_descr":"Remote to Remote [Score: 100] [Query Type: 15] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor:…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 4.2.2.4 [Score: 100] [Query Type: 15] [Return Code: 0] [URL:  a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org] [Main Direction: Srv Cli]","shorten_descr":"Unexpected DNS server found: 4.2.2.4 [Score: 100] [Query Type: 15] [Return Code: 0] [URL:  a05700e6da83510001636f6e736f6c65202873697276696d65732900.sk…"},"duration":156561389,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 46961 and port 53","epoch_begin":1486012730,"epoch_end":1642574120},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299529767&flow_hash_id=2","cli_ip":{"country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"<a href='/lua/host_details.lua?host=192.168.43.91' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.43.91"},"cli_port":"46961","srv_ip":{"country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"<a href='/lua/host_details.lua?host=4.2.2.4' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"4.2.2.4"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 4.2.2.4 [Score: 100] [Query Type: 15] [Return Code: 0] [URL:  a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org] [Main Direction: Srv Cli]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"2","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 06:18:50","value":1486012730},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 100] [Query Type: 5] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org' target='_blank'><i class='fas fa-external-link-alt'></i> e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","shorten_descr":"Remote to Remote [Score: 100] [Query Type: 5] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: …"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 4.2.2.4 [Score: 100] [Query Type: 5] [Return Code: 0] [URL:  e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org] [Main Direction: Cli Srv]","shorten_descr":"Unexpected DNS server found: 4.2.2.4 [Score: 100] [Query Type: 5] [Return Code: 0] [URL:  e18f00fdf525320021636f6d6d616e64202873697276696d65732900.sku…"},"duration":156561484,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 56354 and port 53","epoch_begin":1486012635,"epoch_end":1642574120},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299509580&flow_hash_id=1","cli_ip":{"country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"<a href='/lua/host_details.lua?host=192.168.43.91' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.43.91"},"cli_port":"56354","srv_ip":{"country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"<a href='/lua/host_details.lua?host=4.2.2.4' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"4.2.2.4"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 4.2.2.4 [Score: 100] [Query Type: 5] [Return Code: 0] [URL:  e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org] [Main Direction: Cli Srv]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"3","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 06:17:15","value":1486012635},"vlan_id":"0"}],"stats":{"query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1    ","query_duration_msec":0.20003318786621}}}
+{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":3,"recordsTotal":3,"rsp":{"records":[{"additional_alerts":{"descr":"Remote to Remote [Score: 100] [Query Type: 15] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org' target='_blank'><i class='fas fa-external-link-alt'></i> 958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","shorten_descr":"Remote to Remote [Score: 100] [Query Type: 15] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor:…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 4.2.2.4 [Score: 100] [Query Type: 15] [Return Code: 0] [URL:  958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org] [Main Direction: Cli Srv]","shorten_descr":"Unexpected DNS server found: 4.2.2.4 [Score: 100] [Query Type: 15] [Return Code: 0] [URL:  958700a621c3620001636f6e736f6c65202873697276696d65732900.sk…"},"duration":156993440,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 35966 and port 53","epoch_begin":1486012623,"epoch_end":1643006064},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299533052&flow_hash_id=0","cli_ip":{"country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"<a href='/lua/host_details.lua?host=192.168.43.91' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.43.91"},"cli_port":"35966","srv_ip":{"country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"<a href='/lua/host_details.lua?host=4.2.2.4' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"4.2.2.4"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 4.2.2.4 [Score: 100] [Query Type: 15] [Return Code: 0] [URL:  958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org] [Main Direction: Cli Srv]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"1","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 06:17:03","value":1486012623},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 100] [Query Type: 15] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org' target='_blank'><i class='fas fa-external-link-alt'></i> a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","shorten_descr":"Remote to Remote [Score: 100] [Query Type: 15] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor:…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 4.2.2.4 [Score: 100] [Query Type: 15] [Return Code: 0] [URL:  a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org] [Main Direction: Srv Cli]","shorten_descr":"Unexpected DNS server found: 4.2.2.4 [Score: 100] [Query Type: 15] [Return Code: 0] [URL:  a05700e6da83510001636f6e736f6c65202873697276696d65732900.sk…"},"duration":156993334,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 46961 and port 53","epoch_begin":1486012730,"epoch_end":1643006065},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299529767&flow_hash_id=2","cli_ip":{"country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"<a href='/lua/host_details.lua?host=192.168.43.91' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.43.91"},"cli_port":"46961","srv_ip":{"country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"<a href='/lua/host_details.lua?host=4.2.2.4' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"4.2.2.4"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 4.2.2.4 [Score: 100] [Query Type: 15] [Return Code: 0] [URL:  a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org] [Main Direction: Srv Cli]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"2","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 06:18:50","value":1486012730},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 100] [Query Type: 5] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org' target='_blank'><i class='fas fa-external-link-alt'></i> e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","shorten_descr":"Remote to Remote [Score: 100] [Query Type: 5] [Return Code: 0] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: …"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","value":"33"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Unexpected DNS server found","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 4.2.2.4 [Score: 100] [Query Type: 5] [Return Code: 0] [URL:  e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org] [Main Direction: Cli Srv]","shorten_descr":"Unexpected DNS server found: 4.2.2.4 [Score: 100] [Query Type: 5] [Return Code: 0] [URL:  e18f00fdf525320021636f6d6d616e64202873697276696d65732900.sku…"},"duration":156993429,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 56354 and port 53","epoch_begin":1486012635,"epoch_end":1643006065},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299509580&flow_hash_id=1","cli_ip":{"country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"<a href='/lua/host_details.lua?host=192.168.43.91' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.43.91"},"cli_port":"56354","srv_ip":{"country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"<a href='/lua/host_details.lua?host=4.2.2.4' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"4.2.2.4"},"srv_port":"53"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=unexpected_dns#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Unexpected DNS server found: 4.2.2.4 [Score: 100] [Query Type: 5] [Return Code: 0] [URL:  e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org] [Main Direction: Cli Srv]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"3","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 06:17:15","value":1486012635},"vlan_id":"0"}],"stats":{"num_records_processed":"Processed 0 records [0 records/sec]","query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1    ","query_duration_msec":0.22292137145996}}}
diff --git a/tests/rest/result/v2/alert_flow_risk_http_numeric_ip_host.out b/tests/rest/result/v2/alert_flow_risk_http_numeric_ip_host.out
index 1bc3c88b6a..3e9a2c386a 100644
--- a/tests/rest/result/v2/alert_flow_risk_http_numeric_ip_host.out
+++ b/tests/rest/result/v2/alert_flow_risk_http_numeric_ip_host.out
@@ -1,2 +1,2 @@
 {"success":true}
-{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":22,"recordsTotal":22,"rsp":{"records":[{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","value":"43"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-012\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 10] [Method: GET] [Return Code: 404] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://205.174.165.68/dv/vulnerabilities/xss_r/' target='_blank'><i class='fas fa-external-link-alt'></i> 205.174.165.68/dv/vulnerabilities/xss_r/</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":143227255,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 52098 and port 80","epoch_begin":1499346935,"epoch_end":1642574191},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824054532&flow_hash_id=0","cli_ip":{"country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"<a href='/lua/host_details.lua?host=172.16.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"172.16.0.1"},"cli_port":"52098","srv_ip":{"country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"<a href='/lua/host_details.lua?host=192.168.10.50' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.10.50"},"srv_port":"80"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_http_numeric_ip_host#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"HTTP Numeric IP Host <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-012\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 10] [Method: GET] [Return Code: 404] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://205.174.165.68/dv/vulnerabilities/xss_r/' target='_blank'><i class='fas fa-external-link-alt'></i> 205.174.165.68/dv/vulnerabilities/xss_r/</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":"<i class='fas fa-fw fa-hand-paper text-primary' style='color: #5cd65c!important' title='Notice'></i> ","value":3},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 14:15:35","value":1499346935},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","value":"43"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-012\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 10] [Method: GET] [Return Code: 200] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://205.174.165.68/dv/vulnerabilities/xss_r/' target='_blank'><i class='fas fa-external-link-alt'></i> 205.174.165.68/dv/vulnerabilities/xss_r/</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":143227234,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 52200 and port 80","epoch_begin":1499346956,"epoch_end":1642574191},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824080644&flow_hash_id=4","cli_ip":{"country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"<a href='/lua/host_details.lua?host=172.16.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"172.16.0.1"},"cli_port":"52200","srv_ip":{"country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"<a href='/lua/host_details.lua?host=192.168.10.50' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.10.50"},"srv_port":"80"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_http_numeric_ip_host#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"HTTP Numeric IP Host <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-012\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 10] [Method: GET] [Return Code: 200] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://205.174.165.68/dv/vulnerabilities/xss_r/' target='_blank'><i class='fas fa-external-link-alt'></i> 205.174.165.68/dv/vulnerabilities/xss_r/</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"2","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":"<i class='fas fa-fw fa-hand-paper text-primary' style='color: #5cd65c!important' title='Notice'></i> ","value":3},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 14:15:56","value":1499346956},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","value":"43"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-012\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 10] [Method: GET] [Return Code: 404] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://205.174.165.68/dv/vulnerabilities/xss_r/' target='_blank'><i class='fas fa-external-link-alt'></i> 205.174.165.68/dv/vulnerabilities/xss_r/</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":143227214,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 52298 and port 80","epoch_begin":1499346976,"epoch_end":1642574191},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824040197&flow_hash_id=8","cli_ip":{"country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"<a href='/lua/host_details.lua?host=172.16.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"172.16.0.1"},"cli_port":"52298","srv_ip":{"country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"<a href='/lua/host_details.lua?host=192.168.10.50' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.10.50"},"srv_port":"80"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_http_numeric_ip_host#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"HTTP Numeric IP Host <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-012\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 10] [Method: GET] [Return Code: 404] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://205.174.165.68/dv/vulnerabilities/xss_r/' target='_blank'><i class='fas fa-external-link-alt'></i> 205.174.165.68/dv/vulnerabilities/xss_r/</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"3","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":"<i class='fas fa-fw fa-hand-paper text-primary' style='color: #5cd65c!important' title='Notice'></i> ","value":3},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 14:16:16","value":1499346976},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","value":"43"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-012\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 10] [Method: GET] [Return Code: 200] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://205.174.165.68/dv/dvwa/js/dvwaPage.js' target='_blank'><i class='fas fa-external-link-alt'></i> 205.174.165.68/dv/dvwa/js/dvwaPage.js</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":143227214,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 52300 and port 80","epoch_begin":1499346976,"epoch_end":1642574191},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824040709&flow_hash_id=9","cli_ip":{"country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"<a href='/lua/host_details.lua?host=172.16.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"172.16.0.1"},"cli_port":"52300","srv_ip":{"country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"<a href='/lua/host_details.lua?host=192.168.10.50' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.10.50"},"srv_port":"80"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_http_numeric_ip_host#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"HTTP Numeric IP Host <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-012\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 10] [Method: GET] [Return Code: 200] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://205.174.165.68/dv/dvwa/js/dvwaPage.js' target='_blank'><i class='fas fa-external-link-alt'></i> 205.174.165.68/dv/dvwa/js/dvwaPage.js</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"4","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":"<i class='fas fa-fw fa-hand-paper text-primary' style='color: #5cd65c!important' title='Notice'></i> ","value":3},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 14:16:16","value":1499346976},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","value":"43"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-012\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 10] [Method: GET] [Return Code: 200] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://205.174.165.68/dv/vulnerabilities/xss_r/' target='_blank'><i class='fas fa-external-link-alt'></i> 205.174.165.68/dv/vulnerabilities/xss_r/</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":143226835,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 56306 and port 80","epoch_begin":1499347355,"epoch_end":1642574191},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824083220&flow_hash_id=226","cli_ip":{"country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"<a href='/lua/host_details.lua?host=172.16.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"172.16.0.1"},"cli_port":"56306","srv_ip":{"country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"<a href='/lua/host_details.lua?host=192.168.10.50' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.10.50"},"srv_port":"80"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_http_numeric_ip_host#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"HTTP Numeric IP Host <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-012\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 10] [Method: GET] [Return Code: 200] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://205.174.165.68/dv/vulnerabilities/xss_r/' target='_blank'><i class='fas fa-external-link-alt'></i> 205.174.165.68/dv/vulnerabilities/xss_r/</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"5","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":"<i class='fas fa-fw fa-hand-paper text-primary' style='color: #5cd65c!important' title='Notice'></i> ","value":3},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 14:22:35","value":1499347355},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","value":"43"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10] [Method: GET] [Return Code: 200] [URL:  205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27KGE8ES9SCQ7FORY5VSPTYY4R4UHJNRQTPTAY6L9JR1OU40RPDA%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E] [Main Direction: Srv Cli]","shorten_descr":"HTTP Numeric IP Host [Score: 10] [Method: GET] [Return Code: 200] [URL:  205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27KG…"},"duration":143226123,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 35626 and port 80","epoch_begin":1499348068,"epoch_end":1642574192},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824031940&flow_hash_id=642","cli_ip":{"country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"<a href='/lua/host_details.lua?host=172.16.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"172.16.0.1"},"cli_port":"35626","srv_ip":{"country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"<a href='/lua/host_details.lua?host=192.168.10.50' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.10.50"},"srv_port":"80"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_http_numeric_ip_host#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"HTTP Numeric IP Host [Score: 10] [Method: GET] [Return Code: 200] [URL:  205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27KGE8ES9SCQ7FORY5VSPTYY4R4UHJNRQTPTAY6L9JR1OU40RPDA%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E] [Main Direction: Srv Cli]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"6","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":"<i class='fas fa-fw fa-hand-paper text-primary' style='color: #5cd65c!important' title='Notice'></i> ","value":3},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 14:34:28","value":1499348068},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","value":"43"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-012\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 10] [Method: GET] [Return Code: 200] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://205.174.165.68/dv/vulnerabilities/xss_r/' target='_blank'><i class='fas fa-external-link-alt'></i> 205.174.165.68/dv/vulnerabilities/xss_r/</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":143226319,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 33580 and port 80","epoch_begin":1499347872,"epoch_end":1642574192},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824032444&flow_hash_id=531","cli_ip":{"country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"<a href='/lua/host_details.lua?host=172.16.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"172.16.0.1"},"cli_port":"33580","srv_ip":{"country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"<a href='/lua/host_details.lua?host=192.168.10.50' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.10.50"},"srv_port":"80"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_http_numeric_ip_host#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"HTTP Numeric IP Host <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-012\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 10] [Method: GET] [Return Code: 200] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://205.174.165.68/dv/vulnerabilities/xss_r/' target='_blank'><i class='fas fa-external-link-alt'></i> 205.174.165.68/dv/vulnerabilities/xss_r/</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"7","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":"<i class='fas fa-fw fa-hand-paper text-primary' style='color: #5cd65c!important' title='Notice'></i> ","value":3},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 14:31:12","value":1499347872},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","value":"43"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-012\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 10] [Method: GET] [Return Code: 200] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://205.174.165.68/dv/vulnerabilities/xss_r/' target='_blank'><i class='fas fa-external-link-alt'></i> 205.174.165.68/dv/vulnerabilities/xss_r/</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":143226963,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 54956 and port 80","epoch_begin":1499347228,"epoch_end":1642574192},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824065295&flow_hash_id=151","cli_ip":{"country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"<a href='/lua/host_details.lua?host=172.16.