Example Reference
Indicator Fields
General_Header
Request URL: https://xxx/get?11=11 Request Method: GET Status Code: 200 Remote Address: 129.150.44.173:443 Referrer Policy: strict-origin-when-cross-origin
Request_header
Response_header
Payload
Respsone
args
query args: key value
header
X-Real-Ip
X-Ja3-Fingerprint
X-Http-Proto
X-Forwarded-Proto
X-Forwarded-For
Upgrade-Insecure-Requests
Host
Sec-Fetch-Site: Sec-Fetch-Mode: Sec-Fetch-Dest: Sec-Ch-Ua-Platform: Sec-Ch-Ua-Mobile: Sec-Ch-Ua: Accept-Language: Accept-Encoding: Accept: User-Agent:
browser
os_type: “desktop”, os_family: “macintosh”, os_name: “MacOS”, os_version: “Big Sur”, os_title: “MacOS Big Sur”, device_type: “desktop”, browser_name: “Chrome”, browser_version: 114, browser_title: “Chrome 114”, browser_chrome_original: 1, browser_chromium_version: 114, 64bits_mode: 1
origin
IP IP_type: DCH, CDN, RSV …, https://blog.ip2location.com/knowledge-base/what-is-usage-type/ city isp
Fingerprint
- tls_fp: ja3 fingperint
- tls_fp_hash: ja3 fingperint hash
- h2_fp
- h2_fp_hash
- device_fp
- device_fp_hash
Risk
- score: 0-100
- level: low, medium, high
- desc: risk desc