How TrustScore is calculated
Every signal we use, the weight we give it, and the source it comes from. We publish this so you can judge our scores critically.
The model
Every domain starts at 100 / 100. We then subtract weighted penalties for each risk signal we detect. The final score maps to one of three risk bands:
- 80–100 · Looks SafeNo major risk signals detected.
- 50–79 · Use CautionSome risk signals — verify before sharing info.
- 0–49 · High RiskMultiple or strong risk signals detected.
We also publish a confidence score with every TrustScore. It reflects how many of our signals returned real data versus "unknown" for the domain. Low confidence means we couldn't gather much — treat the result as preliminary.
Signals and weights
We don't penalize signals we couldn't measure — "unknown" is never treated as bad.
Domain age
−10 to −30 pointsDomain Identity · Source: Public WHOIS recordsNewly registered domains (under 1 year, especially under 30 days) are statistically more likely to host short-lived scams. Brand-new domains lose the most points.
WHOIS hidden
−10 pointsDomain Identity · Source: Public WHOIS recordsMany legitimate sites also hide WHOIS for privacy, so this is a small penalty — only meaningful in combination with other signals.
No HTTPS
−40 pointsConnection Security · Source: Direct request to the URLA site that does not use HTTPS cannot encrypt anything you submit. This is a structural problem regardless of intent.
Listed in a known threat database
−50 pointsReputation · Source: Google Safe Browsing APIThe domain has been independently flagged by Google Safe Browsing for malware, phishing, or unwanted software at the time of the scan.
AI content patterns (high)
−25 pointsContent · Source: Google Gemini, on extracted page textAn LLM detected strong scam patterns in the page text — typically high-pressure urgency, fake giveaways, gift-card payment requests, or impersonation language.
AI content patterns (medium)
−15 pointsContent · Source: Google Gemini, on extracted page textSome suspicious patterns were detected, but not enough to be confident. Treated as a caution signal, not a strong indicator.
Brand impersonation
−30 pointsBrand Spoofing · Source: Lexical match against ~80 commonly impersonated brandsThe domain name closely resembles a well-known brand (e.g. paypa1.com, amaz0n-support.net). False positives are possible for legitimate resellers — disputes are reviewed.
Very low traffic / popularity
−10 points (only when known)Traffic · Source: Public ranking estimate; skipped when unknownBrand-new sites with no traffic at all is one weak indicator. We never penalize a site simply for being unknown to us.
User reports
−5 each, capped at −30Community · Source: Verified reports submitted by signed-in TrustLayer usersSigned-in users can report a site (with reason). Reports are weighted but capped — the score cannot collapse from reports alone.
What a TrustScore does NOT mean
- A high TrustScore does NOT mean "this site is verified safe."
It means our automated checks didn't surface obvious risk signals at the time of the scan. Sophisticated scams, breached accounts, and fresh phishing pages can still pass automated checks. Always use your own judgment.
- A low TrustScore does NOT mean "this is provably a scam."
It is an automated risk opinion based on weighted public signals. Legitimate businesses can score low for benign reasons — new launch, hidden WHOIS, low traffic, or a redesigned policy that triggers our content checks. If you believe a score is wrong, file a dispute and we will review it.
- TrustScores are not legal, financial, or investment advice.
We do not vet ownership, investigate fraud, or verify business registration. Treat TrustScores as one input among many — alongside your own due diligence, established review platforms, and qualified professional advice for any decision with legal or financial consequences.
- Scores reflect a moment in time, not the company.
Domains change owners. Sites get redesigned. Policies are rewritten. A score from last week may not match today's site. The Methodology, our scanner, and the dispute process are designed around this — but you should still treat scores as fresh signals, not permanent labels.
Disagree with a score? Dispute it.
Anyone can submit a dispute on a domain's score or policy analysis. Verified disputes are reviewed by our team, the score is hidden from public share pages while the review is in progress, and every decision is logged in our public corrections feed.
How fact-check assessments work
The Article Fact Checker takes the text you paste and asks an AI model to assess its credibility against publicly available sources. Every assessment is a hedged, opinion-based signal — never a declarative verdict.
Signals we use
- Per-claim source matching (supporting, contradicting, or context).
- Manipulation patterns: clickbait, emotional language, anonymous sourcing, missing dates, fabricated-quote indicators, AI-generated text patterns.
- References in the text to doctored or edited media (text-only — we do not analyze images or video).
- The AI's own confidence score, lowered when public sources are sparse.
What we explicitly do NOT do
- Verify image or video authenticity (no deepfake detection).
- Render verdicts on opinion pieces, op-eds, or satire.
- Render verdicts on claims about identifiable private individuals.
- Score the credibility of named journalists or public figures.
- Replace primary sources, qualified journalism, or expert analysis.
Fact-check verdicts use four hedged labels — Likely Credible, Mixed Signals, Likely Misleading, and Unverifiable. We never use absolutes like "False" or "Fake News". If you believe a fact-check assessment is wrong, file a dispute from the report and we will review it.
Last updated for the deterministic TrustScore engine in production. Material changes to weights or signals are versioned in our changelog.