mirror of
https://github.com/vel21ripn/nDPI.git
synced 2026-04-28 06:59:40 +00:00
Merge commit '15bac7a892' into flow_info-4
This commit is contained in:
Vitaly Lavrov
commit
4928347756
47 changed files with 224 additions and 154 deletions
6
.github/workflows/build.yml
vendored
6
.github/workflows/build.yml
vendored
|
|
@ -159,7 +159,7 @@ jobs:
|
|||
brew install libmaxminddb
|
||||
- name: Configure nDPI
|
||||
run: |
|
||||
./autogen.sh && ./configure --enable-option-checking=fatal --enable-debug-messages ${{ matrix.msan }} ${{ matrix.pcre }} ${{ matrix.maxminddb }} --enable-tls-sigs
|
||||
./autogen.sh && ./configure --enable-option-checking=fatal --enable-debug-messages ${{ matrix.msan }} ${{ matrix.pcre }} ${{ matrix.maxminddb }}
|
||||
- name: Build nDPI
|
||||
run: |
|
||||
make -j all
|
||||
|
|
@ -203,7 +203,7 @@ jobs:
|
|||
if: startsWith(matrix.os, 'ubuntu') && !startsWith(matrix.msan, '--with-') # Only on a few "standard" builds
|
||||
run: |
|
||||
make distclean
|
||||
./autogen.sh && ./configure --enable-option-checking=fatal --enable-debug-messages --enable-tls-sigs --host=x86_64-w64-mingw32
|
||||
./autogen.sh && ./configure --enable-option-checking=fatal --enable-debug-messages --host=x86_64-w64-mingw32
|
||||
make -j $(nproc) all
|
||||
env:
|
||||
CC:
|
||||
|
|
@ -229,7 +229,7 @@ jobs:
|
|||
install: git mingw-w64-x86_64-toolchain automake1.16 automake-wrapper autoconf libtool make mingw-w64-x86_64-json-c mingw-w64-x86_64-crt-git mingw-w64-x86_64-pcre mingw-w64-x86_64-libpcap parallel
|
||||
- name: Configure nDPI on Windows msys2
|
||||
run: |
|
||||
msys2 -c './autogen.sh && ./configure --enable-option-checking=fatal --enable-debug-messages --enable-tls-sigs --disable-npcap'
|
||||
msys2 -c './autogen.sh && ./configure --enable-option-checking=fatal --enable-debug-messages --disable-npcap'
|
||||
- name: Build nDPI on Windows msys2
|
||||
run: |
|
||||
msys2 -c 'make -j all'
|
||||
|
|
|
|||
6
.github/workflows/build_scheduled.yml
vendored
6
.github/workflows/build_scheduled.yml
vendored
|
|
@ -23,7 +23,7 @@ jobs:
|
|||
sudo apt-get install libpcre3-dev libmaxminddb-dev lcov
|
||||
sudo apt-get install wdiff colordiff
|
||||
- name: Configure
|
||||
run: ./autogen.sh && ./configure --enable-option-checking=fatal --enable-debug-messages --enable-code-coverage --with-pcre2 --with-maxminddb --enable-tls-sigs
|
||||
run: ./autogen.sh && ./configure --enable-option-checking=fatal --enable-debug-messages --enable-code-coverage --with-pcre2 --with-maxminddb
|
||||
- name: Build
|
||||
run: make all
|
||||
- name: Test
|
||||
|
|
@ -89,7 +89,7 @@ jobs:
|
|||
pprof -h
|
||||
- name: Configure nDPI library
|
||||
run: |
|
||||
./autogen.sh && ./configure --enable-gprof --enable-option-checking=fatal --with-pcre2 --with-maxminddb --enable-tls-sigs
|
||||
./autogen.sh && ./configure --enable-gprof --enable-option-checking=fatal --with-pcre2 --with-maxminddb
|
||||
- name: Build nDPI library
|
||||
run: |
|
||||
make -j
|
||||
|
|
@ -256,7 +256,7 @@ jobs:
|
|||
install: git mingw-w64-x86_64-toolchain automake1.16 automake-wrapper autoconf libtool make mingw-w64-x86_64-json-c mingw-w64-x86_64-crt-git mingw-w64-x86_64-pcre mingw-w64-x86_64-libpcap mingw-w64-x86_64-libgcrypt parallel
|
||||
- name: Configure nDPI on Windows msys2
|
||||
run: |
|
||||
msys2 -c './autogen.sh && ./configure --enable-option-checking=fatal --enable-debug-messages --enable-tls-sigs --disable-npcap --with-local-libgcrypt'
|
||||
msys2 -c './autogen.sh && ./configure --enable-option-checking=fatal --enable-debug-messages --disable-npcap --with-local-libgcrypt'
|
||||
- name: Build nDPI on Windows msys2
|
||||
run: |
|
||||
msys2 -c 'make -j all'
|
||||
|
|
|
|||
2
.github/workflows/codeql.yml
vendored
2
.github/workflows/codeql.yml
vendored
|
|
@ -40,7 +40,7 @@ jobs:
|
|||
pprof -h
|
||||
- name: Configure nDPI library
|
||||
run: |
|
||||
./autogen.sh && ./configure --enable-gprof --enable-option-checking=fatal --with-pcre2 --with-maxminddb --enable-tls-sigs --enable-debug-messages
|
||||
./autogen.sh && ./configure --enable-gprof --enable-option-checking=fatal --with-pcre2 --with-maxminddb --enable-debug-messages
|
||||
|
||||
- name: Initialize CodeQL
|
||||
uses: github/codeql-action/init@v3
|
||||
|
|
|
|||
13
configure.ac
13
configure.ac
|
|
@ -22,7 +22,6 @@ AC_ARG_ENABLE(fuzztargets, AS_HELP_STRING([--enable-fuzztargets], [Enable fuzz t
|
|||
AC_ARG_ENABLE(gprof, AS_HELP_STRING([--enable-gprof], [Enable CPU/HEAP profiling with gperftools]),[enable_gprof=$enableval],[enable_gprof=no])
|
||||
AC_ARG_ENABLE(code-coverage, AS_HELP_STRING([--enable-code-coverage], [Generate Code Coverage report]))
|
||||
AC_ARG_WITH(local-libgcrypt, AS_HELP_STRING([--with-local-libgcrypt], [Build with libgcrypt (if present) instead of the enclosed gcrypt light]))
|
||||
AC_ARG_ENABLE(tls-sigs, AS_HELP_STRING([--enable-tls-sigs], [Enable TLS Client signature algorithm dissection. Rarely used, but requires significantly more memory.]))
|
||||
AC_ARG_ENABLE(npcap, AS_HELP_STRING([--disable-npcap], [msys2 only: Disable linkage against the wpcap/npcap import library in windows/WpdPack/Lib.]))
|
||||
AC_ARG_WITH(nbpf-path, AS_HELP_STRING([--with-nbpf-path], [nBPF library custom path; default: ${srcdir}/../PF_RING/userland/nbpf]),[NBPF_HOME=$withval],[NBPF_HOME="`cd ${srcdir}/../PF_RING/userland/nbpf 2>/dev/null && pwd || echo ${srcdir}/../PF_RING/userland/nbpf`"])
|
||||
AC_ARG_WITH(libpcap, AS_HELP_STRING([--with-libpcap=PATH], [Linux only: Custom path to libpcap installation]),[LIBPCAP_PATH=$withval],[LIBPCAP_PATH=""])
|
||||
|
|
@ -331,11 +330,6 @@ if ! test "${with_only_libndpi+set}" = set; then :
|
|||
fi
|
||||
AM_CONDITIONAL([BUILD_UNITTESTS], [test "x$build_unittests" = "xyes"])
|
||||
|
||||
HANDLE_TLS_SIGS="//"
|
||||
AS_IF([test "x${enable_tls_sigs}" = "xyes"],[
|
||||
HANDLE_TLS_SIGS=""
|
||||
])
|
||||
|
||||
AS_IF([test "${with_lto_and_gold_linker+set}" = set], [
|
||||
NDPI_CFLAGS="${NDPI_CFLAGS} -flto -fuse-ld=gold -Wno-unused-command-line-argument"
|
||||
NDPI_LDFLAGS="${NDPI_LDFLAGS} ${NDPI_CFLAGS}"
|
||||
|
|
@ -627,7 +621,6 @@ AC_SUBST(PCRE2_ENABLED)
|
|||
AC_SUBST(NBPF_ENABLED)
|
||||
AC_SUBST(GLOBAL_CONTEXT_ENABLED)
|
||||
AC_SUBST(PLUGINS_ENABLED)
|
||||
AC_SUBST(HANDLE_TLS_SIGS)
|
||||
AC_SUBST(DISABLE_NPCAP)
|
||||
AC_SUBST(EXE_SUFFIX)
|
||||
AC_SUBST(NDPI_CFLAGS)
|
||||
|
|
@ -754,12 +747,6 @@ AS_IF([test "x${PLUGINS_ENABLED}" = "x1"],
|
|||
[SUMMARY="${SUMMARY}
|
||||
Plugins: disabled"])
|
||||
|
||||
AS_IF([test "x${enable_tls_sigs}" = "xyes"],
|
||||
[SUMMARY="${SUMMARY}
|
||||
TLS signatures: enabled"],
|
||||
[SUMMARY="${SUMMARY}
|
||||
TLS signatures: disabled"])
|
||||
|
||||
AS_IF([test "x${enable_oldcroaring}" = "xyes"],
|
||||
[SUMMARY="${SUMMARY}
|
||||
CRoaring version: legacy (forced)"],
|
||||
|
|
|
|||
|
|
@ -824,6 +824,8 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow
|
|||
l4_data_len = l4_packet_len - sizeof(struct ndpi_icmp6hdr);
|
||||
*sport = *dport = 0;
|
||||
} else {
|
||||
*payload = NULL;
|
||||
*payload_len = 0;
|
||||
// non tcp/udp protocols
|
||||
*sport = *dport = 0;
|
||||
l4_data_len = 0;
|
||||
|
|
|
|||
2
fuzz/fuzz_dga.options
Normal file
2
fuzz/fuzz_dga.options
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
[libfuzzer]
|
||||
max_len=16384
|
||||
|
|
@ -1164,6 +1164,10 @@ extern "C" {
|
|||
ndpi_tls_block_type ndpi_encode_tls_block_type(u_int8_t block_type, u_int8_t handshake_type);
|
||||
const char* ndpi_print_encoded_tls_block_type(ndpi_tls_block_type block_type, bool numeric_mode);
|
||||
|
||||
char* ndpi_encode_tls_blocks(struct ndpi_tls_block *tls_blocks, u_int8_t num_tls_blocks);
|
||||
struct ndpi_tls_block* ndpi_decode_tls_blocks(u_char *encoded_blocks, u_int encoded_blocks_len,
|
||||
u_int8_t *num_tls_blocks);
|
||||
|
||||
ndpi_proto_defaults_t* ndpi_get_proto_defaults(struct ndpi_detection_module_struct *ndpi_mod);
|
||||
u_int ndpi_get_ndpi_detection_module_size(void);
|
||||
|
||||
|
|
|
|||
|
|
@ -206,8 +206,6 @@ static inline uint64_t get_u_int64_t(const uint8_t* X, int O)
|
|||
|
||||
#define NDPI_OPTIMAL_HLL_NUM_BUCKETS 16
|
||||
|
||||
@HANDLE_TLS_SIGS@#define TLS_HANDLE_SIGNATURE_ALGORITMS 1
|
||||
|
||||
#ifdef __APPLE__
|
||||
|
||||
#include <libkern/OSByteOrder.h>
|
||||
|
|
|
|||
|
|
@ -934,12 +934,13 @@ typedef enum {
|
|||
tls_heartbeat,
|
||||
} ndpi_tls_block_type;
|
||||
|
||||
PACK_ON
|
||||
struct ndpi_tls_block {
|
||||
u_int8_t block_type /* ndpi_tls_block_type */;
|
||||
u_int8_t same_pkt:1, _unused:7;
|
||||
int16_t len; /* + = src->dst, - = dst->src */
|
||||
u_int16_t msec_delta;
|
||||
};
|
||||
} PACK_OFF;
|
||||
|
||||
struct ndpi_flow_tcp_struct {
|
||||
struct {
|
||||
|
|
@ -1844,12 +1845,6 @@ struct ndpi_flow_struct {
|
|||
u_int8_t client_hello_processed:1, ch_direction:1, subprotocol_detected:1,
|
||||
server_hello_processed:1, fingerprint_set:1, webrtc:1;
|
||||
|
||||
#ifdef TLS_HANDLE_SIGNATURE_ALGORITMS
|
||||
/* Under #ifdef to save memory for those who do not need them */
|
||||
u_int8_t num_tls_signature_algorithms;
|
||||
u_int16_t client_signature_algorithms[MAX_NUM_TLS_SIGNATURE_ALGORITHMS];
|
||||
#endif
|
||||
|
||||
struct tls_heuristics browser_heuristics;
|
||||
u_int16_t ssl_version, server_names_len;
|
||||
|
||||
|
|
|
|||
|
|
@ -406,15 +406,15 @@ ndpi_protocol_match host_match[] =
|
|||
{ "s.loris.llnwd.net", "AmazonVideo", NDPI_PROTOCOL_AMAZON_VIDEO, NDPI_PROTOCOL_CATEGORY_VIDEO, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "atv-ext.amazon.com", "AmazonVideo", NDPI_PROTOCOL_AMAZON_VIDEO, NDPI_PROTOCOL_CATEGORY_VIDEO, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "atv-ps.amazon.com", "AmazonVideo", NDPI_PROTOCOL_AMAZON_VIDEO, NDPI_PROTOCOL_CATEGORY_VIDEO, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "media-amazon.com", "AmazonVideo", NDPI_PROTOCOL_AMAZON_VIDEO, NDPI_PROTOCOL_CATEGORY_VIDEO, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "amazonvideo.com", "AmazonVideo", NDPI_PROTOCOL_AMAZON_VIDEO, NDPI_PROTOCOL_CATEGORY_VIDEO, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "primevideo.com", "AmazonVideo", NDPI_PROTOCOL_AMAZON_VIDEO, NDPI_PROTOCOL_CATEGORY_VIDEO, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "pv-cdn.net", "AmazonVideo", NDPI_PROTOCOL_AMAZON_VIDEO, NDPI_PROTOCOL_CATEGORY_VIDEO, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
|
||||
{ "amazon.", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "amazon.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "images-amazon.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "ssl-images-amazon.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "images-amazon.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "ssl-images-amazon.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "media-amazon.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "amazonaws.com", "AmazonAWS", NDPI_PROTOCOL_AMAZON_AWS, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "aws.a2z.com", "AmazonAWS", NDPI_PROTOCOL_AMAZON_AWS, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "a2z.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
|
|
@ -424,6 +424,7 @@ ndpi_protocol_match host_match[] =
|
|||
{ "salesforce.com", "Salesforce", NDPI_PROTOCOL_SALESFORCE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "force.com", "Salesforce", NDPI_PROTOCOL_SALESFORCE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "salesforceliveagent.com", "Salesforce", NDPI_PROTOCOL_SALESFORCE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "marketingcloudapis.com", "Salesforce", NDPI_PROTOCOL_SALESFORCE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "apple-dns.net", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "origin-apple.com.akadns.net", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "e6858.dsce9.akamaiedge.net", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
|
|
@ -457,6 +458,7 @@ ndpi_protocol_match host_match[] =
|
|||
{ "swscan.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "itunes-apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "itunes.apple.com", "AppleiTunes", NDPI_PROTOCOL_APPLE_ITUNES, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "inappcheck.itunes.apple.com", "AppleiTunes", NDPI_PROTOCOL_APPLE_ITUNES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "tlnk.io", "AppleiTunes", NDPI_PROTOCOL_APPLE_ITUNES, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "guzzoni.apple.", "AppleSiri", NDPI_PROTOCOL_APPLE_SIRI, NDPI_PROTOCOL_CATEGORY_VIRTUAL_ASSISTANT, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "wbagora.com", "Playstation", NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_UNRATED, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
|
|
@ -498,6 +500,7 @@ ndpi_protocol_match host_match[] =
|
|||
{ "log.getdropbox.com", "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "dropboxapi.com", "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "dropboxusercontent.com", "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "getdropbox.com", "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
|
||||
{ "ebay.", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_SHOPPING, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL }, /* or FUN */
|
||||
{ "ebay.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_SHOPPING, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
|
|
@ -541,8 +544,9 @@ ndpi_protocol_match host_match[] =
|
|||
{ "docs.googleusercontent.com", "GoogleDocs", NDPI_PROTOCOL_GOOGLE_DOCS, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "docs.google.com", "GoogleDocs", NDPI_PROTOCOL_GOOGLE_DOCS, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
|
||||
{ "drive-thirdparty.googleusercontent.com", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "drive-thirdparty.googleusercontent.com", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "drive.google.com", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "drivefrontend-pa.googleapis.com", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
|
||||
/* used for communication between Android devices and Google's servers for various services, including app downloads and updates */
|
||||
{ "android.clients.google.com", "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
|
|
@ -674,6 +678,7 @@ ndpi_protocol_match host_match[] =
|
|||
{ "secure.skypeassets.com", "Teams", NDPI_PROTOCOL_MSTEAMS, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "teams-ring.msedge.net", "Teams", NDPI_PROTOCOL_MSTEAMS, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "bing.com", "Microsoft365", NDPI_PROTOCOL_MICROSOFT_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "appcenter.ms", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
|
||||
/*
|
||||
See https://better.fyi/trackers/
|
||||
|
|
@ -695,14 +700,14 @@ ndpi_protocol_match host_match[] =
|
|||
*/
|
||||
|
||||
/* Google Advertisements */
|
||||
{ "googlesyndication.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "googleads.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "doubleclick.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "googleadservices.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "2mdn.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "dmtry.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "google-analytics.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "adservice.google.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "googlesyndication.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "googleads.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "doubleclick.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "googleadservices.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "2mdn.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "dmtry.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "google-analytics.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "adservice.google.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "gvt1.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "gvt2.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "telephony.goog", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
