- 02 May 2023
- 1 Minute to read
- Print
- DarkLight
Establish the number of IP addresses a domain/URL has pointed to
- Updated on 02 May 2023
- 1 Minute to read
- Print
- DarkLight
Malicious actors often use tactics such as fast-flux or domain generation algorithms (DGA) to evade detection.
By rapidly changing the IP addresses associated with a domain or URL, malicious actors can evade detection and obfuscate their activites across different infrastructure.
Our IP Diversity
query displays a list of IP addresses that a domain or URL has pointed to over a period of time, allowing organizations to quickly ascertain risk levels and make an objective judgement on the likelihood of a domain/URL being associated with malicious activity.
Navigate to
Explore DNS Data > IP Diversity of Domain
Specify a
Domain
(Optional) Select the
type of record
to output (A/AAAA)(Optional) Specify a
Period
to search withinClick
Search
Monitoring IP diversity data
You can monitor results populated on the Explore
screen for any changes, saving you time and resources by automating key queries across a range of internal workflows.
Monitors run once every 24 hours. You'll be alerted when Silent Push detects new results via email (filtering/sorting options are not applied)
Once you've received a set of results, click the
Monitor
button on the top rightSpecify a
Monitor name
Enter a
Description
Click
Save
Your monitored query is now visible in
Monitors > Monitored Queries
Read this article for information on how to share a monitor