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"172.16.0.1"},"cli_port":"54956","srv_ip":{"country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"<a href='/lua/host_details.lua?host=192.168.10.50' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.10.50"},"srv_port":"80"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_http_numeric_ip_host#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"HTTP Numeric IP Host <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-012\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 10] [Method: GET] [Return Code: 200] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://205.174.165.68/dv/vulnerabilities/xss_r/' target='_blank'><i class='fas fa-external-link-alt'></i> 205.174.165.68/dv/vulnerabilities/xss_r/</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"8","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":"<i class='fas fa-fw fa-hand-paper text-primary' style='color: #5cd65c!important' title='Notice'></i> ","value":3},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 14:20:28","value":1499347228},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","value":"43"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10] [Method: GET] [Return Code: 200] [URL:  205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27AQ80NQUS4TAQLQVWHMAGXB11KUBK34NZA8RUUD143IFKQDS3P5%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E] [Main Direction: Cli Srv]","shorten_descr":"HTTP Numeric IP Host [Score: 10] [Method: GET] [Return Code: 200] [URL:  205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27AQ…"},"duration":143227158,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 52910 and port 80","epoch_begin":1499347033,"epoch_end":1642574192},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824065799&flow_hash_id=40","cli_ip":{"country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"<a href='/lua/host_details.lua?host=172.16.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"172.16.0.1"},"cli_port":"52910","srv_ip":{"country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"<a href='/lua/host_details.lua?host=192.168.10.50' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.10.50"},"srv_port":"80"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_http_numeric_ip_host#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"HTTP Numeric IP Host [Score: 10] [Method: GET] [Return Code: 200] [URL:  205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27AQ80NQUS4TAQLQVWHMAGXB11KUBK34NZA8RUUD143IFKQDS3P5%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E] [Main Direction: Cli Srv]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"9","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":"<i class='fas fa-fw fa-hand-paper text-primary' style='color: #5cd65c!important' title='Notice'></i> ","value":3},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 14:17:13","value":1499347033},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","value":"43"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-012\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 10] [Method: GET] [Return Code: 200] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://205.174.165.68/dv/vulnerabilities/xss_r/' target='_blank'><i class='fas fa-external-link-alt'></i> 205.174.165.68/dv/vulnerabilities/xss_r/</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":143226448,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 60464 and port 80","epoch_begin":1499347743,"epoch_end":1642574192},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824033573&flow_hash_id=457","cli_ip":{"country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"<a href='/lua/host_details.lua?host=172.16.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"172.16.0.1"},"cli_port":"60464","srv_ip":{"country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"<a href='/lua/host_details.lua?host=192.168.10.50' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.10.50"},"srv_port":"80"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_http_numeric_ip_host#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"HTTP Numeric IP Host <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-012\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 10] [Method: GET] [Return Code: 200] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://205.174.165.68/dv/vulnerabilities/xss_r/' target='_blank'><i class='fas fa-external-link-alt'></i> 205.174.165.68/dv/vulnerabilities/xss_r/</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"10","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":"<i class='fas fa-fw fa-hand-paper text-primary' style='color: #5cd65c!important' title='Notice'></i> ","value":3},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 14:29:03","value":1499347743},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","value":"43"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-012\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 10] [Method: GET] [Return Code: 200] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://205.174.165.68/dv/vulnerabilities/xss_r/' target='_blank'><i class='fas fa-external-link-alt'></i> 205.174.165.68/dv/vulnerabilities/xss_r/</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":143227094,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 53584 and port 80","epoch_begin":1499347097,"epoch_end":1642574192},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824041738&flow_hash_id=77","cli_ip":{"country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"<a href='/lua/host_details.lua?host=172.16.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"172.16.0.1"},"cli_port":"53584","srv_ip":{"country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"<a href='/lua/host_details.lua?host=192.168.10.50' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.10.50"},"srv_port":"80"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_http_numeric_ip_host#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"HTTP Numeric IP Host <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-012\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 10] [Method: GET] [Return Code: 200] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://205.174.165.68/dv/vulnerabilities/xss_r/' target='_blank'><i class='fas fa-external-link-alt'></i> 205.174.165.68/dv/vulnerabilities/xss_r/</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"11","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":"<i class='fas fa-fw fa-hand-paper text-primary' style='color: #5cd65c!important' title='Notice'></i> ","value":3},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 14:18:17","value":1499347097},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","value":"43"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10] [Method: GET] [Return Code: 200] [URL:  205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27JUL2D3WXHEGWRAFJE2PI7OS71Z4Z8RFUHXGNFLUFYVP6M3OL55%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E] [Main Direction: Cli Srv]","shorten_descr":"HTTP Numeric IP Host [Score: 10] [Method: GET] [Return Code: 200] [URL:  205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27JU…"},"duration":143226900,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 55632 and port 80","epoch_begin":1499347291,"epoch_end":1642574192},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824041746&flow_hash_id=189","cli_ip":{"country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"<a href='/lua/host_details.lua?host=172.16.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"172.16.0.1"},"cli_port":"55632","srv_ip":{"country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"<a href='/lua/host_details.lua?host=192.168.10.50' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.10.50"},"srv_port":"80"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_http_numeric_ip_host#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"HTTP Numeric IP Host [Score: 10] [Method: GET] [Return Code: 200] [URL:  205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27JUL2D3WXHEGWRAFJE2PI7OS71Z4Z8RFUHXGNFLUFYVP6M3OL55%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E] [Main Direction: Cli Srv]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"12","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":"<i class='fas fa-fw fa-hand-paper text-primary' style='color: #5cd65c!important' title='Notice'></i> ","value":3},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 14:21:31","value":1499347291},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","value":"43"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-012\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 10] [Method: GET] [Return Code: 200] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://205.174.165.68/dv/vulnerabilities/xss_r/' target='_blank'><i class='fas fa-external-link-alt'></i> 205.174.165.68/dv/vulnerabilities/xss_r/</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":143226707,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 57684 and port 80","epoch_begin":1499347484,"epoch_end":1642574192},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824042778&flow_hash_id=303","cli_ip":{"country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"<a href='/lua/host_details.lua?host=172.16.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"172.16.0.1"},"cli_port":"57684","srv_ip":{"country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"<a href='/lua/host_details.lua?host=192.168.10.50' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.10.50"},"srv_port":"80"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_http_numeric_ip_host#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"HTTP Numeric IP Host <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-012\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 10] [Method: GET] [Return Code: 200] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://205.174.165.68/dv/vulnerabilities/xss_r/' target='_blank'><i class='fas fa-external-link-alt'></i> 205.174.165.68/dv/vulnerabilities/xss_r/</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"13","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":"<i class='fas fa-fw fa-hand-paper text-primary' style='color: #5cd65c!important' title='Notice'></i> ","value":3},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 14:24:44","value":1499347484},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","value":"43"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10] [Method: GET] [Return Code: 200] [URL:  205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27SZGGJRXX6DR9VWKN864H8LTBEZ6QC3GJPC8TUUNAED3BBL4L8P%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E] [Main Direction: Cli Srv]","shorten_descr":"HTTP Numeric IP Host [Score: 10] [Method: GET] [Return Code: 200] [URL:  205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27SZ…"},"duration":143226516,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 59732 and port 80","epoch_begin":1499347675,"epoch_end":1642574192},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824042786&flow_hash_id=418","cli_ip":{"country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"<a href='/lua/host_details.lua?host=172.16.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"172.16.0.1"},"cli_port":"59732","srv_ip":{"country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"<a href='/lua/host_details.lua?host=192.168.10.50' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.10.50"},"srv_port":"80"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_http_numeric_ip_host#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"HTTP Numeric IP Host [Score: 10] [Method: GET] [Return Code: 200] [URL:  205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27SZGGJRXX6DR9VWKN864H8LTBEZ6QC3GJPC8TUUNAED3BBL4L8P%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E] [Main Direction: Cli Srv]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"14","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":"<i class='fas fa-fw fa-hand-paper text-primary' style='color: #5cd65c!important' title='Notice'></i> ","value":3},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 14:27:55","value":1499347675},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","value":"43"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-012\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 10] [Method: GET] [Return Code: 200] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://205.174.165.68/dv/favicon.ico' target='_blank'><i class='fas fa-external-link-alt'></i> 205.174.165.68/dv/favicon.ico</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":143227215,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 52318 and port 80","epoch_begin":1499346976,"epoch_end":1642574192},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824045317&flow_hash_id=10","cli_ip":{"country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"<a href='/lua/host_details.lua?host=172.16.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"172.16.0.1"},"cli_port":"52318","srv_ip":{"country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"<a href='/lua/host_details.lua?host=192.168.10.50' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.10.50"},"srv_port":"80"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_http_numeric_ip_host#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"HTTP Numeric IP Host <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-012\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 10] [Method: GET] [Return Code: 200] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://205.174.165.68/dv/favicon.ico' target='_blank'><i class='fas fa-external-link-alt'></i> 205.174.165.68/dv/favicon.ico</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"15","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":"<i class='fas fa-fw fa-hand-paper text-primary' style='color: #5cd65c!important' title='Notice'></i> ","value":3},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 14:16:16","value":1499346976},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","value":"43"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10] [Method: GET] [Return Code: 200] [URL:  205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27TNRH0PFRPCFVXECFZU2OUYBTDZQVIWB8HBZ1VC7EXA9PGMGBWA%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E] [Main Direction: Cli Srv]","shorten_descr":"HTTP Numeric IP Host [Score: 10] [Method: GET] [Return Code: 200] [URL:  205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27TN…"},"duration":143226252,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 34278 and port 80","epoch_begin":1499347939,"epoch_end":1642574192},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824080062&flow_hash_id=568","cli_ip":{"country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"<a href='/lua/host_details.lua?host=172.16.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"172.16.0.1"},"cli_port":"34278","srv_ip":{"country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"<a href='/lua/host_details.lua?host=192.168.10.50' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.10.50"},"srv_port":"80"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_http_numeric_ip_host#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"HTTP Numeric IP Host [Score: 10] [Method: GET] [Return Code: 200] [URL:  205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27TNRH0PFRPCFVXECFZU2OUYBTDZQVIWB8HBZ1VC7EXA9PGMGBWA%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E] [Main Direction: Cli Srv]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"16","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":"<i class='fas fa-fw fa-hand-paper text-primary' style='color: #5cd65c!important' title='Notice'></i> ","value":3},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 14:32:19","value":1499347939},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","value":"43"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10] [Method: GET] [Return Code: 200] [URL:  205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27MRVS1VO9FLO4CFA5FLJ13I9GULOFH69WHOJQ0PH0OKE2FMG3MQ%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E] [Main Direction: Cli Srv]","shorten_descr":"HTTP Numeric IP Host [Score: 10] [Method: GET] [Return Code: 200] [URL:  205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27MR…"},"duration":143226644,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 58360 and port 80","epoch_begin":1499347547,"epoch_end":1642574192},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824084764&flow_hash_id=341","cli_ip":{"country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"<a href='/lua/host_details.lua?host=172.16.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"172.16.0.1"},"cli_port":"58360","srv_ip":{"country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"<a href='/lua/host_details.lua?host=192.168.10.50' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.10.50"},"srv_port":"80"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_http_numeric_ip_host#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"HTTP Numeric IP Host [Score: 10] [Method: GET] [Return Code: 200] [URL:  205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27MRVS1VO9FLO4CFA5FLJ13I9GULOFH69WHOJQ0PH0OKE2FMG3MQ%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E] [Main Direction: Cli Srv]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"17","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":"<i class='fas fa-fw fa-hand-paper text-primary' style='color: #5cd65c!important' title='Notice'></i> ","value":3},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 14:25:47","value":1499347547},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","value":"43"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-012\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 10] [Method: GET] [Return Code: 200] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://205.174.165.68/dv/vulnerabilities/xss_r/' target='_blank'><i class='fas fa-external-link-alt'></i> 205.174.165.68/dv/vulnerabilities/xss_r/</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":143226189,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 34940 and port 80","epoch_begin":1499348002,"epoch_end":1642574192},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824052929&flow_hash_id=605","cli_ip":{"country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"<a href='/lua/host_details.lua?host=172.16.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"172.16.0.1"},"cli_port":"34940","srv_ip":{"country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"<a href='/lua/host_details.lua?host=192.168.10.50' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.10.50"},"srv_port":"80"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_http_numeric_ip_host#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"HTTP Numeric IP Host <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-012\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 10] [Method: GET] [Return Code: 200] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://205.174.165.68/dv/vulnerabilities/xss_r/' target='_blank'><i class='fas fa-external-link-alt'></i> 205.174.165.68/dv/vulnerabilities/xss_r/</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"18","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":"<i class='fas fa-fw fa-hand-paper text-primary' style='color: #5cd65c!important' title='Notice'></i> ","value":3},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 14:33:22","value":1499348002},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","value":"43"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10] [Method: GET] [Return Code: 200] [URL:  205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%270XVM4C1CNSWY8VF443GGZ6W527WBY4H29E2XQNGG2QUPQEKW0U%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E] [Main Direction: Cli Srv]","shorten_descr":"HTTP Numeric IP Host [Score: 10] [Method: GET] [Return Code: 200] [URL:  205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%270X…"},"duration":143227028,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 54268 and port 80","epoch_begin":1499347163,"epoch_end":1642574192},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824085772&flow_hash_id=113","cli_ip":{"country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"<a href='/lua/host_details.lua?host=172.16.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"172.16.0.1"},"cli_port":"54268","srv_ip":{"country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"<a href='/lua/host_details.lua?host=192.168.10.50' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.10.50"},"srv_port":"80"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_http_numeric_ip_host#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"HTTP Numeric IP Host [Score: 10] [Method: GET] [Return Code: 200] [URL:  205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%270XVM4C1CNSWY8VF443GGZ6W527WBY4H29E2XQNGG2QUPQEKW0U%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E] [Main Direction: Cli Srv]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"19","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":"<i class='fas fa-fw fa-hand-paper text-primary' style='color: #5cd65c!important' title='Notice'></i> ","value":3},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 14:19:23","value":1499347163},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","value":"43"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10] [Method: GET] [Return Code: 200] [URL:  205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27UQE70NGV80W4ZBVWQELDMRMBY9BF6W552ZBHL3F4W4MIP7R7K6%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E] [Main Direction: Cli Srv]","shorten_descr":"HTTP Numeric IP Host [Score: 10] [Method: GET] [Return Code: 200] [URL:  205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27UQ…"},"duration":143226384,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 32906 and port 80","epoch_begin":1499347807,"epoch_end":1642574192},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824056505&flow_hash_id=494","cli_ip":{"country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"<a href='/lua/host_details.lua?host=172.16.