- 16 May 2023
- 1 Minute to read
- Print
- DarkLight
Establish the domain density of a specific record/element
- Updated on 16 May 2023
- 1 Minute to read
- Print
- DarkLight
Domain density refers to the number of unique domain names associated with an individual element of a network (DNS record, IPv4/IP46 address, ASN etc.)
Threat actors often use a large number of domain names to carry out their attacks. Accordingly, a high domain density can sometimes be used as an indicator of malicious activity. By analyzing domain density, security teams can identify these patterns and take appropriate action.
Navigate to
Advanced Query Builder > PADNS Queries > PADNS density lookup
Specify a
query type
from the list of available elements:- Namserver
- MX server
- Nameserver hash
- MX hash
- IPv4 address
- IPv6 address
- ASN
Enter a
query value
Select a
scope
forexact
ornear match
results by query type- IPv4 query:
IP
- exact match (default when qtype=ipv4)subnet
- summary of subnet for ipv4subnet_ips
- density for all ips in subnetasn
- summary of asn for ipv4asn_subnets
- summary for all subnets in asn -
- ASN query:
asn
- summary of asn (default when qtype=asn)asn_subnets
- summary for all subnets in asn
- NSSRV or MXSRV query:
host
- exact match (default when qtype=nssrv or qtype=mxsrv)domain
- match all hosts in this domain (domain extracted from {query})subdomain
- match all hosts at this subdomain level (i.e. *.{query})
- IPv4 query:
Click
Search
Saving queries
Organizational users are able to save individual queries ran from Advanced Query Builder
, and store them in the Private Queries
menu for future analysis, or to share with their organization.
Specify the query parameters
Click
Save Query
Give your query a
Name
Specify a
Description
to add more contextClick
Save