Establish the number of IP addresses a domain/URL has pointed to

  • Updated on May 2, 2023
  • Published on Mar 4, 2023
  • 1 minute(s) read
Prev Next

Malicious actors often use tactics such as fast-flux or domain generation algorithms (DGA) to evade detection.

By rapidly changing the IP addresses associated with a domain or URL, malicious actors can evade detection and obfuscate their activites across different infrastructure.

Our IP Diversity query displays a list of IP addresses that a domain or URL has pointed to over a period of time, allowing organizations to quickly ascertain risk levels and make an objective judgement on the likelihood of a domain/URL being associated with malicious activity.

  1. Navigate to Explore DNS Data > IP Diversity of Domain

  2. Specify a Domain

  3. (Optional) Select the type of record to output (A/AAAA)

  4. (Optional) Specify a Period to search within

  5. Click Search

Monitoring IP diversity data

You can monitor results populated on the Explore screen for any changes, saving you time and resources by automating key queries across a range of internal workflows.

Monitors run once every 24 hours. You'll be alerted when Silent Push detects new results via email (filtering/sorting options are not applied)

  1. Once you've received a set of results, click the Monitor button on the top right

  2. Specify a Monitor name

  3. Enter a Description

  4. Click Save

  5. Your monitored query is now visible in Monitors > Monitored Queries

  6. Read this article for information on how to share a monitor