LOGIN REGISTER
open_in_full
  • home
    • Dashboard
    API Docs User Guide
    Overview
    Introduction
    Dashboard
    Core Search
    Additional Functionality
    Lookalikes
    Bulk Analyze
    Threat Actor Profiles
    Live Scanning
    Miscellaneous
    Frequently Asked Questions
    Support and Contact

    Understanding the different tabs

    OSINT

    The OSINT tab shows all the OSINT sources that Validin is publicly allowed to display (for licensing reasons), that a domain or IP address has even been observed on. We collect different OSINT sources (popularity lists, block lists, malware collections, etc.) with different frequencies, depending on how often they are updated.

    OSINT Tab

    The OSINT tab includes any OSINT observations and links to the sources.

    Resolutions

    The Resolutions tab shows A, AAAA, and NS records for a domain name, and A and AAAA answer histories (the domains that used the given IP as an answer) for IP addresses. For domain names, if any of the queries to A, AAAA, or NS returned NXDomain (“NX”) instead of “no answer,” the resolutions page will show “NX” history.

    Resolutions Tab

    The Resolutions Tab includes A, AAAA, and NS records for a domain/IP

    Subdomains

    The Subdomains tab enumerates all subdomains tracked by Validin for a domain at any depth except for ETLD (effective top-level domain). Note that a domain does not need to resolve, or to have ever resolved, for Validin to track it.

    Subdomains Tab

    The Subdomains Tab enumerates any observed subdomains for a domain

    DNS Records

    The DNS Records tab shows the SOA, TXT, MX, SRV, HTTPS, CAA, and CNAME record history for a domain. Each of these records has at least one reverse-indexed field to enable searching for other domains that use the same full or partial answer. If the given domain or IP is an answer for the search key, those associations will be displayed in this tab as well.

    DNS Records Tab

    The DNS Records Tab enumerates all additional DNS records for a domain/IP

    Host Connections

    The Host Connections tab shows domains and IPs that are associated with each other through non-DNS means:

    • HTTP headers
    • HTTPS certificates
    • JavaScript links
    • CSS links
    • Link tags
    • Iframes

    Host Connections Tab

    The Host Connections Tab finds all pivotable associations extracted from the host responses for a domain/IP/hash/string

    Host Responses

    Validin periodically queries the home page (“/”) of every domain name in our database that resolves to an IPv4 address and records the answer. Additionally, Validin periodically attempts HTTP and HTTPS requests to every routable IPv4 address and records the responses of successful connections. These answers are shown in the Host Responses tab.

    Host Responses Tab

    The Host Responses Tab shows all the host responses that had the searched key as a pivotable field

    The Host Response Table Summarizes:

    • The day of the response (exact time for enterprise users)
    • The port used to make the connection
    • The host header and IP address to which the response was made
    • The HTTP response line
    • The number of bytes processed from the server
    • The title tag parsed from the HTML, if any

    Host Response Table Slideout

    Clicking anywhere in the row will open a slide-out with additional details about the response

    Clicking anywhere in the row will open a slide-out with additional details about the response:

    • Response banner - the entire HTTP header/response. The following headers within the banner are also pivotable:
      • Response Line
      • Location
      • Server
      • ETag
      • Google Tag Manager ID
    • Certificate details (HTTPS requests only), including:
      • Fingerprint
      • Issuer
      • Valid dates
      • Certificate domains
    • HTTP External links from HTML content, including:
      • Links from <meta> tags
      • Links from <link> tags
      • Links from <script> tags
      • Links from <a> tags
      • Links from <iframe> tags
    • Meta tags extracted from the HTML
    • HTML Title
    • JARM Fingerprints
    • Various Header, CSS Classes, and HTML hashes

    Any pivotable fields in these responses will show up as links. Clicking the link will find any other domains or IPs that had the same feature value (e.g., certificate fingerprint) in one of its responses.

    CT Stream

    The CT Stream tab shows certificates observed in the Certificate Transparency Pre-cert log. Clicking on the fingerprint ID of the certificate opens a slide-out that summarizes key certificate features, like other domains in the certificate, valid dates, and the issuer.

    CT Stream Tab

    The CT Stream tab shows all the certificates observed on the certificate transparency log with the search query as a pivotable field.

    Registration (Enterprise only)

    The Registration tab shows historic registration data that Validin collects in bulk. Validin defaults to RDAP for the TLDs that support it, and WHOIS for any other TLD. Validin collects registration data for any newly observed domain close to observation, and refreshes registration information every few months for the remainder of the domains in the Validin database.
    Similar to the Host Responses and CT Stream tabs, Validin summarizes relevant, pivotable details in the table, and shows you additional information when you click on the entire row. Clicking on the row will open a slideout with the following information:

    Registration Tab

    The Registration tab shows all the historical registration observations for a particular domain that Validin has collected.

    Reputation  |  Using the tables