After running a search, your result list will appear on the Research page. The list displays a summary including an excerpt from the result (around the first keyword match, if applicable), where the result was found, crawl date, hackishness, and relevance of the result.
Click on an Excerpt to open the full Result Detail; click on the X to close the Result Detail.
Our indexed document collection, which are the results you receive after doing a search in the Research section, is processed into the following field categories:
|
Body field |
The raw text collected from the webpage/record/target. |
|
Metadata fields |
Fields we collect along with the body, if available, such as: domain, network, headers, leak information. Click on the Metadata and Leak view switches in Search Results to see this information. |
|
Mined fields |
Tokenized features we mine out of the body of the result, which are currently Entities (emails, credit cards, cryptocurrencies, cves, ip addresses, ssns, website mentions) and Chat-related information (users, user IDs, servers, channels, channel IDs). Entities and Chat Users appear as individual View Switches in Search Results, if present in the body. |
|
Processed fields |
Information we apply to a result from our natural language processing or machine learning, such as hackishness or language detection. |
When you do a search in the search bar from Home or Research, a maximum of 20 results are returned per page. Vision UI includes a default setting to de-duplicate results on a per-page basis. When the Show Duplicates option is off, you may receive fewer documents than the count submitted, since some of the results may not be returned. If you would like to see all results, you can change this setting in the Filter menu’s Advanced Options, which includes an option to toggle Show Duplicates on or off.
Viewing Individual Result Detail
Results from our index include the following elements:
1. Source of the result and either the Crawl Date (when we added it to our collection) or Post Date (date of the forum post). Additionally, you may see these options:-
- If a result is a forum post, a Post Author will be present. You can click on this button to open a new search tab to search for other posts by the same author.
- If a URL has special characters or emojis, a Decode URL button will be present to toggle to the decoded version, which can assist users who have the proper sandboxed environments in viewing the original source. DarkOwl Vision stores URLs in their encoded form. Once a URL is decoded, you can toggle back to the encoded version by clicking Encode URL.
-
- Add to Case Findings to preserve the result and organize into a Case.
- Download the result as a .txt file.
- Copy Link to return to this result later.
- If a search result is a forum post, you can click View Thread to reconstruct the posts into the original thread.
3. If enabled on your account and applicable to the document, you will see the Direct to Darknet option.
4. The right side will contain various View Switches to see the result, metadata, and various tokenized fields. Click on each switch to see the following:
-
- The Body is the content of the result.
-
- Metadata includes where and when the result was collected. Clicking on the icon next to URI will allow you to copy the URL in a defanged format.
-
- If present in the Body, additional view switches will show Lists of Entities within the result (Emails, Cryptocurrencies, Cards, CVEs, IP addresses, SSNs, Website Mentions).
-
- Leak Context or Site Context may also be present depending on the type of search result.
-
- Chat Users will be present if the result is from Telegram or Discord with Usernames and User IDs found in the result. The screenshot below shows the Chat Users switch active.
- Chat Users will be present if the result is from Telegram or Discord with Usernames and User IDs found in the result. The screenshot below shows the Chat Users switch active.
5. A Group heading will be present if the site has a classification. Some of the classifications include: Blog, Chan, Data Sharing, Directory, File Repository, Forum, Forum Post, Market, News, Paste, Search Engine, Social Media, Ransomware. Other classifications may be added in the future. Additionally, Authenticated Site will be present if the site required special access, such as a login or other challenge.
Keyboard Shortcuts
Navigate through Search Results using these keyboard shortcuts:
|
Key |
Description |
|
k |
next result |
|
i |
previous result |
|
l |
next highlight |
|
j |
previous highlight |
|
; |
toggle detail pane |
|
o |
next page |
|
u |
previous page |
Pivot to Entity Explore
If your search included an Email, Credit Card, Cryptocurrency, or IP Address Entity Search tile, the Explore icon will appear next to the Quick Filter icon. You can use this icon to look up any of the values in the Explore: Entity section. Click the icon, then select one of the values from the drop-down.
Search Tabs
You can have multiple searches open, to allow for pivoting and further investigation. Click on the (+) icon to start a new search. You can go back to previous searches and results by either clicking on a specific Result tab, or using the left tab drop-down menu. You can have up to ten search inquiries open simultaneously.