AVA  /  Blog  /  Reading a trust score
Use the AVA check tool

Reading a trust score

22 Apr 2026 · AVA Team

Every AVA check produces a trust score between 0 and 100. The score is accompanied by a trust band (trusted, caution, untrusted) and a category-level breakdown of what drove the number. This post walks through each of those pieces.

The score itself

Think of the trust score like a credit score: higher is better, and the number is the compressed form of a lot of individual signals. We publish the score, not the weights, for the same reason a bank doesn't publish its underwriting model. The number is the answer; the model is how we arrive at it.

The trust band

The colour you see is the actionable shorthand. A green "trusted" band above 80 means AVA has run its checks and found nothing to flag. Yellow "caution" between 50 and 79 means we surfaced concerns you should read before acting. Red "untrusted" below 50 means we have positive evidence of risk, not just absence of evidence of safety.

A common mistake is to read a trust score above 80 as a guarantee. It isn't. A brand-new phishing site that hasn't yet been reported by anyone will often score in the 60s or 70s on first check because we have no community data and the domain alone isn't a red flag. When the first community report lands, the score moves. Always pair a score with the analysis summary we publish alongside it.

The "why this score" panel

On every permalink page, you'll see a panel called "Why this score". It lists the categories that contributed to the verdict: Infrastructure, Threat Intelligence, Social, Blockchain, Community Reports, and so on. Each row has a qualitative label (major concern, moderate concern, minor concern) and a count of contributing signals.

We deliberately don't show you the raw weights, the thresholds, or the names of the vendors behind each check. This isn't obstruction: exposing those would let bad actors calibrate their operations to our rule set. The category-level explanation is enough to make a decision; the under-the-hood detail is the moat.

Related entities

If AVA has checked entities that share infrastructure with this one, a small panel surfaces the count: "3 other entities on the same nameserver", for example. For paying customers, we surface the list. For public viewers, the count alone is a useful signal. A freshly flagged phishing domain that shares an IP with twenty other recently-registered domains is almost certainly a serial operator, and you now know enough to steer clear of every domain in that cluster.

Community reports

The last panel is the community count. If other AVA users have reported the same entity via our cross-platform report feature, you'll see that number too. High community counts on an entity with an otherwise clean score is the single most useful leading indicator we have.

Shareable pages

Every verdict has a permalink: /check/domain/example.com, /check/wallet/0x..., /check/social/x/handle, /check/ip/.... Share the link and the recipient sees the same verdict, the same trust band, the same "why" panel. No login required. No paywall.

If our verdict feels wrong for an entity you represent, our notice-and-takedown procedure is the path.

← Back to the blog

Back to AVA · Recent checks · Community