Added NDPI_HTTP_SUSPICIOUS_USER_AGENT ndpi_risk

author: Luca Deri <deri@ntop.org> 2020-05-15 19:19:17 +0200
committer: Luca Deri <deri@ntop.org> 2020-05-15 19:19:17 +0200
commit: e90c5c7c3223d033467aa359d8b1e264f961fde1 (patch)
tree: 2adf23c16d38695188805f8a913e1023d0d0b5a9
parent: 7dfbfff743aaae57691ade003066aeca632e5d49 (diff)
6 files changed, 30 insertions, 8 deletions
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index b11713d2f..10d150877 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -62,6 +62,7 @@ typedef enum {
   NDPI_TLS_WEAK_CIPHER,
   NDPI_TLS_CERTIFICATE_EXPIRED,
   NDPI_TLS_CERTIFICATE_MISMATCH,
+  NDPI_HTTP_SUSPICIOUS_USER_AGENT,
   
   /* Leave this as last member */
   NDPI_MAX_RISK
diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c
index 1f8e68937..f2c2c2bc9 100644
--- a/src/lib/ndpi_utils.c
+++ b/src/lib/ndpi_utils.c
@@ -1437,6 +1437,9 @@ const char* ndpi_risk2str(ndpi_risk risk) {
     
   case NDPI_TLS_CERTIFICATE_MISMATCH:
     return("TLS Certificate Mismatch");
+
+  case NDPI_HTTP_SUSPICIOUS_USER_AGENT:
+    return("HTTP Suspicious User-Agent");
     
   default:  
     return("");
diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c
index e050a69a8..1c81f8cfb 100644
--- a/src/lib/protocols/http.c
+++ b/src/lib/protocols/http.c
@@ -214,7 +214,6 @@ static void setHttpUserAgent(struct ndpi_detection_module_struct *ndpi_struct,
   /* Good reference for future implementations:
    * https://github.com/ua-parser/uap-core/blob/master/regexes.yaml */
 
-  //printf("==> %s\n", ua);
   snprintf((char*)flow->protos.http.detected_os,
 	   sizeof(flow->protos.http.detected_os), "%s", ua);  
 }
@@ -236,6 +235,23 @@ static void ndpi_http_parse_subprotocol(struct ndpi_detection_module_struct *ndp
 
 /* ************************************************************* */
 
+static void ndpi_check_user_agent(struct ndpi_detection_module_struct *ndpi_struct,
+				  struct ndpi_flow_struct *flow,
+				  char *ua) {
+  if((!ua) || (ua[0] == '\0')) return;
+
+  // printf("[%s:%d] ==> '%s'\n", __FILE__, __LINE__, ua);
+  
+  if((strlen(ua) < 4)
+     || (!strcmp(ua, "test"))
+     || (!strcmp(ua, "<?"))
+     || ndpi_match_bigram(ndpi_struct, &ndpi_struct->bigrams_automa, ua)) {
+    NDPI_SET_BIT_16(flow->risk, NDPI_HTTP_SUSPICIOUS_USER_AGENT);
+  }
+}
+
+/* ************************************************************* */
+
 /**
    NOTE
    ndpi_parse_packet_line_info is in ndpi_main.c
@@ -300,7 +316,7 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_
 
       strncpy(ua, (const char *)packet->user_agent_line.ptr, mlen);
       ua[mlen] = '\0';
-
+      
       if(strncmp(ua, "Mozilla", 7) == 0) {
 	char *parent = strchr(ua, '(');
 
@@ -360,6 +376,8 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_
 	strncpy(flow->http.user_agent, (char*)packet->user_agent_line.ptr,
 		packet->user_agent_line.len);
 	flow->http.user_agent[packet->user_agent_line.len] = '\0';
+
+	ndpi_check_user_agent(ndpi_struct, flow, flow->http.user_agent);
       }
     }
 
diff --git a/tests/result/EAQ.pcap.out b/tests/result/EAQ.pcap.out
index f4b22e2b0..61e896315 100644
--- a/tests/result/EAQ.pcap.out
+++ b/tests/result/EAQ.pcap.out
@@ -1,8 +1,8 @@
 Google	23	11743	2
 EAQ	174	10092	29
 
