mirror of
https://github.com/vel21ripn/nDPI.git
synced 2026-05-19 07:54:24 +00:00
Vitaly Lavrov
commit
cee87ef833
391 changed files with 947 additions and 715 deletions
|
|
@ -571,9 +571,6 @@ static void configure_ndpi(struct ndpi_detection_module_struct *ndpi_struct) {
|
|||
}
|
||||
}
|
||||
|
||||
if(_protoFilePath != NULL)
|
||||
ndpi_load_protocols_file(ndpi_struct, _protoFilePath);
|
||||
|
||||
ndpi_set_config(ndpi_struct, NULL, "tcp_ack_payload_heuristic", "enable");
|
||||
|
||||
for(i = 0; i < num_cfgs; i++) {
|
||||
|
|
@ -586,6 +583,9 @@ static void configure_ndpi(struct ndpi_detection_module_struct *ndpi_struct) {
|
|||
}
|
||||
}
|
||||
|
||||
if(_protoFilePath != NULL)
|
||||
ndpi_load_protocols_file(ndpi_struct, _protoFilePath);
|
||||
|
||||
if(enable_doh_dot_detection)
|
||||
ndpi_set_config(ndpi_struct, "tls", "application_blocks_tracking", "enable");
|
||||
|
||||
|
|
@ -2653,7 +2653,8 @@ static void printFlow(u_int32_t id, struct ndpi_flow_info *flow, u_int16_t threa
|
|||
|
||||
if((flow->tls.num_blocks > 0) && (flow->tls.blocks != NULL)) {
|
||||
int i;
|
||||
|
||||
u_char *enc = ndpi_encode_tls_blocks(flow->tls.blocks, flow->tls.num_blocks);
|
||||
|
||||
fprintf(out, "[TLS blocks: ");
|
||||
|
||||
for(i=0; i<flow->tls.num_blocks; i++)
|
||||
|
|
@ -2661,7 +2662,9 @@ static void printFlow(u_int32_t id, struct ndpi_flow_info *flow, u_int16_t threa
|
|||
ndpi_print_encoded_tls_block_type(flow->tls.blocks[i].block_type, true),
|
||||
flow->tls.blocks[i].len);
|
||||
|
||||
fprintf(out, "]");
|
||||
fprintf(out, "][%s]", enc ? (char*)enc : "");
|
||||
|
||||
if(enc) ndpi_free(enc);
|
||||
}
|
||||
|
||||
if(flow->flow_payload && (flow->flow_payload_len > 0)) {
|
||||
|
|
@ -5932,12 +5935,11 @@ void automataDomainsUnitTest() {
|
|||
/* *********************************************** */
|
||||
|
||||
void blocksUnitTest() {
|
||||
struct ndpi_tls_block a[] = { { 4, 1, 0, 1590, 0}, { 5, 1, 0, -1212, 0}, { 1, 1, 0, -1, 0}, { 16, 1, 0, -42, 0}, { 16, 1, 0, -53, 0} };
|
||||
struct ndpi_tls_block b[] = { { 4, 1, 0, 1591, 0}, { 5, 1, 0, -1212, 0}, { 1, 1, 0, -1, 0}, { 16, 1, 0, -42, 0}, { 16, 1, 0, -53, 0} };
|
||||
float multiplier[] = { 100, 100, 80, 40, 20};
|
||||
float ret = ndpi_tls_blocks_len_compare(a, b, multiplier, sizeof(multiplier) / sizeof(float));
|
||||
struct ndpi_tls_block a[] = { { 4, 1590, 0, 1, 0}, { 5, -1212, 0, 1, 0}, { 1, -1, 0, 1, 0}, { 16, -42, 0, 1, 0}, { 16, -53, 0, 1, 0} };
|
||||
struct ndpi_tls_block b[] = { { 4, 1590, 0, 1, 0}, { 5, -1212, 0, 1, 0}, { 1, -1, 0, 1, 0}, { 16, -42, 0, 1, 0}, { 16, -52, 0, 1, 0} };
|
||||
float ret = ndpi_tls_blocks_len_compare(a, b, 5 /* num_blocks */);
|
||||
|
||||
assert(ret == 20.0);
|
||||
assert(ret == 1.0);
|
||||
}
|
||||
|
||||
/* *********************************************** */
|
||||
|
|
@ -6123,7 +6125,7 @@ void hashUnitTest() {
|
|||
u_int8_t l = strlen(dict[i]);
|
||||
u_int64_t v;
|
||||
|
||||
assert(ndpi_hash_add_entry(&h, dict[i], l, i) == 0);
|
||||
assert(ndpi_hash_add_entry(&h, dict[i], l, i, NULL) == 0);
|
||||
assert(ndpi_hash_find_entry(h, dict[i], l, &v) == 0);
|
||||
assert(v == i);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
|
|||
data_len = fuzzed_data.ConsumeIntegralInRange(0, 127);
|
||||
std::vector<char>data = fuzzed_data.ConsumeBytes<char>(data_len);
|
||||
|
||||
rc = ndpi_hash_add_entry(&h, data.data(), data.size(), i);
|
||||
rc = ndpi_hash_add_entry(&h, data.data(), data.size(), i, NULL);
|
||||
/* Keep one random entry really added */
|
||||
if (rc == 0 && fuzzed_data.ConsumeBool()) {
|
||||
value_added = data;
|
||||
|
|
|
|||
|
|
@ -1161,13 +1161,16 @@ extern "C" {
|
|||
|
||||
char *ndpi_stack2str(struct ndpi_detection_module_struct *ndpi_str,
|
||||
struct ndpi_proto_stack *stack, char *buf, u_int buf_len);
|
||||
ndpi_tls_block_type ndpi_encode_tls_block_type(u_int8_t block_type, u_int8_t handshake_type);
|
||||
ndpi_tls_block_type ndpi_encode_tls_block_type(u_int8_t block_type, u_int8_t handshake_type);
|
||||
const char* ndpi_print_encoded_tls_block_type(ndpi_tls_block_type block_type, bool numeric_mode);
|
||||
|
||||
u_char* ndpi_encode_tls_blocks(struct ndpi_tls_block *tls_blocks, u_int8_t num_tls_blocks);
|
||||
struct ndpi_tls_block* ndpi_decode_tls_blocks(const u_char *encoded_blocks, u_int encoded_blocks_len,
|
||||
u_int8_t *num_tls_blocks);
|
||||
|
||||
u_int64_t ndpi_compare_flow_tls_blocks(struct ndpi_detection_module_struct *ndpi_str,
|
||||
struct ndpi_flow_struct *flow,
|
||||
ndpi_list *extra_data, u_int64_t proto_id);
|
||||
|
||||
ndpi_proto_defaults_t* ndpi_get_proto_defaults(struct ndpi_detection_module_struct *ndpi_mod);
|
||||
u_int ndpi_get_ndpi_detection_module_size(void);
|
||||
|
||||
|
|
@ -2252,7 +2255,11 @@ extern "C" {
|
|||
* @return 0 if an entry with that key was found, 1 otherwise
|
||||
*
|
||||
*/
|
||||
int ndpi_hash_find_entry(ndpi_str_hash *h, const char *key, u_int key_len, u_int64_t *value);
|
||||
int ndpi_hash_find_entry(ndpi_str_hash *h, const char *key, u_int key_len,
|
||||
u_int64_t *value /* out */);
|
||||
int ndpi_hash_find_entry_extra(ndpi_str_hash *h, const char *key, u_int key_len,
|
||||
u_int64_t *value /* out */,
|
||||
ndpi_list **extra_data /* out */);
|
||||
|
||||
/**
|
||||
* Add an entry to the hashmap.
|
||||
|
|
@ -2265,7 +2272,8 @@ extern "C" {
|
|||
* @return 0 if the entry was added, 1 otherwise
|
||||
*
|
||||
*/
|
||||
int ndpi_hash_add_entry(ndpi_str_hash **h, char *key, u_int8_t key_len, u_int64_t value);
|
||||
int ndpi_hash_add_entry(ndpi_str_hash **h, char *key, u_int8_t key_len, u_int64_t value,
|
||||
char *extra_data /* Allocated by caller */);
|
||||
|
||||
typedef void (*ndpi_hash_walk_iter)(char *key, u_int64_t value64, void *data);
|
||||
void ndpi_hash_walk(ndpi_str_hash **h, ndpi_hash_walk_iter cb, void *data);
|
||||
|
|
@ -2277,11 +2285,18 @@ extern "C" {
|
|||
|
||||
/* ******************************* */
|
||||
|
||||
#ifndef __KERNEL__
|
||||
|
||||
char* ndpi_get_flow_name(struct ndpi_flow_struct *flow);
|
||||
|
||||
/* ******************************* */
|
||||
|
||||
#ifndef __KERNEL__
|
||||
void ndpi_list_init(ndpi_list *l);
|
||||
void ndpi_list_free(ndpi_list *l);
|
||||
bool ndpi_list_append(ndpi_list *l, void *value);
|
||||
|
||||
/* ******************************* */
|
||||
|
||||
int ndpi_load_geoip(struct ndpi_detection_module_struct *ndpi_str,
|
||||
const char *ip_city_data, const char *ip_as_data);
|
||||
void ndpi_free_geoip(struct ndpi_detection_module_struct *ndpi_str);
|
||||
|
|
@ -2743,7 +2758,6 @@ extern "C" {
|
|||
#ifndef __KERNEL__
|
||||
float ndpi_tls_blocks_len_compare(struct ndpi_tls_block *a,
|
||||
struct ndpi_tls_block *b,
|
||||
float *multiplier,
|
||||
u_int8_t num_tls_blocks);
|
||||
#endif
|
||||
#ifdef __cplusplus
|
||||
|
|
|
|||
|
|
@ -147,11 +147,6 @@ struct ndpi_packet_struct {
|
|||
packet_direction:1, empty_line_position_set:1, http_check_content:1, pad:4;
|
||||
};
|
||||
|
||||
typedef struct ndpi_list_struct {
|
||||
char *value;
|
||||
struct ndpi_list_struct *next;
|
||||
} ndpi_list;
|
||||
|
||||
#ifdef HAVE_NBPF
|
||||
typedef struct {
|
||||
void *tree; /* cast to nbpf_filter* */
|
||||
|
|
|
|||
|
|
@ -937,9 +937,10 @@ typedef enum {
|
|||
PACK_ON
|
||||
struct ndpi_tls_block {
|
||||
u_int8_t block_type /* ndpi_tls_block_type */;
|
||||
u_int8_t same_pkt:1, _unused:7;
|
||||
int16_t len; /* + = src->dst, - = dst->src */
|
||||
u_int16_t msec_delta;
|
||||
/* Optional, leave it at the end */
|
||||
u_int8_t same_pkt:1, _unused:7;
|
||||
u_int16_t msec_delta; /* Used to store protocol_id in ja4 hash */
|
||||
} PACK_OFF;
|
||||
|
||||
struct ndpi_flow_tcp_struct {
|
||||
|
|
@ -1390,6 +1391,11 @@ typedef struct _ndpi_automa {
|
|||
struct ndpi_automa_stats stats;
|
||||
} ndpi_automa;
