LOGIN REGISTER
API Docs User Guide
Overview
Introduction
Dashboard
Core Search
Additional Functionality
Advanced Search
Lookalikes
Bulk Analyze
Threat Actor Profiles
Live Scanning
Miscellaneous
Frequently Asked Questions
Support and Contact

Reputation

Reputation is a way for you quickly understand a domain or IP address's behavior. In the Reputation tab, will provide some amount of relevant context about how a search key is behaving and/or what public context we have about it.

The reputation tab will include some combination of the following context:

  • Are there any risk factors, or positive indicators associated with this domain?
    • Negative risk factors can include:
      • Being observed on an ad-block list
      • Being observed on malware lists
      • Rapidly changing infrastructure
      • Recent registration
    • Positive risk factors can include:
      • Observed on popularity lists
      • Long and stable DNS history
      • Registered for a long time


Reputation Tab

The Reputation Tab includes contextual information and risk factors related to what you searched.

  • Is there any other information that Validin finds worth mentioning?
    • What and how many OSINT sources was this observed on?
    • Does Validin see this domain/IP very frequently in our data?

Reputation Informational Section

Clicking on the OSINT will open a slideout with additional information about the relevant OSINT sources.

  • Usage
    • For domains: what are the effective top-level and effective second-level domains?
    • For IP addresses: what ASN and CIDR ranges is this a part of?

Reputation Usage Section

For domains, usage shows information about the domain structure

  • Recent registration:
    • Fetch the recent registration for a domain or IP address. Enterprise users can fetch/view recent registration for any domain, and Community users can fetch/view recent registration for domains that support RDAP. WHOIS support will be rolled out to the community soon.

Recent Registration

The registration section will autopopulate or prompt you to look up the recent registration for domains and IPs

  • Projects
    • Do you have this key in any of your collections?


  • Summary of DNS state
    • Count the DNS records from the results, and show how many of each there are, and what types they are.


  • Jump to:
    • For domains, jump to a different related search for the same domain (e.g. wildcard the domain and search for subdomain results, or look at the parent domain instead)

Reputation Jump To

Domains prompt you to jump to the wildcard or the parent domain

  • Interesting neighbors:
    • For IP addresses, are there any neighbors in the parent CIDR that have interesting context? We search the / +4, e.g. if you search an IPv4 address, we'll look for interesting neighbors in the /28, if you search for a /28 CIDR, we'll look for interesting /28 subnets with the parent /24.

Reputation Interesting Neighbors

IP addresses show any interesting neighbors for the IP or CIDR

  • Domain/IP Summary:
    • If we have recent host responses for a domain or IP address, do the following:
    • Summarize the response, what was the title, what ports did it respond on, was the certificate valid over HTTPs, and did it redirect (if so, where)?
    • You can click "View latest result" to immediately open a slideout with the most recent web (HTTP/S) response.

Reputation Response Summary

Data about the most recent response for a domain or IP

Starting a Search  |  Understanding the different tabs