-	1	TCP 10.8.0.1:40467 <-> 173.194.119.24:80 [proto: 7.126/HTTP.Google][cat: Web/5][8 pkts/591 bytes <-> 6 pkts/9998 bytes][Goodput ratio: 23/97][0.51 sec][Host: www.google.com.br][bytes ratio: -0.888 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/8 76/114 400/349 146/137][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 74/1666 193/2818 45/1240][URL: www.google.com.br/?gfe_rd=cr&ei=1BxnVcP9OKKk8we50oDAAg[StatusCode: 200][ContentType: text/html][UserAgent: test][PLAIN TEXT (we50oDAAg HTTP/1.1)]
-	2	TCP 10.8.0.1:53497 <-> 173.194.119.48:80 [proto: 7.126/HTTP.Google][cat: Web/5][5 pkts/390 bytes <-> 4 pkts/764 bytes][Goodput ratio: 26/72][0.20 sec][Host: www.google.com][bytes ratio: -0.324 (Download)][IAT c2s/s2c min/avg/max/stddev: 6/10 51/50 139/89 54/40][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 78/191 154/602 39/237][URL: www.google.com/[StatusCode: 302][ContentType: text/html][UserAgent: test][PLAIN TEXT (GET / HTTP/1.1)]
+	1	TCP 10.8.0.1:40467 <-> 173.194.119.24:80 [proto: 7.126/HTTP.Google][cat: Web/5][8 pkts/591 bytes <-> 6 pkts/9998 bytes][Goodput ratio: 23/97][0.51 sec][Host: www.google.com.br][bytes ratio: -0.888 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/8 76/114 400/349 146/137][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 74/1666 193/2818 45/1240][URL: www.google.com.br/?gfe_rd=cr&ei=1BxnVcP9OKKk8we50oDAAg[StatusCode: 200][ContentType: text/html][UserAgent: test][Risk: ** HTTP Suspicious User-Agent **][PLAIN TEXT (we50oDAAg HTTP/1.1)]
+	2	TCP 10.8.0.1:53497 <-> 173.194.119.48:80 [proto: 7.126/HTTP.Google][cat: Web/5][5 pkts/390 bytes <-> 4 pkts/764 bytes][Goodput ratio: 26/72][0.20 sec][Host: www.google.com][bytes ratio: -0.324 (Download)][IAT c2s/s2c min/avg/max/stddev: 6/10 51/50 139/89 54/40][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 78/191 154/602 39/237][URL: www.google.com/[StatusCode: 302][ContentType: text/html][UserAgent: test][Risk: ** HTTP Suspicious User-Agent **][PLAIN TEXT (GET / HTTP/1.1)]
 	3	UDP 10.8.0.1:39185 <-> 200.194.132.67:6000 [proto: 190/EAQ][cat: Network/14][5 pkts/290 bytes <-> 5 pkts/290 bytes][Goodput ratio: 27/27][86.62 sec][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 21509/21499 21642/21642 21860/21869 132/138][Pkt Len c2s/s2c min/avg/max/stddev: 58/58 58/58 58/58 0/0]
 	4	UDP 10.8.0.1:42620 <-> 200.194.148.66:6000 [proto: 190/EAQ][cat: Network/14][5 pkts/290 bytes <-> 5 pkts/290 bytes][Goodput ratio: 27/27][85.30 sec][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 20533/20540 21310/21310 21609/21619 450/446][Pkt Len c2s/s2c min/avg/max/stddev: 58/58 58/58 58/58 0/0]
 	5	UDP 10.8.0.1:43641 <-> 200.194.148.68:6000 [proto: 190/EAQ][cat: Network/14][5 pkts/290 bytes <-> 5 pkts/290 bytes][Goodput ratio: 27/27][85.29 sec][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 20541/20540 21310/21304 21618/21649 445/445][Pkt Len c2s/s2c min/avg/max/stddev: 58/58 58/58 58/58 0/0]
diff --git a/tests/result/exe_download.pcap.out b/tests/result/exe_download.pcap.out
index cfb74a3d3..79a3fb4e5 100644
--- a/tests/result/exe_download.pcap.out
+++ b/tests/result/exe_download.pcap.out
@@ -1,3 +1,3 @@
 HTTP	703	717463	1
 
