Risk scores

Updated

Updated on Aug 27, 2025
Published on Aug 26, 2025

1 minute(s) read

The Silent Push API provides categorical scores to assess the reputational risk of domains and IPv4 addresses. Below are the scores, organized for clarity.

Domain-Related scores

Score	Description	Key Details
age_score	Based on the domain’s age from the DNS zone files.	Higher score for recently created domains (newer=riskier).
is_new_score	Indicates if the domain was created in the last 24 hours.	Returns 100 for new domains (higher risk in network traffic).
dga_probability_score	Likelihood the domain name was generated by a Domain Generation Algorithm (DGA).	Higher score indicates greater DGA likelihood.
url_shortener_score	Identified known URL shortener services.	Returns 100 if the domain is a URL shortener (in addition to `isurlshortener` flag).
listing_score	Presence in highly trusted threat intelligence fields.	Based on recency and frequency of listings.
ns_reputation_score	Reputation of name servers associated with the domain.	Calculated as the ratio of domains on the name server listed in threat feeds.
ns_entropy_score	Frequency of nameserver changes.	Higher score for frequent/recent changes (indicates suspicious activity).
sp_risk-score	Overall risk assessment for the domain.	Highest of `ns_entropy_score`, `ns_reputation_score`, `is_new_score`, `age_score`, `listing_score`. Reduced to 0 if `is_expired`, `is_parked`, or `is_sinkholed` is true.

IPv4-Related scores

Score	Description	Key Details
asn_rank_score	Rankings of ASNs based on feed listings.	Malware feed listings are weighed higher than phishing feeds.
ask_reputation_score	Volume of listed IPv4 addresses in an ASN.	Logarithmic ratio of listed vs. active IPs (from Silent Push Passive DNS).
asn_takedown_reputation_score	Speed of malicious URL takedowns by the ISP abuse desk.	Based on URLs with a minimum age, compared to total IPs in the ASN.
ip_is_dsl_dynamic_score	identifies dynamically allocated/residential IP space.	Returns 100 dynamic (in addition to `ip_is_dsl_dynamic` flag).
listing_score	Presence on highly trusted threat intelligence feeds.	Graded on recency and frequency of listings.
subnet_reputation_score	Volume of listed IPv4 addresses in a subnet.	Logarithmic ratio of listed vs. active IPs (from Silent Push Passive DNS).
ip_reputation_score	Volume of listed A records resolving to the IP	Logarithmic ratio of listed vs. active A records (from Silent Push Passive DNS).
sp_risk_score	Overall risk assessment for the IP.	Highest of `ip_reputation`, `subnet_reputation`, `asn_reputation`, `asn_takedown_reputation` `asn_rank`. Reduced to 0 if `known_benign` or `known_sinkhole_ip` is true.

Was this article helpful?