|
||||
|
||||
typedef struct ndpi_list_struct {
|
||||
char *value;
|
||||
struct ndpi_list_struct *next;
|
||||
} ndpi_list;
|
||||
|
||||
typedef struct ndpi_str_hash {
|
||||
void *priv;
|
||||
struct ndpi_str_hash_stats stats;
|
||||
|
|
|
|||
|
|
@ -1007,7 +1007,7 @@ static AC_ERROR_t ac_walk_proto_id(AC_AUTOMATA_t *thiz, AC_NODE_t *n, int idx, v
|
|||
for(i=0; i<n->matched_patterns->num; i++) {
|
||||
AC_PATTERN_t *p = &n->matched_patterns->patterns[i];
|
||||
|
||||
ndpi_hash_add_entry(&h, p->astring, strlen(p->astring), p->rep.number);
|
||||
ndpi_hash_add_entry(&h, p->astring, strlen(p->astring), p->rep.number, NULL);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -1028,7 +1028,7 @@ static AC_ERROR_t ac_walk_category_id(AC_AUTOMATA_t *thiz, AC_NODE_t *n, int idx
|
|||
for(i=0; i<n->matched_patterns->num; i++) {
|
||||
AC_PATTERN_t *p = &n->matched_patterns->patterns[i];
|
||||
|
||||
ndpi_hash_add_entry(&h, p->astring, strlen(p->astring), p->rep.category);
|
||||
ndpi_hash_add_entry(&h, p->astring, strlen(p->astring), p->rep.category, NULL);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -93,11 +93,11 @@ bool ndpi_domain_classify_add(struct ndpi_detection_module_struct *ndpi_str,
|
|||
if(ndpi_str) {
|
||||
out_len = ndpi_encode_domain(ndpi_str, domain, out, sizeof(out));
|
||||
|
||||
ndpi_hash_add_entry(&s->domains, out, out_len, class_id);
|
||||
ndpi_hash_add_entry(&s->domains, out, out_len, class_id, NULL);
|
||||
} else
|
||||
ndpi_hash_add_entry(&s->domains, domain, strlen(domain), class_id);
|
||||
ndpi_hash_add_entry(&s->domains, domain, strlen(domain), class_id, NULL);
|
||||
#else
|
||||
ndpi_hash_add_entry(&s->domains, domain, strlen(domain), class_id);
|
||||
ndpi_hash_add_entry(&s->domains, domain, strlen(domain), class_id, NULL);
|
||||
#endif
|
||||
|
||||
return(true);
|
||||
|
|
|
|||
|
|
@ -69,7 +69,7 @@ int ndpi_load_domain_suffixes(struct ndpi_detection_module_struct *ndpi_str,
|
|||
line[len--] = '\0';
|
||||
|
||||
if(ndpi_hash_add_entry(&ndpi_str->public_domain_suffixes,
|
||||
&line[offset], strlen(&line[offset]), domain_id) != 0) {
|
||||
&line[offset], strlen(&line[offset]), domain_id, NULL) != 0) {
|
||||
|
||||
NDPI_LOG_ERR(ndpi_str, "Error while processing domain %s\n", &line[offset]);
|
||||
} else
|
||||
|
|
|
|||
|
|
@ -91,7 +91,7 @@ int ndpi_add_tcp_fingerprint(struct ndpi_detection_module_struct *ndpi_str,
|
|||
return(-1);
|
||||
} else {
|
||||
if(ndpi_hash_add_entry(&ndpi_str->tcp_fingerprint_hashmap, fingerprint, len,
|
||||
(u_int64_t)os) == 0) {
|
||||
(u_int64_t)os, NULL) == 0) {
|
||||
return(0);
|
||||
} else
|
||||
return(-2);
|
||||
|
|
@ -210,6 +210,42 @@ static char* ndpi_compute_tls_blocks_flow_fingerprint(struct ndpi_flow_struct *f
|
|||
|
||||
/* **************************************** */
|
||||
|
||||
u_int64_t ndpi_compare_flow_tls_blocks(struct ndpi_detection_module_struct *ndpi_str,
|
||||
struct ndpi_flow_struct *flow,
|
||||
ndpi_list *extra_data,
|
||||
u_int64_t proto_id) {
|
||||
if((flow->l4_proto == IPPROTO_TCP)
|
||||
&& (flow->l4.tcp.tls.num_tls_blocks == ndpi_str->cfg.tls_max_num_blocks_to_analyze)
|
||||
&& (ndpi_str->cfg.tls_max_num_blocks_to_analyze <= 8 /* (&) */)
|
||||
&& (flow->l4.tcp.tls.tls_blocks != NULL)) {
|
||||
float best_res = 9999999.;
|
||||
|
||||
while(extra_data != NULL) {
|
||||
/* Multiple matches: let's find the best match (if any) */
|
||||
struct ndpi_tls_block *tls_blocks = (struct ndpi_tls_block*)extra_data->value;
|
||||
|
||||
if(tls_blocks != NULL) {
|
||||
float res = ndpi_tls_blocks_len_compare(flow->l4.tcp.tls.tls_blocks, tls_blocks, 8 /* (&) */);
|
||||
|
||||
|
||||
if((res < 4) && (res < best_res)) {
|
||||
best_res = res;
|
||||
proto_id = tls_blocks->msec_delta; /* It stores the protocolId. See (*%*) in ndpi_main.c */
|
||||
|
||||
if(res == 0) /* identical TLS blocks */
|
||||
break; /* No match better than this ! */
|
||||
}
|
||||
}
|
||||
|
||||
extra_data = extra_data->next;
|
||||
}
|
||||
}
|
||||
|
||||
return(proto_id);
|
||||
}
|
||||
|
||||
/* **************************************** */
|
||||
|
||||
char* ndpi_compute_ndpi_flow_fingerprint(struct ndpi_detection_module_struct *ndpi_str,
|
||||
struct ndpi_flow_struct *flow) {
|
||||
if(ndpi_str->cfg.ndpi_fingerprint_enabled &&
|
||||
|
|
@ -253,7 +289,8 @@ char* ndpi_compute_ndpi_flow_fingerprint(struct ndpi_detection_module_struct *nd
|
|||
}
|
||||
}
|
||||
|
||||
s = snprintf((char*)fp_buf, sizeof(fp_buf)-1, "%s-%s%s-%s", l4_fp, l7_pf, l7_pf_tls_blocks, l7_pf_server);
|
||||
s = snprintf((char*)fp_buf, sizeof(fp_buf)-1, "%s-%s%s-%s",
|
||||
l4_fp, l7_pf, l7_pf_tls_blocks, l7_pf_server);
|
||||
|
||||
if(ndpi_str->cfg.tls_ndpifp_ignore_sni_extension)
|
||||
fp_buf[strlen(l4_fp)+4] = '_';
|
||||
|
|
@ -277,20 +314,26 @@ char* ndpi_compute_ndpi_flow_fingerprint(struct ndpi_detection_module_struct *nd
|
|||
|
||||
flow->ndpi.fingerprint = ndpi_strdup((char*)fp_buf);
|
||||
|
||||
if(flow->ndpi.fingerprint != NULL &&
|
||||
ndpi_str->ndpifp_custom_protos != NULL) {
|
||||
if((flow->ndpi.fingerprint != NULL)
|
||||
&& (ndpi_str->ndpifp_custom_protos != NULL)) {
|
||||
u_int64_t proto_id;
|
||||
|
||||
ndpi_list *extra_data = NULL;
|
||||
|
||||
/* This protocol has been defined in protos.txt-like files */
|
||||
if(ndpi_hash_find_entry(ndpi_str->ndpifp_custom_protos,
|
||||
flow->ndpi.fingerprint, strlen(flow->ndpi.fingerprint),
|
||||
&proto_id) == 0) {
|
||||
ndpi_set_detected_protocol(ndpi_str, flow, proto_id,
|
||||
ndpi_get_master_proto(ndpi_str, flow),
|
||||
NDPI_CONFIDENCE_CUSTOM_RULE);
|
||||
if(ndpi_hash_find_entry_extra(ndpi_str->ndpifp_custom_protos,
|
||||
flow->ndpi.fingerprint, strlen(flow->ndpi.fingerprint),
|
||||
&proto_id, &extra_data) == 0) {
|
||||
|
||||
flow->category = ndpi_str->proto_defaults[proto_id].protoCategory,
|
||||
flow->breed = ndpi_str->proto_defaults[proto_id].protoBreed;
|
||||
proto_id = ndpi_compare_flow_tls_blocks(ndpi_str, flow, extra_data, proto_id);
|
||||
|
||||
if(proto_id != NDPI_PROTOCOL_UNKNOWN) {
|
||||
ndpi_set_detected_protocol(ndpi_str, flow, proto_id,
|
||||
ndpi_get_master_proto(ndpi_str, flow),
|
||||
NDPI_CONFIDENCE_CUSTOM_RULE);
|
||||
|
||||
flow->category = ndpi_str->proto_defaults[proto_id].protoCategory,
|
||||
flow->breed = ndpi_str->proto_defaults[proto_id].protoBreed;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -397,7 +397,7 @@ void ndpi_add_user_proto_id_mapping(struct ndpi_detection_module_struct *ndpi_st
|
|||
}
|
||||
|
||||
/* Note that this mean we need to register *all* the internal protocols before adding
|
||||
*any* custom protocols... */
|
||||
*any* custom protocols... */
|
||||
idx = ndpi_proto_id - ndpi_str->num_internal_protocols;
|
||||
|
||||
if(idx >= ndpi_str->ndpi_to_user_proto_id_num_allocated) {
|
||||
|
|
@ -477,9 +477,9 @@ u_int16_t ndpi_map_ndpi_id_to_user_proto_id(struct ndpi_detection_module_struct
|
|||
/* ************************************************************************************* */
|
||||
|
||||
ndpi_port_range *ndpi_build_default_ports_range(ndpi_port_range *ports, u_int16_t portA_low, u_int16_t portA_high,
|
||||
u_int16_t portB_low, u_int16_t portB_high, u_int16_t portC_low,
|
||||
u_int16_t portC_high, u_int16_t portD_low, u_int16_t portD_high,
|
||||
u_int16_t portE_low, u_int16_t portE_high) {
|
||||
u_int16_t portB_low, u_int16_t portB_high, u_int16_t portC_low,
|
||||
u_int16_t portC_high, u_int16_t portD_low, u_int16_t portD_high,
|
||||
u_int16_t portE_low, u_int16_t portE_high) {
|
||||
int i = 0;
|
||||
|
||||
ports[i].port_low = portA_low, ports[i].port_high = portA_high, ports[i].is_custom = 0;
|
||||
|
|
@ -553,7 +553,7 @@ int is_flow_addr_informative(const struct ndpi_flow_struct *flow)
|
|||
case NDPI_PROTOCOL_AMAZON_AWS:
|
||||
case NDPI_PROTOCOL_AWS_CLOUDFRONT:
|
||||
case NDPI_PROTOCOL_AWS_EC2:
|
||||
/* TODO: do we need to add the other NDPI_PROTOCOL_AWS_* ? */
|
||||
/* TODO: do we need to add the other NDPI_PROTOCOL_AWS_* ? */
|
||||
case NDPI_PROTOCOL_MICROSOFT_AZURE:
|
||||
case NDPI_PROTOCOL_CACHEFLY:
|
||||
case NDPI_PROTOCOL_CLOUDFLARE:
|
||||
|
|
@ -702,14 +702,14 @@ static void load_default_ports(struct ndpi_detection_module_struct *ndpi_str)
|
|||
/* ********************************************************************************** */
|
||||
|
||||
int ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_str,
|
||||
u_int8_t is_cleartext, u_int8_t is_app_protocol,
|
||||
ndpi_protocol_breed_t breed,
|
||||
u_int16_t protoId, char *protoName,
|
||||
ndpi_protocol_category_t protoCategory,
|
||||
ndpi_protocol_qoe_category_t qoeCategory,
|
||||
ndpi_port_range *tcpDefPorts,
|
||||
ndpi_port_range *udpDefPorts,
|
||||
u_int8_t is_custom_protocol) {
|
||||
u_int8_t is_cleartext, u_int8_t is_app_protocol,
|
||||
ndpi_protocol_breed_t breed,
|
||||
u_int16_t protoId, char *protoName,
|
||||
ndpi_protocol_category_t protoCategory,
|
||||
ndpi_protocol_qoe_category_t qoeCategory,
|
||||
ndpi_port_range *tcpDefPorts,
|
||||
ndpi_port_range *udpDefPorts,
|
||||
u_int8_t is_custom_protocol) {
|
||||
int j;
|
||||
|
||||
/* There is no real limit on protocols number/id; the hard limit being the u_int16_t
|
||||
|
|
@ -986,7 +986,7 @@ static int ndpi_add_host_url_subprotocol(struct ndpi_detection_module_struct *nd
|
|||
#endif
|
||||
|
||||
return string_to_automa((AC_AUTOMATA_t *)ndpi_str->host_automa.ac_automa,
|
||||
value, protocol_id, category, breed, level, 1);
|
||||
value, protocol_id, category, breed, level, 1);
|
||||
|
||||
}
|
||||
|
||||
|
|
@ -3386,7 +3386,7 @@ u_int8_t ndpi_is_public_ipv4(u_int32_t a /* host byte order */) {
|
|||
|| ((a & 0xFFFF0000) == 0xC0A80000 /* 192.168.0.0/16 */)
|
||||
|| ((a & 0xFF000000) == 0x7F000000 /* 127.0.0.0/8 */)
|
||||
|| ((a & 0xF0000000) == 0xE0000000 /* 224.0.0.0/4 */)
|
||||
)
|
||||
)
|
||||
return(0);
|
||||
else
|
||||
return(1);
|
||||
|
|
@ -3749,38 +3749,96 @@ static void ndpi_init_ptree_ipv6(struct ndpi_detection_module_struct *ndpi_str,
|
|||
|
||||
static int ndpi_add_ja4_subprotocol(struct ndpi_detection_module_struct *ndpi_str,
|
||||
char *ja4, u_int16_t protocol_id) {
|
||||
int ja4_len = strlen(ja4);
|
||||
const u_int ja4_str_len = 36; /* size of JA4C */
|
||||
u_int ja4_len = strlen(ja4);
|
||||
struct ndpi_tls_block *blocks = NULL;
|
||||
u_int8_t num_tls_blocks;
|
||||
|
||||
if(ja4_len != 36 /* size of JA4C */) {
|
||||
if(ja4_len == ja4_str_len) {
|
||||
/* JA4 */
|
||||
ja4_len = ja4_str_len;
|
||||
} else if(ja4_len > ja4_str_len) {
|
||||
/* JA4 with blocks */
|
||||
if(ndpi_str->cfg.tls_max_num_blocks_to_analyze > 0) {
|
||||
blocks = ndpi_decode_tls_blocks((const u_char*)&ja4[ja4_str_len+1 /* Skip divider */],
|
||||
ja4_len - ja4_str_len - 1, &num_tls_blocks);
|
||||
|
||||
if(blocks != NULL) {
|
||||
if(num_tls_blocks < ndpi_str->cfg.tls_max_num_blocks_to_analyze) {
|
||||
/* Invalid blocks lenght (too short): discarding it */
|
||||
ndpi_free(blocks);
|
||||
blocks = NULL;
|
||||
} else {
|
||||
/* We jeopardize the msec_delta field to store the protocol_id (*%*) */
|
||||
blocks[0].msec_delta = protocol_id;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
NDPI_LOG_ERR(ndpi_str, "JA4C with TLS blocks when TLS blocks are disabled [%s]\n", ja4);
|
||||
return(-1);
|
||||
}
|
||||
|
||||
ja4_len = ja4_str_len;
|
||||
} else {
|
||||
NDPI_LOG_ERR(ndpi_str, "Not a JA4C: [%s]\n", ja4);
|
||||
return(-1);
|
||||
return(-2);
|
||||
}
|
||||
|
||||
if(ndpi_str->ja4_custom_protos == NULL) {
|
||||
if(ndpi_hash_init(&ndpi_str->ja4_custom_protos) != 0)
|
||||
return(-2);
|
||||
return(-3);
|
||||
}
|
||||
|
||||
return(ndpi_hash_add_entry(&ndpi_str->ja4_custom_protos, ja4, ja4_len, protocol_id));
|
||||
return(ndpi_hash_add_entry(&ndpi_str->ja4_custom_protos,
|
||||
ja4, ja4_len, protocol_id, (void*)blocks));
|
||||
}
|
||||
|
||||
/* ******************************************* */
|
||||
|
||||
static int ndpi_add_ndpifp_subprotocol(struct ndpi_detection_module_struct *ndpi_str,
|
||||
char *ndpifp, u_int16_t protocol_id) {
|
||||
int ndpifp_len = strlen(ndpifp);
|
||||
const u_int ndpifp_str_len = 32; /* size of ndpifp */
|
||||
u_int ndpifp_len = strlen(ndpifp);
|
||||
struct ndpi_tls_block *blocks = NULL;
|
||||
u_int8_t num_tls_blocks;
|
||||
|
||||
if(ndpifp_len != 32 /* size of nDPI FP */) {
|
||||
NDPI_LOG_ERR(ndpi_str, "Not a NDPIFPC: [%s]\n", ndpifp);
|
||||
return(-1);
|
||||
if(ndpifp_len == ndpifp_str_len) {
|
||||
/* ndpifp */
|
||||
ndpifp_len = ndpifp_str_len;
|
||||
} else if(ndpifp_len > ndpifp_str_len) {
|
||||
/* ndpifp with blocks */
|
||||
if(ndpi_str->cfg.tls_max_num_blocks_to_analyze > 0) {
|
||||
blocks = ndpi_decode_tls_blocks((const u_char*)&ndpifp[ndpifp_str_len+1 /* Skip divider */],
|
||||
ndpifp_len - ndpifp_str_len - 1, &num_tls_blocks);
|
||||
|
||||
if(blocks != NULL) {
|
||||
if(num_tls_blocks < ndpi_str->cfg.tls_max_num_blocks_to_analyze) {
|
||||
/* Invalid blocks lenght (too short): discarding it */
|
||||
ndpi_free(blocks);
|
||||
blocks = NULL;
|
||||
} else {
|
||||
/* We jeopardize the msec_delta field to store the protocol_id (*%*) */
|
||||
blocks[0].msec_delta = protocol_id;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
NDPI_LOG_ERR(ndpi_str, "ndpifp with TLS blocks when TLS blocks are disabled [%s]\n", ndpifp);
|
||||
return(-1);
|
||||
}
|
||||
|
||||
ndpifp_len = ndpifp_str_len;
|
||||
} else {
|
||||
NDPI_LOG_ERR(ndpi_str, "Not a ndpifp: [%s]\n", ndpifp);
|
||||
return(-2);
|
||||
}
|
||||
|
||||
if(ndpi_str->ndpifp_custom_protos == NULL) {
|
||||
if(ndpi_hash_init(&ndpi_str->ndpifp_custom_protos) != 0)
|
||||
return(-2);
|
||||
return(-3);
|
||||
}
|
||||
|
||||
return(ndpi_hash_add_entry(&ndpi_str->ndpifp_custom_protos, ndpifp, ndpifp_len, protocol_id));
|
||||
return(ndpi_hash_add_entry(&ndpi_str->ndpifp_custom_protos,
|
||||
ndpifp, ndpifp_len, protocol_id, (void*)blocks));
|
||||
}
|
||||
|
||||
/* ******************************************* */
|
||||
|
|
@ -3798,7 +3856,7 @@ static int ndpi_add_http_url_subprotocol(struct ndpi_detection_module_struct *nd
|
|||
|
||||
id = (u_int64_t)(breed & 0xFFFF) << 32 | (category & 0xFFFF) << 16 | (protocol_id & 0xFFFF);
|
||||
|
||||
return(ndpi_hash_add_entry(&ndpi_str->http_url_hashmap, url, url_len, id));
|
||||
return(ndpi_hash_add_entry(&ndpi_str->http_url_hashmap, url, url_len, id, NULL));
|
||||
}
|
||||
|
||||
/* ******************************************* */
|
||||
|
|
@ -6636,7 +6694,7 @@ int load_malicious_ja4_file_fd(struct ndpi_detection_module_struct *ndpi_str, FI
|
|||
continue;
|
||||
}
|
||||
|
||||
if(ndpi_hash_add_entry(&ndpi_str->malicious_ja4_hashmap, line, len, 0) == 0)
|
||||
if(ndpi_hash_add_entry(&ndpi_str->malicious_ja4_hashmap, line, len, 0, NULL) == 0)
|
||||
num++;
|
||||
}
|
||||
|
||||
|
|
@ -6714,7 +6772,7 @@ int load_malicious_sha1_file_fd(struct ndpi_detection_module_struct *ndpi_str, F
|
|||
first_comma[i] = toupper(first_comma[i]);
|
||||
|
||||
if(ndpi_hash_add_entry(&ndpi_str->malicious_sha1_hashmap, first_comma,
|
||||
second_comma - first_comma, 0) == 0)
|
||||
second_comma - first_comma, 0, NULL) == 0)
|
||||
num++;
|
||||
}
|
||||
|
||||
|
|
@ -9564,7 +9622,7 @@ static void internal_giveup(struct ndpi_detection_module_struct *ndpi_struct,
|
|||
struct ndpi_flow_struct *flow) {
|
||||
|
||||
if(flow->already_gaveup) {
|
||||
NDPI_LOG_ERR(ndpi_struct, "Already called!\n"); /* We shoudn't be here ...*/
|
||||
NDPI_LOG_ERR(ndpi_struct, "%s() - Already called!\n", __FUNCTION__); /* We shoudn't be here ...*/
|
||||
return;
|
||||
}
|
||||
flow->already_gaveup = 1;
|
||||
|
|
