cloud1
cloud2
cloud3
cloud4
cloud5
cloud6
← Back to annotator catalog
Request size anomaly signal illustration
Annotator request_size

Request size anomaly

Requests are unusually large or shaped in a way that suggests abuse or automation.

How It Works Recent Real Samples

What This Annotator Watches

This explanation is derived from the live annotator implementation, not hand-waved catalog copy.
Focus
  • Very large or abnormally small requests and responses
  • Payload shape mismatches across method, status, and URL context
  • Outlier response sizes that hint at abuse or malformed clients
Logic
  • Known media assets can be exempted so large normal files do not pollute the signal.
  • The annotator scores oversized, undersized, and contextually odd response shapes differently.
  • It is strongest when paired with endpoint context and recurrence.
How To Read It
This is a shape-of-traffic annotator. It helps explain why the request or response footprint looks unlike normal usage.
Catalog Definition
Flags abnormal request sizes such as unusually large query strings, oversized headers, or repeated large payload attempts. This can indicate fuzzing, stress attempts, malformed clients, or automation. False positives can occur (large cookies, tracking parameters, legitimate API usage), so interpret with endpoint context and recurrence.

10 Most Recent Real Samples

Weekly cached from live annotated access events so the catalog stays fast.
Week
2026W13
Lookback
30 days
Total matched
172867
Latest sample
Mar 01, 2026 • 23:59
Top rules
size:too_small_suspicious · 9 size:above_normal · 1
Top requester orgs
Apple Inc · 8 Aceville Pte.ltd · 1 Wowrack.com · 1
Severity mix
14 · 10
Method mix
POST · 9 GET · 1
POST 200 14
Mar 01, 2026 • 23:59
/ticket/track_event/
Suspiciously small response size
IP 17.246.19.206 Subnet 17.246.19.0/24 Org Apple Inc Country United States Rule size:too_small_suspicious
POST 200 14
Mar 01, 2026 • 23:59
/ticket/track_event/
Suspiciously small response size
IP 17.22.237.183 Subnet 17.22.237.0/24 Org Apple Inc Country United States Rule size:too_small_suspicious
POST 200 14
Mar 01, 2026 • 23:59
/ticket/track_event/
Suspiciously small response size
IP 17.241.219.112 Subnet 17.241.219.0/24 Org Apple Inc Country United States Rule size:too_small_suspicious
POST 200 14
Mar 01, 2026 • 23:59
/ticket/track_event/
Suspiciously small response size
IP 17.246.15.226 Subnet 17.246.15.0/24 Org Apple Inc Country United States Rule size:too_small_suspicious
POST 200 14
Mar 01, 2026 • 23:59
/ticket/track_event/
Suspiciously small response size
IP 17.22.237.238 Subnet 17.22.237.0/24 Org Apple Inc Country United States Rule size:too_small_suspicious
POST 200 14
Mar 01, 2026 • 23:59
/ticket/track_event/
Suspiciously small response size
IP 17.241.227.92 Subnet 17.241.227.0/24 Org Apple Inc Country United States Rule size:too_small_suspicious
POST 200 14
Mar 01, 2026 • 23:59
/ticket/track_event/
Suspiciously small response size
IP 43.173.173.93 Subnet 43.173.173.0/24 Org Aceville Pte.ltd Country Singapore Rule size:too_small_suspicious
GET 200 14
Mar 01, 2026 • 23:59
/report_city/city/united%20states%7Cvirginia%7Cboydton/
Above-normal response size
IP 216.244.66.200 Subnet 216.244.66.0/24 Org Wowrack.com Country United States Rule size:above_normal
POST 200 14
Mar 01, 2026 • 23:59
/ticket/track_event/
Suspiciously small response size
IP 17.241.227.75 Subnet 17.241.227.0/24 Org Apple Inc Country United States Rule size:too_small_suspicious
POST 200 14
Mar 01, 2026 • 23:59
/ticket/track_event/
Suspiciously small response size
IP 17.22.237.251 Subnet 17.22.237.0/24 Org Apple Inc Country United States Rule size:too_small_suspicious