About the Geographic Distribution View in Investigate
The Geographic Distribution displays a world map of the IP distribution for each searched domain. The map shows the domain host countries (using pins), registrant information, and percentages of that distribution. The geographical representation shows our resolution data plotted across geolocations along with visual indicators to show distribution rates. You can use the Geographic Distribution map to define where a domain request originates.
- Host—Displays the physical location of the host IP addresses.
- IP Count—The number of IP addresses registered to the host.
- Geo Distance (sum, mean)—Lists both the sum and mean distances between hosts in kilometers. The distance between hosts is a mathematical algorithm scoring the relative distances between hosts serving the domain data. This algorithm reflects unusually high scores for the Mean Geo-distance and Sum Geo-distance in the domain features. An alert appears when the mean distance between hosts serving the site is over 3000 kilometers.
In our research, we've found that hosts serving a non-malicious domain are geographically close, whereas a domain serving malware is served by hosts found around the globe. Our blog provides more information on how we use distance between domains to determine the maliciousness of certain domains. - Registrant Country—Country of origin for the host.
- Requester Distribution—Hierarchical list in percentage of where in the world the domain requests occurred. Scroll your mouse over various countries on the map to see the percentage for each country.
About Related Domains in Investigate < About the Geographic Distribution View in Investigate > About the Sample View in Investigate
Updated 6 months ago