HTTP headers contain valuable information that can be used to identify and mitigate a range of cyber threats, not least by identifying misconfigured or outdated web servers and applications that may be vulnerable to attack.
By analyzing the headers of traffic associated with specific attacks or campaigns, security analysts can identify patterns and connections between different attacks, as well as the infrastructure and resources used by specific threat actors.
Headers can also be used to identify malicious traffic and block it at the network level. Many attackers use specific headers or user agents to hide their activities, but by analyzing HTTP headers, security teams can identify these patterns and take appropriate action.
Silent Push allows you to search through data from our daily scans of the Internet's IPv4 range to obtain information on a broad range of elements related to HTTP headers.
-
Navigate to
Advanced Query Builder > IPv4 Queries > Scan Data - Headers -
Specify an
IP address -
(Optional) Specify a
netmaskto search across a range of IP addresses -
(Optional) Use
Header Searchto search contents of HTTP headers (limited partial match) -
(Optional)
Limitthe number of results to return -
(Optional)
Skipa specified number of results -
Click
Search
Saving queries
Organizational users are able to save individual queries ran from Advanced Query Builder, and store them in the Private Queries menu for future analysis, or to share with their organization.
-
Specify the query parameters
-
Click
Save Query -
Give your query a
Name -
Specify a
Descriptionto add more context -
Click
Save