Establish the domain density of a specific record/element
- 16 May 2023
- 1 Minute to read
- Print
- DarkLight
Establish the domain density of a specific record/element
- Updated on 16 May 2023
- 1 Minute to read
- Print
- DarkLight
Article summary
Did you find this summary helpful?
Thank you for your feedback
Domain density refers to the number of unique domain names associated with an individual element of a network (DNS record, IPv4/IP46 address, ASN etc.)
Threat actors often use a large number of domain names to carry out their attacks. Accordingly, a high domain density can sometimes be used as an indicator of malicious activity. By analyzing domain density, security teams can identify these patterns and take appropriate action.
Navigate to
Advanced Query Builder > PADNS Queries > PADNS density lookupSpecify a
query typefrom the list of available elements:- Namserver
- MX server
- Nameserver hash
- MX hash
- IPv4 address
- IPv6 address
- ASN
Enter a
query valueSelect a
scopeforexactornear matchresults by query type- IPv4 query:
IP- exact match (default when qtype=ipv4)subnet- summary of subnet for ipv4subnet_ips- density for all ips in subnetasn- summary of asn for ipv4asn_subnets- summary for all subnets in asn -
- ASN query:
asn- summary of asn (default when qtype=asn)asn_subnets- summary for all subnets in asn
- NSSRV or MXSRV query:
host- exact match (default when qtype=nssrv or qtype=mxsrv)domain- match all hosts in this domain (domain extracted from {query})subdomain- match all hosts at this subdomain level (i.e. *.{query})
- IPv4 query:
Click
Search
Saving queries
Organizational users are able to save individual queries ran from Advanced Query Builder, and store them in the Private Queries menu for future analysis, or to share with their organization.
Specify the query parameters
Click
Save QueryGive your query a
NameSpecify a
Descriptionto add more contextClick
Save
Was this article helpful?