Documentation Index

Fetch the complete documentation index at: https://help.silentpush.com/llms.txt

Use this file to discover all available pages before exploring further.

Risk scores

  • Updated on Jan 9, 2026
  • Published on Aug 26, 2025
  • 1 minute(s) read
Prev Next

The Silent Push API provides categorical scores to assess the reputational risk of domains and IPv4 addresses. Below are the scores, organized for clarity.

Domain-Related Scores

Score

Description

Key Details

age_score

Based on the domain’s age from the DNS zone files.

Higher score for recently created domains (newer=riskier).

is_new_score

Indicates if the domain was created in the last 24 hours.

Returns 100 for new domains (higher risk in network traffic).

dga_probability_score

Likelihood the domain name was generated by a Domain Generation Algorithm (DGA).

A higher score indicates greater DGA likelihood.

url_shortener_score

Identified known URL shortener services.

Returns 100 if the domain is a URL shortener (in addition to isurlshortener flag).

listing_score

Presence in highly trusted threat intelligence fields.

Based on recency and frequency of listings.

ns_reputation_score

Reputation of name servers associated with the domain.

Calculated as the ratio of domains on the name server listed in threat feeds.

ns_entropy_score

Frequency of nameserver changes.

Higher score for frequent/recent changes (indicates suspicious activity).

sp_risk-score

Overall risk assessment for the domain.

Highest of ns_entropy_score, ns_reputation_score, is_new_score, age_score, listing_score. Reduced to 0 if is_expired, is_parked, or is_sinkholed is true.

IPv4-Related Scores

Score

Description

Key Details

asn_rank_score

Rankings of ASNs based on feed listings.

Malware feed listings are weighed higher than phishing feeds.

ask_reputation_score

Volume of listed IPv4 addresses in an ASN.

Logarithmic ratio of listed vs. active IPs (from Silent Push Passive DNS).

asn_takedown_reputation_score

Speed of malicious URL takedowns by the ISP abuse desk.

Based on URLs with a minimum age, compared to total IPs in the ASN.

ip_is_dsl_dynamic_score

identifies dynamically allocated/residential IP space.

Returns 100 dynamic (in addition to ip_is_dsl_dynamic flag).

listing_score

Presence on highly trusted threat intelligence feeds.

Graded on recency and frequency of listings.

subnet_reputation_score

Volume of listed IPv4 addresses in a subnet.

Logarithmic ratio of listed vs. active IPs (from Silent Push Passive DNS).

ip_reputation_score

Volume of listed A records resolving to the IP

Logarithmic ratio of listed vs. active A records (from Silent Push Passive DNS).

sp_risk_score

Overall risk assessment for the IP.

Highest of ip_reputation, subnet_reputation, asn_reputation, asn_takedown_reputation asn_rank. Reduced to 0 if known_benign or known_sinkhole_ip is true.

Related articles