|
|
@ -719,7 +724,7 @@ ndpi_protocol_match host_match[] =
|
|||
|
||||
/* Google Services */
|
||||
{ "googleapis.com", "GoogleServices", NDPI_PROTOCOL_GOOGLE_SERVICES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "googletagmanager.com", "GoogleServices", NDPI_PROTOCOL_GOOGLE_SERVICES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "googletagmanager.com", "GoogleServices", NDPI_PROTOCOL_GOOGLE_SERVICES, NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "googletagservices.com", "GoogleServices", NDPI_PROTOCOL_GOOGLE_SERVICES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "mtalk.google.com", "GoogleServices", NDPI_PROTOCOL_GOOGLE_SERVICES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "-mtalk.google.com", "GoogleServices", NDPI_PROTOCOL_GOOGLE_SERVICES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
|
|
@ -771,9 +776,8 @@ ndpi_protocol_match host_match[] =
|
|||
{ "cdn.whatsapp.net", "WhatsAppFiles", NDPI_PROTOCOL_WHATSAPP_FILES, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "mms.whatsapp.net", "WhatsAppFiles", NDPI_PROTOCOL_WHATSAPP_FILES, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "whatsapp.", "WhatsApp", NDPI_PROTOCOL_WHATSAPP, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "g.whatsapp.net", "WhatsApp", NDPI_PROTOCOL_WHATSAPP, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "v.whatsapp.net", "WhatsApp", NDPI_PROTOCOL_WHATSAPP, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "mmg.whatsapp.net", "WhatsApp", NDPI_PROTOCOL_WHATSAPP, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "whatsapp.net", "WhatsApp", NDPI_PROTOCOL_WHATSAPP, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "chat-e2ee-mini.facebook.com", "WhatsApp", NDPI_PROTOCOL_WHATSAPP, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
|
||||
{ "yahoo.com", "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "yahoo.net", "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
|
|
@ -856,6 +860,7 @@ ndpi_protocol_match host_match[] =
|
|||
{ "snap.api.mapbox.com", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "cognac-prod.appspot.com", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "addlive.io", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "sc-static.net", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
|
||||
{ "waze.com", "Waze", NDPI_PROTOCOL_WAZE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "wazespeechactiviation-pa.googleapis.com", "Waze", NDPI_PROTOCOL_WAZE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
|
|
@ -1208,8 +1213,6 @@ ndpi_protocol_match host_match[] =
|
|||
{ "pluralsight.com", "Pluralsight", NDPI_PROTOCOL_PLURALSIGHT, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "pluralsight2.imgix.net", "Pluralsight", NDPI_PROTOCOL_PLURALSIGHT, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "pluralsight.imgix.net", "Pluralsight", NDPI_PROTOCOL_PLURALSIGHT, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "zn6qzq6caaucudesr-pluralsight.siteintercept.qualtrics.com", "Pluralsight", NDPI_PROTOCOL_PLURALSIGHT, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "znejw6fzxpoc4z2sj-pluralsight.siteintercept.qualtrics.com", "Pluralsight", NDPI_PROTOCOL_PLURALSIGHT, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "ip-video-course-exercise-files-us-west-2.s3.us-west-2.amazonaws.com", "Pluralsight", NDPI_PROTOCOL_PLURALSIGHT, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "pluralsight.demdex.net", "Pluralsight", NDPI_PROTOCOL_PLURALSIGHT, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "pluralsight.sc.omtrdc.net", "Pluralsight", NDPI_PROTOCOL_PLURALSIGHT, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
|
|
@ -1225,6 +1228,7 @@ ndpi_protocol_match host_match[] =
|
|||
{ "mozilla.net", "Mozilla", NDPI_PROTOCOL_MOZILLA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "mozilla.org", "Mozilla", NDPI_PROTOCOL_MOZILLA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "mozgcp.net", "Mozilla", NDPI_PROTOCOL_MOZILLA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "firefox.com", "Mozilla", NDPI_PROTOCOL_MOZILLA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
|
||||
{ "softether.org", "Softether", NDPI_PROTOCOL_SOFTETHER, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "softether-network.net", "Softether", NDPI_PROTOCOL_SOFTETHER, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
|
|
@ -1267,6 +1271,8 @@ ndpi_protocol_match host_match[] =
|
|||
{ "ocsp.sectigo.com", "OCSP", NDPI_PROTOCOL_OCSP, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "ocsp.quovadisglobal.com", "OCSP", NDPI_PROTOCOL_OCSP, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "ocsp.pki.goog", "OCSP", NDPI_PROTOCOL_OCSP, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "ocsp.apple.com", "OCSP", NDPI_PROTOCOL_OCSP, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "ocsp2.apple.com", "OCSP", NDPI_PROTOCOL_OCSP, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "ocsp.", "OCSP", NDPI_PROTOCOL_OCSP, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "ocsp2.", "OCSP", NDPI_PROTOCOL_OCSP, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
|
||||
|
|
@ -1607,6 +1613,7 @@ static ndpi_category_match category_match[] = {
|
|||
{ "jsdelivr.net", NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
|
||||
{ "bootstrapcdn.com", NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
|
||||
{ "cdn.optimizely.com", NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
|
||||
{ "jquery.com", NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_ACCEPTABLE },
|
||||
{ "mncdn.com", NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
|
||||
{ "vultr.com", NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_FUN },
|
||||
{ "baidu.com", NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN },
|
||||
|
|
@ -1640,8 +1647,8 @@ static ndpi_category_match category_match[] = {
|
|||
{ "gaypornhublive.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
|
||||
{ "xnxx.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
|
||||
{ "xhamster.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
|
||||
{ "realsrv.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
|
||||
{ "stripchat.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
|
||||
{ "stripcash.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
|
||||
{ "stripcdn.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
|
||||
{ "spankbang.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
|
||||
{ "chaturbate.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
|
||||
|
|
@ -1689,6 +1696,7 @@ static ndpi_category_match category_match[] = {
|
|||
{ "hqporner.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
|
||||
{ "youjizz.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
|
||||
{ "txxx.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
|
||||
{ "txxx.tube", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
|
||||
{ "xvideos3.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
|
||||
{ "xxxnewvideos.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
|
||||
{ "ok.xxx", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
|
||||
|
|
@ -1710,7 +1718,6 @@ static ndpi_category_match category_match[] = {
|
|||
{ "phncdn.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
|
||||
{ "ypncdn.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
|
||||
{ "strpst.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
|
||||
{ "trafficjunky.net", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
|
||||
{ "afcdn.net", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
|
||||
{ "ktkjmp.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
|
||||
{ "xxxyouporn.me", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
|
||||
|
|
@ -1719,6 +1726,7 @@ static ndpi_category_match category_match[] = {
|
|||
{ "youpornshop.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
|
||||
{ "youpornmate.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
|
||||
{ "youporninhd.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
|
||||
{ "bangbros.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
|
||||
|
||||
/* Artificial Intelligence / LLM */
|
||||
{ "deepseek.com", NDPI_PROTOCOL_CATEGORY_ARTIFICIAL_INTELLIGENCE, NDPI_PROTOCOL_ACCEPTABLE },
|
||||
|
|
@ -1761,6 +1769,7 @@ static ndpi_category_match category_match[] = {
|
|||
{ "adjust.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
|
||||
{ "adjust.net.in", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
|
||||
{ "adjust.world", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
|
||||
{ "adjust.io", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
|
||||
/* Helpshift enables brands to deliver superior digital customer service digital channels*/
|
||||
{ "helpshift.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
|
||||
/* AppLovin is a mobile marketing platform */
|
||||
|
|
@ -1848,7 +1857,18 @@ static ndpi_category_match category_match[] = {
|
|||
{ "iads.unity3d.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
|
||||
/* Amazon Ads helps you reach customers at scale through full-funnel advertising across streaming, shopping, and everything in-between */
|
||||
{ "amazon-adsystem.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
|
||||
|
||||
/* TrafficJunky is an Ad Network that manages the banner advertisements for some of the world's largest Adult tube sites */
|
||||
{ "trafficjunky.net", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
|
||||
/* ExoClick is a global online advertising network providing services to advertisers and publishers */
|
||||
{ "exoclick.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
|
||||
{ "realsrv.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
|
||||
{ "ab1n.net", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
|
||||
{ "exosrv.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
|
||||
{ "exdynsrv.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
|
||||
/* Quantum Metric is a digital analytics platform that provides businesses with tools to support a customer-focused culture */
|
||||
{ "quantummetric.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
|
||||
/* Qualtrix: The XM Platform and our specialized AI uncovers insights, prioritizes actions, and empowers everyone to improve customer & employee experiences */
|
||||
{ "qualtrics.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
|
||||
{ NULL, 0, NDPI_PROTOCOL_SAFE }
|
||||
};
|
||||
#endif
|
||||
|
|
|
|||
|
|
@ -3249,38 +3249,50 @@ int ndpi_get_patricia_stats(struct ndpi_detection_module_struct *ndpi_struct,
|
|||
|
||||
switch(ptree_type) {
|
||||
case NDPI_PTREE_RISK_MASK:
|
||||
if(!ndpi_struct->ip_risk_mask)
|
||||
if(!ndpi_struct->ip_risk_mask) {
|
||||
memset(stats, '\0', sizeof(*stats));
|
||||
return -1;
|
||||
}
|
||||
ndpi_patricia_get_stats(ndpi_struct->ip_risk_mask->v4, stats);
|
||||
return 0;
|
||||
|
||||
case NDPI_PTREE_RISK_MASK6:
|
||||
if(!ndpi_struct->ip_risk_mask)
|
||||
if(!ndpi_struct->ip_risk_mask) {
|
||||
memset(stats, '\0', sizeof(*stats));
|
||||
return -1;
|
||||
}
|
||||
ndpi_patricia_get_stats(ndpi_struct->ip_risk_mask->v6, stats);
|
||||
return 0;
|
||||
|
||||
case NDPI_PTREE_RISK:
|
||||
if(!ndpi_struct->ip_risk)
|
||||
if(!ndpi_struct->ip_risk) {
|
||||
memset(stats, '\0', sizeof(*stats));
|
||||
return -1;
|
||||
}
|
||||
ndpi_patricia_get_stats(ndpi_struct->ip_risk->v4, stats);
|
||||
return 0;
|
||||
|
||||
case NDPI_PTREE_RISK6:
|
||||
if(!ndpi_struct->ip_risk)
|
||||
if(!ndpi_struct->ip_risk) {
|
||||
memset(stats, '\0', sizeof(*stats));
|
||||
return -1;
|
||||
}
|
||||
ndpi_patricia_get_stats(ndpi_struct->ip_risk->v6, stats);
|
||||
return 0;
|
||||
|
||||
case NDPI_PTREE_PROTOCOLS:
|
||||
if(!ndpi_struct->protocols)
|
||||
if(!ndpi_struct->protocols) {
|
||||
memset(stats, '\0', sizeof(*stats));
|
||||
return -1;
|
||||
}
|
||||
ndpi_patricia_get_stats(ndpi_struct->protocols->v4, stats);
|
||||
return 0;
|
||||
|
||||
case NDPI_PTREE_PROTOCOLS6:
|
||||
if(!ndpi_struct->protocols)
|
||||
if(!ndpi_struct->protocols) {
|
||||
memset(stats, '\0', sizeof(*stats));
|
||||
return -1;
|
||||
}
|
||||
ndpi_patricia_get_stats(ndpi_struct->protocols->v6, stats);
|
||||
return 0;
|
||||
|
||||
|
|
|
|||
|
|
@ -5273,6 +5273,51 @@ const char* ndpi_print_encoded_tls_block_type(ndpi_tls_block_type block_type, bo
|
|||
|
||||
/* ****************************************** */
|
||||
|
||||
/* NOTE: caller MUST free the returned pointer */
|
||||
char* ndpi_encode_tls_blocks(struct ndpi_tls_block *tls_blocks,
|
||||
u_int8_t num_tls_blocks) {
|
||||
u_char buf[512];
|
||||
u_int8_t i, offset=0, block_len = sizeof(struct ndpi_tls_block);
|
||||
u_int expected_len = num_tls_blocks * block_len;
|
||||
|
||||
if(sizeof(buf) < expected_len) return(0); /* Buffer too short */
|
||||
|
||||
for(i=0; i<num_tls_blocks; i++) {
|
||||
memcpy(&buf[offset], &tls_blocks[i], block_len);
|
||||
offset += block_len;
|
||||
}
|
||||
|
||||
return(ndpi_base64_encode(buf, expected_len));
|
||||
}
|
||||
|
||||
/* ****************************************** */
|
||||
|
||||
/* NOTE: caller MUST free the returned pointer */
|
||||
struct ndpi_tls_block* ndpi_decode_tls_blocks(u_char *encoded_blocks, u_int encoded_blocks_len,
|
||||
u_int8_t *num_tls_blocks) {
|
||||
size_t out_len;
|
||||
u_char *buf = ndpi_base64_decode(encoded_blocks, encoded_blocks_len, &out_len);
|
||||
u_int8_t block_len = sizeof(struct ndpi_tls_block);
|
||||
struct ndpi_tls_block *ret;
|
||||
u_int expected_len;
|
||||
|
||||
if(buf == NULL) return(NULL);
|
||||
if(out_len == 0) { ndpi_free(buf); return(NULL); }
|
||||
|
||||
*num_tls_blocks = out_len / block_len;
|
||||
expected_len = (*num_tls_blocks) * block_len; /* Avoid rounding problems */
|
||||
|
||||
ret = (struct ndpi_tls_block*)ndpi_malloc(expected_len);
|
||||
if(ret == NULL) { ndpi_free(buf); return(NULL); }
|
||||
|
||||
memcpy(ret, buf, expected_len);
|
||||
ndpi_free(buf);
|
||||
|
||||
return(ret);
|
||||
}
|
||||
|
||||
/* ****************************************** */
|
||||
|
||||
const char* ndpi_tls_extension2str(u_int16_t extension_id,
|
||||
char unknown_extn[8]) {
|
||||
switch(extension_id) {
|
||||
|
|
|
|||
|
|
@ -3223,16 +3223,6 @@ static int _processClientServerHello(struct ndpi_detection_module_struct *ndpi_s
|
|||
s_offset += 2;
|
||||
tot_signature_algorithms_len = ndpi_min((sizeof(ja->client.signature_algorithms_str) / 2) - 1, tot_signature_algorithms_len);
|
||||
|
||||
#ifdef TLS_HANDLE_SIGNATURE_ALGORITMS
|
||||
size_t sa_size = ndpi_min(tot_signature_algorithms_len / 2, MAX_NUM_TLS_SIGNATURE_ALGORITHMS);
|
||||
|
||||
if (s_offset + 2 * sa_size <= packet->payload_packet_len) {
|
||||
flow->protos.tls_quic.num_tls_signature_algorithms = sa_size;
|
||||
memcpy(flow->protos.tls_quic.client_signature_algorithms,
|
||||
&packet->payload[s_offset], 2 /* 16 bit */ * sa_size);
|
||||
}
|
||||
#endif
|
||||
|
||||
for(i=0, id=0; i<tot_signature_algorithms_len && s_offset+i+1<total_len; i += 2)
|
||||
ja->client.signature_algorithm[id++] = ntohs(*(u_int16_t*)&packet->payload[s_offset+i]);
|
||||
|
||||
|
|
|
|||
Binary file not shown.
