Just like it's original counterpart, the record is a CNAME out to an AWS ELB
May 4 11:31:50 dnsmasq[26416]: reply fr.app.chat.global.xiaomi.net is <CNAME>
May 4 11:31:50 dnsmasq[26416]: reply fr-app-chat-global-xiaomi-net-1516654448.eu-central-1.elb.amazonaws.com is 18.194.120.89
May 4 11:31:50 dnsmasq[26416]: reply fr-app-chat-global-xiaomi-net-1516654448.eu-central-1.elb.amazonaws.com is 18.185.225.129
May 4 11:31:50 dnsmasq[26416]: reply fr-app-chat-global-xiaomi-net-1516654448.eu-central-1.elb.amazonaws.com is 18.184.95.216
May 4 11:31:50 dnsmasq[26416]: reply fr-app-chat-global-xiaomi-net-1516654448.eu-central-1.elb.amazonaws.com is 18.185.217.8
May 4 11:31:50 dnsmasq[26416]: reply fr-app-chat-global-xiaomi-net-1516654448.eu-central-1.elb.amazonaws.com is 18.185.0.130
Seem to see log entries at various times.
nmap shows they're accepting websockets
ben@milleniumfalcon:~$ nmap -sV 18.194.120.89
Starting Nmap 7.01 ( https://nmap.org ) at 2020-05-04 18:37 BST
Nmap scan report for ec2-18-194-120-89.eu-central-1.compute.amazonaws.com (18.194.120.89)
Host is up (0.024s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE VERSION
80/tcp open http
443/tcp open https
5222/tcp open xmpp-client?
3 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at https://nmap.org/cgi-bin/submit.cgi?new-service :
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port80-TCP:V=7.01%I=7%D=5/4%Time=5EB052D7%P=x86_64-pc-linux-gnu%r(GetRe
SF:quest,42,"HTTP/1\.1\x20418\x20WebSocket\x20protocol\x20error\r\nContent
SF:-Type:\x20text/html\r\n\r\n")%r(FourOhFourRequest,42,"HTTP/1\.1\x20418\
SF:x20WebSocket\x20protocol\x20error\r\nContent-Type:\x20text/html\r\n\r\n
SF:");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port443-TCP:V=7.01%I=7%D=5/4%Time=5EB052E1%P=x86_64-pc-linux-gnu%r(GetR
SF:equest,42,"HTTP/1\.1\x20418\x20WebSocket\x20protocol\x20error\r\nConten
SF:t-Type:\x20text/html\r\n\r\n")%r(FourOhFourRequest,42,"HTTP/1\.1\x20418
SF:\x20WebSocket\x20protocol\x20error\r\nContent-Type:\x20text/html\r\n\r\
SF:n");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port5222-TCP:V=7.01%I=7%D=5/4%Time=5EB052D7%P=x86_64-pc-linux-gnu%r(Get
SF:Request,42,"HTTP/1\.1\x20418\x20WebSocket\x20protocol\x20error\r\nConte
SF:nt-Type:\x20text/html\r\n\r\n")%r(FourOhFourRequest,42,"HTTP/1\.1\x2041
SF:8\x20WebSocket\x20protocol\x20error\r\nContent-Type:\x20text/html\r\n\r
SF:\n");
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 70.20 seconds
Repo: adblocklists
Commit: 8d3fa37c98cb52095f349663fb26fdc4847b96e5
Author: B Tasker <github@<Domain Hidden>>
Date: Mon May 04 18:40:56 2020 +0100
Commit Message: ADBLK-22 block fr.app.global.xiaomi.net and whatever variations they come up with for the third-level domain
For completeness, also spotted weatherapi.market.xiaomi.com in the logs. I've not blocked that in my global DNS service, but have chosen to block at home.
Activity
2020-05-04 18:40:48
Seem to see log entries at various times.
nmap shows they're accepting websockets
2020-05-04 18:43:15
Webhook User-Agent
View Commit
2020-05-04 18:45:33
2020-05-04 18:45:43
2020-05-04 18:45:43
2020-05-04 18:45:48