Validin introduced Dashboard Feeds (Threat Indicator Feed and Project Updates Feed) and daily PTR (reverse DNS) record scanning across IPv4 to improve analyst workflows and DNS visibility. These updates help surface newly reported IOCs, consolidate project activity, and capture short-lived PTR changes such as the rotation observed for 91.247.36[.]102 and free.friendhosting[.]net. #91.247.36.102 #free.friendhosting.net
Keypoints
- Validin launched Dashboard Feeds to show newly reported threat indicators and project updates directly on the homepage for quicker analyst triage.
- The Threat Indicator Feed surfaces recent IOCs tied to threat groups and provides quick links to indicator and group profiles for investigation.
- The Project Updates Feed consolidates project activity, showing which project changed, what changed, who made the change, and when.
- Validin added daily PTR (reverse DNS) scanning across the IPv4 space in addition to existing A, AAAA, and NS scans.
- PTR records map IPs to domain names and can reveal hosting providers, infrastructure clusters, or adversary naming conventions useful for CTI.
- Daily PTR scanning captures short-lived reverse DNS entries that less frequent scanning might miss, improving detection of OPSEC mistakes.
- An example highlighted: IP 91.247.36[.]102 cycles PTR records including a brief appearance of free.friendhosting[.]net, captured after daily scanning began.
Read more: https://www.validin.com/blog/dashboard_feeds_daily_ptr/