|
|
@ -52,7 +52,8 @@ Safe 136 23093 12
|
|||
Acceptable 2919 1140556 147
|
||||
Tracker_Ads 19 6096 1
|
||||
|
||||
Web 1530 685327 56
|
||||
Media 488 285245 15
|
||||
Web 1042 400082 41
|
||||
Cloud 373 141134 14
|
||||
Network 81 8859 39
|
||||
SoftwareUpdate 19 7852 1
|
||||
|
|
@ -68,32 +69,32 @@ JA Host Stats:
|
|||
1 TCP 172.16.42.216:54411 <-> 52.85.209.216:443 [proto: 91.178/TLS.Amazon][Stack: TLS.Amazon][IP: 464/AWS_Cloudfront][Encrypted][Confidence: DPI][FPC: 178/Amazon, Confidence: DNS][DPI packets: 9][cat: Web/5][Breed: Acceptable][40 pkts/9869 bytes <-> 38 pkts/36764 bytes][Goodput ratio: 73/93][4.46 sec][Hostname/SNI: www.amazon.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.577 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 89/33 1629/317 305/68][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 247/967 1514/1514 433/642][nDPI Fingerprint: 6e2bfb70839a1a0ac4ec7899bfb1336f][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][ServerNames: amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com][Certificate SHA-1: EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E][Validity: 2016-10-31 00:00:00 - 2017-12-31 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,2,0,2,0,0,2,2,0,0,0,2,2,0,0,0,0,0,0,0,0,0,2,2,0,0,0,0,0,0,0,0,8,2,0,2,0,0,0,0,0,0,0,0,0,69,0,0]
|
||||
2 TCP 172.16.42.216:41828 <-> 52.85.209.143:443 [proto: 91.178/TLS.Amazon][Stack: TLS.Amazon][IP: 464/AWS_Cloudfront][Encrypted][Confidence: DPI][FPC: 178/Amazon, Confidence: DNS][DPI packets: 8][cat: Web/5][Breed: Acceptable][31 pkts/13163 bytes <-> 34 pkts/25939 bytes][Goodput ratio: 84/91][3.25 sec][Hostname/SNI: www.amazon.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.327 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 111/38 1832/535 365/102][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 425/763 1514/1514 587/629][nDPI Fingerprint: 6e2bfb70839a1a0ac4ec7899bfb1336f][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][ServerNames: amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com][Certificate SHA-1: EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E][Validity: 2016-10-31 00:00:00 - 2017-12-31 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 2,2,2,8,0,0,2,2,2,0,2,0,0,2,0,0,2,0,0,2,0,2,5,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,53,0,0]
|
||||
3 TCP 172.16.42.216:40856 <-> 54.239.29.253:443 [proto: 91.178/TLS.Amazon][Stack: TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 178/Amazon, Confidence: DNS][DPI packets: 6][cat: Web/5][Breed: Acceptable][47 pkts/4785 bytes <-> 51 pkts/31984 bytes][Goodput ratio: 47/91][2.59 sec][Hostname/SNI: skills-store.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.740 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 65/13 1811/246 293/44][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 102/627 1514/1514 218/316][Risk: ** Weak TLS Cipher **][Risk Score: 100][Risk Info: Cipher TLS_RSA_WITH_AES_128_CBC_SHA][nDPI Fingerprint: 6e2bfb70839a1a0ac4ec7899bfb1336f][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][ServerNames: skills-store.amazon.com][JA3S: 18e962e106761869a61045bed0e81c2c][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=skills-store.amazon.com][Certificate SHA-1: 2A:40:0E:E9:9A:EC:7C:0D:40:AA:C9:C5:66:67:00:B8:3E:90:DC:B2][Validity: 2016-05-14 00:00:00 - 2017-05-15 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,3,0,0,0,0,1,1,0,0,1,0,0,1,0,0,0,80,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,7,0,0]
|
||||
4 TCP 172.16.42.216:51986 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][Stack: HTTP.Amazon][IP: 464/AWS_Cloudfront][ClearText][Confidence: DPI][FPC: 178/Amazon, Confidence: DNS][DPI packets: 6][cat: Web/5][Breed: Acceptable][31 pkts/3707 bytes <-> 28 pkts/31731 bytes][Goodput ratio: 44/94][1.26 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.791 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/21 364/286 86/68][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 120/1133 613/1514 162/585][URL: ecx.images-amazon.com/images/I/81diFQyVjHL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][Server: Server][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][PLAIN TEXT (GET /images/I/81diF)][Plen Bins: 3,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,3,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,3,68,0,0]
|
||||
5 TCP 172.16.42.216:51995 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][Stack: HTTP.Amazon][IP: 464/AWS_Cloudfront][ClearText][Confidence: DPI][FPC: 178/Amazon, Confidence: DNS][DPI packets: 6][cat: Web/5][Breed: Acceptable][22 pkts/2590 bytes <-> 25 pkts/31047 bytes][Goodput ratio: 42/95][1.13 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.846 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 54/42 536/536 126/120][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 118/1242 613/1514 157/474][URL: ecx.images-amazon.com/images/I/5100jxqrQhL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][Server: Server][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][PLAIN TEXT (GET /images/I/5100j)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,8,0,0,0,4,0,0,0,0,67,0,0]
|
||||
6 TCP 172.16.42.216:51992 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][Stack: HTTP.Amazon][IP: 464/AWS_Cloudfront][ClearText][Confidence: DPI][FPC: 178/Amazon, Confidence: DNS][DPI packets: 7][cat: Web/5][Breed: Acceptable][27 pkts/3443 bytes <-> 24 pkts/29237 bytes][Goodput ratio: 48/95][1.13 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.789 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 36/6 368/110 98/25][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 128/1218 613/1514 172/546][URL: ecx.images-amazon.com/images/I/71nqwmwmRlL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][Server: Server][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][PLAIN TEXT (GET /images/I/71nqwmwmRlL.)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,74,0,0]
|
||||
4 TCP 172.16.42.216:51986 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][Stack: HTTP.Amazon][IP: 464/AWS_Cloudfront][ClearText][Confidence: DPI][FPC: 178/Amazon, Confidence: DNS][DPI packets: 6][cat: Media/1][Breed: Acceptable][31 pkts/3707 bytes <-> 28 pkts/31731 bytes][Goodput ratio: 44/94][1.26 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.791 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/21 364/286 86/68][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 120/1133 613/1514 162/585][URL: ecx.images-amazon.com/images/I/81diFQyVjHL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][Server: Server][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][PLAIN TEXT (GET /images/I/81diF)][Plen Bins: 3,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,3,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,3,68,0,0]
|
||||
5 TCP 172.16.42.216:51995 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][Stack: HTTP.Amazon][IP: 464/AWS_Cloudfront][ClearText][Confidence: DPI][FPC: 178/Amazon, Confidence: DNS][DPI packets: 6][cat: Media/1][Breed: Acceptable][22 pkts/2590 bytes <-> 25 pkts/31047 bytes][Goodput ratio: 42/95][1.13 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.846 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 54/42 536/536 126/120][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 118/1242 613/1514 157/474][URL: ecx.images-amazon.com/images/I/5100jxqrQhL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][Server: Server][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][PLAIN TEXT (GET /images/I/5100j)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,8,0,0,0,4,0,0,0,0,67,0,0]
|
||||
6 TCP 172.16.42.216:51992 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][Stack: HTTP.Amazon][IP: 464/AWS_Cloudfront][ClearText][Confidence: DPI][FPC: 178/Amazon, Confidence: DNS][DPI packets: 7][cat: Media/1][Breed: Acceptable][27 pkts/3443 bytes <-> 24 pkts/29237 bytes][Goodput ratio: 48/95][1.13 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.789 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 36/6 368/110 98/25][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 128/1218 613/1514 172/546][URL: ecx.images-amazon.com/images/I/71nqwmwmRlL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][Server: Server][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][PLAIN TEXT (GET /images/I/71nqwmwmRlL.)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,74,0,0]
|
||||
7 TCP 172.16.42.216:41691 <-> 54.239.29.146:443 [proto: 91.178/TLS.Amazon][Stack: TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 178/Amazon, Confidence: DNS][DPI packets: 9][cat: Web/5][Breed: Acceptable][28 pkts/5292 bytes <-> 28 pkts/24601 bytes][Goodput ratio: 71/94][100.86 sec][Hostname/SNI: api.amazon.com][bytes ratio: -0.646 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 37/78 293/443 72/134][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 189/879 1514/1514 381/687][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 77fcb32cd3006fc460171e2e171695f7][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d220500_5fd681855ab9_c70a3c84db07][ServerNames: api.amazon.com,wsync.us-east-1.amazon.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=api.amazon.com][Certificate SHA-1: 1D:A3:CD:C3:06:9E:9B:A0:61:1E:1A:75:55:C1:A8:B0:DC:F8:75:2D][Firefox][Validity: 2016-09-05 00:00:00 - 2017-09-23 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,3,0,3,0,15,3,0,0,0,0,0,3,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,68,0,0]
|
||||
8 TCP 172.16.42.216:38483 <-> 52.85.209.143:443 [proto: 91.178/TLS.Amazon][Stack: TLS.Amazon][IP: 464/AWS_Cloudfront][Encrypted][Confidence: DPI][FPC: 178/Amazon, Confidence: DNS][DPI packets: 8][cat: Web/5][Breed: Acceptable][32 pkts/3796 bytes <-> 30 pkts/25146 bytes][Goodput ratio: 44/92][0.66 sec][bytes ratio: -0.738 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/19 227/241 45/48][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 119/838 732/1514 163/608][Risk: ** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 60][Risk Info: SNI should always be present;No ALPN][nDPI Fingerprint: db01ddf673488e0649ab60a8ff8c2e1b][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12i220300_5fd681855ab9_1ea9011b3dfa][ServerNames: amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com][Certificate SHA-1: EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E][Firefox][Validity: 2016-10-31 00:00:00 - 2017-12-31 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,12,3,6,0,0,6,0,0,0,0,3,3,0,0,3,0,3,0,0,6,3,0,3,0,0,3,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0]
|
||||
9 TCP 172.16.42.216:34034 <-> 54.239.24.186:443 [proto: 91.265/TLS.AmazonAWS][Stack: TLS.AmazonAWS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: DNS][DPI packets: 7][cat: Cloud/13][Breed: Acceptable][24 pkts/22786 bytes <-> 19 pkts/2185 bytes][Goodput ratio: 94/49][1.87 sec][Hostname/SNI: mobileanalytics.us-east-1.amazonaws.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: 0.825 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 65/76 511/512 132/142][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 949/115 1514/564 678/140][nDPI Fingerprint: 6e2bfb70839a1a0ac4ec7899bfb1336f][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 4,4,0,0,4,0,0,0,4,0,0,0,4,0,0,4,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,65,0,0]
|
||||
10 TCP 172.16.42.216:45703 <-> 52.94.232.134:443 [proto: 91.110/TLS.AmazonAlexa][Stack: TLS.AmazonAlexa][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 110/AmazonAlexa, Confidence: DNS][DPI packets: 5][cat: VirtAssistant/32][Breed: Acceptable][32 pkts/18086 bytes <-> 24 pkts/6391 bytes][Goodput ratio: 90/78][13.18 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.478 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 478/297 3544/1485 870/399][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 565/266 1514/731 644/259][Risk: ** Weak TLS Cipher **][Risk Score: 100][Risk Info: Cipher TLS_RSA_WITH_AES_128_CBC_SHA][nDPI Fingerprint: 6e2bfb70839a1a0ac4ec7899bfb1336f][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][JA3S: 18e962e106761869a61045bed0e81c2c][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,6,3,0,6,9,6,3,3,0,0,0,0,0,0,12,6,3,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0]
|
||||
11 TCP 172.16.42.216:45710 <-> 52.94.232.134:443 [proto: 91.110/TLS.AmazonAlexa][Stack: TLS.AmazonAlexa][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 110/AmazonAlexa, Confidence: DNS][DPI packets: 7][cat: VirtAssistant/32][Breed: Acceptable][26 pkts/13063 bytes <-> 23 pkts/8561 bytes][Goodput ratio: 89/85][10.20 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.208 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 464/535 3346/6303 892/1474][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 502/372 1514/1514 619/511][Risk: ** Weak TLS Cipher **][Risk Score: 100][Risk Info: Cipher TLS_RSA_WITH_AES_128_CBC_SHA][nDPI Fingerprint: 6e2bfb70839a1a0ac4ec7899bfb1336f][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][JA3S: 18e962e106761869a61045bed0e81c2c][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 3,7,3,3,7,3,3,11,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,41,0,0]
|
||||
12 TCP 172.16.42.216:54434 <-> 52.85.209.216:443 [proto: 91.178/TLS.Amazon][Stack: TLS.Amazon][IP: 464/AWS_Cloudfront][Encrypted][Confidence: DPI][FPC: 178/Amazon, Confidence: DNS][DPI packets: 6][cat: Web/5][Breed: Acceptable][18 pkts/9106 bytes <-> 15 pkts/10708 bytes][Goodput ratio: 86/91][3.73 sec][Hostname/SNI: www.amazon.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.081 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/241 96/1116 31/336][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 506/714 1514/1514 633/678][nDPI Fingerprint: ab42a1d37c497782b68b77acaa21856b][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1511h2_f0daf39aad75_7ed7223c468c][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,6,6,0,6,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,6,57,0,0]
|
||||
13 TCP 172.16.42.216:41914 <-> 52.84.62.115:443 [proto: 91.178/TLS.Amazon][Stack: TLS.Amazon][IP: 464/AWS_Cloudfront][Encrypted][Confidence: DPI][FPC: 178/Amazon, Confidence: DNS][DPI packets: 8][cat: Web/5][Breed: Acceptable][20 pkts/6834 bytes <-> 15 pkts/11310 bytes][Goodput ratio: 80/91][0.96 sec][Hostname/SNI: images-na.ssl-images-amazon.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.247 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 51/50 222/242 77/88][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 342/754 1351/1514 506/588][nDPI Fingerprint: 6e2bfb70839a1a0ac4ec7899bfb1336f][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][ServerNames: images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com][Certificate SHA-1: 39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52][Validity: 2016-09-23 00:00:00 - 2017-10-26 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,10,0,5,0,0,5,0,10,0,0,0,0,0,10,0,0,0,0,0,0,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,5,15,0,0,0,0,27,0,0]
|
||||
14 TCP 172.16.42.216:51997 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][Stack: HTTP.Amazon][IP: 464/AWS_Cloudfront][ClearText][Confidence: DPI][FPC: 178/Amazon, Confidence: DNS][DPI packets: 6][cat: Web/5][Breed: Acceptable][16 pkts/1611 bytes <-> 14 pkts/16206 bytes][Goodput ratio: 34/94][1.14 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.819 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 68/24 628/205 165/61][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 101/1158 613/1514 132/593][URL: ecx.images-amazon.com/images/I/61Tfp7ZVcoL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][Server: Server][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][PLAIN TEXT (GET /images/I/61Tfp)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,83,0,0]
|
||||
15 TCP 172.16.42.216:51989 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][Stack: HTTP.Amazon][IP: 464/AWS_Cloudfront][ClearText][Confidence: DPI][FPC: 178/Amazon, Confidence: DNS][DPI packets: 8][cat: Web/5][Breed: Acceptable][17 pkts/2771 bytes <-> 14 pkts/14992 bytes][Goodput ratio: 59/94][1.36 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.688 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 71/69 377/743 125/213][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 163/1071 613/1514 208/642][URL: ecx.images-amazon.com/images/I/71pwMKDRQIL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][Server: Server][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][PLAIN TEXT (zTGET /images/I/71pwMKDRQIL.)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,69,0,0]
|
||||
13 TCP 172.16.42.216:41914 <-> 52.84.62.115:443 [proto: 91.178/TLS.Amazon][Stack: TLS.Amazon][IP: 464/AWS_Cloudfront][Encrypted][Confidence: DPI][FPC: 178/Amazon, Confidence: DNS][DPI packets: 8][cat: Media/1][Breed: Acceptable][20 pkts/6834 bytes <-> 15 pkts/11310 bytes][Goodput ratio: 80/91][0.96 sec][Hostname/SNI: images-na.ssl-images-amazon.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.247 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 51/50 222/242 77/88][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 342/754 1351/1514 506/588][nDPI Fingerprint: 6e2bfb70839a1a0ac4ec7899bfb1336f][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][ServerNames: images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com][Certificate SHA-1: 39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52][Validity: 2016-09-23 00:00:00 - 2017-10-26 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,10,0,5,0,0,5,0,10,0,0,0,0,0,10,0,0,0,0,0,0,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,5,15,0,0,0,0,27,0,0]
|
||||
14 TCP 172.16.42.216:51997 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][Stack: HTTP.Amazon][IP: 464/AWS_Cloudfront][ClearText][Confidence: DPI][FPC: 178/Amazon, Confidence: DNS][DPI packets: 6][cat: Media/1][Breed: Acceptable][16 pkts/1611 bytes <-> 14 pkts/16206 bytes][Goodput ratio: 34/94][1.14 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.819 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 68/24 628/205 165/61][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 101/1158 613/1514 132/593][URL: ecx.images-amazon.com/images/I/61Tfp7ZVcoL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][Server: Server][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][PLAIN TEXT (GET /images/I/61Tfp)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,83,0,0]
