@salkhan The DeviceVendor and DeviceProduct fields in the CommonSecurityLog should tell you where the data came from

www.000webhost.com