@ -9598,8 +9656,8 @@ static void internal_giveup(struct ndpi_detection_module_struct *ndpi_struct,
|
|||
check_probing_attempt(ndpi_struct, flow);
|
||||
}
|
||||
|
||||
if(flow->confidence != NDPI_CONFIDENCE_MATCH_BY_PORT &&
|
||||
flow->confidence != NDPI_CONFIDENCE_MATCH_BY_IP) {
|
||||
if((flow->confidence != NDPI_CONFIDENCE_MATCH_BY_PORT)
|
||||
&& (flow->confidence != NDPI_CONFIDENCE_MATCH_BY_IP)) {
|
||||
ndpi_compute_ndpi_flow_fingerprint(ndpi_struct, flow);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -86,6 +86,7 @@ struct pcre2_struct {
|
|||
typedef struct {
|
||||
char *key;
|
||||
u_int64_t value64;
|
||||
ndpi_list value_list;
|
||||
UT_hash_handle hh;
|
||||
} ndpi_str_hash_priv;
|
||||
|
||||
|
|
@ -3160,7 +3161,9 @@ void ndpi_hash_free(ndpi_str_hash **h) {
|
|||
|
||||
/* ******************************************************************** */
|
||||
|
||||
int ndpi_hash_find_entry(ndpi_str_hash *h, const char *key, u_int key_len, u_int64_t *value) {
|
||||
int ndpi_hash_find_entry_extra(ndpi_str_hash *h, const char *key, u_int key_len,
|
||||
u_int64_t *value /* out */,
|
||||
ndpi_list **extra_data /* out */) {
|
||||
ndpi_str_hash_priv *h_priv;
|
||||
ndpi_str_hash_priv *item;
|
||||
|
||||
|
|
@ -3176,6 +3179,9 @@ int ndpi_hash_find_entry(ndpi_str_hash *h, const char *key, u_int key_len, u_int
|
|||
if(value != NULL)
|
||||
*value = item->value64;
|
||||
|
||||
if(extra_data != NULL)
|
||||
*extra_data = &item->value_list;
|
||||
|
||||
h->stats.n_found++;
|
||||
return 0;
|
||||
} else
|
||||
|
|
@ -3184,7 +3190,15 @@ int ndpi_hash_find_entry(ndpi_str_hash *h, const char *key, u_int key_len, u_int
|
|||
|
||||
/* ******************************************************************** */
|
||||
|
||||
int ndpi_hash_add_entry(ndpi_str_hash **h, char *key, u_int8_t key_len, u_int64_t value) {
|
||||
int ndpi_hash_find_entry(ndpi_str_hash *h, const char *key,
|
||||
u_int key_len, u_int64_t *value /* out */) {
|
||||
return(ndpi_hash_find_entry_extra(h, key, key_len, value, NULL));
|
||||
}
|
||||
|
||||
/* ******************************************************************** */
|
||||
|
||||
int ndpi_hash_add_entry(ndpi_str_hash **h, char *key, u_int8_t key_len,
|
||||
u_int64_t value, char *extra_data /* Allocated by caller */) {
|
||||
ndpi_str_hash_priv *h_priv;
|
||||
ndpi_str_hash_priv *item, *ret_found;
|
||||
|
||||
|
|
@ -3196,7 +3210,15 @@ int ndpi_hash_add_entry(ndpi_str_hash **h, char *key, u_int8_t key_len, u_int64_
|
|||
HASH_FIND(hh, h_priv, key, key_len, item);
|
||||
|
||||
if(item != NULL) {
|
||||
item->value64 = value;
|
||||
if(extra_data != NULL) {
|
||||
/*
|
||||
If there are extra blocks to handle value64
|
||||
(the protocol) is not overwritten (***)
|
||||
*/
|
||||
ndpi_list_append(&item->value_list, extra_data);
|
||||
} else
|
||||
item->value64 = value;
|
||||
|
||||
return(1); /* Entry already present */
|
||||
}
|
||||
|
||||
|
|
@ -3204,6 +3226,7 @@ int ndpi_hash_add_entry(ndpi_str_hash **h, char *key, u_int8_t key_len, u_int64_
|
|||
if(item == NULL)
|
||||
return(2);
|
||||
|
||||
ndpi_list_init(&item->value_list);
|
||||
item->key = ndpi_malloc(key_len+1);
|
||||
|
||||
if(item->key == NULL) {
|
||||
|
|
@ -3214,12 +3237,16 @@ int ndpi_hash_add_entry(ndpi_str_hash **h, char *key, u_int8_t key_len, u_int64_
|
|||
item->key[key_len] = '\0';
|
||||
}
|
||||
|
||||
item->value64 = value;
|
||||
if(extra_data != NULL) /* Same as (***) above */
|
||||
ndpi_list_append(&item->value_list, extra_data);
|
||||
else
|
||||
item->value64 = value;
|
||||
|
||||
HASH_ADD(hh, *(ndpi_str_hash_priv **)&((*h)->priv), key[0], key_len, item);
|
||||
|
||||
HASH_FIND(hh, *(ndpi_str_hash_priv **)&((*h)->priv), key, key_len, ret_found);
|
||||
if(ret_found == NULL) { /* The insertion failed (because of a memory allocation error) */
|
||||
if(ret_found == NULL) {
|
||||
/* The insertion failed (because of a memory allocation error) */
|
||||
ndpi_free(item->key);
|
||||
ndpi_free(item);
|
||||
return 4;
|
||||
|
|
@ -3544,17 +3571,17 @@ void ndpi_set_risk(struct ndpi_detection_module_struct *ndpi_str,
|
|||
) {
|
||||
char buf[1024];
|
||||
|
||||
/* Concatenate risks info */
|
||||
/* Concatenate risks info */
|
||||
snprintf(buf, sizeof(buf), "%s;%s",
|
||||
flow->risk_infos[i].info, risk_message);
|
||||
|
||||
ndpi_free(flow->risk_infos[i].info);
|
||||
flow->risk_infos[i].info = ndpi_strdup(buf);
|
||||
}
|
||||
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
/* Risk already set without any details, but now we have a specific risk_message
|
||||
that we want to save.
|
||||
This might happen with NDPI_HTTP_CRAWLER_BOT which might have been set early via
|
||||
|
|
@ -4038,7 +4065,7 @@ char* ndpi_get_flow_risk_info(struct ndpi_flow_struct *flow,
|
|||
ordered_risk_infos = ndpi_malloc(sizeof(flow->risk_infos));
|
||||
if(!ordered_risk_infos)
|
||||
return(NULL);
|
||||
|
||||
|
||||
memcpy(ordered_risk_infos, flow->risk_infos, sizeof(flow->risk_infos));
|
||||
qsort(ordered_risk_infos, flow->num_risk_infos,
|
||||
sizeof(struct ndpi_risk_information), risk_infos_pair_cmp);
|
||||
|
|
@ -5277,14 +5304,15 @@ const char* ndpi_print_encoded_tls_block_type(ndpi_tls_block_type block_type, bo
|
|||
u_char* ndpi_encode_tls_blocks(struct ndpi_tls_block *tls_blocks,
|
||||
u_int8_t num_tls_blocks) {
|
||||
u_char buf[512];
|
||||
u_int8_t i, offset=0, block_len = sizeof(struct ndpi_tls_block);
|
||||
u_int8_t i, offset=0, block_len = 3 /* block_type(1) + len(2) */;
|
||||
u_int expected_len = num_tls_blocks * block_len;
|
||||
|
||||
|
||||
if(sizeof(buf) < expected_len) return(0); /* Buffer too short */
|
||||
|
||||
|
||||
for(i=0; i<num_tls_blocks; i++) {
|
||||
memcpy(&buf[offset], &tls_blocks[i], block_len);
|
||||
offset += block_len;
|
||||
buf[offset++] = (tls_blocks[i].block_type & 0x7F) + (tls_blocks[i].same_pkt << 7);
|
||||
buf[offset++] = tls_blocks[i].len >> 8;
|
||||
buf[offset++] = tls_blocks[i].len & 0xFF;
|
||||
}
|
||||
|
||||
return(ndpi_hex_encode(buf, expected_len));
|
||||
|
|
@ -5298,23 +5326,28 @@ struct ndpi_tls_block* ndpi_decode_tls_blocks(const u_char *encoded_blocks,
|
|||
u_int8_t *num_tls_blocks) {
|
||||
size_t out_len;
|
||||
u_char *buf = ndpi_hex_decode(encoded_blocks, encoded_blocks_len, &out_len);
|
||||
u_int8_t block_len = sizeof(struct ndpi_tls_block);
|
||||
struct ndpi_tls_block *ret;
|
||||
u_int expected_len;
|
||||
|
||||
u_int8_t i, offset, block_len = 3; /* block_type(1) + len(2) */
|
||||
struct ndpi_tls_block *tls_blocks;
|
||||
|
||||
if(buf == NULL) return(NULL);
|
||||
if(out_len == 0) { ndpi_free(buf); return(NULL); }
|
||||
|
||||
*num_tls_blocks = out_len / block_len;
|
||||
expected_len = (*num_tls_blocks) * block_len; /* Avoid rounding problems */
|
||||
|
||||
ret = (struct ndpi_tls_block*)ndpi_malloc(expected_len);
|
||||
if(ret == NULL) { ndpi_free(buf); return(NULL); }
|
||||
|
||||
memcpy(ret, buf, expected_len);
|
||||
tls_blocks = (struct ndpi_tls_block*)ndpi_calloc(*num_tls_blocks,
|
||||
sizeof(struct ndpi_tls_block));
|
||||
if(tls_blocks == NULL) { ndpi_free(buf); return(NULL); }
|
||||
|
||||
for(i=0, offset=0; i<*num_tls_blocks; i++) {
|
||||
tls_blocks[i].block_type = buf[offset] & 0x7F;
|
||||
tls_blocks[i].same_pkt = (buf[offset] & 0x80) ? 1 : 0;
|
||||
tls_blocks[i].len = (buf[offset+1] << 8) + buf[offset+2];
|
||||
offset += 3;
|
||||
}
|
||||
|
||||
ndpi_free(buf);
|
||||
|
||||
return(ret);
|
||||
return(tls_blocks);
|
||||
}
|
||||
|
||||
/* ****************************************** */
|
||||
|
|
@ -6016,18 +6049,79 @@ const char* ndpi_tls_supported_version2str(u_int16_t version_id, char unknown_ve
|
|||
returns a distance values: 0 = vectors are identical,
|
||||
otherwise a value is returned. The higger is the value
|
||||
the more different are the vectors.