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"172.16.0.1"},"cli_port":"32906","srv_ip":{"country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"<a href='/lua/host_details.lua?host=192.168.10.50' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.10.50"},"srv_port":"80"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_http_numeric_ip_host#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"HTTP Numeric IP Host [Score: 10] [Method: GET] [Return Code: 200] [URL:  205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27UQE70NGV80W4ZBVWQELDMRMBY9BF6W552ZBHL3F4W4MIP7R7K6%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E] [Main Direction: Cli Srv]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"20","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":"<i class='fas fa-fw fa-hand-paper text-primary' style='color: #5cd65c!important' title='Notice'></i> ","value":3},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 14:30:07","value":1499347807},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","value":"43"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10] [Method: GET] [Return Code: 200] [URL:  205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27AA0U7VCIO18AUKPZNB0ZXFCDF9PVHM0BRGOWM22EICNEPXK5UC%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E] [Main Direction: Cli Srv]","shorten_descr":"HTTP Numeric IP Host [Score: 10] [Method: GET] [Return Code: 200] [URL:  205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27AA…"},"duration":143226772,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 56994 and port 80","epoch_begin":1499347419,"epoch_end":1642574192},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824062743&flow_hash_id=264","cli_ip":{"country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"<a href='/lua/host_details.lua?host=172.16.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"172.16.0.1"},"cli_port":"56994","srv_ip":{"country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"<a href='/lua/host_details.lua?host=192.168.10.50' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.10.50"},"srv_port":"80"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_http_numeric_ip_host#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"HTTP Numeric IP Host [Score: 10] [Method: GET] [Return Code: 200] [URL:  205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27AA0U7VCIO18AUKPZNB0ZXFCDF9PVHM0BRGOWM22EICNEPXK5UC%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E] [Main Direction: Cli Srv]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"21","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":"<i class='fas fa-fw fa-hand-paper text-primary' style='color: #5cd65c!important' title='Notice'></i> ","value":3},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 14:23:39","value":1499347419},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","value":"43"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-012\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 10] [Method: GET] [Return Code: 200] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://205.174.165.68/dv/vulnerabilities/xss_r/' target='_blank'><i class='fas fa-external-link-alt'></i> 205.174.165.68/dv/vulnerabilities/xss_r/</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":143226580,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 59042 and port 80","epoch_begin":1499347611,"epoch_end":1642574192},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824062751&flow_hash_id=379","cli_ip":{"country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"<a href='/lua/host_details.lua?host=172.16.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"172.16.0.1"},"cli_port":"59042","srv_ip":{"country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"<a href='/lua/host_details.lua?host=192.168.10.50' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.10.50"},"srv_port":"80"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_http_numeric_ip_host#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"HTTP Numeric IP Host <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-012\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 10] [Method: GET] [Return Code: 200] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://205.174.165.68/dv/vulnerabilities/xss_r/' target='_blank'><i class='fas fa-external-link-alt'></i> 205.174.165.68/dv/vulnerabilities/xss_r/</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"22","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":"<i class='fas fa-fw fa-hand-paper text-primary' style='color: #5cd65c!important' title='Notice'></i> ","value":3},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 14:26:51","value":1499347611},"vlan_id":"0"}],"stats":{"query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1    ","query_duration_msec":0.47993659973145}}}
+{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":22,"recordsTotal":22,"rsp":{"records":[{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","value":"43"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-012\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 10] [Method: GET] [Return Code: 404] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://205.174.165.68/dv/vulnerabilities/xss_r/' target='_blank'><i class='fas fa-external-link-alt'></i> 205.174.165.68/dv/vulnerabilities/xss_r/</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":143659199,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 52098 and port 80","epoch_begin":1499346935,"epoch_end":1643006135},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824054532&flow_hash_id=0","cli_ip":{"country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"<a href='/lua/host_details.lua?host=172.16.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"172.16.0.1"},"cli_port":"52098","srv_ip":{"country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"<a href='/lua/host_details.lua?host=192.168.10.50' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.10.50"},"srv_port":"80"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_http_numeric_ip_host#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"HTTP Numeric IP Host <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-012\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 10] [Method: GET] [Return Code: 404] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://205.174.165.68/dv/vulnerabilities/xss_r/' target='_blank'><i class='fas fa-external-link-alt'></i> 205.174.165.68/dv/vulnerabilities/xss_r/</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":"<i class='fas fa-fw fa-hand-paper text-primary' style='color: #5cd65c!important' title='Notice'></i> ","value":3},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 14:15:35","value":1499346935},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","value":"43"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-012\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 10] [Method: GET] [Return Code: 200] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://205.174.165.68/dv/vulnerabilities/xss_r/' target='_blank'><i class='fas fa-external-link-alt'></i> 205.174.165.68/dv/vulnerabilities/xss_r/</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":143659178,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 52200 and port 80","epoch_begin":1499346956,"epoch_end":1643006135},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824080644&flow_hash_id=4","cli_ip":{"country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"<a href='/lua/host_details.lua?host=172.16.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"172.16.0.1"},"cli_port":"52200","srv_ip":{"country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"<a href='/lua/host_details.lua?host=192.168.10.50' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.10.50"},"srv_port":"80"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_http_numeric_ip_host#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"HTTP Numeric IP Host <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-012\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 10] [Method: GET] [Return Code: 200] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://205.174.165.68/dv/vulnerabilities/xss_r/' target='_blank'><i class='fas fa-external-link-alt'></i> 205.174.165.68/dv/vulnerabilities/xss_r/</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"2","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":"<i class='fas fa-fw fa-hand-paper text-primary' style='color: #5cd65c!important' title='Notice'></i> ","value":3},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 14:15:56","value":1499346956},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","value":"43"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-012\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 10] [Method: GET] [Return Code: 404] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://205.174.165.68/dv/vulnerabilities/xss_r/' target='_blank'><i class='fas fa-external-link-alt'></i> 205.174.165.68/dv/vulnerabilities/xss_r/</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":143659158,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 52298 and port 80","epoch_begin":1499346976,"epoch_end":1643006135},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824040197&flow_hash_id=8","cli_ip":{"country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"<a href='/lua/host_details.lua?host=172.16.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"172.16.0.1"},"cli_port":"52298","srv_ip":{"country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"<a href='/lua/host_details.lua?host=192.168.10.50' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.10.50"},"srv_port":"80"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_http_numeric_ip_host#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"HTTP Numeric IP Host <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-012\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 10] [Method: GET] [Return Code: 404] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://205.174.165.68/dv/vulnerabilities/xss_r/' target='_blank'><i class='fas fa-external-link-alt'></i> 205.174.165.68/dv/vulnerabilities/xss_r/</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"3","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":"<i class='fas fa-fw fa-hand-paper text-primary' style='color: #5cd65c!important' title='Notice'></i> ","value":3},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 14:16:16","value":1499346976},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","value":"43"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-012\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 10] [Method: GET] [Return Code: 200] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://205.174.165.68/dv/dvwa/js/dvwaPage.js' target='_blank'><i class='fas fa-external-link-alt'></i> 205.174.165.68/dv/dvwa/js/dvwaPage.js</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":143659158,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 52300 and port 80","epoch_begin":1499346976,"epoch_end":1643006135},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824040709&flow_hash_id=9","cli_ip":{"country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"<a href='/lua/host_details.lua?host=172.16.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"172.16.0.1"},"cli_port":"52300","srv_ip":{"country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"<a href='/lua/host_details.lua?host=192.168.10.50' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.10.50"},"srv_port":"80"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_http_numeric_ip_host#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"HTTP Numeric IP Host <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-012\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 10] [Method: GET] [Return Code: 200] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://205.174.165.68/dv/dvwa/js/dvwaPage.js' target='_blank'><i class='fas fa-external-link-alt'></i> 205.174.165.68/dv/dvwa/js/dvwaPage.js</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"4","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":"<i class='fas fa-fw fa-hand-paper text-primary' style='color: #5cd65c!important' title='Notice'></i> ","value":3},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 14:16:16","value":1499346976},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","value":"43"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-012\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 10] [Method: GET] [Return Code: 200] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://205.174.165.68/dv/vulnerabilities/xss_r/' target='_blank'><i class='fas fa-external-link-alt'></i> 205.174.165.68/dv/vulnerabilities/xss_r/</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":143658779,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 56306 and port 80","epoch_begin":1499347355,"epoch_end":1643006135},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824083220&flow_hash_id=226","cli_ip":{"country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"<a href='/lua/host_details.lua?host=172.16.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"172.16.0.1"},"cli_port":"56306","srv_ip":{"country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"<a href='/lua/host_details.lua?host=192.168.10.50' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.10.50"},"srv_port":"80"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_http_numeric_ip_host#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"HTTP Numeric IP Host <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-012\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 10] [Method: GET] [Return Code: 200] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://205.174.165.68/dv/vulnerabilities/xss_r/' target='_blank'><i class='fas fa-external-link-alt'></i> 205.174.165.68/dv/vulnerabilities/xss_r/</a>] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"5","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":"<i class='fas fa-fw fa-hand-paper text-primary' style='color: #5cd65c!important' title='Notice'></i> ","value":3},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 14:22:35","value":1499347355},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","value":"43"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10] [Method: GET] [Return Code: 200] [URL:  205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27KGE8ES9SCQ7FORY5VSPTYY4R4UHJNRQTPTAY6L9JR1OU40RPDA%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E] [Main Direction: Srv Cli]","shorten_descr":"HTTP Numeric IP Host [Score: 10] [Method: GET] [Return Code: 200] [URL:  205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27KG…"},"duration":143658067,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 35626 and port 80","epoch_begin":1499348068,"epoch_end":1643006136},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824031940&flow_hash_id=642","cli_ip":{"country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"<a href='/lua/host_details.lua?host=172.16.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"172.16.0.1"},"cli_port":"35626","srv_ip":{"country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"<a href='/lua/host_details.lua?host=192.168.10.50' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.10.50"},"srv_port":"80"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_http_numeric_ip_host#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"HTTP Numeric IP Host [Score: 10] [Method: GET] [Return Code: 200] [URL:  205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27KGE8ES9SCQ7FORY5VSPTYY4R4UHJNRQTPTAY6L9JR1OU40RPDA%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E] [Main Direction: Srv Cli]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"6","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":"<i class='fas fa-fw fa-hand-paper text-primary' style='color: #5cd65c!important' title='Notice'></i> ","value":3},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 14:34:28","value":1499348068},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","value":"43"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-012\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 10] [Method: GET] [Return Code: 200] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://205.174.165.68/dv/vulnerabilities/xss_r/' target='_blank'><i class='fas fa-external-link-alt'></i> 205.174.165.68/dv/vulnerabilities/xss_r/</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":143658263,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 33580 and port 80","epoch_begin":1499347872,"epoch_end":1643006136},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824032444&flow_hash_id=531","cli_ip":{"country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"<a href='/lua/host_details.lua?host=172.16.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"172.16.0.1"},"cli_port":"33580","srv_ip":{"country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"<a href='/lua/host_details.lua?host=192.168.10.50' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.10.50"},"srv_port":"80"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_http_numeric_ip_host#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"HTTP Numeric IP Host <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-012\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 10] [Method: GET] [Return Code: 200] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://205.174.165.68/dv/vulnerabilities/xss_r/' target='_blank'><i class='fas fa-external-link-alt'></i> 205.174.165.68/dv/vulnerabilities/xss_r/</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"7","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":"<i class='fas fa-fw fa-hand-paper text-primary' style='color: #5cd65c!important' title='Notice'></i> ","value":3},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 14:31:12","value":1499347872},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","value":"43"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-012\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 10] [Method: GET] [Return Code: 200] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://205.174.165.68/dv/vulnerabilities/xss_r/' target='_blank'><i class='fas fa-external-link-alt'></i> 205.174.165.68/dv/vulnerabilities/xss_r/</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":143658907,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 54956 and port 80","epoch_begin":1499347228,"epoch_end":1643006136},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824065295&flow_hash_id=151","cli_ip":{"country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"<a href='/lua/host_details.lua?host=172.16.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"172.16.0.1"},"cli_port":"54956","srv_ip":{"country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"<a href='/lua/host_details.lua?host=192.168.10.50' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.10.50"},"srv_port":"80"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_http_numeric_ip_host#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"HTTP Numeric IP Host <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-012\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 10] [Method: GET] [Return Code: 200] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://205.174.165.68/dv/vulnerabilities/xss_r/' target='_blank'><i class='fas fa-external-link-alt'></i> 205.174.165.68/dv/vulnerabilities/xss_r/</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"8","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":"<i class='fas fa-fw fa-hand-paper text-primary' style='color: #5cd65c!important' title='Notice'></i> ","value":3},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 14:20:28","value":1499347228},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","value":"43"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10] [Method: GET] [Return Code: 200] [URL:  205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27AQ80NQUS4TAQLQVWHMAGXB11KUBK34NZA8RUUD143IFKQDS3P5%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E] [Main Direction: Cli Srv]","shorten_descr":"HTTP Numeric IP Host [Score: 10] [Method: GET] [Return Code: 200] [URL:  205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27AQ…"},"duration":143659102,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 52910 and port 80","epoch_begin":1499347033,"epoch_end":1643006136},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824065799&flow_hash_id=40","cli_ip":{"country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"<a href='/lua/host_details.lua?host=172.16.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"172.16.0.1"},"cli_port":"52910","srv_ip":{"country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"<a href='/lua/host_details.lua?host=192.168.10.50' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.10.50"},"srv_port":"80"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_http_numeric_ip_host#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"HTTP Numeric IP Host [Score: 10] [Method: GET] [Return Code: 200] [URL:  205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27AQ80NQUS4TAQLQVWHMAGXB11KUBK34NZA8RUUD143IFKQDS3P5%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E] [Main Direction: Cli Srv]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"9","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":"<i class='fas fa-fw fa-hand-paper text-primary' style='color: #5cd65c!important' title='Notice'></i> ","value":3},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 14:17:13","value":1499347033},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","value":"43"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-012\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 10] [Method: GET] [Return Code: 200] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://205.174.165.68/dv/vulnerabilities/xss_r/' target='_blank'><i class='fas fa-external-link-alt'></i> 205.174.165.68/dv/vulnerabilities/xss_r/</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":143658392,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 60464 and port 80","epoch_begin":1499347743,"epoch_end":1643006136},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824033573&flow_hash_id=457","cli_ip":{"country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"<a href='/lua/host_details.lua?host=172.16.