LOGIN REGISTER
open_in_full
  • home
    • Dashboard
    API Docs User Guide
    Overview
    Introduction
    Dashboard
    Core Search
    Additional Functionality
    Lookalikes
    Bulk Analyze
    Threat Actor Profiles
    Live Scanning
    Miscellaneous
    Frequently Asked Questions
    Support and Contact

    Reputation

    Reputation is a way for you quickly understand a domain or IP address's behavior. In the Reputation tab, will provide some amount of relevant context about how a search key is behaving and/or what public context we have about it.

    The reputation tab will include some combination of the following context:

    • Are there any risk factors, or positive indicators associated with this domain?
      • Negative risk factors can include:
        • Being observed on an ad-block list
        • Being observed on malware lists
        • Rapidly changing infrastructure
        • Recent registration
      • Positive risk factors can include:
        • Observed on popularity lists
        • Long and stable DNS history
        • Registered for a long time


    Reputation Tab

    The Reputation Tab includes contextual information and risk factors related to what you searched.

    • Is there any other information that Validin finds worth mentioning?
      • What and how many OSINT sources was this observed on?
      • Does Validin see this domain/IP very frequently in our data?

    Reputation Informational Section

    Clicking on the OSINT will open a slideout with additional information about the relevant OSINT sources.

    • Usage
      • For domains: what are the effective top-level and effective second-level domains?
      • For IP addresses: what ASN and CIDR ranges is this a part of?

    Reputation Usage Section

    For domains, usage shows information about the domain structure

    • Recent registration:
      • Fetch the recent registration for a domain or IP address. Enterprise users can fetch/view recent registration for any domain, and Community users can fetch/view recent registration for domains that support RDAP. WHOIS support will be rolled out to the community soon.

    Recent Registration

    The registration section will autopopulate or prompt you to look up the recent registration for domains and IPs

    • Projects
      • Do you have this key in any of your collections?


    • Summary of DNS state
      • Count the DNS records from the results, and show how many of each there are, and what types they are.


    • Jump to:
      • For domains, jump to a different related search for the same domain (e.g. wildcard the domain and search for subdomain results, or look at the parent domain instead)

    Reputation Jump To

    Domains prompt you to jump to the wildcard or the parent domain

    • Interesting neighbors:
      • For IP addresses, are there any neighbors in the parent CIDR that have interesting context? We search the / +4, e.g. if you search an IPv4 address, we'll look for interesting neighbors in the /28, if you search for a /28 CIDR, we'll look for interesting /28 subnets with the parent /24.

    Reputation Interesting Neighbors

    IP addresses show any interesting neighbors for the IP or CIDR

    • Domain/IP Summary:
      • If we have recent host responses for a domain or IP address, do the following:
      • Summarize the response, what was the title, what ports did it respond on, was the certificate valid over HTTPs, and did it redirect (if so, where)?
      • You can click "View latest result" to immediately open a slideout with the most recent web (HTTP/S) response.

    Reputation Response Summary

    Data about the most recent response for a domain or IP

    Starting a Search  |  Understanding the different tabs