|
||||
|
||||
|
||||
*/
|
||||
float ndpi_tls_blocks_len_compare(struct ndpi_tls_block *a,
|
||||
struct ndpi_tls_block *b,
|
||||
float *multiplier, /* length = num_tls_blocks */
|
||||
u_int8_t num_tls_blocks) {
|
||||
float total = 0;
|
||||
u_int8_t n;
|
||||
|
||||
for(n=0; n<num_tls_blocks; n++)
|
||||
total += fabs((float)(a[n].len - b[n].len)) * multiplier[n];
|
||||
|
||||
return(total / num_tls_blocks);
|
||||
for(n=0; n<num_tls_blocks; n++) {
|
||||
if(a[n].block_type != b[n].block_type)
|
||||
return(999999.);
|
||||
else {
|
||||
int diff = a[n].len - b[n].len;
|
||||
|
||||
if((diff != 0) && (n < 2 /* C/S Hello */))
|
||||
return(999999.);
|
||||
|
||||
total += diff * diff;
|
||||
|
||||
#if 0
|
||||
fprintf(stderr, "[%d] diff=%u [%d, %d], %.2f\n",
|
||||
n, diff, a[n].len, b[n].len, total);
|
||||
#endif
|
||||
}
|
||||
}
|
||||
|
||||
return(total);
|
||||
}
|
||||
|
||||
/* ****************************************** */
|
||||
|
||||
void ndpi_list_init(ndpi_list *l) {
|
||||
l->value = NULL, l->next = NULL;
|
||||
}
|
||||
|
||||
/* ****************************************** */
|
||||
|
||||
void ndpi_list_free(ndpi_list *l) {
|
||||
while(l != NULL) {
|
||||
ndpi_list *next = l->next;
|
||||
|
||||
if(l->value != NULL) ndpi_free(l->value);
|
||||
ndpi_free(l);
|
||||
l = next;
|
||||
}
|
||||
}
|
||||
|
||||
/* ****************************************** */
|
||||
|
||||
/*
|
||||
NOTE:
|
||||
*value must be allocated by the caller and
|
||||
it will be freed by ndpi_list_free()
|
||||
*/
|
||||
bool ndpi_list_append(ndpi_list *l, void *value) {
|
||||
if(l->value == NULL) {
|
||||
/* Empty list: let's use the first entry */
|
||||
l->value = value;
|
||||
} else {
|
||||
ndpi_list *new_tail = (ndpi_list*)ndpi_malloc(sizeof(ndpi_list));
|
||||
|
||||
if(new_tail == NULL) return(false);
|
||||
new_tail->value = value, new_tail->next = NULL;
|
||||
|
||||
/* Move to the end */
|
||||
while(l->next != NULL) l = l->next;
|
||||
|
||||
if(l != NULL)
|
||||
l->next = new_tail;
|
||||
else
|
||||
ndpi_free(new_tail); /* Something went wrong */
|
||||
}
|
||||
|
||||
return(true); /* All good */
|
||||
}
|
||||
#endif
|
||||
|
|
|
|||
|
|
@ -1173,6 +1173,61 @@ void processCertificateElements(struct ndpi_detection_module_struct *ndpi_struct
|
|||
|
||||
/* **************************************** */
|
||||
|
||||
static void tls_match_ja4(struct ndpi_detection_module_struct *ndpi_struct,
|
||||
struct ndpi_flow_struct *flow) {
|
||||
if(ndpi_struct->ja4_custom_protos != NULL) {
|
||||
u_int64_t proto_id;
|
||||
ndpi_list *extra_data = NULL;
|
||||
|
||||
/* This protocol has been defined in protos.txt-like files */
|
||||
if(ndpi_hash_find_entry_extra(ndpi_struct->ja4_custom_protos,
|
||||
flow->protos.tls_quic.ja4_client,
|
||||
NDPI_ARRAY_LENGTH(flow->protos.tls_quic.ja4_client) - 1,
|
||||
&proto_id, &extra_data) != 0)
|
||||
return; /* Not found */
|
||||
else
|
||||
proto_id = ndpi_compare_flow_tls_blocks(ndpi_struct, flow, extra_data, proto_id);
|
||||
|
||||
if(proto_id != NDPI_PROTOCOL_UNKNOWN)
|
||||
ndpi_set_detected_protocol(ndpi_struct, flow, proto_id,
|
||||
ndpi_get_master_proto(ndpi_struct, flow),
|
||||
NDPI_CONFIDENCE_CUSTOM_RULE);
|
||||
}
|
||||
|
||||
#ifndef __KERNEL__
|
||||
if(ndpi_struct->malicious_ja4_hashmap != NULL) {
|
||||
u_int16_t rc1 = ndpi_hash_find_entry(ndpi_struct->malicious_ja4_hashmap,
|
||||
flow->protos.tls_quic.ja4_client,
|
||||
NDPI_ARRAY_LENGTH(flow->protos.tls_quic.ja4_client) - 1,
|
||||
NULL);
|
||||
|
||||
if(rc1 == 0)
|
||||
ndpi_set_risk(ndpi_struct, flow, NDPI_MALICIOUS_FINGERPRINT,
|
||||
flow->protos.tls_quic.ja4_client);
|
||||
}
|
||||
#else
|
||||
{
|
||||
static const char pref_str[]="RISK_JA4_";
|
||||
char risk_ja4_str[sizeof(pref_str) + sizeof(flow->protos.tls_quic.ja4_client) + 1];
|
||||
u_int32_t val;
|
||||
u_int16_t rc1;
|
||||
size_t len = sizeof(pref_str)-1,len2 = strlen(flow->protos.tls_quic.ja4_client);
|
||||
|
||||
strcpy(risk_ja4_str,pref_str);
|
||||
strncpy(&risk_ja4_str[len],flow->protos.tls_quic.ja4_client,len2);
|
||||
len += len2;
|
||||
risk_ja4_str[len] = '\0';
|
||||
|
||||
rc1 = ndpi_match_string_value(ndpi_struct->host_automa.ac_automa,
|
||||
risk_ja4_str, len | AC_FEATURE_EXACT, &val) == -1;
|
||||
if(rc1 == 0)
|
||||
ndpi_set_risk(ndpi_struct, flow, NDPI_MALICIOUS_FINGERPRINT, flow->protos.tls_quic.ja4_client);
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
/* **************************************** */
|
||||
|
||||
/* See https://blog.catchpoint.com/2017/05/12/dissecting-tls-using-wireshark/ */
|
||||
int processCertificate(struct ndpi_detection_module_struct *ndpi_struct,
|
||||
struct ndpi_flow_struct *flow) {
|
||||
|
|
@ -1316,6 +1371,8 @@ int processCertificate(struct ndpi_detection_module_struct *ndpi_struct,
|
|||
printf("*** [TLS Block] Enough blocks dissected\n");
|
||||
#endif
|
||||
|
||||
tls_match_ja4(ndpi_struct, flow);
|
||||
|
||||
flow->extra_packets_func = NULL; /* We're good now */
|
||||
}
|
||||
|
||||
|
|
@ -1431,9 +1488,9 @@ static int processHandshakeTLSBlock(struct ndpi_detection_module_struct *ndpi_st
|
|||
|
||||
if(!is_dtls && flow->protos.tls_quic.ssl_version >= 0x0304 /* TLS 1.3 */)
|
||||
flow->tls_quic.certificate_processed = 1; /* No Certificate with TLS 1.3+ */
|
||||
|
||||
|
||||
if(is_dtls && flow->protos.tls_quic.ssl_version == 0xFEFC /* DTLS 1.3 */)
|
||||
flow->tls_quic.certificate_processed = 1; /* No Certificate with DTLS 1.3+ */
|
||||
flow->tls_quic.certificate_processed = 1; /* No Certificate with DTLS 1.3+ */
|
||||
|
||||
checkTLSSubprotocol(ndpi_struct, flow, packet->payload[0] == 0x01);
|
||||
break;
|
||||
|
|
@ -1731,7 +1788,10 @@ int ndpi_search_tls_tcp(struct ndpi_detection_module_struct *ndpi_struct,
|
|||
ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_TLS, NDPI_CONFIDENCE_DPI_AGGRESSIVE);
|
||||
/* TLS over port 8080 usually triggers that risk; clear it */
|
||||
ndpi_unset_risk(ndpi_struct, flow, NDPI_KNOWN_PROTOCOL_ON_NON_STANDARD_PORT);
|
||||
|
||||
tls_match_ja4(ndpi_struct, flow);
|
||||
flow->extra_packets_func = NULL;
|
||||
|
||||
return(0); /* That's all */
|
||||
/* Loook for TLS-in-TLS */
|
||||
} else if((ndpi_struct->cfg.tls_heuristics & NDPI_HEURISTICS_TLS_OBFUSCATED_TLS) && /* Feature enabled */
|
||||
|
|
@ -1744,6 +1804,8 @@ int ndpi_search_tls_tcp(struct ndpi_detection_module_struct *ndpi_struct,
|
|||
switch_extra_dissection_to_tls_obfuscated_heur(ndpi_struct, flow);
|
||||
return(1);
|
||||
} else {
|
||||
tls_match_ja4(ndpi_struct, flow);
|
||||
|
||||
flow->extra_packets_func = NULL;
|
||||
return(0); /* That's all */
|
||||
}
|
||||
|
|
@ -3613,49 +3675,7 @@ static int _processClientServerHello(struct ndpi_detection_module_struct *ndpi_s
|
|||
compute_ja4c:
|
||||
if(ndpi_struct->cfg.tls_ja4c_fingerprint_enabled) {
|
||||
ndpi_compute_ja4(ndpi_struct, flow, quic_version, ja);
|
||||
|
||||
if(ndpi_struct->ja4_custom_protos != NULL) {
|
||||
u_int64_t proto_id;
|
||||
|
||||
/* This protocol has been defined in protos.txt-like files */
|
||||
if(ndpi_hash_find_entry(ndpi_struct->ja4_custom_protos,
|
||||
flow->protos.tls_quic.ja4_client,
|
||||
NDPI_ARRAY_LENGTH(flow->protos.tls_quic.ja4_client) - 1,
|
||||
&proto_id) == 0) {
|
||||
ndpi_set_detected_protocol(ndpi_struct, flow, proto_id,
|
||||
ndpi_get_master_proto(ndpi_struct, flow),
|
||||
NDPI_CONFIDENCE_CUSTOM_RULE);
|
||||
}
|
||||
}
|
||||
#ifndef __KERNEL__
|
||||
if(ndpi_struct->malicious_ja4_hashmap != NULL) {
|
||||
u_int16_t rc1 = ndpi_hash_find_entry(ndpi_struct->malicious_ja4_hashmap,
|
||||
flow->protos.tls_quic.ja4_client,
|
||||
NDPI_ARRAY_LENGTH(flow->protos.tls_quic.ja4_client) - 1,
|
||||
NULL);
|
||||
|
||||
if(rc1 == 0)
|
||||
ndpi_set_risk(ndpi_struct, flow, NDPI_MALICIOUS_FINGERPRINT, flow->protos.tls_quic.ja4_client);
|
||||
}
|
||||
#else
|
||||
{
|
||||
static const char pref_str[]="RISK_JA4_";
|
||||
char risk_ja4_str[sizeof(pref_str) + sizeof(flow->protos.tls_quic.ja4_client) + 1];
|
||||
u_int32_t val;
|
||||
u_int16_t rc1;
|
||||
size_t len = sizeof(pref_str)-1,len2 = strlen(flow->protos.tls_quic.ja4_client);
|
||||
|
||||
strcpy(risk_ja4_str,pref_str);
|
||||
strncpy(&risk_ja4_str[len],flow->protos.tls_quic.ja4_client,len2);
|
||||
len += len2;
|
||||
risk_ja4_str[len] = '\0';
|
||||
|
||||
rc1 = ndpi_match_string_value(ndpi_struct->host_automa.ac_automa,
|
||||
risk_ja4_str, len | AC_FEATURE_EXACT, &val) == -1;
|
||||
if(rc1 == 0)
|
||||
ndpi_set_risk(ndpi_struct, flow, NDPI_MALICIOUS_FINGERPRINT, flow->protos.tls_quic.ja4_client);
|
||||
}
|
||||
#endif
|
||||
tls_match_ja4(ndpi_struct, flow);
|
||||
}
|
||||
|
||||
if(ndpi_struct->cfg.tls_ja_data_enabled) {
|
||||
|
|
|
|||
|
|
@ -22,11 +22,11 @@ Patricia risk: 0/0 (search/found)
|
|||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 11/1 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 2/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 6/4 (search/found)
|
||||
Hash public domain suffix: 42/25 (search/found)
|
||||
Hash ja4 custom protos: 2/0 (search/found)
|
||||
Hash ja4 custom protos: 7/0 (search/found)
|
||||
Hash fp custom protos: 2/0 (search/found)
|
||||
Hash url custom protos: 1/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -25,11 +25,11 @@ Patricia risk: 1/0 (search/found)
|
|||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 119/49 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 38/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 18/0 (search/found)
|
||||
Hash TCP fingerprints: 38/0 (search/found)
|
||||
Hash public domain suffix: 961/531 (search/found)
|
||||
Hash ja4 custom protos: 38/0 (search/found)
|
||||
Hash ja4 custom protos: 75/0 (search/found)
|
||||
Hash fp custom protos: 38/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ Hash malicious ja4: 0/0 (search/found)
|
|||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 0/0 (search/found)
|
||||
Hash public domain suffix: 0/0 (search/found)
|
||||
Hash ja4 custom protos: 0/0 (search/found)
|
||||
Hash ja4 custom protos: 22/0 (search/found)
|
||||
Hash fp custom protos: 0/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ Hash malicious ja4: 0/0 (search/found)
|
|||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 4/4 (search/found)
|
||||
Hash public domain suffix: 0/0 (search/found)
|
||||
Hash ja4 custom protos: 0/0 (search/found)
|
||||
Hash ja4 custom protos: 4/0 (search/found)
|
||||
Hash fp custom protos: 0/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -23,11 +23,11 @@ Patricia risk: 0/0 (search/found)
|
|||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 11/1 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 2/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 6/4 (search/found)
|
||||
Hash public domain suffix: 42/25 (search/found)
|
||||
Hash ja4 custom protos: 2/0 (search/found)
|
||||
Hash ja4 custom protos: 7/0 (search/found)
|
||||
Hash fp custom protos: 2/0 (search/found)
|
||||
Hash url custom protos: 1/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -26,11 +26,11 @@ Patricia risk: 1/0 (search/found)
|
|||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 119/49 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 38/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 18/0 (search/found)
|
||||
Hash TCP fingerprints: 38/0 (search/found)
|
||||
Hash public domain suffix: 961/531 (search/found)
|
||||
Hash ja4 custom protos: 38/0 (search/found)
|
||||
Hash ja4 custom protos: 75/0 (search/found)
|
||||
Hash fp custom protos: 38/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ Hash malicious ja4: 0/0 (search/found)
|
|||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 0/0 (search/found)
|
||||
Hash public domain suffix: 0/0 (search/found)
|
||||
Hash ja4 custom protos: 0/0 (search/found)
|
||||
Hash ja4 custom protos: 22/0 (search/found)
|
||||
Hash fp custom protos: 0/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ Hash malicious ja4: 0/0 (search/found)
|
|||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 0/0 (search/found)
|
||||
Hash public domain suffix: 0/0 (search/found)
|
||||
Hash ja4 custom protos: 0/0 (search/found)
|
||||
