Domains

Domains Section

When you click on Domains from the left sidebar, the system opens a dedicated page showing all information about the selected domain. Let’s go through each part step by step:

1. Domain Information

  • Domain Name → The registered domain, e.g. example.com.

  • IP Address → All IPs associated with this domain (e.g. 104.18.16.64, 104.18.17.64).

  • Organization → Hosting/ownership company (e.g. Cloudflare, Inc.).

  • Creation Date → When the domain was first created (e.g. 2005-01-16).

  • First Seen → The first time AttackMetricx detected it (e.g. 2025-01-14).

  • Expiry Date → When the domain registration will expire (e.g. 2026-01-16).

2. Related Entities

This section displays the number of entities directly tied to the main domain, such as subdomains, MX records, or mail servers. It helps visualize how the primary domain is connected to other assets in the infrastructure.

📌 Example (example.com):

If the number 1 appears, it means there is one direct entity related to example.com. When you click the number, a visual map opens, placing example.com in the center with the related entity branching out.

Inside Related Entities View

Once you click the number, the system opens a dedicated view for that entity with detailed metrics:

🔹 Security Rating

A percentage gauge showing the overall security health.

Example: example.com has 93%, meaning the security posture is strong but not perfect.

🔹 Overall Exposure

A severity bar ranging from Low up to Known Exploited.

Example: example.com is marked Low, which indicates no critical threats are active.

🔹 Breakdown of Findings

  • Impersonating: Number of fake or copycat domains detected trying to impersonate example.com.

  • Expired Certificate: How many SSL/TLS certificates are expired. example.com has none.

  • Vulnerabilities: Detected weaknesses such as missing headers, weak TLS, or CVEs in tech stack.

  • Dormant: Inactive assets still exposed publicly, like unused subdomains.

🔹 Details Section

  • IP Address: The resolved IP, e.g., 104.18.16.64.

  • Country Code: Geolocation of the IP, e.g., PS.

  • Name Server: The DNS servers managing the domain, e.g., drew.ns.cloudflare.com, anna.ns.cloudflare.com.

  • PTR Record: Reverse DNS pointer record. If not available → N/A.

  • Web Server: The backend technology, e.g., Apache If not available → N/A..

  • Phone Number: If available. Otherwise → N/A.

  • Email Address: If detected. Otherwise → N/A.

3. Email Exposure

This section displays the email security controls configured for the scanned domain. It highlights whether protections against spoofing and phishing are in place.

  • SPF (Sender Policy Framework) → Shows if the domain has an SPF record to restrict which mail servers are allowed to send emails on behalf of the domain.

  • DMARC (Domain-based Message Authentication, Reporting & Conformance) → Indicates if DMARC is enabled to enforce policies (e.g., reject or quarantine) when emails fail SPF or DKIM checks.

For example, on example.com:

  • SPF: Enabled (only authorized servers can send emails).

  • DMARC: Enabled (unauthorized or spoofed emails will be rejected).

There is also a button “Send Spoofed Email” that allows testing whether spoofing protections are working correctly.

4. Global Map

This section shows a world map highlighting the geolocation of assets connected to the scanned domain. Each blue dot represents an IP address, server, or service associated with the domain’s infrastructure.

It helps the security team visualize the global distribution of their attack surface. For example, the map for example.com may show assets hosted in:

  • 🇵🇸 Palestine (local infrastructure)

  • 🇺🇸 United States (Cloudflare servers)

5. DNS Records

This section provides a detailed breakdown of DNS configurations tied to the selected domain. Each tab shows different types of DNS records, helping security teams understand the infrastructure and detect misconfigurations or risks.

A Records

  • Shows IPv4 addresses linked to the domain.

  • The table includes:

    • Domain → The domain name.

    • IP → The associated IPv4 address.

    • Organization → The hosting/owning organization of the IP.

    • First Seen → The date this record was first detected.

AAAA Records

  • Shows IPv6 addresses associated with the domain.

  • The table includes:

    • Domain → The domain name.

    • AAAA → The associated IPv6 address.