|
||||
15 TCP 172.16.42.216:51989 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][Stack: HTTP.Amazon][IP: 464/AWS_Cloudfront][ClearText][Confidence: DPI][FPC: 178/Amazon, Confidence: DNS][DPI packets: 8][cat: Media/1][Breed: Acceptable][17 pkts/2771 bytes <-> 14 pkts/14992 bytes][Goodput ratio: 59/94][1.36 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.688 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 71/69 377/743 125/213][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 163/1071 613/1514 208/642][URL: ecx.images-amazon.com/images/I/71pwMKDRQIL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][Server: Server][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][PLAIN TEXT (zTGET /images/I/71pwMKDRQIL.)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,69,0,0]
|
||||
16 TCP 172.16.42.216:44912 <-> 54.239.23.94:443 [proto: 91.265/TLS.AmazonAWS][Stack: TLS.AmazonAWS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: DNS][DPI packets: 11][cat: Cloud/13][Breed: Acceptable][19 pkts/11483 bytes <-> 14 pkts/5858 bytes][Goodput ratio: 91/86][10.46 sec][Hostname/SNI: mobileanalytics.us-east-1.amazonaws.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: 0.324 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 552/875 3665/7470 1005/2334][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 604/418 1514/1514 650/593][nDPI Fingerprint: 6e2bfb70839a1a0ac4ec7899bfb1336f][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][ServerNames: mobileanalytics.us-east-1.amazonaws.com][JA3S: 159d46e54a2c066ef95e656fdf034e1d][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=mobileanalytics.us-east-1.amazonaws.com][Certificate SHA-1: 87:AD:E9:2D:E8:42:F0:5C:3A:09:13:00:12:93:59:04:84:C3:E2:2D][Validity: 2016-05-31 00:00:00 - 2017-06-26 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,6,0,6,0,0,0,6,0,0,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,41,0,27,0,0]
|
||||
17 TCP 172.16.42.216:51990 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][Stack: HTTP.Amazon][IP: 464/AWS_Cloudfront][ClearText][Confidence: DPI][FPC: 178/Amazon, Confidence: DNS][DPI packets: 6][cat: Web/5][Breed: Acceptable][15 pkts/1557 bytes <-> 13 pkts/15104 bytes][Goodput ratio: 35/94][1.25 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.813 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 88/21 682/138 190/45][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 104/1162 613/1514 136/600][URL: ecx.images-amazon.com/images/I/612xlaOI2NL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][Server: Server][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][PLAIN TEXT (tyGET /images/I/612)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,72,0,0]
|
||||
18 TCP 172.16.42.216:51988 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][Stack: HTTP.Amazon][IP: 464/AWS_Cloudfront][ClearText][Confidence: DPI][FPC: 178/Amazon, Confidence: DNS][DPI packets: 6][cat: Web/5][Breed: Acceptable][15 pkts/1557 bytes <-> 13 pkts/14454 bytes][Goodput ratio: 35/94][1.26 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.806 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 77/27 681/154 186/53][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 104/1112 613/1514 136/592][URL: ecx.images-amazon.com/images/I/61oBTb+jZvL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][Server: Server][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][PLAIN TEXT (GET /images/I/61oBTb)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,72,0,0]
|
||||
17 TCP 172.16.42.216:51990 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][Stack: HTTP.Amazon][IP: 464/AWS_Cloudfront][ClearText][Confidence: DPI][FPC: 178/Amazon, Confidence: DNS][DPI packets: 6][cat: Media/1][Breed: Acceptable][15 pkts/1557 bytes <-> 13 pkts/15104 bytes][Goodput ratio: 35/94][1.25 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.813 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 88/21 682/138 190/45][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 104/1162 613/1514 136/600][URL: ecx.images-amazon.com/images/I/612xlaOI2NL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][Server: Server][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][PLAIN TEXT (tyGET /images/I/612)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,72,0,0]
|
||||
18 TCP 172.16.42.216:51988 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][Stack: HTTP.Amazon][IP: 464/AWS_Cloudfront][ClearText][Confidence: DPI][FPC: 178/Amazon, Confidence: DNS][DPI packets: 6][cat: Media/1][Breed: Acceptable][15 pkts/1557 bytes <-> 13 pkts/14454 bytes][Goodput ratio: 35/94][1.26 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.806 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 77/27 681/154 186/53][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 104/1112 613/1514 136/592][URL: ecx.images-amazon.com/images/I/61oBTb+jZvL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][Server: Server][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][PLAIN TEXT (GET /images/I/61oBTb)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,72,0,0]
|
||||
19 TCP 172.16.42.216:40871 <-> 54.239.29.253:443 [proto: 91.178/TLS.Amazon][Stack: TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 178/Amazon, Confidence: DNS][DPI packets: 6][cat: Web/5][Breed: Acceptable][20 pkts/7766 bytes <-> 21 pkts/8198 bytes][Goodput ratio: 86/86][3.82 sec][Hostname/SNI: skills-store.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.027 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 182/130 1403/1107 358/296][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 388/390 1514/1514 570/458][Risk: ** Weak TLS Cipher **][Risk Score: 100][Risk Info: Cipher TLS_RSA_WITH_AES_128_CBC_SHA][nDPI Fingerprint: 6e2bfb70839a1a0ac4ec7899bfb1336f][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][JA3S: 18e962e106761869a61045bed0e81c2c][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,18,9,4,0,0,0,9,4,0,0,0,4,0,0,0,0,13,0,0,0,4,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0]
|
||||
20 TCP 172.16.42.216:41912 <-> 52.84.62.115:443 [proto: 91.178/TLS.Amazon][Stack: TLS.Amazon][IP: 464/AWS_Cloudfront][Encrypted][Confidence: DPI][FPC: 178/Amazon, Confidence: DNS][DPI packets: 8][cat: Web/5][Breed: Acceptable][16 pkts/3960 bytes <-> 14 pkts/11986 bytes][Goodput ratio: 73/92][0.96 sec][Hostname/SNI: images-na.ssl-images-amazon.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.503 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 71/14 669/71 174/23][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 248/856 1340/1514 415/644][nDPI Fingerprint: 6e2bfb70839a1a0ac4ec7899bfb1336f][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][ServerNames: images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com][Certificate SHA-1: 39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52][Validity: 2016-09-23 00:00:00 - 2017-10-26 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,6,0,18,0,0,6,0,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,12,0,0,0,0,0,38,0,0]
|
||||
21 TCP 172.16.42.216:51985 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][Stack: HTTP.Amazon][IP: 464/AWS_Cloudfront][ClearText][Confidence: DPI][FPC: 178/Amazon, Confidence: DNS][DPI packets: 6][cat: Web/5][Breed: Acceptable][16 pkts/1623 bytes <-> 14 pkts/14282 bytes][Goodput ratio: 34/93][1.26 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.796 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 84/45 682/281 185/91][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 101/1020 613/1514 132/664][URL: ecx.images-amazon.com/images/I/51woiL9kgkL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][Server: Server][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][PLAIN TEXT (GET /images/I/51woiL9)][Plen Bins: 0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,75,0,0]
|
||||
22 TCP 172.16.42.216:51996 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][Stack: HTTP.Amazon][IP: 464/AWS_Cloudfront][ClearText][Confidence: DPI][FPC: 178/Amazon, Confidence: DNS][DPI packets: 6][cat: Web/5][Breed: Acceptable][15 pkts/1545 bytes <-> 13 pkts/14178 bytes][Goodput ratio: 35/94][1.13 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.803 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 75/22 764/207 210/62][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103/1091 613/1514 136/639][URL: ecx.images-amazon.com/images/I/81Ni5COup-L._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][Server: Server][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][PLAIN TEXT (GET /images/I/81Ni5)][Plen Bins: 0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,81,0,0]
|
||||
20 TCP 172.16.42.216:41912 <-> 52.84.62.115:443 [proto: 91.178/TLS.Amazon][Stack: TLS.Amazon][IP: 464/AWS_Cloudfront][Encrypted][Confidence: DPI][FPC: 178/Amazon, Confidence: DNS][DPI packets: 8][cat: Media/1][Breed: Acceptable][16 pkts/3960 bytes <-> 14 pkts/11986 bytes][Goodput ratio: 73/92][0.96 sec][Hostname/SNI: images-na.ssl-images-amazon.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.503 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 71/14 669/71 174/23][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 248/856 1340/1514 415/644][nDPI Fingerprint: 6e2bfb70839a1a0ac4ec7899bfb1336f][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][ServerNames: images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com][Certificate SHA-1: 39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52][Validity: 2016-09-23 00:00:00 - 2017-10-26 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,6,0,18,0,0,6,0,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,12,0,0,0,0,0,38,0,0]
|
||||
21 TCP 172.16.42.216:51985 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][Stack: HTTP.Amazon][IP: 464/AWS_Cloudfront][ClearText][Confidence: DPI][FPC: 178/Amazon, Confidence: DNS][DPI packets: 6][cat: Media/1][Breed: Acceptable][16 pkts/1623 bytes <-> 14 pkts/14282 bytes][Goodput ratio: 34/93][1.26 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.796 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 84/45 682/281 185/91][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 101/1020 613/1514 132/664][URL: ecx.images-amazon.com/images/I/51woiL9kgkL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][Server: Server][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][PLAIN TEXT (GET /images/I/51woiL9)][Plen Bins: 0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,75,0,0]
|
||||
22 TCP 172.16.42.216:51996 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][Stack: HTTP.Amazon][IP: 464/AWS_Cloudfront][ClearText][Confidence: DPI][FPC: 178/Amazon, Confidence: DNS][DPI packets: 6][cat: Media/1][Breed: Acceptable][15 pkts/1545 bytes <-> 13 pkts/14178 bytes][Goodput ratio: 35/94][1.13 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.803 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 75/22 764/207 210/62][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103/1091 613/1514 136/639][URL: ecx.images-amazon.com/images/I/81Ni5COup-L._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][Server: Server][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][PLAIN TEXT (GET /images/I/81Ni5)][Plen Bins: 0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,81,0,0]
|
||||
23 TCP 172.16.42.216:53682 <-> 54.239.22.185:443 [proto: 91.178/TLS.Amazon][Stack: TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 178/Amazon, Confidence: DNS][DPI packets: 9][cat: Web/5][Breed: Acceptable][16 pkts/10167 bytes <-> 13 pkts/5328 bytes][Goodput ratio: 91/86][163.85 sec][Hostname/SNI: firs-ta-g7g.amazon.com][bytes ratio: 0.312 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 12603/417 159135/3907 42305/1164][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 635/410 1514/1514 644/520][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 77fcb32cd3006fc460171e2e171695f7][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d220500_5fd681855ab9_c70a3c84db07][ServerNames: firs-ta-g7g.amazon.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=firs-ta-g7g.amazon.com][Certificate SHA-1: A0:32:45:00:21:A0:00:56:62:BA:FE:E7:68:81:40:5F:68:7E:A6:86][Firefox][Validity: 2016-11-25 00:00:00 - 2017-12-31 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,6,0,6,0,0,0,6,0,0,0,0,6,0,0,0,0,0,13,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,47,0,0]
|
||||
24 TCP 172.16.42.216:45712 <-> 52.94.232.134:443 [proto: 91.110/TLS.AmazonAlexa][Stack: TLS.AmazonAlexa][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 110/AmazonAlexa, Confidence: DNS][DPI packets: 8][cat: VirtAssistant/32][Breed: Acceptable][24 pkts/11240 bytes <-> 18 pkts/3909 bytes][Goodput ratio: 88/73][5.97 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.484 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 271/206 1239/905 390/325][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 468/217 1514/715 608/241][Risk: ** Weak TLS Cipher **][Risk Score: 100][Risk Info: Cipher TLS_RSA_WITH_AES_128_CBC_SHA][nDPI Fingerprint: 6e2bfb70839a1a0ac4ec7899bfb1336f][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][JA3S: 18e962e106761869a61045bed0e81c2c][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,10,5,5,0,10,10,5,0,0,0,0,0,0,5,5,5,0,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0]
|
||||
25 TCP 172.16.42.216:40854 <-> 54.239.29.253:443 [proto: 91.178/TLS.Amazon][Stack: TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 178/Amazon, Confidence: DNS][DPI packets: 6][cat: Web/5][Breed: Acceptable][21 pkts/6285 bytes <-> 16 pkts/8842 bytes][Goodput ratio: 82/90][2.68 sec][Hostname/SNI: skills-store.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.169 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 146/106 1158/932 299/253][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 299/553 1514/1514 504/512][Risk: ** Weak TLS Cipher **][Risk Score: 100][Risk Info: Cipher TLS_RSA_WITH_AES_128_CBC_SHA][nDPI Fingerprint: 6e2bfb70839a1a0ac4ec7899bfb1336f][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][ServerNames: skills-store.amazon.com][JA3S: 18e962e106761869a61045bed0e81c2c][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=skills-store.amazon.com][Certificate SHA-1: 2A:40:0E:E9:9A:EC:7C:0D:40:AA:C9:C5:66:67:00:B8:3E:90:DC:B2][Validity: 2016-05-14 00:00:00 - 2017-05-15 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,11,0,0,0,0,11,0,0,0,5,0,0,0,0,0,0,30,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,5,0,0,0,0,0,5,24,0,0]
|
||||
26 TCP 172.16.42.216:55242 <-> 52.85.209.197:443 [proto: 91.178/TLS.Amazon][Stack: TLS.Amazon][IP: 464/AWS_Cloudfront][Encrypted][Confidence: DPI][FPC: 178/Amazon, Confidence: DNS][DPI packets: 8][cat: Web/5][Breed: Acceptable][18 pkts/6706 bytes <-> 20 pkts/8204 bytes][Goodput ratio: 82/84][123.38 sec][Hostname/SNI: www.amazon.com][bytes ratio: -0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 87/100 290/445 108/155][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 373/410 1514/1514 532/546][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 77fcb32cd3006fc460171e2e171695f7][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d220500_5fd681855ab9_c70a3c84db07][ServerNames: amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com][JA3S: 389ed42c02ebecc32e73aa31def07e14][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com][Certificate SHA-1: EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E][Firefox][Validity: 2016-10-31 00:00:00 - 2017-12-31 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 15,15,0,5,0,0,5,10,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,5,0,0,10,0,0,21,0,0]
|
||||
27 TCP 172.16.42.216:50799 <-> 54.239.28.178:443 [proto: 91.110/TLS.AmazonAlexa][Stack: TLS.AmazonAlexa][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 110/AmazonAlexa, Confidence: DNS][DPI packets: 7][cat: VirtAssistant/32][Breed: Acceptable][20 pkts/9329 bytes <-> 17 pkts/5540 bytes][Goodput ratio: 88/82][10.48 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.255 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 636/760 7767/8001 1851/2099][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 466/326 1514/1514 612/473][Risk: ** Weak TLS Cipher **][Risk Score: 100][Risk Info: Cipher TLS_RSA_WITH_AES_128_CBC_SHA][nDPI Fingerprint: 6e2bfb70839a1a0ac4ec7899bfb1336f][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][ServerNames: pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn][JA3S: 18e962e106761869a61045bed0e81c2c][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com][Certificate SHA-1: 13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24][Validity: 2017-01-12 00:00:00 - 2018-01-13 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,18,0,0,5,0,5,5,0,0,11,0,0,0,0,0,5,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,43,0,0]
|
||||
28 TCP 172.16.42.216:51993 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][Stack: HTTP.Amazon][IP: 464/AWS_Cloudfront][ClearText][Confidence: DPI][FPC: 178/Amazon, Confidence: DNS][DPI packets: 6][cat: Web/5][Breed: Acceptable][14 pkts/1479 bytes <-> 12 pkts/13075 bytes][Goodput ratio: 37/94][1.13 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.797 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 102/23 765/207 218/65][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 106/1090 613/1514 141/624][URL: ecx.images-amazon.com/images/I/61SZU-lPFNL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][Server: Server][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][PLAIN TEXT (GET /images/I/61S)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,80,0,0]
|
||||
29 TCP 172.16.42.216:51987 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][Stack: HTTP.Amazon][IP: 464/AWS_Cloudfront][ClearText][Confidence: DPI][FPC: 178/Amazon, Confidence: DNS][DPI packets: 6][cat: Web/5][Breed: Acceptable][14 pkts/1491 bytes <-> 12 pkts/12826 bytes][Goodput ratio: 37/94][1.26 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.792 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 96/22 682/154 199/50][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 106/1069 613/1514 141/605][URL: ecx.images-amazon.com/images/I/71GcCNTb6kL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][Server: Server][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][PLAIN TEXT (GET /images/I/71GcCNTb6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,70,0,0]
|
||||