Hash ja4 custom protos: 1/0 (search/found)
|
||||
Hash fp custom protos: 0/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -20,11 +20,11 @@ Patricia risk: 0/0 (search/found)
|
|||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 10/0 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 5/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 0/0 (search/found)
|
||||
Hash public domain suffix: 3/0 (search/found)
|
||||
Hash ja4 custom protos: 5/0 (search/found)
|
||||
Hash ja4 custom protos: 10/0 (search/found)
|
||||
Hash fp custom protos: 0/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -23,11 +23,11 @@ Patricia risk: 0/0 (search/found)
|
|||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 11/1 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 2/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 0/0 (search/found)
|
||||
Hash public domain suffix: 42/25 (search/found)
|
||||
Hash ja4 custom protos: 2/0 (search/found)
|
||||
Hash ja4 custom protos: 7/0 (search/found)
|
||||
Hash fp custom protos: 0/0 (search/found)
|
||||
Hash url custom protos: 1/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -26,11 +26,11 @@ Patricia risk: 1/0 (search/found)
|
|||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 119/49 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 38/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 0/0 (search/found)
|
||||
Hash public domain suffix: 716/393 (search/found)
|
||||
Hash ja4 custom protos: 38/0 (search/found)
|
||||
Hash ja4 custom protos: 78/0 (search/found)
|
||||
Hash fp custom protos: 0/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ Patricia risk: 0/0 (search/found)
|
|||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 1/1 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 1/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 0/0 (search/found)
|
||||
Hash public domain suffix: 18/11 (search/found)
|
||||
|
|
|
|||
|
|
@ -19,11 +19,11 @@ Patricia risk: 0/0 (search/found)
|
|||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 1/1 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 1/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 0/0 (search/found)
|
||||
Hash public domain suffix: 9/5 (search/found)
|
||||
Hash ja4 custom protos: 1/0 (search/found)
|
||||
Hash ja4 custom protos: 2/0 (search/found)
|
||||
Hash fp custom protos: 0/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ Hash malicious ja4: 0/0 (search/found)
|
|||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 0/0 (search/found)
|
||||
Hash public domain suffix: 7/4 (search/found)
|
||||
Hash ja4 custom protos: 0/0 (search/found)
|
||||
Hash ja4 custom protos: 1/0 (search/found)
|
||||
Hash fp custom protos: 0/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -19,11 +19,11 @@ Patricia risk: 0/0 (search/found)
|
|||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 1/1 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 1/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 0/0 (search/found)
|
||||
Hash public domain suffix: 9/5 (search/found)
|
||||
Hash ja4 custom protos: 1/0 (search/found)
|
||||
Hash ja4 custom protos: 2/0 (search/found)
|
||||
Hash fp custom protos: 0/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -19,11 +19,11 @@ Patricia risk: 0/0 (search/found)
|
|||
Patricia risk IPv6: 1/0 (search/found)
|
||||
Patricia protocols: 0/0 (search/found)
|
||||
Patricia protocols IPv6: 1/1 (search/found)
|
||||
Hash malicious ja4: 1/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 0/0 (search/found)
|
||||
Hash public domain suffix: 11/6 (search/found)
|
||||
Hash ja4 custom protos: 1/0 (search/found)
|
||||
Hash ja4 custom protos: 2/0 (search/found)
|
||||
Hash fp custom protos: 0/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -19,11 +19,11 @@ Patricia risk: 0/0 (search/found)
|
|||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 2/0 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 1/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 0/0 (search/found)
|
||||
Hash public domain suffix: 9/5 (search/found)
|
||||
Hash ja4 custom protos: 1/0 (search/found)
|
||||
Hash ja4 custom protos: 2/0 (search/found)
|
||||
Hash fp custom protos: 0/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -24,11 +24,11 @@ Patricia risk: 0/0 (search/found)
|
|||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 46/20 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 13/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 0/0 (search/found)
|
||||
Hash public domain suffix: 153/91 (search/found)
|
||||
Hash ja4 custom protos: 13/0 (search/found)
|
||||
Hash ja4 custom protos: 28/0 (search/found)
|
||||
Hash fp custom protos: 0/0 (search/found)
|
||||
Hash url custom protos: 8/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ Patricia risk: 0/0 (search/found)
|
|||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 3/3 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 3/0 (search/found)
|
||||
Hash malicious ja4: 6/0 (search/found)
|
||||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 3/3 (search/found)
|
||||
Hash public domain suffix: 34/22 (search/found)
|
||||
|
|
|
|||
|
|
@ -24,11 +24,11 @@ Patricia risk: 3/0 (search/found)
|
|||
Patricia risk IPv6: 25/0 (search/found)
|
||||
Patricia protocols: 286/58 (search/found)
|
||||
Patricia protocols IPv6: 50/0 (search/found)
|
||||
Hash malicious ja4: 4/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 22/0 (search/found)
|
||||
Hash public domain suffix: 1248/684 (search/found)
|
||||
Hash ja4 custom protos: 4/0 (search/found)
|
||||
Hash ja4 custom protos: 11/0 (search/found)
|
||||
Hash fp custom protos: 4/0 (search/found)
|
||||
Hash url custom protos: 85/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ Hash malicious ja4: 0/0 (search/found)
|
|||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 0/0 (search/found)
|
||||
Hash public domain suffix: 0/0 (search/found)
|
||||
Hash ja4 custom protos: 0/0 (search/found)
|
||||
Hash ja4 custom protos: 1/0 (search/found)
|
||||
Hash fp custom protos: 0/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -19,11 +19,11 @@ Patricia risk: 0/0 (search/found)
|
|||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 1/1 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 1/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 1/0 (search/found)
|
||||
Hash TCP fingerprints: 1/0 (search/found)
|
||||
Hash public domain suffix: 9/5 (search/found)
|
||||
Hash ja4 custom protos: 1/0 (search/found)
|
||||
Hash ja4 custom protos: 2/0 (search/found)
|
||||
Hash fp custom protos: 1/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -19,11 +19,11 @@ Patricia risk: 0/0 (search/found)
|
|||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 1/1 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 1/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 1/0 (search/found)
|
||||
Hash TCP fingerprints: 1/0 (search/found)
|
||||
Hash public domain suffix: 9/5 (search/found)
|
||||
Hash ja4 custom protos: 1/0 (search/found)
|
||||
Hash ja4 custom protos: 2/0 (search/found)
|
||||
Hash fp custom protos: 1/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -19,11 +19,11 @@ Patricia risk: 0/0 (search/found)
|
|||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 1/1 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 1/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 1/0 (search/found)
|
||||
Hash TCP fingerprints: 1/0 (search/found)
|
||||
Hash public domain suffix: 4/4 (search/found)
|
||||
Hash ja4 custom protos: 1/0 (search/found)
|
||||
Hash ja4 custom protos: 2/0 (search/found)
|
||||
Hash fp custom protos: 1/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ Hash malicious ja4: 0/0 (search/found)
|
|||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 1/0 (search/found)
|
||||
Hash public domain suffix: 0/0 (search/found)
|
||||
Hash ja4 custom protos: 0/0 (search/found)
|
||||
Hash ja4 custom protos: 1/0 (search/found)
|
||||
Hash fp custom protos: 0/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -19,11 +19,11 @@ Patricia risk: 0/0 (search/found)
|
|||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 1/1 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 1/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 1/0 (search/found)
|
||||
Hash TCP fingerprints: 1/0 (search/found)
|
||||
Hash public domain suffix: 9/5 (search/found)
|
||||
Hash ja4 custom protos: 1/0 (search/found)
|
||||
Hash ja4 custom protos: 2/0 (search/found)
|
||||
Hash fp custom protos: 1/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ Patricia risk: 0/0 (search/found)
|
|||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 2/0 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 1/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 1/0 (search/found)
|
||||
Hash public domain suffix: 9/5 (search/found)
|
||||
|
|
|
|||
|
|
@ -21,11 +21,11 @@ Patricia risk: 0/0 (search/found)
|
|||
Patricia risk IPv6: 10/1 (search/found)
|
||||
Patricia protocols: 0/0 (search/found)
|
||||
Patricia protocols IPv6: 11/10 (search/found)
|
||||
Hash malicious ja4: 2/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 2/0 (search/found)
|
||||
Hash TCP fingerprints: 3/0 (search/found)
|
||||
Hash public domain suffix: 105/62 (search/found)
|
||||
Hash ja4 custom protos: 2/0 (search/found)
|
||||
Hash ja4 custom protos: 4/0 (search/found)
|
||||
Hash fp custom protos: 2/0 (search/found)
|
||||
Hash url custom protos: 1/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -24,11 +24,11 @@ Patricia risk: 0/0 (search/found)
|
|||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 62/14 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 8/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 7/0 (search/found)
|
||||
Hash TCP fingerprints: 11/0 (search/found)
|
||||
Hash public domain suffix: 376/216 (search/found)
|
||||
Hash ja4 custom protos: 8/0 (search/found)
|
||||
Hash ja4 custom protos: 19/0 (search/found)
|
||||
Hash fp custom protos: 8/0 (search/found)
|
||||
Hash url custom protos: 2/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -24,11 +24,11 @@ Patricia risk: 0/0 (search/found)
|
|||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 31/9 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 3/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 2/0 (search/found)
|
||||
Hash TCP fingerprints: 4/0 (search/found)
|
||||
Hash public domain suffix: 27/15 (search/found)
|
||||
Hash ja4 custom protos: 3/0 (search/found)
|
||||
Hash ja4 custom protos: 10/0 (search/found)
|
||||
Hash fp custom protos: 3/0 (search/found)
|
||||
Hash url custom protos: 1/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ Hash malicious ja4: 0/0 (search/found)
|
|||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 1/0 (search/found)
|
||||
Hash public domain suffix: 0/0 (search/found)
|
||||
Hash ja4 custom protos: 0/0 (search/found)
|
||||
Hash ja4 custom protos: 1/0 (search/found)
|
||||
Hash fp custom protos: 0/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -25,11 +25,11 @@ Patricia risk: 1/0 (search/found)
|
|||
Patricia risk IPv6: 4/0 (search/found)
|
||||
Patricia protocols: 196/116 (search/found)
|
||||
Patricia protocols IPv6: 8/0 (search/found)
|
||||
Hash malicious ja4: 88/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 34/0 (search/found)
|
||||
Hash TCP fingerprints: 121/121 (search/found)
|
||||
Hash public domain suffix: 1447/806 (search/found)
|
||||
Hash ja4 custom protos: 88/0 (search/found)
|
||||
Hash ja4 custom protos: 177/0 (search/found)
|
||||
Hash fp custom protos: 88/0 (search/found)
|
||||
Hash url custom protos: 19/2 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ Hash malicious ja4: 0/0 (search/found)
|
|||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 15/15 (search/found)
|
||||
Hash public domain suffix: 0/0 (search/found)
|
||||
Hash ja4 custom protos: 0/0 (search/found)
|
||||
Hash ja4 custom protos: 15/0 (search/found)
|
||||
Hash fp custom protos: 0/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ Hash malicious ja4: 0/0 (search/found)
|
|||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 0/0 (search/found)
