Search for self-hosted domains

  • Updated on May 16, 2023
  • Published on Apr 12, 2023
  • 2 minute(s) read
Prev Next

Self-hosted domains are domains that are hosted on servers that are owned or controlled by the domain owner. When a domain is self-hosted, the domain owner has complete control over the hosting environment, including the software, hardware, and network configuration.

Self-hosted domains can be used by threat actors to carry out all manner of attacks. For example, an attacker may use a self-hosted domain to host phishing websites, distribute malware, or carry out other malicious activities.

Self-hosted domains are often difficult to detect, and aren't immediately obvious as a potential threat. Silent Push provides a facility to search for self-hosted domains, where the specified nameservers are in the queried domain and hosted on the same IP as the domain A record (where A records have been seen as active within the last 30 days).

  1. Navigate to Advanced Query Builder > PADNS Queries > Search Self-hosted Domains

  2. Specify a domain or wildcard pattern of domain names to search for

  3. Specify a regular expression match for a domain (must be valid re2 regular expression. This overrides the domain parameter

  4. Select with_metadata to include metadata in the response

  5. Specify an ASN in domain_asnum to choose an ASN of domain A records to search (may be repeated multiple time for additional AS numbers. Separate multiple values with semicolon)

  6. Specify an ASN in nssrv_asnum to choose an ASN of nameserver A records to search (may be repeated multiple time for additional AS numbers. Separate multiple values with semicolon)

  7. Choose to search for IP addresses in or not in the given AS numbers

  8. Use asname to search for domain and nameserver A records in all AS numbers where the AS name begins with specified value (may be repeated multiple time for additional AS names. Separate multiple values with semicolon)

  9. Use asname_starts_with to search for domain and name server A records in all AS numbers where the AS name begins with asname (may be repeated multiple time for additional AS names. Separate multiple values with semicolon)

  10. Use asname_contains to search for domain and nameserver A records in all AS numbers where the AS Name contains asname (may be repeated multiple time for additional AS names - separate multiple values with semicolon)

  11. Choose an option under asn_match to match AS numbers:

    1. Any: Any asnum given or derived from asname
    2. All: Timeline must contain all asnums given or derived from asname
    3. Limit: Apply min and/or max limits as specified by optional asn_match_min and asn_match_max

  12. Choose to limit the number of results to return

  13. Choose to skip a specified number of results

  14. Click Search

Saving queries

Organizational users are able to save individual queries ran from Advanced Query Builder, and store them in the Private Queries menu for future analysis, or to share with their organization.

  1. Specify the query parameters

  2. Click Save Query

  3. Give your query a Name

  4. Specify a Description to add more context

  5. Click Save