In this article:
Question
How long is an IP asset attributed on a scorecard after being observed?
Answer
SecurityScorecard attributes assets for limited amount of time after it is observed. This limited amount of time is called time-to-live (TTL). The TTL is reset each time the attribution evidence for the asset is re-observed. Once the TTL is reached, assets are automatically dropped from the attributed scorecard. The TTL is advancing together with the effective date (a.k.a. scoring date, platform date). The effective date is usually 72hours behind the current date. If the assets is attributed via multiple detection methods, the applied TTL is the longest.
Please find below information related to time-to-live for the assets based upon their attribution method.
Detection method | Time-to-live (TTL) |
DNS records for subdomains related to the examined domain and IP address, and the timestamp of the sighting |
24hours |
Port Scan SecurityScorecard's Cloud Scanner |
24hours |
SSL Certificate related to the examined domain and IP address, and the timestamp of the certificate sighting |
45 days |
User contributed | no TTL. It will only drop if it is requested. |
Third-party | 45 days |
WHOIS APNIC (Regional Internet Registry administering IP addresses for the Asia Pacific) ARIN (American Registry for Internet Numbers) IRINN (Islamic Republic of Iran News Network) KRNIC (Korea Network Information Center) LACNIC (Regional Internet registry for the Latin American and Caribbean regions) RADB (The Internet Routing Registry) RIPENCC (Réseaux IP Européens Network Coordination Centre, ) |
2 days |