|
||||
Hash public domain suffix: 0/0 (search/found)
|
||||
Hash ja4 custom protos: 0/0 (search/found)
|
||||
Hash ja4 custom protos: 3/0 (search/found)
|
||||
Hash fp custom protos: 0/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -25,11 +25,11 @@ Patricia risk: 1/0 (search/found)
|
|||
Patricia risk IPv6: 5/0 (search/found)
|
||||
Patricia protocols: 87/29 (search/found)
|
||||
Patricia protocols IPv6: 10/0 (search/found)
|
||||
Hash malicious ja4: 18/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 5/0 (search/found)
|
||||
Hash TCP fingerprints: 24/24 (search/found)
|
||||
Hash public domain suffix: 541/302 (search/found)
|
||||
Hash ja4 custom protos: 18/0 (search/found)
|
||||
Hash ja4 custom protos: 38/0 (search/found)
|
||||
Hash fp custom protos: 18/0 (search/found)
|
||||
Hash url custom protos: 3/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -25,11 +25,11 @@ Patricia risk: 0/0 (search/found)
|
|||
Patricia risk IPv6: 3/0 (search/found)
|
||||
Patricia protocols: 122/10 (search/found)
|
||||
Patricia protocols IPv6: 6/0 (search/found)
|
||||
Hash malicious ja4: 7/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 4/0 (search/found)
|
||||
Hash TCP fingerprints: 8/0 (search/found)
|
||||
Hash public domain suffix: 541/305 (search/found)
|
||||
Hash ja4 custom protos: 7/0 (search/found)
|
||||
Hash ja4 custom protos: 19/0 (search/found)
|
||||
Hash fp custom protos: 6/0 (search/found)
|
||||
Hash url custom protos: 4/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -20,11 +20,11 @@ Patricia risk: 0/0 (search/found)
|
|||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 12/2 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 4/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 4/0 (search/found)
|
||||
Hash TCP fingerprints: 4/3 (search/found)
|
||||
Hash public domain suffix: 40/22 (search/found)
|
||||
Hash ja4 custom protos: 4/0 (search/found)
|
||||
Hash ja4 custom protos: 9/0 (search/found)
|
||||
Hash fp custom protos: 4/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -19,11 +19,11 @@ Patricia risk: 0/0 (search/found)
|
|||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 1/1 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 1/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 1/1 (search/found)
|
||||
Hash public domain suffix: 11/6 (search/found)
|
||||
Hash ja4 custom protos: 1/0 (search/found)
|
||||
Hash ja4 custom protos: 2/0 (search/found)
|
||||
Hash fp custom protos: 1/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ Hash malicious ja4: 0/0 (search/found)
|
|||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 1/1 (search/found)
|
||||
Hash public domain suffix: 0/0 (search/found)
|
||||
Hash ja4 custom protos: 0/0 (search/found)
|
||||
Hash ja4 custom protos: 2/0 (search/found)
|
||||
Hash fp custom protos: 0/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ Hash malicious ja4: 0/0 (search/found)
|
|||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 10/10 (search/found)
|
||||
Hash public domain suffix: 0/0 (search/found)
|
||||
Hash ja4 custom protos: 0/0 (search/found)
|
||||
Hash ja4 custom protos: 10/0 (search/found)
|
||||
Hash fp custom protos: 0/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -19,11 +19,11 @@ Patricia risk: 0/0 (search/found)
|
|||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 1/1 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 1/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 1/1 (search/found)
|
||||
Hash public domain suffix: 7/4 (search/found)
|
||||
Hash ja4 custom protos: 1/0 (search/found)
|
||||
Hash ja4 custom protos: 2/0 (search/found)
|
||||
Hash fp custom protos: 1/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ Hash malicious ja4: 0/0 (search/found)
|
|||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 1/0 (search/found)
|
||||
Hash public domain suffix: 0/0 (search/found)
|
||||
Hash ja4 custom protos: 0/0 (search/found)
|
||||
Hash ja4 custom protos: 1/0 (search/found)
|
||||
Hash fp custom protos: 0/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ Hash malicious ja4: 0/0 (search/found)
|
|||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 0/0 (search/found)
|
||||
Hash public domain suffix: 0/0 (search/found)
|
||||
Hash ja4 custom protos: 0/0 (search/found)
|
||||
Hash ja4 custom protos: 22/0 (search/found)
|
||||
Hash fp custom protos: 0/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ Hash malicious ja4: 0/0 (search/found)
|
|||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 1/1 (search/found)
|
||||
Hash public domain suffix: 0/0 (search/found)
|
||||
Hash ja4 custom protos: 0/0 (search/found)
|
||||
Hash ja4 custom protos: 1/0 (search/found)
|
||||
Hash fp custom protos: 0/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ Hash malicious ja4: 0/0 (search/found)
|
|||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 5/5 (search/found)
|
||||
Hash public domain suffix: 0/0 (search/found)
|
||||
Hash ja4 custom protos: 0/0 (search/found)
|
||||
Hash ja4 custom protos: 1/0 (search/found)
|
||||
Hash fp custom protos: 0/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -19,11 +19,11 @@ Patricia risk: 0/0 (search/found)
|
|||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 2/0 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 1/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 1/0 (search/found)
|
||||
Hash TCP fingerprints: 0/0 (search/found)
|
||||
Hash public domain suffix: 9/5 (search/found)
|
||||
Hash ja4 custom protos: 1/0 (search/found)
|
||||
Hash ja4 custom protos: 2/0 (search/found)
|
||||
Hash fp custom protos: 1/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ Patricia risk: 0/0 (search/found)
|
|||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 3/3 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 3/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 3/3 (search/found)
|
||||
Hash public domain suffix: 27/15 (search/found)
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ Hash malicious ja4: 0/0 (search/found)
|
|||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 3/2 (search/found)
|
||||
Hash public domain suffix: 0/0 (search/found)
|
||||
Hash ja4 custom protos: 0/0 (search/found)
|
||||
Hash ja4 custom protos: 2/0 (search/found)
|
||||
Hash fp custom protos: 0/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -19,11 +19,11 @@ Patricia risk: 0/0 (search/found)
|
|||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 12/0 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 6/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 6/0 (search/found)
|
||||
Hash public domain suffix: 132/78 (search/found)
|
||||
Hash ja4 custom protos: 6/0 (search/found)
|
||||
Hash ja4 custom protos: 12/0 (search/found)
|
||||
Hash fp custom protos: 6/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -24,11 +24,11 @@ Patricia risk: 0/0 (search/found)
|
|||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 10/8 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 4/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 2/0 (search/found)
|
||||
Hash TCP fingerprints: 6/6 (search/found)
|
||||
Hash public domain suffix: 36/20 (search/found)
|
||||
Hash ja4 custom protos: 4/0 (search/found)
|
||||
Hash ja4 custom protos: 8/0 (search/found)
|
||||
Hash fp custom protos: 4/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ Hash malicious ja4: 0/0 (search/found)
|
|||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 1/0 (search/found)
|
||||
Hash public domain suffix: 0/0 (search/found)
|
||||
Hash ja4 custom protos: 0/0 (search/found)
|
||||
Hash ja4 custom protos: 2/0 (search/found)
|
||||
Hash fp custom protos: 0/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ Patricia risk: 0/0 (search/found)
|
|||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 4/2 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 1/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 1/0 (search/found)
|
||||
Hash public domain suffix: 9/5 (search/found)
|
||||
|
|
|
|||
|
|
@ -21,11 +21,11 @@ Patricia risk: 0/0 (search/found)
|
|||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 13/9 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 1/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 1/0 (search/found)
|
||||
Hash TCP fingerprints: 9/9 (search/found)
|
||||
Hash public domain suffix: 118/69 (search/found)
|
||||
Hash ja4 custom protos: 1/0 (search/found)
|
||||
Hash ja4 custom protos: 2/0 (search/found)
|
||||
Hash fp custom protos: 1/0 (search/found)
|
||||
Hash url custom protos: 9/1 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ Hash malicious ja4: 0/0 (search/found)
|
|||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 1/0 (search/found)
|
||||
Hash public domain suffix: 0/0 (search/found)
|
||||
Hash ja4 custom protos: 0/0 (search/found)
|
||||
Hash ja4 custom protos: 1/0 (search/found)
|
||||
Hash fp custom protos: 0/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ Hash malicious ja4: 0/0 (search/found)
|
|||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 1/1 (search/found)
|
||||
Hash public domain suffix: 0/0 (search/found)
|
||||
Hash ja4 custom protos: 0/0 (search/found)
|
||||
Hash ja4 custom protos: 1/0 (search/found)
|
||||
Hash fp custom protos: 0/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -21,11 +21,11 @@ Patricia risk: 0/0 (search/found)
|
|||
Patricia risk IPv6: 2/0 (search/found)
|
||||
Patricia protocols: 3/1 (search/found)
|
||||
Patricia protocols IPv6: 4/0 (search/found)
|
||||
Hash malicious ja4: 1/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 2/0 (search/found)
|
||||
Hash public domain suffix: 12/7 (search/found)
|
||||
Hash ja4 custom protos: 1/0 (search/found)
|
||||
Hash ja4 custom protos: 3/0 (search/found)
|
||||
Hash fp custom protos: 1/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -19,11 +19,11 @@ Patricia risk: 0/0 (search/found)
|
|||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 2/0 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 1/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 1/0 (search/found)
|
||||
Hash TCP fingerprints: 1/1 (search/found)
|
||||
Hash public domain suffix: 4/4 (search/found)
|
||||
Hash ja4 custom protos: 1/0 (search/found)
|
||||
Hash ja4 custom protos: 2/0 (search/found)
|
||||
Hash fp custom protos: 1/1 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -13,17 +13,17 @@ Automa domain: 0/0 (search/found)
|
|||
Automa tls cert: 0/0 (search/found)
|
||||
Automa risk mask: 0/0 (search/found)
|
||||
Automa common alpns: 2/2 (search/found)
|
||||
Patricia risk mask: 0/0 (search/found)
|
||||
Patricia risk mask: 2/0 (search/found)
|
||||
Patricia risk mask IPv6: 0/0 (search/found)
|
||||
Patricia risk: 0/0 (search/found)
|
||||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 2/0 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 1/0 (search/found)
|
||||
Hash malicious ja4: 2/0 (search/found)
|
||||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 1/1 (search/found)
|
||||
Hash public domain suffix: 0/0 (search/found)
|
||||
Hash ja4 custom protos: 1/1 (search/found)
|
||||
Hash ja4 custom protos: 2/2 (search/found)
|
||||
Hash fp custom protos: 1/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -19,11 +19,11 @@ Patricia risk: 0/0 (search/found)
|
|||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 3/3 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 3/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 3/3 (search/found)
|
||||
Hash public domain suffix: 22/14 (search/found)
|
||||
Hash ja4 custom protos: 3/0 (search/found)
|
||||
Hash ja4 custom protos: 6/0 (search/found)
|
||||
Hash fp custom protos: 3/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -19,11 +19,11 @@ Patricia risk: 0/0 (search/found)
|
|||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 3/3 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 3/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 3/3 (search/found)
|
||||
Hash public domain suffix: 29/16 (search/found)
|
||||
Hash ja4 custom protos: 3/0 (search/found)
|
||||
