Highlight - Key metrics

The Highlight section of Total View, located at the top of the interface, provides a rapid technical overview of key metrics for Domains and IPv4 addresses, derived from Silent Push’s enrichment categories. It consolidates critical data points for immediate threat assessment.

Data points

• Domain: The observable’s domain name (e.g., example.com), serving as the primary identifier.

• Risk Score: A proprietary score based on threat feed presence (paid users) and secondary metrics, quantifying malicious potential.

• Flags: Indicators (e.g., Tranco Top 10k, IOFA Feed) reflecting enriched attributes; detailed in a separate article.

• Scores:

  • Age: Domain age in days, calculated from creation date.

  • NS Reputation: Nameserver reputation score based on domain usage patterns.

  • NS Entropy: Measure of nameserver change randomness, indicating potential compromise.

• PADNS Infrastructure: Counts of DNS records (A, AAAA, CNAME, NS, MX, SOA, TXT) to detect anomalies.

• Infrastructure Variance:

  • ASN Diversity: Number of unique Autonomous System Numbers.

  • IP Diversity: Count of unique IP addresses.

  • NS Changes: Frequency and recency of nameserver updates.

• WHOIS Information:

  • Registrar: Entity managing domain registration.

  • Created: Registration creation date (e.g., 1995-08-13).

• Web Scan Highlights:

  • Response: HTTP response code (e.g., 200).

  • Favicon: MD5 hash of the favicon image.

  • Scan Date: Last scan timestamp (e.g., 2025-08-28).

  • HTML Title: Extracted title tag from HTML content.

  • Header Server: Server software identified in HTTP headers.

Enrichment Highlights Table