Scanned URL Report

Summary

URL	{{content.attributes.url}}
Malicious	{{content.attributes.last_analysis_stats.malicious}}/{{content.attributes.last_analysis_stats.harmless + content.attributes.last_analysis_stats.suspicious + content.attributes.last_analysis_stats.timeout + content.attributes.last_analysis_stats.malicious + content.attributes.last_analysis_stats.undetected}}
Suspicious	{{content.attributes.last_analysis_stats.suspicious}}/{{content.attributes.last_analysis_stats.harmless + content.attributes.last_analysis_stats['type-unsupported'] + content.attributes.last_analysis_stats.suspicious + content.attributes.last_analysis_stats['confirmed-timeout'] + content.attributes.last_analysis_stats.timeout + content.attributes.last_analysis_stats.failure + content.attributes.last_analysis_stats.malicious + content.attributes.last_analysis_stats.undetected}}
Undefined	{{content.attributes.last_analysis_stats['type-unsupported'] + content.attributes.last_analysis_stats['confirmed-timeout'] + content.attributes.last_analysis_stats.timeout + content.attributes.last_analysis_stats.failure + content.attributes.last_analysis_stats.undetected}}/{{content.attributes.last_analysis_stats['type-unsupported'] + content.attributes.last_analysis_stats['confirmed-timeout'] + content.attributes.last_analysis_stats.timeout + content.attributes.last_analysis_stats.failure + content.attributes.last_analysis_stats.undetected + content.attributes.last_analysis_stats.harmless + content.attributes.last_analysis_stats.malicious + content.attributes.last_analysis_stats.suspicious}}
Last Analysis Date	{{content.attributes.last_analysis_date*1000 \| date: 'yyyy-MM-dd HH:mm:ss'}}
Reputation	{{content.attributes.reputation}}
VirusTotal Report	https://www.virustotal.com/gui/url/{{content.id}}

URL Details

Page Title	{{content.attributes.title}}
HTTP Response Code	{{content.attributes.last_http_response_code}}
Content Length	{{content.attributes.last_http_response_content_length}} bytes
Times Submitted	{{content.attributes.times_submitted}}
First Submission	{{content.attributes.first_submission_date*1000 \| date: 'yyyy-MM-dd HH:mm:ss'}}
Last Submission	{{content.attributes.last_submission_date*1000 \| date: 'yyyy-MM-dd HH:mm:ss'}}
Top Level Domain	{{content.attributes.tld}}
Has Content	{{content.attributes.has_content ? 'Yes' : 'No'}}

GTI Assessment

Verdict	{{content.attributes.gti_assessment.verdict.value}}
Severity	{{content.attributes.gti_assessment.severity.value}}
Threat Score	{{content.attributes.gti_assessment.threat_score.value}}
Description	{{content.attributes.gti_assessment.description}}
Mandiant Confidence Score	{{content.attributes.gti_assessment.contributing_factors.mandiant_confidence_score}}
GTI Confidence Score	{{content.attributes.gti_assessment.contributing_factors.gti_confidence_score}}
Categories	{{content.attributes.gti_assessment.contributing_factors.normalised_categories.join(', ')}}
Pervasive Indicator	{{content.attributes.gti_assessment.contributing_factors.pervasive_indicator}}
Mandiant Domain Hijack	{{content.attributes.gti_assessment.contributing_factors.mandiant_domain_hijack}}
Associated Malware Configuration	{{content.attributes.gti_assessment.contributing_factors.associated_malware_configuration}}
Mandiant Analyst Benign	{{content.attributes.gti_assessment.contributing_factors.mandiant_analyst_benign}}
Malicious Sandbox Verdict	{{content.attributes.gti_assessment.contributing_factors.malicious_sandbox_verdict}}
Mandiant Association Report	{{content.attributes.gti_assessment.contributing_factors.mandiant_association_report}}
Google Malware Analysis	{{content.attributes.gti_assessment.contributing_factors.google_malware_analysis}}

Threat Severity

Level	{{content.attributes.threat_severity.threat_severity_level}}
Detections	{{content.attributes.threat_severity.threat_severity_data.num_detections}}
Threat Category	{{content.attributes.threat_severity.threat_severity_data.popular_threat_category}}
Description	{{content.attributes.threat_severity.level_description}}
Bad Communicating Files (High)	{{content.attributes.threat_severity.threat_severity_data.has_bad_communicating_files_high}}
Bad Communicating Files (Medium)	{{content.attributes.threat_severity.threat_severity_data.has_bad_communicating_files_medium}}
Belongs to Bad Collection	{{content.attributes.threat_severity.threat_severity_data.belongs_to_bad_collection}}
Belongs To Threat Actor	{{content.attributes.threat_severity.threat_severity_data.belongs_to_threat_actor}}
Domain Rank	{{content.attributes.threat_severity.threat_severity_data.domain_rank}}
GAV Detections	{{content.attributes.threat_severity.threat_severity_data.num_gav_detections}}

URL Security & Categories

Categories	{{engine}}: {{category}}
Tags	{{tag}}
Outgoing Links	{{link}}
Redirection Chain	{{redirect}}

