Introducing Dashboard Feeds and Daily PTR Scanning

Improving researcher workflows and data

At Validin, we work tirelessly to give analysts the best visibility into adversary infrastructure. This month’s updates are small but will open the door for more efficient daily workflows. We’re rolling out two upgrades designed to make it easier to stay on top of fast-moving threats and ensure more complete DNS coverage: Dashboard Feeds and daily PTR (Pointer) record scanning.

Dashboard Feeds: Your Pulse Check for Threats and Projects

Cyber threat intelligence (CTI) moves quickly, and analysts need a single place to see what’s changed since their last session. With our new dashboard feeds, you can now find newly-reported threat indicators and project updates from teammates right from your homepage.

Threat Indicator Feed

This feed shows the most recent IOCs added to threat groups. Quickly scan what’s new, then click into an indicator to investigate, or click into the group profile to learn more. This feed gives analysts investigative starting points, surfacing the latest indicators tied to threat actors.

Project Updates Feed

The Project Updates feed consolidates all project activity in one place, making it simple for analysts to track what’s changed across internal and shared projects. We display:

• Which project the change was made in
• What the change was
• Who made the change
• When the change was made

Daily PTR Record Scanning: More Complete DNS Visibility

Validin already scans A, AAAA, and NS records at least daily and up to five times a day. Now we’ve added PTR (reverse DNS) scanning across the IPv4 space.

What are PTR records in threat intelligence? A PTR (Pointer) record, also called a Reverse DNS record, does the opposite of an A record. Instead of turning a domain name into an IP address, it takes an IP address and shows which domain name it belongs to. This kind of lookup is often used as a trust check, for example, email servers will use PTR records to confirm that a message is really coming from the domain it claims, helping to reduce spam and spoofing. In CTI, PTR records can reveal hosting providers, infrastructure clusters, or even adversary naming conventions (read more: Lazarus Bybit Heist, Interesting PTR Records).

By increasing the scanning frequency to daily, we capture more short-lived or fast-changing reverse DNS entries. For example, this cadence allowed us to uncover interesting behavior from 91.247.36[.]102. Looking at its historical PTR records in Validin, we can see that it regularly cycles through various .vds and other invalid top-level domain (TLDs) strings. However, it seems to periodically revisit setting free.friendhosting[.]net as its PTR.

Zooming in, we clearly see when Validin began daily scanning on August 14, 2025. The solid bar indicates observations within a 48 hour interval, and we see that between August 17 and 23, the IP’s PTR record was briefly set to free.friendhosting[.]net before it was removed.

Without daily, this brief record change would have flown under the radar. However, with daily scanning, we captured this behavior. Similarly, we expect this will add depth to your threat hunting and provide new opportunities to catch OPSEC mistakes that make pivoting in Validin so rewarding.

What’s Next?

These improvements are another step in our mission to build the world’s most threat-hunter-centric data platform. When you visit Validin, you have the best data at your fingertips, and we’re always improving both the data and your ability to gain insights from it.

Validin combines comprehensive data with analyst-first workflows. Explore our enterprise options to see how Validin can elevate your threat intelligence program and empower your team to stay ahead.