--- title: "Highlight: Core Metrics" slug: "highlight-core-metrics" tags: ["Domain Metrics", "Risk Assessment", "Threat Intelligence"] updated: 2025-12-11T14:36:00Z published: 2025-12-11T14:35:36Z canonical: "help.silentpush.com/highlight-core-metrics" --- > ## Documentation Index > Fetch the complete documentation index at: https://help.silentpush.com/llms.txt > Use this file to discover all available pages before exploring further. # Highlight: Core Metrics The Highlight section of **Total View**, located at the top of the interface, provides a rapid technical overview of key metrics for Domains and IPv4 addresses, derived from Silent Push’s enrichment categories. It consolidates critical data points for immediate Threat assessment. ![Overview of quasar.com domain with threat feed and web search highlights information.](https://cdn.document360.io/8e5460b3-9d96-4b01-8bb3-6591a4af3a8c/Images/Documentation/Key Highlights.jpg) ## Data Points | # | Field | Description | | --- | --- | --- | | 1 | **Domain** | The observable’s domain name (e.g., example.com), serving as the primary identifier. | | 2 | **Risk Score** | A proprietary score based on threat feed presence (paid users) and secondary metrics, quantifying malicious potential. | | 3 | [**Flags**](https://help.silentpush.com/docs/understand-and-present-flags) | Indicators (e.g., Tranco Top 10k, IOFA Feed) reflecting Enriched Attributes. | | 4 | **Scores** | - **Age**: Domain Age in days, calculated from creation date. - **NS Reputation**: Nameserver reputation score based on domain usage patterns. - **NS Entropy**: Measure of nameserver change randomness, indicating potential compromise. | | 5 | **PADNS Infrastructure** | Counts of DNS records (A, AAAA, CNAME, NS, MX, SOA, TXT) to detect anomalies. | | 6 | **Infrastructure Variance** | - **ASN Diversity:** Number of unique Autonomous System Numbers. - **IP Diversity**: Count of unique IP addresses. - **NS Changes**: Frequency and recency of nameserver updates. | | 7 | **Whois** **Information** | - **Registrar**: Entity managing domain registration. - **Created**: Registration creation date (e.g., 1995-08-13). | | 8 | **Web Search Highlights** | - **Response**: HTTP response code (e.g., 200). - **favicon**: MD5 hash of the favicon image. - **Scan Date**: Last scan timestamp (e.g., 2025-08-28). - **HTML Title**: Extracted title tag from HTML content. - **Header Server**: Server software identified in HTTP headers. | ## Enrichment Highlights Table | Highlight Category | Metrics | Applies to | Notes | | --- | --- | --- | --- | | IP-based Highlights | IP Reputation, ASN Reputation, ASN Takedown Reputation, ASN RankSubnet Reputation, Curated Feeds History Score, IP Density, Open S3 Buckets, | IPv4 addresses, URLs (with IP root) | Displayed for IPv4 addresses and URLs where the root is an IP address. | | Domain-based Highlights | NS Reputation, NS Entropy, Curated Feeds History Score, ASN Diversity, IP Diversity, Age, Registrar | Domains with URLs (with domain root) | Displayed for domains and URLs where the root is a domain. | | ASN-based Highlights | Active IPs, Active Subnets, AS Name, Average Density | ASNs | Specific to Autonomous System Numbers (ASNs). | An Indicator of Compromise (IoC) with potential to cause harm, such as a malicious IP, domain, or file hash. The human-readable name (e.g., example.com) associated with an indicator of compromise (IoC) or network resource, used to identify and access websites or services in threat intelligence analysis. Enhanced data points, such as IP diversity, nameserver details, or IP density, have been supplemented with additional threat intelligence from a platform like Silent Push to improve threat analysis accuracy. The number of days since a domain was first registered or identified in DNS zone files, often used to assess its trustworthiness, as newer domains may be associated with malicious activity. A metric indicating how frequently the IP addresses hosting a domain switch between different Autonomous System Numbers (ASNs) over the past 30 days, often used to detect suspicious domain behavior. The time interval between updates to a threat intelligence feed or dataset, determining how often new or revised indicators of compromise (IoCs) are provided for analysis. Publicly available data collected during domain registration or DNS updates, used to analyze domain ownership and history. A small icon or image associated with a website, typically displayed in browser tabs or bookmarks, used in threat intelligence to identify potential spoofing or phishing by analyzing its unique characteristics or hash A measure of an Autonomous System’s trustworthiness, calculated as the ratio of blacklisted IP addresses to the total active IPs within the ASN over the past 30 days, indicating potential risk levels. Autonomous System Number, a unique numeric identifier assigned to an Autonomous System (AS) for managing IP address routing within and between networks on the internet The number of unique IP addresses a domain has resolved to over the past 30 days, used to detect dynamic or suspicious domain behavior. The count of unique IP addresses actively resolved as A records within an Autonomous System Number (ASN) over a specific period, indicating the network's operational scope. The count of unique subnets within an Autonomous System Number (ASN) that contain actively resolved IP addresses over a specific period, used in Silent Push to assess the distribution of network activity and identify potential malicious infrastructure segments. The descriptive name assigned to an Autonomous System (AS), a collection of IP routing prefixes under the control of one or more network operators, used to identify the network in routing operations. The average number of domains or subdomains associated with a network element (e.g.,IP, ASN, nameserver, or MX server) over a specified period, used to identify patterns of concentrated activity that may indicate malicious infrastructure.