HTTPS Certificate

Subject	{{content.attributes.last_https_certificate.subject.CN}}
Issuer	{{content.attributes.last_https_certificate.issuer.CN}}
Valid From	{{content.attributes.last_https_certificate.validity.not_before}}
Valid To	{{content.attributes.last_https_certificate.validity.not_after}}
Serial Number	{{content.attributes.last_https_certificate.serial_number}}
Thumbprint SHA256	{{content.attributes.last_https_certificate.thumbprint_sha256}}

Scans

Scanner	Detected	Method	Result
{{scanner.engine_name \|\| scanner_name}}		{{scanner.method \|\| "-"}}	{{scanner.result \|\| "-"}}

Relationships

Reports ({{content.relationships.reports.length}})

(First 10)

ID	Name	Origin	Details
{{report.id \|\| '-'}}	{{report.attributes.name \|\| '-'}}	{{report.attributes.origin \|\| '-'}}	Targeted Industries: {{report.attributes.targeted_industries_tree}} - Source Regions: {{report.attributes.source_regions_hierarchy}} - Targeted Regions: {{report.attributes.targeted_regions_hierarchy}} -

Collections ({{content.relationships.collections.length}})

(First 10)

ID	Name	Origin	Details
{{collection.id \|\| '-'}}	{{collection.attributes.name \|\| '-'}}	{{collection.attributes.origin \|\| '-'}}	Targeted Industries: {{collection.attributes.targeted_industries_tree}} - Source Regions: {{collection.attributes.source_regions_hierarchy}} - Targeted Regions: {{collection.attributes.targeted_regions_hierarchy}} -

Campaigns ({{content.relationships.campaigns.length}})

(First 10)

ID	Name	Origin	Details
{{campaign.id \|\| '-'}}	{{campaign.attributes.name \|\| '-'}}	{{campaign.attributes.origin \|\| '-'}}	Targeted Industries: {{campaign.attributes.targeted_industries_tree}} - Source Regions: {{campaign.attributes.source_regions_hierarchy}} - Targeted Regions: {{campaign.attributes.targeted_regions_hierarchy}} -

Malware Families ({{content.relationships.malware_families.length}})

(First 10)

ID	Name	Origin	Details
{{malware_familie.id \|\| '-'}}	{{malware_familie.attributes.name \|\| '-'}}	{{malware_familie.attributes.origin \|\| '-'}}	Targeted Industries: {{malware_familie.attributes.targeted_industries_tree}} - Source Regions: {{malware_familie.attributes.source_regions_hierarchy}} - Targeted Regions: {{malware_familie.attributes.targeted_regions_hierarchy}} -

Threat Actors ({{content.relationships.related_threat_actors.length}})

(First 10)

ID	Name	Origin	Details
{{related_threat_actor.id \|\| '-'}}	{{related_threat_actor.attributes.name \|\| '-'}}	{{related_threat_actor.attributes.origin \|\| '-'}}	Targeted Industries: {{related_threat_actor.attributes.targeted_industries_tree}} - Source Regions: {{related_threat_actor.attributes.source_regions_hierarchy}} - Targeted Regions: {{related_threat_actor.attributes.targeted_regions_hierarchy}} -

Software Toolkits ({{content.relationships.software_toolkits.length}})

(First 10)

ID	Name	Origin	Details
{{software_toolkit.id \|\| '-'}}	{{software_toolkit.attributes.name \|\| '-'}}	{{software_toolkit.attributes.origin \|\| '-'}}	Targeted Industries: {{software_toolkit.attributes.targeted_industries_tree}} - Source Regions: {{software_toolkit.attributes.source_regions_hierarchy}} - Targeted Regions: {{software_toolkit.attributes.targeted_regions_hierarchy}} -

Vulnerabilities ({{content.relationships.vulnerabilities.length}})

(First 10)

ID	Name	Priority	Details
{{vuln.id \|\| '-'}}	{{vuln.attributes.name \|\| '-'}}	{{vuln.attributes.priority \|\| '-'}}	Executive Summary: CVSS Scores: v3.1: {{vuln.attributes.cvss.cvssv3_x.base_score}} ({{vuln.attributes.cvss.cvssv3_x.vector}}) , Temporal: {{vuln.attributes.cvss.cvssv3_x.temporal_score}} v2.0: {{vuln.attributes.cvss.cvssv2_0.base_score}} ({{vuln.attributes.cvss.cvssv2_0.vector}}) , Temporal: {{vuln.attributes.cvss.cvssv2_0.temporal_score}} Sources: {{src.name}}: {{src.title \|\| src.url}} (CVSS: {{src.cvss.cvssv3_x.base_score}}) -

Comments ({{content.relationships.comments.length}})

(First 10)

ID	Date	Details
{{comment.id \|\| '-'}}	{{comment.attributes.date * 1000 \| date:'yyyy-MM-dd HH:mm:ss'}}	Comment: {{ (comment.attributes.text.split(' ').length > 30) ? comment.attributes.text.split(' ').slice(0,30).join(' ') + '...' : comment.attributes.text }} Tags: {{tag}}, - Votes: Positive: {{comment.attributes.votes.positive}} \| Negative: {{comment.attributes.votes.negative}} \| Abuse: {{comment.attributes.votes.abuse}}