Hello,
I wanted to get clarification on what criteria analysis.service gets populated with "http request path host header mismatch"
Specifically does is it: domain mismatch , tld mismatch or entirely different domains altogether.
I see this from Hunting Guide:
http.lua | analysis.service | http request path host header mismatch | The request path specified a host other than the value of the HOST:header | Indicative of domain fronting, though may be legitimate when used by CDNs. |
