Autonomous System Number is a network identification for transporting data on the Internet between Internet routers. An ASN will have associated public IP blocks tied to it where hosts are located.
This is the representation of an IP block and the associated network mask (e.g. 192.168.1.1/24). This is shortened way to list out a set of contiguous IP addresses.
Client Side Coding
Content Management System (CMS)
A category of frameworks designed for organizing, categorizing, and structuring information resources such as text, images, documents, audio and video files, so that they can be stored, published, and edited with ease and flexibility. In broad terms, the CMS acts as middleware between the database and the user through the browser.
This is the programming language the developer used to build a website or component of the site.
Certificates are used to secure the communications between a browser and a web server via Secure Sockets Layer (SSL). This ensures that sensitive data in transit cannot be read, tampered with or forged. They have other uses, but this is the primary use case at RiskIQ.
DNS Record Types
Each record is a mapping in the “digital phone book”. There are several types of entries that serve different purposes. Here are some of the most common you will need to understand: A Records – Mainly for mapping hostnames to a host IP address (IPv4) AAAA Records map hostnames to IPv6 addresses. CNAME Record - Alias of one hostname to another hostname (think telephone call forwarding). MX Record - Maps a domain name to a list of mail server agents for that domain. NS Record - The NS record specifies an authoritative name server for given host or DNS zone. Think of multiple phone books and this tells the computer which book has the listing in it, in order to do the lookup. PTR Record - Pointer to a canonical name. The most common use is for implementing reverse DNS lookups, IP address to hostname(s). SOA Record - Specifies authoritative information about a DNS zone, including the primary name server, the email of the domain administrator, the domain serial number, and several timers relating to refreshing the zone.
Document Object Model (DOM)
A domain is concatenated using the full stop (dot, period). Domains run from right to left starting with the TLD and the unique domain label. http://www.domain.com/path/index.htm Sub-Domains – A domain can have unique hosts on a parent domain. To uniquely distinguish these devices, the full qualified domain name (FQDN) is leveraged to identify these hosts. These are represented in the hierarchy like: subdomain.domain.TLD being read from right to left. These unique hosts are RiskIQ digital web assets. http://www.subdomain.domain.com/path/index.htm
Domain Name Registrar
An organization or commercial entity that manages the reservation of Internet domain names. A domain name registrar must be accredited by a generic top-level domain (gTLD) registry and/or a country code top-level domain (ccTLD) registry.
Domain Name Servers (DNS)
The service that manages the translation from host name to IP address or from IP address to host name so that devices on the internet can access the relevant data which is desired. (Think of a digital corporate directory, but for servers) Many companies outsource management of the DNS, so the name server will host records for many companies. (Think of these as the public phone book, so not all records are specific to a customer)
Web Application Frameworks allow for easier website development, management and code reuse with common libraries and templates. There are many framework types and models with different strength and caveats.
A host is a unique computer with a Web server (for RiskIQ purposes) that serves the pages for one or more Web sites. Without diving too deep, the host includes the full canonical name (www.domain.com) or a “naked domain” (domain.com). These are two unique hosts since they can be unique web servers.
Internet Corporation for Assigned Names and Numbers (ICANN)
the governing body that contracts with registrars to manage, submit and act on requests for these Internet resources.
Internet Service Provider (ISP)
An organization that provides services for accessing and using the Internet. ISPs may be organized in various forms, such as commercial, community-owned, non-profit, or otherwise privately owned.
The numerical number that computers use to locate a specific entity on the Internet. This can be represented by a host name so users can find things more easily and leverages Domain Name Servers (DNS) to manage that relationship between IP address and Host Name. Full network protocol is TCP/IP. There are public and private IP blocks. Private IP address space cannot be transported across the Internet directly and is used for internal networking at companies on their local area networks (LAN). Public IP addresses are unique addresses reachable from any device on the Internet. There are two types of IP address, IPv4 and IPv6. IPv4 – 32 bit number notated in four octets. I.e. 192.168.1.1 IPv6 –128 bit hexadecimal digits notated in eight four digit group (e.g. 2001:0db8:0000:0042:0000:8a2e:0370:7334 (IPv6 is intended to eventually replace IPv4, but it is a slow process)
IP addresses can be grouped into networks. This is a block of addresses for computers to directly talk to each other without the need for a network route. (Traffic map) Each computer in the same IP Network can communicate with others in the same network. This is defined by a subnet mask (e.g. 255.255.0.0). The subnet mask tells a computer if the IP address in conjunction with the mask is in the same network or not. If not, the traffic is sent to the IP gateway for routing to the proper network.
