Website Indicators

Each indicator is associated with an evidentiary tier and is subject to interpretation.

• Tier 1 indicators are typically unique or highly indicative of the provenance of a website. This includes unique IDs for verification purposes and web services like Google, Yandex, etc as well as site metadata like WHOIS information and certification, when valid, as DDOS protection services like Cloudflare and shared hosting services like Bluehost can provide spurious matches.
• Tier 2 indicators offer a moderate level of certainty regarding the provenance of a website. These are not as unique as Tier 1 indicators but provide valuable context. This tier includes IPs within the same subnet, matching meta tags, and commonalities in standard and custom response headers.
• Tier 3 indicators are the least specific but can still support broader analyses when combined with higher-tier indicators. These include shared CSS classes, UUIDs, and Content Management Systems.

About and Interpreting Indicators