Hash ja4 custom protos: 6/0 (search/found)
|
||||
Hash fp custom protos: 3/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -19,11 +19,11 @@ Patricia risk: 0/0 (search/found)
|
|||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 3/1 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 1/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 2/0 (search/found)
|
||||
Hash public domain suffix: 9/5 (search/found)
|
||||
Hash ja4 custom protos: 1/0 (search/found)
|
||||
Hash ja4 custom protos: 3/0 (search/found)
|
||||
Hash fp custom protos: 1/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -20,11 +20,11 @@ Patricia risk: 0/0 (search/found)
|
|||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 34/34 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 1/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 1/0 (search/found)
|
||||
Hash TCP fingerprints: 1/1 (search/found)
|
||||
Hash public domain suffix: 4/4 (search/found)
|
||||
Hash ja4 custom protos: 1/0 (search/found)
|
||||
Hash ja4 custom protos: 2/0 (search/found)
|
||||
Hash fp custom protos: 1/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ Hash malicious ja4: 0/0 (search/found)
|
|||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 1/0 (search/found)
|
||||
Hash public domain suffix: 0/0 (search/found)
|
||||
Hash ja4 custom protos: 0/0 (search/found)
|
||||
Hash ja4 custom protos: 1/0 (search/found)
|
||||
Hash fp custom protos: 0/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ Patricia risk: 1/0 (search/found)
|
|||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 2/0 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 1/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 0/0 (search/found)
|
||||
Hash public domain suffix: 0/0 (search/found)
|
||||
|
|
|
|||
|
|
@ -19,11 +19,11 @@ Patricia risk: 0/0 (search/found)
|
|||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 2/0 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 1/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 1/1 (search/found)
|
||||
Hash public domain suffix: 0/0 (search/found)
|
||||
Hash ja4 custom protos: 1/0 (search/found)
|
||||
Hash ja4 custom protos: 2/0 (search/found)
|
||||
Hash fp custom protos: 1/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -19,11 +19,11 @@ Patricia risk: 0/0 (search/found)
|
|||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 1/1 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 1/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 1/1 (search/found)
|
||||
Hash public domain suffix: 9/5 (search/found)
|
||||
Hash ja4 custom protos: 1/0 (search/found)
|
||||
Hash ja4 custom protos: 2/0 (search/found)
|
||||
Hash fp custom protos: 1/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -19,11 +19,11 @@ Patricia risk: 0/0 (search/found)
|
|||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 1/1 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 1/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 1/0 (search/found)
|
||||
Hash TCP fingerprints: 1/1 (search/found)
|
||||
Hash public domain suffix: 2/2 (search/found)
|
||||
Hash ja4 custom protos: 1/0 (search/found)
|
||||
Hash ja4 custom protos: 2/0 (search/found)
|
||||
Hash fp custom protos: 1/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -19,11 +19,11 @@ Patricia risk: 0/0 (search/found)
|
|||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 68/0 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 34/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 3/0 (search/found)
|
||||
Hash TCP fingerprints: 0/0 (search/found)
|
||||
Hash public domain suffix: 311/177 (search/found)
|
||||
Hash ja4 custom protos: 34/0 (search/found)
|
||||
Hash ja4 custom protos: 68/0 (search/found)
|
||||
Hash fp custom protos: 34/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -19,11 +19,11 @@ Patricia risk: 0/0 (search/found)
|
|||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 5/5 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 3/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 2/0 (search/found)
|
||||
Hash TCP fingerprints: 5/3 (search/found)
|
||||
Hash public domain suffix: 29/16 (search/found)
|
||||
Hash ja4 custom protos: 3/0 (search/found)
|
||||
Hash ja4 custom protos: 8/0 (search/found)
|
||||
Hash fp custom protos: 3/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -19,11 +19,11 @@ Patricia risk: 0/0 (search/found)
|
|||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 2/0 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 1/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 1/1 (search/found)
|
||||
Hash public domain suffix: 0/0 (search/found)
|
||||
Hash ja4 custom protos: 1/0 (search/found)
|
||||
Hash ja4 custom protos: 2/0 (search/found)
|
||||
Hash fp custom protos: 1/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ Patricia risk: 0/0 (search/found)
|
|||
Patricia risk IPv6: 2/0 (search/found)
|
||||
Patricia protocols: 0/0 (search/found)
|
||||
Patricia protocols IPv6: 4/0 (search/found)
|
||||
Hash malicious ja4: 1/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 0/0 (search/found)
|
||||
Hash public domain suffix: 0/0 (search/found)
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ Patricia risk: 0/0 (search/found)
|
|||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 2/0 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 1/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 0/0 (search/found)
|
||||
Hash public domain suffix: 9/5 (search/found)
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ Hash malicious ja4: 0/0 (search/found)
|
|||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 1/0 (search/found)
|
||||
Hash public domain suffix: 0/0 (search/found)
|
||||
Hash ja4 custom protos: 0/0 (search/found)
|
||||
Hash ja4 custom protos: 1/0 (search/found)
|
||||
Hash fp custom protos: 0/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ Patricia risk: 0/0 (search/found)
|
|||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 5/1 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 6/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 0/0 (search/found)
|
||||
Hash public domain suffix: 0/0 (search/found)
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ Patricia risk: 1/0 (search/found)
|
|||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 2/0 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 2/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 1/0 (search/found)
|
||||
Hash TCP fingerprints: 0/0 (search/found)
|
||||
Hash public domain suffix: 0/0 (search/found)
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ Patricia risk: 0/0 (search/found)
|
|||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 2/2 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 4/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 2/0 (search/found)
|
||||
Hash TCP fingerprints: 0/0 (search/found)
|
||||
Hash public domain suffix: 15/15 (search/found)
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ Patricia risk: 1/0 (search/found)
|
|||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 2/0 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 4/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 0/0 (search/found)
|
||||
Hash public domain suffix: 0/0 (search/found)
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ Patricia risk: 1/0 (search/found)
|
|||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 2/0 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 2/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 0/0 (search/found)
|
||||
Hash public domain suffix: 0/0 (search/found)
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ Hash malicious ja4: 0/0 (search/found)
|
|||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 1/0 (search/found)
|
||||
Hash public domain suffix: 0/0 (search/found)
|
||||
Hash ja4 custom protos: 0/0 (search/found)
|
||||
Hash ja4 custom protos: 1/0 (search/found)
|
||||
Hash fp custom protos: 0/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ Hash malicious ja4: 0/0 (search/found)
|
|||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 3/0 (search/found)
|
||||
Hash public domain suffix: 0/0 (search/found)
|
||||
Hash ja4 custom protos: 0/0 (search/found)
|
||||
Hash ja4 custom protos: 7/0 (search/found)
|
||||
Hash fp custom protos: 0/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ Hash malicious ja4: 0/0 (search/found)
|
|||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 1/0 (search/found)
|
||||
Hash public domain suffix: 0/0 (search/found)
|
||||
Hash ja4 custom protos: 0/0 (search/found)
|
||||
Hash ja4 custom protos: 1/0 (search/found)
|
||||
Hash fp custom protos: 0/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -19,11 +19,11 @@ Patricia risk: 0/0 (search/found)
|
|||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 10/2 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 2/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 1/0 (search/found)
|
||||
Hash TCP fingerprints: 6/6 (search/found)
|
||||
Hash public domain suffix: 30/30 (search/found)
|
||||
Hash ja4 custom protos: 2/0 (search/found)
|
||||
Hash ja4 custom protos: 5/0 (search/found)
|
||||
Hash fp custom protos: 2/0 (search/found)
|
||||
Hash url custom protos: 3/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ Patricia risk: 0/0 (search/found)
|
|||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 3/3 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 3/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 0/0 (search/found)
|
||||
Hash public domain suffix: 0/0 (search/found)
|
||||
|
|
|
|||
|
|
@ -19,11 +19,11 @@ Patricia risk: 0/0 (search/found)
|
|||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 2/2 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 2/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 1/0 (search/found)
|
||||
Hash TCP fingerprints: 2/2 (search/found)
|
||||
Hash public domain suffix: 13/9 (search/found)
|
||||
Hash ja4 custom protos: 2/0 (search/found)
|
||||
Hash ja4 custom protos: 4/0 (search/found)
|
||||
Hash fp custom protos: 2/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -21,11 +21,11 @@ Patricia risk: 1/0 (search/found)
|
|||
Patricia risk IPv6: 1/0 (search/found)
|
||||
Patricia protocols: 20/2 (search/found)
|
||||
Patricia protocols IPv6: 2/0 (search/found)
|
||||
Hash malicious ja4: 1/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 3/0 (search/found)
|
||||
Hash public domain suffix: 35/21 (search/found)
|
||||
Hash ja4 custom protos: 1/0 (search/found)
|
||||
Hash ja4 custom protos: 4/0 (search/found)
|
||||
Hash fp custom protos: 1/0 (search/found)
|
||||
Hash url custom protos: 1/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ Hash malicious ja4: 0/0 (search/found)
|
|||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 3/0 (search/found)
|
||||
Hash public domain suffix: 0/0 (search/found)
|
||||
Hash ja4 custom protos: 0/0 (search/found)
|
||||
Hash ja4 custom protos: 3/0 (search/found)
|
||||
Hash fp custom protos: 0/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ Hash malicious ja4: 0/0 (search/found)
|
|||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 1/0 (search/found)
|
||||
Hash public domain suffix: 16/10 (search/found)
|
||||
Hash ja4 custom protos: 0/0 (search/found)
|
||||
Hash ja4 custom protos: 1/0 (search/found)
|
||||
Hash fp custom protos: 0/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
|
|
@ -19,11 +19,11 @@ Patricia risk: 0/0 (search/found)
|
|||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 12/0 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 6/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 0/0 (search/found)
|
||||
Hash TCP fingerprints: 6/0 (search/found)
|
||||
Hash public domain suffix: 132/78 (search/found)
|
||||
Hash ja4 custom protos: 6/0 (search/found)
|
||||
Hash ja4 custom protos: 12/0 (search/found)
|
||||
Hash fp custom protos: 6/0 (search/found)
|
||||
Hash url custom protos: 0/0 (search/found)
|
||||
|
||||
|
|
|
|||
Some files were not shown because too many files have changed in this diff Show more
Loading…
Add table
Add a link
Reference in a new issue