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"172.16.0.1"},"cli_port":"60464","srv_ip":{"country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"<a href='/lua/host_details.lua?host=192.168.10.50' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.10.50"},"srv_port":"80"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_http_numeric_ip_host#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"HTTP Numeric IP Host <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-012\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 10] [Method: GET] [Return Code: 200] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://205.174.165.68/dv/vulnerabilities/xss_r/' target='_blank'><i class='fas fa-external-link-alt'></i> 205.174.165.68/dv/vulnerabilities/xss_r/</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"10","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":"<i class='fas fa-fw fa-hand-paper text-primary' style='color: #5cd65c!important' title='Notice'></i> ","value":3},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 14:29:03","value":1499347743},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","value":"43"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-012\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 10] [Method: GET] [Return Code: 200] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://205.174.165.68/dv/vulnerabilities/xss_r/' target='_blank'><i class='fas fa-external-link-alt'></i> 205.174.165.68/dv/vulnerabilities/xss_r/</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":143659038,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 53584 and port 80","epoch_begin":1499347097,"epoch_end":1643006136},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824041738&flow_hash_id=77","cli_ip":{"country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"<a href='/lua/host_details.lua?host=172.16.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"172.16.0.1"},"cli_port":"53584","srv_ip":{"country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"<a href='/lua/host_details.lua?host=192.168.10.50' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.10.50"},"srv_port":"80"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_http_numeric_ip_host#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"HTTP Numeric IP Host <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-012\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 10] [Method: GET] [Return Code: 200] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://205.174.165.68/dv/vulnerabilities/xss_r/' target='_blank'><i class='fas fa-external-link-alt'></i> 205.174.165.68/dv/vulnerabilities/xss_r/</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"11","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":"<i class='fas fa-fw fa-hand-paper text-primary' style='color: #5cd65c!important' title='Notice'></i> ","value":3},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 14:18:17","value":1499347097},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","value":"43"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10] [Method: GET] [Return Code: 200] [URL:  205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27JUL2D3WXHEGWRAFJE2PI7OS71Z4Z8RFUHXGNFLUFYVP6M3OL55%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E] [Main Direction: Cli Srv]","shorten_descr":"HTTP Numeric IP Host [Score: 10] [Method: GET] [Return Code: 200] [URL:  205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27JU…"},"duration":143658844,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 55632 and port 80","epoch_begin":1499347291,"epoch_end":1643006136},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824041746&flow_hash_id=189","cli_ip":{"country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"<a href='/lua/host_details.lua?host=172.16.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"172.16.0.1"},"cli_port":"55632","srv_ip":{"country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"<a href='/lua/host_details.lua?host=192.168.10.50' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.10.50"},"srv_port":"80"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_http_numeric_ip_host#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"HTTP Numeric IP Host [Score: 10] [Method: GET] [Return Code: 200] [URL:  205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27JUL2D3WXHEGWRAFJE2PI7OS71Z4Z8RFUHXGNFLUFYVP6M3OL55%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E] [Main Direction: Cli Srv]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"12","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":"<i class='fas fa-fw fa-hand-paper text-primary' style='color: #5cd65c!important' title='Notice'></i> ","value":3},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 14:21:31","value":1499347291},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","value":"43"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-012\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 10] [Method: GET] [Return Code: 200] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://205.174.165.68/dv/vulnerabilities/xss_r/' target='_blank'><i class='fas fa-external-link-alt'></i> 205.174.165.68/dv/vulnerabilities/xss_r/</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":143658651,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 57684 and port 80","epoch_begin":1499347484,"epoch_end":1643006136},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824042778&flow_hash_id=303","cli_ip":{"country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"<a href='/lua/host_details.lua?host=172.16.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"172.16.0.1"},"cli_port":"57684","srv_ip":{"country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"<a href='/lua/host_details.lua?host=192.168.10.50' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.10.50"},"srv_port":"80"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_http_numeric_ip_host#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"HTTP Numeric IP Host <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-012\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 10] [Method: GET] [Return Code: 200] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://205.174.165.68/dv/vulnerabilities/xss_r/' target='_blank'><i class='fas fa-external-link-alt'></i> 205.174.165.68/dv/vulnerabilities/xss_r/</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"13","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":"<i class='fas fa-fw fa-hand-paper text-primary' style='color: #5cd65c!important' title='Notice'></i> ","value":3},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 14:24:44","value":1499347484},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","value":"43"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10] [Method: GET] [Return Code: 200] [URL:  205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27SZGGJRXX6DR9VWKN864H8LTBEZ6QC3GJPC8TUUNAED3BBL4L8P%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E] [Main Direction: Cli Srv]","shorten_descr":"HTTP Numeric IP Host [Score: 10] [Method: GET] [Return Code: 200] [URL:  205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27SZ…"},"duration":143658460,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 59732 and port 80","epoch_begin":1499347675,"epoch_end":1643006136},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824042786&flow_hash_id=418","cli_ip":{"country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"<a href='/lua/host_details.lua?host=172.16.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"172.16.0.1"},"cli_port":"59732","srv_ip":{"country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"<a href='/lua/host_details.lua?host=192.168.10.50' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.10.50"},"srv_port":"80"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_http_numeric_ip_host#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"HTTP Numeric IP Host [Score: 10] [Method: GET] [Return Code: 200] [URL:  205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27SZGGJRXX6DR9VWKN864H8LTBEZ6QC3GJPC8TUUNAED3BBL4L8P%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E] [Main Direction: Cli Srv]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"14","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":"<i class='fas fa-fw fa-hand-paper text-primary' style='color: #5cd65c!important' title='Notice'></i> ","value":3},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 14:27:55","value":1499347675},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","value":"43"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-012\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 10] [Method: GET] [Return Code: 200] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://205.174.165.68/dv/favicon.ico' target='_blank'><i class='fas fa-external-link-alt'></i> 205.174.165.68/dv/favicon.ico</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":143659159,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 52318 and port 80","epoch_begin":1499346976,"epoch_end":1643006136},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824045317&flow_hash_id=10","cli_ip":{"country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"<a href='/lua/host_details.lua?host=172.16.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"172.16.0.1"},"cli_port":"52318","srv_ip":{"country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"<a href='/lua/host_details.lua?host=192.168.10.50' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.10.50"},"srv_port":"80"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_http_numeric_ip_host#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"HTTP Numeric IP Host <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-012\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 10] [Method: GET] [Return Code: 200] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://205.174.165.68/dv/favicon.ico' target='_blank'><i class='fas fa-external-link-alt'></i> 205.174.165.68/dv/favicon.ico</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"15","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":"<i class='fas fa-fw fa-hand-paper text-primary' style='color: #5cd65c!important' title='Notice'></i> ","value":3},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 14:16:16","value":1499346976},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","value":"43"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10] [Method: GET] [Return Code: 200] [URL:  205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27TNRH0PFRPCFVXECFZU2OUYBTDZQVIWB8HBZ1VC7EXA9PGMGBWA%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E] [Main Direction: Cli Srv]","shorten_descr":"HTTP Numeric IP Host [Score: 10] [Method: GET] [Return Code: 200] [URL:  205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27TN…"},"duration":143658196,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 34278 and port 80","epoch_begin":1499347939,"epoch_end":1643006136},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824080062&flow_hash_id=568","cli_ip":{"country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"<a href='/lua/host_details.lua?host=172.16.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"172.16.0.1"},"cli_port":"34278","srv_ip":{"country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"<a href='/lua/host_details.lua?host=192.168.10.50' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.10.50"},"srv_port":"80"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_http_numeric_ip_host#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"HTTP Numeric IP Host [Score: 10] [Method: GET] [Return Code: 200] [URL:  205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27TNRH0PFRPCFVXECFZU2OUYBTDZQVIWB8HBZ1VC7EXA9PGMGBWA%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E] [Main Direction: Cli Srv]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"16","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":"<i class='fas fa-fw fa-hand-paper text-primary' style='color: #5cd65c!important' title='Notice'></i> ","value":3},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 14:32:19","value":1499347939},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","value":"43"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10] [Method: GET] [Return Code: 200] [URL:  205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27MRVS1VO9FLO4CFA5FLJ13I9GULOFH69WHOJQ0PH0OKE2FMG3MQ%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E] [Main Direction: Cli Srv]","shorten_descr":"HTTP Numeric IP Host [Score: 10] [Method: GET] [Return Code: 200] [URL:  205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27MR…"},"duration":143658588,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 58360 and port 80","epoch_begin":1499347547,"epoch_end":1643006136},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824084764&flow_hash_id=341","cli_ip":{"country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"<a href='/lua/host_details.lua?host=172.16.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"172.16.0.1"},"cli_port":"58360","srv_ip":{"country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"<a href='/lua/host_details.lua?host=192.168.10.50' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.10.50"},"srv_port":"80"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_http_numeric_ip_host#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"HTTP Numeric IP Host [Score: 10] [Method: GET] [Return Code: 200] [URL:  205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27MRVS1VO9FLO4CFA5FLJ13I9GULOFH69WHOJQ0PH0OKE2FMG3MQ%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E] [Main Direction: Cli Srv]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"17","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":"<i class='fas fa-fw fa-hand-paper text-primary' style='color: #5cd65c!important' title='Notice'></i> ","value":3},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 14:25:47","value":1499347547},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","value":"43"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-012\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 10] [Method: GET] [Return Code: 200] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://205.174.165.68/dv/vulnerabilities/xss_r/' target='_blank'><i class='fas fa-external-link-alt'></i> 205.174.165.68/dv/vulnerabilities/xss_r/</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":143658133,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 34940 and port 80","epoch_begin":1499348002,"epoch_end":1643006136},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824052929&flow_hash_id=605","cli_ip":{"country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"<a href='/lua/host_details.lua?host=172.16.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"172.16.0.1"},"cli_port":"34940","srv_ip":{"country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"<a href='/lua/host_details.lua?host=192.168.10.50' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.10.50"},"srv_port":"80"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_http_numeric_ip_host#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"HTTP Numeric IP Host <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-012\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 10] [Method: GET] [Return Code: 200] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://205.174.165.68/dv/vulnerabilities/xss_r/' target='_blank'><i class='fas fa-external-link-alt'></i> 205.174.165.68/dv/vulnerabilities/xss_r/</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"18","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":"<i class='fas fa-fw fa-hand-paper text-primary' style='color: #5cd65c!important' title='Notice'></i> ","value":3},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 14:33:22","value":1499348002},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","value":"43"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10] [Method: GET] [Return Code: 200] [URL:  205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%270XVM4C1CNSWY8VF443GGZ6W527WBY4H29E2XQNGG2QUPQEKW0U%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E] [Main Direction: Cli Srv]","shorten_descr":"HTTP Numeric IP Host [Score: 10] [Method: GET] [Return Code: 200] [URL:  205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%270X…"},"duration":143658972,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 54268 and port 80","epoch_begin":1499347163,"epoch_end":1643006136},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824085772&flow_hash_id=113","cli_ip":{"country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"<a href='/lua/host_details.lua?host=172.16.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"172.16.0.1"},"cli_port":"54268","srv_ip":{"country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"<a href='/lua/host_details.lua?host=192.168.10.50' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.10.50"},"srv_port":"80"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_http_numeric_ip_host#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"HTTP Numeric IP Host [Score: 10] [Method: GET] [Return Code: 200] [URL:  205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%270XVM4C1CNSWY8VF443GGZ6W527WBY4H29E2XQNGG2QUPQEKW0U%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E] [Main Direction: Cli Srv]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"19","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":"<i class='fas fa-fw fa-hand-paper text-primary' style='color: #5cd65c!important' title='Notice'></i> ","value":3},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 14:19:23","value":1499347163},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","value":"43"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10] [Method: GET] [Return Code: 200] [URL:  205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27UQE70NGV80W4ZBVWQELDMRMBY9BF6W552ZBHL3F4W4MIP7R7K6%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E] [Main Direction: Cli Srv]","shorten_descr":"HTTP Numeric IP Host [Score: 10] [Method: GET] [Return Code: 200] [URL:  205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27UQ…"},"duration":143658328,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 32906 and port 80","epoch_begin":1499347807,"epoch_end":1643006136},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824056505&flow_hash_id=494","cli_ip":{"country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"<a href='/lua/host_details.lua?host=172.16.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"172.16.0.1"},"cli_port":"32906","srv_ip":{"country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"<a href='/lua/host_details.lua?host=192.168.10.50' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.10.50"},"srv_port":"80"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_http_numeric_ip_host#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"HTTP Numeric IP Host [Score: 10] [Method: GET] [Return Code: 200] [URL:  205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27UQE70NGV80W4ZBVWQELDMRMBY9BF6W552ZBHL3F4W4MIP7R7K6%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E] [Main Direction: Cli Srv]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"20","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":"<i class='fas fa-fw fa-hand-paper text-primary' style='color: #5cd65c!important' title='Notice'></i> ","value":3},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 14:30:07","value":1499347807},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","value":"43"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10] [Method: GET] [Return Code: 200] [URL:  205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27AA0U7VCIO18AUKPZNB0ZXFCDF9PVHM0BRGOWM22EICNEPXK5UC%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E] [Main Direction: Cli Srv]","shorten_descr":"HTTP Numeric IP Host [Score: 10] [Method: GET] [Return Code: 200] [URL:  205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27AA…"},"duration":143658716,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 56994 and port 80","epoch_begin":1499347419,"epoch_end":1643006136},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824062743&flow_hash_id=264","cli_ip":{"country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"<a href='/lua/host_details.lua?host=172.16.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"172.16.0.1"},"cli_port":"56994","srv_ip":{"country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"<a href='/lua/host_details.lua?host=192.168.10.50' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.10.50"},"srv_port":"80"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_http_numeric_ip_host#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"HTTP Numeric IP Host [Score: 10] [Method: GET] [Return Code: 200] [URL:  205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27AA0U7VCIO18AUKPZNB0ZXFCDF9PVHM0BRGOWM22EICNEPXK5UC%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E] [Main Direction: Cli Srv]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"21","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":"<i class='fas fa-fw fa-hand-paper text-primary' style='color: #5cd65c!important' title='Notice'></i> ","value":3},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 14:23:39","value":1499347419},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","value":"43"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> HTTP Numeric IP Host","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-012\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 10] [Method: GET] [Return Code: 200] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://205.174.165.68/dv/vulnerabilities/xss_r/' target='_blank'><i class='fas fa-external-link-alt'></i> 205.174.165.68/dv/vulnerabilities/xss_r/</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":143658524,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 59042 and port 80","epoch_begin":1499347611,"epoch_end":1643006136},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824062751&flow_hash_id=379","cli_ip":{"country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"<a href='/lua/host_details.lua?host=172.16.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"172.16.0.1"},"cli_port":"59042","srv_ip":{"country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"<a href='/lua/host_details.lua?host=192.168.10.50' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.10.50"},"srv_port":"80"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_http_numeric_ip_host#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"HTTP Numeric IP Host <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-012\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 10] [Method: GET] [Return Code: 200] [URL: <button id='copyHttpUrl' class='btn btn-light btn-sm border ms-1' style='cursor: pointer;'><i class='fas fa-copy'></i></button>  <a class='ntopng-external-link' href='https://205.174.165.68/dv/vulnerabilities/xss_r/' target='_blank'><i class='fas fa-external-link-alt'></i> 205.174.165.68/dv/vulnerabilities/xss_r/</a>] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"22","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":"<i class='fas fa-fw fa-hand-paper text-primary' style='color: #5cd65c!important' title='Notice'></i> ","value":3},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 14:26:51","value":1499347611},"vlan_id":"0"}],"stats":{"num_records_processed":"Processed 0 records [0 records/sec]","query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1    ","query_duration_msec":0.50878524780273}}}