28 TCP 172.16.42.216:51993 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][Stack: HTTP.Amazon][IP: 464/AWS_Cloudfront][ClearText][Confidence: DPI][FPC: 178/Amazon, Confidence: DNS][DPI packets: 6][cat: Media/1][Breed: Acceptable][14 pkts/1479 bytes <-> 12 pkts/13075 bytes][Goodput ratio: 37/94][1.13 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.797 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 102/23 765/207 218/65][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 106/1090 613/1514 141/624][URL: ecx.images-amazon.com/images/I/61SZU-lPFNL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][Server: Server][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][PLAIN TEXT (GET /images/I/61S)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,80,0,0]
|
||||
29 TCP 172.16.42.216:51987 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][Stack: HTTP.Amazon][IP: 464/AWS_Cloudfront][ClearText][Confidence: DPI][FPC: 178/Amazon, Confidence: DNS][DPI packets: 6][cat: Media/1][Breed: Acceptable][14 pkts/1491 bytes <-> 12 pkts/12826 bytes][Goodput ratio: 37/94][1.26 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.792 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 96/22 682/154 199/50][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 106/1069 613/1514 141/605][URL: ecx.images-amazon.com/images/I/71GcCNTb6kL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][Server: Server][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][PLAIN TEXT (GET /images/I/71GcCNTb6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,70,0,0]
|
||||
30 TCP 172.16.42.216:34069 <-> 54.239.24.186:443 [proto: 91.265/TLS.AmazonAWS][Stack: TLS.AmazonAWS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: DNS][DPI packets: 7][cat: Cloud/13][Breed: Acceptable][16 pkts/12799 bytes <-> 14 pkts/1381 bytes][Goodput ratio: 93/40][4.36 sec][Hostname/SNI: mobileanalytics.us-east-1.amazonaws.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: 0.805 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 256/126 2464/986 644/293][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 800/99 1514/449 707/105][nDPI Fingerprint: 6e2bfb70839a1a0ac4ec7899bfb1336f][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,8,0,0,8,0,0,0,8,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,59,0,0]
|
||||
31 TCP 172.16.42.216:45711 <-> 52.94.232.134:443 [proto: 91.110/TLS.AmazonAlexa][Stack: TLS.AmazonAlexa][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 110/AmazonAlexa, Confidence: DNS][DPI packets: 10][cat: VirtAssistant/32][Breed: Acceptable][22 pkts/11642 bytes <-> 11 pkts/2484 bytes][Goodput ratio: 89/74][21.11 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.648 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/64 1023/2459 6019/9247 1749/3564][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 529/226 1514/955 611/323][Risk: ** Weak TLS Cipher **][Risk Score: 100][Risk Info: Cipher TLS_RSA_WITH_AES_128_CBC_SHA][nDPI Fingerprint: 6e2bfb70839a1a0ac4ec7899bfb1336f][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][JA3S: 18e962e106761869a61045bed0e81c2c][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,12,6,0,0,6,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,6,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,31,0,0]
|
||||
32 TCP 172.16.42.216:42130 <-> 72.21.206.135:443 [proto: 91.178/TLS.Amazon][Stack: TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 178/Amazon, Confidence: DNS][DPI packets: 11][cat: Web/5][Breed: Acceptable][18 pkts/6237 bytes <-> 14 pkts/6594 bytes][Goodput ratio: 84/88][2.59 sec][Hostname/SNI: fls-na.amazon.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 164/169 783/785 225/244][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 346/471 1514/1514 494/576][nDPI Fingerprint: 6e2bfb70839a1a0ac4ec7899bfb1336f][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][ServerNames: fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx][JA3S: 159d46e54a2c066ef95e656fdf034e1d][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com][Certificate SHA-1: 2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A][Validity: 2017-01-07 00:00:00 - 2018-01-30 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,6,0,6,0,0,20,0,0,6,0,0,0,13,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,34,0,0]
|
||||
|
|
@ -103,14 +104,14 @@ JA Host Stats:
|
|||
36 TCP 172.16.42.216:45715 <-> 52.94.232.134:443 [proto: 91.110/TLS.AmazonAlexa][Stack: TLS.AmazonAlexa][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 110/AmazonAlexa, Confidence: DNS][DPI packets: 5][cat: VirtAssistant/32][Breed: Acceptable][18 pkts/10366 bytes <-> 11 pkts/1730 bytes][Goodput ratio: 90/63][22.60 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.714 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1160/2749 10810/15911 2672/5468][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 576/157 1514/555 667/178][Risk: ** Weak TLS Cipher **][Risk Score: 100][Risk Info: Cipher TLS_RSA_WITH_AES_128_CBC_SHA][nDPI Fingerprint: 6e2bfb70839a1a0ac4ec7899bfb1336f][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][JA3S: 18e962e106761869a61045bed0e81c2c][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,14,7,7,0,0,7,7,0,0,0,0,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,42,0,0]
|
||||
37 TCP 172.16.42.216:42129 <-> 72.21.206.135:443 [proto: 91.178/TLS.Amazon][Stack: TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 178/Amazon, Confidence: DNS][DPI packets: 9][cat: Web/5][Breed: Acceptable][16 pkts/5899 bytes <-> 13 pkts/6114 bytes][Goodput ratio: 85/88][2.59 sec][Hostname/SNI: fls-na.amazon.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.018 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 177/19 1347/104 365/37][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 369/470 1514/1514 557/597][nDPI Fingerprint: 6e2bfb70839a1a0ac4ec7899bfb1336f][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][ServerNames: fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx][JA3S: 159d46e54a2c066ef95e656fdf034e1d][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com][Certificate SHA-1: 2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A][Validity: 2017-01-07 00:00:00 - 2018-01-30 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,8,0,8,0,0,8,0,0,16,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,51,0,0]
|
||||
38 TCP 172.16.42.216:45680 <-> 52.94.232.134:443 [proto: 91.110/TLS.AmazonAlexa][Stack: TLS.AmazonAlexa][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 110/AmazonAlexa, Confidence: DNS][DPI packets: 7][cat: VirtAssistant/32][Breed: Acceptable][15 pkts/7129 bytes <-> 14 pkts/4292 bytes][Goodput ratio: 88/81][2.51 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.248 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 202/95 1324/374 353/142][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 475/307 1248/891 523/370][Risk: ** Weak TLS Cipher **][Risk Score: 100][Risk Info: Cipher TLS_RSA_WITH_AES_128_CBC_SHA][nDPI Fingerprint: 6e2bfb70839a1a0ac4ec7899bfb1336f][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][JA3S: 18e962e106761869a61045bed0e81c2c][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,14,7,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,21,7,7,0,0,0,0,0,0,0,0,0,0]
|
||||
39 TCP 172.16.42.216:41913 <-> 52.84.62.115:443 [proto: 91.178/TLS.Amazon][Stack: TLS.Amazon][IP: 464/AWS_Cloudfront][Encrypted][Confidence: DPI][FPC: 178/Amazon, Confidence: DNS][DPI packets: 8][cat: Web/5][Breed: Acceptable][9 pkts/2224 bytes <-> 9 pkts/8798 bytes][Goodput ratio: 73/93][0.15 sec][Hostname/SNI: images-na.ssl-images-amazon.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.596 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/13 52/61 18/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 247/978 1343/1514 394/629][nDPI Fingerprint: 6e2bfb70839a1a0ac4ec7899bfb1336f][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][ServerNames: images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com][Certificate SHA-1: 39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52][Validity: 2016-09-23 00:00:00 - 2017-10-26 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,10,0,0,10,0,10,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,50,0,0]
|
||||
39 TCP 172.16.42.216:41913 <-> 52.84.62.115:443 [proto: 91.178/TLS.Amazon][Stack: TLS.Amazon][IP: 464/AWS_Cloudfront][Encrypted][Confidence: DPI][FPC: 178/Amazon, Confidence: DNS][DPI packets: 8][cat: Media/1][Breed: Acceptable][9 pkts/2224 bytes <-> 9 pkts/8798 bytes][Goodput ratio: 73/93][0.15 sec][Hostname/SNI: images-na.ssl-images-amazon.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.596 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/13 52/61 18/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 247/978 1343/1514 394/629][nDPI Fingerprint: 6e2bfb70839a1a0ac4ec7899bfb1336f][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][ServerNames: images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com][Certificate SHA-1: 39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52][Validity: 2016-09-23 00:00:00 - 2017-10-26 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,10,0,0,10,0,10,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,50,0,0]
|
||||
40 TCP 172.16.42.216:50797 <-> 54.239.28.178:443 [proto: 91.110/TLS.AmazonAlexa][Stack: TLS.AmazonAlexa][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 110/AmazonAlexa, Confidence: DNS][DPI packets: 7][cat: VirtAssistant/32][Breed: Acceptable][14 pkts/5989 bytes <-> 11 pkts/4920 bytes][Goodput ratio: 87/87][10.17 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.098 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 92/114 346/441 105/161][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 428/447 1514/1514 576/536][Risk: ** Weak TLS Cipher **][Risk Score: 100][Risk Info: Cipher TLS_RSA_WITH_AES_128_CBC_SHA][nDPI Fingerprint: 6e2bfb70839a1a0ac4ec7899bfb1336f][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][ServerNames: pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn][JA3S: 18e962e106761869a61045bed0e81c2c][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com][Certificate SHA-1: 13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24][Validity: 2017-01-12 00:00:00 - 2018-01-13 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,7,0,7,0,0,15,0,0,0,15,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,39,0,0]
|
||||
41 TCP 172.16.42.216:47606 <-> 72.21.206.121:443 [proto: 91.178/TLS.Amazon][Stack: TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 178/Amazon, Confidence: DNS][DPI packets: 9][cat: Web/5][Breed: Acceptable][14 pkts/4321 bytes <-> 14 pkts/6297 bytes][Goodput ratio: 82/87][0.75 sec][Hostname/SNI: fls-na.amazon.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.186 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/27 255/176 73/52][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 309/450 1514/1514 496/585][nDPI Fingerprint: 6e2bfb70839a1a0ac4ec7899bfb1336f][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][ServerNames: fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx][JA3S: 159d46e54a2c066ef95e656fdf034e1d][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com][Certificate SHA-1: 2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A][Validity: 2017-01-07 00:00:00 - 2018-01-30 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,7,15,15,0,0,7,0,0,0,0,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,39,0,0]
|
||||
42 TCP 172.16.42.216:38757 <-> 54.239.28.178:443 [proto: 91.110/TLS.AmazonAlexa][Stack: TLS.AmazonAlexa][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 110/AmazonAlexa, Confidence: DNS][DPI packets: 7][cat: VirtAssistant/32][Breed: Acceptable][13 pkts/6382 bytes <-> 8 pkts/3973 bytes][Goodput ratio: 89/89][2.80 sec][bytes ratio: 0.233 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 254/411 1240/2328 378/858][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 491/497 1344/1514 576/598][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_AES_128_CBC_SHA;TLSv1][nDPI Fingerprint: d8b65c2b6c348c9813c4a1a3a5bd1c18][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1][JA4: t10i140200_37d7d24289bf_33a13ba74d1c][ServerNames: pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn][JA3S: 18e962e106761869a61045bed0e81c2c][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com][Certificate SHA-1: 13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24][Validity: 2017-01-12 00:00:00 - 2018-01-13 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,9,0,0,0,9,9,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,36,0,0,0,0,18,0,0]
|
||||
43 TCP 172.16.42.216:40864 <-> 54.239.29.253:443 [proto: 91.178/TLS.Amazon][Stack: TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 178/Amazon, Confidence: DNS][DPI packets: 5][cat: Web/5][Breed: Acceptable][15 pkts/2838 bytes <-> 16 pkts/7478 bytes][Goodput ratio: 71/88][4.06 sec][Hostname/SNI: skills-store.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.450 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 66/267 259/1771 98/509][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 189/467 1514/1514 363/499][Risk: ** Weak TLS Cipher **][Risk Score: 100][Risk Info: Cipher TLS_RSA_WITH_AES_128_CBC_SHA][nDPI Fingerprint: 6e2bfb70839a1a0ac4ec7899bfb1336f][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][JA3S: 18e962e106761869a61045bed0e81c2c][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,20,6,0,0,0,6,13,0,0,0,0,0,0,0,0,0,26,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,20,0,0]
|
||||
44 TCP 172.16.42.216:45693 <-> 52.94.232.134:443 [proto: 91.110/TLS.AmazonAlexa][Stack: TLS.AmazonAlexa][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 110/AmazonAlexa, Confidence: DNS][DPI packets: 5][cat: VirtAssistant/32][Breed: Acceptable][15 pkts/4412 bytes <-> 13 pkts/5784 bytes][Goodput ratio: 81/87][4.69 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.135 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 390/24 4145/80 1133/32][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 294/445 1514/1514 485/599][Risk: ** Weak TLS Cipher **][Risk Score: 100][Risk Info: Cipher TLS_RSA_WITH_AES_128_CBC_SHA][nDPI Fingerprint: 6e2bfb70839a1a0ac4ec7899bfb1336f][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][JA3S: 18e962e106761869a61045bed0e81c2c][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 7,15,7,0,7,0,7,7,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0]
|
||||
45 TCP 172.16.42.216:54427 <-> 52.85.209.216:443 [proto: 91.178/TLS.Amazon][Stack: TLS.Amazon][IP: 464/AWS_Cloudfront][Encrypted][Confidence: DPI][FPC: 178/Amazon, Confidence: DNS][DPI packets: 6][cat: Web/5][Breed: Acceptable][13 pkts/8467 bytes <-> 8 pkts/1403 bytes][Goodput ratio: 90/62][1.35 sec][Hostname/SNI: www.amazon.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: 0.716 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/12 109/125 514/453 157/165][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 651/175 1514/777 663/233][nDPI Fingerprint: ab42a1d37c497782b68b77acaa21856b][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1511h2_f0daf39aad75_7ed7223c468c][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,11,0,0,11,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,22,0,0]
|
||||
46 TCP 172.16.42.216:51994 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][Stack: HTTP.Amazon][IP: 464/AWS_Cloudfront][ClearText][Confidence: DPI][FPC: 178/Amazon, Confidence: DNS][DPI packets: 7][cat: Web/5][Breed: Acceptable][11 pkts/1293 bytes <-> 10 pkts/8334 bytes][Goodput ratio: 42/92][1.10 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.731 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 106/24 808/113 266/39][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 118/833 613/1514 157/652][URL: ecx.images-amazon.com/images/I/315y9IEXZSL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][Server: Server][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][PLAIN TEXT (GET /images/I/315)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,57,0,0]
|
||||
46 TCP 172.16.42.216:51994 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][Stack: HTTP.Amazon][IP: 464/AWS_Cloudfront][ClearText][Confidence: DPI][FPC: 178/Amazon, Confidence: DNS][DPI packets: 7][cat: Media/1][Breed: Acceptable][11 pkts/1293 bytes <-> 10 pkts/8334 bytes][Goodput ratio: 42/92][1.10 sec][Hostname/SNI: ecx.images-amazon.com][bytes ratio: -0.731 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 106/24 808/113 266/39][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 118/833 613/1514 157/652][URL: ecx.images-amazon.com/images/I/315y9IEXZSL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][Server: Server][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.2924.87 Mobile Safari/537.36 PitanguiBridge/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][PLAIN TEXT (GET /images/I/315)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,57,0,0]
|
||||
47 TCP 172.16.42.216:44001 <-> 176.32.101.52:443 [proto: 91.178/TLS.Amazon][Stack: TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 178/Amazon, Confidence: DNS][DPI packets: 8][cat: Web/5][Breed: Acceptable][22 pkts/4394 bytes <-> 19 pkts/5213 bytes][Goodput ratio: 72/79][101.63 sec][Hostname/SNI: dp-gw-na-js.amazon.com][bytes ratio: -0.085 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 5968/5788 80048/79926 19049/20563][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 200/274 1514/1514 303/442][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 9ee3b53542b1106295f6d63cf3949177][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d150900_f0daf39aad75_e69ac49eb88f][ServerNames: dp-gw-na.amazon.com,dp-gw-na-js.amazon.com,dp-gw-na.amazon.co.uk,dp-gw-na.amazon.de,dp-gw-na.amazon.co.jp,dp-gw-na.amazon.in][JA3S: fbe78c619e7ea20046131294ad087f05][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=dp-gw-na.amazon.com][Certificate SHA-1: 27:E5:06:34:82:69:BC:97:5E:28:A3:C1:5A:23:81:C7:E3:28:95:8C][Validity: 2016-09-24 00:00:00 - 2017-09-13 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 9,14,4,4,4,0,29,9,0,4,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0]
|
||||
