Incidents

The PerimeterX Code Defender identifies the following incidents:

PII/PCI Sniffing

Medium Risk Incidents

- A script is accessing PII (personal identifiable information) fields. This can include any of the following: location data, contact information, or identification information such as a name or social security number

Low Risk Incidents

- A script is potentially accessing PII (personal identifiable information) fields. This can include any of the following: location data, contact information, or identification information such as a name or social security number
- A known vendor script is accessing PII (personal identifiable information) fields. This can include any of the following: location data, contact information, or identification information such as a name or social security number
Known Malicious Domain

High Risk Incidents

- A script was observed interacting with a denied domain with a high probability of being malicious and related to a skimming activity/crime-ware.
- A script was loaded from a denied domain with a high probability of being malicious and related to a skimming activity/crime-ware.
Suspicious Domains (CA, registrar, spoof, suffix etc.)

Medium Risk Incidents

- External network requests have been made to a domain that, based on various domain characteristic, is potentially malicious
- A script was loaded from a domain that, based on various characteristics, is potentially malicious
- A script was loaded from a domain that was created within the last three weeks
- A script interacts with a domain that might be spoofed. The target domain is composed of unusual characters that may indicate domain spoofing
- A script loads from a domain that might be spoofed. The script's host domain is composed of unusual characters, which may indicate domain spoofing
- A script loads from a domain that might be spoofed. The script's host domain is composed of Unicode characters, which may indicate domain spoofing
- A script interacts with a domain that might be spoofed. The target domain is composed of Unicode characters, which may indicate domain spoofing
- A script loaded from a domain that might be spoofed. The script's host domain attempts to mimic a known service domain, which may indicate domain spoofing
- A script interacts with an external domain which tries to mimic a known service domain. This may indicate domain spoofing
- A script interacts with a sub-domain that may be spoofed
- A script sends requests to a domain with an expired and insecure SSL certificate
- A script's host domain SSL certificate has expired
Crypto-Mining

Medium Risk Incidents

- A script was observed interacting with a domain with high probability of being related to Crypto-Mining Activity (network activity to a crypto domain) due to various domain characteristics. This affects the end-user experience not just in the customer's site, but also on the end-user's whole machine
Site/Script Baseline Deviation

Medium Risk Incidents

- A known script's external network request destination has changed. If it is a third-party script, this can indicate a possible third-party vendor breach.
- A script that exists on sensitive pages (login and checkout) started creating an iFrame (inline frames allow for an isolated web page environment within a website / another webpage.)
- A script that exists on sensitive pages (login and checkout) is creating an iFrame (inline frames allow for an isolated web page environment within a website / another webpage) which initiates from a new source.
- A script which exists on sensitive pages (login and checkout) started accessing INPUT values, giving the script access to information entered by the user
- A new script was observed on sensitive pages (login and checkout)

Low Risk Incidents

- A new script was observed
- A new script from a known vendor was observed
- A new script from a known vendor was observed on sensitive pages (login and checkout)
- A script started creating an iFrame (inline frames allow for an isolated web page environment within a website / another webpage.)
- A script is creating an iFrame (inline frames allow for an isolated web page environment within a website / another webpage.) that initiates from a new source
- A first-party script started creating network activity
- A third-party script started creating network activity
- A first-party script interacts and sends requests to an external domain
- A third-party script started creating network activity and sending requests to external domains
- A script started listening to INPUT elements, giving the script access to information that users enter in the INPUT field
- A script started accessing INPUT values, giving the script access to information entered by the user
- A script started accessing password elements. The script can access the user's credentials
- A script started placing event listeners on the page. Event listeners observe the events (various actions - mouse clicks, keyboard presses, etc.) that occur in the page.
Outdated Libraries

Medium Risk Incidents

- A script is running as an outdated library that has know vulnerabilities
- A script is using resources from an outdated library that has know vulnerabilities
- A script was loaded from a unregulated public repository

Did this page help you?