Get Security Score Information for Domain - Legacy Umbrella API

{"type":"api","title":"Get Security Score Information for Domain","meta":{"id":"/apps/pubhub/media/legacy-umbrella-api/bf58de618cbb72dda8f39b0414ce94c0a15cd467/f963d12c-70c5-3340-bb7c-d5cff60c643a","info":{"title":"Investigate API","description":"Umbrella Investigate API","version":"1.1.4","contact":{"name":"Cloud Security Developer Community"}},"security":[{"bearerAuth":[]}],"tags":[{"name":"Domain Status and Categorization"},{"name":"Domain Volume"},{"name":"Co-occurrences for a Domain"},{"name":"Passive DNS"},{"name":"Tagging Timeline"},{"name":"Subdomains for a Domain"},{"name":"Related Domains for a Domain"},{"name":"Security Information for a Domain"},{"name":"AS Information for a Domain"},{"name":"WHOIS Information for a Domain"},{"name":"Umbrella Popularity List-Top Million Domains"},{"name":"Search Domain"},{"name":"Cisco Secure Malware Analytics Integration"}],"x-parser-conf":{"overview":{"markdownPath":"investigate/investigate-explorer-overview.md"}},"openapi":"3.0.0","servers":[{"url":"https://investigate.api.umbrella.com"}],"securitySchemes":{"bearerAuth":{"type":"http","scheme":"bearer"}}},"spec":{"summary":"Get Security Score Information for Domain","operationId":"getSecurityName","tags":["Security Information for a Domain"],"description":"List multiple scores or security features for a domain. You can use the scores\nor security features to determine relevant datapoints and build insights on the reputation\nor security risk posed by the site. No one security information feature is conclusive.\nInstead, consider these features as part of your security research.","parameters":[{"name":"domain","in":"path","required":true,"description":"A domain name. For example, 'cisco.com'.","schema":{"type":"string"},"$$ref":"#/components/parameters/domainParam"}],"responses":{"200":{"description":"Everything worked as expected.","content":{"application/json":{"schema":{"type":"object","properties":{"dga_score":{"type":"number","description":"Domain Generation Algorithm. This score is generated based on the likeliness\nof the domain name being generated by an algorithm\nrather than a human. This algorithm is designed to identify domains which\nhave been created using an automated randomization\nstrategy, which is a common evasion technique in malware kits or botnets.\nThis score ranges from -100 (suspicious) to 0 (benign)."},"perplexity":{"type":"number","description":"A second score on the likeliness of the name to be algorithmically\ngenerated, on a scale from 0 to 100. This score is to be used in conjunction with DGA."},"entropy":{"type":"number","description":"The number of bits required to encode the domain name, as a score. This score is to be used in conjunction with DGA and Perplexity."},"securerank2":{"type":"number","description":"Suspicious rank for a domain that reviews based on the lookup behavior\nof client IP for the domain.\nSecurerank is designed to identify hostnames requested by known infected\nclients but never requested by clean clients,\nassuming these domains are more likely to be bad.\nScores returned range from -100 (suspicious) to 100 (benign)."},"pagerank":{"type":"number","description":"Popularity according to Google's pagerank algorithm."},"asn_score":{"type":"number","description":"ASN reputation score, ranges from -100 to 0 with -100 being very suspicious."},"prefix_score":{"type":"number","description":"Prefix ranks domains given their IP prefixes\n(an IP prefix is the first three octets in an IP address)\nand the reputation score of these prefixes. Ranges from -100 to 0, -100 being\nvery suspicious."},"rip_score":{"type":"number","description":"RIP ranks domains given their IP addresses and the reputation score\nof these IP addresses. Ranges from -100 to 0, -100 being very suspicious."},"popularity":{"type":"number","description":"The number of unique client IPs visiting this site, relative to the all\nrequests to all sites. A score of how many different client/unique IPs go\nto this domain compared to others."},"geodiversity":{"type":"array","items":{"type":"number"},"description":"A score representing the number of queries from clients visiting the domain, broken down by country. Score is a non-normalized ratio between 0 and 1."},"geodiversity_normalized":{"type":"array","items":{"type":"number"},"description":"A score representing the amount of queries for clients visiting the domain, broken down by country. Score is a normalized ratio between 0 and 1."},"tld_geodiversity":{"type":"array","items":{"type":"number"},"description":"A score that represents the TLD country code geodiversity as a percentage\nof clients visiting the domain.\nOccurs most often with domains that have a ccTLD. Score is normalized ratio\nbetween 0 and 1."},"geoscore":{"type":"number","description":"A score that represents how far the different physical locations serving this name\nare from each other."},"ks_test":{"type":"number","description":"Kolmogorov-Smirnov test on geodiversity. 0 means that the client traffic matches\nwhat is expected for this TLD."},"attack":{"type":"string","description":"The name of any known attacks associated with this domain.\nReturns blank if no known threat associated with domain."},"threat_type":{"type":"string","description":"The type of the known attack, such as botnet or APT. Returns blank if no known\nthreat associated with domain."},"found":{"type":"boolean","description":"Returns true if results available. Returns blank if no known threat associated\nwith domain."}}},"example":{"dga_score":38.301771886101335,"perplexity":0.4540313302593146,"entropy":2.5216406363433186,"securerank2":-1.3135141095601992,"pagerank":0.0262532,"asn_score":-29.75810625887133,"prefix_score":-64.9070502788884,"rip_score":-75.64720536038982,"popularity":25.335450495507196,"geodiversity":[0.24074075,0.018518519],"geodiversity_normalized":[0.3761535390278368,0.0005015965168831449],"tld_geodiversity":[0],"geoscore":0,"ks_test":0,"attack":"","threat_type":"","found":true}}}},"400":{"description":"Invalid request","content":{"application/json":{"schema":{"type":"object","properties":{"message":{"type":"string"}}}}},"$$ref":"#/components/responses/400Error"},"401":{"description":"Unauthorized request","content":{"application/json":{"schema":{"type":"object","properties":{"message":{"type":"string"}}}}},"$$ref":"#/components/responses/401Error"},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"type":"object","properties":{"message":{"type":"string"}}}}},"$$ref":"#/components/responses/403Error"},"404":{"description":"Not Found","content":{"application/json":{"schema":{"type":"object","properties":{"message":{"type":"string"}}}}},"$$ref":"#/components/responses/404Error"},"500":{"description":"Server error","content":{"application/json":{"schema":{"type":"object","properties":{"message":{"type":"string"}}}}},"$$ref":"#/components/responses/500Error"}},"__originalOperationId":"getSecurityName","security":[{"bearerAuth":[]}],"method":"get","path":"/security/name/{domain}"}}