Use Feed Scanner

New
  • Published on Apr 14, 2025
  • 4 minute(s) read

Use Feed Scanner to view all of the enriched data that is available to you by completing the following process:

Access Feed Scanner

  1. From the home page, select the menu icon.

  2. Select Threat Intelligence Management.

  3. Select Feed Scanner.

Search With Feed Scanner

Customers can use one of the two methods to search enriched data with Feed Scanner:

  • Simple Search: Build basic queries quickly using drop-down menus; ideal for straightforward filtering and immediate results.

  • Advanced Search: Create complex, custom queries using Silent Push Query Language (SPQL); ideal for detailed searches that require precise filtering of enriched feed data.

Use Simple Search to use Feed Scanner

  1. From the Feed Scanner, select a datasource.

  2. In the expression box, from the Field name drop-down menu, select an option.

  3. In the Operator box, select an option.

  4. In the Value box, type the value you want to search for.

  5. Select Search.

Results

The page will be preloaded with all production feed indicators.

There are a large number of information types that are returned with the Feed Scanner results. Your results initially show a maximum of 7 columns:

  • Indicator

  • Indicator type

  • Feed

  • Vendor

  • ASN

  • WHOIS Created Date

  • SP Risk score

With Feed Scanner, customers return a variety of information types for each indicator. Use the following table to understand the details that are associated with each column in your results:

Column Name

Category

Parameter

Description

Example

ASN

ASN & Subnet Information

asn

Numeric number assigned to the Autonomous System

AS15169

ASN Allocation Age

ASN & Subnet Information

asn_allocation_age

Number of days since the ASN was allocated

5

ASN Diversity

Domain Information

asn_diversity

The frequency that IP(s) hosting this domain in the last 30 days change between AS numbers

1

ASN Reputation Score

ASN & Subnet Information

asn_reputation

Score based on the trustworthiness and reputation of the networks associated with a particular ASN

78

ASN Takedown Reputation Score

ASN & Subnet Information

asn_takedown_reputation

Score based on the service provider's history of responding to abuse reports and taking action to mitigate malicious activity associated with their network.

65

AS Name

ASN & Subnet Information

asname

Descriptive name of the Autonomous System associated with the IP address

CLOUDFLARENET, US

Continent Code

IP Information

continent_code

Continent code that corresponds to the IP's geographical location

US

Country Code

IP Information

country_code

Two letter country that corresponds to the IP's geographical location

NA

Date Added

Indicator Information

Date and time that the indicator was first added to the current feed

2025-04-01T10:07:17

Density

IP Information

density

Number of domains with A records pointing to the IP address

5

Domain Age

Domain Information

age

Number of days ago that the domain was first identified in zone files

106

Domain

Domain Information

domain

Name of the domain associated with the indicator

weeblysite.com

Feed

Indicator Information

feed_name

Name of the feed that the indicator is on

APT - Lazarus Domains

Feed Frequency

Indicator Information

Average frequency in hours that a feed receives indicator updates (based on previous 30 days)

23

Feed UUID

Indicator Information

UUID of the feed that the indicator is on

Host

Domain Information

host

Name of the host associated with the indicator

btinternet-109545.weeblysite.com

Indicator Type

Indicator Information

type

Type of indicator:

  • Domain

  • IP Address

  • URL

Domain

IOFA Score

Indicator Information

iofa_listing_score

Score associated with the indicator's placement on an IOFA feed

100

IP Diversity All

Domain Information

ip_diversity_all

The number of IPs that a domain pointed to over the previous 30 days

2

IP Diversity Groups

Domain Information

ip_diversity_groups

The number of different groupings of IPs pointed to over the last 30 days, where a grouping may consist of one or more IPs that are pointed to at the same time

1

IP PTR

IP Information

ip_ptr

Reverse DNS record (PTR) that is associated with the IP address

74-115-51-55.weebly.net

IP Reputation Score

IP Information

ip_reputation_score

A score based on the number of domains hosted on the IP that are listed on a feed

100

IPv4

IP Information

ipv4

IPv4 address that is associated with the indicator

74.115.51.55

Is DSL Dynamic

IP Information

ip_is_dsl_dynamic

Flag that indicates if the IP address is linked to dynamic DSL services

1 for true, 0 for false

Is Dynamic Domain

Domain Information

is_dynamic_domain

Flag that indicates if the domain is associated with dynamic DNS or regularly changing IP assignments

1 for true, 0 for false

Is Known Benign

IP Information

known_benign

Flag that indicates if the indicator is confirmed to be benign or a false positive. (8888 for example)

1 for true, 0 for false

Is New Score

is_new_score

Score that represents how new the indicator is.

100

Is Parked

Domain Information

is_parked

Flag that indicates if the domain is parked

1 for true, 0 for false

Is Sinkholed

IP Information

is_sinkholed

Flag that indicates if the indicator is currently sinkholed to divert malicious traffic

1 for true, 0 for false

Is TOR Exit Node

IP Information

ip_is_tor_exit_node

Flag that indicates if the IP address is recognised as a Tor exit node

1 for true, 0 for false

Is Tranco Top 10K

Domain Information

is_tranco_top10k

Flag that indicates if the domain is listed on the Tranco Top 10k most popular domains list

1 for true, 0 for false

Is URL Shortener

Domain Information

is_url_shortener

Flag that indicates if the URL is provided by a recognized URL shortening service

1 for true, 0 for false

Last Seen On

Indicator Information

last_seen_on

Date and time that the indicator was most recently observed on a feed

2025-03-21T04:57:20

Name

Indicator Information

name

Indicator domain or URL value

https://btinternet-109545.weeblysite.com/

Name servers Tags

Domain Information

nameservers_tags

Tags that are associated with each name server.

ns-1375.awsdns-43.org:ns-1854.awsdns-39.co.uk:ns-510.awsdns-63.com:ns-522.awsdns-01.net

Name Server Entropy Score

Domain Information

ns_entropy

Score that includes recency, frequency, and the number of name server changes

20

NS Reputation Max Score

Domain Information

ns_reputation_max

Highest value associated with the reputation score of the associated name servers

18

SP Risk Score

Indicator Information

sp_risk_score

Silent Push risk score associated with the indicator

18

Subdomain

Domain Information

subdomain

Name of the subdomain extracted from the hostname.

btinternet-109545 (btinternet-109545.weeblysite.com)

Subnet

ASN & Subnet Information

subnet

Subnet associated with the IP

74.115.51.0/24

Subnet Allocation Age

ASN & Subnet Information

subnet_allocation_age

Number of days since the subnet was allocated

5215

Subnet Reputation Score

ASN & Subnet Information

subnet_reputation

Score based on the trustworthiness and reputation of a specific subnet or range of IP addresses within a larger network

10

Tags

Indicator Information

all_tags

Tags and labels that are assigned to the indicator to provide additional context

malware

Tranco Rank

Domain Information

tranco_rank

Rank of the indicator on the Tranco Top 10k list

8.750

Tranco Top 10k

Domain Information

tranco_top_10k

Score that represents the domains rank in in the Tranco Top 10K.

20

Vendor

Indicator Information

feed_vendor_name

Name of the vendor who created the feed

Silent Push

WHOIS Age

Domain Information

whois_age

Number of days ago the domain was registered with WHOIS

4436

WHOIS Created Date

Domain Information

whois_created_date

Date and time that the domain was registered with WHOIS

2012-12-19T04:07:22