Example Reference

Indicator Fields

General_Header

Request URL: https://xxx/get?11=11 Request Method: GET Status Code: 200 Remote Address: 129.150.44.173:443 Referrer Policy: strict-origin-when-cross-origin

Request_header

Response_header

Payload

Respsone

args

query args: key value

X-Real-Ip

X-Ja3-Fingerprint

X-Http-Proto

X-Forwarded-Proto

X-Forwarded-For

Upgrade-Insecure-Requests

Host

Sec-Fetch-Site: Sec-Fetch-Mode: Sec-Fetch-Dest: Sec-Ch-Ua-Platform: Sec-Ch-Ua-Mobile: Sec-Ch-Ua: Accept-Language: Accept-Encoding: Accept: User-Agent:

browser

os_type: “desktop”, os_family: “macintosh”, os_name: “MacOS”, os_version: “Big Sur”, os_title: “MacOS Big Sur”, device_type: “desktop”, browser_name: “Chrome”, browser_version: 114, browser_title: “Chrome 114”, browser_chrome_original: 1, browser_chromium_version: 114, 64bits_mode: 1

origin

IP IP_type: DCH, CDN, RSV …, https://blog.ip2location.com/knowledge-base/what-is-usage-type/ city isp

Fingerprint

tls_fp: ja3 fingperint
tls_fp_hash: ja3 fingperint hash
h2_fp
h2_fp_hash
device_fp
device_fp_hash

Risk

score: 0-100
level: low, medium, high
desc: risk desc