(deprecated) Security Features Section
The Security Features contains the various scores and information relating to the security status of the domain. These individual indicators are designed to provide illumination on the status of a domain when investigation. However, any given feature is not necessarily indicative of the overall malicious status of a domain.
The security features you typically see are:
Security Feature | Description |
---|---|
SecureRank2 (rescaled) | Suspicious rank for a domain that reviews based on the lookup behavior of client IP for the domain. SecureRank is designed to identify hostnames requested by known infected clients but never requested by clean clients, assuming these domains are more likely to be bad. Scores returned range from -100 (suspicious) to +100 (benign). |
Pagerank | Popularity according to Google's pagerank algorithm. |
ASN score | ASN reputation score, ranges from -100 to 0 with -100 being very suspicious. |
Prefix score | Prefix ranks domains given their IP prefixes (An IP prefix is the first three octets in an IP address) and the reputation score of these prefixes. Ranges from -100 to 0, -100 being very suspicious. |
RIP score | RIP Score ranks domain based on the popularity of the entire IP address. Ranges from -100 to 0, -100 being very suspicious. |
Popularity | The number of unique client IPs visiting this site, relative to the all requests to all sites. A score of how many different client/unique IPs go to this domain compared to others. |
Requester geo distribution | A score representing the number of queries from clients visiting the domain, broken down by country. Score is a non-normalized ratio between 0 and 1. |
Requester geo distribution (normalized) | A score representing the amount of queries for clients visiting the domain, broken down by country. Score is a normalized ratio between 0 and 1. |
Associated Samples—Cisco AMP Threat Grid Integration < Security Features Section > GeoIP Section
Updated about 2 years ago