Analyze Domain-to-IP and ASN Relationships

New
  • Published on Aug 15, 2025
  • 1 minute(s) read
Prev Next

Silent Push enables security teams to analyze domain-to-IP and Autonomous System Number (ASN) relationships to identify attacker infrastructure, track malicious patterns like domain generation algorithms (DGAs) or fast-flux techniques, and assess IP diversity. These tools help uncover networks hosting domains, detect suspicious activity, and prioritize threat investigations.

Get ASNs for a Domain (Last 30 Days)

To retrieve a list of ASNs associated with A records for a domain (including subdomains) within the last 30 days:

  1. Navigate to Advanced Query Builder > PADNS Queries > ASNs seen for domain.

  2. Specify a domain.

  3. Choose result_format to return an ASN list only or detailed information.

  4. Click Search.

Use Case: Identify hosting networks, track threat actor behavior, or detect DGAs and fast-flux techniques.

Get IP Diversity for a Domain

IP diversity measures the number of unique IP addresses (A/AAAA records) associated with a domain. A low score may indicate malicious infrastructure, while a high score could suggest legitimate networks or CDNs.

  1. Navigate to Advanced Query Builder > PADNS Queries > IP diversity lookup.

  2. Select query type: A or AAAA.

  3. Specify the record’s name in query.

  4. Use window to filter records with a “last_seen” within a specified number of days.

  5. Select timeline to include details of IPs, ASNs, first_seen, and last_seen.

  6. Choose a scope:

    1. For A records: host (exact match, default), domain (all hosts in domain), subdomain (all hosts at subdomain level, e.g., *.{query}), live (live data, exact match).

    2. For AAAA records: live only.

  7. Click Search.

Use Case: Detect malicious networks (low diversity) or legitimate CDNs (high diversity).

Search for Patterns in IP Diversity

Search for patterns in IP diversity data to identify malicious infrastructure with optional nameserver and domain pattern matching.

  1. Navigate to Advanced Query Builder > PADNS Queries > Search IP Diversity Patterns.

  2. Specify:

    1. Nameserver name or wildcard pattern.

    2. Domain name or wildcard pattern (or use a regular expression to override).

    3. MX server name or wildcard pattern.

    4. ASN diversity (min/max levels), IP diversity (all or groups, min/max levels).

    5. Timestamps: first_seen_min/max, last_seen_min/max (with strict or any modes).

    6. ASN filters: as_num, asname, asname_starts_with, asname_contains, with asn_match options (Any, All, Limit with min/max).

    7. Additional networks and netmasks.

    8. Registrar, email, WHOIS creation date, nameserver changes, or SSL certificate details (issuer, date).

  3. Select timeline for detailed IP/ASN data or with_metadata for additional context.

  4. Set result limits or skip results.

  5. Click Search.

Use Case: Pinpoint attack vectors by identifying patterns in IP usage or ASN associations.

Save Queries

Organizational users can save queries for future use or sharing.

  1. Specify query parameters.

  2. Click Save Query.

  3. Provide a Name and Description for context.

  4. Click Save. The query appears in Private Queries.