A specific server that is providing resolution for a host. There may be multiple name servers that have the record for redundancy.
Passive Domain Name Service (PDNS)
a collection of resolution records from traffic between an end point and name server that resolves a domain name to an IP address. RiskIQ maintains our own PDNS database and is a key element in our discovery and inventory process.
For computers to communicate over a network, the computer IP address must be known. The computers then communicate on a port between each computer. Webservers announce that they are listening on a default port of 80 and a secure sockets layer (SSL) port of 443. Web servers can be configured to listen on any port, but the client device must know the specific port, if the standard well known port is not being used.
The protocol identifies the method (set of rules) by which the resource is transmitted. All Web pages use HyperText Transfer Protocol HTTP or HTTPS and these are what RiskIQ web browsers leverage.
Proxy acts as a shield between you and the site you are looking at; in other words, it is a middleman. When you use a Web proxy, you are not actually connecting to your intended site, instead, the Web proxy is connecting to the site, therefore hiding any trace of your presence. This can exist at a corporate perimeter or on the Internet.
The RiskIQ Proxy Network is a collection of proxy servers that RiskIQ has established in different locations around the world. This allows the virtual user to interact with the Internet and appears to come from these IP addresses and network locations as their point of origin.
When a company wants to automatically forward traffic to some other host/IP address, it is what is referred to as a redirect. It can be accomplished in several ways. A DNS CNAME record can resolve the host name to another record or the same IP, a web server can forward traffic to a different host, or a script can take action on the client side, to have the browser go to a different host.
is the name of the file for the page and any directories or subdirectories under which it is stored on the specified computer. The resource ID is the part to the right following the TLD starting with the “/” that defines the file for a web browser to open.
Server Side Coding
code that lives on the server and responds to HTTP requests. Running a script directly on the web server to generate dynamic HTML pages fulfills the user’s request. This HTML is then sent to the client browser.
A domain can have unique hosts on a parent domain. To uniquely distinguish these devices, the full qualified domain name (FQDN) is leveraged to identify these hosts. These are represented in the hierarchy like: subdomain.domain.TLD being read from right to left. These unique hosts are RiskIQ digital web assets.
Top level domain – a three or two letter extension that ends a domain. If the TLD is different, then the domain is different and the host will be unique. Common TLDs are .com, org, .gov, .mil, .edu, .net. There are also county code TLDs (ccTLD) that may be leveraged too as: .us, .mx, .uk, etc. There is a newer TLD category called generic top-level domains (gTLD).
Uniform Resource Locator is the full path to where the unique resource (webpage) is located on the Internet.
An application used by computers to access resources and content on the Internet. Microsoft Internet Explorer & Edge, Google Chrome, Firefox, Apple Safari & Opera are common examples.
Web Server Version
this is the web server software which runs on a server to offer up websites and content via the HTTP protocol for access to web browsers. These run on top of the server operating system on physical hardware or in the cloud.
A complete group of webpages that are organized as a comprehensive set. Websites can be designed with all of the pages on one host or many. Host – A host is a unique computer with a Web server (for RiskIQ purposes) that serves the pages for one or more Web sites. Without diving too deep, the host includes the full canonical name (www.domain.com) or a “naked domain” (domain.com). These are two unique hosts since they can be unique web servers. Full canonical - http://www.domain.com/path/index.htm Naked domain - http://domain.com/path/index.htm
A webpage is a document being exposed to the Internet that is formatted in HTML (Hypertext markup language) and any related files for scripts and graphics, and often hyperlinked to other documents on the Internet. These files leverage file extensions of .htm or .html A “homepage” is the default webpage that is offered up by a webserver when a host is entered into a client browser. Typically, the resource ID will end in “index.htm”
Well Known Ports
Multiple services can be run from a server on different ports (email, FTP, SSH, etc.), all from the same computer with the same IP address. These common ports, known as Well Known Ports, have reserved services so that client devices know which port to reach out to when contacting a server on the Internet.
A protocol leveraged to query and respond to the databases that store registration and ownership of Internet resources. These will typically be used to define ownership of a domain, IP block or ASN. This is a distributed hierarchical database spread around the world. A Whois record has many components that RiskIQ uses for showing ownership or relationship to a company. There are many registrars that offer an additional service to obfuscate who is the true owner of the Internet asset. Sometimes referred to Whois Privacy. The Whois protocol is a key element of the RiskIQ discovery and inventory process.