Threat actors often use specific infrastructure or servers to host and distribute malware or engage in other malicious activities.
By scanning for domains hosted on specific nameservers or mailservers, security teams can identify domains that may be associated with the same infrastructure or threat groups.
Nameservers and mailservers are two key components of a public DNS presence that dictate the flow of web and email traffic to and from clients and servers, and are, as such, particularly important in the formation of a robust set of cyber defense mechanisms.
To scan nameservers and mail servers for a list of domains hosted:
-
Navigate to
Explore DNS Data > Domains Hosted on Server -
Enter the server's
domain name -
Select the
Server Type(NS or mail server) -
(Optional) Specify the time frame when the record was
first seen -
(Optional) Set the time frame when the record was
last seen -
(Optional) Tick
Last 24 Hoursto only show records first observed in the last 24 hours -
Specify a
Sort Orderthat applies itself to outputted results -
Click
Search
Monitoring domain hosting data
You can monitor results populated on the Explore screen for any changes, saving you time and resources by automating key queries across a range of internal workflows.
Monitors run once every 24 hours. You'll be alerted when Silent Push detects new results via email (filtering/sorting options are not applied)
-
Once you've received a set of results, click the
Monitorbutton on the top right -
Specify a
Monitor name -
Enter a
Description -
Click
Save -
Your monitored query is now visible in
Monitors > Monitored Queries -
Read this article for information on how to share a monitor