-	1	TCP 10.9.25.101:49165 <-> 144.91.69.195:80 [proto: 7/HTTP][cat: Download-FileTransfer-FileSharing/7][203 pkts/11127 bytes <-> 500 pkts/706336 bytes][Goodput ratio: 1/96][5.18 sec][Host: 144.91.69.195][bytes ratio: -0.969 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 23/9 319/365 49/37][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 55/1413 207/1514 11/134][URL: 144.91.69.195/solar.php[StatusCode: 200][ContentType: application/octet-stream][UserAgent: pwtyyEKzNtGatwnJjmCcBLbOveCVpc][Risk: ** Binary application transfer **][PLAIN TEXT (GET /solar.php HTTP/1.1)]
+	1	TCP 10.9.25.101:49165 <-> 144.91.69.195:80 [proto: 7/HTTP][cat: Download-FileTransfer-FileSharing/7][203 pkts/11127 bytes <-> 500 pkts/706336 bytes][Goodput ratio: 1/96][5.18 sec][Host: 144.91.69.195][bytes ratio: -0.969 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 23/9 319/365 49/37][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 55/1413 207/1514 11/134][URL: 144.91.69.195/solar.php[StatusCode: 200][ContentType: application/octet-stream][UserAgent: pwtyyEKzNtGatwnJjmCcBLbOveCVpc][Risk: ** Binary application transfer **** HTTP Suspicious User-Agent **][PLAIN TEXT (GET /solar.php HTTP/1.1)]
diff --git a/tests/result/pps.pcap.out b/tests/result/pps.pcap.out
index 65302b696..46bac10d4 100644
--- a/tests/result/pps.pcap.out
+++ b/tests/result/pps.pcap.out
@@ -12,7 +12,7 @@ Google	2	1093	1
 	7	TCP 192.168.115.8:50476 <-> 101.227.32.39:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/656 bytes <-> 4 pkts/3897 bytes][Goodput ratio: 92/94][0.04 sec][Host: cache.video.iqiyi.com][URL: cache.video.iqiyi.com/vi/500494600/562e26caed5695900212eb3259070f8a/?src=1_11_114[StatusCode: 200][PLAIN TEXT (GET /vi/500494600/562)]
 	8	TCP 192.168.115.8:50495 <-> 202.108.14.236:80 [proto: 7/HTTP][cat: Streaming/17][3 pkts/2844 bytes <-> 3 pkts/597 bytes][Goodput ratio: 94/73][0.55 sec][Host: msg.71.am][bytes ratio: 0.653 (Upload)][IAT c2s/s2c min/avg/max/stddev: 117/118 216/217 315/316 99/99][Pkt Len c2s/s2c min/avg/max/stddev: 946/199 948/199 952/199 3/0][URL: msg.71.am/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:23:23|45&av=4.10.004&b=180932301&c=31&ct=5000000927558&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000858874&oi=&p=a&pp=&rc=&rd=&[StatusCode: 200][UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR ][PLAIN TEXT (GET /cp)]
 	9	TCP 77.234.41.35:80 <-> 192.168.115.8:49174 [proto: 7/HTTP][cat: Web/5][4 pkts/2953 bytes <-> 1 pkts/356 bytes][Goodput ratio: 93/85][0.24 sec][PLAIN TEXT (HTTP/1.1 200 OK)]
-	10	TCP 192.168.115.8:50767 <-> 223.26.106.20:80 [proto: 7/HTTP][cat: Streaming/17][4 pkts/800 bytes <-> 4 pkts/2112 bytes][Goodput ratio: 73/90][0.09 sec][Host: static.qiyi.com][bytes ratio: -0.451 (Download)][IAT c2s/s2c min/avg/max/stddev: 19/19 27/27 34/35 6/7][Pkt Len c2s/s2c min/avg/max/stddev: 198/526 200/528 202/530 2/2][URL: static.qiyi.com/ext/common/qisu2/masauto.ini[StatusCode: 200][UserAgent: masauto_runxx][PLAIN TEXT (GET /ext/common/qisu2/masauto.i)]
+	10	TCP 192.168.115.8:50767 <-> 223.26.106.20:80 [proto: 7/HTTP][cat: Streaming/17][4 pkts/800 bytes <-> 4 pkts/2112 bytes][Goodput ratio: 73/90][0.09 sec][Host: static.qiyi.com][bytes ratio: -0.451 (Download)][IAT c2s/s2c min/avg/max/stddev: 19/19 27/27 34/35 6/7][Pkt Len c2s/s2c min/avg/max/stddev: 198/526 200/528 202/530 2/2][URL: static.qiyi.com/ext/common/qisu2/masauto.ini[StatusCode: 200][UserAgent: masauto_runxx][Risk: ** HTTP Suspicious User-Agent **][PLAIN TEXT (GET /ext/common/qisu2/masauto.i)]
