Threat intelligence API Docs Pricing Blog Contact us

Threat intelligence analysis docs

Website analysis

Website's content analysis, relations to the other domains and host configuration issues.

Pages parsed

Type: Info

Website's content parsing statistics.

Indicator What it means?
Parser start URL The page where TIP starts grabbing website's content for analysis. It could be domain's home page, or any internal page if a full URL was provided as the search term.
Parsing page limit Maximum number of pages to be analysed. TIP can parse the whole website, but it takes time. It's limited to one page only for basic subscriptions.
Maximum parsing depth TIP recursively grabs pages from the target website, starting with the Parser start URL page, and builds the website's tree. This setting limits it's maximum depth. It's limited to 1 for basic subscriptions.
Pages parsed List of the analysed pages used to build the report.
Outgoing links found Number of domains referenced from the target website, considering subdomains as separate domain names. These include links, external images, CSS, scripts or Iframe sources. Only unique occurrences are counted.

3-rd party services integration

Type: Info

List of popular 3-rd party services we discovered on the target website. TIP constantly improves detection algorithms. If you didn't find a service, and you know that it's integrated, please let us know.

Indicator What it means?
Facebook The website is integrated with Facebook services.
Google The website is integrated with Google services.

Components

Type: Info

Parsing website's content, TIP analyses metatags, HTML directives, JavaScript source code, etc. - to discover which Content Management Systems (CMS), JavaScript frameworks or other technologies were used to build the website.

TIP constantly improves detection algorithms. If you didn't find a component you were looking for, please let us know.

Indicator What it means?
Angular Angular JavaScript framework was used to build the website.
jQuery jQuery JavaScript framework was used to build the website.
Wordpress Wordpress CMS was used to build the website.
Joomla Joomla CMS was used to build the website.
Drupal Drupal CMS was used to build the website.

Potentially dangerous content

Type: Analysis

TIP detects potentially dangerous content on the website: it's not necessary dangerous, but once detected it's a good starting point for further analysis.

Indicator What it means?
Links to .apk files

Links to .apk files were detected on the website.

Most likely the website proposes/tries to install Android applications not authorized by Google Play. You can end up with harmful files on your phone or device.

Links to .exe files

Links to .exe files were detected on the website.

Most likely the website proposes/tries to install Windows applications which are not authorized. You can end up with harmful files on your device.

Iframes

Iframes detected on the website.

The IFRAME element allows to embed code from other domains to the target website. It allows injecting malicious scripts, which could be used for different kinds of attacks: XSS, Clickjacking, etc.

Iframes can make JavaScript calls - to get access to users' data and show extra content on the website, like login boxes, etc.

Iframes can redirect to other websites via location.href.

Iframes could contain Flash/ActiveX/Java malware which could harm user's device, not only browser data. 

When iframe content is loaded, browser's address bar does not show that the content is loaded from the other place. End users won't notice the change, and this is dangerous.

Nonetheless many popular services use iframes safely. For instance, YouTube videos could be embedded into the page using the IFRAME element.

This technology was widely used a decade ago, and could be often found on old websites.

Scripts opening new windows

Scripts trying to open new browser windows detected.

Redirects

Redirects to other websites detected.

It could be caused by specific HTTP response codes (301, 302, 303, 307 or 308) or JavaScript code (e.g. location.replace).

Host configuration issues

Type: Analysis

Checks if the target host contains possible vulnerabilities or configuration issues, which could be used for different kinds of attacks.

Indicator What it means?
Opened .git directory in the document root

Website's production is connected to the GIT version control system, and the service files needed are publicly available.

It allows any visitor to download full source code of the website, including branches and changes history.

Access to the /.git directory should be restricted.

Directory listing is allowed

Any visitor is allowed to view the list of files in the document root.

It could be used for different types of attacks.

Restricting access to the directory listing is a good practice.

Open ports and services

Type: Analysis

TIP connects to the target host via common TCP/UDP ports, and verifies whether those are open. It's a good practice to restrict remote connections, unless it's required by the product's infrastructure. "Connection refused" or "Connection timeout" are good answers. If TIP managed to connect to the port, connection details are provided.

Service Port
Microsoft SQL Server (server) 1433
Microsoft SQL Server (monitor) 1434
MySQL (3306) 3306
Firebird & Interbase 3050
PostgreSQL 5432
Pervasive SQL (TCP) 1 3351
Pervasive SQL (TCP) 2 1583
HSQLDB 9001
Have questions?
support@threatintelligenceplatform.com
We will get back to you within a day.
Threat Intelligence Platform, LLC

California
USA

Contact us