Answer:
What makes the subdomain information in Iris Detect valuable?
Subdomains can often tell an important story about how the domain is intended to be used. They can signal things such as:
– TTPs. A subdomain such as “login.” or “secure.” suggests that a credential harvesting campaign may be in the works.
– Stage of development. The presence of non-default subdomains suggests that the controlling entity is staging the domain. Some common defaults you will see are “www.”, “webdisk.”, and “cpanel.”
– Connection patterns. A unique pattern of subdomains can be used as a search query in the pDNS panel of Iris Investigate to find other domains that may be under the same entity’s control.
Good to know: subdomains are populated on-demand when you click the Subdomains panel. They are not pre-loaded.
Still need help?
Contact Support
Support Categories
- Registrant Monitor
- Iris Enrich
- Iris Detect
- Farsight Security Acquisition
- Domain Risk Score
- PhishEye
- Iris Investigate
- Acquiring Domains
- Internet Fundamentals
- Dropping Names
- Screenshot History
- Reverse IP
- Domain Suggestions
- Reverse Whois
- Membership FAQ
- Domain Monitor
- DNS Tools
- Name Server Monitor
- Domain Report
- Whois
- Whois History
- Domain Search
- IP Monitor
- Hosting History
- Brand Monitor
- General Support
- Reverse Name Server