 	11	TCP 192.168.115.8:50488 <-> 223.26.106.20:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/311 bytes <-> 2 pkts/2035 bytes][Goodput ratio: 82/95][0.06 sec][Host: meta.video.qiyi.com][URL: meta.video.qiyi.com/20160625/a5/bf/413f91ad101e780a6b63f826e28b9920.xml[StatusCode: 200][UserAgent: QY-Player-Windows/2.0.102][PLAIN TEXT (GET /20160625/a)]
 	12	TCP 192.168.115.8:50471 <-> 202.108.14.236:80 [proto: 7/HTTP][cat: Streaming/17][2 pkts/1898 bytes <-> 2 pkts/398 bytes][Goodput ratio: 94/73][2.78 sec][Host: msg.71.am][URL: msg.71.am/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=1||71000001||5000000858874||5000000927558||roll&as=&av=4.10.004&b=180932301&c=31&ct=&d=2175&di=&dp=&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=&oi=&p=t&pp=&rc=-1[StatusCode: 200][UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR ][PLAIN TEXT (GET /cp)]
 	13	TCP 192.168.115.8:50501 <-> 202.108.14.236:80 [proto: 7/HTTP][cat: Streaming/17][2 pkts/1893 bytes <-> 1 pkts/199 bytes][Goodput ratio: 94/73][7.29 sec][Host: msg.71.am][URL: msg.71.am/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:45:23|45&av=4.10.004&b=180932301&c=31&ct=5000000923447&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000854934&oi=&p=a&pp=&rc=&rd=&[StatusCode: 200][UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR ][PLAIN TEXT (GET /cp)]
@@ -53,11 +53,11 @@ Google	2	1093	1
 	48	TCP 192.168.115.8:50774 <-> 202.108.14.219:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/587 bytes <-> 1 pkts/199 bytes][Goodput ratio: 91/73][0.13 sec][Host: msg.71.am][URL: msg.71.am/core?t=11&ct=adend&reset=0&ra=1&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=31&r=479531000&aid=180932301&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=Windows%207&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353195&islocal=0&as=0311c5a0d5596063db5[StatusCode: 200][UserAgent: QY-Player-Windows/2.0.102][PLAIN TEXT (GET /core)]
 	49	TCP 192.168.115.8:50469 <-> 202.108.14.219:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/573 bytes <-> 1 pkts/199 bytes][Goodput ratio: 90/73][0.15 sec][Host: msg.71.am][URL: msg.71.am/core?t=5&a=2&ra=1&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=31&r=479531000&aid=180932301&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=Windows%207&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353139&islocal=0&as=0311c5a0d5596063db5944bd76b6cbff&[StatusCode: 200][UserAgent: QY-Player-Windows/2.0.102][PLAIN TEXT (GET /core)]
 	50	TCP 192.168.115.8:50482 <-> 140.205.243.64:80 [proto: 7/HTTP][cat: Web/5][1 pkts/444 bytes <-> 1 pkts/283 bytes][Goodput ratio: 88/81][0.09 sec][Host: cmc.tanx.com][URL: cmc.tanx.com/andc?andc_uid=6693851615885049011&andc_ver=1[StatusCode: 200][UserAgent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)][PLAIN TEXT (GET /andc)]
-	51	TCP 192.168.115.8:50768 <-> 223.26.106.19:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/198 bytes <-> 1 pkts/526 bytes][Goodput ratio: 72/90][0.00 sec][Host: static.qiyi.com][URL: static.qiyi.com/ext/common/qisu2/masblog.ini[StatusCode: 200][UserAgent: masblog_runxx][PLAIN TEXT (GET /ext/common/qisu2/masblog.i)]
+	51	TCP 192.168.115.8:50768 <-> 223.26.106.19:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/198 bytes <-> 1 pkts/526 bytes][Goodput ratio: 72/90][0.00 sec][Host: static.qiyi.com][URL: static.qiyi.com/ext/common/qisu2/masblog.ini[StatusCode: 200][UserAgent: masblog_runxx][Risk: ** HTTP Suspicious User-Agent **][PLAIN TEXT (GET /ext/common/qisu2/masblog.i)]