diff --git a/tests/rest/result/v2/alert_flow_risk_missing_tls_sni.out b/tests/rest/result/v2/alert_flow_risk_missing_tls_sni.out
index 446a6b8268..ed3ef7fc83 100644
--- a/tests/rest/result/v2/alert_flow_risk_missing_tls_sni.out
+++ b/tests/rest/result/v2/alert_flow_risk_missing_tls_sni.out
@@ -1,2 +1,2 @@
 {"success":true}
-{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":{"descr":"Remote to Remote [Score: 50] [TLS Certificate Validity: 29/11/2018 19:57:22 - 29/11/2023 19:57:22] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli], TLS not carrying HTTPS <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-015\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 50] [TLS Certificate Validity: 29/11/2018 19:57:22 - 29/11/2023 19:57:22] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","shorten_descr":"Remote to Remote [Score: 50] [TLS Certificate Validity: 29/11/2018 19:57:22 - 29/11/2023 19:57:22] [Main Direction: Srv <i class='fas fa-arrow-right'>…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Missing TLS SNI","value":"54"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Missing TLS SNI","count":1,"description":{"descr":"Missing TLS SNI <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-024\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 50] [TLS Certificate Validity: 29/11/2018 19:57:22 - 29/11/2023 19:57:22] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":84755420,"family":"flow","filter":{"bpf":"host 10.206.131.18 and host 10.206.65.249 and port 58657 and port 443","epoch_begin":1557818846,"epoch_end":1642574267},"flow":{"active_url":"/lua/flow_details.lua?flow_key=362652409&flow_hash_id=0","cli_ip":{"country":"","label":"10.206.131.18@258","label_long":"10.206.131.18@258","reference":"<a href='/lua/host_details.lua?host=10.206.131.18@258' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"10.206.131.18@258"},"cli_port":"58657","srv_ip":{"country":"","label":"10.206.65.249@258","label_long":"10.206.65.249@258","reference":"<a href='/lua/host_details.lua?host=10.206.65.249@258' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"10.206.65.249@258"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_tls_missing_sni#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Missing TLS SNI <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-024\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 50] [TLS Certificate Validity: 29/11/2018 19:57:22 - 29/11/2023 19:57:22] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Missing TLS SNI","name":"Missing TLS SNI","value":54},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#ffc007","label":"70","value":70},"script_key":"ndpi_tls_missing_sni","severity":{"color":"#ffc007","label":"<i class='fas fa-fw fa-exclamation-triangle text-warning' style='color: #ffc007!important' title='Warning'></i> ","value":4},"tstamp":{"highlight":"#ffc007","label":"14/05/2019 08:27:26","value":1557818846},"vlan_id":"258"}],"stats":{"query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1    ","query_duration_msec":0.21195411682129}}}
+{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":{"descr":"Remote to Remote [Score: 50] [TLS Certificate Validity: 29/11/2018 19:57:22 - 29/11/2023 19:57:22] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli], TLS not carrying HTTPS <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-015\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 50] [TLS Certificate Validity: 29/11/2018 19:57:22 - 29/11/2023 19:57:22] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","shorten_descr":"Remote to Remote [Score: 50] [TLS Certificate Validity: 29/11/2018 19:57:22 - 29/11/2023 19:57:22] [Main Direction: Srv <i class='fas fa-arrow-right'>…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Missing TLS SNI","value":"54"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Missing TLS SNI","count":1,"description":{"descr":"Missing TLS SNI <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-024\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 50] [TLS Certificate Validity: 29/11/2018 19:57:22 - 29/11/2023 19:57:22] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":85187358,"family":"flow","filter":{"bpf":"host 10.206.131.18 and host 10.206.65.249 and port 58657 and port 443","epoch_begin":1557818846,"epoch_end":1643006205},"flow":{"active_url":"/lua/flow_details.lua?flow_key=362652409&flow_hash_id=0","cli_ip":{"country":"","label":"10.206.131.18@258","label_long":"10.206.131.18@258","reference":"<a href='/lua/host_details.lua?host=10.206.131.18@258' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"10.206.131.18@258"},"cli_port":"58657","srv_ip":{"country":"","label":"10.206.65.249@258","label_long":"10.206.65.249@258","reference":"<a href='/lua/host_details.lua?host=10.206.65.249@258' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"10.206.65.249@258"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_tls_missing_sni#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Missing TLS SNI <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-024\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 50] [TLS Certificate Validity: 29/11/2018 19:57:22 - 29/11/2023 19:57:22] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Missing TLS SNI","name":"Missing TLS SNI","value":54},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#ffc007","label":"70","value":70},"script_key":"ndpi_tls_missing_sni","severity":{"color":"#ffc007","label":"<i class='fas fa-fw fa-exclamation-triangle text-warning' style='color: #ffc007!important' title='Warning'></i> ","value":4},"tstamp":{"highlight":"#ffc007","label":"14/05/2019 08:27:26","value":1557818846},"vlan_id":"258"}],"stats":{"num_records_processed":"Processed 0 records [0 records/sec]","query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1    ","query_duration_msec":0.19192695617676}}}
diff --git a/tests/rest/result/v2/alert_flow_risk_unsafe_protocol.out b/tests/rest/result/v2/alert_flow_risk_unsafe_protocol.out
index d4835b85ad..dbfd3c6a18 100644
--- a/tests/rest/result/v2/alert_flow_risk_unsafe_protocol.out
+++ b/tests/rest/result/v2/alert_flow_risk_unsafe_protocol.out
@@ -1,2 +1,2 @@
 {"success":true}
-{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":10,"recordsTotal":10,"rsp":{"records":[{"additional_alerts":{"descr":"Remote to Remote [Score: 100] [TLS Certificate Validity: 03/10/2013 01:00:00 - 19/11/2013 00:59:59] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","shorten_descr":"Remote to Remote [Score: 100] [TLS Certificate Validity: 03/10/2013 01:00:00 - 19/11/2013 00:59:59] [Main Direction: Srv <i class='fas fa-arrow-right'…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Obsolete TLS Version","value":"24"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Obsolete TLS Version","count":1,"description":{"descr":"Obsolete TLS Version [Version: TLSv1] <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-007\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 03/10/2013 01:00:00 - 19/11/2013 00:59:59] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":258752675,"family":"flow","filter":{"bpf":"host 192.168.1.252 and host 91.143.93.242 and port 51110 and port 443","epoch_begin":1383821665,"epoch_end":1642574341},"flow":{"active_url":"/lua/flow_details.lua?flow_key=473481660&flow_hash_id=0","cli_ip":{"country":"","label":"192.168.1.252","label_long":"192.168.1.252","reference":"<a href='/lua/host_details.lua?host=192.168.1.252' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.252"},"cli_port":"51110","srv_ip":{"country":"DE","label":"www.ct7ctrgb6cr7.com","label_long":"www.ct7ctrgb6cr7.com","name":"www.ct7ctrgb6cr7.com","reference":"<a href='/lua/host_details.lua?host=91.143.93.242' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"91.143.93.242"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_old_protocol_version#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Obsolete TLS Version [Version: TLSv1] <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-007\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 03/10/2013 01:00:00 - 19/11/2013 00:59:59] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Obsolete TLS Version","name":"Obsolete TLS Version","value":24},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#ff3231","label":"110","value":110},"script_key":"tls_old_protocol_version","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"07/11/2013 11:54:25","value":1383821665},"vlan_id":"0"},{"additional_alerts":{"descr":"Obsolete TLS Version <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-007\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 07/06/2013 01:00:00 - 07/02/2014 01:00:00] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli], Remote Access [Score: 100] [TLS Certificate Validity: 07/06/2013 01:00:00 - 07/02/2014 01:00:00] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli], Remote to Remote [Score: 100] [TLS Certificate Validity: 07/06/2013 01:00:00 - 07/02/2014 01:00:00] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli], Unsafe Protocol <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-022\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 07/06/2013 01:00:00 - 07/02/2014 01:00:00] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","shorten_descr":"Obsolete TLS Version <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-007\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i><…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","value":"47"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain [ www.e6r5p57kbafwrxj3plz.com ] [Score: 100] [TLS Certificate Validity: 07/06/2013 01:00:00 - 07/02/2014 01:00:00] [Main Direction: Srv Cli]","shorten_descr":"Suspicious DGA Domain [ www.e6r5p57kbafwrxj3plz.com ] [Score: 100] [TLS Certificate Validity: 07/06/2013 01:00:00 - 07/02/2014 01:00:00] [Main Directi…"},"duration":258752674,"family":"flow","filter":{"bpf":"host 192.168.1.252 and host 46.59.52.31 and port 51111 and port 443","epoch_begin":1383821666,"epoch_end":1642574341},"flow":{"active_url":"/lua/flow_details.lua?flow_key=4007958761&flow_hash_id=1","cli_ip":{"country":"","label":"192.168.1.252","label_long":"192.168.1.252","reference":"<a href='/lua/host_details.lua?host=192.168.1.252' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.252"},"cli_port":"51111","srv_ip":{"country":"SE","label":"www.e6r5p57kbafwrxj3plz.…","label_long":"www.e6r5p57kbafwrxj3plz.com","name":"www.e6r5p57kbafwrxj3plz.com","reference":"<a href='/lua/host_details.lua?host=46.59.52.31' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"46.59.52.31"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Tor","label":"TCP:TLS.Tor","value":"163"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_suspicious_dga_domain#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Suspicious DGA Domain [ www.e6r5p57kbafwrxj3plz.com ] [Score: 100] [TLS Certificate Validity: 07/06/2013 01:00:00 - 07/02/2014 01:00:00] [Main Direction: Srv Cli]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"TCP","value":"6"},"row_id":"2","score":{"color":"#ff3231","label":"230","value":230},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"07/11/2013 11:54:26","value":1383821666},"vlan_id":"0"},{"additional_alerts":{"descr":"Obsolete TLS Version <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-007\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 15/09/2013 01:00:00 - 22/02/2014 00:59:59] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv], Remote Access [Score: 100] [TLS Certificate Validity: 15/09/2013 01:00:00 - 22/02/2014 00:59:59] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv], Remote to Remote [Score: 100] [TLS Certificate Validity: 15/09/2013 01:00:00 - 22/02/2014 00:59:59] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv], Unsafe Protocol <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-022\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 15/09/2013 01:00:00 - 22/02/2014 00:59:59] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","shorten_descr":"Obsolete TLS Version <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-007\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i><…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","value":"47"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain [ www.q4cyamnc6mtokjurvdclt.com ] [Score: 100] [TLS Certificate Validity: 15/09/2013 01:00:00 - 22/02/2014 00:59:59] [Main Direction: Cli Srv]","shorten_descr":"Suspicious DGA Domain [ www.q4cyamnc6mtokjurvdclt.com ] [Score: 100] [TLS Certificate Validity: 15/09/2013 01:00:00 - 22/02/2014 00:59:59] [Main Direc…"},"duration":258752672,"family":"flow","filter":{"bpf":"host 192.168.1.252 and host 38.229.70.53 and port 51112 and port 443","epoch_begin":1383821668,"epoch_end":1642574341},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3884887039&flow_hash_id=2","cli_ip":{"country":"","label":"192.168.1.252","label_long":"192.168.1.252","reference":"<a href='/lua/host_details.lua?host=192.168.1.252' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.252"},"cli_port":"51112","srv_ip":{"country":"US","label":"www.q4cyamnc6mtokjurvdcl…","label_long":"www.q4cyamnc6mtokjurvdclt.com","name":"www.q4cyamnc6mtokjurvdclt.com","reference":"<a href='/lua/host_details.lua?host=38.229.70.53' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"38.229.70.53"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Tor","label":"TCP:TLS.Tor","value":"163"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_suspicious_dga_domain#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Suspicious DGA Domain [ www.q4cyamnc6mtokjurvdclt.com ] [Score: 100] [TLS Certificate Validity: 15/09/2013 01:00:00 - 22/02/2014 00:59:59] [Main Direction: Cli Srv]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"TCP","value":"6"},"row_id":"3","score":{"color":"#ff3231","label":"230","value":230},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"07/11/2013 11:54:28","value":1383821668},"vlan_id":"0"},{"additional_alerts":{"descr":"Obsolete TLS Version <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-007\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 03/10/2013 01:00:00 - 19/11/2013 00:59:59] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli], Remote Access [Score: 100] [TLS Certificate Validity: 03/10/2013 01:00:00 - 19/11/2013 00:59:59] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli], Remote to Remote [Score: 100] [TLS Certificate Validity: 03/10/2013 01:00:00 - 19/11/2013 00:59:59] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli], Unsafe Protocol <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-022\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 03/10/2013 01:00:00 - 19/11/2013 00:59:59] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","shorten_descr":"Obsolete TLS Version <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-007\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i><…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","value":"47"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain [ www.gfu7hbxpfp.com ] [Score: 100] [TLS Certificate Validity: 03/10/2013 01:00:00 - 19/11/2013 00:59:59] [Main Direction: Srv Cli]","shorten_descr":"Suspicious DGA Domain [ www.gfu7hbxpfp.com ] [Score: 100] [TLS Certificate Validity: 03/10/2013 01:00:00 - 19/11/2013 00:59:59] [Main Direction: Srv C…"},"duration":258752211,"family":"flow","filter":{"bpf":"host 192.168.1.252 and host 91.143.93.242 and port 51175 and port 443","epoch_begin":1383822129,"epoch_end":1642574341},"flow":{"active_url":"/lua/flow_details.lua?flow_key=473498300&flow_hash_id=7","cli_ip":{"country":"","label":"192.168.1.252","label_long":"192.168.1.252","reference":"<a href='/lua/host_details.lua?host=192.168.1.252' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.252"},"cli_port":"51175","srv_ip":{"country":"DE","label":"www.ct7ctrgb6cr7.com","label_long":"www.ct7ctrgb6cr7.com","name":"www.ct7ctrgb6cr7.com","reference":"<a href='/lua/host_details.lua?host=91.143.93.242' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"91.143.93.242"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Tor","label":"TCP:TLS.Tor","value":"163"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_suspicious_dga_domain#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Suspicious DGA Domain [ www.gfu7hbxpfp.com ] [Score: 100] [TLS Certificate Validity: 03/10/2013 01:00:00 - 19/11/2013 00:59:59] [Main Direction: Srv Cli]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"TCP","value":"6"},"row_id":"4","score":{"color":"#ff3231","label":"230","value":230},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"07/11/2013 12:02:09","value":1383822129},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 100] [TLS Certificate Validity: 11/09/2013 01:00:00 - 25/11/2013 00:59:59] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","shorten_descr":"Remote to Remote [Score: 100] [TLS Certificate Validity: 11/09/2013 01:00:00 - 25/11/2013 00:59:59] [Main Direction: Srv <i class='fas fa-arrow-right'…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Obsolete TLS Version","value":"24"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Obsolete TLS Version","count":1,"description":{"descr":"Obsolete TLS Version [Version: TLSv1] <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-007\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 11/09/2013 01:00:00 - 25/11/2013 00:59:59] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":258752211,"family":"flow","filter":{"bpf":"host 192.168.1.252 and host 212.83.155.250 and port 51174 and port 443","epoch_begin":1383822129,"epoch_end":1642574341},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2499624900&flow_hash_id=6","cli_ip":{"country":"","label":"192.168.1.252","label_long":"192.168.1.252","reference":"<a href='/lua/host_details.lua?host=192.168.1.252' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.252"},"cli_port":"51174","srv_ip":{"country":"FR","label":"www.t3i3ru.com","label_long":"www.t3i3ru.com","name":"www.t3i3ru.com","reference":"<a href='/lua/host_details.lua?host=212.83.155.250' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"212.83.155.250"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_old_protocol_version#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Obsolete TLS Version [Version: TLSv1] <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-007\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 11/09/2013 01:00:00 - 25/11/2013 00:59:59] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Obsolete TLS Version","name":"Obsolete TLS Version","value":24},"proto":{"label":"TCP","value":"6"},"row_id":"5","score":{"color":"#ff3231","label":"110","value":110},"script_key":"tls_old_protocol_version","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"07/11/2013 12:02:09","value":1383822129},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 100] [TLS Certificate Validity: 15/09/2013 01:00:00 - 22/02/2014 00:59:59] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","shorten_descr":"Remote to Remote [Score: 100] [TLS Certificate Validity: 15/09/2013 01:00:00 - 22/02/2014 00:59:59] [Main Direction: Srv <i class='fas fa-arrow-right'…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Obsolete TLS Version","value":"24"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Obsolete TLS Version","count":1,"description":{"descr":"Obsolete TLS Version [Version: TLSv1] <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-007\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 15/09/2013 01:00:00 - 22/02/2014 00:59:59] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":258752210,"family":"flow","filter":{"bpf":"host 192.168.1.252 and host 38.229.70.53 and port 51176 and port 443","epoch_begin":1383822130,"epoch_end":1642574341},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3884903423&flow_hash_id=8","cli_ip":{"country":"","label":"192.168.1.252","label_long":"192.168.1.252","reference":"<a href='/lua/host_details.lua?host=192.168.1.252' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.252"},"cli_port":"51176","srv_ip":{"country":"US","label":"www.q4cyamnc6mtokjurvdcl…","label_long":"www.q4cyamnc6mtokjurvdclt.com","name":"www.q4cyamnc6mtokjurvdclt.com","reference":"<a href='/lua/host_details.lua?host=38.229.70.53' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"38.229.70.53"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_old_protocol_version#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Obsolete TLS Version [Version: TLSv1] <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-007\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 15/09/2013 01:00:00 - 22/02/2014 00:59:59] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Obsolete TLS Version","name":"Obsolete TLS Version","value":24},"proto":{"label":"TCP","value":"6"},"row_id":"6","score":{"color":"#ff3231","label":"110","value":110},"script_key":"tls_old_protocol_version","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"07/11/2013 12:02:10","value":1383822130},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 100] [TLS Certificate Validity: 02/11/2013 01:00:00 - 17/02/2014 01:00:00] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","shorten_descr":"Remote to Remote [Score: 100] [TLS Certificate Validity: 02/11/2013 01:00:00 - 17/02/2014 01:00:00] [Main Direction: Srv <i class='fas fa-arrow-right'…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Obsolete TLS Version","value":"24"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Obsolete TLS Version","count":1,"description":{"descr":"Obsolete TLS Version [Version: TLSv1] <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-007\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 02/11/2013 01:00:00 - 17/02/2014 01:00:00] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":258752150,"family":"flow","filter":{"bpf":"host 192.168.1.252 and host 62.210.137.230 and port 51185 and port 443","epoch_begin":1383822190,"epoch_end":1642574341},"flow":{"active_url":"/lua/flow_details.lua?flow_key=4286331056&flow_hash_id=9","cli_ip":{"country":"","label":"192.168.1.252","label_long":"192.168.1.252","reference":"<a href='/lua/host_details.lua?host=192.168.1.252' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.252"},"cli_port":"51185","srv_ip":{"country":"FR","label":"www.6gyip7tqim7sieb.com","label_long":"www.6gyip7tqim7sieb.com","name":"www.6gyip7tqim7sieb.com","reference":"<a href='/lua/host_details.lua?host=62.210.137.230' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"62.210.137.230"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_old_protocol_version#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Obsolete TLS Version [Version: TLSv1] <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-007\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 