Service change log

Date Change
May 2024 A setting allows to display a list of unique source IP addresses from the analyzed PCAP file in the report has been added to «IP Analyzer».
Added display of relative values ​​on the world map in «IP Analyzer».
Added JA4 statistics output to the text report of «TLS Analyzer».
April 2024 Added a threshold for the number of repetitions of 5-tuple to be included in the «Service Analyzer» report.
A section with the distribution of ClientHello by IP addresses has been added to «TLS Analyzer».
Added the ability to specify a comment for the downloaded file.
A check on the zoomeye service has been added to the tooltip called up by double-clicking on the IP address.
When entering values ​​for analysis, separators are now supported, as in MITIGATOR: comma, space, semicolon, line break.
March 2024 Added «Service Analyzer».
Added output of IP addresses grouped by JA3 fingerprints to «TLS Analyzer».
December 2023 The filter applying logic has been changed for the «Multipurpose Analyser».
«TLS Analyzer» has been accelerated.
October 2023 An interactive report has been added for the «Payload Analyzer».
A setting allows to display filters for tcpdump and tshark that match the regular expression obtained during the analysis in the report has been added to «Payload Analyzer».
A setting allows to display a list of unique source IP addresses from the analyzed PCAP file in the report has been added to «Multipurpose Analyser».
«IP Analyzer» can now only have an interactive report.
«IP Analyzer» has been accelerated.
July 2023 Number of records has been added in AS by IP count and AS by matched IP count sections of the «IP Analyzer» report.
Now in Geo for each IP section of the «Multipurpose Analyser» report displays information on all src_ips of the analyzed file. Previously, information was displayed only if the src_ip share is above 5%.
«IP Analyzer» now supports IP addresses in quotation marks specifying. For example "1.2.3.4".
June 2023 An interactive report has been added for the «Multipurpose Analyser».
Now you can upload file directly on the analysis page by clicking on the “plus” icon.
File selection cancel button has been added.
File upload date and time now showed when selecting a file for analysis.
The sorting in the file selection field for analysis has been changed, now the files in the list are sorted from newest to oldest.
Report creation button has been added on the Reports page.
Generated reports and files in the process of analysis are now displayed on the same Reports page.
The Reports page has become the start page.
The service has been accelerated.
The service logo has been updated.
May 2023 AS by IP count section of the «IP Analyzer» report has been divided into two tabs: distribution by numbers and names of autonomous systems.
Interactive reports JSON export has been added.
Statistics for a text file at the input has been added to «TLS Analyzer».
The ability to use .pcap or .pcapng as input has been added to «IP Analyzer».
April 2023 Disabling the display of fields in the Approved fingerprints table has been added to the interactive report for «TLS Analyzer».
Similar fingerprints highlighting has been added to the interactive report for «TLS Analyzer».
A domain name occurrence frequency distribution table has been added to the «TLS Analyzer».
A distribution table by the number of unique IP addresses accessing a specific SNI has been added to the «TLS Analyzer».
A JA3 fingerprint distribution table for each SNI indicating the number of occurrences of a fingerprint has been added to the «TLS Analyzer».
A distribution table of the loaded list IP addresses by the names of autonomous systems has been added to the «IP Analyzer».
Unique countries number has been added in the Geo for each IP and Countries by IP count sections of the «IP Analyzer».
Pagination has been added to the Uploads page.
March 2023 An interactive report has been added for the “TLS Analyzer”.
The check against a shortened list of reputation lists has been added for the “IP Analyzer”.
The background color to render content visualization in grayscale has been changed for the “Multipurpose Analyser”.
New database has been added for the “TLS Analyzer” to search for JA3-fullstring matches by MD5 hash.
February 2023 The interface has been completely translated into English.
Export of tables from IP analysis to CSV has been added.
The mechanism for exporting interactive reports to HTML has been reworked.
Statistics on unique IP addresses, prefixes and endpoints (IP address+ port) has been updated.
Top output for the Countries by IP count and AS by IP count sections of the «IP Analyzer» report has been added.
Pagination has been added to the Reports page.
Icon to call the documentation on the service operation has been added.
An interactive heat map of the distribution of analyzed IP addresses has been added in the Geo section of the «IP Analyzer» report.
The presentation of summary statistics for the analyzed file in the «IP Analyzer» report has been changed.
The list of analyzed feeds with JA3 fingerprints has been expanded in «TLS Analyzer».
January 2023 Filtration by country has been added to the analysis method “IP Analyzer” report.
The loading progress indicator has been added to “IP Analyzer” report.
Sound notification about the analysis end has been added.
At the end of the analysis, the browser`s tab favicon changes.
December 2022 Web interface has been updated.
An interactive report has been added for the “IP Analyzer”.
The “IP List Analysis” results report can now be exported to HTML.
New feeds have been added to the sources for checking against reputation lists from the statistics service.
In the report for the analysis method “TLS Analyzer” an optional output of all User Agents for each analyzed JA3 fingerprint has been added.
In the report for the analysis method “TLS Analyzer” an optional verification of JA3 fingerprints against reputation lists has been added.
October 2022 Performance of the “IP Analyzer” has been improved.
August 2022 Content visualization for “Multipurpose Analyser” is now displayed in the browser window.
July 2022 User input of IP addresses, UserAgents and JA3 fingerprints added.
A choice of reputation lists against which IP addresses from the dump are checked added in “Multipurpose Analyser”.
In the “Multipurpose Analyser” report a section with a list of IP-addresses noted at least in one of the reputation lists is added.
May 2022 The output of “Multipurpose Analyser” report on reputation lists is consistent with the output for “IP Analyzer”.
April 2022 A banner with the name of the service and a list of parameters with which the analysis was launched has been added to the beginning of reports for all analysis methods.
March 2022 The functionality of “IP Analyzer” has been expanded. New sections of the report have been added. The ability to choose which sections to include in the final report has been added.
A new way of analysis “ACL Rules Generator” added.
February 2022 Added analysis method “IP Analyzer”.
December 2021 The “Multipurpose Analyser” report now lists the names of all L4 protocols. The number of packets and the proportion of the total number of packets for the protocol is indicated even if the five percent threshold is not exceeded.
Signature generation in “Multipurpose Analyser” is now performed only for packets with a zero offset value in the IP header.
The “Multipurpose Analyser” report shows the distribution of fragmented packets with a non-zero IP header offset and the number of unique non-zero offsets.
Hints for the “Multipurpose Analyser” fields appear when you hover over the fields themselves.
November 2021 Added generation of signatures for similar packages in “Multipurpose Analyser”.
October 2021 The color scheme of the lengthgram has been updated.
Added DTLS analysis to “Multipurpose Analyser”.
September 2021 Analysis by DNS query and DNS response for TCP and UDP has been added to “Multipurpose Analyser” mode.
Added MD5 hash for TLS to the “Multipurpose Analyser” report.
The “Multipurpose Analyser” report does not display the names of sections for which there was no analysis.
The maximum length of a lengthgram is limited.
June 2021 Added sampling to build visualization.
(Change log A multi-threaded signature generation algorithm has been implemented.
start ) Added TLS section to the “Multipurpose Analyser” report.