48 TCP 172.16.42.216:45714 <-> 52.94.232.134:443 [proto: 91.110/TLS.AmazonAlexa][Stack: TLS.AmazonAlexa][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 110/AmazonAlexa, Confidence: DNS][DPI packets: 5][cat: VirtAssistant/32][Breed: Acceptable][17 pkts/7542 bytes <-> 10 pkts/1990 bytes][Goodput ratio: 88/71][18.45 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.582 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1317/1449 6762/8309 2110/3069][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 444/199 1514/699 598/247][Risk: ** Weak TLS Cipher **][Risk Score: 100][Risk Info: Cipher TLS_RSA_WITH_AES_128_CBC_SHA][nDPI Fingerprint: 6e2bfb70839a1a0ac4ec7899bfb1336f][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][JA3S: 18e962e106761869a61045bed0e81c2c][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,15,7,0,15,7,0,7,0,0,0,0,0,0,0,0,0,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,0,0]
|
||||
49 TCP 172.16.42.216:38404 <-> 34.199.52.240:443 [proto: 91.265/TLS.AmazonAWS][Stack: TLS.AmazonAWS][IP: 461/AWS_EC2][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: DNS][DPI packets: 8][cat: Cloud/13][Breed: Acceptable][15 pkts/3140 bytes <-> 12 pkts/6286 bytes][Goodput ratio: 69/87][1.00 sec][Hostname/SNI: cognito-identity.us-east-1.amazonaws.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.334 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 74/55 364/256 109/84][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 209/524 950/1514 299/598][nDPI Fingerprint: 6e2bfb70839a1a0ac4ec7899bfb1336f][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][ServerNames: cognito-identity.amazonaws.com,cognito-identity.us-east-1.amazonaws.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=cognito-identity.us-east-1.amazonaws.com][Certificate SHA-1: 56:17:8F:E9:45:10:32:78:FF:FD:E3:09:60:5A:B5:3B:8D:8C:F8:34][Validity: 2016-05-25 00:00:00 - 2017-06-22 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 8,16,0,8,0,0,0,0,8,0,0,0,0,0,0,8,8,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0]
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ LRU cache tls_cert: 0/11/0 (insert/search/found)
|
|||
LRU cache mining: 0/8/0 (insert/search/found)
|
||||
LRU cache msteams: 0/0/0 (insert/search/found)
|
||||
LRU cache fpc_dns: 20/18/1 (insert/search/found)
|
||||
Automa host: 121/25 (search/found)
|
||||
Automa host: 117/21 (search/found)
|
||||
Automa domain: 69/0 (search/found)
|
||||
Automa tls cert: 4/0 (search/found)
|
||||
Automa risk mask: 0/0 (search/found)
|
||||
|
|
@ -28,14 +28,14 @@ Patricia protocols IPv6: 6/0 (search/found)
|
|||
Hash malicious ja4: 7/0 (search/found)
|
||||
Hash malicious sha1: 4/0 (search/found)
|
||||
Hash TCP fingerprints: 8/0 (search/found)
|
||||
Hash public domain suffix: 557/317 (search/found)
|
||||
Hash public domain suffix: 541/305 (search/found)
|
||||
Hash ja4 custom protos: 7/0 (search/found)
|
||||
Hash fp custom protos: 6/0 (search/found)
|
||||
Hash url custom protos: 4/0 (search/found)
|
||||
|
||||
Unknown 19 1054 2
|
||||
DNS 42 5072 21
|
||||
HTTP 50 11137 5
|
||||
HTTP 21 4444 3
|
||||
MDNS 24 4279 4
|
||||
NetBIOS 15 1542 1
|
||||
SSDP 15 5625 9
|
||||
|
|
@ -45,6 +45,7 @@ IGMP 8 378 6
|
|||
TLS 328 86914 13
|
||||
ICMPV6 18 2964 2
|
||||
Slack 27 4825 1
|
||||
Mozilla 29 6693 2
|
||||
AJP 5 390 1
|
||||
CiscoVPN 3 198 1
|
||||
|
||||
|
|
@ -71,11 +72,11 @@ JA Host Stats:
|
|||
4 TCP 10.0.0.227:56918 <-> 8.37.102.91:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 12][cat: Web/5][Breed: Safe][16 pkts/2739 bytes <-> 14 pkts/7315 bytes][Goodput ratio: 61/87][0.35 sec][(Advertised) ALPNs: http/1.1][bytes ratio: -0.455 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 23/26 48/88 21/29][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 171/522 1175/1514 274/624][Risk: ** Weak TLS Cipher **** Missing SNI TLS Extn **** ALPN/SNI Mismatch **][Risk Score: 200][Risk Info: http/1.1;SNI should always be present;Cipher TLS_RSA_WITH_AES_256_CBC_SHA][nDPI Fingerprint: 0ab478f88458d4b7e389280db8733f0c][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12i2204h1_95b9206a23eb_1ea9011b3dfa][ServerNames: *.pandion.viasat.com,pandion.viasat.com][JA3S: 82f0d8a75fa483d1cfe4b7085b784d7e][Issuer: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K][Subject: C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com][Certificate SHA-1: 92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA][Firefox][Validity: 2019-02-05 21:43:58 - 2021-02-05 22:13:57][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,16,8,0,0,8,0,8,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,8,0,25,0,0]
|
||||
5 UDP 10.0.0.227:54107 <-> 8.37.102.91:443 [proto: 30/DTLS][Stack: DTLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 30/DTLS, Confidence: DPI][DPI packets: 4][cat: Web/5][Breed: Safe][14 pkts/2322 bytes <-> 15 pkts/3787 bytes][Goodput ratio: 75/83][0.24 sec][bytes ratio: -0.240 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 21/16 47/46 19/20][Pkt Len c2s/s2c min/avg/max/stddev: 135/90 166/252 199/407 17/74][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLS (0100)][nDPI Fingerprint: 1a807ac363d310723a28fc779bc4386f][TLS (0100)][JA4: d00i010000_2cfe23c976cf_000000000000][JA3S: cee68a158056f16c2d1b274dde4e2ec3][Cipher: TLS_DHE_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,3,3,39,13,18,3,6,6,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
6 TCP 10.0.0.227:56920 <-> 99.86.34.156:443 [proto: 91.118/TLS.Slack][Stack: TLS.Slack][IP: 464/AWS_Cloudfront][Encrypted][Confidence: DPI][FPC: 118/Slack, Confidence: DNS][DPI packets: 6][cat: Collaborative/15][Breed: Acceptable][16 pkts/2949 bytes <-> 11 pkts/1876 bytes][Goodput ratio: 64/61][11.47 sec][Hostname/SNI: slack.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: 0.222 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 866/28 11074/80 2947/34][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 184/171 853/487 228/155][nDPI Fingerprint: 34104aa1b54ff5ab855f9d5aea374abf][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1313h2_8b80da21ef18_e48c60694ef0][JA3S: 7bee5c1d424b7e5f943b06983bb11422][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,34,16,0,8,0,0,0,0,0,0,0,8,16,0,0,8,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
7 TCP 10.0.0.227:56884 <-> 184.25.56.77:80 [proto: 7/HTTP][Stack: HTTP][IP: 467/Akamai][ClearText][Confidence: DPI][FPC: 467/Akamai, Confidence: IP address][DPI packets: 6][cat: ConnCheck/30][Breed: Safe][12 pkts/2303 bytes <-> 7 pkts/2382 bytes][Goodput ratio: 67/81][18.51 sec][Hostname/SNI: detectportal.firefox.com][bytes ratio: -0.017 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 7/31 1824/3642 10081/10083 3593/4385][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 192/340 373/450 153/173][URL: detectportal.firefox.com/success.txt?ipv4][StatusCode: 200][Content-Type: text/plain][Server: AmazonS3][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko/20100101 Firefox/69.0][PLAIN TEXT (GET /success.txt)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
7 TCP 10.0.0.227:56884 <-> 184.25.56.77:80 [proto: 7.125/HTTP.Mozilla][Stack: HTTP.Mozilla][IP: 467/Akamai][ClearText][Confidence: DPI][FPC: 467/Akamai, Confidence: IP address][DPI packets: 6][cat: ConnCheck/30][Breed: Safe][12 pkts/2303 bytes <-> 7 pkts/2382 bytes][Goodput ratio: 67/81][18.51 sec][Hostname/SNI: detectportal.firefox.com][bytes ratio: -0.017 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 7/31 1824/3642 10081/10083 3593/4385][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 192/340 373/450 153/173][URL: detectportal.firefox.com/success.txt?ipv4][StatusCode: 200][Content-Type: text/plain][Server: AmazonS3][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko/20100101 Firefox/69.0][PLAIN TEXT (GET /success.txt)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
8 TCP 10.0.0.227:56320 <-> 10.0.0.149:8009 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 2][cat: Web/5][Breed: Safe][20 pkts/2420 bytes <-> 10 pkts/1760 bytes][Goodput ratio: 45/62][45.04 sec][bytes ratio: 0.158 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2/5003 2648/5004 5001/5006 2495/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/176 121/176 176/176 55/0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
9 ICMPV6 [fe80::2e7e:81ff:feb0:4aa1]:0 -> [ff02::1]:0 [proto: 102/ICMPV6][Stack: ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 102/ICMPV6, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][16 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 64/0][45.47 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2867/0 3028/0 3072/0 84/0][Pkt Len c2s/s2c min/avg/max/stddev: 174/0 174/0 174/0 0/0][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
10 TCP 10.0.0.227:56955 <-> 10.0.0.151:8060 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][Breed: Acceptable][6 pkts/650 bytes <-> 5 pkts/1668 bytes][Goodput ratio: 37/80][4.02 sec][Hostname/SNI: 10.0.0.151][bytes ratio: -0.439 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 4/4 9/6 3/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 108/334 308/1206 89/442][URL: 10.0.0.151:8060/dial/dd.xml][StatusCode: 200][Content-Type: text/xml][Server: Roku UPnP/1.0 MiniUPnPd/1.4][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 10.0.0.151;Expected on port 80][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (GET /dial/dd.xml HTTP/1.1)][Plen Bins: 0,0,0,0,0,33,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
11 TCP 10.0.0.227:56917 <-> 184.25.56.77:80 [proto: 7/HTTP][Stack: HTTP][IP: 467/Akamai][ClearText][Confidence: DPI][FPC: 467/Akamai, Confidence: IP address][DPI packets: 6][cat: ConnCheck/30][Breed: Safe][6 pkts/976 bytes <-> 4 pkts/1032 bytes][Goodput ratio: 62/74][18.47 sec][Hostname/SNI: detectportal.firefox.com][bytes ratio: -0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 28/573 3694/6151 10081/10078 4344/4052][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 163/258 368/450 145/192][URL: detectportal.firefox.com/success.txt][StatusCode: 200][Content-Type: text/plain][Server: AmazonS3][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko/20100101 Firefox/69.0][PLAIN TEXT (GET /success.txt HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
11 TCP 10.0.0.227:56917 <-> 184.25.56.77:80 [proto: 7.125/HTTP.Mozilla][Stack: HTTP.Mozilla][IP: 467/Akamai][ClearText][Confidence: DPI][FPC: 467/Akamai, Confidence: IP address][DPI packets: 6][cat: ConnCheck/30][Breed: Safe][6 pkts/976 bytes <-> 4 pkts/1032 bytes][Goodput ratio: 62/74][18.47 sec][Hostname/SNI: detectportal.firefox.com][bytes ratio: -0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 28/573 3694/6151 10081/10078 4344/4052][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 163/258 368/450 145/192][URL: detectportal.firefox.com/success.txt][StatusCode: 200][Content-Type: text/plain][Server: AmazonS3][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko/20100101 Firefox/69.0][PLAIN TEXT (GET /success.txt HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
12 TCP 10.0.0.227:56954 <-> 10.0.0.149:8008 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][Breed: Acceptable][4 pkts/527 bytes <-> 3 pkts/1401 bytes][Goodput ratio: 48/85][0.01 sec][Hostname/SNI: 10.0.0.149][bytes ratio: -0.453 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/3 2/3 6/3 3/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 132/467 317/1261 107/561][URL: 10.0.0.149:8008/ssdp/device-desc.xml][StatusCode: 200][Content-Type: application/xml][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 10.0.0.149;Expected on port 80][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (HGET /ssdp/device)][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0]
|
||||
13 UDP [fe80::408:3e45:3abc:1552]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 6][cat: Network/14][Breed: Acceptable][9 pkts/1628 bytes -> 0 pkts/0 bytes][Goodput ratio: 66/0][25.40 sec][Hostname/SNI: _raop._tcp.local][_raop._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 819/0 3174/0 11263/0 3646/0][Pkt Len c2s/s2c min/avg/max/stddev: 152/0 181/0 206/0 24/0][PLAIN TEXT (companion)][Plen Bins: 0,0,33,22,44,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
14 UDP 10.0.0.227:137 -> 10.0.0.255:137 [proto: 10/NetBIOS][Stack: NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 10/NetBIOS, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][15 pkts/1542 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][6.05 sec][Hostname/SNI: lp-rkerur-osx][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 465/0 1499/0 677/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/0 103/0 110/0 9/0][PLAIN TEXT ( EMFACNFCELEFFC)][Plen Bins: 0,40,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -1,7 +1,8 @@
|
|||
DPI Packets (TCP): 27 (13.50 pkts/flow)
|
||||
DPI Packets (UDP): 2 (2.00 pkts/flow)
|
||||
DPI Packets (other): 1 (1.00 pkts/flow)
|
||||
Confidence DPI : 3 (flows)
|
||||
Num dissector calls: 320 (106.67 diss/flow)
|
||||
Confidence DPI : 4 (flows)
|
||||
Num dissector calls: 321 (80.25 diss/flow)
|
||||
LRU cache ookla: 0/0/0 (insert/search/found)
|
||||
LRU cache bittorrent: 0/0/0 (insert/search/found)
|
||||
LRU cache stun: 0/0/0 (insert/search/found)
|
||||
|
|
@ -9,33 +10,42 @@ LRU cache tls_cert: 0/0/0 (insert/search/found)
|
|||
LRU cache mining: 0/0/0 (insert/search/found)
|
||||
LRU cache msteams: 0/0/0 (insert/search/found)
|
||||
LRU cache fpc_dns: 0/2/0 (insert/search/found)
|
||||
Automa host: 0/0 (search/found)
|
||||
Automa domain: 0/0 (search/found)
|
||||
Automa host: 2/0 (search/found)
|
||||
Automa domain: 1/0 (search/found)
|
||||
Automa tls cert: 0/0 (search/found)
|
||||
Automa risk mask: 0/0 (search/found)
|
||||
Automa common alpns: 0/0 (search/found)
|
||||
Automa common alpns: 1/1 (search/found)
|
||||
Patricia risk mask: 2/0 (search/found)
|
||||
Patricia risk mask IPv6: 2/0 (search/found)
|
||||
Patricia risk: 0/0 (search/found)
|
||||
Patricia risk IPv6: 2/0 (search/found)
|
||||
Patricia protocols: 2/0 (search/found)
|
||||
Patricia protocols: 3/1 (search/found)
|
||||
Patricia protocols IPv6: 4/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious ja4: 1/0 (search/found)
|
||||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 2/0 (search/found)
|
||||
Hash public domain suffix: 0/0 (search/found)
|
||||
Hash ja4 custom protos: 0/0 (search/found)
|
||||
Hash fp custom protos: 0/0 (search/found)
|
||||
Hash public domain suffix: 12/7 (search/found)
|
||||
Hash ja4 custom protos: 1/0 (search/found)
|
||||
Hash fp custom protos: 1/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
SSH 84 14188 2
|
||||
ESP 1 346 1
|
||||
QUIC 10 10090 1
|
||||
|
||||
Safe 1 346 1
|
||||
Acceptable 84 14188 2
|
||||
Tracker_Ads 10 10090 1
|
||||
|
||||
Malware 85 14534 3
|
||||
Advertisement 10 10090 1
|
||||
|
||||
1 TCP [2001:db8:1::1]:64720 <-> [2001:db8:200::1]:20868 [proto: 92/SSH][Stack: SSH][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 17][cat: Malware/100][Breed: Acceptable][32 pkts/3639 bytes <-> 30 pkts/6335 bytes][Goodput ratio: 24/59][5.34 sec][Hostname/SNI: SSH-1.5-1.2.26][bytes ratio: -0.270 (Download)][IAT c2s/s2c min/avg/max/stddev: 13/74 184/193 1212/1436 234/283][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 114/211 250/1294 47/257][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 22][TCP Fingerprint: 2_64_8192_781448c930cc/Unknown][Server: SSH-1.5-1.2.26][Plen Bins: 69,6,0,0,11,2,0,0,2,0,0,0,0,0,2,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]
|
||||
2 TCP 172.26.219.44:58639 <-> 172.30.69.103:22 [proto: 92/SSH][Stack: SSH][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: Malware/100][Breed: Acceptable][11 pkts/2011 bytes <-> 11 pkts/2203 bytes][Goodput ratio: 63/67][0.11 sec][Hostname/SNI: SSH-2.0-OpenSSH_6.1][bytes ratio: -0.046 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/7 39/41 12/13][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 183/200 1026/770 270/223][Risk: ** SSH Obsolete Cli Vers/Cipher **** SSH Obsolete Ser Vers/Cipher **** Client Contacted A Malware Host **][Risk Score: 300][Risk Info: Client contacted malware host;Found cipher arcfour128;Found cipher arcfour128][TCP Fingerprint: 2_64_14600_2e3cee914fc1/Unknown][HASSH-C: D6593B3202A30B2AA9793A00F8647A0A][Server: SSH-1.99-OpenSSH_4.3][HASSH-S: 500033A73A293E7C36743693D0D4596B][Plen Bins: 31,15,15,0,15,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
3 ESP [2a01:e34:ef6f:4340:94be:5dac:c20a:d2a0]:0 -> [2001:1670:8:40a6:a08e:332b:aa69:18dc]:0 [VLAN: 121][proto: 117/ESP][Stack: ESP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 117/ESP, Confidence: DPI][DPI packets: 1][cat: Malware/100][Breed: Safe][1 pkts/346 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **** Client Contacted A Malware Host **][Risk Score: 170][Risk Info: Client contacted malware host;No server to client traffic;Entropy: 7.199 (Encrypted Executable?)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
JA Host Stats:
|
||||
IP Address # JA4C
|
||||
1 10.140.124.26 1
|
||||
|
||||
|
||||
1 UDP 10.140.124.26:50424 <-> 34.149.76.49:443 [VLAN: 223][proto: GTP:188/QUIC][Stack: QUIC][IP: 284/GoogleCloud][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Advertisement/101][Breed: Tracker_Ads][4 pkts/4134 bytes <-> 6 pkts/5956 bytes][Goodput ratio: 92/91][0.18 sec][Hostname/SNI: gateway.unityads.unity3d.com][(Advertised) ALPNs: h3][TLS Supported Versions: TLSv1.3][bytes ratio: -0.181 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 60/0 180/2 85/1][Pkt Len c2s/s2c min/avg/max/stddev: 126/126 1034/993 1336/1336 524/497][nDPI Fingerprint: 1948f40be9484fd13066c8c3de191e09][TLSv1.3][QUIC ver: V-1][JA4: q13d0311h3_55b375c5d22e_653d80c3fe9d][ECH: version 0xfe0d][Plen Bins: 0,20,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,70,0,0,0,0,0,0,0,0]
|
||||
2 TCP [2001:db8:1::1]:64720 <-> [2001:db8:200::1]:20868 [proto: 92/SSH][Stack: SSH][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 17][cat: Malware/100][Breed: Acceptable][32 pkts/3639 bytes <-> 30 pkts/6335 bytes][Goodput ratio: 24/59][5.34 sec][Hostname/SNI: SSH-1.5-1.2.26][bytes ratio: -0.270 (Download)][IAT c2s/s2c min/avg/max/stddev: 13/74 184/193 1212/1436 234/283][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 114/211 250/1294 47/257][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 22][TCP Fingerprint: 2_64_8192_781448c930cc/Unknown][Server: SSH-1.5-1.2.26][Plen Bins: 69,6,0,0,11,2,0,0,2,0,0,0,0,0,2,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]
|
||||
