summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--config24.01.yaml2
1 files changed, 1 insertions, 1 deletions
diff --git a/config24.01.yaml b/config24.01.yaml
index 40dccdd..9439093 100644
--- a/config24.01.yaml
+++ b/config24.01.yaml
@@ -132,7 +132,7 @@ turbovpn:
plugin_name: turbovpn
object_type: ip
confidence: confirmed
- sql: SELECT server_ip FROM {$db_name}.{$table_name} WHERE {$time_filter} AND (app_transition LIKE '%Turbo_Payload%') UNION ALL select server_ip from {$db_name}.{$table_name} WHERE {$time_filter} AND (server_port in (66, 109, 8080, 97, 94, 92, 21, 25, 110, 119, 2000, 2001))  AND decoded_as='BASE' and sent_bytes<1000 AND received_bytes<1000 and sent_pkts<10 and received_pkts<10 and server_asn in ('14061', '21859', '9009', '212238', '16276', '40021', '20473', '174', '138915', '12876') group by server_ip having count(*) >=10
+ sql: SELECT server_ip FROM {$db_name}.{$table_name} WHERE {$time_filter} AND (app_transition LIKE '%Turbo_Payload%') group by server_ip UNION ALL SELECT server_ip FROM {$db_name}.{$table_name} WHERE {$time_filter} AND (server_fqdn ='www.myanmar.com') group by server_ip UNION ALL select server_ip from {$db_name}.{$table_name} WHERE {$time_filter} AND (server_port in (66, 109, 8080, 97, 94, 92, 21, 25, 110, 119, 2000, 2001))  AND decoded_as='BASE' and sent_bytes<1000 AND received_bytes<1000 and sent_pkts<10 and received_pkts<10 and server_asn in ('14061', '21859', '9009', '212238', '16276', '40021', '20473', '174', '138915', '12876') group by server_ip having count(*) >=10
geckovpn:
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-30 18:32:24 +0000