Understand Silent Push risk scores

  • Updated on Sep 5, 2023
  • Published on Apr 30, 2023
  • 1 minute(s) read

Silent Push Risk Scores are color-based indicators that illustrate of the risk level of observables at-a-glance

Scanning through passive DNS data returns a risk indication for every record. As soon as the colored dots appear, you can hover over them to get more information

The risk score displayed on the colored dots istaken from a variety of attributes, varying by domain and IP observable type.

Domain-based scoring

  • Curated Feed History Score - A score based on the frequency and recency of an observable's presence within trusted feeds
  • NS Reputation - The ratio of blacklisted domains, taken from the total number of domains using a nameserver
  • NS Entropy - A score that includes recency, frequency, and the number of NS changes
  • Generated domain probability - How likely it is that a domain was created by an domain generation algorithm

IP-based scoring

  • Curated Feed History Score - A score based on the frequency and recency of an observable's presence within trusted feeds
  • ASN Rank - A ranking of ASNs seen to host threats listed on feeds, calculated using a weighted formula based on the type of threat observed
  • ASN Takedown Reputation - A reputation score based on the time it takes for an ASN owner to react to takedown requests related to malicious URLs. A higher reputation score indicates the ASN owner is slow to react to takedown requests
  • ASN Reputation - The ratio of blacklisted IPs, taken from from the total number of IPs that have been observed as being active within an ASN, in the last 30 days
  • Subnet Reputation - The ratio of blacklisted IPs, taken from the total number of IPs that have been observed as being active within a particular subnet in the last 30 days