02/11/2013 01:00:00 - 17/02/2014 01:00:00] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Obsolete TLS Version","name":"Obsolete TLS Version","value":24},"proto":{"label":"TCP","value":"6"},"row_id":"7","score":{"color":"#ff3231","label":"110","value":110},"script_key":"tls_old_protocol_version","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"07/11/2013 12:03:10","value":1383822190},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Remote to Remote","value":"16"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Remote to Remote","count":1,"description":{"descr":"Remote to Remote [Score: 10] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":258752667,"family":"flow","filter":{"bpf":"host 192.168.1.1 and host 192.168.1.255 and port 17500 and port 17500","epoch_begin":1383821673,"epoch_end":1642574341},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169551769&flow_hash_id=3","cli_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"cli_port":"17500","srv_ip":{"country":"","label":"192.168.1.255","label_long":"192.168.1.255","reference":"<a href='/lua/host_details.lua?host=192.168.1.255' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.255"},"srv_port":"17500"},"l7_proto":{"l4_label":"UDP","l7_label":"Dropbox","label":"UDP:Dropbox","value":"121"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=remote_to_remote#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Remote to Remote [Score: 10] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"UDP","value":"17"},"row_id":"8","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":"<i class='fas fa-fw fa-hand-paper text-primary' style='color: #5cd65c!important' title='Notice'></i> ","value":3},"tstamp":{"highlight":"#5cd65c","label":"07/11/2013 11:54:33","value":1383821673},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Remote to Remote","value":"16"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Remote to Remote","count":1,"description":{"descr":"Remote to Remote [Score: 10] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":258752647,"family":"flow","filter":{"bpf":"host 192.168.1.252 and host 192.168.1.255 and port 138 and port 138","epoch_begin":1383821693,"epoch_end":1642574341},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169575436&flow_hash_id=4","cli_ip":{"country":"","label":"192.168.1.252","label_long":"192.168.1.252","reference":"<a href='/lua/host_details.lua?host=192.168.1.252' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.252"},"cli_port":"138","srv_ip":{"country":"","label":"192.168.1.255","label_long":"192.168.1.255","reference":"<a href='/lua/host_details.lua?host=192.168.1.255' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.255"},"srv_port":"138"},"l7_proto":{"l4_label":"UDP","l7_label":"NetBIOS.SMBv1","label":"UDP:NetBIOS.SMBv1","value":"16"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=remote_to_remote#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Remote to Remote [Score: 10] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"UDP","value":"17"},"row_id":"9","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":"<i class='fas fa-fw fa-hand-paper text-primary' style='color: #5cd65c!important' title='Notice'></i> ","value":3},"tstamp":{"highlight":"#5cd65c","label":"07/11/2013 11:54:53","value":1383821693},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Remote to Remote","value":"16"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Remote to Remote","count":1,"description":{"descr":"Remote to Remote [Score: 10] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":258752606,"family":"flow","filter":{"bpf":"host 192.168.1.252 and host 157.56.30.46 and port 51104 and port 443","epoch_begin":1383821734,"epoch_end":1642574341},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1575058424&flow_hash_id=5","cli_ip":{"country":"","label":"192.168.1.252","label_long":"192.168.1.252","reference":"<a href='/lua/host_details.lua?host=192.168.1.252' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.252"},"cli_port":"51104","srv_ip":{"country":"US","label":"157.56.30.46","label_long":"157.56.30.46","reference":"<a href='/lua/host_details.lua?host=157.56.30.46' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"157.56.30.46"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Azure","label":"TCP:TLS.Azure","value":"276"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=remote_to_remote#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Remote to Remote [Score: 10] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"10","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":"<i class='fas fa-fw fa-hand-paper text-primary' style='color: #5cd65c!important' title='Notice'></i> ","value":3},"tstamp":{"highlight":"#5cd65c","label":"07/11/2013 11:55:34","value":1383821734},"vlan_id":"0"}],"stats":{"query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1    ","query_duration_msec":0.3359317779541}}}
+{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":10,"recordsTotal":10,"rsp":{"records":[{"additional_alerts":{"descr":"Remote to Remote [Score: 100] [TLS Certificate Validity: 03/10/2013 01:00:00 - 19/11/2013 00:59:59] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","shorten_descr":"Remote to Remote [Score: 100] [TLS Certificate Validity: 03/10/2013 01:00:00 - 19/11/2013 00:59:59] [Main Direction: Srv <i class='fas fa-arrow-right'…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Obsolete TLS Version","value":"24"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Obsolete TLS Version","count":1,"description":{"descr":"Obsolete TLS Version [Version: TLSv1] <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-007\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 03/10/2013 01:00:00 - 19/11/2013 00:59:59] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":259184613,"family":"flow","filter":{"bpf":"host 192.168.1.252 and host 91.143.93.242 and port 51110 and port 443","epoch_begin":1383821665,"epoch_end":1643006279},"flow":{"active_url":"/lua/flow_details.lua?flow_key=473481660&flow_hash_id=0","cli_ip":{"country":"","label":"192.168.1.252","label_long":"192.168.1.252","reference":"<a href='/lua/host_details.lua?host=192.168.1.252' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.252"},"cli_port":"51110","srv_ip":{"country":"DE","label":"www.ct7ctrgb6cr7.com","label_long":"www.ct7ctrgb6cr7.com","name":"www.ct7ctrgb6cr7.com","reference":"<a href='/lua/host_details.lua?host=91.143.93.242' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"91.143.93.242"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_old_protocol_version#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Obsolete TLS Version [Version: TLSv1] <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-007\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 03/10/2013 01:00:00 - 19/11/2013 00:59:59] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Obsolete TLS Version","name":"Obsolete TLS Version","value":24},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#ff3231","label":"110","value":110},"script_key":"tls_old_protocol_version","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"07/11/2013 11:54:25","value":1383821665},"vlan_id":"0"},{"additional_alerts":{"descr":"Obsolete TLS Version <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-007\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 07/06/2013 01:00:00 - 07/02/2014 01:00:00] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli], Remote Access [Score: 100] [TLS Certificate Validity: 07/06/2013 01:00:00 - 07/02/2014 01:00:00] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli], Remote to Remote [Score: 100] [TLS Certificate Validity: 07/06/2013 01:00:00 - 07/02/2014 01:00:00] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli], Unsafe Protocol <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-022\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 07/06/2013 01:00:00 - 07/02/2014 01:00:00] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","shorten_descr":"Obsolete TLS Version <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-007\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i><…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","value":"47"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain [ www.e6r5p57kbafwrxj3plz.com ] [Score: 100] [TLS Certificate Validity: 07/06/2013 01:00:00 - 07/02/2014 01:00:00] [Main Direction: Srv Cli]","shorten_descr":"Suspicious DGA Domain [ www.e6r5p57kbafwrxj3plz.com ] [Score: 100] [TLS Certificate Validity: 07/06/2013 01:00:00 - 07/02/2014 01:00:00] [Main Directi…"},"duration":259184612,"family":"flow","filter":{"bpf":"host 192.168.1.252 and host 46.59.52.31 and port 51111 and port 443","epoch_begin":1383821666,"epoch_end":1643006279},"flow":{"active_url":"/lua/flow_details.lua?flow_key=4007958761&flow_hash_id=1","cli_ip":{"country":"","label":"192.168.1.252","label_long":"192.168.1.252","reference":"<a href='/lua/host_details.lua?host=192.168.1.252' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.252"},"cli_port":"51111","srv_ip":{"country":"SE","label":"www.e6r5p57kbafwrxj3plz.…","label_long":"www.e6r5p57kbafwrxj3plz.com","name":"www.e6r5p57kbafwrxj3plz.com","reference":"<a href='/lua/host_details.lua?host=46.59.52.31' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"46.59.52.31"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Tor","label":"TCP:TLS.Tor","value":"163"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_suspicious_dga_domain#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Suspicious DGA Domain [ www.e6r5p57kbafwrxj3plz.com ] [Score: 100] [TLS Certificate Validity: 07/06/2013 01:00:00 - 07/02/2014 01:00:00] [Main Direction: Srv Cli]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"TCP","value":"6"},"row_id":"2","score":{"color":"#ff3231","label":"230","value":230},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"07/11/2013 11:54:26","value":1383821666},"vlan_id":"0"},{"additional_alerts":{"descr":"Obsolete TLS Version <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-007\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 15/09/2013 01:00:00 - 22/02/2014 00:59:59] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv], Remote Access [Score: 100] [TLS Certificate Validity: 15/09/2013 01:00:00 - 22/02/2014 00:59:59] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv], Remote to Remote [Score: 100] [TLS Certificate Validity: 15/09/2013 01:00:00 - 22/02/2014 00:59:59] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv], Unsafe Protocol <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-022\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 15/09/2013 01:00:00 - 22/02/2014 00:59:59] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","shorten_descr":"Obsolete TLS Version <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-007\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i><…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","value":"47"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain [ www.q4cyamnc6mtokjurvdclt.com ] [Score: 100] [TLS Certificate Validity: 15/09/2013 01:00:00 - 22/02/2014 00:59:59] [Main Direction: Cli Srv]","shorten_descr":"Suspicious DGA Domain [ www.q4cyamnc6mtokjurvdclt.com ] [Score: 100] [TLS Certificate Validity: 15/09/2013 01:00:00 - 22/02/2014 00:59:59] [Main Direc…"},"duration":259184610,"family":"flow","filter":{"bpf":"host 192.168.1.252 and host 38.229.70.53 and port 51112 and port 443","epoch_begin":1383821668,"epoch_end":1643006279},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3884887039&flow_hash_id=2","cli_ip":{"country":"","label":"192.168.1.252","label_long":"192.168.1.252","reference":"<a href='/lua/host_details.lua?host=192.168.1.252' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.252"},"cli_port":"51112","srv_ip":{"country":"US","label":"www.q4cyamnc6mtokjurvdcl…","label_long":"www.q4cyamnc6mtokjurvdclt.com","name":"www.q4cyamnc6mtokjurvdclt.com","reference":"<a href='/lua/host_details.lua?host=38.229.70.53' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"38.229.70.53"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Tor","label":"TCP:TLS.Tor","value":"163"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_suspicious_dga_domain#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Suspicious DGA Domain [ www.q4cyamnc6mtokjurvdclt.com ] [Score: 100] [TLS Certificate Validity: 15/09/2013 01:00:00 - 22/02/2014 00:59:59] [Main Direction: Cli Srv]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"TCP","value":"6"},"row_id":"3","score":{"color":"#ff3231","label":"230","value":230},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"07/11/2013 11:54:28","value":1383821668},"vlan_id":"0"},{"additional_alerts":{"descr":"Obsolete TLS Version <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-007\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 03/10/2013 01:00:00 - 19/11/2013 00:59:59] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli], Remote Access [Score: 100] [TLS Certificate Validity: 03/10/2013 01:00:00 - 19/11/2013 00:59:59] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli], Remote to Remote [Score: 100] [TLS Certificate Validity: 03/10/2013 01:00:00 - 19/11/2013 00:59:59] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli], Unsafe Protocol <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-022\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 03/10/2013 01:00:00 - 19/11/2013 00:59:59] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","shorten_descr":"Obsolete TLS Version <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-007\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i><…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","value":"47"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Suspicious DGA Domain","cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain [ www.gfu7hbxpfp.com ] [Score: 100] [TLS Certificate Validity: 03/10/2013 01:00:00 - 19/11/2013 00:59:59] [Main Direction: Srv Cli]","shorten_descr":"Suspicious DGA Domain [ www.gfu7hbxpfp.com ] [Score: 100] [TLS Certificate Validity: 03/10/2013 01:00:00 - 19/11/2013 00:59:59] [Main Direction: Srv C…"},"duration":259184150,"family":"flow","filter":{"bpf":"host 192.168.1.252 and host 91.143.93.242 and port 51175 and port 443","epoch_begin":1383822129,"epoch_end":1643006280},"flow":{"active_url":"/lua/flow_details.lua?flow_key=473498300&flow_hash_id=7","cli_ip":{"country":"","label":"192.168.1.252","label_long":"192.168.1.252","reference":"<a href='/lua/host_details.lua?host=192.168.1.252' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.252"},"cli_port":"51175","srv_ip":{"country":"DE","label":"www.ct7ctrgb6cr7.com","label_long":"www.ct7ctrgb6cr7.com","name":"www.ct7ctrgb6cr7.com","reference":"<a href='/lua/host_details.lua?host=91.143.93.242' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"91.143.93.242"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Tor","label":"TCP:TLS.Tor","value":"163"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_suspicious_dga_domain#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Suspicious DGA Domain [ www.gfu7hbxpfp.com ] [Score: 100] [TLS Certificate Validity: 03/10/2013 01:00:00 - 19/11/2013 00:59:59] [Main Direction: Srv Cli]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"TCP","value":"6"},"row_id":"4","score":{"color":"#ff3231","label":"230","value":230},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"07/11/2013 12:02:09","value":1383822129},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 100] [TLS Certificate Validity: 11/09/2013 01:00:00 - 25/11/2013 00:59:59] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","shorten_descr":"Remote to Remote [Score: 100] [TLS Certificate Validity: 11/09/2013 01:00:00 - 25/11/2013 00:59:59] [Main Direction: Srv <i class='fas fa-arrow-right'…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Obsolete TLS Version","value":"24"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Obsolete TLS Version","count":1,"description":{"descr":"Obsolete TLS Version [Version: TLSv1] <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-007\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 11/09/2013 01:00:00 - 25/11/2013 00:59:59] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":259184150,"family":"flow","filter":{"bpf":"host 192.168.1.252 and host 212.83.155.250 and port 51174 and port 443","epoch_begin":1383822129,"epoch_end":1643006280},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2499624900&flow_hash_id=6","cli_ip":{"country":"","label":"192.168.1.252","label_long":"192.168.1.252","reference":"<a href='/lua/host_details.lua?host=192.168.1.252' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.252"},"cli_port":"51174","srv_ip":{"country":"FR","label":"www.t3i3ru.com","label_long":"www.t3i3ru.com","name":"www.t3i3ru.com","reference":"<a href='/lua/host_details.lua?host=212.83.155.250' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"212.83.155.250"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_old_protocol_version#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Obsolete TLS Version [Version: TLSv1] <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-007\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 11/09/2013 01:00:00 - 25/11/2013 00:59:59] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Obsolete TLS Version","name":"Obsolete TLS Version","value":24},"proto":{"label":"TCP","value":"6"},"row_id":"5","score":{"color":"#ff3231","label":"110","value":110},"script_key":"tls_old_protocol_version","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"07/11/2013 12:02:09","value":1383822129},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 100] [TLS Certificate Validity: 15/09/2013 01:00:00 - 22/02/2014 00:59:59] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","shorten_descr":"Remote to Remote [Score: 100] [TLS Certificate Validity: 15/09/2013 01:00:00 - 22/02/2014 00:59:59] [Main Direction: Srv <i class='fas fa-arrow-right'…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Obsolete TLS Version","value":"24"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Obsolete TLS Version","count":1,"description":{"descr":"Obsolete TLS Version [Version: TLSv1] <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-007\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 15/09/2013 01:00:00 - 22/02/2014 00:59:59] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":259184149,"family":"flow","filter":{"bpf":"host 192.168.1.252 and host 38.229.70.53 and port 51176 and port 443","epoch_begin":1383822130,"epoch_end":1643006280},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3884903423&flow_hash_id=8","cli_ip":{"country":"","label":"192.168.1.252","label_long":"192.168.1.252","reference":"<a href='/lua/host_details.lua?host=192.168.1.252' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.252"},"cli_port":"51176","srv_ip":{"country":"US","label":"www.q4cyamnc6mtokjurvdcl…","label_long":"www.q4cyamnc6mtokjurvdclt.com","name":"www.q4cyamnc6mtokjurvdclt.com","reference":"<a href='/lua/host_details.lua?host=38.229.70.53' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"38.229.70.53"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_old_protocol_version#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Obsolete TLS Version [Version: TLSv1] <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-007\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 15/09/2013 01:00:00 - 22/02/2014 00:59:59] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Obsolete TLS Version","name":"Obsolete TLS Version","value":24},"proto":{"label":"TCP","value":"6"},"row_id":"6","score":{"color":"#ff3231","label":"110","value":110},"script_key":"tls_old_protocol_version","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"07/11/2013 12:02:10","value":1383822130},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 100] [TLS Certificate Validity: 02/11/2013 01:00:00 - 17/02/2014 01:00:00] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","shorten_descr":"Remote to Remote [Score: 100] [TLS Certificate Validity: 02/11/2013 01:00:00 - 17/02/2014 01:00:00] [Main Direction: Srv <i class='fas fa-arrow-right'…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Obsolete TLS Version","value":"24"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Obsolete TLS Version","count":1,"description":{"descr":"Obsolete TLS Version [Version: TLSv1] <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-007\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 02/11/2013 01:00:00 - 17/02/2014 01:00:00] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":259184089,"family":"flow","filter":{"bpf":"host 192.168.1.252 and host 62.210.137.230 and port 51185 and port 443","epoch_begin":1383822190,"epoch_end":1643006280},"flow":{"active_url":"/lua/flow_details.lua?flow_key=4286331056&flow_hash_id=9","cli_ip":{"country":"","label":"192.168.1.252","label_long":"192.168.1.252","reference":"<a href='/lua/host_details.lua?host=192.168.1.252' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.252"},"cli_port":"51185","srv_ip":{"country":"FR","label":"www.6gyip7tqim7sieb.com","label_long":"www.6gyip7tqim7sieb.com","name":"www.6gyip7tqim7sieb.com","reference":"<a href='/lua/host_details.lua?host=62.210.137.230' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"62.210.137.230"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_old_protocol_version#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Obsolete TLS Version [Version: TLSv1] <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-007\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 02/11/2013 01:00:00 - 17/02/2014 01:00:00] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Obsolete TLS Version","name":"Obsolete TLS Version","value":24},"proto":{"label":"TCP","value":"6"},"row_id":"7","score":{"color":"#ff3231","label":"110","value":110},"script_key":"tls_old_protocol_version","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"07/11/2013 12:03:10","value":1383822190},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Remote to Remote","value":"16"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Remote to Remote","count":1,"description":{"descr":"Remote to Remote [Score: 10] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":259184605,"family":"flow","filter":{"bpf":"host 192.168.1.1 and host 192.168.1.255 and port 17500 and port 17500","epoch_begin":1383821673,"epoch_end":1643006279},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169551769&flow_hash_id=3","cli_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"<a href='/lua/host_details.lua?host=192.168.1.