Domain Risk Score Components and Interpretation Guide

This guide explains the components of the Domain Risk Score and how to interpret them. The Domain Risk Score is derived from a real-time database that tracks domain names, registrations, and infrastructure values. It consists of two main components: Proximity and Threat Profile. Proximity measures the closeness of a domain to known malicious domains, while the Threat Profile utilizes machine learning classifiers to predict the likelihood that a domain was registered with malicious intent, specifically for phishing, malware, or spam activities. Each component is scored on a scale from 1 to 99. The guide also details the ranges of the Domain Risk Score, indicating the level of malicious intent associated with different scores. Additionally, it outlines how the Domain Risk Score is integrated into the Iris Intelligence Platform and its API endpoints, providing users with essential tools for security automation and investigation.