By analyzing the frequency of nameserver resolutions to a particular domain, security teams can identify patterns of behavior that may indicate malicious activity.
For example, if a domain is being resolved to a particular nameserver with an unusually high frequency, it may be an indication that the nameserver is being used to host multiple malicious domains or to distribute malware.
If multiple domains are being resolved to the same nameserver with a high frequency, it may be an indication that the nameserver is being used to host a network of malicious domains.
Security teams can monitor nameserver resolutions and analyzing patterns and connections to better understand the tactics and infrastructure used by malicious actors, and take proactive steps to mitigate potential threats.
-
Navigate to
Advanced Query Builder > Xperimental Queries > PADNS Probestatus -
Specify a
domain -
(Optional) Specify a
results_formatto return aggregated or individual records -
Click
Search
Saving queries
Organizational users are able to save individual queries ran from Advanced Query Builder, and store them in the Private Queries menu for future analysis, or to share with their organization.
-
Specify the query parameters
-
Click
Save Query -
Give your query a
Name -
Specify a
Descriptionto add more context -
Click
Save