3 TCP 172.26.219.44:58639 <-> 172.30.69.103:22 [proto: 92/SSH][Stack: SSH][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: Malware/100][Breed: Acceptable][11 pkts/2011 bytes <-> 11 pkts/2203 bytes][Goodput ratio: 63/67][0.11 sec][Hostname/SNI: SSH-2.0-OpenSSH_6.1][bytes ratio: -0.046 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/7 39/41 12/13][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 183/200 1026/770 270/223][Risk: ** SSH Obsolete Cli Vers/Cipher **** SSH Obsolete Ser Vers/Cipher **** Client Contacted A Malware Host **][Risk Score: 300][Risk Info: Client contacted malware host;Found cipher arcfour128;Found cipher arcfour128][TCP Fingerprint: 2_64_14600_2e3cee914fc1/Unknown][HASSH-C: D6593B3202A30B2AA9793A00F8647A0A][Server: SSH-1.99-OpenSSH_4.3][HASSH-S: 500033A73A293E7C36743693D0D4596B][Plen Bins: 31,15,15,0,15,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
4 ESP [2a01:e34:ef6f:4340:94be:5dac:c20a:d2a0]:0 -> [2001:1670:8:40a6:a08e:332b:aa69:18dc]:0 [VLAN: 121][proto: 117/ESP][Stack: ESP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 117/ESP, Confidence: DPI][DPI packets: 1][cat: Malware/100][Breed: Safe][1 pkts/346 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **** Client Contacted A Malware Host **][Risk Score: 170][Risk Info: Client contacted malware host;No server to client traffic;Entropy: 7.199 (Encrypted Executable?)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -4,11 +4,11 @@ Num dissector calls: 6 (1.00 diss/flow)
|
|||
LRU cache ookla: 0/0/0 (insert/search/found)
|
||||
LRU cache bittorrent: 0/0/0 (insert/search/found)
|
||||
LRU cache stun: 0/0/0 (insert/search/found)
|
||||
LRU cache tls_cert: 0/0/0 (insert/search/found)
|
||||
LRU cache tls_cert: 0/2/0 (insert/search/found)
|
||||
LRU cache mining: 0/0/0 (insert/search/found)
|
||||
LRU cache msteams: 0/0/0 (insert/search/found)
|
||||
LRU cache fpc_dns: 0/6/0 (insert/search/found)
|
||||
Automa host: 6/6 (search/found)
|
||||
Automa host: 7/5 (search/found)
|
||||
Automa domain: 6/0 (search/found)
|
||||
Automa tls cert: 0/0 (search/found)
|
||||
Automa risk mask: 0/0 (search/found)
|
||||
|
|
@ -22,16 +22,19 @@ Patricia protocols IPv6: 0/0 (search/found)
|
|||
Hash malicious ja4: 6/0 (search/found)
|
||||
Hash malicious sha1: 4/0 (search/found)
|
||||
Hash TCP fingerprints: 6/6 (search/found)
|
||||
Hash public domain suffix: 51/30 (search/found)
|
||||
Hash public domain suffix: 47/28 (search/found)
|
||||
Hash ja4 custom protos: 6/0 (search/found)
|
||||
Hash fp custom protos: 6/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
Pluralsight 44 29652 6
|
||||
Pluralsight 40 27427 5
|
||||
TLS 4 2225 1
|
||||
|
||||
Fun 44 29652 6
|
||||
Fun 40 27427 5
|
||||
Tracker_Ads 4 2225 1
|
||||
|
||||
Streaming 44 29652 6
|
||||
Streaming 40 27427 5
|
||||
Advertisement 4 2225 1
|
||||
|
||||
JA Host Stats:
|
||||
IP Address # JA4C
|
||||
|
|
@ -42,5 +45,5 @@ JA Host Stats:
|
|||
2 TCP 192.168.1.128:42782 <-> 146.75.62.208:443 [proto: 91.61/TLS.Pluralsight][Stack: TLS.Pluralsight][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Streaming/17][Breed: Fun][3 pkts/816 bytes <-> 6 pkts/5407 bytes][Goodput ratio: 75/93][0.05 sec][Hostname/SNI: pluralsight2.imgix.net][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.738 (Download)][IAT c2s/s2c min/avg/max/stddev: 15/0 17/7 19/19 2/9][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 272/901 583/1406 223/547][nDPI Fingerprint: f405dac8aa2f0b5ee1d6f28bd6582412][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.2][JA4: t13d1516h2_8daaf6152771_e5627efa2ab1][ServerNames: *.imgix.com,*.imgix.net,imgix.com,imgix.net][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2020][Subject: CN=*.imgix.com][Certificate SHA-1: C6:A8:D1:F3:16:08:C6:7F:9F:58:B9:3B:87:A6:A1:75:BC:67:F8:8D][Chrome][Validity: 2021-05-10 23:09:57 - 2022-06-11 23:09:56][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,14,0,0,0,0,0,14,0,0,0,0,0,0,0,14,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,42,0,0,0,0,0,0]
|
||||
3 TCP 192.168.1.128:42790 <-> 146.75.62.208:443 [proto: 91.61/TLS.Pluralsight][Stack: TLS.Pluralsight][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Streaming/17][Breed: Fun][3 pkts/816 bytes <-> 6 pkts/5407 bytes][Goodput ratio: 75/93][0.06 sec][Hostname/SNI: pluralsight.imgix.net][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.738 (Download)][IAT c2s/s2c min/avg/max/stddev: 18/0 23/8 28/22 5/10][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 272/901 583/1406 223/547][nDPI Fingerprint: f405dac8aa2f0b5ee1d6f28bd6582412][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.2][JA4: t13d1516h2_8daaf6152771_e5627efa2ab1][ServerNames: *.imgix.com,*.imgix.net,imgix.com,imgix.net][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2020][Subject: CN=*.imgix.com][Certificate SHA-1: C6:A8:D1:F3:16:08:C6:7F:9F:58:B9:3B:87:A6:A1:75:BC:67:F8:8D][Chrome][Validity: 2021-05-10 23:09:57 - 2022-06-11 23:09:56][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,14,0,0,0,0,0,14,0,0,0,0,0,0,0,14,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,42,0,0,0,0,0,0]
|
||||
4 TCP 192.168.1.128:42618 <-> 18.203.201.56:443 [proto: 91.61/TLS.Pluralsight][Stack: TLS.Pluralsight][IP: 461/AWS_EC2][Encrypted][Confidence: DPI][FPC: 461/AWS_EC2, Confidence: IP address][DPI packets: 6][cat: Streaming/17][Breed: Fun][3 pkts/849 bytes <-> 6 pkts/4806 bytes][Goodput ratio: 76/92][0.13 sec][Hostname/SNI: stt.pluralsight.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.700 (Download)][IAT c2s/s2c min/avg/max/stddev: 41/0 44/17 46/45 2/20][Pkt Len c2s/s2c min/avg/max/stddev: 74/73 283/801 583/1514 218/713][nDPI Fingerprint: f405dac8aa2f0b5ee1d6f28bd6582412][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.2][JA4: t13d1516h2_8daaf6152771_e5627efa2ab1][ServerNames: stt.pluralsight.com][JA3S: c4b2785a87896e19d37eee932070cb22][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=US, ST=California, L=San Jose, O=Adobe Systems Incorporated, CN=stt.pluralsight.com][Certificate SHA-1: C5:A3:DE:6D:71:B1:15:77:EC:86:38:E6:30:1C:F5:AC:18:9D:BE:82][Chrome][Validity: 2021-10-01 00:00:00 - 2022-10-01 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 14,14,0,14,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,42,0,0]
|
||||
5 TCP 192.168.1.128:44770 <-> 104.17.209.240:443 [proto: 91.61/TLS.Pluralsight][Stack: TLS.Pluralsight][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 220/Cloudflare, Confidence: IP address][DPI packets: 4][cat: Streaming/17][Breed: Fun][2 pkts/645 bytes <-> 2 pkts/1580 bytes][Goodput ratio: 80/92][0.04 sec][Hostname/SNI: zn6qzq6caaucudesr-pluralsight.siteintercept.qualtrics.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][nDPI Fingerprint: f405dac8aa2f0b5ee1d6f28bd6582412][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.3][JA4: t13d1516h2_8daaf6152771_e5627efa2ab1][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
|
||||
5 TCP 192.168.1.128:44770 <-> 104.17.209.240:443 [proto: 91/TLS][Stack: TLS][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 220/Cloudflare, Confidence: IP address][DPI packets: 4][cat: Advertisement/101][Breed: Tracker_Ads][2 pkts/645 bytes <-> 2 pkts/1580 bytes][Goodput ratio: 80/92][0.04 sec][Hostname/SNI: zn6qzq6caaucudesr-pluralsight.siteintercept.qualtrics.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][nDPI Fingerprint: f405dac8aa2f0b5ee1d6f28bd6582412][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.3][JA4: t13d1516h2_8daaf6152771_e5627efa2ab1][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
|
||||
6 TCP 192.168.1.128:48948 <-> 104.19.162.127:443 [proto: 91.61/TLS.Pluralsight][Stack: TLS.Pluralsight][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 220/Cloudflare, Confidence: IP address][DPI packets: 4][cat: Streaming/17][Breed: Fun][2 pkts/645 bytes <-> 2 pkts/1580 bytes][Goodput ratio: 80/92][0.05 sec][Hostname/SNI: www.pluralsight.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][nDPI Fingerprint: f405dac8aa2f0b5ee1d6f28bd6582412][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.3][JA4: t13d1516h2_8daaf6152771_e5627efa2ab1][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
|
||||
|
|
|
|||
|
|
@ -8,8 +8,8 @@ LRU cache stun: 0/0/0 (insert/search/found)
|
|||
LRU cache tls_cert: 0/0/0 (insert/search/found)
|
||||
LRU cache mining: 0/3/0 (insert/search/found)
|
||||
LRU cache msteams: 0/0/0 (insert/search/found)
|
||||
LRU cache fpc_dns: 3/3/0 (insert/search/found)
|
||||
Automa host: 68/11 (search/found)
|
||||
LRU cache fpc_dns: 4/3/0 (insert/search/found)
|
||||
Automa host: 66/13 (search/found)
|
||||
Automa domain: 39/0 (search/found)
|
||||
Automa tls cert: 0/0 (search/found)
|
||||
Automa risk mask: 2/2 (search/found)
|
||||
|
|
@ -23,7 +23,7 @@ Patricia protocols IPv6: 6/0 (search/found)
|
|||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 0/0 (search/found)
|
||||
Hash public domain suffix: 293/137 (search/found)
|
||||
Hash public domain suffix: 285/131 (search/found)
|
||||
Hash ja4 custom protos: 0/0 (search/found)
|
||||
Hash fp custom protos: 0/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
|
|
|||
|
|
@ -22,16 +22,18 @@ Patricia protocols IPv6: 0/0 (search/found)
|
|||
Hash malicious ja4: 6/0 (search/found)
|
||||
Hash malicious sha1: 4/0 (search/found)
|
||||
Hash TCP fingerprints: 6/6 (search/found)
|
||||
Hash public domain suffix: 155/115 (search/found)
|
||||
Hash public domain suffix: 140/106 (search/found)
|
||||
Hash ja4 custom protos: 6/0 (search/found)
|
||||
Hash fp custom protos: 6/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
TLS 44 29652 6
|
||||
|
||||
Safe 44 29652 6
|
||||
Safe 40 27427 5
|
||||
Tracker_Ads 4 2225 1
|
||||
|
||||
Web 44 29652 6
|
||||
Web 40 27427 5
|
||||
Advertisement 4 2225 1
|
||||
|
||||
JA Host Stats:
|
||||
IP Address # JA4C
|
||||
|
|
@ -42,5 +44,5 @@ JA Host Stats:
|
|||
2 TCP 192.168.1.128:42782 <-> 146.75.62.208:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][Breed: Safe][3 pkts/816 bytes <-> 6 pkts/5407 bytes][Goodput ratio: 75/93][0.05 sec][Hostname/SNI: pluralsight2.imgix.net][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.738 (Download)][IAT c2s/s2c min/avg/max/stddev: 15/0 17/7 19/19 2/9][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 272/901 583/1406 223/547][nDPI Fingerprint: f405dac8aa2f0b5ee1d6f28bd6582412][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.2][JA4: t13d1516h2_8daaf6152771_e5627efa2ab1][ServerNames: *.imgix.com,*.imgix.net,imgix.com,imgix.net][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2020][Subject: CN=*.imgix.com][Certificate SHA-1: C6:A8:D1:F3:16:08:C6:7F:9F:58:B9:3B:87:A6:A1:75:BC:67:F8:8D][Chrome][Validity: 2021-05-10 23:09:57 - 2022-06-11 23:09:56][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,14,0,0,0,0,0,14,0,0,0,0,0,0,0,14,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,42,0,0,0,0,0,0]
|
||||
3 TCP 192.168.1.128:42790 <-> 146.75.62.208:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][Breed: Safe][3 pkts/816 bytes <-> 6 pkts/5407 bytes][Goodput ratio: 75/93][0.06 sec][Hostname/SNI: pluralsight.imgix.net][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.738 (Download)][IAT c2s/s2c min/avg/max/stddev: 18/0 23/8 28/22 5/10][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 272/901 583/1406 223/547][nDPI Fingerprint: f405dac8aa2f0b5ee1d6f28bd6582412][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.2][JA4: t13d1516h2_8daaf6152771_e5627efa2ab1][ServerNames: *.imgix.com,*.imgix.net,imgix.com,imgix.net][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2020][Subject: CN=*.imgix.com][Certificate SHA-1: C6:A8:D1:F3:16:08:C6:7F:9F:58:B9:3B:87:A6:A1:75:BC:67:F8:8D][Chrome][Validity: 2021-05-10 23:09:57 - 2022-06-11 23:09:56][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,14,0,0,0,0,0,14,0,0,0,0,0,0,0,14,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,42,0,0,0,0,0,0]
|
||||
4 TCP 192.168.1.128:42618 <-> 18.203.201.56:443 [proto: 91/TLS][Stack: TLS][IP: 461/AWS_EC2][Encrypted][Confidence: DPI][FPC: 461/AWS_EC2, Confidence: IP address][DPI packets: 6][cat: Web/5][Breed: Safe][3 pkts/849 bytes <-> 6 pkts/4806 bytes][Goodput ratio: 76/92][0.13 sec][Hostname/SNI: stt.pluralsight.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.700 (Download)][IAT c2s/s2c min/avg/max/stddev: 41/0 44/17 46/45 2/20][Pkt Len c2s/s2c min/avg/max/stddev: 74/73 283/801 583/1514 218/713][nDPI Fingerprint: f405dac8aa2f0b5ee1d6f28bd6582412][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.2][JA4: t13d1516h2_8daaf6152771_e5627efa2ab1][ServerNames: stt.pluralsight.com][JA3S: c4b2785a87896e19d37eee932070cb22][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=US, ST=California, L=San Jose, O=Adobe Systems Incorporated, CN=stt.pluralsight.com][Certificate SHA-1: C5:A3:DE:6D:71:B1:15:77:EC:86:38:E6:30:1C:F5:AC:18:9D:BE:82][Chrome][Validity: 2021-10-01 00:00:00 - 2022-10-01 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 14,14,0,14,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,42,0,0]
|
||||
5 TCP 192.168.1.128:44770 <-> 104.17.209.240:443 [proto: 91/TLS][Stack: TLS][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 220/Cloudflare, Confidence: IP address][DPI packets: 4][cat: Web/5][Breed: Safe][2 pkts/645 bytes <-> 2 pkts/1580 bytes][Goodput ratio: 80/92][0.04 sec][Hostname/SNI: zn6qzq6caaucudesr-pluralsight.siteintercept.qualtrics.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][nDPI Fingerprint: f405dac8aa2f0b5ee1d6f28bd6582412][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.3][JA4: t13d1516h2_8daaf6152771_e5627efa2ab1][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
|
||||
5 TCP 192.168.1.128:44770 <-> 104.17.209.240:443 [proto: 91/TLS][Stack: TLS][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 220/Cloudflare, Confidence: IP address][DPI packets: 4][cat: Advertisement/101][Breed: Tracker_Ads][2 pkts/645 bytes <-> 2 pkts/1580 bytes][Goodput ratio: 80/92][0.04 sec][Hostname/SNI: zn6qzq6caaucudesr-pluralsight.siteintercept.qualtrics.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][nDPI Fingerprint: f405dac8aa2f0b5ee1d6f28bd6582412][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.3][JA4: t13d1516h2_8daaf6152771_e5627efa2ab1][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
|
||||
6 TCP 192.168.1.128:48948 <-> 104.19.162.127:443 [proto: 91/TLS][Stack: TLS][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 220/Cloudflare, Confidence: IP address][DPI packets: 4][cat: Web/5][Breed: Safe][2 pkts/645 bytes <-> 2 pkts/1580 bytes][Goodput ratio: 80/92][0.05 sec][Hostname/SNI: www.pluralsight.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][nDPI Fingerprint: f405dac8aa2f0b5ee1d6f28bd6582412][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.3][JA4: t13d1516h2_8daaf6152771_e5627efa2ab1][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
|
||||
|
|
|
|||
|
|
@ -45,7 +45,7 @@ cd ndpi
|
|||
#There are two workarounds:
|
||||
# * pcap stuff + --with-only-libndpi: for introspector builds. As reported in #8939, configure is not able to detect external libraries in introspector builds
|
||||
# * ADDITIONAL_* stuff: to be able run tests/unit/unit (via chronos/check_tests.sh) even with the previous workaround
|
||||
./autogen.sh && AR=llvm-ar RANLIB=llvm-ranlib LDFLAGS="-L/usr/local/lib -lpcap" ADDITIONAL_INCS="-I/usr/local/include/json-c/" ADDITIONAL_LIBS="-L/usr/local/lib -ljson-c" ./configure --disable-shared --enable-fuzztargets --enable-tls-sigs --with-only-libndpi
|
||||
./autogen.sh && AR=llvm-ar RANLIB=llvm-ranlib LDFLAGS="-L/usr/local/lib -lpcap" ADDITIONAL_INCS="-I/usr/local/include/json-c/" ADDITIONAL_LIBS="-L/usr/local/lib -ljson-c" ./configure --disable-shared --enable-fuzztargets --with-only-libndpi
|
||||
make -j$(nproc)
|
||||
# Copy fuzzers
|
||||
ls fuzz/fuzz* | grep -v "\." | while read -r i; do cp "$i" "$OUT"/; done
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ ORIGIN="https://techdocs.akamai.com/property-manager/pdfs/akamai_ipv4_CIDRs.txt"
|
|||
ORIGIN6="https://techdocs.akamai.com/property-manager/pdfs/akamai_ipv6_CIDRs.txt"
|
||||
|
||||
echo "(1) Downloading file... ${ORIGIN}"
|
||||
http_response=$(curl -s -o $LIST -w "%{http_code}" ${ORIGIN})
|
||||
http_response=$(curl -L -s -o $LIST -w "%{http_code}" ${ORIGIN})
|
||||
check_http_response "${http_response}"
|
||||
is_file_empty "${LIST}"
|
||||
./mergeipaddrlist.py "${LIST}" > "${LIST_MERGED}"
|
||||
|
|
@ -41,7 +41,7 @@ cat <<EOF >> "${LIST_MERGED}"
|
|||
184.84.0.0/14
|
||||
EOF
|
||||
|
||||
http_response=$(curl -s -o $LIST6 -w "%{http_code}" ${ORIGIN6})
|
||||
http_response=$(curl -L -s -o $LIST6 -w "%{http_code}" ${ORIGIN6})
|
||||
check_http_response "${http_response}"
|
||||
is_file_empty "${LIST6}"
|
||||
./mergeipaddrlist.py "${LIST6}" > "${LIST6_MERGED}"
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ ORIGIN=https://ip-ranges.amazonaws.com/ip-ranges.json
|
|||
|
||||
|
||||
echo "(1) Downloading file..."
|
||||
http_response=$(curl -s -o $TMP -w "%{http_code}" ${ORIGIN})
|
||||
http_response=$(curl -L -s -o $TMP -w "%{http_code}" ${ORIGIN})
|
||||
check_http_response "${http_response}"
|
||||
is_file_empty "${TMP}"
|
||||
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ LIST6_MERGED=/tmp/azure.list6_m
|
|||
LINK_ORIGIN="https://www.microsoft.com/en-us/download/details.aspx?id=56519"
|
||||
|
||||
echo "(1) Downloading file... ${LINK_ORIGIN}"
|
||||
http_response=$(curl -s -o ${LINK_TMP} -w "%{http_code}" "${LINK_ORIGIN}")
|
||||
http_response=$(curl -L -s -o ${LINK_TMP} -w "%{http_code}" "${LINK_ORIGIN}")
|
||||
check_http_response "${http_response}"
|
||||
is_file_empty "${LINK_TMP}"
|
||||
|
||||
|
|
@ -25,7 +25,7 @@ rm -f ${LINK_TMP}
|
|||
is_str_empty "${ORIGIN}" "${LINK_ORIGIN} does not contain the url format!"
|
||||
|
||||
echo "(2) Downloading file... ${ORIGIN}"
|
||||
http_response=$(curl -s -o $TMP -w "%{http_code}" "${ORIGIN}")
|
||||
http_response=$(curl -L -s -o $TMP -w "%{http_code}" "${ORIGIN}")
|
||||
check_http_response "${http_response}"
|
||||
is_file_empty "${TMP}"
|
||||
|
||||
|
|
|
|||
|
|
@ -9,5 +9,5 @@ cd "$(dirname "${0}")" || exit 1
|
|||
|
||||
# NOTE: JQ can be found at https://stedolan.github.io/jq/
|
||||
|
||||
RESULT="$(curl -s -H "Accept: application/json; indent=4" https://bitnodes.io/api/v1/snapshots/latest/ | jq -r '.nodes|keys[] as $k | "\($k)"' | grep -v onion | grep -v ']' | cut -d ':' -f 1)"
|
||||
RESULT="$(curl -L -s -H "Accept: application/json; indent=4" https://bitnodes.io/api/v1/snapshots/latest/ | jq -r '.nodes|keys[] as $k | "\($k)"' | grep -v onion | grep -v ']' | cut -d ':' -f 1)"
|
||||
is_str_empty "${RESULT}" "String empty, please review this script."
