1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
DPI Packets (TCP): 19 (2.71 pkts/flow)
Confidence DPI : 7 (flows)
Num dissector calls: 615 (87.86 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)
LRU cache tls_cert: 0/0/0 (insert/search/found)
LRU cache mining: 0/0/0 (insert/search/found)
LRU cache msteams: 0/0/0 (insert/search/found)
LRU cache fpc_dns: 0/7/0 (insert/search/found)
Automa host: 1/0 (search/found)
Automa domain: 1/0 (search/found)
Automa tls cert: 0/0 (search/found)
Automa risk mask: 1/0 (search/found)
Automa common alpns: 0/0 (search/found)
Patricia risk mask: 4/0 (search/found)
Patricia risk mask IPv6: 0/0 (search/found)
Patricia risk: 0/0 (search/found)
Patricia risk IPv6: 0/0 (search/found)
Patricia protocols: 11/4 (search/found)
Patricia protocols IPv6: 0/0 (search/found)
Xiaomi 52 11467 7
Acceptable 52 11467 7
1 TCP 192.168.2.100:45106 <-> 18.193.233.122:5222 [proto: 287/Xiaomi][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 4][cat: Web/5][8 pkts/2061 bytes <-> 7 pkts/1063 bytes][Goodput ratio: 74/56][359.14 sec][Hostname/SNI: fr-app-chat-global-xiaomi-net2-2117517874.eu-central-1.elb.amazonaws.com][bytes ratio: 0.319 (Upload)][IAT c2s/s2c min/avg/max/stddev: 7/1 59816/100 358553/211 133599/79][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 258/152 1014/488 311/142][User-Agent: Redmi Note 8T][Risk: ** Susp Entropy **** Probing attempt **][Risk Score: 60][Risk Info: Entropy: 5.758 (Executable?) / TCP connection with unidirectional traffic][PLAIN TEXT (xiaomi.com)][Plen Bins: 14,0,14,14,0,0,14,0,0,0,14,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
2 TCP 192.168.2.100:37708 <-> 3.127.176.74:5222 [proto: 287/Xiaomi][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 4][cat: Web/5][8 pkts/1983 bytes <-> 7 pkts/641 bytes][Goodput ratio: 73/27][455.15 sec][Hostname/SNI: fr-app-chat-global-xiaomi-net1-1667981913.eu-central-1.elb.amazonaws.com][bytes ratio: 0.511 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/0 75808/90740 453408/453409 168869/181335][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 248/92 999/171 303/39][User-Agent: Redmi Note 9 Pro][Risk: ** Susp Entropy **** Probing attempt **][Risk Score: 60][Risk Info: Entropy: 5.872 (Executable?) / TCP connection with unidirectional traffic][PLAIN TEXT (xiaomi.com)][Plen Bins: 16,0,16,16,0,0,0,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
3 TCP 115.164.74.232:5222 <-> 192.168.247.13:38018 [proto: 287/Xiaomi][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: Web/5][4 pkts/456 bytes <-> 3 pkts/1283 bytes][Goodput ratio: 40/85][149.32 sec][Hostname/SNI: 47.241.35.73][bytes ratio: -0.476 (Download)][IAT c2s/s2c min/avg/max/stddev: 143/153 49772/74586 149015/149020 70175/74434][Pkt Len c2s/s2c min/avg/max/stddev: 74/78 114/428 172/980 41/395][User-Agent: M2010J19SG][Risk: ** Susp Entropy **** Probing attempt **][Risk Score: 60][Risk Info: Entropy: 5.561 (Executable?) / TCP connection with unidirectional traffic][PLAIN TEXT (xiaomi.com)][Plen Bins: 34,0,16,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
4 TCP 97.39.119.172:5222 <-> 192.168.93.59:51488 [proto: 287/Xiaomi][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: Web/5][3 pkts/377 bytes <-> 2 pkts/1249 bytes][Goodput ratio: 45/89][0.25 sec][Hostname/SNI: 47.241.59.87][User-Agent: M2101K7BG][Risk: ** Susp Entropy **** Probing attempt **][Risk Score: 60][Risk Info: Entropy: 5.687 (Executable?) / TCP connection with unidirectional traffic][PLAIN TEXT (xiaomi.com)][Plen Bins: 0,0,25,25,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
5 TCP 115.164.74.232:5222 <-> 192.168.244.219:45904 [proto: 287/Xiaomi][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: Web/5][3 pkts/378 bytes <-> 2 pkts/1244 bytes][Goodput ratio: 45/89][0.26 sec][Hostname/SNI: 47.241.35.73][User-Agent: Redmi Note 9S][Risk: ** Susp Entropy **** Probing attempt **][Risk Score: 60][Risk Info: Entropy: 5.814 (Executable?) / TCP connection with unidirectional traffic][PLAIN TEXT (xiaomi.com)][Plen Bins: 0,0,25,25,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
6 TCP 192.168.2.100:48698 <-> 203.107.1.65:80 [proto: 7.287/HTTP.Xiaomi][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 274/Alibaba, Confidence: IP address][DPI packets: 4][cat: Web/5][3 pkts/530 bytes <-> 1 pkts/66 bytes][Goodput ratio: 66/0][0.49 sec][Hostname/SNI: 203.107.1.65][URL: 203.107.1.65/164566/sign_d?host=appmarket.micloud.xiaomi.net&sdk=android_1.3.3&t=1650284179&s=762f2c07cf9262c61753f45b4117c232&sid=jccM7PF4XY0T&net=wifi&bssid=02%3A00%3A00%3A00%3A00%3A00][User-Agent: Dalvik/2.1.0 (Linux; U; Android 10; Redmi Note 9 Pro MIUI/V12.0.3.0.QJZMIXM)][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Susp Entropy **** Probing attempt **][Risk Score: 70][Risk Info: Found host 203.107.1.65 / Entropy: 5.609 (Executable?) / TCP connection with unidirectional traffic][PLAIN TEXT (GET /164566/sign)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
7 TCP 47.241.7.88:5222 -> 10.52.151.160:39180 [VLAN: 208][proto: 287/Xiaomi][IP: 274/Alibaba][Encrypted][Confidence: DPI][FPC: 274/Alibaba, Confidence: IP address][DPI packets: 1][cat: Web/5][1 pkts/136 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Risk: ** Unidirectional Traffic **** Probing attempt **][Risk Score: 60][Risk Info: No server to client traffic / TCP connection with unidirectional traffic][PLAIN TEXT (xiaomi.com)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|