 	52	TCP 192.168.5.15:65128 <-> 68.233.253.133:80 [proto: 7/HTTP][cat: Web/5][1 pkts/331 bytes <-> 1 pkts/390 bytes][Goodput ratio: 80/83][0.22 sec][Host: api.magicansoft.com][URL: api.magicansoft.com/comMagicanApi/composite/app.php/Global/Index/ip[StatusCode: 502][UserAgent: Magican (unknown version) CFNetwork/720.5.7 Darwin/14.5.0 (x86_64)][PLAIN TEXT (GET /comMagicanApi/composite/ap)]
 	53	TCP 192.168.115.8:50509 <-> 106.38.219.107:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/163 bytes <-> 2 pkts/557 bytes][Goodput ratio: 66/80][0.09 sec][Host: iplocation.geo.qiyi.com][URL: iplocation.geo.qiyi.com/cityjson[StatusCode: 200][UserAgent: QYAgent_runxx][PLAIN TEXT (GET /cityjson HTTP/1.1)]
 	54	TCP 192.168.5.15:65127 <-> 68.233.253.133:80 [proto: 7/HTTP][cat: Web/5][1 pkts/323 bytes <-> 1 pkts/390 bytes][Goodput ratio: 79/83][0.21 sec][Host: api.magicansoft.com][URL: api.magicansoft.com/comMagicanApi/index.php/ToolBox/version[StatusCode: 502][UserAgent: Magican (unknown version) CFNetwork/720.5.7 Darwin/14.5.0 (x86_64)][PLAIN TEXT (GET /comMagicanApi/index.php/To)]
-	55	TCP 192.168.115.8:50766 <-> 223.26.106.20:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/198 bytes <-> 1 pkts/493 bytes][Goodput ratio: 72/89][0.00 sec][Host: static.qiyi.com][URL: static.qiyi.com/ext/common/qisu2/masflag.ini[StatusCode: 200][UserAgent: masflag_runxx][PLAIN TEXT (GET /ext/common/qisu2/masflag.i)]
+	55	TCP 192.168.115.8:50766 <-> 223.26.106.20:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/198 bytes <-> 1 pkts/493 bytes][Goodput ratio: 72/89][0.00 sec][Host: static.qiyi.com][URL: static.qiyi.com/ext/common/qisu2/masflag.ini[StatusCode: 200][UserAgent: masflag_runxx][Risk: ** HTTP Suspicious User-Agent **][PLAIN TEXT (GET /ext/common/qisu2/masflag.i)]
 	56	TCP 192.168.115.8:50487 -> 202.108.14.219:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/683 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][Host: msg.71.am][URL: msg.71.am/core?t=2&chipid=Intel%28R%29%20Core%28TM%29%20i5%2D2557M%20CPU%20%40%201%2E70GHz&tm=15&ra=1&ishcdn=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E[StatusCode: 0][UserAgent: QY-Player-Windows/2.0.102][PLAIN TEXT (GET /core)]
 	57	TCP 192.168.115.8:50489 <-> 119.188.13.188:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/253 bytes <-> 1 pkts/430 bytes][Goodput ratio: 78/87][0.04 sec][Host: pdata.video.qiyi.com][URL: pdata.video.qiyi.com/k[StatusCode: 200][UserAgent: QY-Player-Windows/2.0.102][PLAIN TEXT (GET /k HTTP/1.1)]
 	58	TCP 192.168.115.8:50772 <-> 123.125.111.70:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/399 bytes <-> 1 pkts/275 bytes][Goodput ratio: 86/80][0.14 sec][Host: nl.rcd.iqiyi.com][URL: nl.rcd.iqiyi.com/apis/urc/setrc?ckuid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&tvId=479531000&videoPlayTime=-1&addtime=1467353195&terminalId=12&vType=0&com=2&ppsTvidType=2&agent_type=30[StatusCode: 200][UserAgent: Qiyi List Client PC 5.2.15.2240][PLAIN TEXT (GET /apis/urc/setrc)]
author	Luca Deri <deri@ntop.org>	2020-05-15 19:19:17 +0200
committer	Luca Deri <deri@ntop.org>	2020-05-15 19:19:17 +0200
commit	e90c5c7c3223d033467aa359d8b1e264f961fde1 (patch)
tree	2adf23c16d38695188805f8a913e1023d0d0b5a9
parent	7dfbfff743aaae57691ade003066aeca632e5d49 (diff)