    • Organization → The owning organization (if available, otherwise N/A).

    • First Seen → The date this record was first detected.

DNS History

  • Displays historical DNS records for the domain.

  • Useful for tracking changes in IP assignments over time.

  • The table includes:

    • Domain → The domain name.

    • Record → The previous IP or hostname.

    • Type → Type of DNS record (e.g., A, AAAA).

    • Organization → The entity associated with that record.

    • First Seen → The first date this historical record was observed.

MX Records

  • Displays Mail Exchange (MX) servers responsible for handling email traffic.

  • Helps identify email routing and possible risks from third-party mail providers.

  • The table includes:

    • Domain → The domain name.

    • Hostname → The mail server hostname.

    • Organization → The hosting/owning entity.

    • First Seen → When the MX record was first detected.

SPF Records

  • Shows Sender Policy Framework (SPF) rules used to prevent email spoofing.

  • The table includes:

    • Domain → The domain name.

    • Status → Whether SPF is enabled or disabled.

    • Record → The SPF configuration string (e.g., allowed IPs or includes).

DMARC Records

  • Displays DMARC (Domain-based Message Authentication, Reporting & Conformance) records.

  • Used to enforce email authentication and reporting policies.

  • The table includes:

    • Domain → The domain name.

    • Status → Enabled/Disabled.

    • V → DMARC version.

    • P → Policy (e.g., reject, quarantine, none).

    • PCT → Percentage of emails the policy applies to.

    • RUA / RUF → Reporting addresses for aggregate and forensic reports.

    • FO → Failure reporting options.

NS Records

  • Shows Name Servers (NS) that are authoritative for the domain.

  • The table includes:

    • Domain → The domain name.

    • Name Server → The authoritative DNS servers.

    • Organization → The hosting/owning entity.

    • First Seen → Date when the system first detected the NS record.

8SOA Records

  • Displays the Start of Authority (SOA) record, which defines the authoritative information about the domain.

  • The table includes:

    • Domain → The domain name.

    • Email → Administrative contact for the domain.

    • TTL → Time to Live for the record.

    • First Seen → Date when the record was first observed.

TXT Records

  • Shows Text (TXT) records, which often include SPF entries, verification tokens, or other metadata.

  • The table includes:

    • Domain → The domain name.

    • Value → The content of the TXT record (e.g., SPF, DKIM, verification codes).

    • First Seen → The date the record was first detected.

WHOIS Records

  • Displays WHOIS registration details for the domain.

  • Provides ownership and administrative data.

  • The table includes:

    • Domain → The domain name.

    • Expiry Date → When the domain registration will expire.

    • Data → Includes registry information such as:

      • Domain Name, Registry ID, WHOIS Server

      • Registrar details (name, country, contact information)

      • Creation Date, Updated Date, Expiration Date

📌 Includes a “View More” button to expand and show the full WHOIS dataset.

6. Digital Footprint Map

This section provides a visual network map of all DNS records and related infrastructure connected to the selected domain. It helps security teams quickly understand the relationships between assets and identify potential risks.

The map can be navigated and adjusted using the control options at the top.

1. Zoom In

  • Allows the user to zoom closer into the digital footprint map.

  • Helps focus on specific nodes, such as a single DNS record or mail server.

2. Zoom Out

  • Allows the user to zoom out to see the entire infrastructure graph at once.

  • Useful when analyzing how multiple assets are connected.

3. Fit

  • Automatically adjusts the map view to fit all nodes within the visible screen.

  • Ensures no part of the network structure is hidden outside the viewport.

4. Export

  • Exports the entire footprint map as an image or file.

  • Useful for reporting, documentation, or sharing with management and security teams.

📌 The map visualization shows:

  • A Records → IPv4 addresses

  • AAAA Records → IPv6 addresses

  • MX Records → Mail servers

  • NS Records → Name servers

  • SOA Records → Start of Authority details

  • Subdomains → Connected child domains

PreviousAttack Surface Dashboard – OverviewNextSubdomains

Last updated

Was this helpful?