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.1"},"cli_port":"17500","srv_ip":{"country":"","label":"192.168.1.255","label_long":"192.168.1.255","reference":"<a href='/lua/host_details.lua?host=192.168.1.255' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.255"},"srv_port":"17500"},"l7_proto":{"l4_label":"UDP","l7_label":"Dropbox","label":"UDP:Dropbox","value":"121"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=remote_to_remote#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Remote to Remote [Score: 10] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"UDP","value":"17"},"row_id":"8","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":"<i class='fas fa-fw fa-hand-paper text-primary' style='color: #5cd65c!important' title='Notice'></i> ","value":3},"tstamp":{"highlight":"#5cd65c","label":"07/11/2013 11:54:33","value":1383821673},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Remote to Remote","value":"16"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Remote to Remote","count":1,"description":{"descr":"Remote to Remote [Score: 10] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":259184585,"family":"flow","filter":{"bpf":"host 192.168.1.252 and host 192.168.1.255 and port 138 and port 138","epoch_begin":1383821693,"epoch_end":1643006279},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169575436&flow_hash_id=4","cli_ip":{"country":"","label":"192.168.1.252","label_long":"192.168.1.252","reference":"<a href='/lua/host_details.lua?host=192.168.1.252' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.252"},"cli_port":"138","srv_ip":{"country":"","label":"192.168.1.255","label_long":"192.168.1.255","reference":"<a href='/lua/host_details.lua?host=192.168.1.255' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.255"},"srv_port":"138"},"l7_proto":{"l4_label":"UDP","l7_label":"NetBIOS.SMBv1","label":"UDP:NetBIOS.SMBv1","value":"16"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=remote_to_remote#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Remote to Remote [Score: 10] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"UDP","value":"17"},"row_id":"9","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":"<i class='fas fa-fw fa-hand-paper text-primary' style='color: #5cd65c!important' title='Notice'></i> ","value":3},"tstamp":{"highlight":"#5cd65c","label":"07/11/2013 11:54:53","value":1383821693},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Remote to Remote","value":"16"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Remote to Remote","count":1,"description":{"descr":"Remote to Remote [Score: 10] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":259184545,"family":"flow","filter":{"bpf":"host 192.168.1.252 and host 157.56.30.46 and port 51104 and port 443","epoch_begin":1383821734,"epoch_end":1643006280},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1575058424&flow_hash_id=5","cli_ip":{"country":"","label":"192.168.1.252","label_long":"192.168.1.252","reference":"<a href='/lua/host_details.lua?host=192.168.1.252' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.252"},"cli_port":"51104","srv_ip":{"country":"US","label":"157.56.30.46","label_long":"157.56.30.46","reference":"<a href='/lua/host_details.lua?host=157.56.30.46' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"157.56.30.46"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Azure","label":"TCP:TLS.Azure","value":"276"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=remote_to_remote#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Remote to Remote [Score: 10] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"10","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":"<i class='fas fa-fw fa-hand-paper text-primary' style='color: #5cd65c!important' title='Notice'></i> ","value":3},"tstamp":{"highlight":"#5cd65c","label":"07/11/2013 11:55:34","value":1383821734},"vlan_id":"0"}],"stats":{"num_records_processed":"Processed 0 records [0 records/sec]","query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1    ","query_duration_msec":0.34713745117188}}}
diff --git a/tests/rest/result/v2/alert_tls_cert_validity_too_long.out b/tests/rest/result/v2/alert_tls_cert_validity_too_long.out
index 99bc963c6f..376a4be28b 100644
--- a/tests/rest/result/v2/alert_tls_cert_validity_too_long.out
+++ b/tests/rest/result/v2/alert_tls_cert_validity_too_long.out
@@ -1,2 +1,2 @@
 {"success":true}
-{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":{"descr":"Remote to Remote [Score: 50] [TLS Certificate Validity: 10/12/2020 20:38:28 - 10/03/2022 20:38:28] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","shorten_descr":"Remote to Remote [Score: 50] [TLS Certificate Validity: 10/12/2020 20:38:28 - 10/03/2022 20:38:28] [Main Direction: Srv <i class='fas fa-arrow-right'>…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Too Long TLS Certificate Validity","value":"60"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Too Long TLS Certificate Validity","count":1,"description":{"descr":"Too Long TLS Certificate Validity <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-032\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 50] [TLS Certificate Validity: 10/12/2020 20:38:28 - 10/03/2022 20:38:28] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":19872844,"family":"flow","filter":{"bpf":"host 192.168.2.222 and host 20.86.186.134 and port 40124 and port 443","epoch_begin":1622701860,"epoch_end":1642574705},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3573560583&flow_hash_id=0","cli_ip":{"country":"","label":"192.168.2.222","label_long":"192.168.2.222","reference":"<a href='/lua/host_details.lua?host=192.168.2.222' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.2.222"},"cli_port":"40124","srv_ip":{"country":"NL","label":"wdcp.microsoft.com","label_long":"wdcp.microsoft.com","name":"wdcp.microsoft.com","reference":"<a href='/lua/host_details.lua?host=20.86.186.134' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"20.86.186.134"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Microsoft","label":"TCP:TLS.Microsoft","value":"212"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_tls_cert_validity_too_long#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Too Long TLS Certificate Validity <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-032\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 50] [TLS Certificate Validity: 10/12/2020 20:38:28 - 10/03/2022 20:38:28] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Too Long TLS Certificate Validity","name":"Too Long TLS Certificate Validity","value":60},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#ffc007","label":"60","value":60},"script_key":"ndpi_tls_cert_validity_too_long","severity":{"color":"#ffc007","label":"<i class='fas fa-fw fa-exclamation-triangle text-warning' style='color: #ffc007!important' title='Warning'></i> ","value":4},"tstamp":{"highlight":"#ffc007","label":"03/06/2021 07:31:00","value":1622701860},"vlan_id":"0"}],"stats":{"query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1    ","query_duration_msec":0.19288063049316}}}
+{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":{"descr":"Remote to Remote [Score: 50] [TLS Certificate Validity: 10/12/2020 20:38:28 - 10/03/2022 20:38:28] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","shorten_descr":"Remote to Remote [Score: 50] [TLS Certificate Validity: 10/12/2020 20:38:28 - 10/03/2022 20:38:28] [Main Direction: Srv <i class='fas fa-arrow-right'>…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> Too Long TLS Certificate Validity","value":"60"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> Too Long TLS Certificate Validity","count":1,"description":{"descr":"Too Long TLS Certificate Validity <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-032\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 50] [TLS Certificate Validity: 10/12/2020 20:38:28 - 10/03/2022 20:38:28] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":20304768,"family":"flow","filter":{"bpf":"host 192.168.2.222 and host 20.86.186.134 and port 40124 and port 443","epoch_begin":1622701860,"epoch_end":1643006629},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3573560583&flow_hash_id=0","cli_ip":{"country":"","label":"192.168.2.222","label_long":"192.168.2.222","reference":"<a href='/lua/host_details.lua?host=192.168.2.222' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.2.222"},"cli_port":"40124","srv_ip":{"country":"NL","label":"wdcp.microsoft.com","label_long":"wdcp.microsoft.com","name":"wdcp.microsoft.com","reference":"<a href='/lua/host_details.lua?host=20.86.186.134' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"20.86.186.134"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Microsoft","label":"TCP:TLS.Microsoft","value":"212"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=ndpi_tls_cert_validity_too_long#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Too Long TLS Certificate Validity <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-032\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 50] [TLS Certificate Validity: 10/12/2020 20:38:28 - 10/03/2022 20:38:28] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Too Long TLS Certificate Validity","name":"Too Long TLS Certificate Validity","value":60},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#ffc007","label":"60","value":60},"script_key":"ndpi_tls_cert_validity_too_long","severity":{"color":"#ffc007","label":"<i class='fas fa-fw fa-exclamation-triangle text-warning' style='color: #ffc007!important' title='Warning'></i> ","value":4},"tstamp":{"highlight":"#ffc007","label":"03/06/2021 07:31:00","value":1622701860},"vlan_id":"0"}],"stats":{"num_records_processed":"Processed 0 records [0 records/sec]","query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1    ","query_duration_msec":0.19502639770508}}}
diff --git a/tests/rest/result/v2/alert_tls_certificate_expired.out b/tests/rest/result/v2/alert_tls_certificate_expired.out
index 8141dff262..00c610d8ec 100644
--- a/tests/rest/result/v2/alert_tls_certificate_expired.out
+++ b/tests/rest/result/v2/alert_tls_certificate_expired.out
@@ -1,2 +1,2 @@
 {"success":true}
-{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":{"descr":"Remote to Remote [Score: 100] [TLS Certificate Validity: 07/03/2019 01:00:00 - 05/05/2020 13:00:00] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","shorten_descr":"Remote to Remote [Score: 100] [TLS Certificate Validity: 07/03/2019 01:00:00 - 05/05/2020 13:00:00] [Main Direction: Cli <i class='fas fa-arrow-right'…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Expired","value":"22"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Expired","count":1,"description":{"descr":"TLS Certificate Expired <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-009\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 07/03/2019 01:00:00 - 05/05/2020 13:00:00] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":20014728,"family":"flow","filter":{"bpf":"host 192.168.2.126 and host 104.111.215.93 and port 60174 and port 443","epoch_begin":1622559830,"epoch_end":1642574559},"flow":{"active_url":"/lua/flow_details.lua?flow_key=689480653&flow_hash_id=0","cli_ip":{"country":"","label":"192.168.2.126","label_long":"192.168.2.126","reference":"<a href='/lua/host_details.lua?host=192.168.2.126' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.2.126"},"cli_port":"60174","srv_ip":{"country":"DE","label":"www.repubblica.it","label_long":"www.repubblica.it","name":"www.repubblica.it","reference":"<a href='/lua/host_details.lua?host=104.111.215.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"104.111.215.93"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_expired#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Expired <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-009\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 07/03/2019 01:00:00 - 05/05/2020 13:00:00] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#ff3231","label":"110","value":110},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"01/06/2021 16:03:50","value":1622559830},"vlan_id":"0"}],"stats":{"query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1    ","query_duration_msec":0.18000602722168}}}
+{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":{"descr":"Remote to Remote [Score: 100] [TLS Certificate Validity: 07/03/2019 01:00:00 - 05/05/2020 13:00:00] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","shorten_descr":"Remote to Remote [Score: 100] [TLS Certificate Validity: 07/03/2019 01:00:00 - 05/05/2020 13:00:00] [Main Direction: Cli <i class='fas fa-arrow-right'…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Expired","value":"22"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Expired","count":1,"description":{"descr":"TLS Certificate Expired <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-009\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 07/03/2019 01:00:00 - 05/05/2020 13:00:00] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":20446658,"family":"flow","filter":{"bpf":"host 192.168.2.126 and host 104.111.215.93 and port 60174 and port 443","epoch_begin":1622559830,"epoch_end":1643006489},"flow":{"active_url":"/lua/flow_details.lua?flow_key=689480653&flow_hash_id=0","cli_ip":{"country":"","label":"192.168.2.126","label_long":"192.168.2.126","reference":"<a href='/lua/host_details.lua?host=192.168.2.126' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.2.126"},"cli_port":"60174","srv_ip":{"country":"DE","label":"www.repubblica.it","label_long":"www.repubblica.it","name":"www.repubblica.it","reference":"<a href='/lua/host_details.lua?host=104.111.215.93' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"104.111.215.93"},"srv_port":"443"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_expired#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Expired <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-009\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 07/03/2019 01:00:00 - 05/05/2020 13:00:00] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#ff3231","label":"110","value":110},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"01/06/2021 16:03:50","value":1622559830},"vlan_id":"0"}],"stats":{"num_records_processed":"Processed 0 records [0 records/sec]","query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1    ","query_duration_msec":0.20599365234375}}}
diff --git a/tests/rest/result/v2/alert_tls_certificate_selfsigned.out b/tests/rest/result/v2/alert_tls_certificate_selfsigned.out
index 692796676c..7585030803 100644
--- a/tests/rest/result/v2/alert_tls_certificate_selfsigned.out
+++ b/tests/rest/result/v2/alert_tls_certificate_selfsigned.out
@@ -1,2 +1,2 @@
 {"success":true}
-{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":{"descr":"TLS Certificate Self-signed <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-006\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 10/10/2015 16:55:47 - 09/10/2016 16:55:47] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli], Application on Non-Standard Port <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-005\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 10/10/2015 16:55:47 - 09/10/2016 16:55:47] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","shorten_descr":"TLS Certificate Self-signed <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-006\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Expired","value":"22"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Expired","count":1,"description":{"descr":"TLS Certificate Expired <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-009\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 10/10/2015 16:55:47 - 09/10/2016 16:55:47] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":53652983,"family":"flow","filter":{"bpf":"host 127.0.0.1 and host 127.0.0.1 and port 51607 and port 3001","epoch_begin":1588921646,"epoch_end":1642574630},"flow":{"active_url":"/lua/flow_details.lua?flow_key=4261499100&flow_hash_id=0","cli_ip":{"country":"","label":"localhost","label_long":"localhost","name":"localhost","reference":"<a href='/lua/host_details.lua?host=127.0.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"127.0.0.1"},"cli_port":"51607","srv_ip":{"country":"","label":"localhost","label_long":"localhost","name":"localhost","reference":"<a href='/lua/host_details.lua?host=127.0.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"127.0.0.1"},"srv_port":"3001"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_expired#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Expired <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-009\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 10/10/2015 16:55:47 - 09/10/2016 16:55:47] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#ff3231","label":"250","value":250},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"08/05/2020 08:07:26","value":1588921646},"vlan_id":"0"}],"stats":{"query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1    ","query_duration_msec":0.17595291137695}}}
+{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":{"descr":"TLS Certificate Self-signed <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-006\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 10/10/2015 16:55:47 - 09/10/2016 16:55:47] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli], Application on Non-Standard Port <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-005\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 10/10/2015 16:55:47 - 09/10/2016 16:55:47] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","shorten_descr":"TLS Certificate Self-signed <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-006\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle…"},"alert_id":{"label":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Expired","value":"22"},"alert_name":"<i class=\"fas fa-fw fa-exclamation\"></i> TLS Certificate Expired","count":1,"description":{"descr":"TLS Certificate Expired <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-009\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 10/10/2015 16:55:47 - 09/10/2016 16:55:47] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":54084912,"family":"flow","filter":{"bpf":"host 127.0.0.1 and host 127.0.0.1 and port 51607 and port 3001","epoch_begin":1588921646,"epoch_end":1643006559},"flow":{"active_url":"/lua/flow_details.lua?flow_key=4261499100&flow_hash_id=0","cli_ip":{"country":"","label":"localhost","label_long":"localhost","name":"localhost","reference":"<a href='/lua/host_details.lua?host=127.0.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"127.0.0.1"},"cli_port":"51607","srv_ip":{"country":"","label":"localhost","label_long":"localhost","name":"localhost","reference":"<a href='/lua/host_details.lua?host=127.0.0.1' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"127.0.0.1"},"srv_port":"3001"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=tls_certificate_expired#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"TLS Certificate Expired <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-009\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 100] [TLS Certificate Validity: 10/10/2015 16:55:47 - 09/10/2016 16:55:47] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#ff3231","label":"250","value":250},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":"<i class='fas fa-fw fa-exclamation-triangle text-danger' style='color: #ff3231!important' title='Error'></i> ","value":5},"tstamp":{"highlight":"#ff3231","label":"08/05/2020 08:07:26","value":1588921646},"vlan_id":"0"}],"stats":{"num_records_processed":"Processed 0 records [0 records/sec]","query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1    ","query_duration_msec":0.17499923706055}}}
diff --git a/tests/rest/result/v2/alert_web_mining.out b/tests/rest/result/v2/alert_web_mining.out
index 8be9471c65..7fbe9200e3 100644
--- a/tests/rest/result/v2/alert_web_mining.out
+++ b/tests/rest/result/v2/alert_web_mining.out
@@ -1,2 +1,2 @@
 {"success":true}