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ cd "$(dirname "${0}")" || exit 1
|
|||
. ./common.sh || exit 1
|
||||
|
||||
# NOTE: JQ can be found at https://stedolan.github.io/jq/
|
||||
CMD=(curl -s -H "Accept: application/json; indent=4" https://bitnodes.io/api/v1/snapshots/latest/)
|
||||
CMD=(curl -L -s -H "Accept: application/json; indent=4" https://bitnodes.io/api/v1/snapshots/latest/)
|
||||
|
||||
RESULT_V4="$("${CMD[@]}" | jq -r '.nodes|keys[] as $k | "\($k)"' | grep -v onion | grep -v ']' | cut -d ':' -f 1)"
|
||||
RESULT_V6="$("${CMD[@]}" | jq -r '.nodes|keys[] as $k | "\($k)"' | grep -v onion | grep ']' | cut -d '[' -f 2 | cut -d ']' -f 1)"
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@ ORIGIN='https://cachefly.cachefly.net/ips/cdn.txt'
|
|||
#TODO: ipv6. Is there any ipv6 list?
|
||||
|
||||
echo "(1) Downloading file..."
|
||||
http_response=$(curl -s -o "${LIST}" -w "%{http_code}" "${ORIGIN}")
|
||||
http_response=$(curl -L -s -o "${LIST}" -w "%{http_code}" "${ORIGIN}")
|
||||
check_http_response "${http_response}"
|
||||
is_file_empty "${LIST}"
|
||||
./mergeipaddrlist.py $LIST > $LIST_MERGED
|
||||
|
|
|
|||
|
|
@ -13,13 +13,13 @@ ORIGIN="https://www.cloudflare.com/ips-v4/"
|
|||
ORIGIN6="https://www.cloudflare.com/ips-v6/"
|
||||
|
||||
echo "(1) Downloading file... ${ORIGIN}"
|
||||
http_response=$(curl -s -o $LIST -w "%{http_code}" ${ORIGIN})
|
||||
http_response=$(curl -L -s -o $LIST -w "%{http_code}" ${ORIGIN})
|
||||
check_http_response "${http_response}"
|
||||
is_file_empty "${LIST}"
|
||||
./mergeipaddrlist.py "${LIST}" > "${LIST_MERGED}"
|
||||
is_file_empty "${LIST_MERGED}"
|
||||
|
||||
http_response=$(curl -s -o $LIST6 -w "%{http_code}" ${ORIGIN6})
|
||||
http_response=$(curl -L -s -o $LIST6 -w "%{http_code}" ${ORIGIN6})
|
||||
check_http_response "${http_response}"
|
||||
is_file_empty "${LIST6}"
|
||||
./mergeipaddrlist.py "${LIST6}" > "${LIST6_MERGED}"
|
||||
|
|
|
|||
|
|
@ -37,22 +37,22 @@ ORIGIN_CHATGPT_SEARCH="https://openai.com/searchbot.json"
|
|||
ORIGIN_CHATGPT="https://openai.com/gptbot.json"
|
||||
|
||||
echo "(1) Downloading file... ${ORIGIN1}"
|
||||
http_response=$(curl -s -o $TMP1 -w "%{http_code}" ${ORIGIN1})
|
||||
http_response=$(curl -L -s -o $TMP1 -w "%{http_code}" ${ORIGIN1})
|
||||
check_http_response "${http_response}"
|
||||
is_file_empty "${TMP1}"
|
||||
|
||||
echo "(1) Downloading file... ${ORIGIN2}"
|
||||
http_response=$(curl -s -o $TMP2 -w "%{http_code}" ${ORIGIN2})
|
||||
http_response=$(curl -L -s -o $TMP2 -w "%{http_code}" ${ORIGIN2})
|
||||
check_http_response "${http_response}"
|
||||
is_file_empty "${TMP2}"
|
||||
|
||||
echo "(1) Downloading file... ${ORIGIN3}"
|
||||
http_response=$(curl -s -o $TMP3 -w "%{http_code}" ${ORIGIN3})
|
||||
http_response=$(curl -L -s -o $TMP3 -w "%{http_code}" ${ORIGIN3})
|
||||
check_http_response "${http_response}"
|
||||
is_file_empty "${TMP3}"
|
||||
|
||||
echo "(1) Downloading file... ${ORIGIN_BING}"
|
||||
http_response=$(curl -s -o $TMP_BING -w "%{http_code}" ${ORIGIN_BING})
|
||||
http_response=$(curl -L -s -o $TMP_BING -w "%{http_code}" ${ORIGIN_BING})
|
||||
check_http_response "${http_response}"
|
||||
is_file_empty "${TMP_BING}"
|
||||
|
||||
|
|
@ -61,22 +61,22 @@ whois -h whois.radb.net -- '-i origin AS32934' | grep ^route > $TMP_FB
|
|||
is_file_empty "${TMP_FB}"
|
||||
|
||||
echo "(1) Downloading page... ${ORIGIN_TW}"
|
||||
http_response=$(curl -s -o $TMP_TW -w "%{http_code}" ${ORIGIN_TW})
|
||||
http_response=$(curl -L -s -o $TMP_TW -w "%{http_code}" ${ORIGIN_TW})
|
||||
check_http_response "${http_response}"
|
||||
is_file_empty "${TMP_TW}"
|
||||
|
||||
echo "(1) Downloading file... ${ORIGIN_CHATGPT_USER}"
|
||||
http_response=$(curl -s -o $TMP_CHATGPT_USER -w "%{http_code}" ${ORIGIN_CHATGPT_USER})
|
||||
http_response=$(curl -L -s -o $TMP_CHATGPT_USER -w "%{http_code}" ${ORIGIN_CHATGPT_USER})
|
||||
check_http_response "${http_response}"
|
||||
is_file_empty "${TMP_CHATGPT_USER}"
|
||||
|
||||
echo "(1) Downloading file... ${ORIGIN_CHATGPT_SEARCH}"
|
||||
http_response=$(curl -s -o $TMP_CHATGPT_SEARCH -w "%{http_code}" ${ORIGIN_CHATGPT_SEARCH})
|
||||
http_response=$(curl -L -s -o $TMP_CHATGPT_SEARCH -w "%{http_code}" ${ORIGIN_CHATGPT_SEARCH})
|
||||
check_http_response "${http_response}"
|
||||
is_file_empty "${TMP_CHATGPT_SEARCH}"
|
||||
|
||||
echo "(1) Downloading file... ${ORIGIN_CHATGPT}"
|
||||
http_response=$(curl -s -o $TMP_CHATGPT -w "%{http_code}" ${ORIGIN_CHATGPT})
|
||||
http_response=$(curl -L -s -o $TMP_CHATGPT -w "%{http_code}" ${ORIGIN_CHATGPT})
|
||||
check_http_response "${http_response}"
|
||||
is_file_empty "${TMP_CHATGPT}"
|
||||
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ LIST_MERGED=/tmp/digitalocean.list_m
|
|||
ORIGIN="https://www.digitalocean.com/geo/google.csv"
|
||||
|
||||
echo "(1) Downloading file... ${ORIGIN}"
|
||||
http_response=$(curl -s -o $LIST -w "%{http_code}" ${ORIGIN})
|
||||
http_response=$(curl -L -s -o $LIST -w "%{http_code}" ${ORIGIN})
|
||||
check_http_response "${http_response}"
|
||||
is_file_empty "${LIST}"
|
||||
grep -v ':' "${LIST}" | cut -f 1 -d ',' > ${LIST4}
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ ORIGIN="https://raw.githubusercontent.com/ethereum/go-ethereum/master/params/boo
|
|||
|
||||
|
||||
echo "(1) Downloading file... ${ORIGIN}"
|
||||
http_response=$(curl -s -o $TMP -w "%{http_code}" ${ORIGIN})
|
||||
http_response=$(curl -L -s -o $TMP -w "%{http_code}" ${ORIGIN})
|
||||
check_http_response "${http_response}"
|
||||
is_file_empty "${TMP}"
|
||||
|
||||
|
|
|
|||
|
|
@ -8,11 +8,11 @@ cd "$(dirname "${0}")" || exit 1
|
|||
LIST=../lists/107_gambling.list
|
||||
|
||||
printf '(1) %s\n' "Scraping Illegal Gambling Sites (Belgium)"
|
||||
DOMAINS="$(curl -s 'https://www.gamingcommission.be/en/gaming-commission/illegal-games-of-chance/list-of-illegal-gambling-sites' | sed -n 's/<td[^>]\+>\([a-zA-Z0-9]\+\.[\.a-zA-Z0-9]\+\)<\/td>/###\1###/gp' | grep -oE '###[^#]+###' | tr -d '#' || exit 1)"
|
||||
DOMAINS="$(curl -L -s 'https://www.gamingcommission.be/en/gaming-commission/illegal-games-of-chance/list-of-illegal-gambling-sites' | sed -n 's/<td[^>]\+>\([a-zA-Z0-9]\+\.[\.a-zA-Z0-9]\+\)<\/td>/###\1###/gp' | grep -oE '###[^#]+###' | tr -d '#' || exit 1)"
|
||||
is_str_empty "${DOMAINS}" "Please check gambling sites URL and sed REGEX."
|
||||
|
||||
printf '(2) %s\n' "Downloading Gambling Sites (Poland)"
|
||||
DOMAINS_PL="$(curl -s https://hazard.mf.gov.pl/api/Register)"
|
||||
DOMAINS_PL="$(curl -L -s https://hazard.mf.gov.pl/api/Register)"
|
||||
DOMAINS_PL="$(echo "${DOMAINS_PL}" | xmllint --xpath "/*[local-name(.)='Rejestr']/*[local-name(.)='PozycjaRejestru']/*[local-name(.)='AdresDomeny']/text()" - || true)"
|
||||
is_str_empty "${DOMAINS_PL}" "Please check gambling sites URL and XPath."
|
||||
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ fi
|
|||
LIST=/tmp/asn.json
|
||||
ORIGIN="https://stat.ripe.net/data/announced-prefixes/data.json?resource=$1"
|
||||
|
||||
http_response=$(curl -s -o "${LIST}" -w "%{http_code}" "${ORIGIN}")
|
||||
http_response=$(curl -L -s -o "${LIST}" -w "%{http_code}" "${ORIGIN}")
|
||||
if [ "$http_response" != "200" ]; then
|
||||
echo "Error $http_response: wrong ASN number/format?" >&2
|
||||
return
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ fi
|
|||
LIST=/tmp/asn.json
|
||||
ORIGIN="https://stat.ripe.net/data/announced-prefixes/data.json?resource=$1"
|
||||
|
||||
http_response=$(curl -s -o "${LIST}" -w "%{http_code}" "${ORIGIN}")
|
||||
http_response=$(curl -L -s -o "${LIST}" -w "%{http_code}" "${ORIGIN}")
|
||||
if [ "$http_response" != "200" ]; then
|
||||
echo "Error $http_response: service temporiarally not available?" >&2
|
||||
exit 1
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ ORIGIN="https://www.gstatic.com/ipranges/cloud.json"
|
|||
|
||||
|
||||
echo "(1) Downloading file... ${ORIGIN}"
|
||||
http_response=$(curl -s -o $TMP -w "%{http_code}" ${ORIGIN})
|
||||
http_response=$(curl -L -s -o $TMP -w "%{http_code}" ${ORIGIN})
|
||||
if [ "$http_response" != "200" ]; then
|
||||
echo "Error $http_response: you probably need to update the list url!"
|
||||
exit 1
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ ORIGIN="https://mask-api.icloud.com/egress-ip-ranges.csv"
|
|||
|
||||
|
||||
echo "(1) Downloading file... ${ORIGIN}"
|
||||
http_response=$(curl -s -o "$TMP" -w "%{http_code}" ${ORIGIN})
|
||||
http_response=$(curl -L -s -o "$TMP" -w "%{http_code}" ${ORIGIN})
|
||||
check_http_response "${http_response}"
|
||||
is_file_empty "${TMP}"
|
||||
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ ORIGIN="https://hole.cert.pl/domains/v2/domains.json"
|
|||
|
||||
|
||||
printf '(1) Downloading file... %s\n' "${ORIGIN}"
|
||||
http_response=$(curl -s -o ${TMP} -w "%{http_code}" ${ORIGIN})
|
||||
http_response=$(curl -L -s -o ${TMP} -w "%{http_code}" ${ORIGIN})
|
||||
check_http_response "${http_response}"
|
||||
is_file_empty "${TMP}"
|
||||
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ ORIGIN="https://endpoints.office.com/endpoints/worldwide?clientrequestid=b10c5ed
|
|||
|
||||
|
||||
echo "(1) Downloading file... ${ORIGIN}"
|
||||
http_response=$(curl -s -o $TMP -w "%{http_code}" "${ORIGIN}")
|
||||
http_response=$(curl -L -s -o $TMP -w "%{http_code}" "${ORIGIN}")
|
||||
check_http_response "${http_response}"
|
||||
is_file_empty "${TMP}"
|
||||
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ ORIGIN=https://api-www.mullvad.net/www/relays/all/
|
|||
|
||||
|
||||
echo "(1) Downloading file..."
|
||||
http_response=$(curl -s -o $TMP -w "%{http_code}" ${ORIGIN})
|
||||
http_response=$(curl -L -s -o $TMP -w "%{http_code}" ${ORIGIN})
|
||||
check_http_response "${http_response}"
|
||||
is_file_empty "${TMP}"
|
||||
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ ORIGIN=https://api.nordvpn.com/v1/servers?limit=16384
|
|||
#No ipv6 yet
|
||||
|
||||
echo "(1) Downloading file..."
|
||||
http_response=$(curl -s -o $TMP -w "%{http_code}" ${ORIGIN})
|
||||
http_response=$(curl -L -s -o $TMP -w "%{http_code}" ${ORIGIN})
|
||||
check_http_response "${http_response}"
|
||||
is_file_empty "${TMP}"
|
||||
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ cd "$(dirname "${0}")" || exit 1
|
|||
LIST=../lists/public_suffix_list.dat
|
||||
|
||||
printf '(1) %s\n' "Getting domain suffix list"
|
||||
DOMAINS="$(curl -s 'https://publicsuffix.org/list/public_suffix_list.dat')"
|
||||
DOMAINS="$(curl -L -s 'https://publicsuffix.org/list/public_suffix_list.dat')"
|
||||
is_str_empty "${DOMAINS}" "Please check the URL."
|
||||
|
||||
echo "${DOMAINS}" > ${LIST}
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ ORIGIN=https://api.surfshark.com/v4/server/clusters/all
|
|||
#No ipv6 support: https://support.surfshark.com/hc/en-us/articles/360011550239-Does-Surfshark-support-IPv6-Do-I-have-it-on-my-network
|
||||
|
||||
echo "(1) Downloading file..."
|
||||
http_response=$(curl -s -o $TMP -w "%{http_code}" ${ORIGIN})
|
||||
http_response=$(curl -L -s -o $TMP -w "%{http_code}" ${ORIGIN})
|
||||
check_http_response "${http_response}"
|
||||
is_file_empty "${TMP}"
|
||||
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ LIST6_MERGED_U=/tmp/tor.list_m6_u
|
|||
ORIGIN="https://raw.githubusercontent.com/alireza-rezaee/tor-nodes/refs/heads/main/latest.exits.csv"
|
||||
|
||||
echo "(1) Downloading file... ${ORIGIN}"
|
||||
http_response=$(curl -s -o $LIST -w "%{http_code}" ${ORIGIN})
|
||||
http_response=$(curl -L -s -o $LIST -w "%{http_code}" ${ORIGIN})
|
||||
check_http_response "${http_response}"
|
||||
is_file_empty "${LIST}"
|
||||
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ LIST6_MERGED_U=/tmp/tor.list_m6_u
|
|||
ORIGIN="https://raw.githubusercontent.com/alireza-rezaee/tor-nodes/refs/heads/main/latest.guards.csv"
|
||||
|
||||
echo "(1) Downloading file... ${ORIGIN}"
|
||||
http_response=$(curl -s -o $LIST -w "%{http_code}" ${ORIGIN})
|
||||
http_response=$(curl -L -s -o $LIST -w "%{http_code}" ${ORIGIN})
|
||||
check_http_response "${http_response}"
|
||||
is_file_empty "${LIST}"
|
||||
|
||||
|
|
|
|||
|
|
@ -12,11 +12,11 @@ IP_LINK_URL='https://developers.facebook.com/docs/whatsapp/guides/network-requir
|
|||
|
||||
|
||||
echo "(1) Scraping Facebook WhatsApp IP Adresses and Ranges..."
|
||||
ORIGIN="$(curl -H "Accept-Language: en" -s "${IP_LINK_URL}" | sed -ne 's/.*<a href="\([^"]*\)" target="_blank">WhatsApp server IP addresses and ranges (.zip file)<\/a>.*/\1/gp' | sed -e 's/\&/\&/g')"
|
||||
ORIGIN="$(curl -L -H "Accept-Language: en" -s "${IP_LINK_URL}" | sed -ne 's/.*<a href="\([^"]*\)" target="_blank">WhatsApp server IP addresses and ranges (.zip file)<\/a>.*/\1/gp' | sed -e 's/\&/\&/g')"
|
||||
is_str_empty "${ORIGIN}" "IP webpage list does not contain any addresses. A REGEX update may be required."
|
||||
|
||||
echo "(2) Downloading file... ${ORIGIN}"
|
||||
http_response=$(curl -s -o "${TMP}" -w "%{http_code}" "${ORIGIN}")
|
||||
http_response=$(curl -L -s -o "${TMP}" -w "%{http_code}" "${ORIGIN}")
|
||||
check_http_response "${http_response}"
|
||||
is_file_empty "${TMP}"
|
||||
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ ORIGIN="https://assets.zoom.us/docs/ipranges/Zoom.txt"
|
|||
|
||||
|
||||
echo "(1) Downloading file... ${ORIGIN}"
|
||||
http_response=$(curl -s -o "${LIST}" -w "%{http_code}" "${ORIGIN}")
|
||||
http_response=$(curl -L -s -o "${LIST}" -w "%{http_code}" "${ORIGIN}")
|
||||
check_http_response "${http_response}"
|
||||
is_file_empty "${LIST}"
|
||||
./mergeipaddrlist.py $LIST > $LIST_MERGED
|
||||
|
|
|
|||
|
|
@ -194,8 +194,6 @@ static inline u_int64_t get_u_int64_t(const u_int8_t* X, int O)
|
|||
|
||||
#define NDPI_MAX_NUM_TLS_APPL_BLOCKS 8
|
||||
|
||||
//#define TLS_HANDLE_SIGNATURE_ALGORITMS 1
|
||||
|
||||
#ifdef __APPLE__
|
||||
|
||||
#include <libkern/OSByteOrder.h>
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue