RiskScope

How RiskScope Scores Websites

Every risk score is produced by a deterministic, auditable algorithm. No black boxes. Here is exactly what we check, how we weight it, and what the result means.

Risk Score Scale

Every domain receives a score from 0 to 100. The score is the weighted sum of all detected signals, subject to multipliers and floor values described below.

Low Risk

0 – 20

No significant indicators of fraud detected. Exercise normal caution.

Medium Risk

21 – 40

Some concerning signals present. Verify independently before transacting.

High Risk

41 – 70

Multiple red flags detected. Strong caution advised.

Critical Risk

71 – 100

Confirmed or near-certain threat indicators. Avoid engagement.

Scoring Logic

Base calculation

Each detected signal has a severity from 0–10. The raw score is the sum of all signal severities, multiplied by any applicable weight multiplier.

raw_score = Σ (severity × weight_multiplier)

Weight multipliers

Certain signals are disproportionately strong indicators of malicious intent and receive a multiplier above 1×:

SignalSeverityMultiplierContribution
Listed in threat database945 pts
Very new domain (< 30 days)816 pts
No SSL certificate71.5×10.5 pts
All other signals0–9face value

Floor scores

Some signals are considered near-definitive evidence of malicious activity. When detected, the score cannot fall below a minimum floor regardless of other signals:

SignalMinimum score
Listed in threat database (URLhaus / PhishTank)85 / 100

Final score

final_score = min(100, max(floor_score, raw_score))

The 5 Signal Dimensions

Signals are grouped into five dimensions. Each dimension captures a different aspect of trustworthiness. A site can score poorly in one dimension while scoring well in others — the final score reflects the cumulative picture.

Identity

Does the operator identify themselves? Legitimate businesses have visible contact information, working social profiles, and transparent ownership. Missing or fake identity signals are a strong indicator of fraud.

  • No contact information on the page
  • No social media presence
  • Broken or placeholder social links

Technical

Technical properties of the domain and server. A recently registered domain, absent or invalid SSL certificate, or very sparse page content all correlate with scam operations.

  • Domain registered less than 30 days ago (severity 8)
  • Domain registered less than 6 months ago (severity 5)
  • No SSL certificate or expired certificate (severity 7)
  • Self-signed SSL certificate (severity 5)
  • Very little page content

Offer

What is being offered and how? Extreme discounts, unprotected payment methods, and absent refund policies are hallmarks of scam storefronts.

  • Discount claims of 50–99% off
  • Crypto-only, wire transfer, or cash-app-only payments
  • No refund or returns policy

Reputation

What do external sources and community reports say? A domain listed in a malware or phishing database is an immediate red flag. AI-generated or duplicated reviews signal manufactured credibility.

  • Listed in URLhaus, PhishTank, or other threat databases (severity 9, 5× weight multiplier)
  • AI-generated or duplicate review content detected
  • Template or fake testimonial patterns
  • Community-submitted fraud reports

Product Quality

For e-commerce sites: are products likely to match what is shown? Dropshipping indicators, stock photo product images, and misleading photo disclaimers signal a gap between expectation and delivery.

  • Dropshipping or AliExpress reselling indicators
  • Stock photo service images used for products
  • Long shipping times (14+ days)
  • Disclaimers that photos may not match actual products

14 Threat Intelligence Sources

RiskScope cross-references every domain against the following data sources before serving a result.

URLhaus

Malware distribution URLs (abuse.ch)

PhishTank

Community-verified phishing sites

SURBL

Spam and malware URI blocklist

Spamhaus DBL

Domain blocklist for spam and malware

Google Safe Browsing

Phishing and malware detection

VirusTotal

Aggregated antivirus and URL scanning

IPQualityScore

Fraud and phishing domain scoring

AbuseIPDB

IP address abuse reports

Emerging Threats (Proofpoint ET Open)

Network threat intelligence

OpenPhish

Real-time phishing URL feed

Malware Domain List

Known malware hosting domains

WHOIS / Domain Age

Domain registration date and registrar data

SSL Certificate Analysis

Certificate validity, issuer, and expiry

Community Reports

User-submitted fraud and scam reports

Limitations & Disclaimer

RiskScope provides a probabilistic risk assessment, not a legal verdict. A high score means the domain exhibits patterns associated with fraud — it does not guarantee fraud has occurred. A low score means no indicators were detected at the time of analysis — it does not guarantee safety.

Scores are based on automated signals and community reports. Data can be stale if a domain has not been re-analysed recently. Sites can contest their listing by contacting reachout@actvli.com.

The "Verified Legitimate" badge is granted manually by the RiskScope team after review. It indicates that the site has been assessed and found to be operating legitimately at the time of review.