-{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":6,"recordsTotal":6,"rsp":{"records":[{"additional_alerts":{"descr":"Remote to Remote [Score: 50] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv], Unsafe Protocol <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-022\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 50] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","shorten_descr":"Remote to Remote [Score: 50] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv], Unsafe Protocol <a href=\"https://www.ntop.org/guides/nDPI/f…"},"alert_id":{"label":"<i class=\"fab fa-bitcoin\"></i> Web Mining","value":"27"},"alert_name":"<i class=\"fab fa-bitcoin\"></i> Web Mining","count":1,"description":{"descr":"Web Mining [Score: 50] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":341246842,"family":"flow","filter":{"bpf":"host 192.168.1.142 and host 188.165.213.169 and port 55317 and port 8333","epoch_begin":1301327937,"epoch_end":1642574780},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2102295093&flow_hash_id=0","cli_ip":{"country":"","label":"192.168.1.142","label_long":"192.168.1.142","reference":"<a href='/lua/host_details.lua?host=192.168.1.142' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.142"},"cli_port":"55317","srv_ip":{"country":"FR","label":"188.165.213.169","label_long":"188.165.213.169","reference":"<a href='/lua/host_details.lua?host=188.165.213.169' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"188.165.213.169"},"srv_port":"8333"},"l7_proto":{"l4_label":"TCP","l7_label":"Mining","label":"TCP:Mining","value":"42"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=web_mining#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Web Mining [Score: 50] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Web Mining","name":"Web Mining","value":27},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#ffc007","label":"70","value":70},"script_key":"web_mining","severity":{"color":"#ffc007","label":"<i class='fas fa-fw fa-exclamation-triangle text-warning' style='color: #ffc007!important' title='Warning'></i> ","value":4},"tstamp":{"highlight":"#ffc007","label":"28/03/2011 16:58:57","value":1301327937},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 50] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli], Unsafe Protocol <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-022\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 50] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","shorten_descr":"Remote to Remote [Score: 50] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli], Unsafe Protocol <a href=\"https://www.ntop.org/guides/nDPI/f…"},"alert_id":{"label":"<i class=\"fab fa-bitcoin\"></i> Web Mining","value":"27"},"alert_name":"<i class=\"fab fa-bitcoin\"></i> Web Mining","count":1,"description":{"descr":"Web Mining [Score: 50] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":341246690,"family":"flow","filter":{"bpf":"host 192.168.1.142 and host 69.118.54.122 and port 55328 and port 8333","epoch_begin":1301328089,"epoch_end":1642574780},"flow":{"active_url":"/lua/flow_details.lua?flow_key=102688262&flow_hash_id=1","cli_ip":{"country":"","label":"192.168.1.142","label_long":"192.168.1.142","reference":"<a href='/lua/host_details.lua?host=192.168.1.142' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.142"},"cli_port":"55328","srv_ip":{"country":"US","label":"69.118.54.122","label_long":"69.118.54.122","reference":"<a href='/lua/host_details.lua?host=69.118.54.122' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"69.118.54.122"},"srv_port":"8333"},"l7_proto":{"l4_label":"TCP","l7_label":"Mining","label":"TCP:Mining","value":"42"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=web_mining#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Web Mining [Score: 50] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Web Mining","name":"Web Mining","value":27},"proto":{"label":"TCP","value":"6"},"row_id":"2","score":{"color":"#ffc007","label":"70","value":70},"script_key":"web_mining","severity":{"color":"#ffc007","label":"<i class='fas fa-fw fa-exclamation-triangle text-warning' style='color: #ffc007!important' title='Warning'></i> ","value":4},"tstamp":{"highlight":"#ffc007","label":"28/03/2011 17:01:29","value":1301328089},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 50] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli], Unsafe Protocol <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-022\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 50] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","shorten_descr":"Remote to Remote [Score: 50] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli], Unsafe Protocol <a href=\"https://www.ntop.org/guides/nDPI/f…"},"alert_id":{"label":"<i class=\"fab fa-bitcoin\"></i> Web Mining","value":"27"},"alert_name":"<i class=\"fab fa-bitcoin\"></i> Web Mining","count":1,"description":{"descr":"Web Mining [Score: 50] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":341246460,"family":"flow","filter":{"bpf":"host 192.168.1.142 and host 74.89.181.229 and port 55348 and port 8333","epoch_begin":1301328319,"epoch_end":1642574780},"flow":{"active_url":"/lua/flow_details.lua?flow_key=184711537&flow_hash_id=2","cli_ip":{"country":"","label":"192.168.1.142","label_long":"192.168.1.142","reference":"<a href='/lua/host_details.lua?host=192.168.1.142' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.142"},"cli_port":"55348","srv_ip":{"country":"US","label":"74.89.181.229","label_long":"74.89.181.229","reference":"<a href='/lua/host_details.lua?host=74.89.181.229' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"74.89.181.229"},"srv_port":"8333"},"l7_proto":{"l4_label":"TCP","l7_label":"Mining","label":"TCP:Mining","value":"42"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=web_mining#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Web Mining [Score: 50] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Web Mining","name":"Web Mining","value":27},"proto":{"label":"TCP","value":"6"},"row_id":"3","score":{"color":"#ffc007","label":"70","value":70},"script_key":"web_mining","severity":{"color":"#ffc007","label":"<i class='fas fa-fw fa-exclamation-triangle text-warning' style='color: #ffc007!important' title='Warning'></i> ","value":4},"tstamp":{"highlight":"#ffc007","label":"28/03/2011 17:05:19","value":1301328319},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 50] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv], Unsafe Protocol <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-022\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 50] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","shorten_descr":"Remote to Remote [Score: 50] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv], Unsafe Protocol <a href=\"https://www.ntop.org/guides/nDPI/f…"},"alert_id":{"label":"<i class=\"fab fa-bitcoin\"></i> Web Mining","value":"27"},"alert_name":"<i class=\"fab fa-bitcoin\"></i> Web Mining","count":1,"description":{"descr":"Web Mining [Score: 50] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":341246307,"family":"flow","filter":{"bpf":"host 192.168.1.142 and host 66.68.83.22 and port 55383 and port 8333","epoch_begin":1301328472,"epoch_end":1642574780},"flow":{"active_url":"/lua/flow_details.lua?flow_key=49101218&flow_hash_id=3","cli_ip":{"country":"","label":"192.168.1.142","label_long":"192.168.1.142","reference":"<a href='/lua/host_details.lua?host=192.168.1.142' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.142"},"cli_port":"55383","srv_ip":{"country":"US","label":"66.68.83.22","label_long":"66.68.83.22","reference":"<a href='/lua/host_details.lua?host=66.68.83.22' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"66.68.83.22"},"srv_port":"8333"},"l7_proto":{"l4_label":"TCP","l7_label":"Mining","label":"TCP:Mining","value":"42"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=web_mining#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Web Mining [Score: 50] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Web Mining","name":"Web Mining","value":27},"proto":{"label":"TCP","value":"6"},"row_id":"4","score":{"color":"#ffc007","label":"70","value":70},"script_key":"web_mining","severity":{"color":"#ffc007","label":"<i class='fas fa-fw fa-exclamation-triangle text-warning' style='color: #ffc007!important' title='Warning'></i> ","value":4},"tstamp":{"highlight":"#ffc007","label":"28/03/2011 17:07:52","value":1301328472},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 50] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli], Unsafe Protocol <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-022\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 50] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","shorten_descr":"Remote to Remote [Score: 50] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli], Unsafe Protocol <a href=\"https://www.ntop.org/guides/nDPI/f…"},"alert_id":{"label":"<i class=\"fab fa-bitcoin\"></i> Web Mining","value":"27"},"alert_name":"<i class=\"fab fa-bitcoin\"></i> Web Mining","count":1,"description":{"descr":"Web Mining [Score: 50] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":341246080,"family":"flow","filter":{"bpf":"host 192.168.1.142 and host 195.218.16.178 and port 55400 and port 8333","epoch_begin":1301328699,"epoch_end":1642574780},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2223179838&flow_hash_id=4","cli_ip":{"country":"","label":"192.168.1.142","label_long":"192.168.1.142","reference":"<a href='/lua/host_details.lua?host=192.168.1.142' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.142"},"cli_port":"55400","srv_ip":{"country":"LU","label":"195.218.16.178","label_long":"195.218.16.178","reference":"<a href='/lua/host_details.lua?host=195.218.16.178' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"195.218.16.178"},"srv_port":"8333"},"l7_proto":{"l4_label":"TCP","l7_label":"Mining","label":"TCP:Mining","value":"42"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=web_mining#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Web Mining [Score: 50] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Web Mining","name":"Web Mining","value":27},"proto":{"label":"TCP","value":"6"},"row_id":"5","score":{"color":"#ffc007","label":"70","value":70},"script_key":"web_mining","severity":{"color":"#ffc007","label":"<i class='fas fa-fw fa-exclamation-triangle text-warning' style='color: #ffc007!important' title='Warning'></i> ","value":4},"tstamp":{"highlight":"#ffc007","label":"28/03/2011 17:11:39","value":1301328699},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 50] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli], Unsafe Protocol <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-022\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 50] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","shorten_descr":"Remote to Remote [Score: 50] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli], Unsafe Protocol <a href=\"https://www.ntop.org/guides/nDPI/f…"},"alert_id":{"label":"<i class=\"fab fa-bitcoin\"></i> Web Mining","value":"27"},"alert_name":"<i class=\"fab fa-bitcoin\"></i> Web Mining","count":1,"description":{"descr":"Web Mining [Score: 50] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":341245475,"family":"flow","filter":{"bpf":"host 192.168.1.142 and host 184.58.165.119 and port 55487 and port 8333","epoch_begin":1301329304,"epoch_end":1642574780},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2028205059&flow_hash_id=5","cli_ip":{"country":"","label":"192.168.1.142","label_long":"192.168.1.142","reference":"<a href='/lua/host_details.lua?host=192.168.1.142' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.142"},"cli_port":"55487","srv_ip":{"country":"US","label":"184.58.165.119","label_long":"184.58.165.119","reference":"<a href='/lua/host_details.lua?host=184.58.165.119' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"184.58.165.119"},"srv_port":"8333"},"l7_proto":{"l4_label":"TCP","l7_label":"Mining","label":"TCP:Mining","value":"42"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=web_mining#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Web Mining [Score: 50] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Web Mining","name":"Web Mining","value":27},"proto":{"label":"TCP","value":"6"},"row_id":"6","score":{"color":"#ffc007","label":"70","value":70},"script_key":"web_mining","severity":{"color":"#ffc007","label":"<i class='fas fa-fw fa-exclamation-triangle text-warning' style='color: #ffc007!important' title='Warning'></i> ","value":4},"tstamp":{"highlight":"#ffc007","label":"28/03/2011 17:21:44","value":1301329304},"vlan_id":"0"}],"stats":{"query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1    ","query_duration_msec":0.27012825012207}}}
+{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":6,"recordsTotal":6,"rsp":{"records":[{"additional_alerts":{"descr":"Remote to Remote [Score: 50] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv], Unsafe Protocol <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-022\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 50] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","shorten_descr":"Remote to Remote [Score: 50] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv], Unsafe Protocol <a href=\"https://www.ntop.org/guides/nDPI/f…"},"alert_id":{"label":"<i class=\"fab fa-bitcoin\"></i> Web Mining","value":"27"},"alert_name":"<i class=\"fab fa-bitcoin\"></i> Web Mining","count":1,"description":{"descr":"Web Mining [Score: 50] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":341678762,"family":"flow","filter":{"bpf":"host 192.168.1.142 and host 188.165.213.169 and port 55317 and port 8333","epoch_begin":1301327937,"epoch_end":1643006700},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2102295093&flow_hash_id=0","cli_ip":{"country":"","label":"192.168.1.142","label_long":"192.168.1.142","reference":"<a href='/lua/host_details.lua?host=192.168.1.142' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.142"},"cli_port":"55317","srv_ip":{"country":"FR","label":"188.165.213.169","label_long":"188.165.213.169","reference":"<a href='/lua/host_details.lua?host=188.165.213.169' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"188.165.213.169"},"srv_port":"8333"},"l7_proto":{"l4_label":"TCP","l7_label":"Mining","label":"TCP:Mining","value":"42"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=web_mining#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Web Mining [Score: 50] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Web Mining","name":"Web Mining","value":27},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#ffc007","label":"70","value":70},"script_key":"web_mining","severity":{"color":"#ffc007","label":"<i class='fas fa-fw fa-exclamation-triangle text-warning' style='color: #ffc007!important' title='Warning'></i> ","value":4},"tstamp":{"highlight":"#ffc007","label":"28/03/2011 16:58:57","value":1301327937},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 50] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli], Unsafe Protocol <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-022\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 50] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","shorten_descr":"Remote to Remote [Score: 50] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli], Unsafe Protocol <a href=\"https://www.ntop.org/guides/nDPI/f…"},"alert_id":{"label":"<i class=\"fab fa-bitcoin\"></i> Web Mining","value":"27"},"alert_name":"<i class=\"fab fa-bitcoin\"></i> Web Mining","count":1,"description":{"descr":"Web Mining [Score: 50] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":341678610,"family":"flow","filter":{"bpf":"host 192.168.1.142 and host 69.118.54.122 and port 55328 and port 8333","epoch_begin":1301328089,"epoch_end":1643006700},"flow":{"active_url":"/lua/flow_details.lua?flow_key=102688262&flow_hash_id=1","cli_ip":{"country":"","label":"192.168.1.142","label_long":"192.168.1.142","reference":"<a href='/lua/host_details.lua?host=192.168.1.142' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.142"},"cli_port":"55328","srv_ip":{"country":"US","label":"69.118.54.122","label_long":"69.118.54.122","reference":"<a href='/lua/host_details.lua?host=69.118.54.122' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"69.118.54.122"},"srv_port":"8333"},"l7_proto":{"l4_label":"TCP","l7_label":"Mining","label":"TCP:Mining","value":"42"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=web_mining#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Web Mining [Score: 50] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Web Mining","name":"Web Mining","value":27},"proto":{"label":"TCP","value":"6"},"row_id":"2","score":{"color":"#ffc007","label":"70","value":70},"script_key":"web_mining","severity":{"color":"#ffc007","label":"<i class='fas fa-fw fa-exclamation-triangle text-warning' style='color: #ffc007!important' title='Warning'></i> ","value":4},"tstamp":{"highlight":"#ffc007","label":"28/03/2011 17:01:29","value":1301328089},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 50] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli], Unsafe Protocol <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-022\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 50] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","shorten_descr":"Remote to Remote [Score: 50] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli], Unsafe Protocol <a href=\"https://www.ntop.org/guides/nDPI/f…"},"alert_id":{"label":"<i class=\"fab fa-bitcoin\"></i> Web Mining","value":"27"},"alert_name":"<i class=\"fab fa-bitcoin\"></i> Web Mining","count":1,"description":{"descr":"Web Mining [Score: 50] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":341678380,"family":"flow","filter":{"bpf":"host 192.168.1.142 and host 74.89.181.229 and port 55348 and port 8333","epoch_begin":1301328319,"epoch_end":1643006700},"flow":{"active_url":"/lua/flow_details.lua?flow_key=184711537&flow_hash_id=2","cli_ip":{"country":"","label":"192.168.1.142","label_long":"192.168.1.142","reference":"<a href='/lua/host_details.lua?host=192.168.1.142' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.142"},"cli_port":"55348","srv_ip":{"country":"US","label":"74.89.181.229","label_long":"74.89.181.229","reference":"<a href='/lua/host_details.lua?host=74.89.181.229' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"74.89.181.229"},"srv_port":"8333"},"l7_proto":{"l4_label":"TCP","l7_label":"Mining","label":"TCP:Mining","value":"42"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=web_mining#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Web Mining [Score: 50] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Web Mining","name":"Web Mining","value":27},"proto":{"label":"TCP","value":"6"},"row_id":"3","score":{"color":"#ffc007","label":"70","value":70},"script_key":"web_mining","severity":{"color":"#ffc007","label":"<i class='fas fa-fw fa-exclamation-triangle text-warning' style='color: #ffc007!important' title='Warning'></i> ","value":4},"tstamp":{"highlight":"#ffc007","label":"28/03/2011 17:05:19","value":1301328319},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 50] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv], Unsafe Protocol <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-022\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 50] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","shorten_descr":"Remote to Remote [Score: 50] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv], Unsafe Protocol <a href=\"https://www.ntop.org/guides/nDPI/f…"},"alert_id":{"label":"<i class=\"fab fa-bitcoin\"></i> Web Mining","value":"27"},"alert_name":"<i class=\"fab fa-bitcoin\"></i> Web Mining","count":1,"description":{"descr":"Web Mining [Score: 50] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]"},"duration":341678227,"family":"flow","filter":{"bpf":"host 192.168.1.142 and host 66.68.83.22 and port 55383 and port 8333","epoch_begin":1301328472,"epoch_end":1643006700},"flow":{"active_url":"/lua/flow_details.lua?flow_key=49101218&flow_hash_id=3","cli_ip":{"country":"","label":"192.168.1.142","label_long":"192.168.1.142","reference":"<a href='/lua/host_details.lua?host=192.168.1.142' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.142"},"cli_port":"55383","srv_ip":{"country":"US","label":"66.68.83.22","label_long":"66.68.83.22","reference":"<a href='/lua/host_details.lua?host=66.68.83.22' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"66.68.83.22"},"srv_port":"8333"},"l7_proto":{"l4_label":"TCP","l7_label":"Mining","label":"TCP:Mining","value":"42"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=web_mining#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Web Mining [Score: 50] [Main Direction: Cli <i class='fas fa-arrow-right'></i> Srv]","fullname":"Web Mining","name":"Web Mining","value":27},"proto":{"label":"TCP","value":"6"},"row_id":"4","score":{"color":"#ffc007","label":"70","value":70},"script_key":"web_mining","severity":{"color":"#ffc007","label":"<i class='fas fa-fw fa-exclamation-triangle text-warning' style='color: #ffc007!important' title='Warning'></i> ","value":4},"tstamp":{"highlight":"#ffc007","label":"28/03/2011 17:07:52","value":1301328472},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 50] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli], Unsafe Protocol <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-022\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 50] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","shorten_descr":"Remote to Remote [Score: 50] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli], Unsafe Protocol <a href=\"https://www.ntop.org/guides/nDPI/f…"},"alert_id":{"label":"<i class=\"fab fa-bitcoin\"></i> Web Mining","value":"27"},"alert_name":"<i class=\"fab fa-bitcoin\"></i> Web Mining","count":1,"description":{"descr":"Web Mining [Score: 50] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":341678000,"family":"flow","filter":{"bpf":"host 192.168.1.142 and host 195.218.16.178 and port 55400 and port 8333","epoch_begin":1301328699,"epoch_end":1643006700},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2223179838&flow_hash_id=4","cli_ip":{"country":"","label":"192.168.1.142","label_long":"192.168.1.142","reference":"<a href='/lua/host_details.lua?host=192.168.1.142' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.142"},"cli_port":"55400","srv_ip":{"country":"LU","label":"195.218.16.178","label_long":"195.218.16.178","reference":"<a href='/lua/host_details.lua?host=195.218.16.178' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"195.218.16.178"},"srv_port":"8333"},"l7_proto":{"l4_label":"TCP","l7_label":"Mining","label":"TCP:Mining","value":"42"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=web_mining#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Web Mining [Score: 50] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Web Mining","name":"Web Mining","value":27},"proto":{"label":"TCP","value":"6"},"row_id":"5","score":{"color":"#ffc007","label":"70","value":70},"script_key":"web_mining","severity":{"color":"#ffc007","label":"<i class='fas fa-fw fa-exclamation-triangle text-warning' style='color: #ffc007!important' title='Warning'></i> ","value":4},"tstamp":{"highlight":"#ffc007","label":"28/03/2011 17:11:39","value":1301328699},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 50] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli], Unsafe Protocol <a href=\"https://www.ntop.org/guides/nDPI/flow_risks.html#risk-022\" target=\"_blank\"><i class=\"fas fa-lg fa-question-circle\"></i></a> [Score: 50] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","shorten_descr":"Remote to Remote [Score: 50] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli], Unsafe Protocol <a href=\"https://www.ntop.org/guides/nDPI/f…"},"alert_id":{"label":"<i class=\"fab fa-bitcoin\"></i> Web Mining","value":"27"},"alert_name":"<i class=\"fab fa-bitcoin\"></i> Web Mining","count":1,"description":{"descr":"Web Mining [Score: 50] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]"},"duration":341677395,"family":"flow","filter":{"bpf":"host 192.168.1.142 and host 184.58.165.119 and port 55487 and port 8333","epoch_begin":1301329304,"epoch_end":1643006700},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2028205059&flow_hash_id=5","cli_ip":{"country":"","label":"192.168.1.142","label_long":"192.168.1.142","reference":"<a href='/lua/host_details.lua?host=192.168.1.142' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"192.168.1.142"},"cli_port":"55487","srv_ip":{"country":"US","label":"184.58.165.119","label_long":"184.58.165.119","reference":"<a href='/lua/host_details.lua?host=184.58.165.119' data-bs-toggle='tooltip' title=''><i class='fas fa-laptop'></i></a>","value":"184.58.165.119"},"srv_port":"8333"},"l7_proto":{"l4_label":"TCP","l7_label":"Mining","label":"TCP:Mining","value":"42"},"msg":{"configset_ref":" <a href=\"/lua/admin/edit_configset.lua?subdir=flow&check=web_mining#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>","description":"Web Mining [Score: 50] [Main Direction: Srv <i class='fas fa-arrow-right'></i> Cli]","fullname":"Web Mining","name":"Web Mining","value":27},"proto":{"label":"TCP","value":"6"},"row_id":"6","score":{"color":"#ffc007","label":"70","value":70},"script_key":"web_mining","severity":{"color":"#ffc007","label":"<i class='fas fa-fw fa-exclamation-triangle text-warning' style='color: #ffc007!important' title='Warning'></i> ","value":4},"tstamp":{"highlight":"#ffc007","label":"28/03/2011 17:21:44","value":1301329304},"vlan_id":"0"}],"stats":{"num_records_processed":"Processed 0 records [0 records/sec]","query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1    ","query_duration_msec":0.28085708618164}}}